diff options
227 files changed, 7327 insertions, 2005 deletions
@@ -22,6 +22,10 @@ /perl/t/data/test.krbtype /perl/t/lib/Test/RRA.pm /perl/t/lib/Test/RRA/ +/server/keytab-backend +/server/wallet-admin +/server/wallet-backend +/server/wallet-report /tests/client/basic-t /tests/client/full-t /tests/client/prompt-t diff --git a/.travis.yml b/.travis.yml index 3f60b23..3db2e33 100644 --- a/.travis.yml +++ b/.travis.yml @@ -8,9 +8,12 @@ compiler: before_install: - sudo apt-get update -qq - sudo apt-get install -y libauthen-sasl-perl libcrypt-generatepassword-perl libdatetime-perl libdatetime-format-sqlite-perl libdbd-sqlite3-perl libdbi-perl libdbix-class-perl libheimdal-kadm5-perl libjson-perl libkrb5-dev libnet-dns-perl libnet-ldap-perl libnet-remctl-perl libperl6-slurp-perl libremctl-dev libsql-translator-perl libtest-minimumversion-perl libtest-pod-perl libtest-strict-perl libtimedate-perl libwebauth-perl perl sqlite3 -env: AUTHOR_TESTING=1 -script: ./autogen && ./configure && make warnings && make check +env: AUTHOR_TESTING=1 C_TAP_VERBOSE=1 +script: ./bootstrap && ./configure && make warnings && make check branches: - only: - - master + except: + - /^debian\/.*/ + - pristine-tar + - /^ubuntu\/.*/ + - /^upstream\/.*/ @@ -5,30 +5,31 @@ Comment: This file documents the copyright statements and licenses for . For any copyright year range specified as YYYY-ZZZZ in this file, the range specifies every single year in that closed interval. -Copyright: 2006-2010, 2012-2013 +Copyright: 2014, 2016, 2018 Russ Allbery <eagle@eyrie.org> + 2006-2010, 2012-2014 The Board of Trustees of the Leland Stanford Junior University License: Expat Files: * -Copyright: 2000-2002, 2004-2016 Russ Allbery <eagle@eyrie.org> +Copyright: 2000-2002, 2004-2018 Russ Allbery <eagle@eyrie.org> 2001-2015 The Board of Trustees of the Leland Stanford Junior University - 2015 Dropbox, Inc. + 2015-2016 Dropbox, Inc. License: Expat Files: Makefile.in -Copyright: 1994-2014 Free Software Foundation, Inc. +Copyright: 1994-2017 Free Software Foundation, Inc. 2006-2008, 2010, 2013-2014 The Board of Trustees of the Leland Stanford Junior University - 2016 Russ Allbery <eagle@eyrie.org> + 2016, 2018 Russ Allbery <eagle@eyrie.org> License: FSF-unlimited and Expat Files: aclocal.m4 -Copyright: 1996-2015 Free Software Foundation, Inc. +Copyright: 1996-2017 Free Software Foundation, Inc. License: FSF-unlimited Files: build-aux/ar-lib build-aux/compile build-aux/depcomp build-aux/missing -Copyright: 1996-2014 Free Software Foundation, Inc. +Copyright: 1996-2017 Free Software Foundation, Inc. License: GPL-2+ with Autoconf exception or Expat Files: build-aux/install-sh @@ -61,10 +62,14 @@ License: X11 Files: client/wallet-rekey.1 client/wallet-rekey.pod client/wallet.1 client/wallet.pod docs/design docs/design-acl docs/design-api docs/netdb-role-api docs/notes docs/objects-and-schemes docs/setup - docs/stanford-naming perl/t/data/README tests/HOWTO tests/config/README -Copyright: 2006-2014 - The Board of Trustees of the Leland Stanford Junior University - 2010, 2016 Russ Allbery <eagle@eyrie.org> + docs/stanford-naming perl/t/data/README portable/asprintf.c + portable/dummy.c portable/krb5-extra.c portable/krb5.h portable/macros.h + portable/mkstemp.c portable/reallocarray.c portable/setenv.c + portable/stdbool.h portable/system.h portable/uio.h tests/README + tests/config/README tests/data/cppcheck.supp tests/portable/asprintf-t.c + tests/portable/mkstemp-t.c tests/portable/setenv-t.c util/macros.h +Copyright: 2000-2006, 2010, 2014-2018 Russ Allbery <eagle@eyrie.org> + 2006-2014 The Board of Trustees of the Leland Stanford Junior University License: all-permissive Copying and distribution of this file, with or without modification, are permitted in any medium without royalty provided the copyright notice and @@ -77,48 +82,25 @@ License: FSF-configure This script is free software; the Free Software Foundation gives unlimited permission to copy, distribute and modify it. -Files: m4/clang.m4 m4/gssapi.m4 m4/krb5-config.m4 m4/krb5.m4 +Files: configure.ac m4/clang.m4 m4/gssapi.m4 m4/krb5-config.m4 m4/krb5.m4 m4/lib-depends.m4 m4/lib-pathname.m4 m4/remctl.m4 m4/snprintf.m4 m4/vamacros.m4 Copyright: 2005-2014 The Board of Trustees of the Leland Stanford Junior University - 2015 Russ Allbery <eagle@eyrie.org> + 2014-2016, 2018 Russ Allbery <eagle@eyrie.org> License: unlimited This file is free software; the authors give unlimited permission to copy and/or distribute it, with or without modifications, as long as this notice is preserved. -Files: portable/asprintf.c portable/dummy.c portable/krb5-extra.c - portable/krb5.h portable/macros.h portable/mkstemp.c - portable/reallocarray.c portable/setenv.c portable/stdbool.h - portable/system.h portable/uio.h tests/portable/asprintf-t.c - tests/portable/mkstemp-t.c tests/portable/setenv-t.c util/macros.h -Copyright: no copyright notice, see License -License: rra-public-domain - The authors hereby relinquish any claim to any copyright that they may - have in this work, whether granted under contract or by operation of law - or international treaty, and hereby commit to the public, at large, that - they shall not, at any time in the future, seek to enforce any copyright - in this work against any person or entity, or prevent any person or - entity from copying, publishing, distributing or creating derivative - works of this work. - -Files: portable/snprintf.c tests/portable/snprintf-t.c -Copyright: 1995 Patrick Powell - 2000-2006 Russ Allbery <eagle@eyrie.org> - 2001 Hrvoje Niksic - 2009-2010 The Board of Trustees of the Leland Stanford Junior University -License: Powell-snprintf - This code is based on code written by Patrick Powell (papowell@astart.com) - It may be used for any purpose as long as this notice remains intact - on all source code distributions - -Files: util/messages.c util/messages.h util/xmalloc.c util/xmalloc.h +Files: m4/cc-flags.m4 m4/perl.m4 util/messages.c util/messages.h + util/xmalloc.c util/xmalloc.h Copyright: 1991, 1994-2003 The Internet Software Consortium and Rich Salz - 2004-2006 Internet Systems Consortium, Inc. + 1998-2003 The Internet Software Consortium + 2004-2006, 2009, 2011, 2016 Internet Systems Consortium, Inc. 2008-2010, 2012-2014 The Board of Trustees of the Leland Stanford Junior University - 2015 Russ Allbery <eagle@eyrie.org> + 2015-2018 Russ Allbery <eagle@eyrie.org> License: ISC Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above @@ -132,6 +114,55 @@ License: ISC ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +Files: portable/krb5-profile.c +Copyright: 1985-2005 the Massachusetts Institute of Technology +License: MIT-Kerberos + Export of this software from the United States of America may require + a specific license from the United States Government. It is the + responsibility of any person or organization contemplating export to + obtain such a license before exporting. + . + WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + distribute this software and its documentation for any purpose and + without fee is hereby granted, provided that the above copyright + notice appear in all copies and that both that copyright notice and + this permission notice appear in supporting documentation, and that + the name of M.I.T. not be used in advertising or publicity pertaining + to distribution of the software without specific, written prior + permission. Furthermore if you modify this software you must label + your software as modified software and not distribute it in such a + fashion that it might be confused with the original MIT software. + M.I.T. makes no representations about the suitability of this software + for any purpose. It is provided "as is" without express or implied + warranty. + . + THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR + IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED + WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. + . + Individual source code files are copyright MIT, Cygnus Support, + OpenVision, Oracle, Sun Soft, FundsXpress, and others. + . + Project Athena, Athena, Athena MUSE, Discuss, Hesiod, Kerberos, Moira, + and Zephyr are trademarks of the Massachusetts Institute of Technology + (MIT). No commercial use of these trademarks may be made without + prior written permission of MIT. + . + "Commercial use" means use of a name in a product or other for-profit + manner. It does NOT prevent a commercial firm from referring to the + MIT trademarks in order to convey information (although in doing so, + recognition of their trademark status should be given). + +Files: portable/snprintf.c tests/portable/snprintf-t.c +Copyright: 1995 Patrick Powell + 2000-2006, 2018 Russ Allbery <eagle@eyrie.org> + 2001 Hrvoje Niksic + 2009-2010 The Board of Trustees of the Leland Stanford Junior University +License: Powell-snprintf + This code is based on code written by Patrick Powell (papowell@astart.com) + It may be used for any purpose as long as this notice remains intact + on all source code distributions + License: Expat Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the diff --git a/Makefile.am b/Makefile.am index 6cabc93..95fc17a 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1,11 +1,11 @@ # Automake makefile for wallet. # # Written by Russ Allbery <eagle@eyrie.org> -# Copyright 2016 Russ Allbery <eagle@eyrie.org> -# Copyright 2006, 2007, 2008, 2010, 2013, 2014 +# Copyright 2016, 2018 Russ Allbery <eagle@eyrie.org> +# Copyright 2006-2008, 2010, 2013-2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT # These variables exist only for the use of the Debian packaging and similar # situations and aren't normally set. We want to honor them if they're set @@ -100,20 +100,24 @@ PERL_DIRECTORIES = perl perl/lib perl/lib/Wallet perl/lib/Wallet/ACL \ perl/t/policy perl/t/style perl/t/util perl/t/verifier ACLOCAL_AMFLAGS = -I m4 -EXTRA_DIST = .gitignore .travis.yml LICENSE autogen client/wallet.pod \ - client/wallet-rekey.pod config/allow-extract config/keytab \ - config/keytab.acl config/wallet config/wallet-report.acl \ - docs/design contrib/README contrib/commerzbank/wallet-history \ +EXTRA_DIST = .gitignore .travis.yml LICENSE README.md bootstrap \ + client/wallet.pod client/wallet-rekey.pod config/allow-extract \ + config/keytab config/keytab.acl config/wallet \ + config/wallet-report.acl docs/design contrib/README \ + contrib/ad-keytab contrib/commerzbank/wallet-history \ contrib/convert-srvtab-db contrib/used-principals \ contrib/wallet-contacts contrib/wallet-rekey-periodic \ contrib/wallet-rekey-periodic.8 contrib/wallet-summary \ contrib/wallet-summary.8 contrib/wallet-unknown-hosts \ contrib/wallet-unknown-hosts.8 docs/design-acl docs/design-api \ - docs/netdb-role-api docs/notes docs/objects-and-schemes docs/setup \ - docs/stanford-naming examples/stanford.conf tests/HOWTO tests/TESTS \ + docs/metadata docs/netdb-role-api docs/notes \ + docs/objects-and-schemes docs/setup docs/stanford-naming \ + examples/stanford.conf server/keytab-backend.in \ + server/wallet-admin.in server/wallet-backend.in \ + server/wallet-report.in tests/README tests/TESTS \ tests/config/README tests/data/allow-extract tests/data/basic.conf \ - tests/data/cmd-fake tests/data/cmd-wrapper tests/data/fake-data \ - tests/data/fake-kadmin tests/data/fake-keytab \ + tests/data/cmd-fake tests/data/cmd-wrapper tests/data/cppcheck.supp \ + tests/data/fake-data tests/data/fake-kadmin tests/data/fake-keytab \ tests/data/fake-keytab-2 tests/data/fake-keytab-foreign \ tests/data/fake-keytab-merge tests/data/fake-keytab-old \ tests/data/fake-keytab-partial \ @@ -121,20 +125,21 @@ EXTRA_DIST = .gitignore .travis.yml LICENSE autogen client/wallet.pod \ tests/data/fake-keytab-unknown tests/data/fake-srvtab \ tests/data/full.conf tests/data/perl.conf tests/data/wallet.conf \ tests/docs/pod-spelling-t tests/docs/pod-t \ - tests/perl/minimum-version-t tests/perl/module-version-t \ - tests/perl/strict-t tests/server/admin-t tests/server/backend-t \ - tests/server/keytab-t tests/server/report-t tests/tap/kerberos.sh \ - tests/tap/libtap.sh tests/tap/perl/Test/RRA.pm \ - tests/tap/perl/Test/RRA/Automake.pm \ + tests/docs/spdx-license-t tests/perl/minimum-version-t \ + tests/perl/module-version-t tests/perl/strict-t \ + tests/server/admin-t tests/server/backend-t tests/server/keytab-t \ + tests/server/report-t tests/style/obsolete-strings-t \ + tests/tap/kerberos.sh tests/tap/libtap.sh \ + tests/tap/perl/Test/RRA.pm tests/tap/perl/Test/RRA/Automake.pm \ tests/tap/perl/Test/RRA/Config.pm \ tests/tap/perl/Test/RRA/ModuleVersion.pm tests/tap/remctl.sh \ tests/util/xmalloc-t $(PERL_FILES) # Supporting convenience libraries used by other targets. noinst_LIBRARIES = portable/libportable.a util/libutil.a -portable_libportable_a_SOURCES = portable/dummy.c portable/krb5-extra.c \ - portable/krb5.h portable/macros.h portable/stdbool.h \ - portable/system.h portable/uio.h +portable_libportable_a_SOURCES = portable/dummy.c portable/krb5.h \ + portable/macros.h portable/stdbool.h portable/system.h \ + portable/uio.h portable_libportable_a_CPPFLAGS = $(KRB5_CPPFLAGS) portable_libportable_a_LIBADD = $(LIBOBJS) util_libutil_a_SOURCES = util/macros.h util/messages-krb5.c \ @@ -150,7 +155,7 @@ client_libwallet_a_CPPFLAGS = $(REMCTL_CPPFLAGS) $(KRB5_CPPFLAGS) # The client and server programs. bin_PROGRAMS = client/wallet client/wallet-rekey -dist_sbin_SCRIPTS = server/keytab-backend server/wallet-admin \ +sbin_SCRIPTS = server/keytab-backend server/wallet-admin \ server/wallet-backend server/wallet-report client_wallet_CPPFLAGS = $(REMCTL_CPPFLAGS) $(KRB5_CPPFLAGS) client_wallet_LDFLAGS = $(REMCTL_LDFLAGS) $(KRB5_LDFLAGS) @@ -180,43 +185,39 @@ dist_pkgdata_DATA = perl/sql/Wallet-Schema-0.07-0.08-MySQL.sql \ perl/sql/Wallet-Schema-0.09-PostgreSQL.sql \ perl/sql/Wallet-Schema-0.09-SQLite.sql -# A set of flags for warnings. Add -O because gcc won't find some warnings -# without optimization turned on. Desirable warnings that can't be turned -# on due to other problems: -# -# -Wconversion http://bugs.debian.org/488884 (htons warnings) -# -# Last checked against gcc 4.8.2 (2014-04-12). -D_FORTIFY_SOURCE=2 enables -# warn_unused_result attribute markings on glibc functions on Linux, which -# catches a few more issues. -if WARNINGS_GCC - WARNINGS = -g -O -fstrict-overflow -fstrict-aliasing -D_FORTIFY_SOURCE=2 \ - -Wall -Wextra -Wendif-labels -Wformat=2 -Winit-self -Wswitch-enum \ - -Wstrict-overflow=5 -Wmissing-format-attribute -Wfloat-equal \ - -Wdeclaration-after-statement -Wshadow -Wpointer-arith \ - -Wbad-function-cast -Wcast-align -Wwrite-strings -Wjump-misses-init \ - -Wlogical-op -Wstrict-prototypes -Wold-style-definition \ - -Wmissing-prototypes -Wnormalized=nfc -Wpacked -Wredundant-decls \ - -Wnested-externs -Winline -Wvla -Werror -endif -if WARNINGS_CLANG - WARNINGS = -Weverything -Wno-padded -endif - +# Separate target for a human to request building everything with as many +# compiler warnings enabled as possible. warnings: - $(MAKE) V=0 CFLAGS='$(WARNINGS)' KRB5_CPPFLAGS='$(KRB5_CPPFLAGS_GCC)' - $(MAKE) V=0 CFLAGS='$(WARNINGS)' \ + $(MAKE) V=0 CFLAGS='$(WARNINGS_CFLAGS) $(AM_CFLAGS)' \ + KRB5_CPPFLAGS='$(KRB5_CPPFLAGS_GCC)' + $(MAKE) V=0 CFLAGS='$(WARNINGS_CFLAGS) $(AM_CFLAGS)' \ KRB5_CPPFLAGS='$(KRB5_CPPFLAGS_GCC)' $(check_PROGRAMS) # Remove some additional files. -CLEANFILES = perl/t/lib/Test/RRA.pm perl/t/lib/Test/RRA/Automake.pm \ - perl/t/lib/Test/RRA/Config.pm +CLEANFILES = perl/t/lib/Test/RRA.pm perl/t/lib/Test/RRA/Automake.pm \ + perl/t/lib/Test/RRA/Config.pm server/keytab-backend \ + server/wallet-admin server/wallet-backend server/wallet-report MAINTAINERCLEANFILES = Makefile.in aclocal.m4 build-aux/compile \ build-aux/depcomp build-aux/install-sh build-aux/missing \ client/wallet.1 config.h.in config.h.in~ configure \ contrib/wallet-report.8 server/keytab-backend.8 \ server/wallet-admin.8 server/wallet-backend.8 server/wallet-report.8 +# For each of the Perl scripts, we need to fill in the path to the Perl +# binary that was located during configuration. +server/keytab-backend: $(srcdir)/server/keytab-backend.in Makefile + sed 's|\@PERL\@|$(PERL)|' <$(srcdir)/server/keytab-backend.in >$@ + chmod a+x $@ +server/wallet-admin: $(srcdir)/server/wallet-admin.in Makefile + sed 's|\@PERL\@|$(PERL)|' <$(srcdir)/server/wallet-admin.in >$@ + chmod a+x $@ +server/wallet-backend: $(srcdir)/server/wallet-backend.in Makefile + sed 's|\@PERL\@|$(PERL)|' <$(srcdir)/server/wallet-backend.in >$@ + chmod a+x $@ +server/wallet-report: $(srcdir)/server/wallet-report.in Makefile + sed 's|\@PERL\@|$(PERL)|' <$(srcdir)/server/wallet-report.in >$@ + chmod a+x $@ + # Take appropriate actions in the Perl directory as well. We don't want to # always build the Perl directory in all-local, since otherwise Automake does # this for every target, which overrides some hacks we have to do for Debian @@ -236,7 +237,7 @@ perl/blib/lib/Wallet/Config.pm: $(srcdir)/perl/lib/Wallet/Config.pm $(INSTALL_DATA) $(srcdir)/tests/tap/perl/Test/RRA.pm perl/t/lib/Test/ $(INSTALL_DATA) $(srcdir)/tests/tap/perl/Test/RRA/Config.pm \ perl/t/lib/Test/RRA/ - cd perl && perl Build.PL $(WALLET_PERL_FLAGS) + cd perl && $(PERL) Build.PL $(WALLET_PERL_FLAGS) cd perl && ./Build # This is a really ugly hack to only honor prefix when running make install @@ -254,7 +255,6 @@ install-data-local: esac ; \ cd perl && ./Build install $$flags --destdir '$(DESTDIR)' -# ExtUtils::MakeMaker really likes moving the Makefile aside. clean-local: set -e; if [ -f "perl/Build" ] ; then \ cd perl && ./Build realclean ; \ @@ -275,8 +275,8 @@ check_PROGRAMS = tests/runtests tests/portable/asprintf-t \ tests/portable/mkstemp-t tests/portable/setenv-t \ tests/portable/snprintf-t tests/util/messages-krb5-t \ tests/util/messages-t tests/util/xmalloc -tests_runtests_CPPFLAGS = -DSOURCE='"$(abs_top_srcdir)/tests"' \ - -DBUILD='"$(abs_top_builddir)/tests"' +tests_runtests_CPPFLAGS = -DC_TAP_SOURCE='"$(abs_top_srcdir)/tests"' \ + -DC_TAP_BUILD='"$(abs_top_builddir)/tests"' check_LIBRARIES = tests/tap/libtap.a tests_tap_libtap_a_CPPFLAGS = -I$(abs_top_srcdir)/tests $(KRB5_CPPFLAGS) tests_tap_libtap_a_SOURCES = tests/tap/basic.c tests/tap/basic.h \ @@ -310,6 +310,12 @@ check-local: $(check_PROGRAMS) @echo '' cd perl && ./Build test +# Used by maintainers to check the source code with cppcheck. +check-cppcheck: + cd $(abs_top_srcdir) && cppcheck -q --error-exitcode=2 \ + --suppressions-list=tests/data/cppcheck.supp \ + --enable=warning,performance,portability,style . + # Alas, we have to disable this check because there's no way to do an # uninstall from Perl. distuninstallcheck: diff --git a/Makefile.in b/Makefile.in index 360d0e7..3820705 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.15 from Makefile.am. +# Makefile.in generated by automake 1.15.1 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2014 Free Software Foundation, Inc. +# Copyright (C) 1994-2017 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -17,11 +17,11 @@ # Automake makefile for wallet. # # Written by Russ Allbery <eagle@eyrie.org> -# Copyright 2016 Russ Allbery <eagle@eyrie.org> -# Copyright 2006, 2007, 2008, 2010, 2013, 2014 +# Copyright 2016, 2018 Russ Allbery <eagle@eyrie.org> +# Copyright 2006-2008, 2010, 2013-2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT @@ -108,17 +108,17 @@ check_PROGRAMS = tests/runtests$(EXEEXT) \ tests/util/messages-t$(EXEEXT) tests/util/xmalloc$(EXEEXT) subdir = . ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/m4/clang.m4 \ - $(top_srcdir)/m4/gssapi.m4 $(top_srcdir)/m4/krb5-config.m4 \ - $(top_srcdir)/m4/krb5.m4 $(top_srcdir)/m4/lib-depends.m4 \ - $(top_srcdir)/m4/lib-pathname.m4 $(top_srcdir)/m4/remctl.m4 \ - $(top_srcdir)/m4/snprintf.m4 $(top_srcdir)/m4/vamacros.m4 \ - $(top_srcdir)/configure.ac +am__aclocal_m4_deps = $(top_srcdir)/m4/cc-flags.m4 \ + $(top_srcdir)/m4/clang.m4 $(top_srcdir)/m4/gssapi.m4 \ + $(top_srcdir)/m4/krb5-config.m4 $(top_srcdir)/m4/krb5.m4 \ + $(top_srcdir)/m4/lib-depends.m4 \ + $(top_srcdir)/m4/lib-pathname.m4 $(top_srcdir)/m4/perl.m4 \ + $(top_srcdir)/m4/remctl.m4 $(top_srcdir)/m4/snprintf.m4 \ + $(top_srcdir)/m4/vamacros.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) DIST_COMMON = $(srcdir)/Makefile.am $(top_srcdir)/configure \ - $(am__configure_deps) $(dist_sbin_SCRIPTS) \ - $(dist_pkgdata_DATA) $(am__DIST_COMMON) + $(am__configure_deps) $(dist_pkgdata_DATA) $(am__DIST_COMMON) am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \ configure.lineno config.status.lineno mkinstalldirs = $(install_sh) -d @@ -147,8 +147,7 @@ portable_libportable_a_AR = $(AR) $(ARFLAGS) LIBOBJDIR = portable/ portable_libportable_a_DEPENDENCIES = $(LIBOBJS) am_portable_libportable_a_OBJECTS = \ - portable/portable_libportable_a-dummy.$(OBJEXT) \ - portable/portable_libportable_a-krb5-extra.$(OBJEXT) + portable/portable_libportable_a-dummy.$(OBJEXT) portable_libportable_a_OBJECTS = $(am_portable_libportable_a_OBJECTS) tests_tap_libtap_a_AR = $(AR) $(ARFLAGS) tests_tap_libtap_a_LIBADD = @@ -258,7 +257,7 @@ am__uninstall_files_from_dir = { \ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ $(am__cd) "$$dir" && rm -f $$files; }; \ } -SCRIPTS = $(dist_sbin_SCRIPTS) +SCRIPTS = $(sbin_SCRIPTS) AM_V_P = $(am__v_P_@AM_V@) am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) am__v_P_0 = false @@ -350,6 +349,8 @@ am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \ $(top_srcdir)/build-aux/install-sh \ $(top_srcdir)/build-aux/missing \ $(top_srcdir)/portable/asprintf.c \ + $(top_srcdir)/portable/krb5-extra.c \ + $(top_srcdir)/portable/krb5-profile.c \ $(top_srcdir)/portable/mkstemp.c \ $(top_srcdir)/portable/reallocarray.c \ $(top_srcdir)/portable/setenv.c \ @@ -357,7 +358,7 @@ am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \ $(top_srcdir)/tests/client/basic-t.in \ $(top_srcdir)/tests/client/full-t.in \ $(top_srcdir)/tests/client/prompt-t.in \ - $(top_srcdir)/tests/client/rekey-t.in NEWS README TODO \ + $(top_srcdir)/tests/client/rekey-t.in NEWS README THANKS TODO \ build-aux/ar-lib build-aux/compile build-aux/depcomp \ build-aux/install-sh build-aux/missing DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -428,6 +429,7 @@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_KRB5_CONFIG = @PATH_KRB5_CONFIG@ PATH_SEPARATOR = @PATH_SEPARATOR@ +PERL = @PERL@ RANLIB = @RANLIB@ REMCTLD = @REMCTLD@ REMCTL_CPPFLAGS = @REMCTL_CPPFLAGS@ @@ -437,6 +439,7 @@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ VERSION = @VERSION@ +WARNINGS_CFLAGS = @WARNINGS_CFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ @@ -568,20 +571,24 @@ PERL_DIRECTORIES = perl perl/lib perl/lib/Wallet perl/lib/Wallet/ACL \ perl/t/policy perl/t/style perl/t/util perl/t/verifier ACLOCAL_AMFLAGS = -I m4 -EXTRA_DIST = .gitignore .travis.yml LICENSE autogen client/wallet.pod \ - client/wallet-rekey.pod config/allow-extract config/keytab \ - config/keytab.acl config/wallet config/wallet-report.acl \ - docs/design contrib/README contrib/commerzbank/wallet-history \ +EXTRA_DIST = .gitignore .travis.yml LICENSE README.md bootstrap \ + client/wallet.pod client/wallet-rekey.pod config/allow-extract \ + config/keytab config/keytab.acl config/wallet \ + config/wallet-report.acl docs/design contrib/README \ + contrib/ad-keytab contrib/commerzbank/wallet-history \ contrib/convert-srvtab-db contrib/used-principals \ contrib/wallet-contacts contrib/wallet-rekey-periodic \ contrib/wallet-rekey-periodic.8 contrib/wallet-summary \ contrib/wallet-summary.8 contrib/wallet-unknown-hosts \ contrib/wallet-unknown-hosts.8 docs/design-acl docs/design-api \ - docs/netdb-role-api docs/notes docs/objects-and-schemes docs/setup \ - docs/stanford-naming examples/stanford.conf tests/HOWTO tests/TESTS \ + docs/metadata docs/netdb-role-api docs/notes \ + docs/objects-and-schemes docs/setup docs/stanford-naming \ + examples/stanford.conf server/keytab-backend.in \ + server/wallet-admin.in server/wallet-backend.in \ + server/wallet-report.in tests/README tests/TESTS \ tests/config/README tests/data/allow-extract tests/data/basic.conf \ - tests/data/cmd-fake tests/data/cmd-wrapper tests/data/fake-data \ - tests/data/fake-kadmin tests/data/fake-keytab \ + tests/data/cmd-fake tests/data/cmd-wrapper tests/data/cppcheck.supp \ + tests/data/fake-data tests/data/fake-kadmin tests/data/fake-keytab \ tests/data/fake-keytab-2 tests/data/fake-keytab-foreign \ tests/data/fake-keytab-merge tests/data/fake-keytab-old \ tests/data/fake-keytab-partial \ @@ -589,11 +596,12 @@ EXTRA_DIST = .gitignore .travis.yml LICENSE autogen client/wallet.pod \ tests/data/fake-keytab-unknown tests/data/fake-srvtab \ tests/data/full.conf tests/data/perl.conf tests/data/wallet.conf \ tests/docs/pod-spelling-t tests/docs/pod-t \ - tests/perl/minimum-version-t tests/perl/module-version-t \ - tests/perl/strict-t tests/server/admin-t tests/server/backend-t \ - tests/server/keytab-t tests/server/report-t tests/tap/kerberos.sh \ - tests/tap/libtap.sh tests/tap/perl/Test/RRA.pm \ - tests/tap/perl/Test/RRA/Automake.pm \ + tests/docs/spdx-license-t tests/perl/minimum-version-t \ + tests/perl/module-version-t tests/perl/strict-t \ + tests/server/admin-t tests/server/backend-t tests/server/keytab-t \ + tests/server/report-t tests/style/obsolete-strings-t \ + tests/tap/kerberos.sh tests/tap/libtap.sh \ + tests/tap/perl/Test/RRA.pm tests/tap/perl/Test/RRA/Automake.pm \ tests/tap/perl/Test/RRA/Config.pm \ tests/tap/perl/Test/RRA/ModuleVersion.pm tests/tap/remctl.sh \ tests/util/xmalloc-t $(PERL_FILES) @@ -604,9 +612,9 @@ EXTRA_DIST = .gitignore .travis.yml LICENSE autogen client/wallet.pod \ # The private library used by both wallet and wallet-rekey. noinst_LIBRARIES = portable/libportable.a util/libutil.a \ client/libwallet.a -portable_libportable_a_SOURCES = portable/dummy.c portable/krb5-extra.c \ - portable/krb5.h portable/macros.h portable/stdbool.h \ - portable/system.h portable/uio.h +portable_libportable_a_SOURCES = portable/dummy.c portable/krb5.h \ + portable/macros.h portable/stdbool.h portable/system.h \ + portable/uio.h portable_libportable_a_CPPFLAGS = $(KRB5_CPPFLAGS) portable_libportable_a_LIBADD = $(LIBOBJS) @@ -619,7 +627,7 @@ client_libwallet_a_SOURCES = client/file.c client/internal.h client/keytab.c \ client/krb5.c client/options.c client/remctl.c client/srvtab.c client_libwallet_a_CPPFLAGS = $(REMCTL_CPPFLAGS) $(KRB5_CPPFLAGS) -dist_sbin_SCRIPTS = server/keytab-backend server/wallet-admin \ +sbin_SCRIPTS = server/keytab-backend server/wallet-admin \ server/wallet-backend server/wallet-report client_wallet_CPPFLAGS = $(REMCTL_CPPFLAGS) $(KRB5_CPPFLAGS) @@ -653,30 +661,11 @@ dist_pkgdata_DATA = perl/sql/Wallet-Schema-0.07-0.08-MySQL.sql \ perl/sql/Wallet-Schema-0.09-PostgreSQL.sql \ perl/sql/Wallet-Schema-0.09-SQLite.sql -@WARNINGS_CLANG_TRUE@WARNINGS = -Weverything -Wno-padded - -# A set of flags for warnings. Add -O because gcc won't find some warnings -# without optimization turned on. Desirable warnings that can't be turned -# on due to other problems: -# -# -Wconversion http://bugs.debian.org/488884 (htons warnings) -# -# Last checked against gcc 4.8.2 (2014-04-12). -D_FORTIFY_SOURCE=2 enables -# warn_unused_result attribute markings on glibc functions on Linux, which -# catches a few more issues. -@WARNINGS_GCC_TRUE@WARNINGS = -g -O -fstrict-overflow -fstrict-aliasing -D_FORTIFY_SOURCE=2 \ -@WARNINGS_GCC_TRUE@ -Wall -Wextra -Wendif-labels -Wformat=2 -Winit-self -Wswitch-enum \ -@WARNINGS_GCC_TRUE@ -Wstrict-overflow=5 -Wmissing-format-attribute -Wfloat-equal \ -@WARNINGS_GCC_TRUE@ -Wdeclaration-after-statement -Wshadow -Wpointer-arith \ -@WARNINGS_GCC_TRUE@ -Wbad-function-cast -Wcast-align -Wwrite-strings -Wjump-misses-init \ -@WARNINGS_GCC_TRUE@ -Wlogical-op -Wstrict-prototypes -Wold-style-definition \ -@WARNINGS_GCC_TRUE@ -Wmissing-prototypes -Wnormalized=nfc -Wpacked -Wredundant-decls \ -@WARNINGS_GCC_TRUE@ -Wnested-externs -Winline -Wvla -Werror - # Remove some additional files. -CLEANFILES = perl/t/lib/Test/RRA.pm perl/t/lib/Test/RRA/Automake.pm \ - perl/t/lib/Test/RRA/Config.pm +CLEANFILES = perl/t/lib/Test/RRA.pm perl/t/lib/Test/RRA/Automake.pm \ + perl/t/lib/Test/RRA/Config.pm server/keytab-backend \ + server/wallet-admin server/wallet-backend server/wallet-report MAINTAINERCLEANFILES = Makefile.in aclocal.m4 build-aux/compile \ build-aux/depcomp build-aux/install-sh build-aux/missing \ @@ -684,8 +673,8 @@ MAINTAINERCLEANFILES = Makefile.in aclocal.m4 build-aux/compile \ contrib/wallet-report.8 server/keytab-backend.8 \ server/wallet-admin.8 server/wallet-backend.8 server/wallet-report.8 -tests_runtests_CPPFLAGS = -DSOURCE='"$(abs_top_srcdir)/tests"' \ - -DBUILD='"$(abs_top_builddir)/tests"' +tests_runtests_CPPFLAGS = -DC_TAP_SOURCE='"$(abs_top_srcdir)/tests"' \ + -DC_TAP_BUILD='"$(abs_top_builddir)/tests"' check_LIBRARIES = tests/tap/libtap.a tests_tap_libtap_a_CPPFLAGS = -I$(abs_top_srcdir)/tests $(KRB5_CPPFLAGS) @@ -819,8 +808,6 @@ portable/$(DEPDIR)/$(am__dirstamp): @: > portable/$(DEPDIR)/$(am__dirstamp) portable/portable_libportable_a-dummy.$(OBJEXT): \ portable/$(am__dirstamp) portable/$(DEPDIR)/$(am__dirstamp) -portable/portable_libportable_a-krb5-extra.$(OBJEXT): \ - portable/$(am__dirstamp) portable/$(DEPDIR)/$(am__dirstamp) portable/libportable.a: $(portable_libportable_a_OBJECTS) $(portable_libportable_a_DEPENDENCIES) $(EXTRA_portable_libportable_a_DEPENDENCIES) portable/$(am__dirstamp) $(AM_V_at)-rm -f portable/libportable.a @@ -996,9 +983,9 @@ tests/util/xmalloc.$(OBJEXT): tests/util/$(am__dirstamp) \ tests/util/xmalloc$(EXEEXT): $(tests_util_xmalloc_OBJECTS) $(tests_util_xmalloc_DEPENDENCIES) $(EXTRA_tests_util_xmalloc_DEPENDENCIES) tests/util/$(am__dirstamp) @rm -f tests/util/xmalloc$(EXEEXT) $(AM_V_CCLD)$(LINK) $(tests_util_xmalloc_OBJECTS) $(tests_util_xmalloc_LDADD) $(LIBS) -install-dist_sbinSCRIPTS: $(dist_sbin_SCRIPTS) +install-sbinSCRIPTS: $(sbin_SCRIPTS) @$(NORMAL_INSTALL) - @list='$(dist_sbin_SCRIPTS)'; test -n "$(sbindir)" || list=; \ + @list='$(sbin_SCRIPTS)'; test -n "$(sbindir)" || list=; \ if test -n "$$list"; then \ echo " $(MKDIR_P) '$(DESTDIR)$(sbindir)'"; \ $(MKDIR_P) "$(DESTDIR)$(sbindir)" || exit 1; \ @@ -1025,9 +1012,9 @@ install-dist_sbinSCRIPTS: $(dist_sbin_SCRIPTS) } \ ; done -uninstall-dist_sbinSCRIPTS: +uninstall-sbinSCRIPTS: @$(NORMAL_UNINSTALL) - @list='$(dist_sbin_SCRIPTS)'; test -n "$(sbindir)" || exit 0; \ + @list='$(sbin_SCRIPTS)'; test -n "$(sbindir)" || exit 0; \ files=`for p in $$list; do echo "$$p"; done | \ sed -e 's,.*/,,;$(transform)'`; \ dir='$(DESTDIR)$(sbindir)'; $(am__uninstall_files_from_dir) @@ -1054,9 +1041,10 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@client/$(DEPDIR)/client_wallet-wallet.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@client/$(DEPDIR)/client_wallet_rekey-wallet-rekey.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@portable/$(DEPDIR)/asprintf.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@portable/$(DEPDIR)/krb5-extra.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@portable/$(DEPDIR)/krb5-profile.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@portable/$(DEPDIR)/mkstemp.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@portable/$(DEPDIR)/portable_libportable_a-dummy.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@portable/$(DEPDIR)/portable_libportable_a-krb5-extra.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@portable/$(DEPDIR)/reallocarray.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@portable/$(DEPDIR)/setenv.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@portable/$(DEPDIR)/snprintf.Po@am__quote@ @@ -1195,20 +1183,6 @@ portable/portable_libportable_a-dummy.obj: portable/dummy.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(portable_libportable_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o portable/portable_libportable_a-dummy.obj `if test -f 'portable/dummy.c'; then $(CYGPATH_W) 'portable/dummy.c'; else $(CYGPATH_W) '$(srcdir)/portable/dummy.c'; fi` -portable/portable_libportable_a-krb5-extra.o: portable/krb5-extra.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(portable_libportable_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT portable/portable_libportable_a-krb5-extra.o -MD -MP -MF portable/$(DEPDIR)/portable_libportable_a-krb5-extra.Tpo -c -o portable/portable_libportable_a-krb5-extra.o `test -f 'portable/krb5-extra.c' || echo '$(srcdir)/'`portable/krb5-extra.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) portable/$(DEPDIR)/portable_libportable_a-krb5-extra.Tpo portable/$(DEPDIR)/portable_libportable_a-krb5-extra.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='portable/krb5-extra.c' object='portable/portable_libportable_a-krb5-extra.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(portable_libportable_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o portable/portable_libportable_a-krb5-extra.o `test -f 'portable/krb5-extra.c' || echo '$(srcdir)/'`portable/krb5-extra.c - -portable/portable_libportable_a-krb5-extra.obj: portable/krb5-extra.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(portable_libportable_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT portable/portable_libportable_a-krb5-extra.obj -MD -MP -MF portable/$(DEPDIR)/portable_libportable_a-krb5-extra.Tpo -c -o portable/portable_libportable_a-krb5-extra.obj `if test -f 'portable/krb5-extra.c'; then $(CYGPATH_W) 'portable/krb5-extra.c'; else $(CYGPATH_W) '$(srcdir)/portable/krb5-extra.c'; fi` -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) portable/$(DEPDIR)/portable_libportable_a-krb5-extra.Tpo portable/$(DEPDIR)/portable_libportable_a-krb5-extra.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='portable/krb5-extra.c' object='portable/portable_libportable_a-krb5-extra.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(portable_libportable_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o portable/portable_libportable_a-krb5-extra.obj `if test -f 'portable/krb5-extra.c'; then $(CYGPATH_W) 'portable/krb5-extra.c'; else $(CYGPATH_W) '$(srcdir)/portable/krb5-extra.c'; fi` - tests/tap/tests_tap_libtap_a-basic.o: tests/tap/basic.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tests_tap_libtap_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT tests/tap/tests_tap_libtap_a-basic.o -MD -MP -MF tests/tap/$(DEPDIR)/tests_tap_libtap_a-basic.Tpo -c -o tests/tap/tests_tap_libtap_a-basic.o `test -f 'tests/tap/basic.c' || echo '$(srcdir)/'`tests/tap/basic.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) tests/tap/$(DEPDIR)/tests_tap_libtap_a-basic.Tpo tests/tap/$(DEPDIR)/tests_tap_libtap_a-basic.Po @@ -1589,7 +1563,7 @@ distdir: $(DISTFILES) ! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \ || chmod -R a+r "$(distdir)" dist-gzip: distdir - tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz + tardir=$(distdir) && $(am__tar) | eval GZIP= gzip $(GZIP_ENV) -c >$(distdir).tar.gz $(am__post_remove_distdir) dist-bzip2: distdir @@ -1614,7 +1588,7 @@ dist-shar: distdir @echo WARNING: "Support for shar distribution archives is" \ "deprecated." >&2 @echo WARNING: "It will be removed altogether in Automake 2.0" >&2 - shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz + shar $(distdir) | eval GZIP= gzip $(GZIP_ENV) -c >$(distdir).shar.gz $(am__post_remove_distdir) dist-zip: distdir @@ -1632,7 +1606,7 @@ dist dist-all: distcheck: dist case '$(DIST_ARCHIVES)' in \ *.tar.gz*) \ - GZIP=$(GZIP_ENV) gzip -dc $(distdir).tar.gz | $(am__untar) ;;\ + eval GZIP= gzip $(GZIP_ENV) -dc $(distdir).tar.gz | $(am__untar) ;;\ *.tar.bz2*) \ bzip2 -dc $(distdir).tar.bz2 | $(am__untar) ;;\ *.tar.lz*) \ @@ -1642,7 +1616,7 @@ distcheck: dist *.tar.Z*) \ uncompress -c $(distdir).tar.Z | $(am__untar) ;;\ *.shar.gz*) \ - GZIP=$(GZIP_ENV) gzip -dc $(distdir).shar.gz | unshar ;;\ + eval GZIP= gzip $(GZIP_ENV) -dc $(distdir).shar.gz | unshar ;;\ *.zip*) \ unzip $(distdir).zip ;;\ esac @@ -1782,7 +1756,7 @@ install-dvi: install-dvi-am install-dvi-am: -install-exec-am: install-binPROGRAMS install-dist_sbinSCRIPTS +install-exec-am: install-binPROGRAMS install-sbinSCRIPTS install-html: install-html-am @@ -1824,7 +1798,7 @@ ps: ps-am ps-am: uninstall-am: uninstall-binPROGRAMS uninstall-dist_pkgdataDATA \ - uninstall-dist_sbinSCRIPTS uninstall-man + uninstall-man uninstall-sbinSCRIPTS uninstall-man: uninstall-man1 uninstall-man8 @@ -1841,17 +1815,16 @@ uninstall-man: uninstall-man1 uninstall-man8 distdir distuninstallcheck dvi dvi-am html html-am info \ info-am install install-am install-binPROGRAMS install-data \ install-data-am install-data-local install-dist_pkgdataDATA \ - install-dist_sbinSCRIPTS install-dvi install-dvi-am \ - install-exec install-exec-am install-html install-html-am \ - install-info install-info-am install-man install-man1 \ - install-man8 install-pdf install-pdf-am install-ps \ - install-ps-am install-strip installcheck installcheck-am \ - installdirs maintainer-clean maintainer-clean-generic \ - mostlyclean mostlyclean-compile mostlyclean-generic pdf pdf-am \ - ps ps-am tags tags-am uninstall uninstall-am \ - uninstall-binPROGRAMS uninstall-dist_pkgdataDATA \ - uninstall-dist_sbinSCRIPTS uninstall-man uninstall-man1 \ - uninstall-man8 + install-dvi install-dvi-am install-exec install-exec-am \ + install-html install-html-am install-info install-info-am \ + install-man install-man1 install-man8 install-pdf \ + install-pdf-am install-ps install-ps-am install-sbinSCRIPTS \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic pdf pdf-am ps ps-am \ + tags tags-am uninstall uninstall-am uninstall-binPROGRAMS \ + uninstall-dist_pkgdataDATA uninstall-man uninstall-man1 \ + uninstall-man8 uninstall-sbinSCRIPTS .PRECIOUS: Makefile @@ -1864,11 +1837,29 @@ uninstall-man: uninstall-man1 uninstall-man8 # the Makefile. WALLET_PERL_FLAGS ?= +# Separate target for a human to request building everything with as many +# compiler warnings enabled as possible. warnings: - $(MAKE) V=0 CFLAGS='$(WARNINGS)' KRB5_CPPFLAGS='$(KRB5_CPPFLAGS_GCC)' - $(MAKE) V=0 CFLAGS='$(WARNINGS)' \ + $(MAKE) V=0 CFLAGS='$(WARNINGS_CFLAGS) $(AM_CFLAGS)' \ + KRB5_CPPFLAGS='$(KRB5_CPPFLAGS_GCC)' + $(MAKE) V=0 CFLAGS='$(WARNINGS_CFLAGS) $(AM_CFLAGS)' \ KRB5_CPPFLAGS='$(KRB5_CPPFLAGS_GCC)' $(check_PROGRAMS) +# For each of the Perl scripts, we need to fill in the path to the Perl +# binary that was located during configuration. +server/keytab-backend: $(srcdir)/server/keytab-backend.in Makefile + sed 's|\@PERL\@|$(PERL)|' <$(srcdir)/server/keytab-backend.in >$@ + chmod a+x $@ +server/wallet-admin: $(srcdir)/server/wallet-admin.in Makefile + sed 's|\@PERL\@|$(PERL)|' <$(srcdir)/server/wallet-admin.in >$@ + chmod a+x $@ +server/wallet-backend: $(srcdir)/server/wallet-backend.in Makefile + sed 's|\@PERL\@|$(PERL)|' <$(srcdir)/server/wallet-backend.in >$@ + chmod a+x $@ +server/wallet-report: $(srcdir)/server/wallet-report.in Makefile + sed 's|\@PERL\@|$(PERL)|' <$(srcdir)/server/wallet-report.in >$@ + chmod a+x $@ + # Take appropriate actions in the Perl directory as well. We don't want to # always build the Perl directory in all-local, since otherwise Automake does # this for every target, which overrides some hacks we have to do for Debian @@ -1888,7 +1879,7 @@ perl/blib/lib/Wallet/Config.pm: $(srcdir)/perl/lib/Wallet/Config.pm $(INSTALL_DATA) $(srcdir)/tests/tap/perl/Test/RRA.pm perl/t/lib/Test/ $(INSTALL_DATA) $(srcdir)/tests/tap/perl/Test/RRA/Config.pm \ perl/t/lib/Test/RRA/ - cd perl && perl Build.PL $(WALLET_PERL_FLAGS) + cd perl && $(PERL) Build.PL $(WALLET_PERL_FLAGS) cd perl && ./Build # This is a really ugly hack to only honor prefix when running make install @@ -1906,7 +1897,6 @@ install-data-local: esac ; \ cd perl && ./Build install $$flags --destdir '$(DESTDIR)' -# ExtUtils::MakeMaker really likes moving the Makefile aside. clean-local: set -e; if [ -f "perl/Build" ] ; then \ cd perl && ./Build realclean ; \ @@ -1927,6 +1917,12 @@ check-local: $(check_PROGRAMS) @echo '' cd perl && ./Build test +# Used by maintainers to check the source code with cppcheck. +check-cppcheck: + cd $(abs_top_srcdir) && cppcheck -q --error-exitcode=2 \ + --suppressions-list=tests/data/cppcheck.supp \ + --enable=warning,performance,portability,style . + # Alas, we have to disable this check because there's no way to do an # uninstall from Perl. distuninstallcheck: @@ -1,5 +1,57 @@ User-Visible wallet Changes +wallet 1.4 (2018-06-03) + + Substantial improvements to Active Directory support: Add a + contrib/ad-keytab script that assists with initial setup and examining + the Active Directory objects, rename some configuration variables to + reflect that they are relative distinguished names, add a + configuration variable for the base DN, make sure userPrincipalName is + created for all keytabs and use it to search, allow creation of a + service principal, and truncate and make unique long names in AD if + necessary. This support should still be considered experimental. + + When getting configuration values from krb5.conf, pass the default + local realm into the Kerberos appdefault functions. This will produce + more correct results with krb5.conf files that specify wallet + configuration for multiple realms. + + Remove stray references to strlcpy and strlcat that broke builds on + platforms where those functions are part of libc. Thanks to Karl + Kornel for the report. + + Detect the path to Perl during configure, allowing an override by + setting the PERL environment or configure variable, and use that path + for all Perl scripts. This allows wallet to use a version of Perl at + a non-standard path. Patches from Karl Kornel. + + Rename the script to bootstrap from a Git checkout to bootstrap, + matching the emerging consensus in the Autoconf world. + + Add SPDX-License-Identifier headers to all substantial source files. + + Update to rra-c-util 7.2: + + * Improve configure output for krb5-config testing. + * Define UINT32_MAX for systems that don't have it. + * Add SPDX-License-Identifier headers to all substantial source files. + * Fix new warnings from GCC 7 and Clang warnings. + * Require Test::Strict 0.25 or later to run those tests. + * Fix off-by-one error in return-value checks for snprintf. + * Use Autoconf to probe for supported warning flags. + * Fix running module-version-t -u with current versions of Perl. + * Use C_TAP_SOURCE and C_TAP_BUILD instead of SOURCE and BUILD. + + Update to C TAP Harness 4.3: + + * Add support for valgrind and libtool in test lists. + * Report test failures as left and right, not wanted and expected. + * Fix string comparisons with NULL pointers and the string "(null)". + * Add SPDX-License-Identifier headers to all substantial source files. + * Avoid zero-length realloc allocations in breallocarray. + * Fix new warnings from GCC 7 and Clang warnings. + * Use C_TAP_SOURCE and C_TAP_BUILD instead of SOURCE and BUILD. + wallet 1.3 (2016-01-17) This release adds initial, experimental support for using Active @@ -1,13 +1,11 @@ - wallet release 1.3 + wallet 1.4 (secure data management system) + Maintained by Russ Allbery <eagle@eyrie.org> - Written by Russ Allbery <eagle@eyrie.org> - - Copyright 2014, 2016 Russ Allbery <eagle@eyrie.org>. Copyright 2006, - 2007, 2008, 2009, 2010, 2012, 2013, 2014 The Board of Trustees of the - Leland Stanford Junior University. This software is distributed under a - BSD-style license. Please see the section LICENSE below for more - information. + Copyright 2014, 2016, 2018 Russ Allbery <eagle@eyrie.org>. Copyright + 2006-2010, 2012-2014 The Board of Trustees of the Leland Stanford Junior + University. This software is distributed under a BSD-style license. + Please see the section LICENSE below for more information. BLURB @@ -43,38 +41,37 @@ DESCRIPTION infrastructure. Supported ACL types include Kerberos principal names, regexes matching Kerberos principal names, and LDAP attribute checks. - Currently, the object types supported are simple files, Kerberos - keytabs, WebAuth keyrings, and Duo integrations. By default, whenever a - Kerberos keytab object is retrieved from the wallet, the key is changed - in the Kerberos KDC and the wallet returns a keytab for the new key. - However, a keytab object can also be configured to preserve the existing - keys when retrieved. Included in the wallet distribution is a script - that can be run via remctl on an MIT Kerberos KDC to extract the - existing key for a principal, and the wallet system will use that + Currently, the object types supported are simple files, passwords, + Kerberos keytabs, WebAuth keyrings, and Duo integrations. By default, + whenever a Kerberos keytab object is retrieved from the wallet, the key + is changed in the Kerberos KDC and the wallet returns a keytab for the + new key. However, a keytab object can also be configured to preserve + the existing keys when retrieved. Included in the wallet distribution + is a script that can be run via remctl on an MIT Kerberos KDC to extract + the existing key for a principal, and the wallet system will use that interface to retrieve the current key if the unchanging flag is set on a Kerberos keytab object for MIT Kerberos. (Heimdal doesn't require any special support.) REQUIREMENTS - The wallet client is written in C and builds against the C remctl - libraries. You will have to install the remctl client libraries in - order to build it. remctl can be obtained from: + The wallet client requires the C remctl [1] client library and a + Kerberos library. It will build with either MIT Kerberos or Heimdal. + + [1] https://www.eyrie.org/~eagle/software/remctl/ - http://www.eyrie.org/~eagle/software/remctl/ + The wallet server is written in Perl and requires Perl 5.8.0 or later + plus the following Perl modules: - The wallet client will build with either MIT Kerberos or Heimdal. + * Date::Parse (part of the TimeDate distribution) + * DBI + * DBIx::Class + * Module::Build + * SQL::Translator - The wallet server is written in Perl and requires Perl 5.6.0 or later - plus Module::Build to build. It uses DBIx::Class and DBI to talk to a - database, and therefore the DBIx::Class and DBI modules (and their - dependencies) and a DBD module for the database it will use must be - installed. The Date::Parse (part of the TimeDate distribution) and - DateTime modules are required for date handling, and the SQL::Translator - Perl module is also required for schema deployment and database - upgrades. You will also need the DateTime::Format::* module - corresponding to your DBD module (such as DateTime::Format::SQLite or - DateTime::Format::PG). + You will also need a DBD Perl module for the database backend that you + intend to use, and the DateTime::Format::* module corresponding to that + DBD module (such as DateTime::Format::SQLite or DateTime::Format::PG). Currently, the server has only been tested against SQLite 3, MySQL 5, and PostgreSQL, and prebuilt SQL files (for database upgrades) are only @@ -87,20 +84,12 @@ REQUIREMENTS translates the actions in that protocol into calls to the Wallet::Server Perl object. - The file object support in the wallet server requires the Digest::MD5 - Perl module, which comes with recent versions of Perl and is available - on CPAN for older versions. - - The keytab support in the wallet server supports either Heimdal or MIT - Kerberos KDCs and has exeprimental support for Active Directory. The + The keytab support in the wallet server supports Heimdal and MIT + Kerberos KDCs and has experimental support for Active Directory. The Heimdal support requires the Heimdal::Kadm5 Perl module. The MIT Kerberos support requires the MIT Kerberos kadmin client program be installed. The Active Directory support requires the Net::LDAP, Authen::SASL, and IPC::Run Perl modules and the msktutil client program. - In all cases, wallet also requires that the wallet server have a keytab - for a principal with appropriate access to create, modify, and delete - principals from the KDC (as configured in kadm5.acl on an MIT Kerberos - KDC). To support the unchanging flag on keytab objects with an MIT Kerberos KDC, the Net::Remctl Perl module (shipped with remctl) must be installed @@ -118,47 +107,21 @@ REQUIREMENTS The password object support in the wallet server requires the Crypt::GeneratePassword Perl module. - To support the LDAP attribute ACL verifier, the Authen::SASL and - Net::LDAP Perl modules must be installed on the server. This verifier - only works with LDAP servers that support GSS-API binds. - - To support the NetDB ACL verifier (only of interest at sites using NetDB - to manage DNS), the Net::Remctl Perl module must be installed on the - server. + The LDAP attribute ACL verifier requires the Authen::SASL and Net::LDAP + Perl modules. This verifier only works with LDAP servers that support + GSS-API binds. - To run the full test suite, all of the above software requirements must - be met. The full test suite also requires that remctld be installed and - available on the user's path or in /usr/local/sbin or /usr/sbin, that - sqlite3 be installed and available on the user's path, that test cases - can run services on and connect to port 14373 on 127.0.0.1, and that - kinit and either kvno or kgetcred (which come with Kerberos) be - installed and available on the user's path. The full test suite also - requires a local keytab and some additional configuration. - - The following additional Perl modules will be used if present: - - Test::MinimumVersion - Test::Pod - Test::Spelling - Test::Strict - - All are available on CPAN. Those tests will be skipped if the modules - are not available. - - To enable tests that don't detect functionality problems but are used to - sanity-check the release, set the environment variable RELEASE_TESTING - to a true value. To enable tests that may be sensitive to the local - environment or that produce a lot of false positives without uncovering - many problems, set the environment variable AUTHOR_TESTING to a true - value. + The NetDB ACL verifier (only of interest at sites using NetDB to manage + DNS) requires the Net::Remctl Perl module. To bootstrap from a Git checkout, or if you change the Automake files and need to regenerate Makefile.in, you will need Automake 1.11 or later. For bootstrap or if you change configure.ac or any of the m4 files it includes and need to regenerate configure or config.h.in, you - will need Autoconf 2.64 or later. + will need Autoconf 2.64 or later. Perl is also required to generate + manual pages from a fresh Git checkout. -BUILD AND INSTALLATION +BUILDING AND INSTALLATION You can build and install wallet with the standard commands: @@ -166,31 +129,37 @@ BUILD AND INSTALLATION make make install + If you are building from a Git clone, first run ./bootstrap in the + source directory to generate the build files. make install will + probably have to be done as root. Building outside of the source + directory is also supported, if you wish, by creating an empty directory + and then running configure with the correct relative path. + If you are upgrading the wallet server from an earlier installed version, run wallet-admin upgrade after installation to upgrade the database schema. See the wallet-admin manual page for more information. - Pass --enable-silent-rules to configure for a quieter build (similar to - the Linux kernel). Use make warnings instead of make to build with full - GCC compiler warnings (requires a relatively current version of GCC). - - The last step will probably have to be done as root. Currently, this - always installs both the client and the server. - You can pass the --with-wallet-server and --with-wallet-port options to configure to compile in a default wallet server and port. If no port is set, the remctl default port is used. If no server is set, the server must be specified either in krb5.conf configuration or on the wallet command line or the client will exit with an error. + By default, wallet uses whatever Perl executable exists in the current + PATH. That Perl's path is what the server scripts will use, and that + Perl's configuration will be used to determine where the server Perl + modules will be installed. + + To specify a particular Perl executable to use, either set the PERL + environment variable or pass it to configure like: + + ./configure PERL=/path/to/my/perl + By default, wallet installs itself under /usr/local except for the server Perl modules, which are installed into whatever default site module path is used by your Perl installation. To change the installation location of the files other than the Perl modules, pass the - --prefix=DIR argument to configure. To change the Perl module - installation location, you will need to run perl on Makefile.PL in the - perl subdirectory of the build tree with appropriate options and rebuild - the module after running make and before running make install. + --prefix=DIR argument to configure. If remctl was installed in a path not normally searched by your compiler, you must specify its installation prefix to configure with the @@ -199,73 +168,65 @@ BUILD AND INSTALLATION --with-remctl-lib=DIR. Normally, configure will use krb5-config to determine the flags to use - to compile with your Kerberos libraries. If krb5-config isn't found, it - will look for the standard Kerberos libraries in locations already - searched by your compiler. If the the krb5-config script first in your - path is not the one corresponding to the Kerberos libraries you want to - use or if your Kerberos libraries and includes aren't in a location - searched by default by your compiler, you need to specify - --with-krb5=PATH and --with-gssapi=PATH: + to compile with your Kerberos libraries. To specify a particular + krb5-config script to use, either set the PATH_KRB5_CONFIG environment + variable or pass it to configure like: - ./configure --with-krb5=/usr/pubsw --with-gssapi=/usr/pubsw + ./configure PATH_KRB5_CONFIG=/path/to/krb5-config - You can also individually set the paths to the include directory and the - library directory with --with-krb5-include, --with-krb5-lib, - --with-gssapi-include, and --with-gssapi-lib. You may need to do this - if Autoconf can't figure out whether to use lib, lib32, or lib64 on your - platform. Note that these settings aren't used if a krb5-config script - is found. + If krb5-config isn't found, configure will look for the standard + Kerberos libraries in locations already searched by your compiler. If + the the krb5-config script first in your path is not the one + corresponding to the Kerberos libraries you want to use, or if your + Kerberos libraries and includes aren't in a location searched by default + by your compiler, you need to specify a different Kerberos installation + root via --with-krb5=PATH. For example: - To specify a particular krb5-config script to use, either set the - KRB5_CONFIG environment variable or pass it to configure like: + ./configure --with-krb5=/usr/pubsw - ./configure KRB5_CONFIG=/path/to/krb5-config + You can also individually set the paths to the include directory and the + library directory with --with-krb5-include and --with-krb5-lib. You may + need to do this if Autoconf can't figure out whether to use lib, lib32, + or lib64 on your platform. To not use krb5-config and force library probing even if there is a - krb5-config script on your path, set KRB5_CONFIG to a nonexistent path: + krb5-config script on your path, set PATH_KRB5_CONFIG to a nonexistent + path: - ./configure KRB5_CONFIG=/nonexistent + ./configure PATH_KRB5_CONFIG=/nonexistent - You can build wallet in a different directory from the source if you - wish. To do this, create a new empty directory, cd to that directory, - and then give the path to configure when running configure. Everything - else should work as above. + krb5-config is not used and library probing is always done if either + --with-krb5-include or --with-krb5-lib are given. + + Pass --enable-silent-rules to configure for a quieter build (similar to + the Linux kernel). Use make warnings instead of make to build with full + compiler warnings (requires either GCC or Clang and may require a + relatively current version of the compiler). You can pass the --enable-reduced-depends flag to configure to try to minimize the shared library dependencies encoded in the binaries. This - omits from the link line all the libraries included solely because the - Kerberos libraries depend on them and instead links the programs only - against libraries whose APIs are called directly. This will only work - with shared Kerberos libraries and will only work on platforms where - shared libraries properly encode their own dependencies (such as Linux). - It is intended primarily for building packages for Linux distributions - to avoid encoding unnecessary shared library dependencies that make - shared library migrations more difficult. If none of the above made any - sense to you, don't bother with this flag. + omits from the link line all the libraries included solely because other + libraries depend on them and instead links the programs only against + libraries whose APIs are called directly. This will only work with + shared libraries and will only work on platforms where shared libraries + properly encode their own dependencies (this includes most modern + platforms such as all Linux). It is intended primarily for building + packages for Linux distributions to avoid encoding unnecessary shared + library dependencies that make shared library migrations more difficult. + If none of the above made any sense to you, don't bother with this flag. TESTING - The wallet system comes with an extensive test suite which you can run - with: - - make check + The wallet comes with a comprehensive test suite, but it requires some + configuration in order to test anything other than low-level utility + functions. To enable the full test suite, follow the instructions in: - In order to test the client in a meaningful way and test the keytab - support in the server, however, you will need to do some preparatory - work before running the test suite. Review the files: + * tests/config/README + * perl/t/data/README - tests/config/README - perl/t/data/README + Now, you can run the test suite with: - and follow the instructions in those files to enable the full test - suite. - - The test suite also requires some additional software be installed that - isn't otherwise used by the wallet. See REQUIREMENTS above for the full - list of requirements for the test suite. The test driver attempts to - selectively skip those tests for which the necessary configuration is - not available, but this has not yet been fully tested in all of its - possible permutations. + make check If a test fails, you can run a single test with verbose output via: @@ -274,13 +235,38 @@ TESTING Do this instead of running the test program directly since it will ensure that necessary environment variables are set up. -CONFIGURATION + The test suite requires remctld be installed and available in the user's + path or in /usr/local/sbin or /usr/sbin; and that sqlite3, kinit, and + either kvno or kgetcred be installed and available on the user's path. + The test suite will also need to be able to bind to 127.0.0.1 on ports + 11119 and 14373 to test client/server network interactions. - For the basic setup and configuration of the wallet server, see the file - docs/setup in the source distribution. You will need to set up a - database on the server (unless you're using SQLite), initialize the - database, install remctld and the wallet Perl modules, and set up - remctld to run the wallet-backend program. + The test suite uses a SQLite database for server-side and end-to-end + testing and therefore requires the DBD::SQLite and + DateTime::Format::SQLite Perl modules. + + All of the requirements listed above will be required to run the full + test suite of server functionality, but tests will be selectively + skipped if their requirements aren't found. + + The following additional Perl modules will be used if present: + + * Test::MinimumVersion + * Test::Pod + * Test::Spelling + * Test::Strict + + All are available on CPAN. Those tests will be skipped if the modules + are not available. + + To enable tests that don't detect functionality problems but are used to + sanity-check the release, set the environment variable RELEASE_TESTING + to a true value. To enable tests that may be sensitive to the local + environment or that produce a lot of false positives without uncovering + many problems, set the environment variable AUTHOR_TESTING to a true + value. + +CONFIGURATION Before setting up the wallet server, review the Wallet::Config documentation (with man Wallet::Config or perldoc Wallet::Config). @@ -289,6 +275,12 @@ CONFIGURATION and give it appropriate ACLs, and set up keytab-backend and its remctld configuration on your KDC if you want unchanging flag support. + For the basic setup and configuration of the wallet server, see the file + docs/setup in the source distribution. You will need to set up a + database on the server (unless you're using SQLite), initialize the + database, install remctld and the wallet Perl modules, and set up + remctld to run the wallet-backend program. + The wallet client supports reading configuration settings from the system krb5.conf file. For more information, see the CONFIGURATION section of the wallet client man page (man wallet). @@ -297,66 +289,50 @@ SUPPORT The wallet web page at: - http://www.eyrie.org/~eagle/software/wallet/ + https://www.eyrie.org/~eagle/software/wallet/ will always have the current version of this package, the current documentation, and pointers to any additional resources. - New releases of the wallet are announced on the kerberos@mit.edu mailing - list and discussion of the wallet (particularly the keytab components) - are welcome there. - - I welcome bug reports and patches for this package at eagle@eyrie.org. - However, please be aware that I tend to be extremely busy and work - projects often take priority. I'll save your mail and get to it as soon - as I can, but it may take me a couple of months. - -SOURCE REPOSITORY + New wallet releases are announced on the kerberos mailing list. To + subscribe or see the list archives, go to: - The wallet is maintained using Git. You can access the current source - by cloning the repository at: + https://mailman.mit.edu/mailman/listinfo/kerberos - git://git.eyrie.org/kerberos/wallet.git + For bug tracking, use the issue tracker on GitHub: - or view the repository on the web at: + https://github.com/rra/wallet/issues - http://git.eyrie.org/?p=kerberos/wallet.git + However, please be aware that I tend to be extremely busy and work + projects often take priority. I'll save your report and get to it as + soon as I can, but it may take me a couple of months. - When contributing modifications, patches (possibly generated by - git-format-patch) are preferred to Git pull requests. +SOURCE REPOSITORY -THANKS + wallet is maintained using Git. You can access the current source on + GitHub at: - To Roland Schemers for the original idea that kicked off this project - and for the original implementation of the leland_srvtab system, which - was its primary inspiration. + https://github.com/rra/wallet - To Anton Ushakov for his prior work on Kerberos v5 synchronization and - his enhancements to kasetkey to read a key from an existing srvtab. + or by cloning the repository at: - To Jeffrey Hutzelman for his review of the original wallet design and - multiple useful discussions about what actions and configurations the - wallet would need to support to be useful outside of Stanford. + https://git.eyrie.org/git/kerberos/wallet.git - To Huaqing Zheng, Paul Pavelko, David Hoffman, and Paul Keser for their - reviews of the wallet system design and comments on design decisions and - security models. + or view the repository via the web at: - To Jon Robertson for the refactoring of Wallet::Kadmin, Heimdal support, - many of the wallet server-side reports, the initial wallet-rekey - implementation, and lots of work on object and ACL types including - nested ACLs. + https://git.eyrie.org/?p=kerberos/wallet.git - To Bill MacAllister for Wallet::Kadmin::AD and the implementation of - keytab object types backed by Active Directory. + The eyrie.org repository is the canonical one, maintained by the author, + but using GitHub is probably more convenient for most purposes. Pull + requests are gratefully reviewed and normally accepted. LICENSE - The wallet distribution as a whole is covered by the following copyright + The wallet package as a whole is covered by the following copyright statement and license: - Copyright 2014, 2016 Russ Allbery <eagle@eyrie.org> - Copyright 2006, 2007, 2008, 2009, 2010, 2012, 2013, 2014 + Copyright 2014, 2016, 2018 Russ Allbery <eagle@eyrie.org> + Copyright 2006-2010, 2012-2014 The Board of Trustees of the Leland Stanford Junior University Permission is hereby granted, free of charge, to any person obtaining @@ -378,12 +354,16 @@ LICENSE TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - All individual files without an explicit exception below are released - under this license. Some files may have additional copyright holders as - noted in those files. There is detailed information about the licensing - of each file in the LICENSE file in this distribution. - Some files in this distribution are individually released under different licenses, all of which are compatible with the above general package license but which may require preservation of additional - notices. All required notices are preserved in the LICENSE file. + notices. All required notices, and detailed information about the + licensing of each file, are recorded in the LICENSE file. + + Files covered by a license with an assigned SPDX License Identifier + include SPDX-License-Identifier tags to enable automated processing of + license information. See https://spdx.org/licenses/ for more + information. + + For any copyright range specified by files in this package as YYYY-ZZZZ, + the range specifies every single year in that closed interval. diff --git a/README.md b/README.md new file mode 100644 index 0000000..b1afe4e --- /dev/null +++ b/README.md @@ -0,0 +1,372 @@ +# wallet 1.4 + +[](https://travis-ci.org/rra/wallet) + +Copyright 2014, 2016, 2018 Russ Allbery <eagle@eyrie.org>. Copyright +2006-2010, 2012-2014 The Board of Trustees of the Leland Stanford Junior +University. This software is distributed under a BSD-style license. +Please see the section [License](#license) below for more information. + +## Blurb + +The wallet is a system for managing secure data, authorization rules to +retrieve or change that data, and audit rules for documenting actions +taken on that data. Objects of various types may be stored in the wallet +or generated on request and retrieved by authorized users. The wallet +tracks ACLs, metadata, and trace information. It is built on top of the +remctl protocol and uses Kerberos GSS-API authentication. One of the +object types it supports is Kerberos keytabs, making it suitable as a +user-accessible front-end to Kerberos kadmind with richer ACL and metadata +operations. + +## Description + +The wallet is a client/server system using a central server with a +supporting database and a stand-alone client that can be widely +distributed to users. The server runs on a secure host with access to a +local database; tracks object metadata such as ACLs, attributes, history, +expiration, and ownership; and has the necessary access privileges to +create wallet-managed objects in external systems (such as Kerberos +service principals). The client uses the remctl protocol to send commands +to the server, store and retrieve objects, and query object metadata. The +same client can be used for both regular user operations and wallet +administrative actions. + +All wallet actions are controlled by a fine-grained set of ACLs. Each +object has an owner ACL and optional get, store, show, destroy, and flags +ACLs that control more specific actions. A global administrative ACL +controls access to administrative actions. An ACL consists of zero or +more entries, each of which is a generic scheme and identifier pair, +allowing the ACL system to be extended to use any existing authorization +infrastructure. Supported ACL types include Kerberos principal names, +regexes matching Kerberos principal names, and LDAP attribute checks. + +Currently, the object types supported are simple files, passwords, +Kerberos keytabs, WebAuth keyrings, and Duo integrations. By default, +whenever a Kerberos keytab object is retrieved from the wallet, the key is +changed in the Kerberos KDC and the wallet returns a keytab for the new +key. However, a keytab object can also be configured to preserve the +existing keys when retrieved. Included in the wallet distribution is a +script that can be run via remctl on an MIT Kerberos KDC to extract the +existing key for a principal, and the wallet system will use that +interface to retrieve the current key if the unchanging flag is set on a +Kerberos keytab object for MIT Kerberos. (Heimdal doesn't require any +special support.) + +## Requirements + +The wallet client requires the C +[remctl](https://www.eyrie.org/~eagle/software/remctl/) client library and +a Kerberos library. It will build with either MIT Kerberos or Heimdal. + +The wallet server is written in Perl and requires Perl 5.8.0 or later plus +the following Perl modules: + +* Date::Parse (part of the TimeDate distribution) +* DBI +* DBIx::Class +* Module::Build +* SQL::Translator + +You will also need a DBD Perl module for the database backend that you +intend to use, and the DateTime::Format::* module corresponding to that +DBD module (such as DateTime::Format::SQLite or DateTime::Format::PG). + +Currently, the server has only been tested against SQLite 3, MySQL 5, and +PostgreSQL, and prebuilt SQL files (for database upgrades) are only +provided for those servers. It will probably not work fully with other +database backends. Porting is welcome. + +The wallet server is intended to be run under `remctld` and use `remctld` +to do authentication. It can be ported to any other front-end, but doing +so will require writing a new version of `server/wallet-backend` that +translates the actions in that protocol into calls to the Wallet::Server +Perl object. + +The keytab support in the wallet server supports Heimdal and MIT Kerberos +KDCs and has experimental support for Active Directory. The Heimdal +support requires the Heimdal::Kadm5 Perl module. The MIT Kerberos support +requires the MIT Kerberos `kadmin` client program be installed. The +Active Directory support requires the Net::LDAP, Authen::SASL, and +IPC::Run Perl modules and the `msktutil` client program. + +To support the unchanging flag on keytab objects with an MIT Kerberos KDC, +the Net::Remctl Perl module (shipped with remctl) must be installed on the +server and the `keytab-backend` script must be runnable via remctl on the +KDC. This script also requires an MIT Kerberos `kadmin.local` binary that +supports the `-norandkey` option to `ktadd`. This option is included in +MIT Kerberos 1.7 and later. + +The WebAuth keyring object support in the wallet server requires the +WebAuth Perl module from WebAuth 4.4.0 or later. + +The Duo integration object support in the wallet server requires the +Net::Duo, JSON, and Perl6::Slurp Perl modules. + +The password object support in the wallet server requires the +Crypt::GeneratePassword Perl module. + +The LDAP attribute ACL verifier requires the Authen::SASL and Net::LDAP +Perl modules. This verifier only works with LDAP servers that support +GSS-API binds. + +The NetDB ACL verifier (only of interest at sites using NetDB to manage +DNS) requires the Net::Remctl Perl module. + +To bootstrap from a Git checkout, or if you change the Automake files and +need to regenerate Makefile.in, you will need Automake 1.11 or later. For +bootstrap or if you change configure.ac or any of the m4 files it includes +and need to regenerate configure or config.h.in, you will need Autoconf +2.64 or later. Perl is also required to generate manual pages from a +fresh Git checkout. + +## Building and Installation + +You can build and install wallet with the standard commands: + +``` + ./configure + make + make install +``` + +If you are building from a Git clone, first run `./bootstrap` in the +source directory to generate the build files. `make install` will +probably have to be done as root. Building outside of the source +directory is also supported, if you wish, by creating an empty directory +and then running configure with the correct relative path. + +If you are upgrading the wallet server from an earlier installed version, +run `wallet-admin upgrade` after installation to upgrade the database +schema. See the wallet-admin manual page for more information. + +You can pass the `--with-wallet-server` and `--with-wallet-port` options +to configure to compile in a default wallet server and port. If no port +is set, the remctl default port is used. If no server is set, the server +must be specified either in `krb5.conf` configuration or on the wallet +command line or the client will exit with an error. + +By default, wallet uses whatever Perl executable exists in the current +`PATH`. That Perl's path is what the server scripts will use, and that +Perl's configuration will be used to determine where the server Perl +modules will be installed. + +To specify a particular Perl executable to use, either set the `PERL` +environment variable or pass it to configure like: + +``` + ./configure PERL=/path/to/my/perl +``` + +By default, wallet installs itself under `/usr/local` except for the +server Perl modules, which are installed into whatever default site module +path is used by your Perl installation. To change the installation +location of the files other than the Perl modules, pass the `--prefix=DIR` +argument to configure. + +If remctl was installed in a path not normally searched by your compiler, +you must specify its installation prefix to configure with the +`--with-remctl=DIR` option, or alternately set the path to the include +files and libraries separately with `--with-remctl-include=DIR` and +`--with-remctl-lib=DIR`. + +Normally, configure will use `krb5-config` to determine the flags to use +to compile with your Kerberos libraries. To specify a particular +`krb5-config` script to use, either set the `PATH_KRB5_CONFIG` environment +variable or pass it to configure like: + +``` + ./configure PATH_KRB5_CONFIG=/path/to/krb5-config +``` + +If `krb5-config` isn't found, configure will look for the standard +Kerberos libraries in locations already searched by your compiler. If the +the `krb5-config` script first in your path is not the one corresponding +to the Kerberos libraries you want to use, or if your Kerberos libraries +and includes aren't in a location searched by default by your compiler, +you need to specify a different Kerberos installation root via +`--with-krb5=PATH`. For example: + +``` + ./configure --with-krb5=/usr/pubsw +``` + +You can also individually set the paths to the include directory and the +library directory with `--with-krb5-include` and `--with-krb5-lib`. You +may need to do this if Autoconf can't figure out whether to use lib, +lib32, or lib64 on your platform. + +To not use krb5-config and force library probing even if there is a +krb5-config script on your path, set PATH_KRB5_CONFIG to a nonexistent +path: + +``` + ./configure PATH_KRB5_CONFIG=/nonexistent +``` + +`krb5-config` is not used and library probing is always done if either +`--with-krb5-include` or `--with-krb5-lib` are given. + +Pass `--enable-silent-rules` to configure for a quieter build (similar to +the Linux kernel). Use `make warnings` instead of `make` to build with +full GCC compiler warnings (requires either GCC or Clang and may require a +relatively current version of the compiler). + +You can pass the `--enable-reduced-depends` flag to configure to try to +minimize the shared library dependencies encoded in the binaries. This +omits from the link line all the libraries included solely because other +libraries depend on them and instead links the programs only against +libraries whose APIs are called directly. This will only work with shared +libraries and will only work on platforms where shared libraries properly +encode their own dependencies (this includes most modern platforms such as +all Linux). It is intended primarily for building packages for Linux +distributions to avoid encoding unnecessary shared library dependencies +that make shared library migrations more difficult. If none of the above +made any sense to you, don't bother with this flag. + +## Testing + +The wallet comes with a comprehensive test suite, but it requires some +configuration in order to test anything other than low-level utility +functions. To enable the full test suite, follow the instructions in: + +* `tests/config/README` +* `perl/t/data/README` + +Now, you can run the test suite with: + +``` + make check +``` + +If a test fails, you can run a single test with verbose output via: + +``` + tests/runtests -o <name-of-test> +``` + +Do this instead of running the test program directly since it will ensure +that necessary environment variables are set up. + +The test suite requires `remctld` be installed and available in the user's +path or in `/usr/local/sbin` or `/usr/sbin`; and that `sqlite3`, `kinit`, +and either `kvno` or `kgetcred` be installed and available on the user's +path. The test suite will also need to be able to bind to 127.0.0.1 on +ports 11119 and 14373 to test client/server network interactions. + +The test suite uses a SQLite database for server-side and end-to-end +testing and therefore requires the DBD::SQLite and +DateTime::Format::SQLite Perl modules. + +All of the requirements listed above will be required to run the full test +suite of server functionality, but tests will be selectively skipped if +their requirements aren't found. + +The following additional Perl modules will be used if present: + +* Test::MinimumVersion +* Test::Pod +* Test::Spelling +* Test::Strict + +All are available on CPAN. Those tests will be skipped if the modules are +not available. + +To enable tests that don't detect functionality problems but are used to +sanity-check the release, set the environment variable `RELEASE_TESTING` +to a true value. To enable tests that may be sensitive to the local +environment or that produce a lot of false positives without uncovering +many problems, set the environment variable `AUTHOR_TESTING` to a true +value. + +## Configuration + +Before setting up the wallet server, review the Wallet::Config +documentation (with man Wallet::Config or perldoc Wallet::Config). There +are many customization options, some of which must be set. You may also +need to create a Kerberos keytab for the keytab object backend and give it +appropriate ACLs, and set up `keytab-backend` and its `remctld` +configuration on your KDC if you want unchanging flag support. + +For the basic setup and configuration of the wallet server, see the file +`docs/setup` in the source distribution. You will need to set up a +database on the server (unless you're using SQLite), initialize the +database, install `remctld` and the wallet Perl modules, and set up +`remctld` to run the `wallet-backend` program. + +The wallet client supports reading configuration settings from the system +`krb5.conf` file. For more information, see the CONFIGURATION section of +the wallet client man page (`man wallet`). + +## Support + +The [wallet web page](https://www.eyrie.org/~eagle/software/wallet/) will +always have the current version of this package, the current +documentation, and pointers to any additional resources. + +New wallet releases are announced on the kerberos mailing list. To +subscribe or see the list archives, go to the [kerberos list information +page](https://mailman.mit.edu/mailman/listinfo/kerberos). + +For bug tracking, use the [issue tracker on +GitHub](https://github.com/rra/wallet/issues). However, please be aware +that I tend to be extremely busy and work projects often take priority. +I'll save your report and get to it as soon as I can, but it may take me a +couple of months. + +## Source Repository + +wallet is maintained using Git. You can access the current source on +[GitHub](https://github.com/rra/wallet) or by cloning the repository at: + +https://git.eyrie.org/git/kerberos/wallet.git + +or [view the repository on the +web](https://git.eyrie.org/?p=kerberos/wallet.git). + +The eyrie.org repository is the canonical one, maintained by the author, +but using GitHub is probably more convenient for most purposes. Pull +requests are gratefully reviewed and normally accepted. + +## License + +The wallet package as a whole is covered by the following copyright +statement and license: + +> Copyright 2014, 2016, 2018 +> Russ Allbery <eagle@eyrie.org> +> +> Copyright 2006-2010, 2012-2014 +> The Board of Trustees of the Leland Stanford Junior University +> +> Permission is hereby granted, free of charge, to any person obtaining a +> copy of this software and associated documentation files (the "Software"), +> to deal in the Software without restriction, including without limitation +> the rights to use, copy, modify, merge, publish, distribute, sublicense, +> and/or sell copies of the Software, and to permit persons to whom the +> Software is furnished to do so, subject to the following conditions: +> +> The above copyright notice and this permission notice shall be included in +> all copies or substantial portions of the Software. +> +> THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +> IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +> FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL +> THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +> LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING +> FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER +> DEALINGS IN THE SOFTWARE. + +Some files in this distribution are individually released under different +licenses, all of which are compatible with the above general package +license but which may require preservation of additional notices. All +required notices, and detailed information about the licensing of each +file, are recorded in the LICENSE file. + +Files covered by a license with an assigned SPDX License Identifier +include SPDX-License-Identifier tags to enable automated processing of +license information. See https://spdx.org/licenses/ for more information. + +For any copyright range specified by files in this package as YYYY-ZZZZ, +the range specifies every single year in that closed interval. @@ -0,0 +1,24 @@ + wallet Thanks + +To Roland Schemers for the original idea that kicked off this project and +for the original implementation of the leland_srvtab system, which was its +primary inspiration. + +To Anton Ushakov for his prior work on Kerberos v5 synchronization and his +enhancements to kasetkey to read a key from an existing srvtab. + +To Jeffrey Hutzelman for his review of the original wallet design and +multiple useful discussions about what actions and configurations the +wallet would need to support to be useful outside of Stanford. + +To Huaqing Zheng, Paul Pavelko, David Hoffman, and Paul Keser for their +reviews of the wallet system design and comments on design decisions and +security models. + +To Jon Robertson for the refactoring of Wallet::Kadmin, Heimdal support, +many of the wallet server-side reports, the initial wallet-rekey +implementation, and lots of work on object and ACL types including nested +ACLs. + +To Bill MacAllister for Wallet::Kadmin::AD and the implementation of +keytab object types backed by Active Directory. @@ -30,6 +30,8 @@ Client: * Incorporate the wallet-rekey-periodic script (currently in contrib) into the package and teach it how to ignore foreign credentials. + * Pass realm into krb5_appdefault_* functions. + Server Interface: * Provide a way to get history for deleted objects and ACLs. @@ -1,6 +1,6 @@ -# generated automatically by aclocal 1.15 -*- Autoconf -*- +# generated automatically by aclocal 1.15.1 -*- Autoconf -*- -# Copyright (C) 1996-2014 Free Software Foundation, Inc. +# Copyright (C) 1996-2017 Free Software Foundation, Inc. # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -21,7 +21,7 @@ If you have problems, you may need to regenerate the build system entirely. To do so, use the procedure documented by the package, typically 'autoreconf'.])]) # longlong.m4 serial 17 -dnl Copyright (C) 1999-2007, 2009-2015 Free Software Foundation, Inc. +dnl Copyright (C) 1999-2007, 2009-2016 Free Software Foundation, Inc. dnl This file is free software; the Free Software Foundation dnl gives unlimited permission to copy and/or distribute it, dnl with or without modifications, as long as this notice is preserved. @@ -134,7 +134,7 @@ AC_DEFUN([_AC_TYPE_LONG_LONG_SNIPPET], | (ullmax / ull) | (ullmax % ull));]]) ]) -# Copyright (C) 2002-2014 Free Software Foundation, Inc. +# Copyright (C) 2002-2017 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -149,7 +149,7 @@ AC_DEFUN([AM_AUTOMAKE_VERSION], [am__api_version='1.15' dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to dnl require some minimum version. Point them to the right macro. -m4_if([$1], [1.15], [], +m4_if([$1], [1.15.1], [], [AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl ]) @@ -165,12 +165,12 @@ m4_define([_AM_AUTOCONF_VERSION], []) # Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced. # This function is AC_REQUIREd by AM_INIT_AUTOMAKE. AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION], -[AM_AUTOMAKE_VERSION([1.15])dnl +[AM_AUTOMAKE_VERSION([1.15.1])dnl m4_ifndef([AC_AUTOCONF_VERSION], [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl _AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))]) -# Copyright (C) 2011-2014 Free Software Foundation, Inc. +# Copyright (C) 2011-2017 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -232,7 +232,7 @@ AC_SUBST([AR])dnl # AM_AUX_DIR_EXPAND -*- Autoconf -*- -# Copyright (C) 2001-2014 Free Software Foundation, Inc. +# Copyright (C) 2001-2017 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -284,7 +284,7 @@ am_aux_dir=`cd "$ac_aux_dir" && pwd` # AM_CONDITIONAL -*- Autoconf -*- -# Copyright (C) 1997-2014 Free Software Foundation, Inc. +# Copyright (C) 1997-2017 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -315,7 +315,7 @@ AC_CONFIG_COMMANDS_PRE( Usually this means the macro was only invoked conditionally.]]) fi])]) -# Copyright (C) 1999-2014 Free Software Foundation, Inc. +# Copyright (C) 1999-2017 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -506,7 +506,7 @@ _AM_SUBST_NOTMAKE([am__nodep])dnl # Generate code to set up dependency tracking. -*- Autoconf -*- -# Copyright (C) 1999-2014 Free Software Foundation, Inc. +# Copyright (C) 1999-2017 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -582,7 +582,7 @@ AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS], # Do all the work for Automake. -*- Autoconf -*- -# Copyright (C) 1996-2014 Free Software Foundation, Inc. +# Copyright (C) 1996-2017 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -779,7 +779,7 @@ for _am_header in $config_headers :; do done echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count]) -# Copyright (C) 2001-2014 Free Software Foundation, Inc. +# Copyright (C) 2001-2017 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -800,7 +800,7 @@ if test x"${install_sh+set}" != xset; then fi AC_SUBST([install_sh])]) -# Copyright (C) 2003-2014 Free Software Foundation, Inc. +# Copyright (C) 2003-2017 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -822,7 +822,7 @@ AC_SUBST([am__leading_dot])]) # Add --enable-maintainer-mode option to configure. -*- Autoconf -*- # From Jim Meyering -# Copyright (C) 1996-2014 Free Software Foundation, Inc. +# Copyright (C) 1996-2017 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -857,7 +857,7 @@ AC_MSG_CHECKING([whether to enable maintainer-specific portions of Makefiles]) # Check to see how 'make' treats includes. -*- Autoconf -*- -# Copyright (C) 2001-2014 Free Software Foundation, Inc. +# Copyright (C) 2001-2017 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -907,7 +907,7 @@ rm -f confinc confmf # Fake the existence of programs that GNU maintainers use. -*- Autoconf -*- -# Copyright (C) 1997-2014 Free Software Foundation, Inc. +# Copyright (C) 1997-2017 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -946,7 +946,7 @@ fi # Helper functions for option handling. -*- Autoconf -*- -# Copyright (C) 2001-2014 Free Software Foundation, Inc. +# Copyright (C) 2001-2017 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -975,7 +975,7 @@ AC_DEFUN([_AM_SET_OPTIONS], AC_DEFUN([_AM_IF_OPTION], [m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])]) -# Copyright (C) 1999-2014 Free Software Foundation, Inc. +# Copyright (C) 1999-2017 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1022,7 +1022,7 @@ AC_LANG_POP([C])]) # For backward compatibility. AC_DEFUN_ONCE([AM_PROG_CC_C_O], [AC_REQUIRE([AC_PROG_CC])]) -# Copyright (C) 2001-2014 Free Software Foundation, Inc. +# Copyright (C) 2001-2017 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1041,7 +1041,7 @@ AC_DEFUN([AM_RUN_LOG], # Check to make sure that the build environment is sane. -*- Autoconf -*- -# Copyright (C) 1996-2014 Free Software Foundation, Inc. +# Copyright (C) 1996-2017 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1122,7 +1122,7 @@ AC_CONFIG_COMMANDS_PRE( rm -f conftest.file ]) -# Copyright (C) 2009-2014 Free Software Foundation, Inc. +# Copyright (C) 2009-2017 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1182,7 +1182,7 @@ AC_SUBST([AM_BACKSLASH])dnl _AM_SUBST_NOTMAKE([AM_BACKSLASH])dnl ]) -# Copyright (C) 2001-2014 Free Software Foundation, Inc. +# Copyright (C) 2001-2017 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1210,7 +1210,7 @@ fi INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s" AC_SUBST([INSTALL_STRIP_PROGRAM])]) -# Copyright (C) 2006-2014 Free Software Foundation, Inc. +# Copyright (C) 2006-2017 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1229,7 +1229,7 @@ AC_DEFUN([AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE($@)]) # Check how to create a tarball. -*- Autoconf -*- -# Copyright (C) 2004-2014 Free Software Foundation, Inc. +# Copyright (C) 2004-2017 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1360,12 +1360,14 @@ AC_SUBST([am__tar]) AC_SUBST([am__untar]) ]) # _AM_PROG_TAR +m4_include([m4/cc-flags.m4]) m4_include([m4/clang.m4]) m4_include([m4/gssapi.m4]) m4_include([m4/krb5-config.m4]) m4_include([m4/krb5.m4]) m4_include([m4/lib-depends.m4]) m4_include([m4/lib-pathname.m4]) +m4_include([m4/perl.m4]) m4_include([m4/remctl.m4]) m4_include([m4/snprintf.m4]) m4_include([m4/vamacros.m4]) @@ -13,10 +13,15 @@ for doc in client/wallet client/wallet-rekey ; do pod2man --release="$version" --center=wallet \ --name=`basename "$doc" | tr a-z A-Z` "$doc".pod > "$doc".1 done -for doc in contrib/wallet-rekey-periodic contrib/wallet-summary \ - contrib/wallet-unknown-hosts server/keytab-backend \ - server/wallet-admin server/wallet-backend \ - server/wallet-report ; do +for doc in contrib/wallet-rekey-periodic contrib/wallet-summary \ + contrib/wallet-unknown-hosts ; do pod2man --release="$version" --center=wallet --section=8 \ --name=`basename "$doc" | tr a-z A-Z` "$doc" > "$doc".8 done +for doc in server/keytab-backend server/wallet-admin \ + server/wallet-admin server/wallet-backend \ + server/wallet-report ; do + pod2man --release="$version" --center=wallet --section=8 \ + --name=`basename "$doc" | tr a-z A-Z` "$doc.in" > "$doc".8 +done + diff --git a/build-aux/ar-lib b/build-aux/ar-lib index 463b9ec..05094d3 100755 --- a/build-aux/ar-lib +++ b/build-aux/ar-lib @@ -4,7 +4,7 @@ me=ar-lib scriptversion=2012-03-01.08; # UTC -# Copyright (C) 2010-2014 Free Software Foundation, Inc. +# Copyright (C) 2010-2017 Free Software Foundation, Inc. # Written by Peter Rosin <peda@lysator.liu.se>. # # This program is free software; you can redistribute it and/or modify diff --git a/build-aux/depcomp b/build-aux/depcomp index fc98710..b39f98f 100755 --- a/build-aux/depcomp +++ b/build-aux/depcomp @@ -1,9 +1,9 @@ #! /bin/sh # depcomp - compile a program generating dependencies as side-effects -scriptversion=2013-05-30.07; # UTC +scriptversion=2016-01-11.22; # UTC -# Copyright (C) 1999-2014 Free Software Foundation, Inc. +# Copyright (C) 1999-2017 Free Software Foundation, Inc. # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -786,6 +786,6 @@ exit 0 # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "scriptversion=" # time-stamp-format: "%:y-%02m-%02d.%02H" -# time-stamp-time-zone: "UTC" +# time-stamp-time-zone: "UTC0" # time-stamp-end: "; # UTC" # End: diff --git a/client/file.c b/client/file.c index 468eb30..809e78b 100644 --- a/client/file.c +++ b/client/file.c @@ -2,10 +2,10 @@ * File handling for the wallet client. * * Written by Russ Allbery <eagle@eyrie.org> - * Copyright 2007, 2008, 2010 + * Copyright 2007-2008, 2010 * The Board of Trustees of the Leland Stanford Junior University * - * See LICENSE for licensing terms. + * SPDX-License-Identifier: MIT */ #include <config.h> diff --git a/client/internal.h b/client/internal.h index fc0591f..1aed874 100644 --- a/client/internal.h +++ b/client/internal.h @@ -2,10 +2,11 @@ * Internal support functions for the wallet client. * * Written by Russ Allbery <eagle@eyrie.org> - * Copyright 2007, 2008, 2010 + * Copyright 2018 Russ Allbery <eagle@eyrie.org> + * Copyright 2007-2008, 2010 * The Board of Trustees of the Leland Stanford Junior University * - * See LICENSE for licensing terms. + * SPDX-License-Identifier: MIT */ #ifndef CLIENT_INTERNAL_H @@ -41,7 +42,7 @@ struct options { char *server; char *principal; char *user; - int port; + unsigned short port; }; BEGIN_DECLS diff --git a/client/keytab.c b/client/keytab.c index 7bec459..ed1bdb9 100644 --- a/client/keytab.c +++ b/client/keytab.c @@ -2,10 +2,10 @@ * Implementation of keytab handling for the wallet client. * * Written by Russ Allbery <eagle@eyrie.org> - * Copyright 2007, 2008, 2010, 2013, 2014 + * Copyright 2007-2008, 2010, 2013-2014 * The Board of Trustees of the Leland Stanford Junior University * - * See LICENSE for licensing terms. + * SPDX-License-Identifier: MIT */ #include <config.h> diff --git a/client/krb5.c b/client/krb5.c index 345df64..f0c0ff1 100644 --- a/client/krb5.c +++ b/client/krb5.c @@ -6,10 +6,10 @@ * client. * * Written by Russ Allbery <eagle@eyrie.org> - * Copyright 2007, 2008, 2010 + * Copyright 2007-2008, 2010 * The Board of Trustees of the Leland Stanford Junior University * - * See LICENSE for licensing terms. + * SPDX-License-Identifier: MIT */ #include <config.h> diff --git a/client/options.c b/client/options.c index ae88485..7b1f04e 100644 --- a/client/options.c +++ b/client/options.c @@ -5,53 +5,109 @@ * file for both wallet and wallet-rekey. * * Written by Russ Allbery <eagle@eyrie.org> - * Copyright 2006, 2007, 2008, 2010 + * Copyright 2018 Russ Allbery <eagle@eyrie.org> + * Copyright 2006-2008, 2010 * The Board of Trustees of the Leland Stanford Junior University * - * See LICENSE for licensing terms. + * SPDX-License-Identifier: MIT */ #include <config.h> #include <portable/krb5.h> #include <portable/system.h> +#include <errno.h> + #include <client/internal.h> +#include <util/messages.h> /* - * Load a string option from Kerberos appdefaults. This requires an annoying - * workaround because one cannot specify a default value of NULL. + * Load a number option from Kerberos appdefaults. Takes the Kerberos + * context, the realm, the option, and the result location. The native + * interface doesn't support numbers, so we actually read a string and then + * convert. */ static void -default_string(krb5_context ctx, const char *opt, const char *defval, - char **result) +default_number(krb5_context ctx, const char *realm, const char *opt, + long defval, long *result) { - if (defval == NULL) - defval = ""; - krb5_appdefault_string(ctx, "wallet", NULL, opt, defval, result); - if (*result != NULL && (*result)[0] == '\0') { - free(*result); - *result = NULL; + char *tmp = NULL; + char *end; + long value; +#ifdef HAVE_KRB5_REALM + krb5_const_realm rdata = realm; +#else + krb5_data realm_struct; + const krb5_data *rdata; + + if (realm == NULL) + rdata = NULL; + else { + rdata = &realm_struct; + realm_struct.magic = KV5M_DATA; + realm_struct.data = (void *) realm; + realm_struct.length = (unsigned int) strlen(realm); } +#endif + + *result = defval; + krb5_appdefault_string(ctx, "wallet", rdata, opt, "", &tmp); + if (tmp != NULL && tmp[0] != '\0') { + errno = 0; + value = strtol(tmp, &end, 10); + if (errno != 0 || *end != '\0') + warn("invalid number in krb5.conf setting for %s: %s", opt, tmp); + else + *result = value; + } + free(tmp); } /* - * Load a number option from Kerberos appdefaults. The native interface - * doesn't support numbers, so we actually read a string and then convert. + * Load a string option from Kerberos appdefaults. Takes the Kerberos + * context, the realm, the option, and the result location. + * + * This requires an annoying workaround because one cannot specify a default + * value of NULL with MIT Kerberos, since MIT Kerberos unconditionally calls + * strdup on the default value. There's also no way to determine if memory + * allocation failed while parsing or while setting the default value, so we + * don't return an error code. */ static void -default_number(krb5_context ctx, const char *opt, int defval, int *result) +default_string(krb5_context ctx, const char *realm, const char *opt, + const char *defval, char **result) { - char *tmp = NULL; + char *value = NULL; +#ifdef HAVE_KRB5_REALM + krb5_const_realm rdata = realm; +#else + krb5_data realm_struct; + const krb5_data *rdata; - krb5_appdefault_string(ctx, "wallet", NULL, opt, "", &tmp); - if (tmp != NULL && tmp[0] != '\0') - *result = atoi(tmp); - else - *result = defval; - if (tmp != NULL) - free(tmp); + if (realm == NULL) + rdata = NULL; + else { + rdata = &realm_struct; + realm_struct.magic = KV5M_DATA; + realm_struct.data = (void *) realm; + realm_struct.length = (unsigned int) strlen(realm); + } +#endif + + if (defval == NULL) + defval = ""; + krb5_appdefault_string(ctx, "wallet", rdata, opt, defval, &value); + if (value != NULL) { + if (value[0] == '\0') + free(value); + else { + if (*result != NULL) + free(*result); + *result = value; + } + } } @@ -63,9 +119,28 @@ default_number(krb5_context ctx, const char *opt, int defval, int *result) void default_options(krb5_context ctx, struct options *options) { - default_string(ctx, "wallet_type", "wallet", &options->type); - default_string(ctx, "wallet_server", WALLET_SERVER, &options->server); - default_string(ctx, "wallet_principal", NULL, &options->principal); - default_number(ctx, "wallet_port", WALLET_PORT, &options->port); - options->user = NULL; + long port; + char *realm = NULL; + + /* Having no local realm may be intentional, so don't report an error. */ + krb5_get_default_realm(ctx, &realm); + + /* Load the options. */ + default_string(ctx, realm, "wallet_type", "wallet", &options->type); + default_string(ctx, realm, "wallet_server", WALLET_SERVER, + &options->server); + default_string(ctx, realm, "wallet_principal", NULL, &options->principal); + default_number(ctx, realm, "wallet_port", WALLET_PORT, &port); + + /* Additional checks on the option values. */ + if (port != WALLET_PORT && (port <= 0 || port > 65535)) { + warn("invalid number in krb5.conf setting for wallet_port: %ld", port); + options->port = WALLET_PORT; + } else { + options->port = (unsigned short) port; + } + + /* Clean up. */ + if (realm != NULL) + krb5_free_default_realm(ctx, realm); } diff --git a/client/remctl.c b/client/remctl.c index d4cd09e..26d7e8f 100644 --- a/client/remctl.c +++ b/client/remctl.c @@ -5,7 +5,7 @@ * Copyright 2007, 2010 * The Board of Trustees of the Leland Stanford Junior University * - * See LICENSE for licensing terms. + * SPDX-License-Identifier: MIT */ #include <config.h> diff --git a/client/srvtab.c b/client/srvtab.c index 045f56d..2b600c2 100644 --- a/client/srvtab.c +++ b/client/srvtab.c @@ -5,7 +5,7 @@ * Copyright 2007, 2008, 2010 * The Board of Trustees of the Leland Stanford Junior University * - * See LICENSE for licensing terms. + * SPDX-License-Identifier: MIT */ #include <config.h> diff --git a/client/wallet-rekey.1 b/client/wallet-rekey.1 index d596f5f..c9bb847 100644 --- a/client/wallet-rekey.1 +++ b/client/wallet-rekey.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.29) +.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -46,7 +46,7 @@ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" -.\" If the F register is turned on, we'll generate index entries on stderr for +.\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. @@ -54,20 +54,16 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{ -. if \nF \{ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.if !\nF .nr F 0 +.if \nF>0 \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{ -. nr % 0 -. nr F 2 -. \} +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 . \} .\} -.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -133,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "WALLET-REKEY 1" -.TH WALLET-REKEY 1 "2016-01-18" "1.3" "wallet" +.TH WALLET-REKEY 1 "2018-06-03" "1.4" "wallet" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -277,12 +273,14 @@ Copying and distribution of this file, with or without modification, are permitted in any medium without royalty provided the copyright notice and this notice are preserved. This file is offered as-is, without any warranty. +.PP +SPDX-License-Identifier: \s-1FSFAP\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIkadmin\fR\|(8), \fIkinit\fR\|(1), \fIkrb5.conf\fR\|(5), \fIremctl\fR\|(1), \fIremctld\fR\|(8), \fIwallet\fR\|(1) .PP This program is part of the wallet system. The current version is available -from <http://www.eyrie.org/~eagle/software/wallet/>. +from <https://www.eyrie.org/~eagle/software/wallet/>. .PP \&\fBwallet-rekey\fR uses the remctl protocol. For more information about -remctl, see <http://www.eyrie.org/~eagle/software/remctl/>. +remctl, see <https://www.eyrie.org/~eagle/software/remctl/>. diff --git a/client/wallet-rekey.c b/client/wallet-rekey.c index 95cd328..2aedf57 100644 --- a/client/wallet-rekey.c +++ b/client/wallet-rekey.c @@ -3,10 +3,11 @@ * * Written by Russ Allbery <eagle@eyrie.org> * and Jon Robertson <jonrober@stanford.edu> + * Copyright 2018 Russ Allbery <eagle@eyrie.org> * Copyright 2010 * The Board of Trustees of the Leland Stanford Junior University * - * See LICENSE for licensing terms. + * SPDX-License-Identifier: MIT */ #include <config.h> @@ -40,7 +41,7 @@ Options:\n\ /* * Display the usage message for wallet-rekey. */ -static void +static void __attribute__((__noreturn__)) usage(int status) { fprintf((status == 0) ? stdout : stderr, usage_message, WALLET_PORT, @@ -68,6 +69,7 @@ main(int argc, char *argv[]) message_program_name = "wallet"; /* Initialize default configuration. */ + memset(&options, 0, sizeof(options)); retval = krb5_init_context(&ctx); if (retval != 0) die_krb5(ctx, retval, "cannot initialize Kerberos"); @@ -83,13 +85,12 @@ main(int argc, char *argv[]) break; case 'h': usage(0); - break; case 'p': errno = 0; tmp = strtol(optarg, &end, 10); if (tmp <= 0 || tmp > 65535 || *end != '\0') die("invalid port number %s", optarg); - options.port = tmp; + options.port = (unsigned short) tmp; break; case 's': options.server = optarg; @@ -100,10 +101,8 @@ main(int argc, char *argv[]) case 'v': printf("%s\n", PACKAGE_STRING); exit(0); - break; default: usage(1); - break; } } argc -= optind; diff --git a/client/wallet-rekey.pod b/client/wallet-rekey.pod index a36a734..d76420f 100644 --- a/client/wallet-rekey.pod +++ b/client/wallet-rekey.pod @@ -1,6 +1,6 @@ =for stopwords wallet-rekey rekey rekeying keytab -hv Heimdal remctl remctld PKINIT kinit -appdefaults Allbery kadmin +appdefaults Allbery kadmin SPDX-License-Identifier FSFAP =head1 NAME @@ -161,14 +161,16 @@ permitted in any medium without royalty provided the copyright notice and this notice are preserved. This file is offered as-is, without any warranty. +SPDX-License-Identifier: FSFAP + =head1 SEE ALSO kadmin(8), kinit(1), krb5.conf(5), remctl(1), remctld(8), wallet(1) This program is part of the wallet system. The current version is available -from L<http://www.eyrie.org/~eagle/software/wallet/>. +from L<https://www.eyrie.org/~eagle/software/wallet/>. B<wallet-rekey> uses the remctl protocol. For more information about -remctl, see L<http://www.eyrie.org/~eagle/software/remctl/>. +remctl, see L<https://www.eyrie.org/~eagle/software/remctl/>. =cut diff --git a/client/wallet.1 b/client/wallet.1 index 4b5cd83..449cc9e 100644 --- a/client/wallet.1 +++ b/client/wallet.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.29) +.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -46,7 +46,7 @@ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" -.\" If the F register is turned on, we'll generate index entries on stderr for +.\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. @@ -54,20 +54,16 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{ -. if \nF \{ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.if !\nF .nr F 0 +.if \nF>0 \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{ -. nr % 0 -. nr F 2 -. \} +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 . \} .\} -.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -133,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "WALLET 1" -.TH WALLET 1 "2016-01-18" "1.3" "wallet" +.TH WALLET 1 "2018-06-03" "1.4" "wallet" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -273,7 +269,7 @@ administrators. The exceptions are \f(CW\*(C`acl check\*(C'\fR, \f(CW\*(C`check \&\f(CW\*(C`store\*(C'\fR, \f(CW\*(C`show\*(C'\fR, \f(CW\*(C`destroy\*(C'\fR, \f(CW\*(C`flag clear\*(C'\fR, \f(CW\*(C`flag set\*(C'\fR, \f(CW\*(C`getattr\*(C'\fR, \&\f(CW\*(C`setattr\*(C'\fR, and \f(CW\*(C`history\*(C'\fR. \f(CW\*(C`acl check\*(C'\fR and \f(CW\*(C`check\*(C'\fR can be run by anyone. All of the rest of those commands have their own ACLs except -\&\f(CW\*(C`getattr\*(C'\fR and \f(CW\*(C`history\*(C'\fR, which use the \f(CW\*(C`show\*(C'\fR \s-1ACL, \s0\f(CW\*(C`setattr\*(C'\fR, which +\&\f(CW\*(C`getattr\*(C'\fR and \f(CW\*(C`history\*(C'\fR, which use the \f(CW\*(C`show\*(C'\fR \s-1ACL,\s0 \f(CW\*(C`setattr\*(C'\fR, which uses the \f(CW\*(C`store\*(C'\fR \s-1ACL,\s0 and \f(CW\*(C`comment\*(C'\fR, which uses the owner or \f(CW\*(C`show\*(C'\fR \s-1ACL\s0 depending on whether one is setting or retrieving the comment. If the appropriate \s-1ACL\s0 is set, it alone is checked to see if the user has access. @@ -314,7 +310,7 @@ or the \s-1ACL\s0 destruction will fail. The special \s-1ACL\s0 named \f(CW\*(C be destroyed. .IP "acl history <id>" 4 .IX Item "acl history <id>" -Display the history of the \s-1ACL\s0 <id>. Each change to the \s-1ACL \s0(not +Display the history of the \s-1ACL\s0 <id>. Each change to the \s-1ACL\s0 (not including changes to the name of the \s-1ACL\s0) will be represented by two lines. The first line will have a timestamp of the change followed by a description of the change, and the second line will give the user who made @@ -323,16 +319,16 @@ the change and the host from which the change was made. .IX Item "acl remove <id> <scheme> <identifier>" Remove the entry with <scheme> and <identifier> from the \s-1ACL\s0 <id>. <id> may be either the name of an \s-1ACL\s0 or its numeric identifier. The last -entry in the special \s-1ACL \s0\f(CW\*(C`ADMIN\*(C'\fR cannot be removed to protect against +entry in the special \s-1ACL\s0 \f(CW\*(C`ADMIN\*(C'\fR cannot be removed to protect against accidental lockout, but administrators can remove themselves from the -\&\f(CW\*(C`ADMIN\*(C'\fR \s-1ACL\s0 and can leave only a non-functioning entry on the \s-1ACL. \s0 Use +\&\f(CW\*(C`ADMIN\*(C'\fR \s-1ACL\s0 and can leave only a non-functioning entry on the \s-1ACL.\s0 Use caution when removing entries from the \f(CW\*(C`ADMIN\*(C'\fR \s-1ACL.\s0 .IP "acl rename <id> <name>" 4 .IX Item "acl rename <id> <name>" Renames the \s-1ACL\s0 identified by <id> to <name>. This changes the human-readable name, not the underlying numeric \s-1ID,\s0 so the \s-1ACL\s0's associations with objects will be unchanged. The \f(CW\*(C`ADMIN\*(C'\fR \s-1ACL\s0 may not be -renamed. <id> may be either the current name or the numeric \s-1ID. \s0 <name> +renamed. <id> may be either the current name or the numeric \s-1ID.\s0 <name> must not be all-numeric. To rename an \s-1ACL,\s0 the current user must be authorized by the \f(CW\*(C`ADMIN\*(C'\fR \s-1ACL.\s0 .IP "acl replace <id> <new\-id>" 4 @@ -342,7 +338,7 @@ Find any objects owned by <id>, and then change their ownership to some objects owned by it. <id> is not deleted afterwards, though in most cases that is probably your next step. The \f(CW\*(C`ADMIN\*(C'\fR \s-1ACL\s0 may not be replaced from. <id> and <new\-id> may be either the current name or the -numeric \s-1ID. \s0 To replace an \s-1ACL,\s0 the current user must be authorized by +numeric \s-1ID.\s0 To replace an \s-1ACL,\s0 the current user must be authorized by the \f(CW\*(C`ADMIN\*(C'\fR \s-1ACL.\s0 .IP "acl show <id>" 4 .IX Item "acl show <id>" @@ -419,7 +415,7 @@ Prints the \s-1ACL\s0 <acl>, which must be one of \f(CW\*(C`get\*(C'\fR, \f(CW\* \&\f(CW\*(C`destroy\*(C'\fR, or \f(CW\*(C`flags\*(C'\fR, for the object identified by <type> and <name>. Prints \f(CW\*(C`No ACL set\*(C'\fR if that \s-1ACL\s0 isn't set on that object. Remember that if the \f(CW\*(C`get\*(C'\fR, \f(CW\*(C`store\*(C'\fR, or \f(CW\*(C`show\*(C'\fR ACLs aren't set, authorization falls -back to checking the owner \s-1ACL. \s0 See the \f(CW\*(C`owner\*(C'\fR command for displaying +back to checking the owner \s-1ACL.\s0 See the \f(CW\*(C`owner\*(C'\fR command for displaying or setting it. .IP "getattr <type> <name> <attr>" 4 .IX Item "getattr <type> <name> <attr>" @@ -558,19 +554,21 @@ overrides this setting. Russ Allbery <eagle@eyrie.org> .SH "COPYRIGHT AND LICENSE" .IX Header "COPYRIGHT AND LICENSE" -Copyright 2007, 2008, 2010, 2011, 2012, 2013 The Board of Trustees of the -Leland Stanford Junior University +Copyright 2007\-2008, 2010\-2013 The Board of Trustees of the Leland +Stanford Junior University .PP Copying and distribution of this file, with or without modification, are permitted in any medium without royalty provided the copyright notice and this notice are preserved. This file is offered as-is, without any warranty. +.PP +SPDX-License-Identifier: \s-1FSFAP\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIkadmin\fR\|(8), \fIkinit\fR\|(1), \fIkrb5.conf\fR\|(5), \fIremctl\fR\|(1), \fIremctld\fR\|(8) .PP This program is part of the wallet system. The current version is available -from <http://www.eyrie.org/~eagle/software/wallet/>. +from <https://www.eyrie.org/~eagle/software/wallet/>. .PP \&\fBwallet\fR uses the remctl protocol. For more information about remctl, -see <http://www.eyrie.org/~eagle/software/remctl/>. +see <https://www.eyrie.org/~eagle/software/remctl/>. diff --git a/client/wallet.c b/client/wallet.c index c3b039f..194f1f5 100644 --- a/client/wallet.c +++ b/client/wallet.c @@ -2,10 +2,11 @@ * The client program for the wallet system. * * Written by Russ Allbery <eagle@eyrie.org> - * Copyright 2006, 2007, 2008, 2010, 2014 + * Copyright 2018 Russ Allbery <eagle@eyrie.org> + * Copyright 2006-2008, 2010, 2014 * The Board of Trustees of the Leland Stanford Junior University * - * See LICENSE for licensing terms. + * SPDX-License-Identifier: MIT */ #include <config.h> @@ -44,7 +45,7 @@ Options:\n\ /* * Display the usage message for wallet. */ -static void +static void __attribute__((__noreturn__)) usage(int status) { fprintf((status == 0) ? stdout : stderr, usage_message, WALLET_PORT, @@ -75,6 +76,7 @@ main(int argc, char *argv[]) message_program_name = "wallet"; /* Initialize default configuration. */ + memset(&options, 0, sizeof(options)); retval = krb5_init_context(&ctx); if (retval != 0) die_krb5(ctx, retval, "cannot initialize Kerberos"); @@ -93,13 +95,12 @@ main(int argc, char *argv[]) break; case 'h': usage(0); - break; case 'p': errno = 0; tmp = strtol(optarg, &end, 10); if (tmp <= 0 || tmp > 65535 || *end != '\0') die("invalid port number %s", optarg); - options.port = tmp; + options.port = (unsigned short) tmp; break; case 'S': srvtab = optarg; @@ -113,10 +114,8 @@ main(int argc, char *argv[]) case 'v': printf("%s\n", PACKAGE_STRING); exit(0); - break; default: usage(1); - break; } } argc -= optind; diff --git a/client/wallet.pod b/client/wallet.pod index 672f0e4..63336db 100644 --- a/client/wallet.pod +++ b/client/wallet.pod @@ -2,6 +2,7 @@ -hv srvtab arg keytabs metadata keytab ACL PTS kinit klist remctl PKINIT acl timestamp autocreate backend-specific setacl enctypes enctype ktadd KDC appdefaults remctld Allbery uuencode getacl backend ACL's DES +SPDX-License-Identifier FSFAP =head1 NAME @@ -487,22 +488,24 @@ Russ Allbery <eagle@eyrie.org> =head1 COPYRIGHT AND LICENSE -Copyright 2007, 2008, 2010, 2011, 2012, 2013 The Board of Trustees of the -Leland Stanford Junior University +Copyright 2007-2008, 2010-2013 The Board of Trustees of the Leland +Stanford Junior University Copying and distribution of this file, with or without modification, are permitted in any medium without royalty provided the copyright notice and this notice are preserved. This file is offered as-is, without any warranty. +SPDX-License-Identifier: FSFAP + =head1 SEE ALSO kadmin(8), kinit(1), krb5.conf(5), remctl(1), remctld(8) This program is part of the wallet system. The current version is available -from L<http://www.eyrie.org/~eagle/software/wallet/>. +from L<https://www.eyrie.org/~eagle/software/wallet/>. B<wallet> uses the remctl protocol. For more information about remctl, -see L<http://www.eyrie.org/~eagle/software/remctl/>. +see L<https://www.eyrie.org/~eagle/software/remctl/>. =cut diff --git a/config.h.in b/config.h.in index fb9dc50..4f98d04 100644 --- a/config.h.in +++ b/config.h.in @@ -39,6 +39,9 @@ /* Define to 1 if you have the <inttypes.h> header file. */ #undef HAVE_INTTYPES_H +/* Define to 1 if you have the <k5profile.h> header file. */ +#undef HAVE_K5PROFILE_H + /* Define to 1 if you have the <kerberosv5/com_err.h> header file. */ #undef HAVE_KERBEROSV5_COM_ERR_H @@ -48,6 +51,12 @@ /* Define to enable Kerberos features. */ #undef HAVE_KRB5 +/* Define to 1 if you have the `krb5_appdefault_string' function. */ +#undef HAVE_KRB5_APPDEFAULT_STRING + +/* Define to 1 if you have the `krb5_free_default_realm' function. */ +#undef HAVE_KRB5_FREE_DEFAULT_REALM + /* Define to 1 if you have the `krb5_free_error_message' function. */ #undef HAVE_KRB5_FREE_ERROR_MESSAGE @@ -73,6 +82,9 @@ function. */ #undef HAVE_KRB5_GET_INIT_CREDS_OPT_SET_DEFAULT_FLAGS +/* Define to 1 if you have the `krb5_get_profile' function. */ +#undef HAVE_KRB5_GET_PROFILE + /* Define to 1 if you have the <krb5.h> header file. */ #undef HAVE_KRB5_H @@ -85,6 +97,9 @@ /* Define to 1 if you have the `krb5_principal_get_realm' function. */ #undef HAVE_KRB5_PRINCIPAL_GET_REALM +/* Define to 1 if the system has the type `krb5_realm'. */ +#undef HAVE_KRB5_REALM + /* Define to 1 if you have the `krb5_svc_get_msg' function. */ #undef HAVE_KRB5_SVC_GET_MSG @@ -97,6 +112,9 @@ /* Define to 1 if you have the `mkstemp' function. */ #undef HAVE_MKSTEMP +/* Define to 1 if you have the <profile.h> header file. */ +#undef HAVE_PROFILE_H + /* Define to 1 if you have the `reallocarray' function. */ #undef HAVE_REALLOCARRAY @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for wallet 1.3. +# Generated by GNU Autoconf 2.69 for wallet 1.4. # # Report bugs to <eagle@eyrie.org>. # @@ -580,8 +580,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='wallet' PACKAGE_TARNAME='wallet' -PACKAGE_VERSION='1.3' -PACKAGE_STRING='wallet 1.3' +PACKAGE_VERSION='1.4' +PACKAGE_STRING='wallet 1.4' PACKAGE_BUGREPORT='eagle@eyrie.org' PACKAGE_URL='' @@ -625,10 +625,6 @@ ac_includes_default="\ ac_subst_vars='am__EXEEXT_FALSE am__EXEEXT_TRUE LTLIBOBJS -WARNINGS_CLANG_FALSE -WARNINGS_CLANG_TRUE -WARNINGS_GCC_FALSE -WARNINGS_GCC_TRUE REMCTLD LIBOBJS KRB5_USES_COM_ERR_FALSE @@ -644,9 +640,11 @@ GSSAPI_CPPFLAGS REMCTL_LIBS REMCTL_LDFLAGS REMCTL_CPPFLAGS +PERL RANLIB ac_ct_AR AR +WARNINGS_CFLAGS EGREP GREP CPP @@ -765,6 +763,7 @@ LDFLAGS LIBS CPPFLAGS CPP +PERL PATH_KRB5_CONFIG REMCTLD' @@ -1317,7 +1316,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures wallet 1.3 to adapt to many kinds of systems. +\`configure' configures wallet 1.4 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1384,7 +1383,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of wallet 1.3:";; + short | recursive ) echo "Configuration of wallet 1.4:";; esac cat <<\_ACEOF @@ -1432,6 +1431,7 @@ Some influential environment variables: CPPFLAGS (Objective) C/C++ preprocessor flags, e.g. -I<include dir> if you have headers in a nonstandard directory <include dir> CPP C preprocessor + PERL Location of Perl interpreter PATH_KRB5_CONFIG Path to krb5-config REMCTLD Path to the remctld binary @@ -1502,7 +1502,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -wallet configure 1.3 +wallet configure 1.4 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2097,121 +2097,121 @@ $as_echo "$ac_res" >&6; } } # ac_fn_c_check_decl -# ac_fn_c_check_member LINENO AGGR MEMBER VAR INCLUDES -# ---------------------------------------------------- -# Tries to find if the field MEMBER exists in type AGGR, after including -# INCLUDES, setting cache variable VAR accordingly. -ac_fn_c_check_member () +# ac_fn_c_check_type LINENO TYPE VAR INCLUDES +# ------------------------------------------- +# Tests whether TYPE exists after having included INCLUDES, setting cache +# variable VAR accordingly. +ac_fn_c_check_type () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2.$3" >&5 -$as_echo_n "checking for $2.$3... " >&6; } -if eval \${$4+:} false; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 +$as_echo_n "checking for $2... " >&6; } +if eval \${$3+:} false; then : $as_echo_n "(cached) " >&6 else + eval "$3=no" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -$5 +$4 int main () { -static $2 ac_aggr; -if (ac_aggr.$3) -return 0; +if (sizeof ($2)) + return 0; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : - eval "$4=yes" -else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -$5 +$4 int main () { -static $2 ac_aggr; -if (sizeof ac_aggr.$3) -return 0; +if (sizeof (($2))) + return 0; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : - eval "$4=yes" + else - eval "$4=no" + eval "$3=yes" fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -eval ac_res=\$$4 +eval ac_res=\$$3 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno -} # ac_fn_c_check_member +} # ac_fn_c_check_type -# ac_fn_c_check_type LINENO TYPE VAR INCLUDES -# ------------------------------------------- -# Tests whether TYPE exists after having included INCLUDES, setting cache -# variable VAR accordingly. -ac_fn_c_check_type () +# ac_fn_c_check_member LINENO AGGR MEMBER VAR INCLUDES +# ---------------------------------------------------- +# Tries to find if the field MEMBER exists in type AGGR, after including +# INCLUDES, setting cache variable VAR accordingly. +ac_fn_c_check_member () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 -$as_echo_n "checking for $2... " >&6; } -if eval \${$3+:} false; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2.$3" >&5 +$as_echo_n "checking for $2.$3... " >&6; } +if eval \${$4+:} false; then : $as_echo_n "(cached) " >&6 else - eval "$3=no" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -$4 +$5 int main () { -if (sizeof ($2)) - return 0; +static $2 ac_aggr; +if (ac_aggr.$3) +return 0; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : + eval "$4=yes" +else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -$4 +$5 int main () { -if (sizeof (($2))) - return 0; +static $2 ac_aggr; +if (sizeof ac_aggr.$3) +return 0; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : - + eval "$4=yes" else - eval "$3=yes" + eval "$4=no" fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -eval ac_res=\$$3 +eval ac_res=\$$4 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno -} # ac_fn_c_check_type +} # ac_fn_c_check_member cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by wallet $as_me 1.3, which was +It was created by wallet $as_me 1.4, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -3076,7 +3076,7 @@ fi # Define the identity of the package. PACKAGE='wallet' - VERSION='1.3' + VERSION='1.4' cat >>confdefs.h <<_ACEOF @@ -3195,6 +3195,7 @@ fi + ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' @@ -4718,6 +4719,2043 @@ $as_echo "$rra_cv_prog_cc_clang" >&6; } if test x"$rra_cv_prog_cc_clang" = xyes; then : CLANG=yes fi + + if test x"$CLANG" = xyes; then : + WARNINGS_CFLAGS="-Werror" + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Weverything" >&5 +$as_echo_n "checking if $CC supports -Weverything... " >&6; } + if ${rra_cv_compiler_c__Weverything+:} false; then : + $as_echo_n "(cached) " >&6 +else + save_CFLAGS=$CFLAGS + case -Weverything in #( + -Wno-*) : + CFLAGS="$CFLAGS `echo "-Weverything" | sed 's/-Wno-/-W/'`" ;; #( + *) : + CFLAGS="$CFLAGS -Weverything" ;; #( + *) : + ;; +esac + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ +int foo = 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + rra_cv_compiler_c__Weverything=yes +else + rra_cv_compiler_c__Weverything=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + CFLAGS=$save_CFLAGS +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $rra_cv_compiler_c__Weverything" >&5 +$as_echo "$rra_cv_compiler_c__Weverything" >&6; } + if test x"$rra_cv_compiler_c__Weverything" = xyes; then : + WARNINGS_CFLAGS="${WARNINGS_CFLAGS} -Weverything" +fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wno-cast-qual" >&5 +$as_echo_n "checking if $CC supports -Wno-cast-qual... " >&6; } + if ${rra_cv_compiler_c__Wno_cast_qual+:} false; then : + $as_echo_n "(cached) " >&6 +else + save_CFLAGS=$CFLAGS + case -Wno-cast-qual in #( + -Wno-*) : + CFLAGS="$CFLAGS `echo "-Wno-cast-qual" | sed 's/-Wno-/-W/'`" ;; #( + *) : + CFLAGS="$CFLAGS -Wno-cast-qual" ;; #( + *) : + ;; +esac + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ +int foo = 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + rra_cv_compiler_c__Wno_cast_qual=yes +else + rra_cv_compiler_c__Wno_cast_qual=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + CFLAGS=$save_CFLAGS +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $rra_cv_compiler_c__Wno_cast_qual" >&5 +$as_echo "$rra_cv_compiler_c__Wno_cast_qual" >&6; } + if test x"$rra_cv_compiler_c__Wno_cast_qual" = xyes; then : + WARNINGS_CFLAGS="${WARNINGS_CFLAGS} -Wno-cast-qual" +fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wno-disabled-macro-expansion" >&5 +$as_echo_n "checking if $CC supports -Wno-disabled-macro-expansion... " >&6; } + if ${rra_cv_compiler_c__Wno_disabled_macro_expansion+:} false; then : + $as_echo_n "(cached) " >&6 +else + save_CFLAGS=$CFLAGS + case -Wno-disabled-macro-expansion in #( + -Wno-*) : + CFLAGS="$CFLAGS `echo "-Wno-disabled-macro-expansion" | sed 's/-Wno-/-W/'`" ;; #( + *) : + CFLAGS="$CFLAGS -Wno-disabled-macro-expansion" ;; #( + *) : + ;; +esac + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ +int foo = 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + rra_cv_compiler_c__Wno_disabled_macro_expansion=yes +else + rra_cv_compiler_c__Wno_disabled_macro_expansion=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + CFLAGS=$save_CFLAGS +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $rra_cv_compiler_c__Wno_disabled_macro_expansion" >&5 +$as_echo "$rra_cv_compiler_c__Wno_disabled_macro_expansion" >&6; } + if test x"$rra_cv_compiler_c__Wno_disabled_macro_expansion" = xyes; then : + WARNINGS_CFLAGS="${WARNINGS_CFLAGS} -Wno-disabled-macro-expansion" +fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wno-padded" >&5 +$as_echo_n "checking if $CC supports -Wno-padded... " >&6; } + if ${rra_cv_compiler_c__Wno_padded+:} false; then : + $as_echo_n "(cached) " >&6 +else + save_CFLAGS=$CFLAGS + case -Wno-padded in #( + -Wno-*) : + CFLAGS="$CFLAGS `echo "-Wno-padded" | sed 's/-Wno-/-W/'`" ;; #( + *) : + CFLAGS="$CFLAGS -Wno-padded" ;; #( + *) : + ;; +esac + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ +int foo = 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + rra_cv_compiler_c__Wno_padded=yes +else + rra_cv_compiler_c__Wno_padded=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + CFLAGS=$save_CFLAGS +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $rra_cv_compiler_c__Wno_padded" >&5 +$as_echo "$rra_cv_compiler_c__Wno_padded" >&6; } + if test x"$rra_cv_compiler_c__Wno_padded" = xyes; then : + WARNINGS_CFLAGS="${WARNINGS_CFLAGS} -Wno-padded" +fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wno-sign-conversion" >&5 +$as_echo_n "checking if $CC supports -Wno-sign-conversion... " >&6; } + if ${rra_cv_compiler_c__Wno_sign_conversion+:} false; then : + $as_echo_n "(cached) " >&6 +else + save_CFLAGS=$CFLAGS + case -Wno-sign-conversion in #( + -Wno-*) : + CFLAGS="$CFLAGS `echo "-Wno-sign-conversion" | sed 's/-Wno-/-W/'`" ;; #( + *) : + CFLAGS="$CFLAGS -Wno-sign-conversion" ;; #( + *) : + ;; +esac + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ +int foo = 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + rra_cv_compiler_c__Wno_sign_conversion=yes +else + rra_cv_compiler_c__Wno_sign_conversion=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + CFLAGS=$save_CFLAGS +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $rra_cv_compiler_c__Wno_sign_conversion" >&5 +$as_echo "$rra_cv_compiler_c__Wno_sign_conversion" >&6; } + if test x"$rra_cv_compiler_c__Wno_sign_conversion" = xyes; then : + WARNINGS_CFLAGS="${WARNINGS_CFLAGS} -Wno-sign-conversion" +fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wno-reserved-id-macro" >&5 +$as_echo_n "checking if $CC supports -Wno-reserved-id-macro... " >&6; } + if ${rra_cv_compiler_c__Wno_reserved_id_macro+:} false; then : + $as_echo_n "(cached) " >&6 +else + save_CFLAGS=$CFLAGS + case -Wno-reserved-id-macro in #( + -Wno-*) : + CFLAGS="$CFLAGS `echo "-Wno-reserved-id-macro" | sed 's/-Wno-/-W/'`" ;; #( + *) : + CFLAGS="$CFLAGS -Wno-reserved-id-macro" ;; #( + *) : + ;; +esac + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ +int foo = 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + rra_cv_compiler_c__Wno_reserved_id_macro=yes +else + rra_cv_compiler_c__Wno_reserved_id_macro=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + CFLAGS=$save_CFLAGS +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $rra_cv_compiler_c__Wno_reserved_id_macro" >&5 +$as_echo "$rra_cv_compiler_c__Wno_reserved_id_macro" >&6; } + if test x"$rra_cv_compiler_c__Wno_reserved_id_macro" = xyes; then : + WARNINGS_CFLAGS="${WARNINGS_CFLAGS} -Wno-reserved-id-macro" +fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wno-tautological-pointer-compare" >&5 +$as_echo_n "checking if $CC supports -Wno-tautological-pointer-compare... " >&6; } + if ${rra_cv_compiler_c__Wno_tautological_pointer_compare+:} false; then : + $as_echo_n "(cached) " >&6 +else + save_CFLAGS=$CFLAGS + case -Wno-tautological-pointer-compare in #( + -Wno-*) : + CFLAGS="$CFLAGS `echo "-Wno-tautological-pointer-compare" | sed 's/-Wno-/-W/'`" ;; #( + *) : + CFLAGS="$CFLAGS -Wno-tautological-pointer-compare" ;; #( + *) : + ;; +esac + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ +int foo = 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + rra_cv_compiler_c__Wno_tautological_pointer_compare=yes +else + rra_cv_compiler_c__Wno_tautological_pointer_compare=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + CFLAGS=$save_CFLAGS +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $rra_cv_compiler_c__Wno_tautological_pointer_compare" >&5 +$as_echo "$rra_cv_compiler_c__Wno_tautological_pointer_compare" >&6; } + if test x"$rra_cv_compiler_c__Wno_tautological_pointer_compare" = xyes; then : + WARNINGS_CFLAGS="${WARNINGS_CFLAGS} -Wno-tautological-pointer-compare" +fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wno-undef" >&5 +$as_echo_n "checking if $CC supports -Wno-undef... " >&6; } + if ${rra_cv_compiler_c__Wno_undef+:} false; then : + $as_echo_n "(cached) " >&6 +else + save_CFLAGS=$CFLAGS + case -Wno-undef in #( + -Wno-*) : + CFLAGS="$CFLAGS `echo "-Wno-undef" | sed 's/-Wno-/-W/'`" ;; #( + *) : + CFLAGS="$CFLAGS -Wno-undef" ;; #( + *) : + ;; +esac + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ +int foo = 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + rra_cv_compiler_c__Wno_undef=yes +else + rra_cv_compiler_c__Wno_undef=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + CFLAGS=$save_CFLAGS +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $rra_cv_compiler_c__Wno_undef" >&5 +$as_echo "$rra_cv_compiler_c__Wno_undef" >&6; } + if test x"$rra_cv_compiler_c__Wno_undef" = xyes; then : + WARNINGS_CFLAGS="${WARNINGS_CFLAGS} -Wno-undef" +fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wno-unreachable-code" >&5 +$as_echo_n "checking if $CC supports -Wno-unreachable-code... " >&6; } + if ${rra_cv_compiler_c__Wno_unreachable_code+:} false; then : + $as_echo_n "(cached) " >&6 +else + save_CFLAGS=$CFLAGS + case -Wno-unreachable-code in #( + -Wno-*) : + CFLAGS="$CFLAGS `echo "-Wno-unreachable-code" | sed 's/-Wno-/-W/'`" ;; #( + *) : + CFLAGS="$CFLAGS -Wno-unreachable-code" ;; #( + *) : + ;; +esac + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ +int foo = 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + rra_cv_compiler_c__Wno_unreachable_code=yes +else + rra_cv_compiler_c__Wno_unreachable_code=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + CFLAGS=$save_CFLAGS +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $rra_cv_compiler_c__Wno_unreachable_code" >&5 +$as_echo "$rra_cv_compiler_c__Wno_unreachable_code" >&6; } + if test x"$rra_cv_compiler_c__Wno_unreachable_code" = xyes; then : + WARNINGS_CFLAGS="${WARNINGS_CFLAGS} -Wno-unreachable-code" +fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wno-unreachable-code-return" >&5 +$as_echo_n "checking if $CC supports -Wno-unreachable-code-return... " >&6; } + if ${rra_cv_compiler_c__Wno_unreachable_code_return+:} false; then : + $as_echo_n "(cached) " >&6 +else + save_CFLAGS=$CFLAGS + case -Wno-unreachable-code-return in #( + -Wno-*) : + CFLAGS="$CFLAGS `echo "-Wno-unreachable-code-return" | sed 's/-Wno-/-W/'`" ;; #( + *) : + CFLAGS="$CFLAGS -Wno-unreachable-code-return" ;; #( + *) : + ;; +esac + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ +int foo = 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + rra_cv_compiler_c__Wno_unreachable_code_return=yes +else + rra_cv_compiler_c__Wno_unreachable_code_return=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + CFLAGS=$save_CFLAGS +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $rra_cv_compiler_c__Wno_unreachable_code_return" >&5 +$as_echo "$rra_cv_compiler_c__Wno_unreachable_code_return" >&6; } + if test x"$rra_cv_compiler_c__Wno_unreachable_code_return" = xyes; then : + WARNINGS_CFLAGS="${WARNINGS_CFLAGS} -Wno-unreachable-code-return" +fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wno-unused-macros" >&5 +$as_echo_n "checking if $CC supports -Wno-unused-macros... " >&6; } + if ${rra_cv_compiler_c__Wno_unused_macros+:} false; then : + $as_echo_n "(cached) " >&6 +else + save_CFLAGS=$CFLAGS + case -Wno-unused-macros in #( + -Wno-*) : + CFLAGS="$CFLAGS `echo "-Wno-unused-macros" | sed 's/-Wno-/-W/'`" ;; #( + *) : + CFLAGS="$CFLAGS -Wno-unused-macros" ;; #( + *) : + ;; +esac + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ +int foo = 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + rra_cv_compiler_c__Wno_unused_macros=yes +else + rra_cv_compiler_c__Wno_unused_macros=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + CFLAGS=$save_CFLAGS +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $rra_cv_compiler_c__Wno_unused_macros" >&5 +$as_echo "$rra_cv_compiler_c__Wno_unused_macros" >&6; } + if test x"$rra_cv_compiler_c__Wno_unused_macros" = xyes; then : + WARNINGS_CFLAGS="${WARNINGS_CFLAGS} -Wno-unused-macros" +fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wno-used-but-marked-unused" >&5 +$as_echo_n "checking if $CC supports -Wno-used-but-marked-unused... " >&6; } + if ${rra_cv_compiler_c__Wno_used_but_marked_unused+:} false; then : + $as_echo_n "(cached) " >&6 +else + save_CFLAGS=$CFLAGS + case -Wno-used-but-marked-unused in #( + -Wno-*) : + CFLAGS="$CFLAGS `echo "-Wno-used-but-marked-unused" | sed 's/-Wno-/-W/'`" ;; #( + *) : + CFLAGS="$CFLAGS -Wno-used-but-marked-unused" ;; #( + *) : + ;; +esac + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ +int foo = 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + rra_cv_compiler_c__Wno_used_but_marked_unused=yes +else + rra_cv_compiler_c__Wno_used_but_marked_unused=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + CFLAGS=$save_CFLAGS +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $rra_cv_compiler_c__Wno_used_but_marked_unused" >&5 +$as_echo "$rra_cv_compiler_c__Wno_used_but_marked_unused" >&6; } + if test x"$rra_cv_compiler_c__Wno_used_but_marked_unused" = xyes; then : + WARNINGS_CFLAGS="${WARNINGS_CFLAGS} -Wno-used-but-marked-unused" +fi +else + WARNINGS_CFLAGS="-g -O2 -D_FORTIFY_SOURCE=2 -Werror" + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -fstrict-overflow" >&5 +$as_echo_n "checking if $CC supports -fstrict-overflow... " >&6; } + if ${rra_cv_compiler_c__fstrict_overflow+:} false; then : + $as_echo_n "(cached) " >&6 +else + save_CFLAGS=$CFLAGS + case -fstrict-overflow in #( + -Wno-*) : + CFLAGS="$CFLAGS `echo "-fstrict-overflow" | sed 's/-Wno-/-W/'`" ;; #( + *) : + CFLAGS="$CFLAGS -fstrict-overflow" ;; #( + *) : + ;; +esac + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ +int foo = 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + rra_cv_compiler_c__fstrict_overflow=yes +else + rra_cv_compiler_c__fstrict_overflow=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + CFLAGS=$save_CFLAGS +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $rra_cv_compiler_c__fstrict_overflow" >&5 +$as_echo "$rra_cv_compiler_c__fstrict_overflow" >&6; } + if test x"$rra_cv_compiler_c__fstrict_overflow" = xyes; then : + WARNINGS_CFLAGS="${WARNINGS_CFLAGS} -fstrict-overflow" +fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -fstrict-aliasing" >&5 +$as_echo_n "checking if $CC supports -fstrict-aliasing... " >&6; } + if ${rra_cv_compiler_c__fstrict_aliasing+:} false; then : + $as_echo_n "(cached) " >&6 +else + save_CFLAGS=$CFLAGS + case -fstrict-aliasing in #( + -Wno-*) : + CFLAGS="$CFLAGS `echo "-fstrict-aliasing" | sed 's/-Wno-/-W/'`" ;; #( + *) : + CFLAGS="$CFLAGS -fstrict-aliasing" ;; #( + *) : + ;; +esac + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ +int foo = 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + rra_cv_compiler_c__fstrict_aliasing=yes +else + rra_cv_compiler_c__fstrict_aliasing=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + CFLAGS=$save_CFLAGS +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $rra_cv_compiler_c__fstrict_aliasing" >&5 +$as_echo "$rra_cv_compiler_c__fstrict_aliasing" >&6; } + if test x"$rra_cv_compiler_c__fstrict_aliasing" = xyes; then : + WARNINGS_CFLAGS="${WARNINGS_CFLAGS} -fstrict-aliasing" +fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wall" >&5 +$as_echo_n "checking if $CC supports -Wall... " >&6; } + if ${rra_cv_compiler_c__Wall+:} false; then : + $as_echo_n "(cached) " >&6 +else + save_CFLAGS=$CFLAGS + case -Wall in #( + -Wno-*) : + CFLAGS="$CFLAGS `echo "-Wall" | sed 's/-Wno-/-W/'`" ;; #( + *) : + CFLAGS="$CFLAGS -Wall" ;; #( + *) : + ;; +esac + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ +int foo = 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + rra_cv_compiler_c__Wall=yes +else + rra_cv_compiler_c__Wall=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + CFLAGS=$save_CFLAGS +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $rra_cv_compiler_c__Wall" >&5 +$as_echo "$rra_cv_compiler_c__Wall" >&6; } + if test x"$rra_cv_compiler_c__Wall" = xyes; then : + WARNINGS_CFLAGS="${WARNINGS_CFLAGS} -Wall" +fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wextra" >&5 +$as_echo_n "checking if $CC supports -Wextra... " >&6; } + if ${rra_cv_compiler_c__Wextra+:} false; then : + $as_echo_n "(cached) " >&6 +else + save_CFLAGS=$CFLAGS + case -Wextra in #( + -Wno-*) : + CFLAGS="$CFLAGS `echo "-Wextra" | sed 's/-Wno-/-W/'`" ;; #( + *) : + CFLAGS="$CFLAGS -Wextra" ;; #( + *) : + ;; +esac + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ +int foo = 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + rra_cv_compiler_c__Wextra=yes +else + rra_cv_compiler_c__Wextra=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + CFLAGS=$save_CFLAGS +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $rra_cv_compiler_c__Wextra" >&5 +$as_echo "$rra_cv_compiler_c__Wextra" >&6; } + if test x"$rra_cv_compiler_c__Wextra" = xyes; then : + WARNINGS_CFLAGS="${WARNINGS_CFLAGS} -Wextra" +fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wformat=2" >&5 +$as_echo_n "checking if $CC supports -Wformat=2... " >&6; } + if ${rra_cv_compiler_c__Wformat_2+:} false; then : + $as_echo_n "(cached) " >&6 +else + save_CFLAGS=$CFLAGS + case -Wformat=2 in #( + -Wno-*) : + CFLAGS="$CFLAGS `echo "-Wformat=2" | sed 's/-Wno-/-W/'`" ;; #( + *) : + CFLAGS="$CFLAGS -Wformat=2" ;; #( + *) : + ;; +esac + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ +int foo = 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + rra_cv_compiler_c__Wformat_2=yes +else + rra_cv_compiler_c__Wformat_2=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + CFLAGS=$save_CFLAGS +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $rra_cv_compiler_c__Wformat_2" >&5 +$as_echo "$rra_cv_compiler_c__Wformat_2" >&6; } + if test x"$rra_cv_compiler_c__Wformat_2" = xyes; then : + WARNINGS_CFLAGS="${WARNINGS_CFLAGS} -Wformat=2" +fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wformat-overflow=2" >&5 +$as_echo_n "checking if $CC supports -Wformat-overflow=2... " >&6; } + if ${rra_cv_compiler_c__Wformat_overflow_2+:} false; then : + $as_echo_n "(cached) " >&6 +else + save_CFLAGS=$CFLAGS + case -Wformat-overflow=2 in #( + -Wno-*) : + CFLAGS="$CFLAGS `echo "-Wformat-overflow=2" | sed 's/-Wno-/-W/'`" ;; #( + *) : + CFLAGS="$CFLAGS -Wformat-overflow=2" ;; #( + *) : + ;; +esac + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ +int foo = 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + rra_cv_compiler_c__Wformat_overflow_2=yes +else + rra_cv_compiler_c__Wformat_overflow_2=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + CFLAGS=$save_CFLAGS +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $rra_cv_compiler_c__Wformat_overflow_2" >&5 +$as_echo "$rra_cv_compiler_c__Wformat_overflow_2" >&6; } + if test x"$rra_cv_compiler_c__Wformat_overflow_2" = xyes; then : + WARNINGS_CFLAGS="${WARNINGS_CFLAGS} -Wformat-overflow=2" +fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wformat-signedness" >&5 +$as_echo_n "checking if $CC supports -Wformat-signedness... " >&6; } + if ${rra_cv_compiler_c__Wformat_signedness+:} false; then : + $as_echo_n "(cached) " >&6 +else + save_CFLAGS=$CFLAGS + case -Wformat-signedness in #( + -Wno-*) : + CFLAGS="$CFLAGS `echo "-Wformat-signedness" | sed 's/-Wno-/-W/'`" ;; #( + *) : + CFLAGS="$CFLAGS -Wformat-signedness" ;; #( + *) : + ;; +esac + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ +int foo = 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + rra_cv_compiler_c__Wformat_signedness=yes +else + rra_cv_compiler_c__Wformat_signedness=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + CFLAGS=$save_CFLAGS +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $rra_cv_compiler_c__Wformat_signedness" >&5 +$as_echo "$rra_cv_compiler_c__Wformat_signedness" >&6; } + if test x"$rra_cv_compiler_c__Wformat_signedness" = xyes; then : + WARNINGS_CFLAGS="${WARNINGS_CFLAGS} -Wformat-signedness" +fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wformat-truncation=2" >&5 +$as_echo_n "checking if $CC supports -Wformat-truncation=2... " >&6; } + if ${rra_cv_compiler_c__Wformat_truncation_2+:} false; then : + $as_echo_n "(cached) " >&6 +else + save_CFLAGS=$CFLAGS + case -Wformat-truncation=2 in #( + -Wno-*) : + CFLAGS="$CFLAGS `echo "-Wformat-truncation=2" | sed 's/-Wno-/-W/'`" ;; #( + *) : + CFLAGS="$CFLAGS -Wformat-truncation=2" ;; #( + *) : + ;; +esac + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ +int foo = 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + rra_cv_compiler_c__Wformat_truncation_2=yes +else + rra_cv_compiler_c__Wformat_truncation_2=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + CFLAGS=$save_CFLAGS +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $rra_cv_compiler_c__Wformat_truncation_2" >&5 +$as_echo "$rra_cv_compiler_c__Wformat_truncation_2" >&6; } + if test x"$rra_cv_compiler_c__Wformat_truncation_2" = xyes; then : + WARNINGS_CFLAGS="${WARNINGS_CFLAGS} -Wformat-truncation=2" +fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wnull-dereference" >&5 +$as_echo_n "checking if $CC supports -Wnull-dereference... " >&6; } + if ${rra_cv_compiler_c__Wnull_dereference+:} false; then : + $as_echo_n "(cached) " >&6 +else + save_CFLAGS=$CFLAGS + case -Wnull-dereference in #( + -Wno-*) : + CFLAGS="$CFLAGS `echo "-Wnull-dereference" | sed 's/-Wno-/-W/'`" ;; #( + *) : + CFLAGS="$CFLAGS -Wnull-dereference" ;; #( + *) : + ;; +esac + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ +int foo = 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + rra_cv_compiler_c__Wnull_dereference=yes +else + rra_cv_compiler_c__Wnull_dereference=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + CFLAGS=$save_CFLAGS +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $rra_cv_compiler_c__Wnull_dereference" >&5 +$as_echo "$rra_cv_compiler_c__Wnull_dereference" >&6; } + if test x"$rra_cv_compiler_c__Wnull_dereference" = xyes; then : + WARNINGS_CFLAGS="${WARNINGS_CFLAGS} -Wnull-dereference" +fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Winit-self" >&5 +$as_echo_n "checking if $CC supports -Winit-self... " >&6; } + if ${rra_cv_compiler_c__Winit_self+:} false; then : + $as_echo_n "(cached) " >&6 +else + save_CFLAGS=$CFLAGS + case -Winit-self in #( + -Wno-*) : + CFLAGS="$CFLAGS `echo "-Winit-self" | sed 's/-Wno-/-W/'`" ;; #( + *) : + CFLAGS="$CFLAGS -Winit-self" ;; #( + *) : + ;; +esac + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ +int foo = 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + rra_cv_compiler_c__Winit_self=yes +else + rra_cv_compiler_c__Winit_self=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + CFLAGS=$save_CFLAGS +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $rra_cv_compiler_c__Winit_self" >&5 +$as_echo "$rra_cv_compiler_c__Winit_self" >&6; } + if test x"$rra_cv_compiler_c__Winit_self" = xyes; then : + WARNINGS_CFLAGS="${WARNINGS_CFLAGS} -Winit-self" +fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wswitch-enum" >&5 +$as_echo_n "checking if $CC supports -Wswitch-enum... " >&6; } + if ${rra_cv_compiler_c__Wswitch_enum+:} false; then : + $as_echo_n "(cached) " >&6 +else + save_CFLAGS=$CFLAGS + case -Wswitch-enum in #( + -Wno-*) : + CFLAGS="$CFLAGS `echo "-Wswitch-enum" | sed 's/-Wno-/-W/'`" ;; #( + *) : + CFLAGS="$CFLAGS -Wswitch-enum" ;; #( + *) : + ;; +esac + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ +int foo = 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + rra_cv_compiler_c__Wswitch_enum=yes +else + rra_cv_compiler_c__Wswitch_enum=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + CFLAGS=$save_CFLAGS +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $rra_cv_compiler_c__Wswitch_enum" >&5 +$as_echo "$rra_cv_compiler_c__Wswitch_enum" >&6; } + if test x"$rra_cv_compiler_c__Wswitch_enum" = xyes; then : + WARNINGS_CFLAGS="${WARNINGS_CFLAGS} -Wswitch-enum" +fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wstrict-overflow=5" >&5 +$as_echo_n "checking if $CC supports -Wstrict-overflow=5... " >&6; } + if ${rra_cv_compiler_c__Wstrict_overflow_5+:} false; then : + $as_echo_n "(cached) " >&6 +else + save_CFLAGS=$CFLAGS + case -Wstrict-overflow=5 in #( + -Wno-*) : + CFLAGS="$CFLAGS `echo "-Wstrict-overflow=5" | sed 's/-Wno-/-W/'`" ;; #( + *) : + CFLAGS="$CFLAGS -Wstrict-overflow=5" ;; #( + *) : + ;; +esac + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ +int foo = 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + rra_cv_compiler_c__Wstrict_overflow_5=yes +else + rra_cv_compiler_c__Wstrict_overflow_5=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + CFLAGS=$save_CFLAGS +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $rra_cv_compiler_c__Wstrict_overflow_5" >&5 +$as_echo "$rra_cv_compiler_c__Wstrict_overflow_5" >&6; } + if test x"$rra_cv_compiler_c__Wstrict_overflow_5" = xyes; then : + WARNINGS_CFLAGS="${WARNINGS_CFLAGS} -Wstrict-overflow=5" +fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wmissing-format-attribute" >&5 +$as_echo_n "checking if $CC supports -Wmissing-format-attribute... " >&6; } + if ${rra_cv_compiler_c__Wmissing_format_attribute+:} false; then : + $as_echo_n "(cached) " >&6 +else + save_CFLAGS=$CFLAGS + case -Wmissing-format-attribute in #( + -Wno-*) : + CFLAGS="$CFLAGS `echo "-Wmissing-format-attribute" | sed 's/-Wno-/-W/'`" ;; #( + *) : + CFLAGS="$CFLAGS -Wmissing-format-attribute" ;; #( + *) : + ;; +esac + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ +int foo = 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + rra_cv_compiler_c__Wmissing_format_attribute=yes +else + rra_cv_compiler_c__Wmissing_format_attribute=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + CFLAGS=$save_CFLAGS +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $rra_cv_compiler_c__Wmissing_format_attribute" >&5 +$as_echo "$rra_cv_compiler_c__Wmissing_format_attribute" >&6; } + if test x"$rra_cv_compiler_c__Wmissing_format_attribute" = xyes; then : + WARNINGS_CFLAGS="${WARNINGS_CFLAGS} -Wmissing-format-attribute" +fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Walloc-zero" >&5 +$as_echo_n "checking if $CC supports -Walloc-zero... " >&6; } + if ${rra_cv_compiler_c__Walloc_zero+:} false; then : + $as_echo_n "(cached) " >&6 +else + save_CFLAGS=$CFLAGS + case -Walloc-zero in #( + -Wno-*) : + CFLAGS="$CFLAGS `echo "-Walloc-zero" | sed 's/-Wno-/-W/'`" ;; #( + *) : + CFLAGS="$CFLAGS -Walloc-zero" ;; #( + *) : + ;; +esac + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ +int foo = 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + rra_cv_compiler_c__Walloc_zero=yes +else + rra_cv_compiler_c__Walloc_zero=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + CFLAGS=$save_CFLAGS +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $rra_cv_compiler_c__Walloc_zero" >&5 +$as_echo "$rra_cv_compiler_c__Walloc_zero" >&6; } + if test x"$rra_cv_compiler_c__Walloc_zero" = xyes; then : + WARNINGS_CFLAGS="${WARNINGS_CFLAGS} -Walloc-zero" +fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wduplicated-branches" >&5 +$as_echo_n "checking if $CC supports -Wduplicated-branches... " >&6; } + if ${rra_cv_compiler_c__Wduplicated_branches+:} false; then : + $as_echo_n "(cached) " >&6 +else + save_CFLAGS=$CFLAGS + case -Wduplicated-branches in #( + -Wno-*) : + CFLAGS="$CFLAGS `echo "-Wduplicated-branches" | sed 's/-Wno-/-W/'`" ;; #( + *) : + CFLAGS="$CFLAGS -Wduplicated-branches" ;; #( + *) : + ;; +esac + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ +int foo = 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + rra_cv_compiler_c__Wduplicated_branches=yes +else + rra_cv_compiler_c__Wduplicated_branches=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + CFLAGS=$save_CFLAGS +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $rra_cv_compiler_c__Wduplicated_branches" >&5 +$as_echo "$rra_cv_compiler_c__Wduplicated_branches" >&6; } + if test x"$rra_cv_compiler_c__Wduplicated_branches" = xyes; then : + WARNINGS_CFLAGS="${WARNINGS_CFLAGS} -Wduplicated-branches" +fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wduplicated-cond" >&5 +$as_echo_n "checking if $CC supports -Wduplicated-cond... " >&6; } + if ${rra_cv_compiler_c__Wduplicated_cond+:} false; then : + $as_echo_n "(cached) " >&6 +else + save_CFLAGS=$CFLAGS + case -Wduplicated-cond in #( + -Wno-*) : + CFLAGS="$CFLAGS `echo "-Wduplicated-cond" | sed 's/-Wno-/-W/'`" ;; #( + *) : + CFLAGS="$CFLAGS -Wduplicated-cond" ;; #( + *) : + ;; +esac + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ +int foo = 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + rra_cv_compiler_c__Wduplicated_cond=yes +else + rra_cv_compiler_c__Wduplicated_cond=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + CFLAGS=$save_CFLAGS +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $rra_cv_compiler_c__Wduplicated_cond" >&5 +$as_echo "$rra_cv_compiler_c__Wduplicated_cond" >&6; } + if test x"$rra_cv_compiler_c__Wduplicated_cond" = xyes; then : + WARNINGS_CFLAGS="${WARNINGS_CFLAGS} -Wduplicated-cond" +fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wtrampolines" >&5 +$as_echo_n "checking if $CC supports -Wtrampolines... " >&6; } + if ${rra_cv_compiler_c__Wtrampolines+:} false; then : + $as_echo_n "(cached) " >&6 +else + save_CFLAGS=$CFLAGS + case -Wtrampolines in #( + -Wno-*) : + CFLAGS="$CFLAGS `echo "-Wtrampolines" | sed 's/-Wno-/-W/'`" ;; #( + *) : + CFLAGS="$CFLAGS -Wtrampolines" ;; #( + *) : + ;; +esac + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ +int foo = 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + rra_cv_compiler_c__Wtrampolines=yes +else + rra_cv_compiler_c__Wtrampolines=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + CFLAGS=$save_CFLAGS +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $rra_cv_compiler_c__Wtrampolines" >&5 +$as_echo "$rra_cv_compiler_c__Wtrampolines" >&6; } + if test x"$rra_cv_compiler_c__Wtrampolines" = xyes; then : + WARNINGS_CFLAGS="${WARNINGS_CFLAGS} -Wtrampolines" +fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wfloat-equal" >&5 +$as_echo_n "checking if $CC supports -Wfloat-equal... " >&6; } + if ${rra_cv_compiler_c__Wfloat_equal+:} false; then : + $as_echo_n "(cached) " >&6 +else + save_CFLAGS=$CFLAGS + case -Wfloat-equal in #( + -Wno-*) : + CFLAGS="$CFLAGS `echo "-Wfloat-equal" | sed 's/-Wno-/-W/'`" ;; #( + *) : + CFLAGS="$CFLAGS -Wfloat-equal" ;; #( + *) : + ;; +esac + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ +int foo = 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + rra_cv_compiler_c__Wfloat_equal=yes +else + rra_cv_compiler_c__Wfloat_equal=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + CFLAGS=$save_CFLAGS +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $rra_cv_compiler_c__Wfloat_equal" >&5 +$as_echo "$rra_cv_compiler_c__Wfloat_equal" >&6; } + if test x"$rra_cv_compiler_c__Wfloat_equal" = xyes; then : + WARNINGS_CFLAGS="${WARNINGS_CFLAGS} -Wfloat-equal" +fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wdeclaration-after-statement" >&5 +$as_echo_n "checking if $CC supports -Wdeclaration-after-statement... " >&6; } + if ${rra_cv_compiler_c__Wdeclaration_after_statement+:} false; then : + $as_echo_n "(cached) " >&6 +else + save_CFLAGS=$CFLAGS + case -Wdeclaration-after-statement in #( + -Wno-*) : + CFLAGS="$CFLAGS `echo "-Wdeclaration-after-statement" | sed 's/-Wno-/-W/'`" ;; #( + *) : + CFLAGS="$CFLAGS -Wdeclaration-after-statement" ;; #( + *) : + ;; +esac + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ +int foo = 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + rra_cv_compiler_c__Wdeclaration_after_statement=yes +else + rra_cv_compiler_c__Wdeclaration_after_statement=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + CFLAGS=$save_CFLAGS +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $rra_cv_compiler_c__Wdeclaration_after_statement" >&5 +$as_echo "$rra_cv_compiler_c__Wdeclaration_after_statement" >&6; } + if test x"$rra_cv_compiler_c__Wdeclaration_after_statement" = xyes; then : + WARNINGS_CFLAGS="${WARNINGS_CFLAGS} -Wdeclaration-after-statement" +fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wshadow" >&5 +$as_echo_n "checking if $CC supports -Wshadow... " >&6; } + if ${rra_cv_compiler_c__Wshadow+:} false; then : + $as_echo_n "(cached) " >&6 +else + save_CFLAGS=$CFLAGS + case -Wshadow in #( + -Wno-*) : + CFLAGS="$CFLAGS `echo "-Wshadow" | sed 's/-Wno-/-W/'`" ;; #( + *) : + CFLAGS="$CFLAGS -Wshadow" ;; #( + *) : + ;; +esac + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ +int foo = 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + rra_cv_compiler_c__Wshadow=yes +else + rra_cv_compiler_c__Wshadow=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + CFLAGS=$save_CFLAGS +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $rra_cv_compiler_c__Wshadow" >&5 +$as_echo "$rra_cv_compiler_c__Wshadow" >&6; } + if test x"$rra_cv_compiler_c__Wshadow" = xyes; then : + WARNINGS_CFLAGS="${WARNINGS_CFLAGS} -Wshadow" +fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wpointer-arith" >&5 +$as_echo_n "checking if $CC supports -Wpointer-arith... " >&6; } + if ${rra_cv_compiler_c__Wpointer_arith+:} false; then : + $as_echo_n "(cached) " >&6 +else + save_CFLAGS=$CFLAGS + case -Wpointer-arith in #( + -Wno-*) : + CFLAGS="$CFLAGS `echo "-Wpointer-arith" | sed 's/-Wno-/-W/'`" ;; #( + *) : + CFLAGS="$CFLAGS -Wpointer-arith" ;; #( + *) : + ;; +esac + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ +int foo = 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + rra_cv_compiler_c__Wpointer_arith=yes +else + rra_cv_compiler_c__Wpointer_arith=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + CFLAGS=$save_CFLAGS +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $rra_cv_compiler_c__Wpointer_arith" >&5 +$as_echo "$rra_cv_compiler_c__Wpointer_arith" >&6; } + if test x"$rra_cv_compiler_c__Wpointer_arith" = xyes; then : + WARNINGS_CFLAGS="${WARNINGS_CFLAGS} -Wpointer-arith" +fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wbad-function-cast" >&5 +$as_echo_n "checking if $CC supports -Wbad-function-cast... " >&6; } + if ${rra_cv_compiler_c__Wbad_function_cast+:} false; then : + $as_echo_n "(cached) " >&6 +else + save_CFLAGS=$CFLAGS + case -Wbad-function-cast in #( + -Wno-*) : + CFLAGS="$CFLAGS `echo "-Wbad-function-cast" | sed 's/-Wno-/-W/'`" ;; #( + *) : + CFLAGS="$CFLAGS -Wbad-function-cast" ;; #( + *) : + ;; +esac + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ +int foo = 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + rra_cv_compiler_c__Wbad_function_cast=yes +else + rra_cv_compiler_c__Wbad_function_cast=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + CFLAGS=$save_CFLAGS +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $rra_cv_compiler_c__Wbad_function_cast" >&5 +$as_echo "$rra_cv_compiler_c__Wbad_function_cast" >&6; } + if test x"$rra_cv_compiler_c__Wbad_function_cast" = xyes; then : + WARNINGS_CFLAGS="${WARNINGS_CFLAGS} -Wbad-function-cast" +fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wcast-align" >&5 +$as_echo_n "checking if $CC supports -Wcast-align... " >&6; } + if ${rra_cv_compiler_c__Wcast_align+:} false; then : + $as_echo_n "(cached) " >&6 +else + save_CFLAGS=$CFLAGS + case -Wcast-align in #( + -Wno-*) : + CFLAGS="$CFLAGS `echo "-Wcast-align" | sed 's/-Wno-/-W/'`" ;; #( + *) : + CFLAGS="$CFLAGS -Wcast-align" ;; #( + *) : + ;; +esac + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ +int foo = 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + rra_cv_compiler_c__Wcast_align=yes +else + rra_cv_compiler_c__Wcast_align=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + CFLAGS=$save_CFLAGS +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $rra_cv_compiler_c__Wcast_align" >&5 +$as_echo "$rra_cv_compiler_c__Wcast_align" >&6; } + if test x"$rra_cv_compiler_c__Wcast_align" = xyes; then : + WARNINGS_CFLAGS="${WARNINGS_CFLAGS} -Wcast-align" +fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wwrite-strings" >&5 +$as_echo_n "checking if $CC supports -Wwrite-strings... " >&6; } + if ${rra_cv_compiler_c__Wwrite_strings+:} false; then : + $as_echo_n "(cached) " >&6 +else + save_CFLAGS=$CFLAGS + case -Wwrite-strings in #( + -Wno-*) : + CFLAGS="$CFLAGS `echo "-Wwrite-strings" | sed 's/-Wno-/-W/'`" ;; #( + *) : + CFLAGS="$CFLAGS -Wwrite-strings" ;; #( + *) : + ;; +esac + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ +int foo = 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + rra_cv_compiler_c__Wwrite_strings=yes +else + rra_cv_compiler_c__Wwrite_strings=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + CFLAGS=$save_CFLAGS +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $rra_cv_compiler_c__Wwrite_strings" >&5 +$as_echo "$rra_cv_compiler_c__Wwrite_strings" >&6; } + if test x"$rra_cv_compiler_c__Wwrite_strings" = xyes; then : + WARNINGS_CFLAGS="${WARNINGS_CFLAGS} -Wwrite-strings" +fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wconversion" >&5 +$as_echo_n "checking if $CC supports -Wconversion... " >&6; } + if ${rra_cv_compiler_c__Wconversion+:} false; then : + $as_echo_n "(cached) " >&6 +else + save_CFLAGS=$CFLAGS + case -Wconversion in #( + -Wno-*) : + CFLAGS="$CFLAGS `echo "-Wconversion" | sed 's/-Wno-/-W/'`" ;; #( + *) : + CFLAGS="$CFLAGS -Wconversion" ;; #( + *) : + ;; +esac + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ +int foo = 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + rra_cv_compiler_c__Wconversion=yes +else + rra_cv_compiler_c__Wconversion=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + CFLAGS=$save_CFLAGS +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $rra_cv_compiler_c__Wconversion" >&5 +$as_echo "$rra_cv_compiler_c__Wconversion" >&6; } + if test x"$rra_cv_compiler_c__Wconversion" = xyes; then : + WARNINGS_CFLAGS="${WARNINGS_CFLAGS} -Wconversion" +fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wno-sign-conversion" >&5 +$as_echo_n "checking if $CC supports -Wno-sign-conversion... " >&6; } + if ${rra_cv_compiler_c__Wno_sign_conversion+:} false; then : + $as_echo_n "(cached) " >&6 +else + save_CFLAGS=$CFLAGS + case -Wno-sign-conversion in #( + -Wno-*) : + CFLAGS="$CFLAGS `echo "-Wno-sign-conversion" | sed 's/-Wno-/-W/'`" ;; #( + *) : + CFLAGS="$CFLAGS -Wno-sign-conversion" ;; #( + *) : + ;; +esac + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ +int foo = 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + rra_cv_compiler_c__Wno_sign_conversion=yes +else + rra_cv_compiler_c__Wno_sign_conversion=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + CFLAGS=$save_CFLAGS +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $rra_cv_compiler_c__Wno_sign_conversion" >&5 +$as_echo "$rra_cv_compiler_c__Wno_sign_conversion" >&6; } + if test x"$rra_cv_compiler_c__Wno_sign_conversion" = xyes; then : + WARNINGS_CFLAGS="${WARNINGS_CFLAGS} -Wno-sign-conversion" +fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wdate-time" >&5 +$as_echo_n "checking if $CC supports -Wdate-time... " >&6; } + if ${rra_cv_compiler_c__Wdate_time+:} false; then : + $as_echo_n "(cached) " >&6 +else + save_CFLAGS=$CFLAGS + case -Wdate-time in #( + -Wno-*) : + CFLAGS="$CFLAGS `echo "-Wdate-time" | sed 's/-Wno-/-W/'`" ;; #( + *) : + CFLAGS="$CFLAGS -Wdate-time" ;; #( + *) : + ;; +esac + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ +int foo = 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + rra_cv_compiler_c__Wdate_time=yes +else + rra_cv_compiler_c__Wdate_time=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + CFLAGS=$save_CFLAGS +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $rra_cv_compiler_c__Wdate_time" >&5 +$as_echo "$rra_cv_compiler_c__Wdate_time" >&6; } + if test x"$rra_cv_compiler_c__Wdate_time" = xyes; then : + WARNINGS_CFLAGS="${WARNINGS_CFLAGS} -Wdate-time" +fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wjump-misses-init" >&5 +$as_echo_n "checking if $CC supports -Wjump-misses-init... " >&6; } + if ${rra_cv_compiler_c__Wjump_misses_init+:} false; then : + $as_echo_n "(cached) " >&6 +else + save_CFLAGS=$CFLAGS + case -Wjump-misses-init in #( + -Wno-*) : + CFLAGS="$CFLAGS `echo "-Wjump-misses-init" | sed 's/-Wno-/-W/'`" ;; #( + *) : + CFLAGS="$CFLAGS -Wjump-misses-init" ;; #( + *) : + ;; +esac + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ +int foo = 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + rra_cv_compiler_c__Wjump_misses_init=yes +else + rra_cv_compiler_c__Wjump_misses_init=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + CFLAGS=$save_CFLAGS +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $rra_cv_compiler_c__Wjump_misses_init" >&5 +$as_echo "$rra_cv_compiler_c__Wjump_misses_init" >&6; } + if test x"$rra_cv_compiler_c__Wjump_misses_init" = xyes; then : + WARNINGS_CFLAGS="${WARNINGS_CFLAGS} -Wjump-misses-init" +fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wlogical-op" >&5 +$as_echo_n "checking if $CC supports -Wlogical-op... " >&6; } + if ${rra_cv_compiler_c__Wlogical_op+:} false; then : + $as_echo_n "(cached) " >&6 +else + save_CFLAGS=$CFLAGS + case -Wlogical-op in #( + -Wno-*) : + CFLAGS="$CFLAGS `echo "-Wlogical-op" | sed 's/-Wno-/-W/'`" ;; #( + *) : + CFLAGS="$CFLAGS -Wlogical-op" ;; #( + *) : + ;; +esac + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ +int foo = 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + rra_cv_compiler_c__Wlogical_op=yes +else + rra_cv_compiler_c__Wlogical_op=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + CFLAGS=$save_CFLAGS +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $rra_cv_compiler_c__Wlogical_op" >&5 +$as_echo "$rra_cv_compiler_c__Wlogical_op" >&6; } + if test x"$rra_cv_compiler_c__Wlogical_op" = xyes; then : + WARNINGS_CFLAGS="${WARNINGS_CFLAGS} -Wlogical-op" +fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wstrict-prototypes" >&5 +$as_echo_n "checking if $CC supports -Wstrict-prototypes... " >&6; } + if ${rra_cv_compiler_c__Wstrict_prototypes+:} false; then : + $as_echo_n "(cached) " >&6 +else + save_CFLAGS=$CFLAGS + case -Wstrict-prototypes in #( + -Wno-*) : + CFLAGS="$CFLAGS `echo "-Wstrict-prototypes" | sed 's/-Wno-/-W/'`" ;; #( + *) : + CFLAGS="$CFLAGS -Wstrict-prototypes" ;; #( + *) : + ;; +esac + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ +int foo = 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + rra_cv_compiler_c__Wstrict_prototypes=yes +else + rra_cv_compiler_c__Wstrict_prototypes=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + CFLAGS=$save_CFLAGS +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $rra_cv_compiler_c__Wstrict_prototypes" >&5 +$as_echo "$rra_cv_compiler_c__Wstrict_prototypes" >&6; } + if test x"$rra_cv_compiler_c__Wstrict_prototypes" = xyes; then : + WARNINGS_CFLAGS="${WARNINGS_CFLAGS} -Wstrict-prototypes" +fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wold-style-definition" >&5 +$as_echo_n "checking if $CC supports -Wold-style-definition... " >&6; } + if ${rra_cv_compiler_c__Wold_style_definition+:} false; then : + $as_echo_n "(cached) " >&6 +else + save_CFLAGS=$CFLAGS + case -Wold-style-definition in #( + -Wno-*) : + CFLAGS="$CFLAGS `echo "-Wold-style-definition" | sed 's/-Wno-/-W/'`" ;; #( + *) : + CFLAGS="$CFLAGS -Wold-style-definition" ;; #( + *) : + ;; +esac + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ +int foo = 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + rra_cv_compiler_c__Wold_style_definition=yes +else + rra_cv_compiler_c__Wold_style_definition=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + CFLAGS=$save_CFLAGS +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $rra_cv_compiler_c__Wold_style_definition" >&5 +$as_echo "$rra_cv_compiler_c__Wold_style_definition" >&6; } + if test x"$rra_cv_compiler_c__Wold_style_definition" = xyes; then : + WARNINGS_CFLAGS="${WARNINGS_CFLAGS} -Wold-style-definition" +fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wmissing-prototypes" >&5 +$as_echo_n "checking if $CC supports -Wmissing-prototypes... " >&6; } + if ${rra_cv_compiler_c__Wmissing_prototypes+:} false; then : + $as_echo_n "(cached) " >&6 +else + save_CFLAGS=$CFLAGS + case -Wmissing-prototypes in #( + -Wno-*) : + CFLAGS="$CFLAGS `echo "-Wmissing-prototypes" | sed 's/-Wno-/-W/'`" ;; #( + *) : + CFLAGS="$CFLAGS -Wmissing-prototypes" ;; #( + *) : + ;; +esac + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ +int foo = 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + rra_cv_compiler_c__Wmissing_prototypes=yes +else + rra_cv_compiler_c__Wmissing_prototypes=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + CFLAGS=$save_CFLAGS +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $rra_cv_compiler_c__Wmissing_prototypes" >&5 +$as_echo "$rra_cv_compiler_c__Wmissing_prototypes" >&6; } + if test x"$rra_cv_compiler_c__Wmissing_prototypes" = xyes; then : + WARNINGS_CFLAGS="${WARNINGS_CFLAGS} -Wmissing-prototypes" +fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wmissing-declarations" >&5 +$as_echo_n "checking if $CC supports -Wmissing-declarations... " >&6; } + if ${rra_cv_compiler_c__Wmissing_declarations+:} false; then : + $as_echo_n "(cached) " >&6 +else + save_CFLAGS=$CFLAGS + case -Wmissing-declarations in #( + -Wno-*) : + CFLAGS="$CFLAGS `echo "-Wmissing-declarations" | sed 's/-Wno-/-W/'`" ;; #( + *) : + CFLAGS="$CFLAGS -Wmissing-declarations" ;; #( + *) : + ;; +esac + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ +int foo = 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + rra_cv_compiler_c__Wmissing_declarations=yes +else + rra_cv_compiler_c__Wmissing_declarations=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + CFLAGS=$save_CFLAGS +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $rra_cv_compiler_c__Wmissing_declarations" >&5 +$as_echo "$rra_cv_compiler_c__Wmissing_declarations" >&6; } + if test x"$rra_cv_compiler_c__Wmissing_declarations" = xyes; then : + WARNINGS_CFLAGS="${WARNINGS_CFLAGS} -Wmissing-declarations" +fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wnormalized=nfc" >&5 +$as_echo_n "checking if $CC supports -Wnormalized=nfc... " >&6; } + if ${rra_cv_compiler_c__Wnormalized_nfc+:} false; then : + $as_echo_n "(cached) " >&6 +else + save_CFLAGS=$CFLAGS + case -Wnormalized=nfc in #( + -Wno-*) : + CFLAGS="$CFLAGS `echo "-Wnormalized=nfc" | sed 's/-Wno-/-W/'`" ;; #( + *) : + CFLAGS="$CFLAGS -Wnormalized=nfc" ;; #( + *) : + ;; +esac + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ +int foo = 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + rra_cv_compiler_c__Wnormalized_nfc=yes +else + rra_cv_compiler_c__Wnormalized_nfc=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + CFLAGS=$save_CFLAGS +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $rra_cv_compiler_c__Wnormalized_nfc" >&5 +$as_echo "$rra_cv_compiler_c__Wnormalized_nfc" >&6; } + if test x"$rra_cv_compiler_c__Wnormalized_nfc" = xyes; then : + WARNINGS_CFLAGS="${WARNINGS_CFLAGS} -Wnormalized=nfc" +fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wpacked" >&5 +$as_echo_n "checking if $CC supports -Wpacked... " >&6; } + if ${rra_cv_compiler_c__Wpacked+:} false; then : + $as_echo_n "(cached) " >&6 +else + save_CFLAGS=$CFLAGS + case -Wpacked in #( + -Wno-*) : + CFLAGS="$CFLAGS `echo "-Wpacked" | sed 's/-Wno-/-W/'`" ;; #( + *) : + CFLAGS="$CFLAGS -Wpacked" ;; #( + *) : + ;; +esac + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ +int foo = 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + rra_cv_compiler_c__Wpacked=yes +else + rra_cv_compiler_c__Wpacked=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + CFLAGS=$save_CFLAGS +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $rra_cv_compiler_c__Wpacked" >&5 +$as_echo "$rra_cv_compiler_c__Wpacked" >&6; } + if test x"$rra_cv_compiler_c__Wpacked" = xyes; then : + WARNINGS_CFLAGS="${WARNINGS_CFLAGS} -Wpacked" +fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wredundant-decls" >&5 +$as_echo_n "checking if $CC supports -Wredundant-decls... " >&6; } + if ${rra_cv_compiler_c__Wredundant_decls+:} false; then : + $as_echo_n "(cached) " >&6 +else + save_CFLAGS=$CFLAGS + case -Wredundant-decls in #( + -Wno-*) : + CFLAGS="$CFLAGS `echo "-Wredundant-decls" | sed 's/-Wno-/-W/'`" ;; #( + *) : + CFLAGS="$CFLAGS -Wredundant-decls" ;; #( + *) : + ;; +esac + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ +int foo = 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + rra_cv_compiler_c__Wredundant_decls=yes +else + rra_cv_compiler_c__Wredundant_decls=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + CFLAGS=$save_CFLAGS +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $rra_cv_compiler_c__Wredundant_decls" >&5 +$as_echo "$rra_cv_compiler_c__Wredundant_decls" >&6; } + if test x"$rra_cv_compiler_c__Wredundant_decls" = xyes; then : + WARNINGS_CFLAGS="${WARNINGS_CFLAGS} -Wredundant-decls" +fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wrestrict" >&5 +$as_echo_n "checking if $CC supports -Wrestrict... " >&6; } + if ${rra_cv_compiler_c__Wrestrict+:} false; then : + $as_echo_n "(cached) " >&6 +else + save_CFLAGS=$CFLAGS + case -Wrestrict in #( + -Wno-*) : + CFLAGS="$CFLAGS `echo "-Wrestrict" | sed 's/-Wno-/-W/'`" ;; #( + *) : + CFLAGS="$CFLAGS -Wrestrict" ;; #( + *) : + ;; +esac + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ +int foo = 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + rra_cv_compiler_c__Wrestrict=yes +else + rra_cv_compiler_c__Wrestrict=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + CFLAGS=$save_CFLAGS +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $rra_cv_compiler_c__Wrestrict" >&5 +$as_echo "$rra_cv_compiler_c__Wrestrict" >&6; } + if test x"$rra_cv_compiler_c__Wrestrict" = xyes; then : + WARNINGS_CFLAGS="${WARNINGS_CFLAGS} -Wrestrict" +fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wnested-externs" >&5 +$as_echo_n "checking if $CC supports -Wnested-externs... " >&6; } + if ${rra_cv_compiler_c__Wnested_externs+:} false; then : + $as_echo_n "(cached) " >&6 +else + save_CFLAGS=$CFLAGS + case -Wnested-externs in #( + -Wno-*) : + CFLAGS="$CFLAGS `echo "-Wnested-externs" | sed 's/-Wno-/-W/'`" ;; #( + *) : + CFLAGS="$CFLAGS -Wnested-externs" ;; #( + *) : + ;; +esac + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ +int foo = 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + rra_cv_compiler_c__Wnested_externs=yes +else + rra_cv_compiler_c__Wnested_externs=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + CFLAGS=$save_CFLAGS +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $rra_cv_compiler_c__Wnested_externs" >&5 +$as_echo "$rra_cv_compiler_c__Wnested_externs" >&6; } + if test x"$rra_cv_compiler_c__Wnested_externs" = xyes; then : + WARNINGS_CFLAGS="${WARNINGS_CFLAGS} -Wnested-externs" +fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Winline" >&5 +$as_echo_n "checking if $CC supports -Winline... " >&6; } + if ${rra_cv_compiler_c__Winline+:} false; then : + $as_echo_n "(cached) " >&6 +else + save_CFLAGS=$CFLAGS + case -Winline in #( + -Wno-*) : + CFLAGS="$CFLAGS `echo "-Winline" | sed 's/-Wno-/-W/'`" ;; #( + *) : + CFLAGS="$CFLAGS -Winline" ;; #( + *) : + ;; +esac + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ +int foo = 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + rra_cv_compiler_c__Winline=yes +else + rra_cv_compiler_c__Winline=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + CFLAGS=$save_CFLAGS +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $rra_cv_compiler_c__Winline" >&5 +$as_echo "$rra_cv_compiler_c__Winline" >&6; } + if test x"$rra_cv_compiler_c__Winline" = xyes; then : + WARNINGS_CFLAGS="${WARNINGS_CFLAGS} -Winline" +fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wvla" >&5 +$as_echo_n "checking if $CC supports -Wvla... " >&6; } + if ${rra_cv_compiler_c__Wvla+:} false; then : + $as_echo_n "(cached) " >&6 +else + save_CFLAGS=$CFLAGS + case -Wvla in #( + -Wno-*) : + CFLAGS="$CFLAGS `echo "-Wvla" | sed 's/-Wno-/-W/'`" ;; #( + *) : + CFLAGS="$CFLAGS -Wvla" ;; #( + *) : + ;; +esac + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ +int foo = 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + rra_cv_compiler_c__Wvla=yes +else + rra_cv_compiler_c__Wvla=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + CFLAGS=$save_CFLAGS +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $rra_cv_compiler_c__Wvla" >&5 +$as_echo "$rra_cv_compiler_c__Wvla" >&6; } + if test x"$rra_cv_compiler_c__Wvla" = xyes; then : + WARNINGS_CFLAGS="${WARNINGS_CFLAGS} -Wvla" +fi +fi + # Check whether --enable-largefile was given. if test "${enable_largefile+set}" = set; then : enableval=$enable_largefile; @@ -5210,6 +7248,58 @@ fi fi + + if test x"$PERL" != x; then : + if ! test -x "$PERL"; then : + as_fn_error $? "Perl binary $PERL not found" "$LINENO" 5 +fi + if ! "$PERL" -e 'use 5.008' >/dev/null 2>&1; then : + as_fn_error $? "Perl 5.008 or greater is required" "$LINENO" 5 +fi +else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for Perl version 5.008 or later" >&5 +$as_echo_n "checking for Perl version 5.008 or later... " >&6; } +if ${ac_cv_path_PERL+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -z "$PERL"; then + ac_path_PERL_found=false + # Loop through the user's path and test for each of PROGNAME-LIST + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_prog in perl; do + for ac_exec_ext in '' $ac_executable_extensions; do + ac_path_PERL="$as_dir/$ac_prog$ac_exec_ext" + as_fn_executable_p "$ac_path_PERL" || continue +if "$ac_path_PERL" -e 'require 5.008' >/dev/null 2>&1; then : + ac_cv_path_PERL="$ac_path_PERL" + ac_path_PERL_found=: +fi + $ac_path_PERL_found && break 3 + done + done + done +IFS=$as_save_IFS + if test -z "$ac_cv_path_PERL"; then + : + fi +else + ac_cv_path_PERL=$PERL +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_PERL" >&5 +$as_echo "$ac_cv_path_PERL" >&6; } + if test x"$ac_cv_path_PERL" = x; then : + as_fn_error $? "Perl 5.008 or greater is required" "$LINENO" 5 +fi + PERL="$ac_cv_path_PERL" + +fi + rra_reduced_depends=false # Check whether --enable-reduced-depends was given. if test "${enable_reduced_depends+set}" = set; then : @@ -5259,48 +7349,6 @@ else rra_lib_arch_name=lib64 fi fi - - # Extract the first word of "krb5-config", so it can be a program name with args. -set dummy krb5-config; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_path_PATH_KRB5_CONFIG+:} false; then : - $as_echo_n "(cached) " >&6 -else - case $PATH_KRB5_CONFIG in - [\\/]* | ?:[\\/]*) - ac_cv_path_PATH_KRB5_CONFIG="$PATH_KRB5_CONFIG" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -as_dummy="${PATH}:/usr/kerberos/bin" -for as_dir in $as_dummy -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_path_PATH_KRB5_CONFIG="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - - ;; -esac -fi -PATH_KRB5_CONFIG=$ac_cv_path_PATH_KRB5_CONFIG -if test -n "$PATH_KRB5_CONFIG"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PATH_KRB5_CONFIG" >&5 -$as_echo "$PATH_KRB5_CONFIG" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - rra_remctl_root= rra_remctl_libdir= rra_remctl_includedir= @@ -5573,13 +7621,54 @@ fi else if test x"$rra_gssapi_includedir" = x \ && test x"$rra_gssapi_libdir" = x; then : - - rra_krb5_config_GSSAPI= + rra_krb5_config_GSSAPI= rra_krb5_config_GSSAPI_ok= if test x"${rra_gssapi_root}" != x && test -x "${rra_gssapi_root}/bin/krb5-config"; then : rra_krb5_config_GSSAPI="${rra_gssapi_root}/bin/krb5-config" else - rra_krb5_config_GSSAPI="$PATH_KRB5_CONFIG" + + # Extract the first word of "krb5-config", so it can be a program name with args. +set dummy krb5-config; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_PATH_KRB5_CONFIG+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $PATH_KRB5_CONFIG in + [\\/]* | ?:[\\/]*) + ac_cv_path_PATH_KRB5_CONFIG="$PATH_KRB5_CONFIG" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +as_dummy="${PATH}:/usr/kerberos/bin" +for as_dir in $as_dummy +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_PATH_KRB5_CONFIG="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +PATH_KRB5_CONFIG=$ac_cv_path_PATH_KRB5_CONFIG +if test -n "$PATH_KRB5_CONFIG"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PATH_KRB5_CONFIG" >&5 +$as_echo "$PATH_KRB5_CONFIG" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + rra_krb5_config_GSSAPI="$PATH_KRB5_CONFIG" fi if test x"$rra_krb5_config_GSSAPI" != x && test -x "$rra_krb5_config_GSSAPI"; then : { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gssapi support in krb5-config" >&5 @@ -8520,13 +10609,54 @@ done LIBS="$rra_krb5_save_LIBS" else if test x"$rra_krb5_includedir" = x && test x"$rra_krb5_libdir" = x; then : - - rra_krb5_config_KRB5= + rra_krb5_config_KRB5= rra_krb5_config_KRB5_ok= if test x"${rra_krb5_root}" != x && test -x "${rra_krb5_root}/bin/krb5-config"; then : rra_krb5_config_KRB5="${rra_krb5_root}/bin/krb5-config" else - rra_krb5_config_KRB5="$PATH_KRB5_CONFIG" + + # Extract the first word of "krb5-config", so it can be a program name with args. +set dummy krb5-config; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_PATH_KRB5_CONFIG+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $PATH_KRB5_CONFIG in + [\\/]* | ?:[\\/]*) + ac_cv_path_PATH_KRB5_CONFIG="$PATH_KRB5_CONFIG" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +as_dummy="${PATH}:/usr/kerberos/bin" +for as_dir in $as_dummy +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_PATH_KRB5_CONFIG="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +PATH_KRB5_CONFIG=$ac_cv_path_PATH_KRB5_CONFIG +if test -n "$PATH_KRB5_CONFIG"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PATH_KRB5_CONFIG" >&5 +$as_echo "$PATH_KRB5_CONFIG" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + rra_krb5_config_KRB5="$PATH_KRB5_CONFIG" fi if test x"$rra_krb5_config_KRB5" != x && test -x "$rra_krb5_config_KRB5"; then : { $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5 support in krb5-config" >&5 @@ -11843,7 +13973,27 @@ rra_krb5_save_CPPFLAGS="$CPPFLAGS" CPPFLAGS="$KRB5_CPPFLAGS $CPPFLAGS" LDFLAGS="$KRB5_LDFLAGS $LDFLAGS" LIBS="$KRB5_LIBS $LIBS" -for ac_func in krb5_get_init_creds_opt_alloc \ +ac_fn_c_check_type "$LINENO" "krb5_realm" "ac_cv_type_krb5_realm" " +#if HAVE_KRB5_H +# include <krb5.h> +#elif HAVE_KERBEROSV5_KRB5_H +# include <kerberosv5/krb5.h> +#else +# include <krb5/krb5.h> +#endif + +" +if test "x$ac_cv_type_krb5_realm" = xyes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE_KRB5_REALM 1 +_ACEOF + + +fi + +for ac_func in krb5_free_default_realm \ + krb5_get_init_creds_opt_alloc \ krb5_get_init_creds_opt_set_default_flags \ krb5_principal_get_realm do : @@ -11956,6 +14106,54 @@ _ACEOF fi +for ac_func in krb5_appdefault_string +do : + ac_fn_c_check_func "$LINENO" "krb5_appdefault_string" "ac_cv_func_krb5_appdefault_string" +if test "x$ac_cv_func_krb5_appdefault_string" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_KRB5_APPDEFAULT_STRING 1 +_ACEOF + +else + for ac_func in krb5_get_profile +do : + ac_fn_c_check_func "$LINENO" "krb5_get_profile" "ac_cv_func_krb5_get_profile" +if test "x$ac_cv_func_krb5_get_profile" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_KRB5_GET_PROFILE 1 +_ACEOF + +fi +done + + for ac_header in k5profile.h profile.h +do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" +if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +fi + +done + + case " $LIBOBJS " in + *" krb5-profile.$ac_objext "* ) ;; + *) LIBOBJS="$LIBOBJS krb5-profile.$ac_objext" + ;; +esac + +fi +done + +case " $LIBOBJS " in + *" krb5-extra.$ac_objext "* ) ;; + *) LIBOBJS="$LIBOBJS krb5-extra.$ac_objext" + ;; +esac + CPPFLAGS="$rra_krb5_save_CPPFLAGS" LDFLAGS="$rra_krb5_save_LDFLAGS" LIBS="$rra_krb5_save_LIBS" @@ -12053,7 +14251,7 @@ $as_echo "#define HAVE_STDBOOL_H 1" >>confdefs.h fi -for ac_header in sys/bitypes.h sys/uio.h sys/time.h syslog.h +for ac_header in strings.h sys/bitypes.h sys/uio.h sys/time.h syslog.h do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" @@ -12456,23 +14654,6 @@ _ACEOF fi - if test x"$GCC" = xyes && test x"$CLANG" != xyes; then - WARNINGS_GCC_TRUE= - WARNINGS_GCC_FALSE='#' -else - WARNINGS_GCC_TRUE='#' - WARNINGS_GCC_FALSE= -fi - - if test x"$CLANG" = xyes; then - WARNINGS_CLANG_TRUE= - WARNINGS_CLANG_FALSE='#' -else - WARNINGS_CLANG_TRUE='#' - WARNINGS_CLANG_FALSE= -fi - - ac_config_headers="$ac_config_headers config.h" ac_config_files="$ac_config_files Makefile" @@ -12485,6 +14666,8 @@ ac_config_files="$ac_config_files tests/client/prompt-t" ac_config_files="$ac_config_files tests/client/rekey-t" +ac_config_commands="$ac_config_commands server" + ac_config_commands="$ac_config_commands tests/config" cat >confcache <<\_ACEOF @@ -12628,14 +14811,6 @@ if test -z "${KRB5_USES_COM_ERR_TRUE}" && test -z "${KRB5_USES_COM_ERR_FALSE}"; as_fn_error $? "conditional \"KRB5_USES_COM_ERR\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi -if test -z "${WARNINGS_GCC_TRUE}" && test -z "${WARNINGS_GCC_FALSE}"; then - as_fn_error $? "conditional \"WARNINGS_GCC\" was never defined. -Usually this means the macro was only invoked conditionally." "$LINENO" 5 -fi -if test -z "${WARNINGS_CLANG_TRUE}" && test -z "${WARNINGS_CLANG_FALSE}"; then - as_fn_error $? "conditional \"WARNINGS_CLANG\" was never defined. -Usually this means the macro was only invoked conditionally." "$LINENO" 5 -fi : "${CONFIG_STATUS=./config.status}" ac_write_fail=0 @@ -13033,7 +15208,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by wallet $as_me 1.3, which was +This file was extended by wallet $as_me 1.4, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -13099,7 +15274,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -wallet config.status 1.3 +wallet config.status 1.4 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" @@ -13235,6 +15410,7 @@ do "tests/client/full-t") CONFIG_FILES="$CONFIG_FILES tests/client/full-t" ;; "tests/client/prompt-t") CONFIG_FILES="$CONFIG_FILES tests/client/prompt-t" ;; "tests/client/rekey-t") CONFIG_FILES="$CONFIG_FILES tests/client/rekey-t" ;; + "server") CONFIG_COMMANDS="$CONFIG_COMMANDS server" ;; "tests/config") CONFIG_COMMANDS="$CONFIG_COMMANDS tests/config" ;; *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;; @@ -13928,6 +16104,7 @@ $as_echo X"$file" | "tests/client/full-t":F) chmod +x tests/client/full-t ;; "tests/client/prompt-t":F) chmod +x tests/client/prompt-t ;; "tests/client/rekey-t":F) chmod +x tests/client/rekey-t ;; + "server":C) test -d server || mkdir server ;; "tests/config":C) test -d tests/config || mkdir tests/config ;; esac diff --git a/configure.ac b/configure.ac index 4f56eb0..ef78a05 100644 --- a/configure.ac +++ b/configure.ac @@ -1,14 +1,18 @@ dnl Autoconf configuration for wallet. dnl dnl Written by Russ Allbery <eagle@eyrie.org> -dnl Copyright 2014, 2016 Russ Allbery <eagle@eyrie.org> -dnl Copyright 2006, 2007, 2008, 2010, 2013, 2014 +dnl Copyright 2014, 2016, 2018 Russ Allbery <eagle@eyrie.org> +dnl Copyright 2006-2008, 2010, 2013-2014 dnl The Board of Trustees of the Leland Stanford Junior University dnl -dnl See LICENSE for licensing terms. +dnl This file is free software; the authors give unlimited permission to copy +dnl and/or distribute it, with or without modifications, as long as this +dnl notice is preserved. +dnl +dnl SPDX-License-Identifier: FSFULLR AC_PREREQ([2.64]) -AC_INIT([wallet], [1.3], [eagle@eyrie.org]) +AC_INIT([wallet], [1.4], [eagle@eyrie.org]) AC_CONFIG_AUX_DIR([build-aux]) AC_CONFIG_LIBOBJ_DIR([portable]) AC_CONFIG_MACRO_DIR([m4]) @@ -17,13 +21,14 @@ AM_INIT_AUTOMAKE([1.11 check-news dist-xz foreign silent-rules subdir-objects AM_MAINTAINER_MODE dnl Detect unexpanded macros. +m4_pattern_forbid([^PKG_]) m4_pattern_forbid([^_?RRA_]) dnl AM_PROG_AR is required for Automake 1.12 by Libtool but not defined at all dnl (or needed) in Automake 1.11. Work around this bug. AC_PROG_CC AC_USE_SYSTEM_EXTENSIONS -RRA_PROG_CC_CLANG +RRA_PROG_CC_WARNINGS_FLAGS AC_SYS_LARGEFILE AM_PROG_CC_C_O m4_ifdef([AM_PROG_AR], [AM_PROG_AR]) @@ -45,11 +50,16 @@ AC_ARG_WITH([wallet-port], [AC_DEFINE_UNQUOTED([WALLET_PORT], [$withval], [Define to the default server port.])])]) +dnl Determine the path to the Perl binary and require 5.008 or later. +RRA_PROG_PERL([5.008]) + dnl Probe for required libraries. RRA_LIB_REMCTL RRA_LIB_KRB5 RRA_LIB_KRB5_SWITCH -AC_CHECK_FUNCS([krb5_get_init_creds_opt_alloc \ +AC_CHECK_TYPES([krb5_realm], [], [], [RRA_INCLUDES_KRB5]) +AC_CHECK_FUNCS([krb5_free_default_realm \ + krb5_get_init_creds_opt_alloc \ krb5_get_init_creds_opt_set_default_flags \ krb5_principal_get_realm]) AC_CHECK_FUNCS([krb5_get_init_creds_opt_free], @@ -57,11 +67,16 @@ AC_CHECK_FUNCS([krb5_get_init_creds_opt_free], AC_CHECK_DECLS([krb5_kt_free_entry], [], [], [RRA_INCLUDES_KRB5]) AC_CHECK_DECLS([krb5_kt_free_entry]) AC_CHECK_MEMBERS([krb5_keytab_entry.keyblock], [], [], [RRA_INCLUDES_KRB5]) +AC_CHECK_FUNCS([krb5_appdefault_string], [], + [AC_CHECK_FUNCS([krb5_get_profile]) + AC_CHECK_HEADERS([k5profile.h profile.h]) + AC_LIBOBJ([krb5-profile])]) +AC_LIBOBJ([krb5-extra]) RRA_LIB_KRB5_RESTORE dnl Probe for properties of the C library. AC_HEADER_STDBOOL -AC_CHECK_HEADERS([sys/bitypes.h sys/uio.h sys/time.h syslog.h]) +AC_CHECK_HEADERS([strings.h sys/bitypes.h sys/uio.h sys/time.h syslog.h]) AC_CHECK_DECLS([snprintf, vsnprintf]) RRA_C_C99_VAMACROS RRA_C_GNU_VAMACROS @@ -79,10 +94,6 @@ AS_IF([test x"$REMCTLD" != x], [AC_DEFINE_UNQUOTED([PATH_REMCTLD], ["$REMCTLD"], [Define to the full path to remctld to run remctl tests.])]) -dnl Enable appropriate warnings. -AM_CONDITIONAL([WARNINGS_GCC], [test x"$GCC" = xyes && test x"$CLANG" != xyes]) -AM_CONDITIONAL([WARNINGS_CLANG], [test x"$CLANG" = xyes]) - dnl Output section. AC_CONFIG_HEADER([config.h]) AC_CONFIG_FILES([Makefile]) @@ -90,6 +101,7 @@ AC_CONFIG_FILES([tests/client/basic-t], [chmod +x tests/client/basic-t]) AC_CONFIG_FILES([tests/client/full-t], [chmod +x tests/client/full-t]) AC_CONFIG_FILES([tests/client/prompt-t], [chmod +x tests/client/prompt-t]) AC_CONFIG_FILES([tests/client/rekey-t], [chmod +x tests/client/rekey-t]) +AC_CONFIG_COMMANDS([server], [test -d server || mkdir server]) AC_CONFIG_COMMANDS([tests/config], [test -d tests/config || mkdir tests/config]) AC_OUTPUT diff --git a/contrib/ad-keytab b/contrib/ad-keytab new file mode 100755 index 0000000..badcb8d --- /dev/null +++ b/contrib/ad-keytab @@ -0,0 +1,692 @@ +#!/usr/bin/perl -w +# +# Create, update, delete, and display keytabs stored in Active Directory. +# +# Written by Bill MacAllister <whm@dropbox.com> +# Copyright 2016 Dropbox, Inc. +# +# SPDX-License-Identifier: MIT + +############################################################################## +# Declarations +############################################################################## + +require 5.005; + +use strict; +use warnings; + +use Authen::SASL; +use Carp; +use Getopt::Long; +use IPC::Run qw( run timeout ); +use Net::LDAP; +use Pod::Usage; + +my $opt_ad_server; +my $opt_base_dn; +my $opt_computer_rdn; +my $opt_config; +my $opt_debug; +my $opt_dump; +my $opt_help; +my $opt_manual; +my $opt_prefix; +my $opt_user_rdn; + +# LDAP conneciton +my $LDAP; + +# Configuration variables +our $AD_BASE_DN; +our $AD_COMPUTER_RDN; +our $AD_DEBUG; +our $AD_SERVER; +our $AD_SERVICE_PREFIX; +our $AD_USER_RDN; +our $KEYTAB_REALM; + +############################################################################## +# Subroutines +############################################################################## + +# Write messages to standard output and check the return status +sub msg { + my @msgs = @_; + for my $m (@msgs) { + print STDOUT $m . "\n" or croak("Problem printing to STDOUT"); + } + return; +} + +# Write debugging messages +sub dbg { + my ($m) = @_; + msg("DEBUG:$m"); + return; +} + +# Decode Active Directory's userAccountControl attribute +# Flags are powers of two starting at zero. +sub list_userAccountControl { + my ($uac) = @_; + my @flags = ( + 'SCRIPT', + 'ACCOUNTDISABLE', + 'HOMEDIR_REQUIRED', + 'LOCKOUT', + 'PASSWD_NOTREQD', + 'PASSWD_CANT_CHANGE', + 'ENCRYPTED_TEXT_PWD_ALLOWED', + 'TEMP_DUPLICATE_ACCOUNT', + 'NORMAL_ACCOUNT', + 'INTERDOMAIN_TRUST_ACCOUNT', + 'WORKSTATION_TRUST_ACCOUNT', + 'SERVER_TRUST_ACCOUNT', + 'DONT_EXPIRE_PASSWORD', + 'MNS_LOGON_ACCOUNT', + 'SMARTCARD_REQUIRED', + 'TRUSTED_FOR_DELEGATION', + 'NOT_DELEGATED', + 'USE_DES_KEY_ONLY', + 'DONT_REQ_PREAUTH', + 'PASSWORD_EXPIRED', + 'TRUSTED_TO_AUTH_FOR_DELEGATION', + 'PARTIAL_SECRETS_ACCOUNT' + ); + + my $flag_list; + my $comma = ''; + for (my $i=0; $i<scalar(@flags); $i++) { + if ($uac & (2**$i)) { + $flag_list .= $comma . $flags[$i]; + $comma = ', '; + } + } + return $flag_list; +} + +# GSS-API bind to the active directory server +sub ldap_connect { + if ($AD_DEBUG) { + dbg('binding to ' . $AD_SERVER); + } + + if ($LDAP) { + if ($AD_DEBUG) { + dbg('Already bound to ' . $AD_SERVER); + } + return $LDAP; + } + + if (!$AD_SERVER) { + croak("Missing ldap host name, specify ad_server=\n"); + } + eval { + my $sasl = Authen::SASL->new(mechanism => 'GSSAPI'); + $LDAP = Net::LDAP->new($AD_SERVER, onerror => 'die'); + my $mesg = eval { $LDAP->bind(undef, sasl => $sasl) }; + }; + if ($@) { + my $error = $@; + die "ldap bind to AD failed: $error\n"; + } + return $LDAP; +} + +# Take in a base and a filter and return the assoicated DN. +sub get_dn { + my ($base, $filter) = @_; + my $dn; + + if ($AD_DEBUG) { + dbg("base:$base filter:$filter scope:subtree\n"); + } + + ldap_connect(); + my @attrs = ('objectclass'); + my $result; + eval { + $result = $LDAP->search( + base => $base, + scope => 'subtree', + filter => $filter, + attrs => \@attrs + ); + }; + if ($@) { + my $error = $@; + die "LDAP search error: $error\n"; + } + if ($result->code) { + msg("INFO base:$base filter:$filter scope:subtree\n"); + die $result->error; + } + if ($AD_DEBUG) { + dbg('returned: ' . $result->count); + } + + if ($result->count == 1) { + for my $entry ($result->entries) { + $dn = $entry->dn; + } + } elsif ($result->count > 1) { + msg('ERROR: too many AD entries for this keytab'); + for my $entry ($result->entries) { + msg('INFO: dn found ' . $entry->dn . "\n"); + } + die("INFO: use show to examine the problem\n"); + } + + return $dn; +} + +# Take a principal and split into parts. The parts are keytab type, +# keytab identifier, the base dn, the cn, and an LDAP filter. +sub kerberos_attrs { + my ($principal) = @_; + + my %attr; + $attr{principal} = $principal; + + my $dn; + my $host; + my $k_type; + my $k_id; + if ($principal =~ m,^(.*?)/(\S+),xms) { + $attr{type} = $1; + $attr{id} = $2; + # Create a filter to find the objects we create + if ($attr{id} =~ s/@(.*)//xms) { + $attr{realm} = $1; + $attr{filter} = "(userPrincipalName=${principal})"; + } elsif ($KEYTAB_REALM) { + $attr{realm} = $KEYTAB_REALM; + $attr{filter} + = "(userPrincipalName=${principal}\@${KEYTAB_REALM})"; + } else { + $attr{filter} = "(userPrincipalName=${principal}\@*)"; + } + if ($attr{type} eq 'host') { + # Host keytab attributes + $attr{base} = $AD_COMPUTER_RDN . ',' . $AD_BASE_DN; + $attr{cn} = $attr{id}; + $attr{cn} =~ s/[.].*//; + $attr{dn} = "cn=$attr{cn},$attr{base}"; + } else { + # Service keytab attributes + $attr{base} = $AD_USER_RDN . ',' . $AD_BASE_DN; + $attr{cn} = "${AD_SERVICE_PREFIX}$attr{id}"; + $attr{dn} = "cn=$attr{cn},$attr{base}"; + my $real_dn = get_dn($attr{base}, $attr{filter}); + if ($real_dn) { + if (lc($real_dn) ne lc($attr{dn})) { + $attr{dn} = $real_dn; + $attr{cn} = $real_dn; + $attr{cn} =~ s/,.*//xms; + $attr{cn} =~ s/.*?=//xms; + } + } else { + if (length($attr{cn})>20) { + my $cnt = 0; + my $this_dn; + my $this_prefix = substr($attr{cn}, 0, 18); + $attr{dn} = ''; + while ($cnt<100) { + my $this_cn = $this_prefix . sprintf('%02i', $cnt); + $this_dn = get_dn($attr{base}, "cn=$this_cn"); + if (!$this_dn) { + $attr{dn} = $this_cn . ',' . $attr{base}; + $attr{cn} = $attr{dn}; + $attr{cn} =~ s/,.*//xms; + $attr{cn} =~ s/.*?=//xms; + last; + } + $cnt++; + } + if (!$attr{dn}) { + die "ERROR: Cannot file unique dn for keytab\n"; + } + } + } + } + } + if ($AD_DEBUG) { + for my $a (sort keys %attr) { + dbg("$a = $attr{$a}"); + } + } + return %attr; +} + +# Perform an LDAP search against AD and return information about +# service and host accounts. +sub ad_show { + my ($principal, $kattr_ref) = @_; + + ldap_connect(); + my %kattr = %{$kattr_ref}; + my $base = $kattr{base}; + my $filter = $kattr{filter}; + my @attrs = (); + if (!$opt_dump) { + @attrs = ( + 'distinguishedName', 'objectclass', + 'dnsHostname', 'msds-KeyVersionNumber', + 'msds-SupportedEncryptionTypes', 'name', + 'servicePrincipalName', 'samAccountName', + 'userAccountControl', 'userPrincipalName', + 'whenChanged', 'whenCreated', + ); + } + + if ($AD_DEBUG) { + dbg("base:$base filter:$filter scope:subtree\n"); + } + + my $result; + eval { + $result = $LDAP->search( + base => $base, + scope => 'subtree', + filter => $filter, + attrs => \@attrs + ); + }; + if ($@) { + my $error = $@; + die "LDAP search error: $error\n"; + } + if ($result->code) { + msg("INFO base:$base filter:$filter scope:subtree\n"); + die $result->error; + } + if ($AD_DEBUG) { + dbg('returned: ' . $result->count); + } + if ($result->count > 0) { + for my $entry ($result->entries) { + for my $attr ( sort $entry->attributes ) { + my $out = ''; + if ($attr =~ /userAccountControl/xmsi) { + my $val = $entry->get_value($attr); + $out = "$attr: $val"; + $out .= ' (' . list_userAccountControl($val) . ')'; + msg($out); + } else { + my $val_ref = $entry->get_value($attr, asref => 1); + my @vals = @{$val_ref}; + for my $val (@vals) { + msg("$attr: $val"); + } + } + } + } + } else { + msg("$kattr{type}/$kattr{id} not found"); + } + msg(' '); + return; +} + +# Run a shell command. In this case the command will always be msktutil. +sub run_cmd { + my @cmd = @_; + + if ($AD_DEBUG) { + dbg('running command:' . join(q{ }, @cmd)); + } + + my $in; + my $out; + my $err; + my $err_flag; + eval { + run(\@cmd, \$in, \$out, \$err, timeout(60)); + if ($?) { + my $this_err = $?; + $err_flag = 1; + if ($this_err) { + msg('ERROR:' . $?); + } + if ($err) { + msg('ERROR (err):' . $err); + } + } + }; + if ($@) { + msg('ERROR (status):' . $@); + $err_flag = 1; + } + if ($err_flag) { + msg('ERROR: Problem executing:' . join(q{ }, @cmd)); + die "FATAL: Execution failed\n"; + } + + msg($out); + return; +} + +# Either create or update a keytab for the principal. Return the name +# of the keytab file created. +sub ad_create_update { + my ($file, $action, $kattr_ref) = @_; + my %kattr = %{$kattr_ref}; + + my @cmd = ('/usr/sbin/msktutil'); + push @cmd, '--' . $action; + push @cmd, '--server', $AD_SERVER; + push @cmd, '--enctypes', '0x4'; + push @cmd, '--enctypes', '0x8'; + push @cmd, '--enctypes', '0x10'; + push @cmd, '--keytab', $file; + push @cmd, '--upn', $kattr{principal}; + if ($kattr{realm}) { + push @cmd, '--realm', $kattr{realm}; + } + if ($kattr{type} eq 'host') { + push @cmd, '--base', $AD_COMPUTER_RDN; + push @cmd, '--dont-expire-password'; + push @cmd, '--computer-name', $kattr{cn}; + push @cmd, '--hostname', $kattr{id}; + } else { + my $service_id = $1; + push @cmd, '--base', $AD_USER_RDN; + push @cmd, '--use-service-account'; + push @cmd, '--service', $kattr{principal}; + push @cmd, '--account-name', $kattr{cn}; + push @cmd, '--no-pac'; + } + run_cmd(@cmd); + return; +} + +# Delete a principal from Kerberos. For AD this means just delete the +# object using LDAP. +sub ad_delete { + my ($kattr_ref) = @_; + my %kattr = %{$kattr_ref}; + + my $del_dn = get_dn($kattr{base}, $kattr{filter}); + + if (!$del_dn) { + msg("WARN: the keytab for $kattr{principal} does not exist."); + return 1; + } else { + ldap_connect(); + my $msgid = $LDAP->delete($del_dn); + if ($msgid->code) { + my $m; + $m .= "ERROR: Problem deleting $kattr{dn}\n"; + $m .= $msgid->error; + die $m; + } + } + return; +} + +############################################################################## +# Main Routine +############################################################################## + +# Get options +GetOptions( + 'ad_server=s' => \$opt_ad_server, + 'base_dn=s' => \$opt_base_dn, + 'computer_rdn=s' => \$opt_computer_rdn, + 'config=s' => \$opt_config, + 'debug' => \$opt_debug, + 'dump' => \$opt_dump, + 'help' => \$opt_help, + 'prefix' => \$opt_prefix, + 'manual' => \$opt_manual, + 'user_rdn=s' => \$opt_user_rdn +); + +# Help the user +if ($opt_manual) { + pod2usage(-verbose => 2); +} +if ($opt_help || !$ARGV[0]) { + pod2usage(-verbose => 0); +} + +# Make sure that we have kerberos credentials and that KRB5CCNAME +# points to them. +if (!$ENV{'KRB5CCNAME'}) { + msg('INFO: environment variable KRB5CCNAME not found.'); + msg('ERROR: Kerberos credentials are required.'); + pod2usage(-verbose => 0); +} + +# Read the configuration file or croak +my $conf_file; +if ($opt_config) { + if (-e $opt_config) { + $conf_file = $opt_config; + } else { + msg("ERROR: Config file ($opt_config) not found"); + pod2usage(-verbose => 0); + } +} elsif ($ENV{'ADKEYTAB'}) { + $conf_file = $ENV{'ADKEYTAB'}; +} elsif (-e '.ad-keytab.conf') { + $conf_file = '.ad-keytab.conf'; +} else { + $conf_file = '/etc/wallet/wallet.conf'; +} +do $conf_file or die (($@ || $!) . "\n"); + +# Process command line options +if ($opt_ad_server) { + $AD_SERVER = $opt_ad_server; +} +if ($opt_base_dn) { + $AD_BASE_DN = $opt_base_dn; +} +if ($opt_prefix) { + $AD_SERVICE_PREFIX = $opt_prefix; +} +if ($opt_computer_rdn) { + $AD_COMPUTER_RDN = $opt_computer_rdn; +} +if ($opt_user_rdn) { + $AD_USER_RDN = $opt_user_rdn; +} +if ($opt_debug) { + $AD_DEBUG = 1; +} + +# -- Get command line arguments +my $action = shift; +my $id = shift; +my $keytab; +if ($ARGV[0]) { + $keytab = shift; +} else { + $keytab = '/etc/krb5.keytab'; +} + +my %kattr = kerberos_attrs($id); +# Validate that the keytab id makes sense for the keytab type +if ($kattr{type} eq 'host') { + if ($kattr{id} !~ /[.]/xms) { + msg('ERROR: FQDN is required'); + pod2usage(-verbose => 0); + } +} else { + if ($kattr{id} =~ /[.]/xms) { + msg('ERROR: service principal names may not contain periods'); + pod2usage(-verbose => 0); + } +} + +if ($action =~ /^(create|update)/xms) { + ad_create_update($keytab, $action, \%kattr); +} elsif ($action =~ /^del/xms) { + ad_delete(\%kattr); +} elsif ($action =~ /^sh/xms) { + ad_show($id, \%kattr); +} else { + msg("ERROR: unknown action $action"); + pod2usage(-verbose => 0); +} + +exit; + +__END__ + +=for stopwords +KDC LDAP MacAllister keytab keytabs msktutil ldapsearch MERCHANTABILITY +NONINFRINGEMENT sublicense SPDX-License-Identifier MIT + +=head1 NAME + +ad-keytab + +=head1 SYNOPSIS + +ad-keytab create|update|delete|show keytab-id [keytab-file] +[--ad_server=hostname] [--computer_rdn=dn] [--user_rdn] [--dump] +[--help] [--manual] [--debug] + +=head1 DESCRIPTION + +This script is a wrapper around msktutil and ldapsearch to simplify +the creation of host and service keytabs. The script is useful for +boot strapping the Kerberos credentials required to use Active +Directory as a backend keytab store for wallet. The script shares +the wallet configuration file. + +Generally, two keytabs will need to be created to setup wallet. One +host keytab for the wallet server host and one service keytab for +wallet to use when connecting to an Active Directory Domain +Controller. + +Note, this script does not update the Wallet database which means +any keytabs created by it will be invisible from wallet. + +=head1 ACTIONS + +=over 4 + +=item create + +Add a keytab to AD and update the keytab file. Fails if the keytab +already exists. + +=item update + +Update an existing keytab in AD and update the keytab file. Fails if +the keytab does not exist. + +=item delete + +Delete a keytab from AD and remove it from the keytab file. + +=item show + +Show AD's view of the account corresponding to the keytab. This action +does not use msktutil and queries AD directly using LDAP. + +=back + +=head1 OPTIONS AND ARGUMENTS + +=over 4 + +=item keytab-id + +This is either host principal name of the form host/<fqdn> or a +service principal name of the form service/<id>. Service keytab +identifiers cannot be longer than 18 characters because of an +Active Directory restriction. + +=item keytab-filename + +The name of the keytab file. Defaults to /etc/krb5.keytab. + +=item --conf=filename + +The configuration file to read. The script searches for a configuration +file in the following order. + + * The command line switch --conf + * The environment variable ADKEYTAB + * The file .ad-keytab.conf + * The file /etc/ad-keytab.conf + +=item --ad_server=hostname + +The name of the Active Directory host to connect to. It is important +what the script contact only _one_ server due to the fact that +propagation within an Active Directory domain can be quite slow. + +=item --base_dn=ou=org,dc=domain,dc=tld + +The base distinguished name holding both computer and user accounts. + +=item --computer_rdn=dn + +The relative distinguished name to use as the base DN for both the +creation of host keytabs and searches of Active Directory. The +distinguished name formed will be computer_rdn,base_dn. + +=item --user_rdn=dn + +The relative distinguished name to use as the base DN for LDAP +searches of Active Directory for service keytabs. The distinguished +name formed will be user_rdn_rdn,base_dn. + +=item --dump + +When displaying keytab attributes show all of the attributes. + +=item --help + +Displays help text. + +=item --manual + +Displays more complete help text. + +=item --debug + +Turns on debugging displays. + +=back + +=head1 SEE ALSO + +Set the documentation for Wallet::Config for configuration information, i.e. +perldoc Wallet::Config. + +=head1 AUTHOR + +Bill MacAllister <whm@dropbox.com> + +=head1 COPYRIGHT AND LICENSE + +Copyright 2016 Dropbox, Inc. + +Permission is hereby granted, free of charge, to any person obtaining a +copy of this software and associated documentation files (the "Software"), +to deal in the Software without restriction, including without limitation +the rights to use, copy, modify, merge, publish, distribute, sublicense, +and/or sell copies of the Software, and to permit persons to whom the +Software is furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL +THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING +FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER +DEALINGS IN THE SOFTWARE. + +SPDX-License-Identifier: MIT + +=cut diff --git a/contrib/commerzbank/wallet-history b/contrib/commerzbank/wallet-history index 9826057..0adc766 100755 --- a/contrib/commerzbank/wallet-history +++ b/contrib/commerzbank/wallet-history @@ -31,6 +31,9 @@ # perl wallet-history.pl ... (t.b.d.)... # #-------------------------------------------------------------------------------------------------------------- +# +# SPDX-License-Identifier: MIT + # Version. my $VERSION = "0.5"; diff --git a/contrib/convert-srvtab-db b/contrib/convert-srvtab-db index e05b394..2801767 100755 --- a/contrib/convert-srvtab-db +++ b/contrib/convert-srvtab-db @@ -6,7 +6,7 @@ # Copyright 2008 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT ############################################################################## # Modules and site configuration diff --git a/contrib/used-principals b/contrib/used-principals index 7169f0b..c6cac9b 100755 --- a/contrib/used-principals +++ b/contrib/used-principals @@ -6,7 +6,7 @@ # Copyright 2008 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT require 5.006; use strict; diff --git a/contrib/wallet-contacts b/contrib/wallet-contacts index 0c72c9c..6ad2292 100755 --- a/contrib/wallet-contacts +++ b/contrib/wallet-contacts @@ -6,7 +6,7 @@ # Copyright 2009, 2015 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT ############################################################################## # Modules and declarations diff --git a/contrib/wallet-rekey-periodic b/contrib/wallet-rekey-periodic index c15d83f..1e22e1e 100755 --- a/contrib/wallet-rekey-periodic +++ b/contrib/wallet-rekey-periodic @@ -170,7 +170,7 @@ DOCS=<<__END_OF_DOCS__ =for stopwords Allbery DES Heimdal hostname keytab keytabs ktutil rekey rekeyable -rekeying wallet-rekey wallet-rekey-periodic +rekeying wallet-rekey wallet-rekey-periodic SPDX-License-Identifier MIT =head1 NAME @@ -232,7 +232,7 @@ Russ Allbery <eagle@eyrie.org> =head1 COPYRIGHT AND LICENSE -Copyright 2013, 2014 The Board of Trustees of the Leland Stanford Junior +Copyright 2013-2014 The Board of Trustees of the Leland Stanford Junior University Permission is hereby granted, free of charge, to any person obtaining a @@ -253,6 +253,8 @@ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +SPDX-License-Identifier: MIT + =head1 SEE ALSO ktutil(8), wallet(1), wallet-rekey(1) @@ -260,3 +262,7 @@ ktutil(8), wallet(1), wallet-rekey(1) =cut __END_OF_DOCS__ + +# Local Variables: +# copyright-at-end-flag: t +# End: diff --git a/contrib/wallet-rekey-periodic.8 b/contrib/wallet-rekey-periodic.8 index 0cd04f3..f2f619a 100644 --- a/contrib/wallet-rekey-periodic.8 +++ b/contrib/wallet-rekey-periodic.8 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.29) +.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -46,7 +46,7 @@ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" -.\" If the F register is turned on, we'll generate index entries on stderr for +.\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. @@ -54,20 +54,16 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{ -. if \nF \{ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.if !\nF .nr F 0 +.if \nF>0 \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{ -. nr % 0 -. nr F 2 -. \} +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 . \} .\} -.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -133,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "WALLET-REKEY-PERIODIC 8" -.TH WALLET-REKEY-PERIODIC 8 "2016-01-18" "1.3" "wallet" +.TH WALLET-REKEY-PERIODIC 8 "2018-06-03" "1.4" "wallet" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -190,7 +186,7 @@ every principal in each keytab found at any of these paths. Russ Allbery <eagle@eyrie.org> .SH "COPYRIGHT AND LICENSE" .IX Header "COPYRIGHT AND LICENSE" -Copyright 2013, 2014 The Board of Trustees of the Leland Stanford Junior +Copyright 2013\-2014 The Board of Trustees of the Leland Stanford Junior University .PP Permission is hereby granted, free of charge, to any person obtaining a @@ -205,11 +201,13 @@ all copies or substantial portions of the Software. .PP \&\s-1THE SOFTWARE IS PROVIDED \*(L"AS IS\*(R", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.\s0 \s-1IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\s0 +.PP +SPDX-License-Identifier: \s-1MIT\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIktutil\fR\|(8), \fIwallet\fR\|(1), \fIwallet\-rekey\fR\|(1) diff --git a/contrib/wallet-summary b/contrib/wallet-summary index ba224d0..8a12294 100755 --- a/contrib/wallet-summary +++ b/contrib/wallet-summary @@ -173,6 +173,7 @@ close REPORT; =for stopwords -hm keytab keytabs MERCHANTABILITY NONINFRINGEMENT sublicense Allbery +SPDX-License-Identifier MIT =head1 NAME @@ -260,4 +261,6 @@ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +SPDX-License-Identifier: MIT + =cut diff --git a/contrib/wallet-summary.8 b/contrib/wallet-summary.8 index e64bc61..08a01d6 100644 --- a/contrib/wallet-summary.8 +++ b/contrib/wallet-summary.8 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.29) +.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -46,7 +46,7 @@ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" -.\" If the F register is turned on, we'll generate index entries on stderr for +.\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. @@ -54,20 +54,16 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{ -. if \nF \{ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.if !\nF .nr F 0 +.if \nF>0 \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{ -. nr % 0 -. nr F 2 -. \} +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 . \} .\} -.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -133,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "WALLET-SUMMARY 8" -.TH WALLET-SUMMARY 8 "2016-01-18" "1.3" "wallet" +.TH WALLET-SUMMARY 8 "2018-06-03" "1.4" "wallet" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -203,8 +199,10 @@ all copies or substantial portions of the Software. .PP \&\s-1THE SOFTWARE IS PROVIDED \*(L"AS IS\*(R", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.\s0 \s-1IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\s0 +.PP +SPDX-License-Identifier: \s-1MIT\s0 diff --git a/contrib/wallet-unknown-hosts b/contrib/wallet-unknown-hosts index 50b5a04..adf7b27 100755 --- a/contrib/wallet-unknown-hosts +++ b/contrib/wallet-unknown-hosts @@ -190,7 +190,7 @@ if ($command eq 'check') { =for stopwords ACL API CNAME DNS IP env keytab keytabs timestamp MERCHANTABILITY -NONINFRINGEMENT sublicense Allbery +NONINFRINGEMENT sublicense Allbery SPDX-License-Identifier MIT =head1 NAME @@ -282,4 +282,10 @@ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +SPDX-License-Identifier: MIT + =cut + +# Local Variables: +# copyright-at-end-flag: t +# End: diff --git a/contrib/wallet-unknown-hosts.8 b/contrib/wallet-unknown-hosts.8 index 2e52b11..4046854 100644 --- a/contrib/wallet-unknown-hosts.8 +++ b/contrib/wallet-unknown-hosts.8 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.29) +.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -46,7 +46,7 @@ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" -.\" If the F register is turned on, we'll generate index entries on stderr for +.\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. @@ -54,20 +54,16 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{ -. if \nF \{ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.if !\nF .nr F 0 +.if \nF>0 \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{ -. nr % 0 -. nr F 2 -. \} +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 . \} .\} -.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -133,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "WALLET-UNKNOWN-HOSTS 8" -.TH WALLET-UNKNOWN-HOSTS 8 "2016-01-18" "1.3" "wallet" +.TH WALLET-UNKNOWN-HOSTS 8 "2018-06-03" "1.4" "wallet" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -150,7 +146,7 @@ env REMOTE_USER=\fIprincipal\fR \fBwallet-unknown-hosts\fR purge \fImin\fR \fIda .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBwallet-unknown-hosts\fR constructs a database recording host-based keytabs -in wallet whose corresponding hosts are not found in \s-1DNS. \s0 It records in +in wallet whose corresponding hosts are not found in \s-1DNS.\s0 It records in that database the number of times the host wasn't found and the timestamp of the first time it was not found. It can then generate a report of host-based keytab objects that have not been found for a minimum number of @@ -216,8 +212,10 @@ all copies or substantial portions of the Software. .PP \&\s-1THE SOFTWARE IS PROVIDED \*(L"AS IS\*(R", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.\s0 \s-1IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\s0 +.PP +SPDX-License-Identifier: \s-1MIT\s0 diff --git a/docs/design b/docs/design index 8f4b20d..55707b2 100644 --- a/docs/design +++ b/docs/design @@ -43,7 +43,7 @@ Assumptions the client, and that data passed between the server and the client is encrypted. For more information about the remctl protocol, see: - <http://www.eyrie.org/~eagle/software/remctl/protocol.html> + <https://www.eyrie.org/~eagle/software/remctl/protocol.html> remctl requires Kerberos v5 authentication, and therefore all clients using the wallet to retrieve data will use Kerberos v5 authentication. @@ -372,10 +372,12 @@ Security Considerations License - Copyright 2007, 2008, 2013 + Copyright 2007-2008, 2013 The Board of Trustees of the Leland Stanford Junior University Copying and distribution of this file, with or without modification, are permitted in any medium without royalty provided the copyright notice and this notice are preserved. This file is offered as-is, without any warranty. + + SPDX-License-Identifier: FSFAP diff --git a/docs/design-acl b/docs/design-acl index 836c411..e0c8317 100644 --- a/docs/design-acl +++ b/docs/design-acl @@ -101,10 +101,12 @@ ACL Schemes License Copyright 2016 Russ Allbery <eagle@eyrie.org> - Copyright 2006, 2007, 2008, 2013 + Copyright 2006-2008, 2013 The Board of Trustees of the Leland Stanford Junior University Copying and distribution of this file, with or without modification, are permitted in any medium without royalty provided the copyright notice and this notice are preserved. This file is offered as-is, without any warranty. + + SPDX-License-Identifier: FSFAP diff --git a/docs/design-api b/docs/design-api index 9a36e61..c4d3742 100644 --- a/docs/design-api +++ b/docs/design-api @@ -170,10 +170,12 @@ Registering New Implementations License - Copyright 2006, 2007, 2008, 2013 + Copyright 2006-2008, 2013 The Board of Trustees of the Leland Stanford Junior University Copying and distribution of this file, with or without modification, are permitted in any medium without royalty provided the copyright notice and this notice are preserved. This file is offered as-is, without any warranty. + + SPDX-License-Identifier: FSFAP diff --git a/docs/metadata/blurb b/docs/metadata/blurb new file mode 100644 index 0000000..bd695b0 --- /dev/null +++ b/docs/metadata/blurb @@ -0,0 +1,9 @@ +The wallet is a system for managing secure data, authorization rules to +retrieve or change that data, and audit rules for documenting actions +taken on that data. Objects of various types may be stored in the wallet +or generated on request and retrieved by authorized users. The wallet +tracks ACLs, metadata, and trace information. It is built on top of the +remctl protocol and uses Kerberos GSS-API authentication. One of the +object types it supports is Kerberos keytabs, making it suitable as a +user-accessible front-end to Kerberos kadmind with richer ACL and metadata +operations. diff --git a/docs/metadata/build/middle b/docs/metadata/build/middle new file mode 100644 index 0000000..8a15117 --- /dev/null +++ b/docs/metadata/build/middle @@ -0,0 +1,33 @@ +If you are upgrading the wallet server from an earlier installed version, +run `wallet-admin upgrade` after installation to upgrade the database +schema. See the wallet-admin manual page for more information. + +You can pass the `--with-wallet-server` and `--with-wallet-port` options +to configure to compile in a default wallet server and port. If no port +is set, the remctl default port is used. If no server is set, the server +must be specified either in `krb5.conf` configuration or on the wallet +command line or the client will exit with an error. + +By default, wallet uses whatever Perl executable exists in the current +`PATH`. That Perl's path is what the server scripts will use, and that +Perl's configuration will be used to determine where the server Perl +modules will be installed. + +To specify a particular Perl executable to use, either set the `PERL` +environment variable or pass it to configure like: + +``` + ./configure PERL=/path/to/my/perl +``` + +By default, wallet installs itself under `/usr/local` except for the +server Perl modules, which are installed into whatever default site module +path is used by your Perl installation. To change the installation +location of the files other than the Perl modules, pass the `--prefix=DIR` +argument to configure. + +If remctl was installed in a path not normally searched by your compiler, +you must specify its installation prefix to configure with the +`--with-remctl=DIR` option, or alternately set the path to the include +files and libraries separately with `--with-remctl-include=DIR` and +`--with-remctl-lib=DIR`. diff --git a/docs/metadata/description b/docs/metadata/description new file mode 100644 index 0000000..190c1db --- /dev/null +++ b/docs/metadata/description @@ -0,0 +1,31 @@ +The wallet is a client/server system using a central server with a +supporting database and a stand-alone client that can be widely +distributed to users. The server runs on a secure host with access to a +local database; tracks object metadata such as ACLs, attributes, history, +expiration, and ownership; and has the necessary access privileges to +create wallet-managed objects in external systems (such as Kerberos +service principals). The client uses the remctl protocol to send commands +to the server, store and retrieve objects, and query object metadata. The +same client can be used for both regular user operations and wallet +administrative actions. + +All wallet actions are controlled by a fine-grained set of ACLs. Each +object has an owner ACL and optional get, store, show, destroy, and flags +ACLs that control more specific actions. A global administrative ACL +controls access to administrative actions. An ACL consists of zero or +more entries, each of which is a generic scheme and identifier pair, +allowing the ACL system to be extended to use any existing authorization +infrastructure. Supported ACL types include Kerberos principal names, +regexes matching Kerberos principal names, and LDAP attribute checks. + +Currently, the object types supported are simple files, passwords, +Kerberos keytabs, WebAuth keyrings, and Duo integrations. By default, +whenever a Kerberos keytab object is retrieved from the wallet, the key is +changed in the Kerberos KDC and the wallet returns a keytab for the new +key. However, a keytab object can also be configured to preserve the +existing keys when retrieved. Included in the wallet distribution is a +script that can be run via remctl on an MIT Kerberos KDC to extract the +existing key for a principal, and the wallet system will use that +interface to retrieve the current key if the unchanging flag is set on a +Kerberos keytab object for MIT Kerberos. (Heimdal doesn't require any +special support.) diff --git a/docs/metadata/metadata.json b/docs/metadata/metadata.json new file mode 100644 index 0000000..5426422 --- /dev/null +++ b/docs/metadata/metadata.json @@ -0,0 +1,246 @@ +{ + "name": "wallet", + "version": "1.4", + "synopsis": "secure data management system", + "maintainer": "Russ Allbery <eagle@eyrie.org>", + "copyrights": [ + { + "holder": "Russ Allbery <eagle@eyrie.org>", + "years": "2014, 2016, 2018", + }, + { + "holder": "The Board of Trustees of the Leland Stanford Junior University", + "years": "2006-2010, 2012-2014", + }, + ], + "license": "Expat", + "build": { + "autotools": true, + "automake": "1.11", + "autoconf": "2.64", + "install": true, + "kerberos": true, + "lancaster": true, + "manpages": true, + "reduced_depends": true, + "type": "Autoconf", + }, + "support": { + "email": "eagle@eyrie.org", + "github": "rra/wallet", + "listname": "kerberos", + "listurl": "https://mailman.mit.edu/mailman/listinfo/kerberos", + "web": "https://www.eyrie.org/~eagle/software/wallet/", + }, + "vcs": { + "type": "Git", + "url": "https://git.eyrie.org/git/kerberos/wallet.git", + "browse": "https://git.eyrie.org/?p=kerberos/wallet.git", + "github": "rra/wallet", + "openhub": "https://www.openhub.net/p/wallet", + "travis": "rra/wallet", + }, + "readme": { + "sections": [ + { "title": "Configuration" }, + ], + }, + "quote": { + "author": "John M. Ford", + "work": "Growing Up Weightless", + }, + "distribution": { + "section": "kerberos", + "tarname": "wallet", + "version": "wallet", + }, + "debian": { + "personal": true, + }, + "docs": { + "user": [ + { + "name": "setup", + "title": "Setup and configuration", + }, + { + "name": "config", + "title": "Configuration options", + }, + { + "name": "objects-and-schemes", + "title": "Objects and ACL schemes", + }, + { + "name": "wallet", + "title": "wallet", + }, + { + "name": "wallet-admin", + "title": "wallet-admin", + }, + { + "name": "wallet-backend", + "title": "wallet-backend", + }, + { + "name": "wallet-report", + "title": "wallet-report", + }, + { + "name": "keytab-backend", + "title": "keytab-backend", + }, + { + "name": "naming", + "title": "Stanford wallet naming policy", + }, + { + "name": "thanks", + "title": "Thanks and credits", + }, + ], + "developer": [ + { + "name": "design", + "title": "Overall design", + }, + { + "name": "design-acl", + "title": "ACL design", + }, + { + "name": "design-api", + "title": "Server module API design", + }, + ], + "contrib": [ + { + "name": "used-principals", + "title": "used-principals", + }, + { + "name": "wallet-contacts", + "title": "wallet-contacts", + }, + { + "name": "wallet-rekey-periodic", + "title": "wallet-rekey-periodic", + }, + { + "name": "wallet-summary", + "title": "wallet-summary", + }, + { + "name": "wallet-unknown-hosts", + "title": "wallet-unknown-hosts", + } + ], + "api": [ + { + "name": "api/acl", + "title": "Wallet::ACL", + }, + { + "name": "api/acl-base", + "title": "Wallet::ACL::Base", + }, + { + "name": "api/acl-external", + "title": "Wallet::ACL::External", + }, + { + "name": "api/acl-krb5", + "title": "Wallet::ACL::Krb5", + }, + { + "name": "api/acl-krb5-regex", + "title": "Wallet::ACL::Krb5::Regex", + }, + { + "name": "api/acl-ldap-attr", + "title": "Wallet::ACL::LDAP::Attribute", + }, + { + "name": "api/acl-ldap-attr-root", + "title": "Wallet::ACL::LDAP::Attribute::Root", + }, + { + "name": "api/acl-nested", + "title": "Wallet::ACL::Nested", + }, + { + "name": "api/acl-netdb", + "title": "Wallet::ACL::NetDB", + }, + { + "name": "api/acl-netdb-root", + "title": "Wallet::ACL::NetDB::Root", + }, + { + "name": "api/admin", + "title": "Wallet::Admin", + }, + { + "name": "api/config", + "title": "Wallet::Config", + }, + { + "name": "api/database", + "title": "Wallet::Database", + }, + { + "name": "api/kadmin", + "title": "Wallet::Kadmin", + }, + { + "name": "api/kadmin-ad", + "title": "Wallet::Kadmin::AD", + }, + { + "name": "api/kadmin-heimdal", + "title": "Wallet::Kadmin::Heimdal", + }, + { + "name": "api/kadmin-mit", + "title": "Wallet::Kadmin::MIT", + }, + { + "name": "api/object-base", + "title": "Wallet::Object::Base", + }, + { + "name": "api/object-duo", + "title": "Wallet::Object::Duo", + }, + { + "name": "api/object-file", + "title": "Wallet::Object::File", + }, + { + "name": "api/object-keytab", + "title": "Wallet::Object::Keytab", + }, + { + "name": "api/object-password", + "title": "Wallet::Object::Password", + }, + { + "name": "api/policy-stanford", + "title": "Wallet::Policy::Stanford", + }, + { + "name": "api/report", + "title": "Wallet::Report", + }, + { + "name": "api/schema", + "title": "Wallet::Schema", + }, + { + "name": "api/server", + "title": "Wallet::Server", + }, + ], + }, +} diff --git a/docs/metadata/quote b/docs/metadata/quote new file mode 100644 index 0000000..eafb546 --- /dev/null +++ b/docs/metadata/quote @@ -0,0 +1,5 @@ +An architect +who does not believe +in privacy +may also lack faith +in keeping out the rain diff --git a/docs/metadata/requirements b/docs/metadata/requirements new file mode 100644 index 0000000..b82a52c --- /dev/null +++ b/docs/metadata/requirements @@ -0,0 +1,57 @@ +The wallet client requires the C +[remctl](https://www.eyrie.org/~eagle/software/remctl/) client library and +a Kerberos library. It will build with either MIT Kerberos or Heimdal. + +The wallet server is written in Perl and requires Perl 5.8.0 or later plus +the following Perl modules: + +* Date::Parse (part of the TimeDate distribution) +* DBI +* DBIx::Class +* Module::Build +* SQL::Translator + +You will also need a DBD Perl module for the database backend that you +intend to use, and the DateTime::Format::* module corresponding to that +DBD module (such as DateTime::Format::SQLite or DateTime::Format::PG). + +Currently, the server has only been tested against SQLite 3, MySQL 5, and +PostgreSQL, and prebuilt SQL files (for database upgrades) are only +provided for those servers. It will probably not work fully with other +database backends. Porting is welcome. + +The wallet server is intended to be run under `remctld` and use `remctld` +to do authentication. It can be ported to any other front-end, but doing +so will require writing a new version of `server/wallet-backend` that +translates the actions in that protocol into calls to the Wallet::Server +Perl object. + +The keytab support in the wallet server supports Heimdal and MIT Kerberos +KDCs and has experimental support for Active Directory. The Heimdal +support requires the Heimdal::Kadm5 Perl module. The MIT Kerberos support +requires the MIT Kerberos `kadmin` client program be installed. The +Active Directory support requires the Net::LDAP, Authen::SASL, and +IPC::Run Perl modules and the `msktutil` client program. + +To support the unchanging flag on keytab objects with an MIT Kerberos KDC, +the Net::Remctl Perl module (shipped with remctl) must be installed on the +server and the `keytab-backend` script must be runnable via remctl on the +KDC. This script also requires an MIT Kerberos `kadmin.local` binary that +supports the `-norandkey` option to `ktadd`. This option is included in +MIT Kerberos 1.7 and later. + +The WebAuth keyring object support in the wallet server requires the +WebAuth Perl module from WebAuth 4.4.0 or later. + +The Duo integration object support in the wallet server requires the +Net::Duo, JSON, and Perl6::Slurp Perl modules. + +The password object support in the wallet server requires the +Crypt::GeneratePassword Perl module. + +The LDAP attribute ACL verifier requires the Authen::SASL and Net::LDAP +Perl modules. This verifier only works with LDAP servers that support +GSS-API binds. + +The NetDB ACL verifier (only of interest at sites using NetDB to manage +DNS) requires the Net::Remctl Perl module. diff --git a/docs/metadata/sections/configuration b/docs/metadata/sections/configuration new file mode 100644 index 0000000..975516d --- /dev/null +++ b/docs/metadata/sections/configuration @@ -0,0 +1,16 @@ +Before setting up the wallet server, review the Wallet::Config +documentation (with man Wallet::Config or perldoc Wallet::Config). There +are many customization options, some of which must be set. You may also +need to create a Kerberos keytab for the keytab object backend and give it +appropriate ACLs, and set up `keytab-backend` and its `remctld` +configuration on your KDC if you want unchanging flag support. + +For the basic setup and configuration of the wallet server, see the file +`docs/setup` in the source distribution. You will need to set up a +database on the server (unless you're using SQLite), initialize the +database, install `remctld` and the wallet Perl modules, and set up +`remctld` to run the `wallet-backend` program. + +The wallet client supports reading configuration settings from the system +`krb5.conf` file. For more information, see the CONFIGURATION section of +the wallet client man page (`man wallet`). diff --git a/docs/metadata/test/prefix b/docs/metadata/test/prefix new file mode 100644 index 0000000..c92c414 --- /dev/null +++ b/docs/metadata/test/prefix @@ -0,0 +1,8 @@ +The wallet comes with a comprehensive test suite, but it requires some +configuration in order to test anything other than low-level utility +functions. To enable the full test suite, follow the instructions in: + +* `tests/config/README` +* `perl/t/data/README` + +Now, you can run the test suite with: diff --git a/docs/metadata/test/suffix b/docs/metadata/test/suffix new file mode 100644 index 0000000..df44eed --- /dev/null +++ b/docs/metadata/test/suffix @@ -0,0 +1,23 @@ +The test suite requires `remctld` be installed and available in the user's +path or in `/usr/local/sbin` or `/usr/sbin`; and that `sqlite3`, `kinit`, +and either `kvno` or `kgetcred` be installed and available on the user's +path. The test suite will also need to be able to bind to 127.0.0.1 on +ports 11119 and 14373 to test client/server network interactions. + +The test suite uses a SQLite database for server-side and end-to-end +testing and therefore requires the DBD::SQLite and +DateTime::Format::SQLite Perl modules. + +All of the requirements listed above will be required to run the full test +suite of server functionality, but tests will be selectively skipped if +their requirements aren't found. + +The following additional Perl modules will be used if present: + +* Test::MinimumVersion +* Test::Pod +* Test::Spelling +* Test::Strict + +All are available on CPAN. Those tests will be skipped if the modules are +not available. diff --git a/docs/netdb-role-api b/docs/netdb-role-api index c90182a..35c7bc6 100644 --- a/docs/netdb-role-api +++ b/docs/netdb-role-api @@ -33,10 +33,12 @@ Wallet Issues License - Copyright 2006, 2007, 2013 + Copyright 2006-2007, 2013 The Board of Trustees of the Leland Stanford Junior University Copying and distribution of this file, with or without modification, are permitted in any medium without royalty provided the copyright notice and this notice are preserved. This file is offered as-is, without any warranty. + + SPDX-License-Identifier: FSFAP @@ -229,10 +229,12 @@ Client Issues License - Copyright 2006, 2007, 2008, 2013 + Copyright 2006-2008, 2013 The Board of Trustees of the Leland Stanford Junior University Copying and distribution of this file, with or without modification, are permitted in any medium without royalty provided the copyright notice and this notice are preserved. This file is offered as-is, without any warranty. + + SPDX-License-Identifier: FSFAP diff --git a/docs/objects-and-schemes b/docs/objects-and-schemes index 763a24b..cb42bd8 100644 --- a/docs/objects-and-schemes +++ b/docs/objects-and-schemes @@ -117,10 +117,12 @@ ACL Schemes License - Copyright 2012, 2013, 2014 + Copyright 2012-2014 The Board of Trustees of the Leland Stanford Junior University Copying and distribution of this file, with or without modification, are permitted in any medium without royalty provided the copyright notice and this notice are preserved. This file is offered as-is, without any warranty. + + SPDX-License-Identifier: FSFAP @@ -88,10 +88,12 @@ Wallet Configuration License - Copyright 2007, 2008, 2010, 2012, 2013 + Copyright 2007-2008, 2010, 2012-2013 The Board of Trustees of the Leland Stanford Junior University Copying and distribution of this file, with or without modification, are permitted in any medium without royalty provided the copyright notice and this notice are preserved. This file is offered as-is, without any warranty. + + SPDX-License-Identifier: FSFAP diff --git a/docs/stanford-naming b/docs/stanford-naming index cb05a23..b195686 100644 --- a/docs/stanford-naming +++ b/docs/stanford-naming @@ -351,10 +351,12 @@ ACL Naming License - Copyright 2008, 2009, 2010, 2011, 2013 + Copyright 2008-2011, 2013 The Board of Trustees of the Leland Stanford Junior University Copying and distribution of this file, with or without modification, are permitted in any medium without royalty provided the copyright notice and this notice are preserved. This file is offered as-is, without any warranty. + + SPDX-License-Identifier: FSFAP diff --git a/examples/stanford.conf b/examples/stanford.conf index b4cd65a..697342b 100644 --- a/examples/stanford.conf +++ b/examples/stanford.conf @@ -6,10 +6,10 @@ # of a naming policy check and default ACL rules. # # Written by Russ Allbery <eagle@eyrie.org> -# Copyright 2007, 2008, 2009, 2010, 2012, 2013 +# Copyright 2007-2010, 2012-2013 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT # default_owner and verify_name come from our policy module. use Wallet::Policy::Stanford qw(default_owner verify_name); diff --git a/m4/cc-flags.m4 b/m4/cc-flags.m4 new file mode 100644 index 0000000..8a5aa8a --- /dev/null +++ b/m4/cc-flags.m4 @@ -0,0 +1,112 @@ +dnl Check whether the compiler supports particular flags. +dnl +dnl Provides RRA_PROG_CC_FLAG, which checks whether a compiler supports a +dnl given flag. If it does, the commands in the second argument are run. If +dnl not, the commands in the third argument are run. +dnl +dnl Provides RRA_PROG_CC_WARNINGS_FLAGS, which checks whether a compiler +dnl supports a large set of warning flags and sets the WARNINGS_CFLAGS +dnl substitution variable to all of the supported warning flags. (Note that +dnl this may be too aggressive for some people.) +dnl +dnl Depends on RRA_PROG_CC_CLANG. +dnl +dnl The canonical version of this file is maintained in the rra-c-util +dnl package, available at <https://www.eyrie.org/~eagle/software/rra-c-util/>. +dnl +dnl Copyright 2016-2018 Russ Allbery <eagle@eyrie.org> +dnl Copyright 2006, 2009, 2016 +dnl by Internet Systems Consortium, Inc. ("ISC") +dnl +dnl Permission to use, copy, modify, and/or distribute this software for any +dnl purpose with or without fee is hereby granted, provided that the above +dnl copyright notice and this permission notice appear in all copies. +dnl +dnl THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +dnl REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +dnl MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY +dnl SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +dnl WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +dnl ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR +dnl IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +dnl +dnl SPDX-License-Identifier: ISC + +dnl Used to build the result cache name. +AC_DEFUN([_RRA_PROG_CC_FLAG_CACHE], +[translit([rra_cv_compiler_c_$1], [-=+], [___])]) + +dnl Check whether a given flag is supported by the complier. +AC_DEFUN([RRA_PROG_CC_FLAG], +[AC_REQUIRE([AC_PROG_CC]) + AC_MSG_CHECKING([if $CC supports $1]) + AC_CACHE_VAL([_RRA_PROG_CC_FLAG_CACHE([$1])], + [save_CFLAGS=$CFLAGS + AS_CASE([$1], + [-Wno-*], [CFLAGS="$CFLAGS `echo "$1" | sed 's/-Wno-/-W/'`"], + [*], [CFLAGS="$CFLAGS $1"]) + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([], [int foo = 0;])], + [_RRA_PROG_CC_FLAG_CACHE([$1])=yes], + [_RRA_PROG_CC_FLAG_CACHE([$1])=no]) + CFLAGS=$save_CFLAGS]) + AC_MSG_RESULT([$_RRA_PROG_CC_FLAG_CACHE([$1])]) + AS_IF([test x"$_RRA_PROG_CC_FLAG_CACHE([$1])" = xyes], [$2], [$3])]) + +dnl Determine the full set of viable warning flags for the current compiler. +dnl +dnl This is based partly on personal preference and is a fairly aggressive set +dnl of warnings. Desirable CC warnings that can't be turned on due to other +dnl problems: +dnl +dnl -Wsign-conversion Too many fiddly changes for the benefit +dnl -Wstack-protector Too many false positives from small buffers +dnl +dnl Last checked against gcc 7.2.0 (2017-12-28). -D_FORTIFY_SOURCE=2 enables +dnl warn_unused_result attribute markings on glibc functions on Linux, which +dnl catches a few more issues. Add -O2 because gcc won't find some warnings +dnl without optimization turned on. +dnl +dnl For Clang, we try to use -Weverything, but we have to disable some of the +dnl warnings: +dnl +dnl -Wcast-qual Some structs require casting away const +dnl -Wdisabled-macro-expansion Triggers on libc (sigaction.sa_handler) +dnl -Wpadded Not an actual problem +dnl -Wreserved-id-macros Autoconf sets several of these normally +dnl -Wsign-conversion Too many fiddly changes for the benefit +dnl -Wtautological-pointer-compare False positives with for loops +dnl -Wundef Conflicts with Autoconf probe results +dnl -Wunreachable-code Happens with optional compilation +dnl -Wunreachable-code-return Other compilers get confused +dnl -Wunused-macros Often used on suppressed branches +dnl -Wused-but-marked-unused Happens a lot with conditional code +dnl +dnl Sets WARNINGS_CFLAGS as a substitution variable. +AC_DEFUN([RRA_PROG_CC_WARNINGS_FLAGS], +[AC_REQUIRE([RRA_PROG_CC_CLANG]) + AS_IF([test x"$CLANG" = xyes], + [WARNINGS_CFLAGS="-Werror" + m4_foreach_w([flag], + [-Weverything -Wno-cast-qual -Wno-disabled-macro-expansion -Wno-padded + -Wno-sign-conversion -Wno-reserved-id-macro + -Wno-tautological-pointer-compare -Wno-undef -Wno-unreachable-code + -Wno-unreachable-code-return -Wno-unused-macros + -Wno-used-but-marked-unused], + [RRA_PROG_CC_FLAG(flag, + [WARNINGS_CFLAGS="${WARNINGS_CFLAGS} flag"])])], + [WARNINGS_CFLAGS="-g -O2 -D_FORTIFY_SOURCE=2 -Werror" + m4_foreach_w([flag], + [-fstrict-overflow -fstrict-aliasing -Wall -Wextra -Wformat=2 + -Wformat-overflow=2 -Wformat-signedness -Wformat-truncation=2 + -Wnull-dereference -Winit-self -Wswitch-enum -Wstrict-overflow=5 + -Wmissing-format-attribute -Walloc-zero -Wduplicated-branches + -Wduplicated-cond -Wtrampolines -Wfloat-equal + -Wdeclaration-after-statement -Wshadow -Wpointer-arith + -Wbad-function-cast -Wcast-align -Wwrite-strings -Wconversion + -Wno-sign-conversion -Wdate-time -Wjump-misses-init -Wlogical-op + -Wstrict-prototypes -Wold-style-definition -Wmissing-prototypes + -Wmissing-declarations -Wnormalized=nfc -Wpacked -Wredundant-decls + -Wrestrict -Wnested-externs -Winline -Wvla], + [RRA_PROG_CC_FLAG(flag, + [WARNINGS_CFLAGS="${WARNINGS_CFLAGS} flag"])])]) + AC_SUBST([WARNINGS_CFLAGS])]) diff --git a/m4/clang.m4 b/m4/clang.m4 index 0659d82..c1815a5 100644 --- a/m4/clang.m4 +++ b/m4/clang.m4 @@ -3,13 +3,15 @@ dnl dnl If the current compiler is Clang, set the shell variable CLANG to yes. dnl dnl The canonical version of this file is maintained in the rra-c-util -dnl package, available at <http://www.eyrie.org/~eagle/software/rra-c-util/>. +dnl package, available at <https://www.eyrie.org/~eagle/software/rra-c-util/>. dnl dnl Copyright 2015 Russ Allbery <eagle@eyrie.org> dnl dnl This file is free software; the authors give unlimited permission to copy dnl and/or distribute it, with or without modifications, as long as this dnl notice is preserved. +dnl +dnl SPDX-License-Identifier: FSFULLR dnl Source used by RRA_PROG_CC_CLANG. AC_DEFUN([_RRA_PROG_CC_CLANG_SOURCE], [[ diff --git a/m4/gssapi.m4 b/m4/gssapi.m4 index f2ad5bb..5828b1b 100644 --- a/m4/gssapi.m4 +++ b/m4/gssapi.m4 @@ -19,15 +19,17 @@ dnl Depends on RRA_KRB5_CONFIG, RRA_ENABLE_REDUCED_DEPENDS, and dnl RRA_SET_LDFLAGS. dnl dnl The canonical version of this file is maintained in the rra-c-util -dnl package, available at <http://www.eyrie.org/~eagle/software/rra-c-util/>. +dnl package, available at <https://www.eyrie.org/~eagle/software/rra-c-util/>. dnl dnl Written by Russ Allbery <eagle@eyrie.org> -dnl Copyright 2005, 2006, 2007, 2008, 2009, 2011, 2012 +dnl Copyright 2005-2009, 2011-2012 dnl The Board of Trustees of the Leland Stanford Junior University dnl dnl This file is free software; the authors give unlimited permission to copy dnl and/or distribute it, with or without modifications, as long as this dnl notice is preserved. +dnl +dnl SPDX-License-Identifier: FSFULLR dnl Headers to include when probing for Kerberos library properties. AC_DEFUN([RRA_INCLUDES_GSSAPI], [[ diff --git a/m4/krb5-config.m4 b/m4/krb5-config.m4 index c69c4f3..bbfcdc1 100644 --- a/m4/krb5-config.m4 +++ b/m4/krb5-config.m4 @@ -8,15 +8,18 @@ dnl dnl Depends on RRA_ENABLE_REDUCED_DEPENDS. dnl dnl The canonical version of this file is maintained in the rra-c-util -dnl package, available at <http://www.eyrie.org/~eagle/software/rra-c-util/>. +dnl package, available at <https://www.eyrie.org/~eagle/software/rra-c-util/>. dnl dnl Written by Russ Allbery <eagle@eyrie.org> -dnl Copyright 2011, 2012 +dnl Copyright 2018 Russ Allbery <eagle@eyrie.org> +dnl Copyright 2011-2012 dnl The Board of Trustees of the Leland Stanford Junior University dnl dnl This file is free software; the authors give unlimited permission to copy dnl and/or distribute it, with or without modifications, as long as this dnl notice is preserved. +dnl +dnl SPDX-License-Identifier: FSFULLR dnl Check for krb5-config in the user's path and set PATH_KRB5_CONFIG. This dnl is moved into a separate macro so that it can be loaded via AC_REQUIRE, @@ -75,12 +78,12 @@ dnl argument if that option was requested and not supported. Old versions of dnl krb5-config didn't take an argument to specify the library type, but dnl always returned the flags for libkrb5. AC_DEFUN([RRA_KRB5_CONFIG], -[AC_REQUIRE([_RRA_KRB5_CONFIG_PATH]) - rra_krb5_config_$3= +[rra_krb5_config_$3= rra_krb5_config_$3[]_ok= AS_IF([test x"$1" != x && test -x "$1/bin/krb5-config"], [rra_krb5_config_$3="$1/bin/krb5-config"], - [rra_krb5_config_$3="$PATH_KRB5_CONFIG"]) + [_RRA_KRB5_CONFIG_PATH + rra_krb5_config_$3="$PATH_KRB5_CONFIG"]) AS_IF([test x"$rra_krb5_config_$3" != x && test -x "$rra_krb5_config_$3"], [AC_CACHE_CHECK([for $2 support in krb5-config], [rra_cv_lib_$3[]_config], [AS_IF(["$rra_krb5_config_$3" 2>&1 | grep $2 >/dev/null 2>&1], @@ -47,15 +47,17 @@ dnl Also provides RRA_INCLUDES_KRB5, which are the headers to include when dnl probing the Kerberos library properties. dnl dnl The canonical version of this file is maintained in the rra-c-util -dnl package, available at <http://www.eyrie.org/~eagle/software/rra-c-util/>. +dnl package, available at <https://www.eyrie.org/~eagle/software/rra-c-util/>. dnl dnl Written by Russ Allbery <eagle@eyrie.org> -dnl Copyright 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2013, 2014 +dnl Copyright 2005-2011, 2013-2014 dnl The Board of Trustees of the Leland Stanford Junior University dnl dnl This file is free software; the authors give unlimited permission to copy dnl and/or distribute it, with or without modifications, as long as this dnl notice is preserved. +dnl +dnl SPDX-License-Identifier: FSFULLR dnl Ignore Automake conditionals if not using Automake. m4_define_default([AM_CONDITIONAL], [:]) diff --git a/m4/lib-depends.m4 b/m4/lib-depends.m4 index 22d38ee..09a2cf9 100644 --- a/m4/lib-depends.m4 +++ b/m4/lib-depends.m4 @@ -10,15 +10,17 @@ dnl This macro doesn't do much but is defined separately so that other macros dnl can require it with AC_REQUIRE. dnl dnl The canonical version of this file is maintained in the rra-c-util -dnl package, available at <http://www.eyrie.org/~eagle/software/rra-c-util/>. +dnl package, available at <https://www.eyrie.org/~eagle/software/rra-c-util/>. dnl dnl Written by Russ Allbery <eagle@eyrie.org> -dnl Copyright 2005, 2006, 2007 +dnl Copyright 2005-2007 dnl The Board of Trustees of the Leland Stanford Junior University dnl dnl This file is free software; the authors give unlimited permission to copy dnl and/or distribute it, with or without modifications, as long as this dnl notice is preserved. +dnl +dnl SPDX-License-Identifier: FSFULLR AC_DEFUN([RRA_ENABLE_REDUCED_DEPENDS], [rra_reduced_depends=false diff --git a/m4/lib-pathname.m4 b/m4/lib-pathname.m4 index 828270f..46e8879 100644 --- a/m4/lib-pathname.m4 +++ b/m4/lib-pathname.m4 @@ -13,15 +13,17 @@ dnl This file also provides the Autoconf macro RRA_SET_LIBDIR, which sets the dnl libdir variable to PREFIX/lib{,32,64} as appropriate. dnl dnl The canonical version of this file is maintained in the rra-c-util -dnl package, available at <http://www.eyrie.org/~eagle/software/rra-c-util/>. +dnl package, available at <https://www.eyrie.org/~eagle/software/rra-c-util/>. dnl dnl Written by Russ Allbery <eagle@eyrie.org> -dnl Copyright 2008, 2009 +dnl Copyright 2008-2009 dnl The Board of Trustees of the Leland Stanford Junior University dnl dnl This file is free software; the authors give unlimited permission to copy dnl and/or distribute it, with or without modifications, as long as this dnl notice is preserved. +dnl +dnl SPDX-License-Identifier: FSFULLR dnl Probe for the alternate library name that we should attempt on this dnl architecture, given the size of an int, and set rra_lib_arch_name to that diff --git a/m4/perl.m4 b/m4/perl.m4 new file mode 100644 index 0000000..6080c3d --- /dev/null +++ b/m4/perl.m4 @@ -0,0 +1,107 @@ +dnl Probe for Perl properties and, optionally, flags for embedding Perl. +dnl +dnl Provides the following macros: +dnl +dnl RRA_PROG_PERL +dnl Checks for a specific Perl version and sets the PERL environment +dnl variable to the full path, or aborts the configure run if the version +dnl of Perl is not new enough or couldn't be found. Marks PERL as a +dnl substitution variable. +dnl +dnl RRA_PERL_CHECK_MODULE +dnl Checks for the existence of a Perl module. Runs the second argument +dnl if it is present and the third if it is not. +dnl +dnl RRA_LIB_PERL +dnl Determines the flags required for embedding Perl and sets +dnl PERL_CPPFLAGS and PERL_LIBS. +dnl +dnl RRA_PROG_PERL should generally be called before the other two macros. If +dnl it isn't, the PERL environment variable must be set in some other way. +dnl (It cannot be run automatically via dependencies because it takes a +dnl mandatory minimum version argument, which should be provided by the +dnl calling configure script.) +dnl +dnl The canonical version of this file is maintained in the rra-c-util +dnl package, available at <https://www.eyrie.org/~eagle/software/rra-c-util/>. +dnl +dnl Copyright 2016, 2018 Russ Allbery <eagle@eyrie.org> +dnl Copyright 2006, 2009, 2011 Internet Systems Consortium, Inc. ("ISC") +dnl Copyright 1998-2003 The Internet Software Consortium +dnl +dnl Permission to use, copy, modify, and distribute this software for any +dnl purpose with or without fee is hereby granted, provided that the above +dnl copyright notice and this permission notice appear in all copies. +dnl +dnl THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +dnl REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +dnl MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY +dnl SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +dnl WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +dnl ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR +dnl IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +dnl +dnl SPDX-License-Identifier: ISC + +dnl Check for the path to Perl and ensure it meets our minimum version +dnl requirement (given as the argument). Honor the $PERL environment +dnl variable, if set. +AC_DEFUN([RRA_PROG_PERL], +[AC_ARG_VAR([PERL], [Location of Perl interpreter]) + AS_IF([test x"$PERL" != x], + [AS_IF([! test -x "$PERL"], + [AC_MSG_ERROR([Perl binary $PERL not found])]) + AS_IF([! "$PERL" -e 'use $1' >/dev/null 2>&1], + [AC_MSG_ERROR([Perl $1 or greater is required])])], + [AC_CACHE_CHECK([for Perl version $1 or later], [ac_cv_path_PERL], + [AC_PATH_PROGS_FEATURE_CHECK([PERL], [perl], + [AS_IF(["$ac_path_PERL" -e 'require $1' >/dev/null 2>&1], + [ac_cv_path_PERL="$ac_path_PERL" + ac_path_PERL_found=:])])]) + AS_IF([test x"$ac_cv_path_PERL" = x], + [AC_MSG_ERROR([Perl $1 or greater is required])]) + PERL="$ac_cv_path_PERL" + AC_SUBST([PERL])])]) + +dnl Check whether a given Perl module can be loaded. Runs the second argument +dnl if it can, and the third argument if it cannot. +AC_DEFUN([RRA_PERL_CHECK_MODULE], +[AS_LITERAL_IF([$1], [], [m4_fatal([$0: requires literal arguments])])dnl + AS_VAR_PUSHDEF([ac_Module], [rra_cv_perl_module_$1])dnl + AC_CACHE_CHECK([for Perl module $1], [ac_Module], + [AS_IF(["$PERL" -e 'use $1' >/dev/null 2>&1], + [AS_VAR_SET([ac_Module], [yes])], + [AS_VAR_SET([ac_Module], [no])])]) + AS_VAR_IF([ac_Module], [yes], [$2], [$3]) + AS_VAR_POPDEF([ac_Module])]) + +dnl Determine the flags used for embedding Perl. +dnl +dnl Some distributions of Linux have Perl linked with gdbm but don't normally +dnl have gdbm installed, so on that platform only strip -lgdbm out of the Perl +dnl libraries. Leave it in on other platforms where it may be necessary (it +dnl isn't on Linux; Linux shared libraries can manage their own dependencies). +dnl Strip -lc out, which is added on some platforms, is unnecessary, and +dnl breaks compiles with -pthread (which may be added by Python). +AC_DEFUN([RRA_LIB_PERL], +[AC_REQUIRE([AC_CANONICAL_HOST]) + AC_SUBST([PERL_CPPFLAGS]) + AC_SUBST([PERL_LIBS]) + AC_MSG_CHECKING([for flags to link with Perl]) + rra_perl_core_path=`"$PERL" -MConfig -e 'print $Config{archlibexp}'` + rra_perl_core_flags=`"$PERL" -MExtUtils::Embed -e ccopts` + rra_perl_core_libs=`"$PERL" -MExtUtils::Embed -e ldopts 2>&1 | tail -n 1` + rra_perl_core_libs=" $rra_perl_core_libs " + rra_perl_core_libs=`echo "$rra_perl_core_libs" | sed 's/ -lc / /'` + AS_CASE([$host], + [*-linux*], + [rra_perl_core_libs=`echo "$rra_perl_core_libs" | sed 's/ -lgdbm / /'`], + [*-cygwin*], + [rra_perl_libname=`"$PERL" -MConfig -e 'print $Config{libperl}'` + rra_perl_libname=`echo "$rra_perl_libname" | sed 's/^lib//; s/\.a$//'` + rra_perl_core_libs="${rra_perl_core_libs}-l$rra_perl_libname"]) + rra_perl_core_libs=`echo "$rra_perl_core_libs" | sed 's/^ *//'` + rra_perl_core_libs=`echo "$rra_perl_core_libs" | sed 's/ *$//'` + PERL_CPPFLAGS="$rra_perl_core_flags" + PERL_LIBS="$rra_perl_core_libs" + AC_MSG_RESULT([$PERL_LIBS])]) diff --git a/m4/remctl.m4 b/m4/remctl.m4 index c2fbf9a..292313f 100644 --- a/m4/remctl.m4 +++ b/m4/remctl.m4 @@ -23,15 +23,17 @@ dnl Depends on RRA_ENABLE_REDUCED_DEPENDS, RRA_SET_LDFLAGS, and dnl RRA_LIB_GSSAPI. dnl dnl The canonical version of this file is maintained in the rra-c-util -dnl package, available at <http://www.eyrie.org/~eagle/software/rra-c-util/>. +dnl package, available at <https://www.eyrie.org/~eagle/software/rra-c-util/>. dnl dnl Written by Russ Allbery <eagle@eyrie.org> -dnl Copyright 2008, 2009, 2011, 2013 +dnl Copyright 2008-2009, 2011, 2013 dnl The Board of Trustees of the Leland Stanford Junior University dnl dnl This file is free software; the authors give unlimited permission to copy dnl and/or distribute it, with or without modifications, as long as this dnl notice is preserved. +dnl +dnl SPDX-License-Identifier: FSFULLR dnl Save the current CPPFLAGS, LDFLAGS, and LIBS settings and switch to dnl versions that include the remctl flags. Used as a wrapper, with diff --git a/m4/snprintf.m4 b/m4/snprintf.m4 index f134ab9..e739bbf 100644 --- a/m4/snprintf.m4 +++ b/m4/snprintf.m4 @@ -10,15 +10,17 @@ dnl Provides RRA_FUNC_SNPRINTF, which adds snprintf.o to LIBOBJS unless a dnl fully working snprintf is found. dnl dnl The canonical version of this file is maintained in the rra-c-util -dnl package, available at <http://www.eyrie.org/~eagle/software/rra-c-util/>. +dnl package, available at <https://www.eyrie.org/~eagle/software/rra-c-util/>. dnl dnl Written by Russ Allbery <eagle@eyrie.org> -dnl Copyright 2006, 2008, 2009 +dnl Copyright 2006, 2008-2009 dnl The Board of Trustees of the Leland Stanford Junior University dnl dnl This file is free software; the authors give unlimited permission to copy dnl and/or distribute it, with or without modifications, as long as this dnl notice is preserved. +dnl +dnl SPDX-License-Identifier: FSFULLR dnl Source used by RRA_FUNC_SNPRINTF. AC_DEFUN([_RRA_FUNC_SNPRINTF_SOURCE], [[ diff --git a/m4/vamacros.m4 b/m4/vamacros.m4 index 62fb82d..5595b86 100644 --- a/m4/vamacros.m4 +++ b/m4/vamacros.m4 @@ -14,15 +14,17 @@ dnl dnl They set HAVE_C99_VAMACROS or HAVE_GNU_VAMACROS as appropriate. dnl dnl The canonical version of this file is maintained in the rra-c-util -dnl package, available at <http://www.eyrie.org/~eagle/software/rra-c-util/>. +dnl package, available at <https://www.eyrie.org/~eagle/software/rra-c-util/>. dnl dnl Written by Russ Allbery <eagle@eyrie.org> -dnl Copyright 2006, 2008, 2009 +dnl Copyright 2006, 2008-2009 dnl The Board of Trustees of the Leland Stanford Junior University dnl dnl This file is free software; the authors give unlimited permission to copy dnl and/or distribute it, with or without modifications, as long as this dnl notice is preserved. +dnl +dnl SPDX-License-Identifier: FSFULLR AC_DEFUN([_RRA_C_C99_VAMACROS_SOURCE], [[ #include <stdio.h> diff --git a/perl/Build.PL b/perl/Build.PL index c50e569..79adf58 100644 --- a/perl/Build.PL +++ b/perl/Build.PL @@ -7,7 +7,7 @@ # Copyright 2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT use 5.006; use strict; @@ -48,6 +48,10 @@ my $build = Module::Build->new( 'Net::Remctl' => 0, WebAuth => 0, }, + test_requires => { + 'Crypt::GeneratePassword' => 0, + 'DateTime::Format::SQLite' => 0, + }, ); # Generate the build script. diff --git a/perl/create-ddl b/perl/create-ddl index 51fa8ff..d31fdf4 100755 --- a/perl/create-ddl +++ b/perl/create-ddl @@ -6,7 +6,7 @@ # Copyright 2012, 2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT ############################################################################# # Modules and declarations diff --git a/perl/lib/Wallet/ACL.pm b/perl/lib/Wallet/ACL.pm index ad0eb2c..948b71c 100644 --- a/perl/lib/Wallet/ACL.pm +++ b/perl/lib/Wallet/ACL.pm @@ -2,10 +2,10 @@ # # Written by Russ Allbery <eagle@eyrie.org> # Copyright 2016 Russ Allbery <eagle@eyrie.org> -# Copyright 2007, 2008, 2010, 2013, 2014, 2015 +# Copyright 2007-2008, 2010, 2013-2015 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT ############################################################################## # Modules and declarations @@ -20,7 +20,7 @@ use warnings; use DateTime; use Wallet::Object::Base; -our $VERSION = '1.03'; +our $VERSION = '1.04'; ############################################################################## # Constructors @@ -732,7 +732,7 @@ caller should call error() to get the error message. Wallet::ACL::Base(3), wallet-backend(8) This module is part of the wallet system. The current version is -available from L<http://www.eyrie.org/~eagle/software/wallet/>. +available from L<https://www.eyrie.org/~eagle/software/wallet/>. =head1 AUTHOR diff --git a/perl/lib/Wallet/ACL/Base.pm b/perl/lib/Wallet/ACL/Base.pm index 235a9cb..320a731 100644 --- a/perl/lib/Wallet/ACL/Base.pm +++ b/perl/lib/Wallet/ACL/Base.pm @@ -5,7 +5,7 @@ # Copyright 2007, 2010, 2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT ############################################################################## # Modules and declarations @@ -17,7 +17,7 @@ use 5.008; use strict; use warnings; -our $VERSION = '1.03'; +our $VERSION = '1.04'; ############################################################################## # Interface @@ -127,7 +127,7 @@ error string. Wallet::ACL(3), wallet-backend(8) This module is part of the wallet system. The current version is -available from L<http://www.eyrie.org/~eagle/software/wallet/>. +available from L<https://www.eyrie.org/~eagle/software/wallet/>. =head1 AUTHOR diff --git a/perl/lib/Wallet/ACL/External.pm b/perl/lib/Wallet/ACL/External.pm index caed80e..2285469 100644 --- a/perl/lib/Wallet/ACL/External.pm +++ b/perl/lib/Wallet/ACL/External.pm @@ -2,7 +2,7 @@ # # Copyright 2016 Russ Allbery <eagle@eyrie.org> # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT ############################################################################## # Modules and declarations @@ -19,7 +19,7 @@ use Wallet::ACL::Base; use Wallet::Config; our @ISA = qw(Wallet::ACL::Base); -our $VERSION = '1.03'; +our $VERSION = '1.04'; ############################################################################## # Interface @@ -183,7 +183,7 @@ remctld(8), Wallet::ACL(3), Wallet::ACL::Base(3), Wallet::Config(3), wallet-backend(8) This module is part of the wallet system. The current version is -available from L<http://www.eyrie.org/~eagle/software/wallet/>. +available from L<https://www.eyrie.org/~eagle/software/wallet/>. =head1 AUTHOR diff --git a/perl/lib/Wallet/ACL/Krb5.pm b/perl/lib/Wallet/ACL/Krb5.pm index e0e9a61..3309274 100644 --- a/perl/lib/Wallet/ACL/Krb5.pm +++ b/perl/lib/Wallet/ACL/Krb5.pm @@ -5,7 +5,7 @@ # Copyright 2007, 2010, 2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT ############################################################################## # Modules and declarations @@ -20,7 +20,7 @@ use warnings; use Wallet::ACL::Base; our @ISA = qw(Wallet::ACL::Base); -our $VERSION = '1.03'; +our $VERSION = '1.04'; ############################################################################## # Interface @@ -113,7 +113,7 @@ The PRINCIPAL parameter to check() was undefined or the empty string. Wallet::ACL(3), Wallet::ACL::Base(3), wallet-backend(8) This module is part of the wallet system. The current version is -available from L<http://www.eyrie.org/~eagle/software/wallet/>. +available from L<https://www.eyrie.org/~eagle/software/wallet/>. =head1 AUTHOR diff --git a/perl/lib/Wallet/ACL/Krb5/Regex.pm b/perl/lib/Wallet/ACL/Krb5/Regex.pm index f3b9a06..be6c5e1 100644 --- a/perl/lib/Wallet/ACL/Krb5/Regex.pm +++ b/perl/lib/Wallet/ACL/Krb5/Regex.pm @@ -5,7 +5,7 @@ # Copyright 2007, 2010, 2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT ############################################################################## # Modules and declarations @@ -20,7 +20,7 @@ use warnings; use Wallet::ACL::Krb5; our @ISA = qw(Wallet::ACL::Krb5); -our $VERSION = '1.03'; +our $VERSION = '1.04'; ############################################################################## # Interface @@ -121,7 +121,7 @@ The ACL parameter to check() was undefined or the empty string. Wallet::ACL(3), Wallet::ACL::Base(3), Wallet::ACL::Krb5(3), wallet-backend(8) This module is part of the wallet system. The current version is -available from L<http://www.eyrie.org/~eagle/software/wallet/>. +available from L<https://www.eyrie.org/~eagle/software/wallet/>. =head1 AUTHOR diff --git a/perl/lib/Wallet/ACL/LDAP/Attribute.pm b/perl/lib/Wallet/ACL/LDAP/Attribute.pm index fcb8447..65e0208 100644 --- a/perl/lib/Wallet/ACL/LDAP/Attribute.pm +++ b/perl/lib/Wallet/ACL/LDAP/Attribute.pm @@ -2,10 +2,10 @@ # # Written by Russ Allbery # Copyright 2016 Russ Allbery <eagle@eyrie.org> -# Copyright 2012, 2013, 2014 +# Copyright 2012-2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT ############################################################################## # Modules and declarations @@ -23,7 +23,7 @@ use Wallet::ACL::Base; use Wallet::Config; our @ISA = qw(Wallet::ACL::Base); -our $VERSION = '1.03'; +our $VERSION = '1.04'; ############################################################################## # Interface @@ -251,7 +251,7 @@ The PRINCIPAL parameter to check() was undefined or the empty string. Wallet::ACL(3), Wallet::ACL::Base(3), Wallet::Config(3), wallet-backend(8) This module is part of the wallet system. The current version is -available from L<http://www.eyrie.org/~eagle/software/wallet/>. +available from L<https://www.eyrie.org/~eagle/software/wallet/>. =head1 AUTHOR diff --git a/perl/lib/Wallet/ACL/LDAP/Attribute/Root.pm b/perl/lib/Wallet/ACL/LDAP/Attribute/Root.pm index 8451394..5ebece6 100644 --- a/perl/lib/Wallet/ACL/LDAP/Attribute/Root.pm +++ b/perl/lib/Wallet/ACL/LDAP/Attribute/Root.pm @@ -1,12 +1,11 @@ # Wallet::ACL::LDAP::Attribute::Root -- Wallet root instance LDAP ACL verifier # # Written by Jon Robertson <jonrober@stanford.edu> -# Based on Wallet::ACL::NetDB::Root by Russ Allbery <eagle@eyrie.org> # Copyright 2016 Russ Allbery <eagle@eyrie.org> # Copyright 2015 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT ############################################################################## # Modules and declarations @@ -21,7 +20,7 @@ use warnings; use Wallet::ACL::LDAP::Attribute; our @ISA = qw(Wallet::ACL::LDAP::Attribute); -our $VERSION = '1.03'; +our $VERSION = '1.04'; ############################################################################## # Interface @@ -113,7 +112,7 @@ Net::Remctl(3), Wallet::ACL(3), Wallet::ACL::Base(3), Wallet::ACL::LDAP::Attribute(3), Wallet::Config(3), wallet-backend(8) This module is part of the wallet system. The current version is -available from L<http://www.eyrie.org/~eagle/software/wallet/>. +available from L<https://www.eyrie.org/~eagle/software/wallet/>. =head1 AUTHORS diff --git a/perl/lib/Wallet/ACL/Nested.pm b/perl/lib/Wallet/ACL/Nested.pm index da42286..a6b6655 100644 --- a/perl/lib/Wallet/ACL/Nested.pm +++ b/perl/lib/Wallet/ACL/Nested.pm @@ -5,7 +5,7 @@ # Copyright 2015 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT ############################################################################## # Modules and declarations @@ -20,7 +20,7 @@ use warnings; use Wallet::ACL::Base; our @ISA = qw(Wallet::ACL::Base); -our $VERSION = '1.03'; +our $VERSION = '1.04'; ############################################################################## # Interface @@ -177,7 +177,7 @@ will generally come from the nested child ACL. Wallet::ACL(3), wallet-backend(8) This module is part of the wallet system. The current version is -available from L<http://www.eyrie.org/~eagle/software/wallet/>. +available from L<https://www.eyrie.org/~eagle/software/wallet/>. =head1 AUTHOR diff --git a/perl/lib/Wallet/ACL/NetDB.pm b/perl/lib/Wallet/ACL/NetDB.pm index a4c7fb0..c5fdc39 100644 --- a/perl/lib/Wallet/ACL/NetDB.pm +++ b/perl/lib/Wallet/ACL/NetDB.pm @@ -5,7 +5,7 @@ # Copyright 2007, 2010, 2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT ############################################################################## # Modules and declarations @@ -21,7 +21,7 @@ use Wallet::ACL::Base; use Wallet::Config; our @ISA = qw(Wallet::ACL::Base); -our $VERSION = '1.03'; +our $VERSION = '1.04'; ############################################################################## # Interface @@ -252,10 +252,10 @@ wallet-backend(8) NetDB is a free software system for managing DNS, DHCP, and related machine information for large organizations. For more information on -NetDB, see L<http://www.stanford.edu/group/networking/netdb/>. +NetDB, see L<https://web.stanford.edu/group/networking/netdb/>. This module is part of the wallet system. The current version is -available from L<http://www.eyrie.org/~eagle/software/wallet/>. +available from L<https://www.eyrie.org/~eagle/software/wallet/>. =head1 AUTHOR diff --git a/perl/lib/Wallet/ACL/NetDB/Root.pm b/perl/lib/Wallet/ACL/NetDB/Root.pm index bfd13b4..2dd1562 100644 --- a/perl/lib/Wallet/ACL/NetDB/Root.pm +++ b/perl/lib/Wallet/ACL/NetDB/Root.pm @@ -5,7 +5,7 @@ # Copyright 2007, 2010, 2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT ############################################################################## # Modules and declarations @@ -20,7 +20,7 @@ use warnings; use Wallet::ACL::NetDB; our @ISA = qw(Wallet::ACL::NetDB); -our $VERSION = '1.03'; +our $VERSION = '1.04'; ############################################################################## # Interface @@ -112,10 +112,10 @@ Wallet::ACL::NetDB(3), Wallet::Config(3), wallet-backend(8) NetDB is a free software system for managing DNS, DHCP, and related machine information for large organizations. For more information on -NetDB, see L<http://www.stanford.edu/group/networking/netdb/>. +NetDB, see L<https://web.stanford.edu/group/networking/netdb/>. This module is part of the wallet system. The current version is -available from L<http://www.eyrie.org/~eagle/software/wallet/>. +available from L<https://www.eyrie.org/~eagle/software/wallet/>. =head1 AUTHOR diff --git a/perl/lib/Wallet/Admin.pm b/perl/lib/Wallet/Admin.pm index 9b63174..707f410 100644 --- a/perl/lib/Wallet/Admin.pm +++ b/perl/lib/Wallet/Admin.pm @@ -2,10 +2,10 @@ # # Written by Russ Allbery <eagle@eyrie.org> # Copyright 2016 Russ Allbery <eagle@eyrie.org> -# Copyright 2008, 2009, 2010, 2011, 2012, 2013, 2014 +# Copyright 2008-2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT ############################################################################## # Modules and declarations @@ -20,7 +20,7 @@ use warnings; use Wallet::ACL; use Wallet::Schema; -our $VERSION = '1.03'; +our $VERSION = '1.04'; # The last non-DBIx::Class version of Wallet::Schema. If a database has no # DBIx::Class versioning, we artificially install this version number before @@ -375,7 +375,7 @@ much as possible. Returns true on success and false on failure. wallet-admin(8) This module is part of the wallet system. The current version is -available from L<http://www.eyrie.org/~eagle/software/wallet/>. +available from L<https://www.eyrie.org/~eagle/software/wallet/>. =head1 AUTHOR diff --git a/perl/lib/Wallet/Config.pm b/perl/lib/Wallet/Config.pm index b8771c3..60f0e10 100644 --- a/perl/lib/Wallet/Config.pm +++ b/perl/lib/Wallet/Config.pm @@ -1,11 +1,11 @@ # Wallet::Config -- Configuration handling for the wallet server # # Written by Russ Allbery <eagle@eyrie.org> -# Copyright 2016 Russ Allbery <eagle@eyrie.org> -# Copyright 2007, 2008, 2010, 2013, 2014, 2015 +# Copyright 2016, 2018 Russ Allbery <eagle@eyrie.org> +# Copyright 2007-2008, 2010, 2013-2015 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT package Wallet::Config; @@ -13,7 +13,7 @@ use 5.008; use strict; use warnings; -our $VERSION = '1.03'; +our $VERSION = '1.04'; # Path to the config file to load. our $PATH = $ENV{WALLET_CONFIG} || '/etc/wallet/wallet.conf'; @@ -26,7 +26,7 @@ Wallet::Config - Configuration handling for the wallet server DBI DSN SQLite subdirectories KEYTAB keytab kadmind KDC add-ons kadmin DNS SRV kadmin keytabs remctl backend lowercased NETDB ACL NetDB unscoped usernames rekey hostnames Allbery wallet-backend keytab-backend Heimdal -rekeys WebAuth WEBAUTH keyring LDAP DN GSS-API integrations msktutil +rekeys WebAuth WEBAUTH keyring LDAP DN GSS-API integrations msktutil CN DIT =head1 SYNOPSIS @@ -415,40 +415,48 @@ our $KEYTAB_TMP; =back -The following parameters are specific to generating keytabs from Active -Directory (KEYTAB_KRBTYPE is set to C<AD>). +The following parameters are specific to generating keytabs from +Active Directory (KEYTAB_KRBTYPE is set to C<AD>). =over 4 +=item AD_BASE_DN + +The base distinguished name of the Active Directory instance. This is used +when Wallet uses LDAP directly to examine objects in Active Directory. + +=cut + +our $AD_BASE_DN; + =item AD_CACHE Specifies the ticket cache to use when manipulating Active Directory objects. The ticket cache must be for a principal able to bind to Active Directory and run B<msktutil>. -AD_CACHE must be set to use Active Directory support. - =cut our $AD_CACHE; -=item AD_COMPUTER_DN +=item AD_COMPUTER_RDN -The LDAP base DN for computer objects inside Active Directory. All keytabs of -the form host/<hostname> will be mapped to objects with a C<samAccountName> of -the <hostname> portion under this DN. +The LDAP base DN for computer objects inside Active Directory. All +keytabs of the form host/<hostname> will be mapped to objects with a +C<samAccountName> of the <hostname> portion under this DN. -AD_COMPUTER_DN must be set if using Active Directory as the keytab backend. +AD_COMPUTER_RDN must be set if using Active Directory as the keytab +backend. =cut -our $AD_COMPUTER_DN; +our $AD_COMPUTER_RDN; =item AD_DEBUG -If set to true, asks for some additional debugging information, such as the -B<msktutil> command, to be logged to syslog. These debugging messages will be -logged to the C<local3> facility. +If set to true, asks for some additional debugging information, such +as the B<msktutil> command, to be logged to syslog. These debugging +messages will be logged to the C<local3> facility. =cut @@ -464,17 +472,64 @@ default PATH. our $AD_MSKTUTIL = 'msktutil'; -=item AD_USER_DN +=item AD_SERVICE_LENGTH + +The maximum length of a unique identifier, C<samAccountName>, for Active +Directory keytab objects. If the identifier exceeds this length then it will +be truncated and an integer will be appended to the end of the identifier. +This parameter is here in hopes that at some point in the future Microsoft +will remove the limitation. + +=cut + +our $AD_SERVICE_LENGTH = '20'; + +=item AD_SERVICE_LIMIT + +Used to limit the number of iterations used in attempting to find a +unique account name for principals. Defaults to 999. + +=cut + +our $AD_SERVICE_LIMIT = '999'; + +=item AD_SERVICE_PREFIX + +For service principals the AD_SERVICE_PREFIX will be combined with the +principal identifier to form the account name, i.e. the CN, used to +store the keytab entry in the Active Directory. Active Directory +limits these CN's to a maximum of 20 characters. If the resulting CN +is greater than 20 characters the CN will be truncated and an integer +will be appended to it. The integer will be incremented until a +unique CN is found. + +The AD_SERVICE_PREFIX is generally useful only prevent name collisions +when the service keytabs are store in branch of the DIT that also +contains other similar objects. + +=cut + +our $AD_SERVICE_PREFIX; + +=item AD_SERVER + +The hostname of the Active Directory Domain Controller. + +=cut + +our $AD_SERVER; + +=item AD_USER_RDN The LDAP base DN for user objects inside Active Directory. All keytabs of the form service/<user> will be mapped to objects with a C<servicePrincipalName> matching the wallet object name under this DN. -AD_USER_DN must be set if using Active Directory as the keytab backend. +AD_USER_RDN must be set if using Active Directory as the keytab backend. =cut -our $AD_USER_DN; +our $AD_USER_RDN; =back @@ -482,8 +537,9 @@ our $AD_USER_DN; Heimdal provides the choice, over the network protocol, of either downloading the existing keys for a principal or generating new random -keys. MIT Kerberos does not; downloading a keytab over the kadmin -protocol always rekeys the principal. +keys. Neither MIT Kerberos or Active Directory support retrieving an +existing keytab; downloading a keytab over the kadmin protocol or +using msktutil always rekeys the principal. For MIT Kerberos, the keytab object backend therefore optionally supports retrieving existing keys, and hence keytabs, for Kerberos principals by @@ -491,6 +547,11 @@ contacting the KDC via remctl and talking to B<keytab-backend>. This is enabled by setting the C<unchanging> flag on keytab objects. To configure that support, set the following variables. +For Active Directory Kerberos, the keytab object backend supports +storing the keytabs on the wallet server. This functionality is +enabled by setting the configuration variable AD_KEYTAB_BUCKET. (This +had not been implemented yet.) + This is not required for Heimdal; for Heimdal, setting the C<unchanging> flag is all that's needed. @@ -542,6 +603,16 @@ will be used. our $KEYTAB_REMCTL_PORT; +=item AD_KEYTAB_BUCKET + +The path to store a copy of keytabs created. This is required for the +support of unchanging keytabs with an Active Directory KDC. (This has +not been implemented yet.) + +=cut + +our $AD_KEYTAB_BUCKET = '/var/lib/wallet/keytabs'; + =back =head1 WEBAUTH KEYRING OBJECT CONFIGURATION @@ -984,7 +1055,7 @@ __END__ DBI(3), Wallet::Object::Keytab(3), Wallet::Server(3), wallet-backend(8) This module is part of the wallet system. The current version is -available from L<http://www.eyrie.org/~eagle/software/wallet/>. +available from L<https://www.eyrie.org/~eagle/software/wallet/>. =head1 AUTHOR diff --git a/perl/lib/Wallet/Database.pm b/perl/lib/Wallet/Database.pm index 23b059f..83b8dfc 100644 --- a/perl/lib/Wallet/Database.pm +++ b/perl/lib/Wallet/Database.pm @@ -7,10 +7,10 @@ # # Written by Russ Allbery <eagle@eyrie.org> # Copyright 2016 Russ Allbery <eagle@eyrie.org> -# Copyright 2008, 2009, 2010, 2012, 2013, 2014 +# Copyright 2008-2010, 2012-2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT ############################################################################## # Modules and declarations @@ -26,7 +26,7 @@ use Wallet::Config; use Wallet::Schema; our @ISA = qw(Wallet::Schema); -our $VERSION = '1.03'; +our $VERSION = '1.04'; ############################################################################## # Core overrides @@ -111,7 +111,7 @@ configuration. DBI(3), Wallet::Config(3) This module is part of the wallet system. The current version is -available from L<http://www.eyrie.org/~eagle/software/wallet/>. +available from L<https://www.eyrie.org/~eagle/software/wallet/>. =head1 AUTHOR diff --git a/perl/lib/Wallet/Kadmin.pm b/perl/lib/Wallet/Kadmin.pm index 8851c7e..150c188 100644 --- a/perl/lib/Wallet/Kadmin.pm +++ b/perl/lib/Wallet/Kadmin.pm @@ -2,10 +2,10 @@ # # Written by Jon Robertson <jonrober@stanford.edu> # Copyright 2016 Russ Allbery <eagle@eyrie.org> -# Copyright 2009, 2010, 2014 +# Copyright 2009-2010, 2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT ############################################################################## # Modules and declarations @@ -19,7 +19,7 @@ use warnings; use Wallet::Config; -our $VERSION = '1.03'; +our $VERSION = '1.04'; ############################################################################## # Utility functions for child classes @@ -232,7 +232,7 @@ as binary data. On failure, returns undef and sets the object error. kadmin(8), Wallet::Config(3), Wallet::Object::Keytab(3), wallet-backend(8) This module is part of the wallet system. The current version is -available from L<http://www.eyrie.org/~eagle/software/wallet/>. +available from L<https://www.eyrie.org/~eagle/software/wallet/>. =head1 AUTHORS diff --git a/perl/lib/Wallet/Kadmin/AD.pm b/perl/lib/Wallet/Kadmin/AD.pm index 5b71d41..f2f86b9 100644 --- a/perl/lib/Wallet/Kadmin/AD.pm +++ b/perl/lib/Wallet/Kadmin/AD.pm @@ -1,12 +1,12 @@ # Wallet::Kadmin::AD -- Wallet Kerberos administration API for AD # -# Written by Bill MacAllister <bill@ca-zephyr.org> -# Copyright 2016 Russ Allbery <eagle@eyrie.org> -# Copyright 2015 Dropbox, Inc. -# Copyright 2007, 2008, 2009, 2010, 2014 +# Written by Bill MacAllister <whm@dropbox.com> +# Copyright 2016, 2018 Russ Allbery <eagle@eyrie.org> +# Copyright 2015-2016 Dropbox, Inc. +# Copyright 2007-2010, 2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT ############################################################################## # Modules and declarations @@ -26,7 +26,9 @@ use Wallet::Config; use Wallet::Kadmin; our @ISA = qw(Wallet::Kadmin); -our $VERSION = '1.03'; +our $VERSION = '1.04'; + +my $LDAP; ############################################################################## # kadmin Interaction @@ -34,33 +36,47 @@ our $VERSION = '1.03'; # Send debugging output to syslog. -sub ad_debug { +sub ad_syslog { my ($self, $l, $m) = @_; if (!$self->{SYSLOG}) { openlog('wallet-server', 'ndelay,nofatal', 'local3'); $self->{SYSLOG} = 1; } + if ($l !~ /^(debug|info|err|warning)$/xms) { + $l = 'err'; + } syslog($l, $m); return; } +# Return a string given an array whose elements are command line arguments +# passws to IPC::Run. Quote any strings that have embedded spaces. Replace +# null elements with the string #NULL#. + +sub ad_cmd_string { + my ($self, $cmd_ref) = @_; + my $z = ''; + my $ws = ' '; + for my $e (@{ $cmd_ref }) { + if (!$e) { + $z .= $ws . '#NULL#'; + } elsif ($e =~ /\s/xms) { + $z .= $ws . '"' . $e . '"'; + } else { + $z .= $ws . $e; + } + $ws = ' '; + } + return $z; +} + # Make sure that principals are well-formed and don't contain # characters that will cause us problems when talking to kadmin. # Takes a principal and returns true if it's okay, false otherwise. # Note that we do not permit realm information here. sub valid_principal { my ($self, $principal) = @_; - my $valid = 0; - if ($principal =~ m,^(host|service)(/[\w_.-]+)?\z,) { - my $k_type = $1; - my $k_id = $2; - if ($k_type eq 'host') { - $valid = 1 if $k_id =~ m/[.]/xms; - } elsif ($k_type eq 'service') { - $valid = 1 if length($k_id) < 19; - } - } - return $valid; + return scalar ($principal =~ m,^[\w-]+(/[\w_.-]+)?\z,); } # Connect to the Active Directory server using LDAP. The connection is @@ -69,48 +85,111 @@ sub valid_principal { sub ldap_connect { my ($self) = @_; - if (!-e $Wallet::Config::AD_CACHE) { - die 'Missing kerberos ticket cache ' . $Wallet::Config::AD_CACHE; - } - - my $ldap; - eval { - local $ENV{KRB5CCNAME} = $Wallet::Config::AD_CACHE; - my $sasl = Authen::SASL->new(mechanism => 'GSSAPI'); - $ldap = Net::LDAP->new($Wallet::Config::KEYTAB_HOST, onerror => 'die'); - my $mesg = eval { $ldap->bind(undef, sasl => $sasl) }; - }; - if ($@) { - my $error = $@; - chomp $error; - 1 while ($error =~ s/ at \S+ line \d+\.?\z//); - die "LDAP bind to AD failed: $error\n"; + if (!$LDAP) { + eval { + local $ENV{KRB5CCNAME} = $Wallet::Config::AD_CACHE; + my $sasl = Authen::SASL->new(mechanism => 'GSSAPI'); + $LDAP = Net::LDAP->new($Wallet::Config::KEYTAB_HOST, + onerror => 'die'); + my $mesg = eval { $LDAP->bind(undef, sasl => $sasl) }; + }; + if ($@) { + my $error = $@; + chomp $error; + 1 while ($error =~ s/ at \S+ line \d+\.?\z//); + die "LDAP bind to AD failed: $error\n"; + } } - - return $ldap; + return $LDAP; } # Construct a base filter for searching Active Directory. sub ldap_base_filter { my ($self, $principal) = @_; + my $base; my $filter; - if ($principal =~ m,^host/(\S+),xms) { - my $fqdn = $1; - my $host = $fqdn; - $host =~ s/[.].*//xms; - $base = $Wallet::Config::AD_COMPUTER_DN; - $filter = "(samAccountName=${host}\$)"; - } elsif ($principal =~ m,^service/(\S+),xms) { - my $id = $1; - $base = $Wallet::Config::AD_USER_DN; - $filter = "(servicePrincipalName=service/${id})"; + my $this_type; + my $this_id; + + if ($principal =~ m,^(.*?)/(\S+),xms) { + $this_type = $1; + $this_id = $2; + } else { + $this_id = $principal; + } + + # Create a filter to find the objects we create + if ($this_id =~ s/@(.*)//xms) { + $filter = "(userPrincipalName=${principal})"; + } elsif ($Wallet::Config::KEYTAB_REALM) { + $filter = '(userPrincipalName=' . $principal + . '@' . $Wallet::Config::KEYTAB_REALM . ')'; + } else { + $filter = "(userPrincipalName=${principal}\@*)"; + } + + # Set the base distinguished name + if ($this_type && $this_type eq 'host') { + $base = $Wallet::Config::AD_COMPUTER_RDN; + } else { + $base = $Wallet::Config::AD_USER_RDN; } + $base .= ',' . $Wallet::Config::AD_BASE_DN; + return ($base, $filter); } -# TODO: Get a keytab from the keytab cache. +# Take in a base and a filter and return the assoicated DN or return +# null if there is no matching entry. +sub ldap_get_dn { + my ($self, $base, $filter) = @_; + my $dn; + + if ($Wallet::Config::AD_DEBUG) { + $self->ad_syslog('debug', "base:$base filter:$filter scope:subtree\n"); + } + + $self->ldap_connect(); + my @attrs = ('objectclass'); + my $result; + eval { + $result = $LDAP->search( + base => $base, + scope => 'subtree', + filter => $filter, + attrs => \@attrs + ); + }; + if ($@) { + my $error = $@; + die "LDAP search error: $error\n"; + } + if ($result->code) { + $self->ad_syslog('info', "base:$base filter:$filter scope:subtree\n"); + die $result->error; + } + if ($Wallet::Config::AD_DEBUG) { + $self->ad_syslog('debug', 'returned: ' . $result->count); + } + + if ($result->count == 1) { + for my $entry ($result->entries) { + $dn = $entry->dn; + } + } elsif ($result->count > 1) { + $self->ad_syslog('err', 'too many AD entries for this keytab'); + for my $entry ($result->entries) { + $self->ad_syslog('info', 'dn found: ' . $entry->dn . "\n"); + } + die("INFO: use show to examine the problem\n"); + } + + return $dn; +} + +# TODO: Get a keytab from the keytab bucket. sub get_ad_keytab { my ($self, $principal) = @_; return; @@ -125,13 +204,16 @@ sub get_ad_keytab { sub msktutil { my ($self, $args_ref) = @_; unless (defined($Wallet::Config::KEYTAB_HOST) + and defined($Wallet::Config::KEYTAB_PRINCIPAL) + and defined($Wallet::Config::KEYTAB_FILE) and defined($Wallet::Config::KEYTAB_REALM)) { die "keytab object implementation not configured\n"; } - unless (defined($Wallet::Config::AD_CACHE) - and defined($Wallet::Config::AD_COMPUTER_DN) - and defined($Wallet::Config::AD_USER_DN)) + unless (-e $Wallet::Config::AD_MSKTUTIL + and defined($Wallet::Config::AD_BASE_DN) + and defined($Wallet::Config::AD_COMPUTER_RDN) + and defined($Wallet::Config::AD_USER_RDN)) { die "Active Directory support not configured\n"; } @@ -139,7 +221,7 @@ sub msktutil { my @cmd = ($Wallet::Config::AD_MSKTUTIL); push @cmd, @args; if ($Wallet::Config::AD_DEBUG) { - $self->ad_debug('debug', join(' ', @cmd)); + $self->ad_syslog('debug', $self->ad_cmd_string(\@cmd)); } my $in; @@ -162,6 +244,7 @@ sub msktutil { $err_msg .= "ERROR: $err\n"; $err_msg .= 'Problem command: ' . join(' ', @cmd) . "\n"; } + $self->ad_syslog('err', $err_msg); die $err_msg; } else { if ($err) { @@ -169,49 +252,107 @@ sub msktutil { } } if ($Wallet::Config::AD_DEBUG) { - $self->ad_debug('debug', $out); + $self->ad_syslog('debug', $out); } return $out; } +# The unique identifier that Active Directory used to store keytabs +# has a maximum length of 20 characters. This routine takes a +# principal name an generates a unique ID based on the principal name. +sub get_account_id { + my ($self, $this_princ) = @_; + + my $this_id; + my ($this_base, $this_filter) = $self->ldap_base_filter($this_princ); + my $real_dn = $self->ldap_get_dn($this_base, $this_filter); + if ($real_dn) { + $this_id = $real_dn; + $this_id =~ s/,.*//xms; + $this_id =~ s/.*?=//xms; + } else { + my ($this_type, $this_cn) = split '/', $this_princ, 2; + my $max_len; + if ($this_type eq 'host') { + $max_len = $Wallet::Config::AD_SERVICE_LENGTH - 1; + } else { + $max_len = $Wallet::Config::AD_SERVICE_LENGTH; + if ($Wallet::Config::AD_SERVICE_PREFIX) { + $this_cn = $Wallet::Config::AD_SERVICE_PREFIX . $this_cn; + } + } + my $loop_limit = $Wallet::Config::AD_SERVICE_LIMIT; + if (length($this_cn)>$max_len) { + my $cnt = 0; + my $this_dn; + my $suffix_size = length("$loop_limit"); + my $this_prefix = substr($this_cn, 0, $max_len - $suffix_size); + my $this_format = "%0${suffix_size}i"; + while ($cnt<$loop_limit) { + $this_cn = $this_prefix . sprintf($this_format, $cnt); + $this_dn = $self->ldap_get_dn($this_base, "cn=$this_cn"); + if (!$this_dn) { + $this_id = $this_cn; + last; + } + $cnt++; + } + } else { + $this_id = $this_cn; + } + } + return $this_id; +} + # Either create or update a keytab for the principal. Return the # name of the keytab file created. sub ad_create_update { my ($self, $principal, $action) = @_; + return unless $self->valid_principal($principal); my $keytab = $Wallet::Config::KEYTAB_TMP . "/keytab.$$"; if (-e $keytab) { unlink $keytab or die "Problem deleting $keytab\n"; } my @cmd = ('--' . $action); push @cmd, '--server', $Wallet::Config::AD_SERVER; - push @cmd, '--enctypes', '0x4'; - push @cmd, '--enctypes', '0x8'; - push @cmd, '--enctypes', '0x10'; + push @cmd, '--enctypes', '0x1C'; push @cmd, '--keytab', $keytab; push @cmd, '--realm', $Wallet::Config::KEYTAB_REALM; - - if ($principal =~ m,^host/(\S+),xms) { - my $fqdn = $1; - my $host = $fqdn; - $host =~ s/[.].*//xms; - push @cmd, '--dont-expire-password'; - push @cmd, '--computer-name', $host; - push @cmd, '--upn', "host/$fqdn"; - push @cmd, '--hostname', $fqdn; - } elsif ($principal =~ m,^service/(\S+),xms) { - my $service_id = $1; - push @cmd, '--use-service-account'; - push @cmd, '--service', "service/$service_id"; - push @cmd, '--account-name', "srv-${service_id}"; - push @cmd, '--no-pac'; - } - my $out = $self->msktutil(\@cmd); - if ($out =~ /Error:\s+\S+\s+failed/xms) { - $self->ad_delete($principal); - my $m = "ERROR: problem creating keytab:\n" . $out; - $m .= 'INFO: the keytab used to by wallet probably has' - . " insufficient access to AD\n"; - die $m; + push @cmd, '--upn', $principal; + + my $this_type; + my $this_id; + if ($principal =~ m,^(.*?)/(\S+),xms) { + $this_type = $1; + $this_id = $2; + my $account_id = $self->get_account_id($principal); + if ($this_type eq 'host') { + my $host = $this_id; + $host =~ s/[.].*//xms; + push @cmd, '--base', $Wallet::Config::AD_COMPUTER_RDN; + push @cmd, '--dont-expire-password'; + push @cmd, '--computer-name', $account_id; + push @cmd, '--hostname', $this_id; + } else { + push @cmd, '--base', $Wallet::Config::AD_USER_RDN; + push @cmd, '--use-service-account'; + push @cmd, '--service', $principal; + push @cmd, '--account-name', $account_id; + push @cmd, '--no-pac'; + } + my $out = $self->msktutil(\@cmd); + if ($out =~ /Error:\s+\S+\s+failed/xms + || !$self->exists($principal)) + { + $self->ad_delete($principal); + my $m = "ERROR: problem creating keytab for $principal"; + $self->ad_syslog('err', $m); + $self->ad_syslog('err', + 'Problem command:' . ad_cmd_string(\@cmd)); + die "$m\n"; + } + } else { + die "ERROR: Invalid principal format ($principal)\n"; } return $keytab; @@ -234,45 +375,9 @@ sub exists { my ($self, $principal) = @_; return unless $self->valid_principal($principal); - my $ldap = $self->ldap_connect(); my ($base, $filter) = $self->ldap_base_filter($principal); - my @attrs = ('objectClass', 'msds-KeyVersionNumber'); - my $result; - eval { - $result = $ldap->search( - base => $base, - scope => 'subtree', - filter => $filter, - attrs => \@attrs - ); - }; - - if ($@) { - my $error = $@; - die "LDAP search error: $error\n"; - } - if ($result->code) { - my $m; - $m .= "INFO base:$base filter:$filter scope:subtree\n"; - $m .= 'ERROR:' . $result->error . "\n"; - die $m; - } - if ($result->count > 1) { - my $m = "ERROR: too many AD entries for this keytab\n"; - for my $entry ($result->entries) { - $m .= 'INFO: dn found ' . $entry->dn . "\n"; - } - die $m; - } - if ($result->count) { - for my $entry ($result->entries) { - return $entry->get_value('msds-KeyVersionNumber'); - } - } else { - return 0; - } - return; + return $self->ldap_get_dn($base, $filter); } # Call msktutil to Create a principal in Kerberos. Sets the error and @@ -287,7 +392,7 @@ sub create { } if ($self->exists($principal)) { if ($Wallet::Config::AD_DEBUG) { - $self->ad_debug('debug', "$principal exists"); + $self->ad_syslog('debug', "$principal exists"); } return 1; } @@ -345,7 +450,7 @@ sub destroy { } my $exists = $self->exists($principal); if (!defined $exists) { - return; + return 1; } elsif (not $exists) { return 1; } @@ -358,27 +463,16 @@ sub destroy { sub ad_delete { my ($self, $principal) = @_; - my $k_type; - my $k_id; - my $dn; - if ($principal =~ m,^(host|service)/(\S+),xms) { - $k_type = $1; - $k_id = $2; - if ($k_type eq 'host') { - my $host = $k_id; - $host =~ s/[.].*//; - $dn = "cn=${host}," . $Wallet::Config::AD_COMPUTER_DN; - } elsif ($k_type eq 'service') { - $dn = "cn=srv-${k_id}," . $Wallet::Config::AD_USER_DN; - } - } + my ($base, $filter) = $self->ldap_base_filter($principal); + my $dn = $self->ldap_get_dn($base, $filter); - my $ldap = $self->ldap_connect(); - my $msgid = $ldap->delete($dn); + $self->ldap_connect(); + my $msgid = $LDAP->delete($dn); if ($msgid->code) { my $m; $m .= "ERROR: Problem deleting $dn\n"; $m .= $msgid->error; + $self->ad_syslog('err', $m); die $m; } return 1; @@ -437,18 +531,6 @@ using a local keytab cache. To use this class, several configuration parameters must be set. See L<Wallet::Config/"KEYTAB OBJECT CONFIGURATION"> for details. -=head1 FILES - -=over 4 - -=item KEYTAB_TMP/keytab.<pid> - -The keytab is created in this file and then read into memory. KEYTAB_TMP -is set in the wallet configuration, and <pid> is the process ID of the -current process. The file is unlinked after being read. - -=back - =head1 LIMITATIONS Currently, this implementation calls an external B<msktutil> program rather @@ -461,7 +543,7 @@ msktutil, Wallet::Config(3), Wallet::Kadmin(3), Wallet::Object::Keytab(3), wallet-backend(8) This module is part of the wallet system. The current version is -available from L<http://www.eyrie.org/~eagle/software/wallet/>. +available from L<https://www.eyrie.org/~eagle/software/wallet/>. =head1 AUTHORS diff --git a/perl/lib/Wallet/Kadmin/Heimdal.pm b/perl/lib/Wallet/Kadmin/Heimdal.pm index 22bdd59..57013de 100644 --- a/perl/lib/Wallet/Kadmin/Heimdal.pm +++ b/perl/lib/Wallet/Kadmin/Heimdal.pm @@ -2,10 +2,10 @@ # # Written by Jon Robertson <jonrober@stanford.edu> # Copyright 2016 Russ Allbery <eagle@eyrie.org> -# Copyright 2009, 2010, 2014 +# Copyright 2009-2010, 2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT ############################################################################## # Modules and declarations @@ -22,7 +22,7 @@ use Wallet::Config; use Wallet::Kadmin; our @ISA = qw(Wallet::Kadmin); -our $VERSION = '1.03'; +our $VERSION = '1.04'; ############################################################################## # Utility functions @@ -302,7 +302,7 @@ kadmin(8), Wallet::Config(3), Wallet::Kadmin(3), Wallet::Object::Keytab(3), wallet-backend(8) This module is part of the wallet system. The current version is -available from L<http://www.eyrie.org/~eagle/software/wallet/>. +available from L<https://www.eyrie.org/~eagle/software/wallet/>. =head1 AUTHORS diff --git a/perl/lib/Wallet/Kadmin/MIT.pm b/perl/lib/Wallet/Kadmin/MIT.pm index 9f0f50f..373d4cf 100644 --- a/perl/lib/Wallet/Kadmin/MIT.pm +++ b/perl/lib/Wallet/Kadmin/MIT.pm @@ -3,10 +3,10 @@ # Written by Russ Allbery <eagle@eyrie.org> # Pulled into a module by Jon Robertson <jonrober@stanford.edu> # Copyright 2016 Russ Allbery <eagle@eyrie.org> -# Copyright 2007, 2008, 2009, 2010, 2014 +# Copyright 2007-2010, 2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT ############################################################################## # Modules and declarations @@ -23,7 +23,7 @@ use Wallet::Config; use Wallet::Kadmin; our @ISA = qw(Wallet::Kadmin); -our $VERSION = '1.03'; +our $VERSION = '1.04'; ############################################################################## # kadmin Interaction @@ -312,7 +312,7 @@ kadmin(8), Wallet::Config(3), Wallet::Kadmin(3), Wallet::Object::Keytab(3), wallet-backend(8) This module is part of the wallet system. The current version is -available from L<http://www.eyrie.org/~eagle/software/wallet/>. +available from L<https://www.eyrie.org/~eagle/software/wallet/>. =head1 AUTHORS diff --git a/perl/lib/Wallet/Object/Base.pm b/perl/lib/Wallet/Object/Base.pm index 221031f..bf535e9 100644 --- a/perl/lib/Wallet/Object/Base.pm +++ b/perl/lib/Wallet/Object/Base.pm @@ -2,10 +2,10 @@ # # Written by Russ Allbery <eagle@eyrie.org> # Copyright 2016 Russ Allbery <eagle@eyrie.org> -# Copyright 2007, 2008, 2010, 2011, 2014 +# Copyright 2007-2008, 2010-2011, 2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT ############################################################################## # Modules and declarations @@ -22,7 +22,7 @@ use Date::Parse qw(str2time); use Text::Wrap qw(wrap); use Wallet::ACL; -our $VERSION = '1.03'; +our $VERSION = '1.04'; ############################################################################## # Constructors @@ -1048,7 +1048,7 @@ the change in the setting. wallet-backend(8) This module is part of the wallet system. The current version is -available from L<http://www.eyrie.org/~eagle/software/wallet/>. +available from L<https://www.eyrie.org/~eagle/software/wallet/>. =head1 AUTHOR diff --git a/perl/lib/Wallet/Object/Duo.pm b/perl/lib/Wallet/Object/Duo.pm index 1aca979..1ec527e 100644 --- a/perl/lib/Wallet/Object/Duo.pm +++ b/perl/lib/Wallet/Object/Duo.pm @@ -2,10 +2,10 @@ # # Written by Russ Allbery <eagle@eyrie.org> # Copyright 2016 Russ Allbery <eagle@eyrie.org> -# Copyright 2014, 2015 +# Copyright 2014-2015 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT ############################################################################## # Modules and declarations @@ -23,7 +23,7 @@ use Wallet::Config; use Wallet::Object::Base; our @ISA = qw(Wallet::Object::Base); -our $VERSION = '1.03'; +our $VERSION = '1.04'; # Mappings from our types into what Duo calls the integration types. our %DUO_TYPES = ( @@ -449,7 +449,7 @@ Only one Duo account is supported for a given wallet implementation. Net::Duo(3), Wallet::Config(3), Wallet::Object::Base(3), wallet-backend(8) This module is part of the wallet system. The current version is -available from L<http://www.eyrie.org/~eagle/software/wallet/>. +available from L<https://www.eyrie.org/~eagle/software/wallet/>. =head1 AUTHOR diff --git a/perl/lib/Wallet/Object/File.pm b/perl/lib/Wallet/Object/File.pm index 9452ff4..bef8981 100644 --- a/perl/lib/Wallet/Object/File.pm +++ b/perl/lib/Wallet/Object/File.pm @@ -5,7 +5,7 @@ # Copyright 2008, 2010, 2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT ############################################################################## # Modules and declarations @@ -23,7 +23,7 @@ use Wallet::Config; use Wallet::Object::Base; our @ISA = qw(Wallet::Object::Base); -our $VERSION = '1.03'; +our $VERSION = '1.04'; ############################################################################## # File naming @@ -284,7 +284,7 @@ impose a length limitation on the file object name. remctld(8), Wallet::Config(3), Wallet::Object::Base(3), wallet-backend(8) This module is part of the wallet system. The current version is -available from L<http://www.eyrie.org/~eagle/software/wallet/>. +available from L<https://www.eyrie.org/~eagle/software/wallet/>. =head1 AUTHOR diff --git a/perl/lib/Wallet/Object/Keytab.pm b/perl/lib/Wallet/Object/Keytab.pm index f276b3f..498e657 100644 --- a/perl/lib/Wallet/Object/Keytab.pm +++ b/perl/lib/Wallet/Object/Keytab.pm @@ -2,10 +2,10 @@ # # Written by Russ Allbery <eagle@eyrie.org> # Copyright 2016 Russ Allbery <eagle@eyrie.org> -# Copyright 2007, 2008, 2009, 2010, 2013, 2014 +# Copyright 2007-2010, 2013-2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT ############################################################################## # Modules and declarations @@ -22,7 +22,7 @@ use Wallet::Kadmin; use Wallet::Object::Base; our @ISA = qw(Wallet::Object::Base); -our $VERSION = '1.03'; +our $VERSION = '1.04'; ############################################################################## # Shared methods @@ -522,7 +522,7 @@ wallet database do not have realm information. kadmin(8), Wallet::Config(3), Wallet::Object::Base(3), wallet-backend(8) This module is part of the wallet system. The current version is -available from L<http://www.eyrie.org/~eagle/software/wallet/>. +available from L<https://www.eyrie.org/~eagle/software/wallet/>. =head1 AUTHOR diff --git a/perl/lib/Wallet/Object/Password.pm b/perl/lib/Wallet/Object/Password.pm index 1db53f3..336aa9d 100644 --- a/perl/lib/Wallet/Object/Password.pm +++ b/perl/lib/Wallet/Object/Password.pm @@ -5,7 +5,7 @@ # Copyright 2015 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT ############################################################################## # Modules and declarations @@ -23,7 +23,7 @@ use Wallet::Config; use Wallet::Object::File; our @ISA = qw(Wallet::Object::File); -our $VERSION = '1.03'; +our $VERSION = '1.04'; ############################################################################## # File naming @@ -215,7 +215,7 @@ remctld(8), Wallet::Config(3), Wallet::Object::File(3), wallet-backend(8) This module is part of the wallet system. The current version is -available from L<http://www.eyrie.org/~eagle/software/wallet/>. +available from L<https://www.eyrie.org/~eagle/software/wallet/>. =head1 AUTHOR diff --git a/perl/lib/Wallet/Object/WAKeyring.pm b/perl/lib/Wallet/Object/WAKeyring.pm index 3c99785..a64b376 100644 --- a/perl/lib/Wallet/Object/WAKeyring.pm +++ b/perl/lib/Wallet/Object/WAKeyring.pm @@ -2,10 +2,10 @@ # # Written by Russ Allbery <eagle@eyrie.org> # Copyright 2016 Russ Allbery <eagle@eyrie.org> -# Copyright 2012, 2013, 2014 +# Copyright 2012-2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT ############################################################################## # Modules and declarations @@ -24,7 +24,7 @@ use Wallet::Object::Base; use WebAuth 3.06 qw(WA_KEY_AES WA_AES_128); our @ISA = qw(Wallet::Object::Base); -our $VERSION = '1.03'; +our $VERSION = '1.04'; ############################################################################## # File naming @@ -358,7 +358,7 @@ underscores, and dashes replaced by "%" and the hex code of the character. Wallet::Config(3), Wallet::Object::Base(3), wallet-backend(8), WebAuth(3) This module is part of the wallet system. The current version is available -from <http://www.eyrie.org/~eagle/software/wallet/>. +from L<https://www.eyrie.org/~eagle/software/wallet/>. =head1 AUTHOR diff --git a/perl/lib/Wallet/Policy/Stanford.pm b/perl/lib/Wallet/Policy/Stanford.pm index efb9d28..2c761bb 100644 --- a/perl/lib/Wallet/Policy/Stanford.pm +++ b/perl/lib/Wallet/Policy/Stanford.pm @@ -2,10 +2,10 @@ # # Written by Russ Allbery <eagle@eyrie.org> # Copyright 2016 Russ Allbery <eagle@eyrie.org> -# Copyright 2013, 2014, 2015 +# Copyright 2013-2015 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT ############################################################################## # Modules and declarations @@ -26,7 +26,7 @@ our (@EXPORT_OK, $VERSION); # against circular module loading (not that we load any modules, but # consistency is good). BEGIN { - $VERSION = '1.03'; + $VERSION = '1.04'; @EXPORT_OK = qw(default_owner verify_name is_for_host); } @@ -538,11 +538,11 @@ configuration file from this module or wrapped to apply additional rules. Wallet::Config(3) -The L<Stanford policy|http://www.eyrie.org/~eagle/software/wallet/naming.html> +The L<Stanford policy|https://www.eyrie.org/~eagle/software/wallet/naming.html> implemented by this module. This module is part of the wallet system. The current version is -available from L<http://www.eyrie.org/~eagle/software/wallet/>. +available from L<https://www.eyrie.org/~eagle/software/wallet/>. =head1 AUTHOR diff --git a/perl/lib/Wallet/Report.pm b/perl/lib/Wallet/Report.pm index 3d59bf8..151a285 100644 --- a/perl/lib/Wallet/Report.pm +++ b/perl/lib/Wallet/Report.pm @@ -2,10 +2,10 @@ # # Written by Russ Allbery <eagle@eyrie.org> # Copyright 2016 Russ Allbery <eagle@eyrie.org> -# Copyright 2008, 2009, 2010, 2013, 2014 +# Copyright 2008-2010, 2013-2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT ############################################################################## # Modules and declarations @@ -20,7 +20,7 @@ use warnings; use Wallet::ACL; use Wallet::Schema; -our $VERSION = '1.03'; +our $VERSION = '1.04'; ############################################################################## # Constructor, destructor, and accessors @@ -869,7 +869,7 @@ the error message if there was an error and undef if there was no error. Wallet::Config(3), Wallet::Server(3) This module is part of the wallet system. The current version is -available from L<http://www.eyrie.org/~eagle/software/wallet/>. +available from L<https://www.eyrie.org/~eagle/software/wallet/>. =head1 AUTHOR diff --git a/perl/lib/Wallet/Schema.pm b/perl/lib/Wallet/Schema.pm index 6b3de39..f75fda8 100644 --- a/perl/lib/Wallet/Schema.pm +++ b/perl/lib/Wallet/Schema.pm @@ -2,10 +2,10 @@ # # Written by Jon Robertson <jonrober@stanford.edu> # Copyright 2016 Russ Allbery <eagle@eyrie.org> -# Copyright 2012, 2013, 2014 +# Copyright 2012-2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT package Wallet::Schema; @@ -351,7 +351,7 @@ configuration. wallet-backend(8), Wallet::Config(3) This module is part of the wallet system. The current version is -available from L<http://www.eyrie.org/~eagle/software/wallet/>. +available from L<https://www.eyrie.org/~eagle/software/wallet/>. =head1 AUTHOR diff --git a/perl/lib/Wallet/Schema/Result/Acl.pm b/perl/lib/Wallet/Schema/Result/Acl.pm index 59a628a..9a73b18 100644 --- a/perl/lib/Wallet/Schema/Result/Acl.pm +++ b/perl/lib/Wallet/Schema/Result/Acl.pm @@ -1,10 +1,10 @@ # Wallet schema for an ACL. # # Written by Jon Robertson <jonrober@stanford.edu> -# Copyright 2012, 2013 +# Copyright 2012-2013 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT package Wallet::Schema::Result::Acl; @@ -13,7 +13,7 @@ use warnings; use base 'DBIx::Class::Core'; -our $VERSION = '1.03'; +our $VERSION = '1.04'; =for stopwords ACL diff --git a/perl/lib/Wallet/Schema/Result/AclEntry.pm b/perl/lib/Wallet/Schema/Result/AclEntry.pm index ea531bd..1737084 100644 --- a/perl/lib/Wallet/Schema/Result/AclEntry.pm +++ b/perl/lib/Wallet/Schema/Result/AclEntry.pm @@ -1,10 +1,10 @@ # Wallet schema for an entry in an ACL. # # Written by Jon Robertson <jonrober@stanford.edu> -# Copyright 2012, 2013 +# Copyright 2012-2013 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT package Wallet::Schema::Result::AclEntry; @@ -13,7 +13,7 @@ use warnings; use base 'DBIx::Class::Core'; -our $VERSION = '1.03'; +our $VERSION = '1.04'; =for stopwords ACL diff --git a/perl/lib/Wallet/Schema/Result/AclHistory.pm b/perl/lib/Wallet/Schema/Result/AclHistory.pm index dc6bed7..48aed49 100644 --- a/perl/lib/Wallet/Schema/Result/AclHistory.pm +++ b/perl/lib/Wallet/Schema/Result/AclHistory.pm @@ -1,10 +1,10 @@ # Wallet schema for ACL history. # # Written by Jon Robertson <jonrober@stanford.edu> -# Copyright 2012, 2013, 2014 +# Copyright 2012-2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT package Wallet::Schema::Result::AclHistory; @@ -13,7 +13,7 @@ use warnings; use base 'DBIx::Class::Core'; -our $VERSION = '1.03'; +our $VERSION = '1.04'; __PACKAGE__->load_components("InflateColumn::DateTime"); diff --git a/perl/lib/Wallet/Schema/Result/AclScheme.pm b/perl/lib/Wallet/Schema/Result/AclScheme.pm index 004e5d2..abdd541 100644 --- a/perl/lib/Wallet/Schema/Result/AclScheme.pm +++ b/perl/lib/Wallet/Schema/Result/AclScheme.pm @@ -1,10 +1,10 @@ # Wallet schema for ACL scheme. # # Written by Jon Robertson <jonrober@stanford.edu> -# Copyright 2012, 2013 +# Copyright 2012-2013 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT package Wallet::Schema::Result::AclScheme; @@ -13,7 +13,7 @@ use warnings; use base 'DBIx::Class::Core'; -our $VERSION = '1.03'; +our $VERSION = '1.04'; __PACKAGE__->load_components (qw//); diff --git a/perl/lib/Wallet/Schema/Result/Duo.pm b/perl/lib/Wallet/Schema/Result/Duo.pm index b5328bb..def9dce 100644 --- a/perl/lib/Wallet/Schema/Result/Duo.pm +++ b/perl/lib/Wallet/Schema/Result/Duo.pm @@ -4,7 +4,7 @@ # Copyright 2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT package Wallet::Schema::Result::Duo; @@ -13,7 +13,7 @@ use warnings; use base 'DBIx::Class::Core'; -our $VERSION = '1.03'; +our $VERSION = '1.04'; =for stopwords keytab enctype diff --git a/perl/lib/Wallet/Schema/Result/Enctype.pm b/perl/lib/Wallet/Schema/Result/Enctype.pm index f1f42a9..24fa897 100644 --- a/perl/lib/Wallet/Schema/Result/Enctype.pm +++ b/perl/lib/Wallet/Schema/Result/Enctype.pm @@ -13,7 +13,7 @@ use warnings; use base 'DBIx::Class::Core'; -our $VERSION = '1.03'; +our $VERSION = '1.04'; =for stopwords Kerberos diff --git a/perl/lib/Wallet/Schema/Result/Flag.pm b/perl/lib/Wallet/Schema/Result/Flag.pm index 84e3ee3..4ed8dcb 100644 --- a/perl/lib/Wallet/Schema/Result/Flag.pm +++ b/perl/lib/Wallet/Schema/Result/Flag.pm @@ -1,10 +1,10 @@ # Wallet schema for object flags. # # Written by Jon Robertson <jonrober@stanford.edu> -# Copyright 2012, 2013 +# Copyright 2012-2013 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT package Wallet::Schema::Result::Flag; @@ -13,7 +13,7 @@ use warnings; use base 'DBIx::Class::Core'; -our $VERSION = '1.03'; +our $VERSION = '1.04'; =head1 NAME diff --git a/perl/lib/Wallet/Schema/Result/KeytabEnctype.pm b/perl/lib/Wallet/Schema/Result/KeytabEnctype.pm index 2a16af8..abb465e 100644 --- a/perl/lib/Wallet/Schema/Result/KeytabEnctype.pm +++ b/perl/lib/Wallet/Schema/Result/KeytabEnctype.pm @@ -13,7 +13,7 @@ use warnings; use base 'DBIx::Class::Core'; -our $VERSION = '1.03'; +our $VERSION = '1.04'; =for stopwords keytab enctype diff --git a/perl/lib/Wallet/Schema/Result/KeytabSync.pm b/perl/lib/Wallet/Schema/Result/KeytabSync.pm index bd57310..1939e74 100644 --- a/perl/lib/Wallet/Schema/Result/KeytabSync.pm +++ b/perl/lib/Wallet/Schema/Result/KeytabSync.pm @@ -13,7 +13,7 @@ use warnings; use base 'DBIx::Class::Core'; -our $VERSION = '1.03'; +our $VERSION = '1.04'; =for stopwords keytab diff --git a/perl/lib/Wallet/Schema/Result/Object.pm b/perl/lib/Wallet/Schema/Result/Object.pm index fdec3b8..b4bc46f 100644 --- a/perl/lib/Wallet/Schema/Result/Object.pm +++ b/perl/lib/Wallet/Schema/Result/Object.pm @@ -1,10 +1,10 @@ # Wallet schema for an object. # # Written by Jon Robertson <jonrober@stanford.edu> -# Copyright 2012, 2013 +# Copyright 2012-2013 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT package Wallet::Schema::Result::Object; @@ -13,7 +13,7 @@ use warnings; use base 'DBIx::Class::Core'; -our $VERSION = '1.03'; +our $VERSION = '1.04'; __PACKAGE__->load_components("InflateColumn::DateTime"); diff --git a/perl/lib/Wallet/Schema/Result/ObjectHistory.pm b/perl/lib/Wallet/Schema/Result/ObjectHistory.pm index 2fe687e..c6c6225 100644 --- a/perl/lib/Wallet/Schema/Result/ObjectHistory.pm +++ b/perl/lib/Wallet/Schema/Result/ObjectHistory.pm @@ -1,10 +1,10 @@ # Wallet schema for object history. # # Written by Jon Robertson <jonrober@stanford.edu> -# Copyright 2012, 2013, 2014 +# Copyright 2012-2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT package Wallet::Schema::Result::ObjectHistory; @@ -13,7 +13,7 @@ use warnings; use base 'DBIx::Class::Core'; -our $VERSION = '1.03'; +our $VERSION = '1.04'; __PACKAGE__->load_components("InflateColumn::DateTime"); diff --git a/perl/lib/Wallet/Schema/Result/SyncTarget.pm b/perl/lib/Wallet/Schema/Result/SyncTarget.pm index ab8ea47..ff6e3f3 100644 --- a/perl/lib/Wallet/Schema/Result/SyncTarget.pm +++ b/perl/lib/Wallet/Schema/Result/SyncTarget.pm @@ -1,10 +1,10 @@ # Wallet schema for synchronization targets. # # Written by Jon Robertson <jonrober@stanford.edu> -# Copyright 2012, 2013 +# Copyright 2012-2013 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT package Wallet::Schema::Result::SyncTarget; @@ -13,7 +13,7 @@ use warnings; use base 'DBIx::Class::Core'; -our $VERSION = '1.03'; +our $VERSION = '1.04'; =head1 NAME diff --git a/perl/lib/Wallet/Schema/Result/Type.pm b/perl/lib/Wallet/Schema/Result/Type.pm index abc7017..a9238e6 100644 --- a/perl/lib/Wallet/Schema/Result/Type.pm +++ b/perl/lib/Wallet/Schema/Result/Type.pm @@ -1,10 +1,10 @@ # Wallet schema for object types. # # Written by Jon Robertson <jonrober@stanford.edu> -# Copyright 2012, 2013 +# Copyright 2012-2013 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT package Wallet::Schema::Result::Type; @@ -13,7 +13,7 @@ use warnings; use base 'DBIx::Class::Core'; -our $VERSION = '1.03'; +our $VERSION = '1.04'; =for stopwords APIs diff --git a/perl/lib/Wallet/Server.pm b/perl/lib/Wallet/Server.pm index 552ba9d..af0d8a8 100644 --- a/perl/lib/Wallet/Server.pm +++ b/perl/lib/Wallet/Server.pm @@ -2,10 +2,10 @@ # # Written by Russ Allbery <eagle@eyrie.org> # Copyright 2016 Russ Allbery <eagle@eyrie.org> -# Copyright 2007, 2008, 2010, 2011, 2013, 2014 +# Copyright 2007-2008, 2010-2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT ############################################################################## # Modules and declarations @@ -21,7 +21,7 @@ use Wallet::ACL; use Wallet::Config; use Wallet::Schema; -our $VERSION = '1.03'; +our $VERSION = '1.04'; ############################################################################## # Utility methods @@ -1183,7 +1183,7 @@ failure. wallet-backend(8) This module is part of the wallet system. The current version is -available from L<http://www.eyrie.org/~eagle/software/wallet/>. +available from L<https://www.eyrie.org/~eagle/software/wallet/>. =head1 AUTHOR diff --git a/perl/sql/Wallet-Schema-0.07-MySQL.sql b/perl/sql/Wallet-Schema-0.07-MySQL.sql index 71a9bc6..ddb7ca3 100644 --- a/perl/sql/Wallet-Schema-0.07-MySQL.sql +++ b/perl/sql/Wallet-Schema-0.07-MySQL.sql @@ -2,27 +2,10 @@ -- Created by SQL::Translator::Producer::MySQL -- Created on Fri Jan 25 14:12:02 2013 -- --- Copyright 2012, 2013 +-- Copyright 2012-2013 -- The Board of Trustees of the Leland Stanford Junior University -- --- Permission is hereby granted, free of charge, to any person obtaining a --- copy of this software and associated documentation files (the --- "Software"), to deal in the Software without restriction, including --- without limitation the rights to use, copy, modify, merge, publish, --- distribute, sublicense, and/or sell copies of the Software, and to --- permit persons to whom the Software is furnished to do so, subject to --- the following conditions: --- --- The above copyright notice and this permission notice shall be included --- in all copies or substantial portions of the Software. --- --- THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS --- OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF --- MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. --- IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY --- CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, --- TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE --- SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +-- SPDX-License-Identifier: MIT -- SET foreign_key_checks=0; diff --git a/perl/sql/Wallet-Schema-0.07-SQLite.sql b/perl/sql/Wallet-Schema-0.07-SQLite.sql index f14d168..0491ea7 100644 --- a/perl/sql/Wallet-Schema-0.07-SQLite.sql +++ b/perl/sql/Wallet-Schema-0.07-SQLite.sql @@ -2,27 +2,10 @@ -- Created by SQL::Translator::Producer::SQLite -- Created on Fri Jan 25 14:12:02 2013 -- --- Copyright 2012, 2013 +-- Copyright 2012-2013 -- The Board of Trustees of the Leland Stanford Junior University -- --- Permission is hereby granted, free of charge, to any person obtaining a --- copy of this software and associated documentation files (the --- "Software"), to deal in the Software without restriction, including --- without limitation the rights to use, copy, modify, merge, publish, --- distribute, sublicense, and/or sell copies of the Software, and to --- permit persons to whom the Software is furnished to do so, subject to --- the following conditions: --- --- The above copyright notice and this permission notice shall be included --- in all copies or substantial portions of the Software. --- --- THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS --- OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF --- MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. --- IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY --- CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, --- TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE --- SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +-- SPDX-License-Identifier: MIT -- BEGIN TRANSACTION; diff --git a/perl/sql/Wallet-Schema-0.08-MySQL.sql b/perl/sql/Wallet-Schema-0.08-MySQL.sql index 2deca3c..eb56d0e 100644 --- a/perl/sql/Wallet-Schema-0.08-MySQL.sql +++ b/perl/sql/Wallet-Schema-0.08-MySQL.sql @@ -2,27 +2,10 @@ -- Created by SQL::Translator::Producer::MySQL -- Created on Fri Jan 25 14:12:02 2013 -- --- Copyright 2012, 2013 +-- Copyright 2012-2013 -- The Board of Trustees of the Leland Stanford Junior University -- --- Permission is hereby granted, free of charge, to any person obtaining a --- copy of this software and associated documentation files (the --- "Software"), to deal in the Software without restriction, including --- without limitation the rights to use, copy, modify, merge, publish, --- distribute, sublicense, and/or sell copies of the Software, and to --- permit persons to whom the Software is furnished to do so, subject to --- the following conditions: --- --- The above copyright notice and this permission notice shall be included --- in all copies or substantial portions of the Software. --- --- THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS --- OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF --- MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. --- IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY --- CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, --- TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE --- SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +-- SPDX-License-Identifier: MIT -- SET foreign_key_checks=0; diff --git a/perl/sql/Wallet-Schema-0.08-PostgreSQL.sql b/perl/sql/Wallet-Schema-0.08-PostgreSQL.sql index 4347de8..db8ff98 100644 --- a/perl/sql/Wallet-Schema-0.08-PostgreSQL.sql +++ b/perl/sql/Wallet-Schema-0.08-PostgreSQL.sql @@ -2,27 +2,10 @@ -- Created by SQL::Translator::Producer::PostgreSQL -- Created on Fri Jan 25 14:12:02 2013 -- --- Copyright 2012, 2013, 2014 +-- Copyright 2012-2014 -- The Board of Trustees of the Leland Stanford Junior University -- --- Permission is hereby granted, free of charge, to any person obtaining a --- copy of this software and associated documentation files (the --- "Software"), to deal in the Software without restriction, including --- without limitation the rights to use, copy, modify, merge, publish, --- distribute, sublicense, and/or sell copies of the Software, and to --- permit persons to whom the Software is furnished to do so, subject to --- the following conditions: --- --- The above copyright notice and this permission notice shall be included --- in all copies or substantial portions of the Software. --- --- THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS --- OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF --- MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. --- IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY --- CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, --- TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE --- SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +-- SPDX-License-Identifier: MIT -- -- -- Table: acl_history diff --git a/perl/sql/Wallet-Schema-0.08-SQLite.sql b/perl/sql/Wallet-Schema-0.08-SQLite.sql index f581a4c..4f7b1b3 100644 --- a/perl/sql/Wallet-Schema-0.08-SQLite.sql +++ b/perl/sql/Wallet-Schema-0.08-SQLite.sql @@ -2,27 +2,10 @@ -- Created by SQL::Translator::Producer::SQLite -- Created on Fri Jan 25 14:12:02 2013 -- --- Copyright 2012, 2013 +-- Copyright 2012-2013 -- The Board of Trustees of the Leland Stanford Junior University -- --- Permission is hereby granted, free of charge, to any person obtaining a --- copy of this software and associated documentation files (the --- "Software"), to deal in the Software without restriction, including --- without limitation the rights to use, copy, modify, merge, publish, --- distribute, sublicense, and/or sell copies of the Software, and to --- permit persons to whom the Software is furnished to do so, subject to --- the following conditions: --- --- The above copyright notice and this permission notice shall be included --- in all copies or substantial portions of the Software. --- --- THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS --- OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF --- MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. --- IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY --- CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, --- TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE --- SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +-- SPDX-License-Identifier: MIT -- BEGIN TRANSACTION; diff --git a/perl/sql/Wallet-Schema-0.09-MySQL.sql b/perl/sql/Wallet-Schema-0.09-MySQL.sql index a9aa745..41e098f 100644 --- a/perl/sql/Wallet-Schema-0.09-MySQL.sql +++ b/perl/sql/Wallet-Schema-0.09-MySQL.sql @@ -2,27 +2,10 @@ -- Created by SQL::Translator::Producer::MySQL -- Created on Tue Jul 15 17:41:01 2014 -- --- Copyright 2012, 2013, 2014 +-- Copyright 2012-2014 -- The Board of Trustees of the Leland Stanford Junior University -- --- Permission is hereby granted, free of charge, to any person obtaining a --- copy of this software and associated documentation files (the --- "Software"), to deal in the Software without restriction, including --- without limitation the rights to use, copy, modify, merge, publish, --- distribute, sublicense, and/or sell copies of the Software, and to --- permit persons to whom the Software is furnished to do so, subject to --- the following conditions: --- --- The above copyright notice and this permission notice shall be included --- in all copies or substantial portions of the Software. --- --- THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS --- OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF --- MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. --- IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY --- CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, --- TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE --- SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +-- SPDX-License-Identifier: MIT -- SET foreign_key_checks=0; diff --git a/perl/sql/Wallet-Schema-0.09-PostgreSQL.sql b/perl/sql/Wallet-Schema-0.09-PostgreSQL.sql index 67f4a1b..1bec9f7 100644 --- a/perl/sql/Wallet-Schema-0.09-PostgreSQL.sql +++ b/perl/sql/Wallet-Schema-0.09-PostgreSQL.sql @@ -2,27 +2,10 @@ -- Created by SQL::Translator::Producer::PostgreSQL -- Created on Tue Jul 15 17:41:03 2014 -- --- Copyright 2012, 2013, 2014 +-- Copyright 2012-2014 -- The Board of Trustees of the Leland Stanford Junior University -- --- Permission is hereby granted, free of charge, to any person obtaining a --- copy of this software and associated documentation files (the --- "Software"), to deal in the Software without restriction, including --- without limitation the rights to use, copy, modify, merge, publish, --- distribute, sublicense, and/or sell copies of the Software, and to --- permit persons to whom the Software is furnished to do so, subject to --- the following conditions: --- --- The above copyright notice and this permission notice shall be included --- in all copies or substantial portions of the Software. --- --- THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS --- OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF --- MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. --- IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY --- CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, --- TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE --- SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +-- SPDX-License-Identifier: MIT -- -- diff --git a/perl/sql/Wallet-Schema-0.09-SQLite.sql b/perl/sql/Wallet-Schema-0.09-SQLite.sql index 9ce9b08..e9977ef 100644 --- a/perl/sql/Wallet-Schema-0.09-SQLite.sql +++ b/perl/sql/Wallet-Schema-0.09-SQLite.sql @@ -2,27 +2,10 @@ -- Created by SQL::Translator::Producer::SQLite -- Created on Tue Jul 15 17:41:02 2014 -- --- Copyright 2012, 2013, 2014 +-- Copyright 2012-2014 -- The Board of Trustees of the Leland Stanford Junior University -- --- Permission is hereby granted, free of charge, to any person obtaining a --- copy of this software and associated documentation files (the --- "Software"), to deal in the Software without restriction, including --- without limitation the rights to use, copy, modify, merge, publish, --- distribute, sublicense, and/or sell copies of the Software, and to --- permit persons to whom the Software is furnished to do so, subject to --- the following conditions: --- --- The above copyright notice and this permission notice shall be included --- in all copies or substantial portions of the Software. --- --- THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS --- OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF --- MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. --- IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY --- CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, --- TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE --- SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +-- SPDX-License-Identifier: MIT -- BEGIN TRANSACTION; diff --git a/perl/sql/Wallet-Schema-0.10-MySQL.sql b/perl/sql/Wallet-Schema-0.10-MySQL.sql index ba73062..982f127 100644 --- a/perl/sql/Wallet-Schema-0.10-MySQL.sql +++ b/perl/sql/Wallet-Schema-0.10-MySQL.sql @@ -5,24 +5,7 @@ -- Copyright 2014 -- The Board of Trustees of the Leland Stanford Junior University -- --- Permission is hereby granted, free of charge, to any person obtaining a --- copy of this software and associated documentation files (the --- "Software"), to deal in the Software without restriction, including --- without limitation the rights to use, copy, modify, merge, publish, --- distribute, sublicense, and/or sell copies of the Software, and to --- permit persons to whom the Software is furnished to do so, subject to --- the following conditions: --- --- The above copyright notice and this permission notice shall be included --- in all copies or substantial portions of the Software. --- --- THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS --- OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF --- MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. --- IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY --- CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, --- TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE --- SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +-- SPDX-License-Identifier: MIT -- SET foreign_key_checks=0; diff --git a/perl/sql/Wallet-Schema-0.10-PostgreSQL.sql b/perl/sql/Wallet-Schema-0.10-PostgreSQL.sql index d1658dd..8c76272 100644 --- a/perl/sql/Wallet-Schema-0.10-PostgreSQL.sql +++ b/perl/sql/Wallet-Schema-0.10-PostgreSQL.sql @@ -5,24 +5,7 @@ -- Copyright 2014 -- The Board of Trustees of the Leland Stanford Junior University -- --- Permission is hereby granted, free of charge, to any person obtaining a --- copy of this software and associated documentation files (the --- "Software"), to deal in the Software without restriction, including --- without limitation the rights to use, copy, modify, merge, publish, --- distribute, sublicense, and/or sell copies of the Software, and to --- permit persons to whom the Software is furnished to do so, subject to --- the following conditions: --- --- The above copyright notice and this permission notice shall be included --- in all copies or substantial portions of the Software. --- --- THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS --- OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF --- MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. --- IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY --- CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, --- TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE --- SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +-- SPDX-License-Identifier: MIT -- -- diff --git a/perl/sql/Wallet-Schema-0.10-SQLite.sql b/perl/sql/Wallet-Schema-0.10-SQLite.sql index c13bc29..4f05164 100644 --- a/perl/sql/Wallet-Schema-0.10-SQLite.sql +++ b/perl/sql/Wallet-Schema-0.10-SQLite.sql @@ -5,24 +5,7 @@ -- Copyright 2014 -- The Board of Trustees of the Leland Stanford Junior University -- --- Permission is hereby granted, free of charge, to any person obtaining a --- copy of this software and associated documentation files (the --- "Software"), to deal in the Software without restriction, including --- without limitation the rights to use, copy, modify, merge, publish, --- distribute, sublicense, and/or sell copies of the Software, and to --- permit persons to whom the Software is furnished to do so, subject to --- the following conditions: --- --- The above copyright notice and this permission notice shall be included --- in all copies or substantial portions of the Software. --- --- THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS --- OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF --- MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. --- IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY --- CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, --- TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE --- SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +-- SPDX-License-Identifier: MIT -- BEGIN TRANSACTION; diff --git a/perl/t/data/acl-command b/perl/t/data/acl-command index b7c3066..bdf106a 100755 --- a/perl/t/data/acl-command +++ b/perl/t/data/acl-command @@ -5,10 +5,9 @@ # failure, or reports an error based on whether the second argument is # success, failure, or error. # -# Written by Russ Allbery <eagle@eyrie.org> # Copyright 2016 Russ Allbery <eagle@eyrie.org> # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT set -e diff --git a/perl/t/docs/pod-spelling.t b/perl/t/docs/pod-spelling.t index 6debd42..94d7503 100755 --- a/perl/t/docs/pod-spelling.t +++ b/perl/t/docs/pod-spelling.t @@ -3,10 +3,10 @@ # Check for spelling errors in POD documentation. # # The canonical version of this file is maintained in the rra-c-util package, -# which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>. +# which can be found at <https://www.eyrie.org/~eagle/software/rra-c-util/>. # # Written by Russ Allbery <eagle@eyrie.org> -# Copyright 2013, 2014 +# Copyright 2013-2014 # The Board of Trustees of the Leland Stanford Junior University # # Permission is hereby granted, free of charge, to any person obtaining a @@ -26,6 +26,8 @@ # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING # FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER # DEALINGS IN THE SOFTWARE. +# +# SPDX-License-Identifier: MIT use 5.006; use strict; diff --git a/perl/t/docs/pod.t b/perl/t/docs/pod.t index 674ce30..5fcfcdf 100755 --- a/perl/t/docs/pod.t +++ b/perl/t/docs/pod.t @@ -3,10 +3,10 @@ # Check all POD documents for POD formatting errors. # # The canonical version of this file is maintained in the rra-c-util package, -# which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>. +# which can be found at <https://www.eyrie.org/~eagle/software/rra-c-util/>. # # Written by Russ Allbery <eagle@eyrie.org> -# Copyright 2012, 2013, 2014 +# Copyright 2012-2014 # The Board of Trustees of the Leland Stanford Junior University # # Permission is hereby granted, free of charge, to any person obtaining a @@ -26,6 +26,8 @@ # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING # FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER # DEALINGS IN THE SOFTWARE. +# +# SPDX-License-Identifier: MIT use 5.006; use strict; diff --git a/perl/t/general/acl.t b/perl/t/general/acl.t index 4de7493..c6e33f9 100755 --- a/perl/t/general/acl.t +++ b/perl/t/general/acl.t @@ -3,10 +3,10 @@ # Tests for the wallet ACL API. # # Written by Russ Allbery <eagle@eyrie.org> -# Copyright 2007, 2008, 2014 +# Copyright 2007-2008, 2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT use strict; use warnings; diff --git a/perl/t/general/admin.t b/perl/t/general/admin.t index 17671b6..a204558 100755 --- a/perl/t/general/admin.t +++ b/perl/t/general/admin.t @@ -3,10 +3,10 @@ # Tests for wallet administrative interface. # # Written by Russ Allbery <eagle@eyrie.org> -# Copyright 2008, 2009, 2010, 2011, 2013, 2014 +# Copyright 2008-2011, 2013-2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT use strict; use warnings; diff --git a/perl/t/general/config.t b/perl/t/general/config.t index bc200de..a0848ba 100755 --- a/perl/t/general/config.t +++ b/perl/t/general/config.t @@ -6,7 +6,7 @@ # Copyright 2008, 2010, 2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT use strict; use warnings; diff --git a/perl/t/general/init.t b/perl/t/general/init.t index 58b9a4c..ddc4aa1 100755 --- a/perl/t/general/init.t +++ b/perl/t/general/init.t @@ -3,10 +3,10 @@ # Tests for database initialization. # # Written by Russ Allbery <eagle@eyrie.org> -# Copyright 2007, 2008, 2014 +# Copyright 2007-2008, 2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT use strict; use warnings; diff --git a/perl/t/general/report.t b/perl/t/general/report.t index e47cdc6..8b491f5 100755 --- a/perl/t/general/report.t +++ b/perl/t/general/report.t @@ -3,10 +3,10 @@ # Tests for the wallet reporting interface. # # Written by Russ Allbery <eagle@eyrie.org> -# Copyright 2008, 2009, 2010, 2014 +# Copyright 2008-2010, 2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT use strict; use warnings; diff --git a/perl/t/general/server.t b/perl/t/general/server.t index 8f4c16c..0794f15 100755 --- a/perl/t/general/server.t +++ b/perl/t/general/server.t @@ -3,10 +3,10 @@ # Tests for the wallet server API. # # Written by Russ Allbery <eagle@eyrie.org> -# Copyright 2007, 2008, 2010, 2011, 2012, 2013, 2014 +# Copyright 2007-2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT use strict; use warnings; diff --git a/perl/t/lib/Util.pm b/perl/t/lib/Util.pm index 187e483..c583373 100644 --- a/perl/t/lib/Util.pm +++ b/perl/t/lib/Util.pm @@ -1,10 +1,10 @@ # Utility class for wallet tests. # # Written by Russ Allbery <eagle@eyrie.org> -# Copyright 2007, 2008, 2014 +# Copyright 2007-2008, 2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT package Util; require 5.006; diff --git a/perl/t/object/base.t b/perl/t/object/base.t index 8fedd64..2126ebf 100755 --- a/perl/t/object/base.t +++ b/perl/t/object/base.t @@ -3,10 +3,10 @@ # Tests for the basic object implementation. # # Written by Russ Allbery <eagle@eyrie.org> -# Copyright 2007, 2008, 2011, 2014 +# Copyright 2007-2008, 2011, 2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT use strict; use warnings; diff --git a/perl/t/object/duo-ldap.t b/perl/t/object/duo-ldap.t index 8a00dbb..e2b5d5d 100644 --- a/perl/t/object/duo-ldap.t +++ b/perl/t/object/duo-ldap.t @@ -6,7 +6,7 @@ # Copyright 2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT use strict; use warnings; diff --git a/perl/t/object/duo-pam.t b/perl/t/object/duo-pam.t index 047343e..f0c9e61 100644 --- a/perl/t/object/duo-pam.t +++ b/perl/t/object/duo-pam.t @@ -6,7 +6,7 @@ # Copyright 2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT use strict; use warnings; diff --git a/perl/t/object/duo-radius.t b/perl/t/object/duo-radius.t index 55cbb9d..5532a68 100644 --- a/perl/t/object/duo-radius.t +++ b/perl/t/object/duo-radius.t @@ -6,7 +6,7 @@ # Copyright 2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT use strict; use warnings; diff --git a/perl/t/object/duo-rdp.t b/perl/t/object/duo-rdp.t index 25060ac..52f0613 100644 --- a/perl/t/object/duo-rdp.t +++ b/perl/t/object/duo-rdp.t @@ -6,7 +6,7 @@ # Copyright 2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT use strict; use warnings; diff --git a/perl/t/object/duo.t b/perl/t/object/duo.t index a975597..75b5834 100755 --- a/perl/t/object/duo.t +++ b/perl/t/object/duo.t @@ -6,7 +6,7 @@ # Copyright 2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT use strict; use warnings; diff --git a/perl/t/object/file.t b/perl/t/object/file.t index b7f295a..80173cd 100755 --- a/perl/t/object/file.t +++ b/perl/t/object/file.t @@ -6,7 +6,7 @@ # Copyright 2008, 2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT use strict; use warnings; diff --git a/perl/t/object/keytab.t b/perl/t/object/keytab.t index 111b7d0..dfb96bd 100755 --- a/perl/t/object/keytab.t +++ b/perl/t/object/keytab.t @@ -3,10 +3,10 @@ # Tests for the keytab object implementation. # # Written by Russ Allbery <eagle@eyrie.org> -# Copyright 2007, 2008, 2009, 2010, 2013, 2014 +# Copyright 2007-2010, 2013-2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT use strict; use warnings; diff --git a/perl/t/object/password.t b/perl/t/object/password.t index 306d82b..72a818c 100644 --- a/perl/t/object/password.t +++ b/perl/t/object/password.t @@ -7,7 +7,7 @@ # Copyright 2015 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT use strict; use warnings; diff --git a/perl/t/object/wa-keyring.t b/perl/t/object/wa-keyring.t index 4a3bd48..aa38e9c 100755 --- a/perl/t/object/wa-keyring.t +++ b/perl/t/object/wa-keyring.t @@ -3,10 +3,10 @@ # Tests for the WebAuth keyring object implementation. # # Written by Russ Allbery <eagle@eyrie.org> -# Copyright 2013, 2014 +# Copyright 2013-2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT use strict; use warnings; diff --git a/perl/t/policy/stanford.t b/perl/t/policy/stanford.t index d2727c8..f7b2f16 100755 --- a/perl/t/policy/stanford.t +++ b/perl/t/policy/stanford.t @@ -7,10 +7,10 @@ # behavior at Stanford. # # Written by Russ Allbery <eagle@eyrie.org> -# Copyright 2013, 2014 +# Copyright 2013-2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT use 5.008; use strict; diff --git a/perl/t/style/minimum-version.t b/perl/t/style/minimum-version.t index e4eeafd..7698c2b 100755 --- a/perl/t/style/minimum-version.t +++ b/perl/t/style/minimum-version.t @@ -3,10 +3,10 @@ # Check that too-new features of Perl are not being used. # # The canonical version of this file is maintained in the rra-c-util package, -# which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>. +# which can be found at <https://www.eyrie.org/~eagle/software/rra-c-util/>. # # Written by Russ Allbery <eagle@eyrie.org> -# Copyright 2013, 2014 +# Copyright 2013-2014 # The Board of Trustees of the Leland Stanford Junior University # # Permission is hereby granted, free of charge, to any person obtaining a @@ -26,6 +26,8 @@ # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING # FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER # DEALINGS IN THE SOFTWARE. +# +# SPDX-License-Identifier: MIT use 5.006; use strict; diff --git a/perl/t/style/strict.t b/perl/t/style/strict.t index 7137b15..a3d2a3e 100755 --- a/perl/t/style/strict.t +++ b/perl/t/style/strict.t @@ -3,10 +3,11 @@ # Test Perl code for strict, warnings, and syntax. # # The canonical version of this file is maintained in the rra-c-util package, -# which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>. +# which can be found at <https://www.eyrie.org/~eagle/software/rra-c-util/>. # # Written by Russ Allbery <eagle@eyrie.org> -# Copyright 2013, 2014 +# Copyright 2016 Russ Allbery <eagle@eyrie.org> +# Copyright 2013-2014 # The Board of Trustees of the Leland Stanford Junior University # # Permission is hereby granted, free of charge, to any person obtaining a @@ -26,6 +27,8 @@ # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING # FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER # DEALINGS IN THE SOFTWARE. +# +# SPDX-License-Identifier: MIT use 5.006; use strict; @@ -39,8 +42,9 @@ use Test::RRA qw(skip_unless_automated use_prereq); # Skip for normal user installs since this doesn't affect functionality. skip_unless_automated('Strictness tests'); -# Load prerequisite modules. -use_prereq('Test::Strict'); +# Load prerequisite modules. At least 0.25 is needed to recognize that having +# use 5.012 or later automatically implies use strict. +use_prereq('Test::Strict', '0.25'); # Test everything in the distribution directory except the Build and # Makefile.PL scripts generated by Module::Build. We also want to check use diff --git a/perl/t/util/kadmin.t b/perl/t/util/kadmin.t index db94780..60a4933 100755 --- a/perl/t/util/kadmin.t +++ b/perl/t/util/kadmin.t @@ -3,10 +3,10 @@ # Tests for the kadmin object implementation. # # Written by Jon Robertson <jonrober@stanford.edu> -# Copyright 2009, 2010, 2012, 2013, 2014 +# Copyright 2009-2010, 2012-2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT use strict; use warnings; diff --git a/perl/t/verifier/basic.t b/perl/t/verifier/basic.t index ce44d44..3ee71d6 100755 --- a/perl/t/verifier/basic.t +++ b/perl/t/verifier/basic.t @@ -3,10 +3,10 @@ # Tests for the basic wallet ACL verifiers. # # Written by Russ Allbery <eagle@eyrie.org> -# Copyright 2007, 2008, 2010, 2014 +# Copyright 2007-2008, 2010, 2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT use strict; use warnings; @@ -46,9 +46,9 @@ is ($verifier->error, 'malformed krb5 ACL', ' and right error'); $verifier = Wallet::ACL::Krb5::Regex->new; isa_ok ($verifier, 'Wallet::ACL::Krb5::Regex', 'krb5-regex verifier'); -is ($verifier->check ('rra@stanford.edu', '.*@stanford\.edu\z'), 1, +is ($verifier->check ('thoron@stanford.edu', '.*@stanford\.edu\z'), 1, 'Simple check'); -is ($verifier->check ('rra@stanford.edu', '^a.*@stanford\.edu'), 0, +is ($verifier->check ('thoron@stanford.edu', '^a.*@stanford\.edu'), 0, 'Simple failure'); is ($verifier->error, undef, 'No error set'); is ($verifier->check (undef, '^rra@stanford\.edu\z'), undef, diff --git a/perl/t/verifier/external.t b/perl/t/verifier/external.t index d1438de..2b725bd 100755 --- a/perl/t/verifier/external.t +++ b/perl/t/verifier/external.t @@ -2,10 +2,9 @@ # # Tests for the external wallet ACL verifier. # -# Written by Russ Allbery <eagle@eyrie.org> # Copyright 2016 Russ Allbery <eagle@eyrie.org> # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT use strict; use warnings; diff --git a/perl/t/verifier/ldap-attr.t b/perl/t/verifier/ldap-attr.t index cff3b63..321822d 100755 --- a/perl/t/verifier/ldap-attr.t +++ b/perl/t/verifier/ldap-attr.t @@ -6,10 +6,11 @@ # access to the LDAP server and will be skipped in all other environments. # # Written by Russ Allbery <eagle@eyrie.org> -# Copyright 2012, 2013, 2014 +# Copyright 2018 Russ Allbery <eagle@eyrie.org> +# Copyright 2012-2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT use strict; use warnings; @@ -17,11 +18,12 @@ use warnings; use Test::More; use lib 't/lib'; +use Test::RRA qw(skip_unless_author); use Util; -# Skip all spelling tests unless the maintainer environment variable is set. -plan skip_all => 'LDAP verifier tests only run for maintainer' - unless $ENV{RRA_MAINTAINER_TESTS}; +# This test requires a specific environment setup, so only run it for package +# maintainers. +skip_unless_author('LDAP verifier tests'); # Declare a plan. plan tests => 22; @@ -49,7 +51,7 @@ package main; # Determine the local principal. my $klist = `klist 2>&1` || ''; SKIP: { - skip "tests useful only with Stanford Kerberos tickets", 9 + skip "tests useful only with Stanford Kerberos tickets", 20 unless ($klist =~ /[Pp]rincipal: \S+\@stanford\.edu$/m); # Set up our configuration. diff --git a/perl/t/verifier/nested.t b/perl/t/verifier/nested.t index ec7ce40..a975ea3 100755 --- a/perl/t/verifier/nested.t +++ b/perl/t/verifier/nested.t @@ -6,7 +6,7 @@ # Copyright 2015 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT use strict; use warnings; diff --git a/perl/t/verifier/netdb.t b/perl/t/verifier/netdb.t index 7048ef9..0f3e2d4 100755 --- a/perl/t/verifier/netdb.t +++ b/perl/t/verifier/netdb.t @@ -7,10 +7,11 @@ # environments. # # Written by Russ Allbery <eagle@eyrie.org> +# Copyright 2018 Russ Allbery <eagle@eyrie.org> # Copyright 2008, 2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT use strict; use warnings; @@ -20,11 +21,16 @@ use Test::More tests => 5; use Wallet::ACL::NetDB; use lib 't/lib'; +use Test::RRA qw(skip_unless_author); use Util; +# This test requires a specific environment setup, so only run it for package +# maintainers. +skip_unless_author('LDAP verifier tests'); + my $netdb = 'netdb-node-roles-rc.stanford.edu'; my $host = 'windlord.stanford.edu'; -my $user = 'rra@stanford.edu'; +my $user = 'jonrober@stanford.edu'; # Determine the local principal. my $klist = `klist 2>&1` || ''; diff --git a/portable/asprintf.c b/portable/asprintf.c index 9693842..aef3639 100644 --- a/portable/asprintf.c +++ b/portable/asprintf.c @@ -5,17 +5,19 @@ * asprintf and vasprintf for those platforms that don't have them. * * The canonical version of this file is maintained in the rra-c-util package, - * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>. + * which can be found at <https://www.eyrie.org/~eagle/software/rra-c-util/>. * * Written by Russ Allbery <eagle@eyrie.org> + * Copyright 2006, 2015 Russ Allbery <eagle@eyrie.org> + * Copyright 2008-2009, 2011, 2013 + * The Board of Trustees of the Leland Stanford Junior University * - * The authors hereby relinquish any claim to any copyright that they may have - * in this work, whether granted under contract or by operation of law or - * international treaty, and hereby commit to the public, at large, that they - * shall not, at any time in the future, seek to enforce any copyright in this - * work against any person or entity, or prevent any person or entity from - * copying, publishing, distributing or creating derivative works of this - * work. + * Copying and distribution of this file, with or without modification, are + * permitted in any medium without royalty provided the copyright notice and + * this notice are preserved. This file is offered as-is, without any + * warranty. + * + * SPDX-License-Identifier: FSFAP */ #include <config.h> diff --git a/portable/dummy.c b/portable/dummy.c index 890bc0c..121a734 100644 --- a/portable/dummy.c +++ b/portable/dummy.c @@ -6,23 +6,25 @@ * arguments. Ensure that libportable always contains at least one symbol. * * The canonical version of this file is maintained in the rra-c-util package, - * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>. + * which can be found at <https://www.eyrie.org/~eagle/software/rra-c-util/>. * * Written by Russ Allbery <eagle@eyrie.org> + * Copyright 2017 Russ Allbery <eagle@eyrie.org> + * Copyright 2008, 2011, 2013 + * The Board of Trustees of the Leland Stanford Junior University * - * The authors hereby relinquish any claim to any copyright that they may have - * in this work, whether granted under contract or by operation of law or - * international treaty, and hereby commit to the public, at large, that they - * shall not, at any time in the future, seek to enforce any copyright in this - * work against any person or entity, or prevent any person or entity from - * copying, publishing, distributing or creating derivative works of this - * work. + * Copying and distribution of this file, with or without modification, are + * permitted in any medium without royalty provided the copyright notice and + * this notice are preserved. This file is offered as-is, without any + * warranty. + * + * SPDX-License-Identifier: FSFAP */ #include <portable/macros.h> /* Prototype to avoid gcc warnings and set visibility. */ -int portable_dummy(void) __attribute__((__visibility__("hidden"))); +int portable_dummy(void) __attribute__((__const__, __visibility__("hidden"))); int portable_dummy(void) diff --git a/portable/krb5-extra.c b/portable/krb5-extra.c index c8309a4..9de8e65 100644 --- a/portable/krb5-extra.c +++ b/portable/krb5-extra.c @@ -7,17 +7,19 @@ * Kerberos libraries are fully capable, this file will be skipped. * * The canonical version of this file is maintained in the rra-c-util package, - * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>. + * which can be found at <https://www.eyrie.org/~eagle/software/rra-c-util/>. * * Written by Russ Allbery <eagle@eyrie.org> + * Copyright 2015-2016, 2018 Russ Allbery <eagle@eyrie.org> + * Copyright 2010-2012, 2014 + * The Board of Trustees of the Leland Stanford Junior University * - * The authors hereby relinquish any claim to any copyright that they may have - * in this work, whether granted under contract or by operation of law or - * international treaty, and hereby commit to the public, at large, that they - * shall not, at any time in the future, seek to enforce any copyright in this - * work against any person or entity, or prevent any person or entity from - * copying, publishing, distributing or creating derivative works of this - * work. + * Copying and distribution of this file, with or without modification, are + * permitted in any medium without royalty provided the copyright notice and + * this notice are preserved. This file is offered as-is, without any + * warranty. + * + * SPDX-License-Identifier: FSFAP */ #include <config.h> @@ -49,7 +51,10 @@ * This string is returned for unknown error messages. We use a static * variable so that we can be sure not to free it. */ +#if !defined(HAVE_KRB5_GET_ERROR_MESSAGE) \ + || !defined(HAVE_KRB5_FREE_ERROR_MESSAGE) static const char error_unknown[] = "unknown error"; +#endif #ifndef HAVE_KRB5_GET_ERROR_MESSAGE @@ -62,7 +67,7 @@ static const char error_unknown[] = "unknown error"; const char * krb5_get_error_message(krb5_context ctx UNUSED, krb5_error_code code UNUSED) { - const char *msg = NULL; + const char *msg; # if defined(HAVE_KRB5_GET_ERROR_STRING) msg = krb5_get_error_string(ctx); diff --git a/portable/krb5-profile.c b/portable/krb5-profile.c new file mode 100644 index 0000000..f4d4652 --- /dev/null +++ b/portable/krb5-profile.c @@ -0,0 +1,237 @@ +/* + * Kerberos compatibility functions for AIX's NAS libraries. + * + * AIX for some reason doesn't provide the krb5_appdefault_* functions, but + * does provide the underlying profile library functions (as a separate + * libk5profile with a separate k5profile.h header file). + * + * This file is therefore (apart from the includes, opening and closing + * comments, and the spots marked with an rra-c-util comment) a verbatim copy + * of src/lib/krb5/krb/appdefault.c from MIT Kerberos 1.4.4. + * + * The canonical version of this file is maintained in the rra-c-util package, + * which can be found at <https://www.eyrie.org/~eagle/software/rra-c-util/>. + * + * Copyright 1985-2005 by the Massachusetts Institute of Technology. + * For license information, see the end of this file. + */ + +#include <config.h> + +#include <krb5.h> +#ifdef HAVE_K5PROFILE_H +# include <k5profile.h> +#endif +#ifdef HAVE_PROFILE_H +# include <profile.h> +#endif +#include <stdio.h> +#include <string.h> + + /*xxx Duplicating this is annoying; try to work on a better way.*/ +static const char *const conf_yes[] = { + "y", "yes", "true", "t", "1", "on", + 0, +}; + +static const char *const conf_no[] = { + "n", "no", "false", "nil", "0", "off", + 0, +}; + +static int conf_boolean(char *s) +{ + const char * const *p; + for(p=conf_yes; *p; p++) { + if (!strcasecmp(*p,s)) + return 1; + } + for(p=conf_no; *p; p++) { + if (!strcasecmp(*p,s)) + return 0; + } + /* Default to "no" */ + return 0; +} + +static krb5_error_code appdefault_get(krb5_context context, const char *appname, const krb5_data *realm, const char *option, char **ret_value) +{ + profile_t profile; + const char *names[5]; + char **nameval = NULL; + krb5_error_code retval; + const char * realmstr = realm?realm->data:NULL; + + /* + * rra-c-util: The magic values are internal, so a magic check for the + * context struct was removed here. Call krb5_get_profile if it's + * available since the krb5_context struct may be opaque. + */ + if (!context) + return KV5M_CONTEXT; + +#ifdef HAVE_KRB5_GET_PROFILE + krb5_get_profile(context, &profile); +#else + profile = context->profile; +#endif + + /* + * Try number one: + * + * [appdefaults] + * app = { + * SOME.REALM = { + * option = <boolean> + * } + * } + */ + + names[0] = "appdefaults"; + names[1] = appname; + + if (realmstr) { + names[2] = realmstr; + names[3] = option; + names[4] = 0; + retval = profile_get_values(profile, names, &nameval); + if (retval == 0 && nameval && nameval[0]) { + *ret_value = strdup(nameval[0]); + goto goodbye; + } + } + + /* + * Try number two: + * + * [appdefaults] + * app = { + * option = <boolean> + * } + */ + + names[2] = option; + names[3] = 0; + retval = profile_get_values(profile, names, &nameval); + if (retval == 0 && nameval && nameval[0]) { + *ret_value = strdup(nameval[0]); + goto goodbye; + } + + /* + * Try number three: + * + * [appdefaults] + * realm = { + * option = <boolean> + */ + + if (realmstr) { + names[1] = realmstr; + names[2] = option; + names[3] = 0; + retval = profile_get_values(profile, names, &nameval); + if (retval == 0 && nameval && nameval[0]) { + *ret_value = strdup(nameval[0]); + goto goodbye; + } + } + + /* + * Try number four: + * + * [appdefaults] + * option = <boolean> + */ + + names[1] = option; + names[2] = 0; + retval = profile_get_values(profile, names, &nameval); + if (retval == 0 && nameval && nameval[0]) { + *ret_value = strdup(nameval[0]); + } else { + return retval; + } + +goodbye: + if (nameval) { + char **cpp; + for (cpp = nameval; *cpp; cpp++) + free(*cpp); + free(nameval); + } + return 0; +} + +void KRB5_CALLCONV +krb5_appdefault_boolean(krb5_context context, const char *appname, const krb5_data *realm, const char *option, int default_value, int *ret_value) +{ + char *string = NULL; + krb5_error_code retval; + + retval = appdefault_get(context, appname, realm, option, &string); + + if (! retval && string) { + *ret_value = conf_boolean(string); + free(string); + } else + *ret_value = default_value; +} + +void KRB5_CALLCONV +krb5_appdefault_string(krb5_context context, const char *appname, const krb5_data *realm, const char *option, const char *default_value, char **ret_value) +{ + krb5_error_code retval; + char *string; + + retval = appdefault_get(context, appname, realm, option, &string); + + if (! retval && string) { + *ret_value = string; + } else { + *ret_value = strdup(default_value); + } +} + +/* + * Copyright (C) 1985-2005 by the Massachusetts Institute of Technology. + * All rights reserved. + * + * Export of this software from the United States of America may require + * a specific license from the United States Government. It is the + * responsibility of any person or organization contemplating export to + * obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original MIT software. + * M.I.T. makes no representations about the suitability of this software + * for any purpose. It is provided "as is" without express or implied + * warranty. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED + * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. + * + * Individual source code files are copyright MIT, Cygnus Support, + * OpenVision, Oracle, Sun Soft, FundsXpress, and others. + * + * Project Athena, Athena, Athena MUSE, Discuss, Hesiod, Kerberos, Moira, + * and Zephyr are trademarks of the Massachusetts Institute of Technology + * (MIT). No commercial use of these trademarks may be made without + * prior written permission of MIT. + * + * "Commercial use" means use of a name in a product or other for-profit + * manner. It does NOT prevent a commercial firm from referring to the + * MIT trademarks in order to convey information (although in doing so, + * recognition of their trademark status should be given). + * + * There is no SPDX-License-Identifier registered for this license. + */ diff --git a/portable/krb5.h b/portable/krb5.h index 34f960e..d8884a7 100644 --- a/portable/krb5.h +++ b/portable/krb5.h @@ -17,17 +17,19 @@ * krb5_free_unparsed_name() for both APIs since it's the most specific call. * * The canonical version of this file is maintained in the rra-c-util package, - * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>. + * which can be found at <https://www.eyrie.org/~eagle/software/rra-c-util/>. * * Written by Russ Allbery <eagle@eyrie.org> + * Copyright 2015, 2017 Russ Allbery <eagle@eyrie.org> + * Copyright 2010-2014 + * The Board of Trustees of the Leland Stanford Junior University * - * The authors hereby relinquish any claim to any copyright that they may have - * in this work, whether granted under contract or by operation of law or - * international treaty, and hereby commit to the public, at large, that they - * shall not, at any time in the future, seek to enforce any copyright in this - * work against any person or entity, or prevent any person or entity from - * copying, publishing, distributing or creating derivative works of this - * work. + * Copying and distribution of this file, with or without modification, are + * permitted in any medium without royalty provided the copyright notice and + * this notice are preserved. This file is offered as-is, without any + * warranty. + * + * SPDX-License-Identifier: FSFAP */ #ifndef PORTABLE_KRB5_H @@ -57,6 +59,27 @@ BEGIN_DECLS #pragma GCC visibility push(hidden) /* + * AIX included Kerberos includes the profile library but not the + * krb5_appdefault functions, so we provide replacements that we have to + * prototype. + */ +#ifndef HAVE_KRB5_APPDEFAULT_STRING +void krb5_appdefault_boolean(krb5_context, const char *, const krb5_data *, + const char *, int, int *); +void krb5_appdefault_string(krb5_context, const char *, const krb5_data *, + const char *, const char *, char **); +#endif + +/* + * MIT-specific. The Heimdal documentation says to use free(), but that + * doesn't actually make sense since the memory is allocated inside the + * Kerberos library. Use krb5_xfree instead. + */ +#ifndef HAVE_KRB5_FREE_DEFAULT_REALM +# define krb5_free_default_realm(c, r) krb5_xfree(r) +#endif + +/* * krb5_{get,free}_error_message are the preferred APIs for both current MIT * and current Heimdal, but there are tons of older APIs we may have to fall * back on for earlier versions. diff --git a/portable/macros.h b/portable/macros.h index d4cc2cc..586b07e 100644 --- a/portable/macros.h +++ b/portable/macros.h @@ -2,17 +2,19 @@ * Portability macros used in include files. * * The canonical version of this file is maintained in the rra-c-util package, - * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>. + * which can be found at <https://www.eyrie.org/~eagle/software/rra-c-util/>. * * Written by Russ Allbery <eagle@eyrie.org> + * Copyright 2015 Russ Allbery <eagle@eyrie.org> + * Copyright 2008, 2011-2012 + * The Board of Trustees of the Leland Stanford Junior University * - * The authors hereby relinquish any claim to any copyright that they may have - * in this work, whether granted under contract or by operation of law or - * international treaty, and hereby commit to the public, at large, that they - * shall not, at any time in the future, seek to enforce any copyright in this - * work against any person or entity, or prevent any person or entity from - * copying, publishing, distributing or creating derivative works of this - * work. + * Copying and distribution of this file, with or without modification, are + * permitted in any medium without royalty provided the copyright notice and + * this notice are preserved. This file is offered as-is, without any + * warranty. + * + * SPDX-License-Identifier: FSFAP */ #ifndef PORTABLE_MACROS_H diff --git a/portable/mkstemp.c b/portable/mkstemp.c index 7c733a4..9e3bba1 100644 --- a/portable/mkstemp.c +++ b/portable/mkstemp.c @@ -5,17 +5,18 @@ * systems that don't have it. * * The canonical version of this file is maintained in the rra-c-util package, - * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>. + * which can be found at <https://www.eyrie.org/~eagle/software/rra-c-util/>. * * Written by Russ Allbery <eagle@eyrie.org> + * Copyright 2009, 2011, 2014 + * The Board of Trustees of the Leland Stanford Junior University * - * The authors hereby relinquish any claim to any copyright that they may have - * in this work, whether granted under contract or by operation of law or - * international treaty, and hereby commit to the public, at large, that they - * shall not, at any time in the future, seek to enforce any copyright in this - * work against any person or entity, or prevent any person or entity from - * copying, publishing, distributing or creating derivative works of this - * work. + * Copying and distribution of this file, with or without modification, are + * permitted in any medium without royalty provided the copyright notice and + * this notice are preserved. This file is offered as-is, without any + * warranty. + * + * SPDX-License-Identifier: FSFAP */ #include <config.h> diff --git a/portable/reallocarray.c b/portable/reallocarray.c index e9404e9..3c6ea37 100644 --- a/portable/reallocarray.c +++ b/portable/reallocarray.c @@ -7,17 +7,19 @@ * and checks for overflow so that the caller doesn't need to. * * The canonical version of this file is maintained in the rra-c-util package, - * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>. + * which can be found at <https://www.eyrie.org/~eagle/software/rra-c-util/>. * * Written by Russ Allbery <eagle@eyrie.org> + * Copyright 2017 Russ Allbery <eagle@eyrie.org> + * Copyright 2014 + * The Board of Trustees of the Leland Stanford Junior University * - * The authors hereby relinquish any claim to any copyright that they may have - * in this work, whether granted under contract or by operation of law or - * international treaty, and hereby commit to the public, at large, that they - * shall not, at any time in the future, seek to enforce any copyright in this - * work against any person or entity, or prevent any person or entity from - * copying, publishing, distributing or creating derivative works of this - * work. + * Copying and distribution of this file, with or without modification, are + * permitted in any medium without royalty provided the copyright notice and + * this notice are preserved. This file is offered as-is, without any + * warranty. + * + * SPDX-License-Identifier: FSFAP */ #include <config.h> @@ -52,5 +54,11 @@ reallocarray(void *ptr, size_t nmemb, size_t size) errno = ENOMEM; return NULL; } + + /* Avoid a zero-size allocation. */ + if (nmemb == 0 || size == 0) { + nmemb = 1; + size = 1; + } return realloc(ptr, nmemb * size); } diff --git a/portable/setenv.c b/portable/setenv.c index f1f6db4..afa8930 100644 --- a/portable/setenv.c +++ b/portable/setenv.c @@ -5,17 +5,19 @@ * those platforms that don't have it. * * The canonical version of this file is maintained in the rra-c-util package, - * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>. + * which can be found at <https://www.eyrie.org/~eagle/software/rra-c-util/>. * * Written by Russ Allbery <eagle@eyrie.org> + * Copyright 2000, 2014 Russ Allbery <eagle@eyrie.org> + * Copyright 2008, 2011-2012, 2014 + * The Board of Trustees of the Leland Stanford Junior University * - * The authors hereby relinquish any claim to any copyright that they may have - * in this work, whether granted under contract or by operation of law or - * international treaty, and hereby commit to the public, at large, that they - * shall not, at any time in the future, seek to enforce any copyright in this - * work against any person or entity, or prevent any person or entity from - * copying, publishing, distributing or creating derivative works of this - * work. + * Copying and distribution of this file, with or without modification, are + * permitted in any medium without royalty provided the copyright notice and + * this notice are preserved. This file is offered as-is, without any + * warranty. + * + * SPDX-License-Identifier: FSFAP */ #include <config.h> diff --git a/portable/snprintf.c b/portable/snprintf.c index 9818acd..a42ef3b 100644 --- a/portable/snprintf.c +++ b/portable/snprintf.c @@ -11,7 +11,7 @@ * improvements should be sent back to the original author. * * The canonical version of this file is maintained in the rra-c-util package, - * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>. + * which can be found at <https://www.eyrie.org/~eagle/software/rra-c-util/>. */ /* @@ -25,11 +25,18 @@ # define vsnprintf test_vsnprintf #endif +/* Specific to rra-c-util, but only when debugging is enabled. */ +#ifdef DEBUG_SNPRINTF +# include <util/messages.h> +#endif + /* * Copyright Patrick Powell 1995 * This code is based on code written by Patrick Powell (papowell@astart.com) * It may be used for any purpose as long as this notice remains intact * on all source code distributions + * + * There is no SPDX-License-Identifier registered for this license. */ /************************************************************** @@ -79,11 +86,24 @@ * Russ Allbery <eagle@eyrie.org> 2000-08-26 * fixed return value to comply with C99 * fixed handling of snprintf(NULL, ...) + * added explicit casts for double to long long int conversion + * fixed various warnings with GCC 7 + * fixed various warnings with Clang * - * Hrvoje Niksic <hniksic@arsdigita.com> 2000-11-04 + * Hrvoje Niksic <hniksic@xemacs.org> 2000-11-04 + * include <config.h> instead of "config.h". + * moved TEST_SNPRINTF stuff out of HAVE_SNPRINTF ifdef. * include <stdio.h> for NULL. - * added support for long long. + * added support and test cases for long long. * don't declare argument types to (v)snprintf if stdarg is not used. + * use int instead of short int as 2nd arg to va_arg. + * + * alexk (INN) 2002-08-21 + * use LLONG in fmtfp to handle more characters during floating + * point conversion. + * + * herb (Samba) 2002-12-19 + * actually print args for %g and %e * * Hrvoje Niksic <hniksic@xemacs.org> 2005-04-15 * use the PARAMS macro to handle prototypes. @@ -109,11 +129,6 @@ /* varargs declarations: */ #include <stdarg.h> -#define HAVE_STDARGS /* let's hope that works everywhere (mj) */ -#define VA_LOCAL_DECL va_list ap -#define VA_START(f) va_start(ap, f) -#define VA_SHIFT(v,t) ; /* no-op for ANSI */ -#define VA_END va_end(ap) /* Assume all compilers support long double, per Autoconf documentation. */ #define LDOUBLE long double @@ -180,7 +195,7 @@ static int dopr (char *buffer, size_t maxlen, const char *format, va_list args) char *strvalue; int min; int max; - int state; + unsigned int state; int flags; int cflags; int total; @@ -351,6 +366,7 @@ static int dopr (char *buffer, size_t maxlen, const char *format, va_list args) break; case 'X': flags |= DP_F_UP; + /* fallthrough */ case 'x': flags |= DP_F_UNSIGNED; if (cflags == DP_C_SHORT) @@ -367,33 +383,36 @@ static int dopr (char *buffer, size_t maxlen, const char *format, va_list args) if (cflags == DP_C_LDOUBLE) fvalue = va_arg (args, LDOUBLE); else - fvalue = va_arg (args, double); + fvalue = (LDOUBLE) va_arg (args, double); total += fmtfp (buffer, &currlen, maxlen, fvalue, min, max, flags); break; case 'E': flags |= DP_F_UP; + /* fallthrough */ case 'e': if (cflags == DP_C_LDOUBLE) fvalue = va_arg (args, LDOUBLE); else - fvalue = va_arg (args, double); + fvalue = (LDOUBLE) va_arg (args, double); total += fmtfp (buffer, &currlen, maxlen, fvalue, min, max, flags); break; case 'G': flags |= DP_F_UP; + /* fallthrough */ case 'g': flags |= DP_F_FP_G; if (cflags == DP_C_LDOUBLE) fvalue = va_arg (args, LDOUBLE); else - fvalue = va_arg (args, double); + fvalue = (LDOUBLE) va_arg (args, double); if (max == 0) /* C99 says: if precision [for %g] is zero, it is taken as one */ max = 1; total += fmtfp (buffer, &currlen, maxlen, fvalue, min, max, flags); break; case 'c': - total += dopr_outch (buffer, &currlen, maxlen, va_arg (args, int)); + total += dopr_outch (buffer, &currlen, maxlen, + (char) va_arg (args, int)); break; case 's': strvalue = va_arg (args, char *); @@ -409,7 +428,7 @@ static int dopr (char *buffer, size_t maxlen, const char *format, va_list args) { short int *num; num = va_arg (args, short int *); - *num = currlen; + *num = (short) currlen; } else if (cflags == DP_C_LONG) { @@ -427,7 +446,7 @@ static int dopr (char *buffer, size_t maxlen, const char *format, va_list args) { int *num; num = va_arg (args, int *); - *num = currlen; + *num = (int) currlen; } break; case '%': @@ -476,7 +495,7 @@ static int fmtstr (char *buffer, size_t *currlen, size_t maxlen, } if (max < 0) - strln = strlen (value); + strln = (int) strlen (value); else /* When precision is specified, don't read VALUE past precision. */ /*strln = strnlen (value, max);*/ @@ -510,7 +529,7 @@ static int fmtstr (char *buffer, size_t *currlen, size_t maxlen, static int fmtint (char *buffer, size_t *currlen, size_t maxlen, LLONG value, int base, int min, int max, int flags) { - int signvalue = 0; + char signvalue = 0; unsigned LLONG uvalue; char convert[24]; unsigned int place = 0; @@ -564,8 +583,8 @@ static int fmtint (char *buffer, size_t *currlen, size_t maxlen, spadlen = -spadlen; /* Left Justifty */ #ifdef DEBUG_SNPRINTF - dprint (1, (debugfile, "zpad: %d, spad: %d, min: %d, max: %d, place: %d\n", - zpadlen, spadlen, min, max, place)); + debug ("zpad: %d, spad: %d, min: %d, max: %d, place: %u\n", + zpadlen, spadlen, min, max, place); #endif /* Spaces */ @@ -612,7 +631,7 @@ static LDOUBLE abs_val (LDOUBLE value) return result; } -static LDOUBLE pow10_int (int exp) +static LLONG pow10_int (unsigned int exp) { LDOUBLE result = 1; @@ -622,32 +641,40 @@ static LDOUBLE pow10_int (int exp) exp--; } - return result; + return (LLONG) result; } static LLONG round_int (LDOUBLE value) { LLONG intpart; - intpart = value; + intpart = (LLONG) value; value = value - intpart; - if (value >= 0.5) + if (value >= (LDOUBLE) 0.5) intpart++; return intpart; } +/* + * GCC 7.1 issues this warning at the point of the function definition header + * (not in any actual code), and I can't figure out what's triggering it since + * the comparison form doesn't appear anywhere in this code. Since this is + * rarely-used portability code, suppress the warning. + */ +#pragma GCC diagnostic ignored "-Wstrict-overflow" + static int fmtfp (char *buffer, size_t *currlen, size_t maxlen, LDOUBLE fvalue, int min, int max, int flags) { - int signvalue = 0; + char signvalue = 0; LDOUBLE ufvalue; char iconvert[24]; char fconvert[24]; size_t iplace = 0; size_t fplace = 0; - int padlen = 0; /* amount to pad */ - int zpadlen = 0; + long padlen = 0; /* amount to pad */ + long zpadlen = 0; int total = 0; LLONG intpart; LLONG fracpart; @@ -678,7 +705,7 @@ static int fmtfp (char *buffer, size_t *currlen, size_t maxlen, if (flags & DP_F_UP) caps = 1; /* Should characters be upper case? */ #endif - intpart = ufvalue; + intpart = (LLONG) ufvalue; /* With %g precision is the number of significant digits, which includes the digits in intpart. */ @@ -699,7 +726,7 @@ static int fmtfp (char *buffer, size_t *currlen, size_t maxlen, fractional digit. */ LDOUBLE temp; if (ufvalue > 0) - for (temp = ufvalue; temp < 0.1; temp *= 10) + for (temp = ufvalue; temp < (LDOUBLE) 0.1; temp *= 10) ++max; } } @@ -746,12 +773,16 @@ static int fmtfp (char *buffer, size_t *currlen, size_t maxlen, } #ifdef DEBUG_SNPRINTF - dprint (1, (debugfile, "fmtfp: %f =? %d.%d\n", fvalue, intpart, fracpart)); +# ifdef HAVE_LONG_LONG_INT + debug ("fmtfp: %Lf =? %lld.%lld\n", fvalue, intpart, fracpart); +# else + debug ("fmtfp: %Lf =? %ld.%ld\n", fvalue, intpart, fracpart); +# endif #endif /* Convert integer part */ do { - iconvert[iplace++] = '0' + intpart % 10; + iconvert[iplace++] = (char) ('0' + (intpart % 10)); intpart = (intpart / 10); } while(intpart && (iplace < sizeof(iconvert))); if (iplace == sizeof(iconvert)) iplace--; @@ -759,7 +790,7 @@ static int fmtfp (char *buffer, size_t *currlen, size_t maxlen, /* Convert fractional part */ do { - fconvert[fplace++] = '0' + fracpart % 10; + fconvert[fplace++] = (char) ('0' + (fracpart % 10)); fracpart = (fracpart / 10); } while(fracpart && (fplace < sizeof(fconvert))); while (leadingfrac0s-- > 0 && fplace < sizeof(fconvert)) @@ -847,27 +878,14 @@ int vsnprintf (char *str, size_t count, const char *fmt, va_list args) return dopr(str, count, fmt, args); } -/* VARARGS3 */ -#ifdef HAVE_STDARGS -int snprintf (char *str,size_t count,const char *fmt,...) -#else -int snprintf (va_alist) va_dcl -#endif +int snprintf (char *str, size_t count, const char *fmt,...) { -#ifndef HAVE_STDARGS - char *str; - size_t count; - char *fmt; -#endif - VA_LOCAL_DECL; + va_list ap; int total; - VA_START (fmt); - VA_SHIFT (str, char *); - VA_SHIFT (count, size_t ); - VA_SHIFT (fmt, char *); + va_start(ap, fmt); total = vsnprintf(str, count, fmt, ap); - VA_END; + va_end(ap); return total; } @@ -944,5 +962,6 @@ int main (void) num++; } printf ("%d tests failed out of %d.\n", fail, num); + return 0; } -#endif /* SNPRINTF_TEST */ +#endif /* TEST_SNPRINTF */ diff --git a/portable/stdbool.h b/portable/stdbool.h index 14d011b..3efe4c9 100644 --- a/portable/stdbool.h +++ b/portable/stdbool.h @@ -6,17 +6,18 @@ * logic is based heavily on the example in the Autoconf manual. * * The canonical version of this file is maintained in the rra-c-util package, - * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>. + * which can be found at <https://www.eyrie.org/~eagle/software/rra-c-util/>. * * Written by Russ Allbery <eagle@eyrie.org> + * Copyright 2008, 2011 + * The Board of Trustees of the Leland Stanford Junior University * - * The authors hereby relinquish any claim to any copyright that they may have - * in this work, whether granted under contract or by operation of law or - * international treaty, and hereby commit to the public, at large, that they - * shall not, at any time in the future, seek to enforce any copyright in this - * work against any person or entity, or prevent any person or entity from - * copying, publishing, distributing or creating derivative works of this - * work. + * Copying and distribution of this file, with or without modification, are + * permitted in any medium without royalty provided the copyright notice and + * this notice are preserved. This file is offered as-is, without any + * warranty. + * + * SPDX-License-Identifier: FSFAP */ #ifndef PORTABLE_STDBOOL_H diff --git a/portable/system.h b/portable/system.h index 581e46c..6fe4928 100644 --- a/portable/system.h +++ b/portable/system.h @@ -22,17 +22,19 @@ * the portable helper library. Also provides some standard #defines. * * The canonical version of this file is maintained in the rra-c-util package, - * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>. + * which can be found at <https://www.eyrie.org/~eagle/software/rra-c-util/>. * * Written by Russ Allbery <eagle@eyrie.org> + * Copyright 2014, 2016, 2018 Russ Allbery <eagle@eyrie.org> + * Copyright 2006-2011, 2013-2014 + * The Board of Trustees of the Leland Stanford Junior University * - * The authors hereby relinquish any claim to any copyright that they may have - * in this work, whether granted under contract or by operation of law or - * international treaty, and hereby commit to the public, at large, that they - * shall not, at any time in the future, seek to enforce any copyright in this - * work against any person or entity, or prevent any person or entity from - * copying, publishing, distributing or creating derivative works of this - * work. + * Copying and distribution of this file, with or without modification, are + * permitted in any medium without royalty provided the copyright notice and + * this notice are preserved. This file is offered as-is, without any + * warranty. + * + * SPDX-License-Identifier: FSFAP */ #ifndef PORTABLE_SYSTEM_H @@ -73,6 +75,11 @@ /* Get the bool type. */ #include <portable/stdbool.h> +/* In case uint32_t and associated limits weren't defined. */ +#ifndef UINT32_MAX +# define UINT32_MAX 4294967295UL +#endif + /* Windows provides snprintf under a different name. */ #ifdef _WIN32 # define snprintf _snprintf @@ -118,14 +125,16 @@ BEGIN_DECLS #if !HAVE_ASPRINTF extern int asprintf(char **, const char *, ...) __attribute__((__format__(printf, 2, 3))); -extern int vasprintf(char **, const char *, va_list); +extern int vasprintf(char **, const char *, va_list) + __attribute__((__format__(printf, 2, 0))); #endif #if !HAVE_DECL_SNPRINTF extern int snprintf(char *, size_t, const char *, ...) __attribute__((__format__(printf, 3, 4))); #endif #if !HAVE_DECL_VSNPRINTF -extern int vsnprintf(char *, size_t, const char *, va_list); +extern int vsnprintf(char *, size_t, const char *, va_list) + __attribute__((__format__(printf, 3, 0))); #endif #if !HAVE_MKSTEMP extern int mkstemp(char *); @@ -136,12 +145,6 @@ extern void *reallocarray(void *, size_t, size_t); #if !HAVE_SETENV extern int setenv(const char *, const char *, int); #endif -#if !HAVE_DECL_STRLCAT -extern size_t strlcat(char *, const char *, size_t); -#endif -#if !HAVE_DECL_STRLCPY -extern size_t strlcpy(char *, const char *, size_t); -#endif /* Undo default visibility change. */ #pragma GCC visibility pop diff --git a/portable/uio.h b/portable/uio.h index 2192f8c..8635d18 100644 --- a/portable/uio.h +++ b/portable/uio.h @@ -6,17 +6,18 @@ * functions are not provided or prototyped here. * * The canonical version of this file is maintained in the rra-c-util package, - * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>. + * which can be found at <https://www.eyrie.org/~eagle/software/rra-c-util/>. * * Written by Russ Allbery <eagle@eyrie.org> + * Copyright 2008, 2011 + * The Board of Trustees of the Leland Stanford Junior University * - * The authors hereby relinquish any claim to any copyright that they may have - * in this work, whether granted under contract or by operation of law or - * international treaty, and hereby commit to the public, at large, that they - * shall not, at any time in the future, seek to enforce any copyright in this - * work against any person or entity, or prevent any person or entity from - * copying, publishing, distributing or creating derivative works of this - * work. + * Copying and distribution of this file, with or without modification, are + * permitted in any medium without royalty provided the copyright notice and + * this notice are preserved. This file is offered as-is, without any + * warranty. + * + * SPDX-License-Identifier: FSFAP */ #ifndef PORTABLE_UIO_H diff --git a/server/keytab-backend.8 b/server/keytab-backend.8 index aaeabab..8de167b 100644 --- a/server/keytab-backend.8 +++ b/server/keytab-backend.8 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.29) +.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -46,7 +46,7 @@ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" -.\" If the F register is turned on, we'll generate index entries on stderr for +.\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. @@ -54,20 +54,16 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{ -. if \nF \{ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.if !\nF .nr F 0 +.if \nF>0 \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{ -. nr % 0 -. nr F 2 -. \} +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 . \} .\} -.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -133,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "KEYTAB-BACKEND 8" -.TH KEYTAB-BACKEND 8 "2016-01-18" "1.3" "wallet" +.TH KEYTAB-BACKEND 8 "2018-06-03" "1.4" "wallet" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -188,8 +184,8 @@ standard output. Russ Allbery <eagle@eyrie.org> .SH "COPYRIGHT AND LICENSE" .IX Header "COPYRIGHT AND LICENSE" -Copyright 2006, 2007, 2008, 2010, 2013 The Board of Trustees of the Leland -Stanford Junior University +Copyright 2006\-2008, 2010, 2013 The Board of Trustees of the Leland Stanford +Junior University .PP Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the \*(L"Software\*(R"), @@ -203,14 +199,16 @@ all copies or substantial portions of the Software. .PP \&\s-1THE SOFTWARE IS PROVIDED \*(L"AS IS\*(R", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.\s0 \s-1IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\s0 +.PP +SPDX-License-Identifier: \s-1MIT\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIkadmin.local\fR\|(8), \fIremctld\fR\|(8) .PP This program is part of the wallet system. The current version is -available from <http://www.eyrie.org/~eagle/software/wallet/>. +available from <https://www.eyrie.org/~eagle/software/wallet/>. diff --git a/server/keytab-backend b/server/keytab-backend.in index 6e47331..6a7870a 100755..100644 --- a/server/keytab-backend +++ b/server/keytab-backend.in @@ -1,4 +1,5 @@ -#!/usr/bin/perl +#!@PERL@ +# -*- perl -*- # # Extract keytabs from the KDC without changing the key. # @@ -151,7 +152,7 @@ __END__ =for stopwords keytab-backend keytabs KDC keytab kadmin.local -norandkey ktadd remctld auth Allbery rekeying MERCHANTABILITY NONINFRINGEMENT sublicense -kadmin.local. +kadmin.local. SPDX-License-Identifier MIT =head1 NAME @@ -214,8 +215,8 @@ Russ Allbery <eagle@eyrie.org> =head1 COPYRIGHT AND LICENSE -Copyright 2006, 2007, 2008, 2010, 2013 The Board of Trustees of the Leland -Stanford Junior University +Copyright 2006-2008, 2010, 2013 The Board of Trustees of the Leland Stanford +Junior University Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), @@ -235,11 +236,17 @@ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +SPDX-License-Identifier: MIT + =head1 SEE ALSO kadmin.local(8), remctld(8) This program is part of the wallet system. The current version is -available from L<http://www.eyrie.org/~eagle/software/wallet/>. +available from L<https://www.eyrie.org/~eagle/software/wallet/>. =cut + +# Local Variables: +# copyright-at-end-flag: t +# End: diff --git a/server/wallet-admin.8 b/server/wallet-admin.8 index 1b0b3bc..504fce2 100644 --- a/server/wallet-admin.8 +++ b/server/wallet-admin.8 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.29) +.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -46,7 +46,7 @@ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" -.\" If the F register is turned on, we'll generate index entries on stderr for +.\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. @@ -54,20 +54,16 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{ -. if \nF \{ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.if !\nF .nr F 0 +.if \nF>0 \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{ -. nr % 0 -. nr F 2 -. \} +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 . \} .\} -.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -133,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "WALLET-ADMIN 8" -.TH WALLET-ADMIN 8 "2016-01-18" "1.3" "wallet" +.TH WALLET-ADMIN 8 "2018-06-03" "1.4" "wallet" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -200,8 +196,8 @@ much as possible. Russ Allbery <eagle@eyrie.org> .SH "COPYRIGHT AND LICENSE" .IX Header "COPYRIGHT AND LICENSE" -Copyright 2008, 2009, 2010, 2011, 2013 The Board of Trustees of the Leland -Stanford Junior University +Copyright 2008\-2011, 2013 The Board of Trustees of the Leland Stanford Junior +University .PP Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the \*(L"Software\*(R"), @@ -215,14 +211,16 @@ all copies or substantial portions of the Software. .PP \&\s-1THE SOFTWARE IS PROVIDED \*(L"AS IS\*(R", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.\s0 \s-1IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\s0 +.PP +SPDX-License-Identifier: \s-1MIT\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIWallet::Admin\fR\|(3), \fIWallet::Config\fR\|(3), \fIwallet\-backend\fR\|(8) .PP This program is part of the wallet system. The current version is -available from <http://www.eyrie.org/~eagle/software/wallet/>. +available from <https://www.eyrie.org/~eagle/software/wallet/>. diff --git a/server/wallet-admin b/server/wallet-admin.in index e74b2f1..4940c89 100755..100644 --- a/server/wallet-admin +++ b/server/wallet-admin.in @@ -1,4 +1,5 @@ -#!/usr/bin/perl +#!@PERL@ +# -*- perl -*- # # Wallet server administrative commands. @@ -66,7 +67,7 @@ __END__ =for stopwords metadata ACL hostname backend acl acls wildcard SQL Allbery verifier -MERCHANTABILITY NONINFRINGEMENT sublicense +MERCHANTABILITY NONINFRINGEMENT sublicense SPDX-License-Identifier MIT =head1 NAME @@ -144,8 +145,8 @@ Russ Allbery <eagle@eyrie.org> =head1 COPYRIGHT AND LICENSE -Copyright 2008, 2009, 2010, 2011, 2013 The Board of Trustees of the Leland -Stanford Junior University +Copyright 2008-2011, 2013 The Board of Trustees of the Leland Stanford Junior +University Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), @@ -165,11 +166,17 @@ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +SPDX-License-Identifier: MIT + =head1 SEE ALSO Wallet::Admin(3), Wallet::Config(3), wallet-backend(8) This program is part of the wallet system. The current version is -available from L<http://www.eyrie.org/~eagle/software/wallet/>. +available from L<https://www.eyrie.org/~eagle/software/wallet/>. =cut + +# Local Variables: +# copyright-at-end-flag: t +# End: diff --git a/server/wallet-backend.8 b/server/wallet-backend.8 index 96b5b29..ac72fd1 100644 --- a/server/wallet-backend.8 +++ b/server/wallet-backend.8 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.29) +.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -46,7 +46,7 @@ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" -.\" If the F register is turned on, we'll generate index entries on stderr for +.\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. @@ -54,20 +54,16 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{ -. if \nF \{ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.if !\nF .nr F 0 +.if \nF>0 \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{ -. nr % 0 -. nr F 2 -. \} +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 . \} .\} -.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -133,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "WALLET-BACKEND 8" -.TH WALLET-BACKEND 8 "2016-01-18" "1.3" "wallet" +.TH WALLET-BACKEND 8 "2018-06-03" "1.4" "wallet" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -174,7 +170,7 @@ Most commands are only available to wallet administrators (users on the \&\f(CW\*(C`store\*(C'\fR, \f(CW\*(C`show\*(C'\fR, \f(CW\*(C`destroy\*(C'\fR, \f(CW\*(C`flag clear\*(C'\fR, \f(CW\*(C`flag set\*(C'\fR, \f(CW\*(C`getattr\*(C'\fR, \&\f(CW\*(C`setattr\*(C'\fR, and \f(CW\*(C`history\*(C'\fR. \f(CW\*(C`acl check\*(C'\fR and \f(CW\*(C`check\*(C'\fR can be run by anyone. All of the rest of those commands have their own ACLs except -\&\f(CW\*(C`getattr\*(C'\fR and \f(CW\*(C`history\*(C'\fR, which use the \f(CW\*(C`show\*(C'\fR \s-1ACL, \s0\f(CW\*(C`setattr\*(C'\fR, which +\&\f(CW\*(C`getattr\*(C'\fR and \f(CW\*(C`history\*(C'\fR, which use the \f(CW\*(C`show\*(C'\fR \s-1ACL,\s0 \f(CW\*(C`setattr\*(C'\fR, which uses the \f(CW\*(C`store\*(C'\fR \s-1ACL,\s0 and \f(CW\*(C`comment\*(C'\fR, which uses the owner or \f(CW\*(C`show\*(C'\fR \s-1ACL\s0 depending on whether one is setting or retrieving the comment. If the appropriate \s-1ACL\s0 is set, it alone is checked to see if the user has access. @@ -215,7 +211,7 @@ or the \s-1ACL\s0 destruction will fail. The special \s-1ACL\s0 named \f(CW\*(C be destroyed. .IP "acl history <id>" 4 .IX Item "acl history <id>" -Display the history of the \s-1ACL\s0 <id>. Each change to the \s-1ACL \s0(not +Display the history of the \s-1ACL\s0 <id>. Each change to the \s-1ACL\s0 (not including changes to the name of the \s-1ACL\s0) will be represented by two lines. The first line will have a timestamp of the change followed by a description of the change, and the second line will give the user who made @@ -224,16 +220,16 @@ the change and the host from which the change was made. .IX Item "acl remove <id> <scheme> <identifier>" Remove the entry with <scheme> and <identifier> from the \s-1ACL\s0 <id>. <id> may be either the name of an \s-1ACL\s0 or its numeric identifier. The last -entry in the special \s-1ACL \s0\f(CW\*(C`ADMIN\*(C'\fR cannot be removed to protect against +entry in the special \s-1ACL\s0 \f(CW\*(C`ADMIN\*(C'\fR cannot be removed to protect against accidental lockout, but administrators can remove themselves from the -\&\f(CW\*(C`ADMIN\*(C'\fR \s-1ACL\s0 and can leave only a non-functioning entry on the \s-1ACL. \s0 Use +\&\f(CW\*(C`ADMIN\*(C'\fR \s-1ACL\s0 and can leave only a non-functioning entry on the \s-1ACL.\s0 Use caution when removing entries from the \f(CW\*(C`ADMIN\*(C'\fR \s-1ACL.\s0 .IP "acl rename <id> <name>" 4 .IX Item "acl rename <id> <name>" Renames the \s-1ACL\s0 identified by <id> to <name>. This changes the human-readable name, not the underlying numeric \s-1ID,\s0 so the \s-1ACL\s0's associations with objects will be unchanged. The \f(CW\*(C`ADMIN\*(C'\fR \s-1ACL\s0 may not be -renamed. <id> may be either the current name or the numeric \s-1ID. \s0 <name> +renamed. <id> may be either the current name or the numeric \s-1ID.\s0 <name> must not be all-numeric. To rename an \s-1ACL,\s0 the current user must be authorized by the \f(CW\*(C`ADMIN\*(C'\fR \s-1ACL.\s0 .IP "acl replace <id> <new\-id>" 4 @@ -243,7 +239,7 @@ Find any objects owned by <id>, and then change their ownership to some objects owned by it. <id> is not deleted afterwards, though in most cases that is probably your next step. The \f(CW\*(C`ADMIN\*(C'\fR \s-1ACL\s0 may not be replaced from. <id> and <new\-id> may be either the current name or the -numeric \s-1ID. \s0 To replace an \s-1ACL,\s0 the current user must be authorized by +numeric \s-1ID.\s0 To replace an \s-1ACL,\s0 the current user must be authorized by the \f(CW\*(C`ADMIN\*(C'\fR \s-1ACL.\s0 .IP "acl show <id>" 4 .IX Item "acl show <id>" @@ -311,7 +307,7 @@ Prints the \s-1ACL\s0 <acl>, which must be one of \f(CW\*(C`get\*(C'\fR, \f(CW\* \&\f(CW\*(C`destroy\*(C'\fR, or \f(CW\*(C`flags\*(C'\fR, for the object identified by <type> and <name>. Prints \f(CW\*(C`No ACL set\*(C'\fR if that \s-1ACL\s0 isn't set on that object. Remember that if the \f(CW\*(C`get\*(C'\fR, \f(CW\*(C`store\*(C'\fR, or \f(CW\*(C`show\*(C'\fR ACLs aren't set, authorization falls -back to checking the owner \s-1ACL. \s0 See the \f(CW\*(C`owner\*(C'\fR command for displaying +back to checking the owner \s-1ACL.\s0 See the \f(CW\*(C`owner\*(C'\fR command for displaying or setting it. .IP "getattr <type> <name> <attr>" 4 .IX Item "getattr <type> <name> <attr>" @@ -403,8 +399,8 @@ enctypes than those requested by this attribute. Russ Allbery <eagle@eyrie.org> .SH "COPYRIGHT AND LICENSE" .IX Header "COPYRIGHT AND LICENSE" -Copyright 2007, 2008, 2010, 2011, 2012, 2013 The Board of Trustees of the -Leland Stanford Junior University +Copyright 2007\-2008, 2010\-2013 The Board of Trustees of the Leland Stanford +Junior University .PP Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the \*(L"Software\*(R"), @@ -418,14 +414,16 @@ all copies or substantial portions of the Software. .PP \&\s-1THE SOFTWARE IS PROVIDED \*(L"AS IS\*(R", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.\s0 \s-1IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\s0 +.PP +SPDX-License-Identifier: \s-1MIT\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIWallet::Server\fR\|(3), \fIremctld\fR\|(8) .PP This program is part of the wallet system. The current version is -available from <http://www.eyrie.org/~eagle/software/wallet/>. +available from <https://www.eyrie.org/~eagle/software/wallet/>. diff --git a/server/wallet-backend b/server/wallet-backend.in index aa83a96..8e38460 100755..100644 --- a/server/wallet-backend +++ b/server/wallet-backend.in @@ -1,4 +1,5 @@ -#!/usr/bin/perl +#!@PERL@ +# -*- perl -*- # # Wallet server for storing and retrieving secure data. @@ -346,8 +347,8 @@ __END__ =for stopwords wallet-backend backend backend-specific remctld ACL acl timestamp getacl -setacl metadata keytab keytabs enctypes enctype ktadd KDC Allbery -autocreate MERCHANTABILITY NONINFRINGEMENT sublicense +setacl metadata keytab keytabs enctypes enctype ktadd KDC Allbery autocreate +MERCHANTABILITY NONINFRINGEMENT sublicense SPDX-License-Identifier MIT =head1 NAME @@ -664,8 +665,8 @@ Russ Allbery <eagle@eyrie.org> =head1 COPYRIGHT AND LICENSE -Copyright 2007, 2008, 2010, 2011, 2012, 2013 The Board of Trustees of the -Leland Stanford Junior University +Copyright 2007-2008, 2010-2013 The Board of Trustees of the Leland Stanford +Junior University Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), @@ -685,11 +686,17 @@ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +SPDX-License-Identifier: MIT + =head1 SEE ALSO Wallet::Server(3), remctld(8) This program is part of the wallet system. The current version is -available from L<http://www.eyrie.org/~eagle/software/wallet/>. +available from L<https://www.eyrie.org/~eagle/software/wallet/>. =cut + +# Local Variables: +# copyright-at-end-flag: t +# End: diff --git a/server/wallet-report.8 b/server/wallet-report.8 index 4cb759d..6b4a90b 100644 --- a/server/wallet-report.8 +++ b/server/wallet-report.8 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.29) +.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -46,7 +46,7 @@ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" -.\" If the F register is turned on, we'll generate index entries on stderr for +.\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. @@ -54,20 +54,16 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{ -. if \nF \{ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.if !\nF .nr F 0 +.if \nF>0 \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{ -. nr % 0 -. nr F 2 -. \} +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 . \} .\} -.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -133,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "WALLET-REPORT 8" -.TH WALLET-REPORT 8 "2016-01-18" "1.3" "wallet" +.TH WALLET-REPORT 8 "2018-06-03" "1.4" "wallet" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -176,7 +172,7 @@ report, ACLs will be listed in the form: \& <name> (ACL ID: <id>) .Ve .Sp -where <name> is the human-readable name and <id> is the numeric \s-1ID. \s0 The +where <name> is the human-readable name and <id> is the numeric \s-1ID.\s0 The numeric \s-1ID\s0 is what's used internally by the wallet system. There will be one line per \s-1ACL.\s0 .Sp @@ -233,7 +229,7 @@ and ACLs in the form: \& <name> (ACL ID: <id>) .Ve .Sp -where <name> is the human-readable name and <id> is the numeric \s-1ID. \s0 The +where <name> is the human-readable name and <id> is the numeric \s-1ID.\s0 The numeric \s-1ID\s0 is what's used internally by the wallet system. There will be one line per object or \s-1ACL.\s0 .IP "help" 4 @@ -323,8 +319,8 @@ Russ Allbery <eagle@eyrie.org> .IX Header "COPYRIGHT AND LICENSE" Copyright 2016 Russ Allbery <eagle@eyrie.org> .PP -Copyright 2008, 2009, 2010, 2013, 2015 The Board of Trustees of the Leland -Stanford Junior University +Copyright 2008\-2010, 2013, 2015 The Board of Trustees of the Leland Stanford +Junior University .PP Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the \*(L"Software\*(R"), @@ -338,14 +334,16 @@ all copies or substantial portions of the Software. .PP \&\s-1THE SOFTWARE IS PROVIDED \*(L"AS IS\*(R", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.\s0 \s-1IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\s0 +.PP +SPDX-License-Identifier: \s-1MIT\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIWallet::Config\fR\|(3), \fIWallet::Report\fR\|(3), \fIwallet\-backend\fR\|(8) .PP This program is part of the wallet system. The current version is -available from <http://www.eyrie.org/~eagle/software/wallet/>. +available from <https://www.eyrie.org/~eagle/software/wallet/>. diff --git a/server/wallet-report b/server/wallet-report.in index 6508227..292ba39 100755..100644 --- a/server/wallet-report +++ b/server/wallet-report.in @@ -1,4 +1,5 @@ -#!/usr/bin/perl +#!@PERL@ +# -*- perl -*- # # Wallet server reporting interface. @@ -134,7 +135,8 @@ wallet-report - Wallet server reporting interface =for stopwords metadata ACL hostname backend acl acls wildcard SQL Allbery remctl -MERCHANTABILITY NONINFRINGEMENT sublicense unstored +MERCHANTABILITY NONINFRINGEMENT sublicense unstored SPDX-License-Identifier +MIT =head1 SYNOPSIS @@ -329,8 +331,8 @@ Russ Allbery <eagle@eyrie.org> Copyright 2016 Russ Allbery <eagle@eyrie.org> -Copyright 2008, 2009, 2010, 2013, 2015 The Board of Trustees of the Leland -Stanford Junior University +Copyright 2008-2010, 2013, 2015 The Board of Trustees of the Leland Stanford +Junior University Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), @@ -350,11 +352,17 @@ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +SPDX-License-Identifier: MIT + =head1 SEE ALSO Wallet::Config(3), Wallet::Report(3), wallet-backend(8) This program is part of the wallet system. The current version is -available from L<http://www.eyrie.org/~eagle/software/wallet/>. +available from L<https://www.eyrie.org/~eagle/software/wallet/>. =cut + +# Local Variables: +# copyright-at-end-flag: t +# End: diff --git a/tests/HOWTO b/tests/README index b94985d..186d2d5 100644 --- a/tests/HOWTO +++ b/tests/README @@ -70,18 +70,20 @@ Writing TAP Tests One of the special features of C TAP Harness is the environment that it sets up for your test cases. If your test program is called under - the runtests driver, the environment variables SOURCE and BUILD will - be set to the top of the test directory in the source tree and the top - of the build tree, respectively. You can use those environment - variables to locate additional test data, programs and libraries built - as part of your software build, and other supporting information - needed by tests. + the runtests driver, the environment variables C_TAP_SOURCE and + C_TAP_BUILD will be set to the top of the test directory in the source + tree and the top of the build tree, respectively. You can use those + environment variables to locate additional test data, programs and + libraries built as part of your software build, and other supporting + information needed by tests. The C and shell TAP libraries support a test_file_path() function, which looks for a file under the build tree and then under the source - tree, using the BUILD and SOURCE environment variables, and return the - full path to the file. This can be used to locate supporting data - files. + tree, using the C_TAP_BUILD and C_TAP_SOURCE environment variables, + and return the full path to the file. This can be used to locate + supporting data files. They also support a test_tmpdir() function + that returns a directory that can be used for temporary files during + tests. Perl @@ -151,7 +153,7 @@ Writing TAP Tests Complete API documentation for the basic C TAP library that comes with C TAP Harness is available at: - <http://www.eyrie.org/~eagle/software/c-tap-harness/> + <https://www.eyrie.org/~eagle/software/c-tap-harness/> It's common to need additional test functions and utility functions for your C tests, particularly if you have to set up and tear down a @@ -168,7 +170,7 @@ Writing TAP Tests Libraries of additional useful TAP test functions are available in rra-c-util at: - <http://www.eyrie.org/~eagle/software/rra-c-util/> + <https://www.eyrie.org/~eagle/software/rra-c-util/> Some of the code there is particularly useful when testing programs that require Kerberos keys. @@ -190,15 +192,15 @@ Writing TAP Tests your test suite area. It can then be loaded by tests written in shell using the environment set up by runtests with: - . "$SOURCE"/tap/libtap.sh + . "$C_TAP_SOURCE"/tap/libtap.sh Here is a complete test case written in shell which produces the same output as the TAP sample above: #!/bin/sh - . "$SOURCE"/tap/libtap.sh - cd "$BUILD" + . "$C_TAP_SOURCE"/tap/libtap.sh + cd "$C_TAP_BUILD" plan 4 ok 'the first test' true @@ -238,11 +240,13 @@ Writing TAP Tests License This file is part of the documentation of C TAP Harness, which can be - found at <http://www.eyrie.org/~eagle/software/c-tap-harness/>. + found at <https://www.eyrie.org/~eagle/software/c-tap-harness/>. - Copyright 2010 Russ Allbery <eagle@eyrie.org> + Copyright 2010, 2016 Russ Allbery <eagle@eyrie.org> Copying and distribution of this file, with or without modification, are permitted in any medium without royalty provided the copyright notice and this notice are preserved. This file is offered as-is, without any warranty. + + SPDX-License-Identifier: FSFAP diff --git a/tests/TESTS b/tests/TESTS index 76bd4ae..81fe051 100644 --- a/tests/TESTS +++ b/tests/TESTS @@ -4,6 +4,7 @@ client/prompt client/rekey docs/pod docs/pod-spelling +docs/spdx-license-t perl/minimum-version perl/module-version perl/strict @@ -14,6 +15,7 @@ portable/snprintf server/admin server/backend server/keytab +style/obsolete-strings util/messages util/messages-krb5 util/xmalloc diff --git a/tests/client/basic-t.in b/tests/client/basic-t.in index 974b636..7634d73 100644 --- a/tests/client/basic-t.in +++ b/tests/client/basic-t.in @@ -3,16 +3,17 @@ # Test suite for the wallet command-line client. # # Written by Russ Allbery <eagle@eyrie.org> -# Copyright 2006, 2007, 2008, 2010 +# Copyright 2018 Russ Allbery <eagle@eyrie.org> +# Copyright 2006-2008, 2010 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT # Load the test library. -. "$SOURCE/tap/libtap.sh" -. "$SOURCE/tap/kerberos.sh" -. "$SOURCE/tap/remctl.sh" -cd "$SOURCE" +. "$C_TAP_SOURCE/tap/libtap.sh" +. "$C_TAP_SOURCE/tap/kerberos.sh" +. "$C_TAP_SOURCE/tap/remctl.sh" +cd "$C_TAP_SOURCE" # We need a modified krb5.conf file to test wallet configuration settings in # krb5.conf. Despite the hard-coding of test-k5.stanford.edu, this test isn't @@ -54,8 +55,8 @@ elif [ -z '@REMCTLD@' ] ; then else plan 36 fi -remctld_start '@REMCTLD@' "$SOURCE/data/basic.conf" -wallet="$BUILD/../client/wallet" +remctld_start '@REMCTLD@' "$C_TAP_SOURCE/data/basic.conf" +wallet="$C_TAP_BUILD/../client/wallet" # Make sure everything's clean. rm -f output output.bak keytab keytab.bak srvtab srvtab.bak autocreated diff --git a/tests/client/full-t.in b/tests/client/full-t.in index 4861723..5f7406a 100644 --- a/tests/client/full-t.in +++ b/tests/client/full-t.in @@ -1,26 +1,28 @@ -#!/usr/bin/perl +#!@PERL@ +# -*- perl -*- # # End-to-end tests for the wallet client. # # Written by Russ Allbery <eagle@eyrie.org> +# Copyright 2018 Russ Allbery <eagle@eyrie.org> # Copyright 2008, 2010, 2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT use strict; use warnings; # Point to our server configuration. This must be done before Wallet::Config # is loaded, and it's pulled in as a prerequisite for Wallet::Admin. -BEGIN { $ENV{WALLET_CONFIG} = "$ENV{SOURCE}/data/wallet.conf" } +BEGIN { $ENV{WALLET_CONFIG} = "$ENV{C_TAP_SOURCE}/data/wallet.conf" } use Test::More tests => 59; -use lib "$ENV{SOURCE}/../perl/lib"; +use lib "$ENV{C_TAP_SOURCE}/../perl/lib"; use Wallet::Admin; -use lib "$ENV{SOURCE}/../perl/t/lib"; +use lib "$ENV{C_TAP_SOURCE}/../perl/t/lib"; use Util; # Make a call to the wallet client. Takes the principal used by the server @@ -36,9 +38,9 @@ sub wallet { or die "cannot create wallet.out: $!\n"; open (STDERR, '>', 'wallet.err') or die "cannot create wallet.err: $!\n"; - exec ("$ENV{BUILD}/../client/wallet", '-k', $principal, '-p', + exec ("$ENV{C_TAP_BUILD}/../client/wallet", '-k', $principal, '-p', '14373', '-s', 'localhost', @command) - or die "cannot run $ENV{BUILD}/client/wallet: $!\n"; + or die "cannot run $ENV{C_TAP_BUILD}/client/wallet: $!\n"; } else { waitpid ($pid, 0); } @@ -55,23 +57,23 @@ sub wallet { } # cd to the correct directory. -chdir "$ENV{SOURCE}" or die "Cannot chdir to $ENV{SOURCE}: $!\n"; +chdir "$ENV{C_TAP_SOURCE}" or die "Cannot chdir to $ENV{C_TAP_SOURCE}: $!\n"; SKIP: { skip 'no keytab configuration', 59 - unless -f "$ENV{BUILD}/config/keytab"; + unless -f "$ENV{C_TAP_BUILD}/config/keytab"; my $remctld = '@REMCTLD@'; skip 'remctld not found', 59 unless $remctld; # Spawn remctld and get local tickets. Don't destroy the user's Kerberos # ticket cache. unlink ('krb5cc_test', 'test-pid'); - my $principal = contents ("$ENV{BUILD}/config/principal"); + my $principal = contents ("$ENV{C_TAP_BUILD}/config/principal"); remctld_spawn ($remctld, $principal, - "$ENV{BUILD}/config/keytab", - "$ENV{SOURCE}/data/full.conf"); + "$ENV{C_TAP_BUILD}/config/keytab", + "$ENV{C_TAP_SOURCE}/data/full.conf"); $ENV{KRB5CCNAME} = 'krb5cc_test'; - getcreds ("$ENV{BUILD}/config/keytab", $principal); + getcreds ("$ENV{C_TAP_BUILD}/config/keytab", $principal); # Use Wallet::Admin to set up the database. db_setup; diff --git a/tests/client/prompt-t.in b/tests/client/prompt-t.in index 686cc88..8c5ff9a 100644 --- a/tests/client/prompt-t.in +++ b/tests/client/prompt-t.in @@ -1,30 +1,32 @@ -#!/usr/bin/perl +#!@PERL@ +# -*- perl -*- # # Password prompting tests for the wallet client. # # Written by Russ Allbery <eagle@eyrie.org> +# Copyright 2018 Russ Allbery <eagle@eyrie.org> # Copyright 2008, 2010, 2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT use strict; use warnings; use Test::More tests => 5; -use lib "$ENV{SOURCE}/../perl/lib"; +use lib "$ENV{C_TAP_SOURCE}/../perl/lib"; use Wallet::Admin; -use lib "$ENV{SOURCE}/../perl/t/lib"; +use lib "$ENV{C_TAP_SOURCE}/../perl/t/lib"; use Util; # cd to the correct directory. -chdir "$ENV{SOURCE}" or die "Cannot chdir to $ENV{SOURCE}: $!\n"; +chdir "$ENV{C_TAP_SOURCE}" or die "Cannot chdir to $ENV{C_TAP_SOURCE}: $!\n"; SKIP: { skip 'no password configuration', 5 - unless -f "$ENV{BUILD}/config/password"; + unless -f "$ENV{C_TAP_BUILD}/config/password"; my $remctld = '@REMCTLD@'; skip 'remctld not found', 5 unless $remctld; eval { require Expect }; @@ -37,21 +39,21 @@ SKIP: { # Spawn remctld and set up with a different ticket cache. unlink ('krb5cc_test', 'test-pid'); - my $principal = contents ("$ENV{BUILD}/config/principal"); - remctld_spawn ($remctld, $principal, "$ENV{BUILD}/config/keytab", - "$ENV{SOURCE}/data/basic.conf"); + my $principal = contents ("$ENV{C_TAP_BUILD}/config/principal"); + remctld_spawn ($remctld, $principal, "$ENV{C_TAP_BUILD}/config/keytab", + "$ENV{C_TAP_SOURCE}/data/basic.conf"); $ENV{KRB5CCNAME} = 'krb5cc_test'; # Read in the principal and password. - open (PASS, '<', "$ENV{BUILD}/config/password") - or die "Cannot open $ENV{BUILD}/config/password: $!\n"; + open (PASS, '<', "$ENV{C_TAP_BUILD}/config/password") + or die "Cannot open $ENV{C_TAP_BUILD}/config/password: $!\n"; my $user = <PASS>; my $password = <PASS>; close PASS; chomp ($user, $password); # Spawn wallet and check an invalid password. - my $wallet = Expect->spawn ("$ENV{BUILD}/../client/wallet", '-k', + my $wallet = Expect->spawn ("$ENV{C_TAP_BUILD}/../client/wallet", '-k', $principal, '-p', 14373, '-s', 'localhost', '-c', 'fake-wallet', '-u', $user, 'get', 'keytab', 'service/fake-output'); @@ -62,7 +64,7 @@ SKIP: { $wallet->soft_close; # Now check a valid password. - $wallet = Expect->spawn ("$ENV{BUILD}/../client/wallet", '-k', + $wallet = Expect->spawn ("$ENV{C_TAP_BUILD}/../client/wallet", '-k', $principal, '-p', 14373, '-s', 'localhost', '-c', 'fake-wallet', '-u', $user, 'get', 'keytab', 'service/fake-output'); diff --git a/tests/client/rekey-t.in b/tests/client/rekey-t.in index c93b8eb..c2e507c 100644 --- a/tests/client/rekey-t.in +++ b/tests/client/rekey-t.in @@ -3,16 +3,17 @@ # Test suite for the wallet-rekey command-line client. # # Written by Russ Allbery <eagle@eyrie.org> -# Copyright 2006, 2007, 2008, 2010 +# Copyright 2018 Russ Allbery <eagle@eyrie.org> +# Copyright 2006-2008, 2010 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT # Load the test library. -. "$SOURCE/tap/libtap.sh" -. "$SOURCE/tap/kerberos.sh" -. "$SOURCE/tap/remctl.sh" -cd "$SOURCE" +. "$C_TAP_SOURCE/tap/libtap.sh" +. "$C_TAP_SOURCE/tap/kerberos.sh" +. "$C_TAP_SOURCE/tap/remctl.sh" +cd "$C_TAP_SOURCE" # We need a modified krb5.conf file to test wallet configuration settings in # krb5.conf. Despite the hard-coding of test-k5.stanford.edu, this test isn't @@ -47,8 +48,8 @@ elif [ -z '@REMCTLD@' ] ; then else plan 8 fi -remctld_start '@REMCTLD@' "$SOURCE/data/basic.conf" -wallet="$BUILD/../client/wallet-rekey" +remctld_start '@REMCTLD@' "$C_TAP_SOURCE/data/basic.conf" +wallet="$C_TAP_BUILD/../client/wallet-rekey" # Rekeying should result in a merged keytab with both the old and new keys. cp data/fake-keytab-old keytab diff --git a/tests/data/cmd-fake b/tests/data/cmd-fake index f889edd..4d2d8a1 100755 --- a/tests/data/cmd-fake +++ b/tests/data/cmd-fake @@ -4,10 +4,10 @@ # the client test suite. It doesn't test any of the wallet server code. # # Written by Russ Allbery <eagle@eyrie.org> -# Copyright 2007, 2008, 2010 +# Copyright 2007-2008, 2010 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT command="$1" shift diff --git a/tests/data/cmd-wrapper b/tests/data/cmd-wrapper index b5b6d26..c2d5da1 100755 --- a/tests/data/cmd-wrapper +++ b/tests/data/cmd-wrapper @@ -3,6 +3,7 @@ # Wrapper around the standard wallet-backend script that sets the Perl INC # path and the WALLET_CONFIG environment variable appropriately. -WALLET_CONFIG="$SOURCE/data/wallet.conf" +WALLET_CONFIG="$C_TAP_SOURCE/data/wallet.conf" export WALLET_CONFIG -exec perl -I"$SOURCE/../perl/lib" "$SOURCE/../server/wallet-backend" -q "$@" +exec perl -I"$C_TAP_SOURCE/../perl/lib" \ + "$C_TAP_SOURCE/../server/wallet-backend" -q "$@" diff --git a/tests/data/cppcheck.supp b/tests/data/cppcheck.supp new file mode 100644 index 0000000..5a421df --- /dev/null +++ b/tests/data/cppcheck.supp @@ -0,0 +1,30 @@ +// Suppressions file for cppcheck. -*- conf -*- +// +// This includes suppressions for all of my projects, including files that +// aren't in rra-c-util, for ease of sharing between projects. The ones that +// don't apply to a particular project should hopefully be harmless. +// +// Copyright 2018 Russ Allbery <eagle@eyrie.org> +// +// Copying and distribution of this file, with or without modification, are +// permitted in any medium without royalty provided the copyright notice and +// this notice are preserved. This file is offered as-is, without any +// warranty. +// +// SPDX-License-Identifier: FSFAP + +// I like declaring variables at the top of a function rather than cluttering +// every if and loop body with declarations. +variableScope + +// False positive due to recursive function. +knownConditionTrueFalse:portable/getopt.c:146 + +// False positive since the string comes from a command-line define. +knownConditionTrueFalse:tests/tap/remctl.c:79 + +// Setting the variable to NULL explicitly after deallocation. +redundantAssignment:tests/pam-util/options-t.c + +// (remctl) Nested assignments in this test confuse cppcheck. +redundantAssignment:tests/server/acl-t.c diff --git a/tests/docs/pod-spelling-t b/tests/docs/pod-spelling-t index 7b61c86..0419c24 100755 --- a/tests/docs/pod-spelling-t +++ b/tests/docs/pod-spelling-t @@ -3,10 +3,11 @@ # Checks all POD files in the tree for spelling errors using Test::Spelling. # # The canonical version of this file is maintained in the rra-c-util package, -# which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>. +# which can be found at <https://www.eyrie.org/~eagle/software/rra-c-util/>. # # Written by Russ Allbery <eagle@eyrie.org> -# Copyright 2012, 2013, 2014 +# Copyright 2016 Russ Allbery <eagle@eyrie.org> +# Copyright 2012-2014 # The Board of Trustees of the Leland Stanford Junior University # # Permission is hereby granted, free of charge, to any person obtaining a @@ -26,12 +27,14 @@ # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING # FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER # DEALINGS IN THE SOFTWARE. +# +# SPDX-License-Identifier: MIT use 5.006; use strict; use warnings; -use lib "$ENV{SOURCE}/tap/perl"; +use lib "$ENV{C_TAP_SOURCE}/tap/perl"; use Test::More; use Test::RRA qw(skip_unless_author use_prereq); diff --git a/tests/docs/pod-t b/tests/docs/pod-t index 53f9925..7ea3409 100755 --- a/tests/docs/pod-t +++ b/tests/docs/pod-t @@ -4,10 +4,11 @@ # distribution, for POD formatting errors. # # The canonical version of this file is maintained in the rra-c-util package, -# which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>. +# which can be found at <https://www.eyrie.org/~eagle/software/rra-c-util/>. # # Written by Russ Allbery <eagle@eyrie.org> -# Copyright 2012, 2013, 2014 +# Copyright 2016 Russ Allbery <eagle@eyrie.org> +# Copyright 2012-2014 # The Board of Trustees of the Leland Stanford Junior University # # Permission is hereby granted, free of charge, to any person obtaining a @@ -27,12 +28,14 @@ # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING # FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER # DEALINGS IN THE SOFTWARE. +# +# SPDX-License-Identifier: MIT use 5.006; use strict; use warnings; -use lib "$ENV{SOURCE}/tap/perl"; +use lib "$ENV{C_TAP_SOURCE}/tap/perl"; use Test::More; use Test::RRA qw(skip_unless_automated use_prereq); diff --git a/tests/docs/spdx-license-t b/tests/docs/spdx-license-t new file mode 100755 index 0000000..e05e13f --- /dev/null +++ b/tests/docs/spdx-license-t @@ -0,0 +1,133 @@ +#!/usr/bin/perl +# +# Check source files for SPDX-License-Identifier fields. +# +# Examine all source files in a distribution to check that they contain an +# SPDX-License-Identifier field. This does not check the syntax or whether +# the identifiers are valid. +# +# The canonical version of this file is maintained in the rra-c-util package, +# which can be found at <https://www.eyrie.org/~eagle/software/rra-c-util/>. +# +# Copyright 2018 Russ Allbery <eagle@eyrie.org> +# +# Permission is hereby granted, free of charge, to any person obtaining a +# copy of this software and associated documentation files (the "Software"), +# to deal in the Software without restriction, including without limitation +# the rights to use, copy, modify, merge, publish, distribute, sublicense, +# and/or sell copies of the Software, and to permit persons to whom the +# Software is furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL +# THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING +# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER +# DEALINGS IN THE SOFTWARE. +# +# SPDX-License-Identifier: MIT + +use 5.006; +use strict; +use warnings; + +use lib "$ENV{C_TAP_SOURCE}/tap/perl"; + +use File::Basename qw(basename); +use Test::More; +use Test::RRA qw(skip_unless_automated); +use Test::RRA::Automake qw(all_files automake_setup); + +# File name (the file without any directory component) and path patterns to +# skip for this check. +## no critic (RegularExpressions::ProhibitFixedStringMatches) +my @IGNORE = ( + qr{ \A LICENSE \z }xms, # Generated file with no license itself + qr{ \A (NEWS|THANKS|TODO) \z }xms, # Package license should be fine + qr{ \A README ( [.] .* )? \z }xms, # Package license should be fine + qr{ \A (Makefile|libtool) \z }xms, # Generated file + qr{ [.] output \z }xms, # Test data +); +my @IGNORE_PATHS = ( + qr{ \A docs/metadata/ }xms, # Package license should be fine + qr{ \A docs/protocol[.](html|txt) \z }xms, # Generated by xml2rfc + qr{ \A m4/ (libtool|lt.*) [.] m4 \z }xms, # Files from Libtool + qr{ \A perl/Build \z }xms, # Perl build files + qr{ \A perl/MANIFEST \z }xms, # Perl build files + qr{ \A perl/MYMETA [.] }xms, # Perl build files + qr{ \A perl/blib/ }xms, # Perl build files + qr{ \A perl/cover_db/ }xms, # Perl test files + qr{ \A perl/_build }xms, # Perl build files + qr{ \A php/Makefile [.] global \z }xms, # Created by phpize + qr{ \A php/autom4te [.] cache/ }xms, # Created by phpize + qr{ \A php/acinclude [.] m4 \z }xms, # Created by phpize + qr{ \A php/build/ }xms, # Created by phpize + qr{ \A php/config [.] (guess|sub) \z }xms, # Created by phpize + qr{ \A php/configure [.] in \z }xms, # Created by phpize + qr{ \A php/ltmain [.] sh \z }xms, # Created by phpize + qr{ \A php/run-tests [.] php \z }xms, # Created by phpize + qr{ [.] l?a \z }xms, # Created by libtool +); +## use critic + +# Only run this test during automated testing, since failure doesn't indicate +# any user-noticable flaw in the package itself. +skip_unless_automated('SPDX identifier tests'); + +# Set up Automake testing. +automake_setup(); + +# Check a single file for an occurrence of the string. +# +# $path - Path to the file +# +# Returns: undef +sub check_file { + my ($path) = @_; + my $filename = basename($path); + + # Ignore files in the whitelist, binary files, and files under 1KB. The + # latter can be rolled up into the overall project license and the license + # notice may be a substantial portion of the file size. + for my $pattern (@IGNORE) { + return if $filename =~ $pattern; + } + for my $pattern (@IGNORE_PATHS) { + return if $path =~ $pattern; + } + return if !-T $path; + return if -s $path < 1024; + + # Scan the file. + my ($saw_spdx, $skip_spdx); + open(my $file, '<', $path) or BAIL_OUT("Cannot open $path: $!"); + while (defined(my $line = <$file>)) { + if ($line =~ m{ Generated [ ] by [ ] libtool [ ] }xms) { + close($file) or BAIL_OUT("Cannot close $path: $!"); + return; + } + if ($line =~ m{ \b SPDX-License-Identifier: \s+ \S+ }xms) { + $saw_spdx = 1; + last; + } + if ($line =~ m{ no \s SPDX-License-Identifier \s registered }xms) { + $skip_spdx = 1; + last; + } + } + close($file) or BAIL_OUT("Cannot close $path: $!"); + ok($saw_spdx || $skip_spdx, $path); + return; +} + +# Scan every file. We don't declare a plan since we skip a lot of files and +# don't want to precalculate the file list. +my @paths = all_files(); +for my $path (@paths) { + check_file($path); +} +done_testing(); diff --git a/tests/perl/minimum-version-t b/tests/perl/minimum-version-t index 8c49327..7d81b46 100755 --- a/tests/perl/minimum-version-t +++ b/tests/perl/minimum-version-t @@ -7,10 +7,11 @@ # required for internal tools than for public code. # # The canonical version of this file is maintained in the rra-c-util package, -# which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>. +# which can be found at <https://www.eyrie.org/~eagle/software/rra-c-util/>. # # Written by Russ Allbery <eagle@eyrie.org> -# Copyright 2012, 2013, 2014 +# Copyright 2016 Russ Allbery <eagle@eyrie.org> +# Copyright 2012-2014 # The Board of Trustees of the Leland Stanford Junior University # # Permission is hereby granted, free of charge, to any person obtaining a @@ -30,12 +31,14 @@ # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING # FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER # DEALINGS IN THE SOFTWARE. +# +# SPDX-License-Identifier: MIT use 5.006; use strict; use warnings; -use lib "$ENV{SOURCE}/tap/perl"; +use lib "$ENV{C_TAP_SOURCE}/tap/perl"; use Test::More; use Test::RRA qw(skip_unless_automated use_prereq); diff --git a/tests/perl/module-version-t b/tests/perl/module-version-t index f1ebf0f..878cc2d 100755 --- a/tests/perl/module-version-t +++ b/tests/perl/module-version-t @@ -9,17 +9,19 @@ # # When given the --update option, instead fixes all of the Perl modules found # to have the correct version. +# +# SPDX-License-Identifier: MIT use 5.006; use strict; use warnings; -# SOURCE may not be set if we're running this script manually to update +# C_TAP_SOURCE may not be set if we're running this script manually to update # version numbers. If it isn't, assume we're being run from the top of the # tree. BEGIN { - if ($ENV{SOURCE}) { - unshift(@INC, "$ENV{SOURCE}/tap/perl"); + if ($ENV{C_TAP_SOURCE}) { + unshift(@INC, "$ENV{C_TAP_SOURCE}/tap/perl"); } else { unshift(@INC, 'tests/tap/perl'); } @@ -178,6 +180,10 @@ SOFTWARE. =head1 SEE ALSO This module is maintained in the rra-c-util package. The current version is -available from L<http://www.eyrie.org/~eagle/software/rra-c-util/>. +available from L<https://www.eyrie.org/~eagle/software/rra-c-util/>. =cut + +# Local Variables: +# copyright-at-end-flag: t +# End: diff --git a/tests/perl/strict-t b/tests/perl/strict-t index 2df6d58..09ce157 100755 --- a/tests/perl/strict-t +++ b/tests/perl/strict-t @@ -7,10 +7,11 @@ # all pass a syntax check. Currently, test suite coverage is not checked. # # The canonical version of this file is maintained in the rra-c-util package, -# which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>. +# which can be found at <https://www.eyrie.org/~eagle/software/rra-c-util/>. # # Written by Russ Allbery <eagle@eyrie.org> -# Copyright 2012, 2013, 2014 +# Copyright 2016 Russ Allbery <eagle@eyrie.org> +# Copyright 2012-2014 # The Board of Trustees of the Leland Stanford Junior University # # Permission is hereby granted, free of charge, to any person obtaining a @@ -30,12 +31,14 @@ # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING # FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER # DEALINGS IN THE SOFTWARE. +# +# SPDX-License-Identifier: MIT use 5.006; use strict; use warnings; -use lib "$ENV{SOURCE}/tap/perl"; +use lib "$ENV{C_TAP_SOURCE}/tap/perl"; use Test::More; use Test::RRA qw(skip_unless_automated use_prereq); @@ -46,7 +49,7 @@ use Test::RRA::Config qw(@STRICT_IGNORE @STRICT_PREREQ); skip_unless_automated('Strictness tests'); # Load prerequisite modules. -use_prereq('Test::Strict'); +use_prereq('Test::Strict', '0.25'); # Check whether all prerequisites are available, and skip the test if any of # them are not. diff --git a/tests/portable/asprintf-t.c b/tests/portable/asprintf-t.c index e556d95..3b10a66 100644 --- a/tests/portable/asprintf-t.c +++ b/tests/portable/asprintf-t.c @@ -2,17 +2,19 @@ * asprintf and vasprintf test suite. * * The canonical version of this file is maintained in the rra-c-util package, - * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>. + * which can be found at <https://www.eyrie.org/~eagle/software/rra-c-util/>. * * Written by Russ Allbery <eagle@eyrie.org> + * Copyright 2014, 2018 Russ Allbery <eagle@eyrie.org> + * Copyright 2006-2009, 2011 + * The Board of Trustees of the Leland Stanford Junior University * - * The authors hereby relinquish any claim to any copyright that they may have - * in this work, whether granted under contract or by operation of law or - * international treaty, and hereby commit to the public, at large, that they - * shall not, at any time in the future, seek to enforce any copyright in this - * work against any person or entity, or prevent any person or entity from - * copying, publishing, distributing or creating derivative works of this - * work. + * Copying and distribution of this file, with or without modification, are + * permitted in any medium without royalty provided the copyright notice and + * this notice are preserved. This file is offered as-is, without any + * warranty. + * + * SPDX-License-Identifier: FSFAP */ #include <config.h> @@ -23,9 +25,10 @@ int test_asprintf(char **, const char *, ...) __attribute__((__format__(printf, 2, 3))); -int test_vasprintf(char **, const char *, va_list); +int test_vasprintf(char **, const char *, va_list) + __attribute__((__format__(printf, 2, 0))); -static int +static int __attribute__((__format__(printf, 2, 3))) vatest(char **result, const char *format, ...) { va_list args; diff --git a/tests/portable/mkstemp-t.c b/tests/portable/mkstemp-t.c index 20a83fc..dc26821 100644 --- a/tests/portable/mkstemp-t.c +++ b/tests/portable/mkstemp-t.c @@ -2,17 +2,18 @@ * mkstemp test suite. * * The canonical version of this file is maintained in the rra-c-util package, - * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>. + * which can be found at <https://www.eyrie.org/~eagle/software/rra-c-util/>. * * Written by Russ Allbery <eagle@eyrie.org> + * Copyright 2009, 2011 + * The Board of Trustees of the Leland Stanford Junior University * - * The authors hereby relinquish any claim to any copyright that they may have - * in this work, whether granted under contract or by operation of law or - * international treaty, and hereby commit to the public, at large, that they - * shall not, at any time in the future, seek to enforce any copyright in this - * work against any person or entity, or prevent any person or entity from - * copying, publishing, distributing or creating derivative works of this - * work. + * Copying and distribution of this file, with or without modification, are + * permitted in any medium without royalty provided the copyright notice and + * this notice are preserved. This file is offered as-is, without any + * warranty. + * + * SPDX-License-Identifier: FSFAP */ #include <config.h> diff --git a/tests/portable/setenv-t.c b/tests/portable/setenv-t.c index 15ed1fd..92a8c95 100644 --- a/tests/portable/setenv-t.c +++ b/tests/portable/setenv-t.c @@ -2,17 +2,19 @@ * setenv test suite. * * The canonical version of this file is maintained in the rra-c-util package, - * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>. + * which can be found at <https://www.eyrie.org/~eagle/software/rra-c-util/>. * * Written by Russ Allbery <eagle@eyrie.org> + * Copyright 2000-2006, 2017 Russ Allbery <eagle@eyrie.org> + * Copyright 2006-2009, 2011 + * The Board of Trustees of the Leland Stanford Junior University * - * The authors hereby relinquish any claim to any copyright that they may have - * in this work, whether granted under contract or by operation of law or - * international treaty, and hereby commit to the public, at large, that they - * shall not, at any time in the future, seek to enforce any copyright in this - * work against any person or entity, or prevent any person or entity from - * copying, publishing, distributing or creating derivative works of this - * work. + * Copying and distribution of this file, with or without modification, are + * permitted in any medium without royalty provided the copyright notice and + * this notice are preserved. This file is offered as-is, without any + * warranty. + * + * SPDX-License-Identifier: FSFAP */ #include <config.h> diff --git a/tests/portable/snprintf-t.c b/tests/portable/snprintf-t.c index cc8cf00..7e8a68f 100644 --- a/tests/portable/snprintf-t.c +++ b/tests/portable/snprintf-t.c @@ -2,12 +2,11 @@ * snprintf test suite. * * The canonical version of this file is maintained in the rra-c-util package, - * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>. + * which can be found at <https://www.eyrie.org/~eagle/software/rra-c-util/>. * * Written by Russ Allbery <eagle@eyrie.org> - * Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2006 - * Russ Allbery <eagle@eyrie.org> - * Copyright 2009, 2010 + * Copyright 2000-2006, 2018 Russ Allbery <eagle@eyrie.org> + * Copyright 2009-2010 * The Board of Trustees of the Leland Stanford Junior University * Copyright 1995 Patrick Powell * Copyright 2001 Hrvoje Niksic @@ -15,6 +14,8 @@ * This code is based on code written by Patrick Powell (papowell@astart.com) * It may be used for any purpose as long as this notice remains intact * on all source code distributions + * + * There is no SPDX-License-Identifier registered for this license. */ #include <config.h> @@ -159,7 +160,7 @@ main(void) &count, string, &lcount); is_int(0, count, "correct output from two %%n"); is_int(31, lcount, "correct output from long %%ln"); - test_format(true, "(null)", 6, "%s", NULL); + test_format(true, "(null)", 6, "%s", (char *) NULL); for (i = 0; fp_formats[i] != NULL; i++) for (j = 0; j < ARRAY_SIZE(fp_nums); j++) { diff --git a/tests/runtests.c b/tests/runtests.c index 42a73ea..af15a5c 100644 --- a/tests/runtests.c +++ b/tests/runtests.c @@ -1,6 +1,37 @@ /* * Run a set of tests, reporting results. * + * Test suite driver that runs a set of tests implementing a subset of the + * Test Anything Protocol (TAP) and reports the results. + * + * Any bug reports, bug fixes, and improvements are very much welcome and + * should be sent to the e-mail address below. This program is part of C TAP + * Harness <https://www.eyrie.org/~eagle/software/c-tap-harness/>. + * + * Copyright 2000-2001, 2004, 2006-2018 Russ Allbery <eagle@eyrie.org> + * + * Permission is hereby granted, free of charge, to any person obtaining a + * copy of this software and associated documentation files (the "Software"), + * to deal in the Software without restriction, including without limitation + * the rights to use, copy, modify, merge, publish, distribute, sublicense, + * and/or sell copies of the Software, and to permit persons to whom the + * Software is furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL + * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER + * DEALINGS IN THE SOFTWARE. + * + * SPDX-License-Identifier: MIT + */ + +/* * Usage: * * runtests [-hv] [-b <build-dir>] [-s <source-dir>] -l <test-list> @@ -8,9 +39,10 @@ * runtests -o [-h] [-b <build-dir>] [-s <source-dir>] <test> * * In the first case, expects a list of executables located in the given file, - * one line per executable. For each one, runs it as part of a test suite, - * reporting results. In the second case, use the same infrastructure, but - * run only the tests listed on the command line. + * one line per executable, possibly followed by a space-separated list of + * options. For each one, runs it as part of a test suite, reporting results. + * In the second case, use the same infrastructure, but run only the tests + * listed on the command line. * * Test output should start with a line containing the number of tests * (numbered from 1 to this number), optionally preceded by "1..", although @@ -48,41 +80,16 @@ * output. This is intended for use with failing tests so that the person * running the test suite can get more details about what failed. * - * If built with the C preprocessor symbols SOURCE and BUILD defined, C TAP - * Harness will export those values in the environment so that tests can find - * the source and build directory and will look for tests under both - * directories. These paths can also be set with the -b and -s command-line - * options, which will override anything set at build time. + * If built with the C preprocessor symbols C_TAP_SOURCE and C_TAP_BUILD + * defined, C TAP Harness will export those values in the environment so that + * tests can find the source and build directory and will look for tests under + * both directories. These paths can also be set with the -b and -s + * command-line options, which will override anything set at build time. * * If the -v option is given, or the C_TAP_VERBOSE environment variable is set, * display the full output of each test as it runs rather than showing a * summary of the results of each test. - * - * Any bug reports, bug fixes, and improvements are very much welcome and - * should be sent to the e-mail address below. This program is part of C TAP - * Harness <http://www.eyrie.org/~eagle/software/c-tap-harness/>. - * - * Copyright 2000, 2001, 2004, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, - * 2014, 2015 Russ Allbery <eagle@eyrie.org> - * - * Permission is hereby granted, free of charge, to any person obtaining a - * copy of this software and associated documentation files (the "Software"), - * to deal in the Software without restriction, including without limitation - * the rights to use, copy, modify, merge, publish, distribute, sublicense, - * and/or sell copies of the Software, and to permit persons to whom the - * Software is furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in - * all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL - * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER - * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING - * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER - * DEALINGS IN THE SOFTWARE. -*/ + */ /* Required for fdopen(), getopt(), and putenv(). */ #if defined(__STRICT_ANSI__) || defined(PEDANTIC) @@ -135,15 +142,17 @@ /* * The source and build versions of the tests directory. This is used to set - * the SOURCE and BUILD environment variables and find test programs, if set. - * Normally, this should be set as part of the build process to the test - * subdirectories of $(abs_top_srcdir) and $(abs_top_builddir) respectively. + * the C_TAP_SOURCE and C_TAP_BUILD environment variables (and the SOURCE and + * BUILD environment variables set for backward compatibility) and find test + * programs, if set. Normally, this should be set as part of the build + * process to the test subdirectories of $(abs_top_srcdir) and + * $(abs_top_builddir) respectively. */ -#ifndef SOURCE -# define SOURCE NULL +#ifndef C_TAP_SOURCE +# define C_TAP_SOURCE NULL #endif -#ifndef BUILD -# define BUILD NULL +#ifndef C_TAP_BUILD +# define C_TAP_BUILD NULL #endif /* Test status codes. */ @@ -177,7 +186,7 @@ enum plan_status { /* Structure to hold data for a set of tests. */ struct testset { char *file; /* The file name of the test. */ - char *path; /* The path to the test program. */ + char **command; /* The argv vector to run the command. */ enum plan_status plan; /* The status of our plan. */ unsigned long count; /* Expected count of tests. */ unsigned long current; /* The last seen test number. */ @@ -188,7 +197,7 @@ struct testset { unsigned long allocated; /* The size of the results table. */ enum test_status *results; /* Table of results by test number. */ unsigned int aborted; /* Whether the set was aborted. */ - int reported; /* Whether the results were reported. */ + unsigned int reported; /* Whether the results were reported. */ int status; /* The exit status of the test. */ unsigned int all_skipped; /* Whether all tests were skipped. */ char *reason; /* Why all tests were skipped. */ @@ -240,6 +249,7 @@ Failed Set Fail/Total (%) Skip Stat Failing Tests\n\ #define xcalloc(n, size) x_calloc((n), (size), __FILE__, __LINE__) #define xmalloc(size) x_malloc((size), __FILE__, __LINE__) #define xstrdup(p) x_strdup((p), __FILE__, __LINE__) +#define xstrndup(p, size) x_strndup((p), (size), __FILE__, __LINE__) #define xreallocarray(p, n, size) \ x_reallocarray((p), (n), (size), __FILE__, __LINE__) @@ -280,6 +290,8 @@ Failed Set Fail/Total (%) Skip Stat Failing Tests\n\ #endif /* Declare internal functions that benefit from compiler attributes. */ +static void die(const char *, ...) + __attribute__((__nonnull__, __noreturn__, __format__(printf, 1, 2))); static void sysdie(const char *, ...) __attribute__((__nonnull__, __noreturn__, __format__(printf, 1, 2))); static void *x_calloc(size_t, size_t, const char *, int) @@ -290,6 +302,26 @@ static void *x_reallocarray(void *, size_t, size_t, const char *, int) __attribute__((__alloc_size__(2, 3), __malloc__, __nonnull__(4))); static char *x_strdup(const char *, const char *, int) __attribute__((__malloc__, __nonnull__)); +static char *x_strndup(const char *, size_t, const char *, int) + __attribute__((__malloc__, __nonnull__)); + + +/* + * Report a fatal error and exit. + */ +static void +die(const char *format, ...) +{ + va_list args; + + fflush(stdout); + fprintf(stderr, "runtests: "); + va_start(args, format); + vfprintf(stderr, format, args); + va_end(args); + fprintf(stderr, "\n"); + exit(1); +} /* @@ -392,6 +424,35 @@ x_strdup(const char *s, const char *file, int line) /* + * Copy the first n characters of a string, reporting a fatal error and + * existing on failure. + * + * Avoid using the system strndup function since it may not exist (on Mac OS + * X, for example), and there's no need to introduce another portability + * requirement. + */ +char * +x_strndup(const char *s, size_t size, const char *file, int line) +{ + const char *p; + size_t len; + char *copy; + + /* Don't assume that the source string is nul-terminated. */ + for (p = s; (size_t) (p - s) < size && *p != '\0'; p++) + ; + len = (size_t) (p - s); + copy = malloc(len + 1); + if (copy == NULL) + sysdie("failed to strndup %lu bytes at %s line %d", + (unsigned long) len, file, line); + memcpy(copy, s, len); + copy[len] = '\0'; + return copy; +} + + +/* * Form a new string by concatenating multiple strings. The arguments must be * terminated by (const char *) 0. * @@ -447,7 +508,7 @@ concat(const char *first, ...) static double tv_seconds(const struct timeval *tv) { - return difftime(tv->tv_sec, 0) + tv->tv_usec * 1e-6; + return difftime(tv->tv_sec, 0) + (double) tv->tv_usec * 1e-6; } @@ -485,12 +546,25 @@ skip_whitespace(const char *p) /* + * Given a pointer to a string, skip any non-whitespace characters and return + * a pointer to the first whitespace character, or to the end of the string. + */ +static const char * +skip_non_whitespace(const char *p) +{ + while (*p != '\0' && !isspace((unsigned char)(*p))) + p++; + return p; +} + + +/* * Start a program, connecting its stdout to a pipe on our end and its stderr * to /dev/null, and storing the file descriptor to read from in the two * argument. Returns the PID of the new process. Errors are fatal. */ static pid_t -test_start(const char *path, int *fd) +test_start(char *const *command, int *fd) { int fds[2], infd, errfd; pid_t child; @@ -541,8 +615,9 @@ test_start(const char *path, int *fd) } /* Now, exec our process. */ - if (execl(path, path, (char *) 0) == -1) + if (execv(command[0], command) == -1) _exit(CHILDERR_EXEC); + break; /* In parent. Close the extra file descriptor. */ default: @@ -1035,7 +1110,7 @@ test_run(struct testset *ts, enum test_verbose verbose) char buffer[BUFSIZ]; /* Run the test program. */ - testpid = test_start(ts->path, &outfd); + testpid = test_start(ts->command, &outfd); output = fdopen(outfd, "r"); if (!output) { puts("ABORTED"); @@ -1097,6 +1172,7 @@ test_fail_summary(const struct testlist *fails) struct testset *ts; unsigned int chars; unsigned long i, first, last, total; + double failed; puts(header); @@ -1105,8 +1181,9 @@ test_fail_summary(const struct testlist *fails) for (; fails; fails = fails->next) { ts = fails->ts; total = ts->count - ts->skipped; + failed = (double) ts->failed; printf("%-26.26s %4lu/%-4lu %3.0f%% %4lu ", ts->file, ts->failed, - total, total ? (ts->failed * 100.0) / total : 0, + total, total ? (failed * 100.0) / (double) total : 0, ts->skipped); if (WIFEXITED(ts->status)) printf("%4d ", WEXITSTATUS(ts->status)); @@ -1203,19 +1280,111 @@ find_test(const char *name, const char *source, const char *build) /* + * Parse a single line of a test list and store the test name and command to + * execute it in the given testset struct. + * + * Normally, each line is just the name of the test, which is located in the + * test directory and turned into a command to run. However, each line may + * have whitespace-separated options, which change the command that's run. + * Current supported options are: + * + * valgrind + * Run the test under valgrind if C_TAP_VALGRIND is set. The contents + * of that environment variable are taken as the valgrind command (with + * options) to run. The command is parsed with a simple split on + * whitespace and no quoting is supported. + * + * libtool + * If running under valgrind, use libtool to invoke valgrind. This avoids + * running valgrind on the wrapper shell script generated by libtool. If + * set, C_TAP_LIBTOOL must be set to the full path to the libtool program + * to use to run valgrind and thus the test. Ignored if the test isn't + * being run under valgrind. + */ +static void +parse_test_list_line(const char *line, struct testset *ts, const char *source, + const char *build) +{ + const char *p, *end, *option, *libtool; + const char *valgrind = NULL; + unsigned int use_libtool = 0; + unsigned int use_valgrind = 0; + size_t len, i; + + /* Determine the name of the test. */ + p = skip_non_whitespace(line); + ts->file = xstrndup(line, p - line); + + /* Check if any test options are set. */ + p = skip_whitespace(p); + while (*p != '\0') { + end = skip_non_whitespace(p); + if (strncmp(p, "libtool", end - p) == 0) { + use_libtool = 1; + p = end; + } else if (strncmp(p, "valgrind", end - p) == 0) { + valgrind = getenv("C_TAP_VALGRIND"); + use_valgrind = (valgrind != NULL); + p = end; + } else { + option = xstrndup(p, end - p); + die("unknown test list option %s", option); + } + p = skip_whitespace(end); + } + + /* Construct the argv to run the test. First, find the length. */ + len = 1; + if (use_valgrind && valgrind != NULL) { + p = skip_whitespace(valgrind); + while (*p != '\0') { + len++; + p = skip_whitespace(skip_non_whitespace(p)); + } + if (use_libtool) + len += 2; + } + + /* Now, build the command. */ + ts->command = xcalloc(len + 1, sizeof(char *)); + i = 0; + if (use_valgrind && valgrind != NULL) { + if (use_libtool) { + libtool = getenv("C_TAP_LIBTOOL"); + if (libtool == NULL) + die("valgrind with libtool requested, but C_TAP_LIBTOOL is not" + " set"); + ts->command[i++] = xstrdup(libtool); + ts->command[i++] = xstrdup("--mode=execute"); + } + p = skip_whitespace(valgrind); + while (*p != '\0') { + end = skip_non_whitespace(p); + ts->command[i++] = xstrndup(p, end - p); + p = skip_whitespace(end); + } + } + if (i != len - 1) + die("internal error while constructing command line"); + ts->command[i++] = find_test(ts->file, source, build); + ts->command[i] = NULL; +} + + +/* * Read a list of tests from a file, returning the list of tests as a struct * testlist, or NULL if there were no tests (such as a file containing only * comments). Reports an error to standard error and exits if the list of * tests cannot be read. */ static struct testlist * -read_test_list(const char *filename) +read_test_list(const char *filename, const char *source, const char *build) { FILE *file; unsigned int line; size_t length; char buffer[BUFSIZ]; - const char *testname; + const char *start; struct testlist *listhead, *current; /* Create the initial container list that will hold our results. */ @@ -1240,10 +1409,10 @@ read_test_list(const char *filename) buffer[length] = '\0'; /* Skip comments, leading spaces, and blank lines. */ - testname = skip_whitespace(buffer); - if (strlen(testname) == 0) + start = skip_whitespace(buffer); + if (strlen(start) == 0) continue; - if (testname[0] == '#') + if (start[0] == '#') continue; /* Allocate the new testset structure. */ @@ -1255,7 +1424,9 @@ read_test_list(const char *filename) } current->ts = xcalloc(1, sizeof(struct testset)); current->ts->plan = PLAN_INIT; - current->ts->file = xstrdup(testname); + + /* Parse the line and store the results in the testset struct. */ + parse_test_list_line(start, current->ts, source, build); } fclose(file); @@ -1277,7 +1448,7 @@ read_test_list(const char *filename) * freeing. */ static struct testlist * -build_test_list(char *argv[], int argc) +build_test_list(char *argv[], int argc, const char *source, const char *build) { int i; struct testlist *listhead, *current; @@ -1297,6 +1468,9 @@ build_test_list(char *argv[], int argc) current->ts = xcalloc(1, sizeof(struct testset)); current->ts->plan = PLAN_INIT; current->ts->file = xstrdup(argv[i]); + current->ts->command = xcalloc(2, sizeof(char *)); + current->ts->command[0] = find_test(current->ts->file, source, build); + current->ts->command[1] = NULL; } /* If there were no tests, current is still NULL. */ @@ -1314,8 +1488,12 @@ build_test_list(char *argv[], int argc) static void free_testset(struct testset *ts) { + size_t i; + free(ts->file); - free(ts->path); + for (i = 0; ts->command[i] != NULL; i++) + free(ts->command[i]); + free(ts->command); free(ts->results); free(ts->reason); free(ts); @@ -1330,8 +1508,7 @@ free_testset(struct testset *ts) * frees the test list that's passed in. */ static int -test_batch(struct testlist *tests, const char *source, const char *build, - enum test_verbose verbose) +test_batch(struct testlist *tests, enum test_verbose verbose) { size_t length, i; size_t longest = 0; @@ -1382,7 +1559,6 @@ test_batch(struct testlist *tests, const char *source, const char *build, fflush(stdout); /* Run the test. */ - ts->path = find_test(ts->file, source, build); succeeded = test_run(ts, verbose); fflush(stdout); if (verbose) @@ -1446,7 +1622,7 @@ test_batch(struct testlist *tests, const char *source, const char *build, fputs("All tests successful", stdout); else printf("Failed %lu/%lu tests, %.2f%% okay", failed, total, - (total - failed) * 100.0 / total); + (double) (total - failed) * 100.0 / (double) total); if (skipped != 0) { if (skipped == 1) printf(", %lu test skipped", skipped); @@ -1479,8 +1655,9 @@ test_single(const char *program, const char *source, const char *build) /* - * Main routine. Set the SOURCE and BUILD environment variables and then, - * given a file listing tests, run each test listed. + * Main routine. Set the C_TAP_SOURCE, C_TAP_BUILD, SOURCE, and BUILD + * environment variables and then, given a file listing tests, run each test + * listed. */ int main(int argc, char *argv[]) @@ -1489,13 +1666,15 @@ main(int argc, char *argv[]) int status = 0; int single = 0; enum test_verbose verbose = CONCISE; + char *c_tap_source_env = NULL; + char *c_tap_build_env = NULL; char *source_env = NULL; char *build_env = NULL; const char *program; const char *shortlist; const char *list = NULL; - const char *source = SOURCE; - const char *build = BUILD; + const char *source = C_TAP_SOURCE; + const char *build = C_TAP_BUILD; struct testlist *tests; program = argv[0]; @@ -1537,13 +1716,23 @@ main(int argc, char *argv[]) if (getenv("C_TAP_VERBOSE") != NULL) verbose = VERBOSE; - /* Set SOURCE and BUILD environment variables. */ + /* + * Set C_TAP_SOURCE and C_TAP_BUILD environment variables. Also set + * SOURCE and BUILD for backward compatibility, although we're trying to + * migrate to the ones with a C_TAP_* prefix. + */ if (source != NULL) { + c_tap_source_env = concat("C_TAP_SOURCE=", source, (const char *) 0); + if (putenv(c_tap_source_env) != 0) + sysdie("cannot set C_TAP_SOURCE in the environment"); source_env = concat("SOURCE=", source, (const char *) 0); if (putenv(source_env) != 0) sysdie("cannot set SOURCE in the environment"); } if (build != NULL) { + c_tap_build_env = concat("C_TAP_BUILD=", build, (const char *) 0); + if (putenv(c_tap_build_env) != 0) + sysdie("cannot set C_TAP_BUILD in the environment"); build_env = concat("BUILD=", build, (const char *) 0); if (putenv(build_env) != 0) sysdie("cannot set BUILD in the environment"); @@ -1559,20 +1748,24 @@ main(int argc, char *argv[]) else shortlist++; printf(banner, shortlist); - tests = read_test_list(list); - status = test_batch(tests, source, build, verbose) ? 0 : 1; + tests = read_test_list(list, source, build); + status = test_batch(tests, verbose) ? 0 : 1; } else { - tests = build_test_list(argv, argc); - status = test_batch(tests, source, build, verbose) ? 0 : 1; + tests = build_test_list(argv, argc, source, build); + status = test_batch(tests, verbose) ? 0 : 1; } /* For valgrind cleanliness, free all our memory. */ if (source_env != NULL) { + putenv((char *) "C_TAP_SOURCE="); putenv((char *) "SOURCE="); + free(c_tap_source_env); free(source_env); } if (build_env != NULL) { + putenv((char *) "C_TAP_BUILD="); putenv((char *) "BUILD="); + free(c_tap_build_env); free(build_env); } exit(status); diff --git a/tests/server/admin-t b/tests/server/admin-t index f025d98..a74e6db 100755 --- a/tests/server/admin-t +++ b/tests/server/admin-t @@ -3,10 +3,11 @@ # Tests for the wallet-admin dispatch code. # # Written by Russ Allbery <eagle@eyrie.org> -# Copyright 2008, 2009, 2010, 2011, 2014 +# Copyright 2018 Russ Allbery <eagle@eyrie.org> +# Copyright 2008-2011, 2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT use strict; use Test::More tests => 42; @@ -68,7 +69,7 @@ sub upgrade { # Wallet::Admin package has already been loaded. package main; $INC{'Wallet/Admin.pm'} = 'FAKE'; -eval { do "$ENV{SOURCE}/../server/wallet-admin" }; +do "$ENV{C_TAP_BUILD}/../server/wallet-admin"; # Run the wallet admin client. This fun hack takes advantage of the fact that # the wallet admin client is written in Perl so that we can substitute our own diff --git a/tests/server/backend-t b/tests/server/backend-t index 2ed8404..fb7d97b 100755 --- a/tests/server/backend-t +++ b/tests/server/backend-t @@ -3,10 +3,11 @@ # Tests for the wallet-backend dispatch code. # # Written by Russ Allbery <eagle@eyrie.org> -# Copyright 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014 +# Copyright 2018 Russ Allbery <eagle@eyrie.org> +# Copyright 2006-2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT use strict; use Test::More tests => 1311; @@ -189,7 +190,7 @@ $INC{'Wallet/Server.pm'} = 'FAKE'; my $OUTPUT; our $SYSLOG = \$OUTPUT; my $INPUT = ''; -eval { do "$ENV{SOURCE}/../server/wallet-backend" }; +do "$ENV{C_TAP_BUILD}/../server/wallet-backend"; # Run the wallet backend. This fun hack takes advantage of the fact that the # wallet backend is written in Perl so that we can substitute our own diff --git a/tests/server/keytab-t b/tests/server/keytab-t index 94c1bd8..7e7c3f0 100755 --- a/tests/server/keytab-t +++ b/tests/server/keytab-t @@ -3,10 +3,11 @@ # Tests for the keytab-backend dispatch code. # # Written by Russ Allbery <eagle@eyrie.org> -# Copyright 2006, 2007, 2010 +# Copyright 2018 Russ Allbery <eagle@eyrie.org> +# Copyright 2006-2007, 2010 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT use strict; use vars qw($CONFIG $KADMIN $SYSLOG $TMP); @@ -16,9 +17,9 @@ use Test::More tests => 63; # Load the keytab-backend code and override various settings. my $OUTPUT; $SYSLOG = \$OUTPUT; -eval { do "$ENV{SOURCE}/../server/keytab-backend" }; -$CONFIG = "$ENV{SOURCE}/data/allow-extract"; -$KADMIN = "$ENV{SOURCE}/data/fake-kadmin"; +do "$ENV{C_TAP_BUILD}/../server/keytab-backend"; +$CONFIG = "$ENV{C_TAP_SOURCE}/data/allow-extract"; +$KADMIN = "$ENV{C_TAP_SOURCE}/data/fake-kadmin"; $TMP = '.'; # Run the keytab backend. diff --git a/tests/server/report-t b/tests/server/report-t index ad05363..20382f0 100755 --- a/tests/server/report-t +++ b/tests/server/report-t @@ -3,10 +3,11 @@ # Tests for the wallet-report dispatch code. # # Written by Russ Allbery <eagle@eyrie.org> -# Copyright 2008, 2009, 2010 +# Copyright 2018 Russ Allbery <eagle@eyrie.org> +# Copyright 2008-2010 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT use strict; use Test::More tests => 48; @@ -72,7 +73,7 @@ sub owners { # Wallet::Report package has already been loaded. package main; $INC{'Wallet/Report.pm'} = 'FAKE'; -eval { do "$ENV{SOURCE}/../server/wallet-report" }; +eval { do "$ENV{C_TAP_SOURCE}/../server/wallet-report" }; # Run the wallet report client. This fun hack takes advantage of the fact # that the wallet report client is written in Perl so that we can substitute diff --git a/tests/style/obsolete-strings-t b/tests/style/obsolete-strings-t new file mode 100755 index 0000000..b3d8fd4 --- /dev/null +++ b/tests/style/obsolete-strings-t @@ -0,0 +1,102 @@ +#!/usr/bin/perl +# +# Check for obsolete strings in source files. +# +# Examine all source files in a distribution for obsolete strings and report +# on files that fail this check. This catches various transitions I want to +# do globally in all my packages, like changing my personal URLs to https. +# +# The canonical version of this file is maintained in the rra-c-util package, +# which can be found at <https://www.eyrie.org/~eagle/software/rra-c-util/>. +# +# Copyright 2016, 2018 Russ Allbery <eagle@eyrie.org> +# +# Permission is hereby granted, free of charge, to any person obtaining a +# copy of this software and associated documentation files (the "Software"), +# to deal in the Software without restriction, including without limitation +# the rights to use, copy, modify, merge, publish, distribute, sublicense, +# and/or sell copies of the Software, and to permit persons to whom the +# Software is furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL +# THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING +# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER +# DEALINGS IN THE SOFTWARE. +# +# SPDX-License-Identifier: MIT + +use 5.006; +use strict; +use warnings; + +use lib "$ENV{C_TAP_SOURCE}/tap/perl"; + +use File::Basename qw(basename); +use Test::More; +use Test::RRA qw(skip_unless_author); +use Test::RRA::Automake qw(all_files automake_setup); + +# Bad patterns to search for. +my @BAD_REGEXES = (qr{ http:// \S+ [.]eyrie[.]org }xms); +my @BAD_STRINGS = qw(rra@stanford.edu RRA_MAINTAINER_TESTS); + +# File names to exclude from this check. +my %EXCLUDE = map { $_ => 1 } qw(NEWS obsolete-strings.t obsolete-strings-t); + +# Only run this test for the package author, since it doesn't indicate any +# user-noticable flaw in the package itself. +skip_unless_author('Obsolete strings tests'); + +# Set up Automake testing. +automake_setup(); + +# Check a single file for one of the bad patterns. +# +# $path - Path to the file +# +# Returns: undef +sub check_file { + my ($path) = @_; + my $filename = basename($path); + + # Ignore excluded and binary files. + return if $EXCLUDE{$filename}; + return if !-T $path; + + # Scan the file. + open(my $fh, '<', $path) or BAIL_OUT("Cannot open $path"); + while (defined(my $line = <$fh>)) { + for my $regex (@BAD_REGEXES) { + if ($line =~ $regex) { + ok(0, "$path contains $regex"); + close($fh) or BAIL_OUT("Cannot close $path"); + return; + } + } + for my $string (@BAD_STRINGS) { + if (index($line, $string) != -1) { + ok(0, "$path contains $string"); + close($fh) or BAIL_OUT("Cannot close $path"); + return; + } + } + } + close($fh) or BAIL_OUT("Cannot close $path"); + ok(1, $path); + return; +} + +# Scan every file for any of the bad patterns or strings. We don't declare a +# plan since we skip a lot of files and don't want to precalculate the file +# list. +my @paths = all_files(); +for my $path (@paths) { + check_file($path); +} +done_testing(); diff --git a/tests/tap/basic.c b/tests/tap/basic.c index 4f8be04..8624839 100644 --- a/tests/tap/basic.c +++ b/tests/tap/basic.c @@ -10,11 +10,11 @@ * up the TAP output format, or finding things in the test environment. * * This file is part of C TAP Harness. The current version plus supporting - * documentation is at <http://www.eyrie.org/~eagle/software/c-tap-harness/>. + * documentation is at <https://www.eyrie.org/~eagle/software/c-tap-harness/>. * - * Copyright 2009, 2010, 2011, 2012, 2013, 2014, 2015 - * Russ Allbery <eagle@eyrie.org> - * Copyright 2001, 2002, 2004, 2005, 2006, 2007, 2008, 2011, 2012, 2013, 2014 + * Written by Russ Allbery <eagle@eyrie.org> + * Copyright 2009-2018 Russ Allbery <eagle@eyrie.org> + * Copyright 2001-2002, 2004-2008, 2011-2014 * The Board of Trustees of the Leland Stanford Junior University * * Permission is hereby granted, free of charge, to any person obtaining a @@ -34,6 +34,8 @@ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER * DEALINGS IN THE SOFTWARE. + * + * SPDX-License-Identifier: MIT */ #include <errno.h> @@ -128,8 +130,7 @@ static struct diag_file *diag_files = NULL; do { \ if (format != NULL) { \ va_list args; \ - if (prefix != NULL) \ - printf("%s", prefix); \ + printf("%s", prefix); \ va_start(args, format); \ vprintf(format, args); \ va_end(args); \ @@ -489,22 +490,81 @@ skip_block(unsigned long count, const char *reason, ...) /* - * Takes an expected integer and a seen integer and assumes the test passes - * if those two numbers match. + * Takes two boolean values and requires the truth value of both match. + */ +int +is_bool(int left, int right, const char *format, ...) +{ + int success; + + fflush(stderr); + check_diag_files(); + success = (!!left == !!right); + if (success) + printf("ok %lu", testnum++); + else { + diag(" left: %s", !!left ? "true" : "false"); + diag("right: %s", !!right ? "true" : "false"); + printf("not ok %lu", testnum++); + _failed++; + } + PRINT_DESC(" - ", format); + putchar('\n'); + return success; +} + + +/* + * Takes two integer values and requires they match. + */ +int +is_int(long left, long right, const char *format, ...) +{ + int success; + + fflush(stderr); + check_diag_files(); + success = (left == right); + if (success) + printf("ok %lu", testnum++); + else { + diag(" left: %ld", left); + diag("right: %ld", right); + printf("not ok %lu", testnum++); + _failed++; + } + PRINT_DESC(" - ", format); + putchar('\n'); + return success; +} + + +/* + * Takes two strings and requires they match (using strcmp). NULL arguments + * are permitted and handled correctly. */ int -is_int(long wanted, long seen, const char *format, ...) +is_string(const char *left, const char *right, const char *format, ...) { int success; fflush(stderr); check_diag_files(); - success = (wanted == seen); + + /* Compare the strings, being careful of NULL. */ + if (left == NULL) + success = (right == NULL); + else if (right == NULL) + success = 0; + else + success = (strcmp(left, right) == 0); + + /* Report the results. */ if (success) printf("ok %lu", testnum++); else { - diag("wanted: %ld", wanted); - diag(" seen: %ld", seen); + diag(" left: %s", left == NULL ? "(null)" : left); + diag("right: %s", right == NULL ? "(null)" : right); printf("not ok %lu", testnum++); _failed++; } @@ -515,26 +575,22 @@ is_int(long wanted, long seen, const char *format, ...) /* - * Takes a string and what the string should be, and assumes the test passes - * if those strings match (using strcmp). + * Takes two unsigned longs and requires they match. On failure, reports them + * in hex. */ int -is_string(const char *wanted, const char *seen, const char *format, ...) +is_hex(unsigned long left, unsigned long right, const char *format, ...) { int success; - if (wanted == NULL) - wanted = "(null)"; - if (seen == NULL) - seen = "(null)"; fflush(stderr); check_diag_files(); - success = (strcmp(wanted, seen) == 0); + success = (left == right); if (success) printf("ok %lu", testnum++); else { - diag("wanted: %s", wanted); - diag(" seen: %s", seen); + diag(" left: %lx", (unsigned long) left); + diag("right: %lx", (unsigned long) right); printf("not ok %lu", testnum++); _failed++; } @@ -545,22 +601,30 @@ is_string(const char *wanted, const char *seen, const char *format, ...) /* - * Takes an expected unsigned long and a seen unsigned long and assumes the - * test passes if the two numbers match. Otherwise, reports them in hex. + * Takes pointers to a regions of memory and requires that len bytes from each + * match. Otherwise reports any bytes which didn't match. */ int -is_hex(unsigned long wanted, unsigned long seen, const char *format, ...) +is_blob(const void *left, const void *right, size_t len, const char *format, + ...) { int success; + size_t i; fflush(stderr); check_diag_files(); - success = (wanted == seen); + success = (memcmp(left, right, len) == 0); if (success) printf("ok %lu", testnum++); else { - diag("wanted: %lx", (unsigned long) wanted); - diag(" seen: %lx", (unsigned long) seen); + const unsigned char *left_c = left; + const unsigned char *right_c = right; + + for (i = 0; i < len; i++) { + if (left_c[i] != right_c[i]) + diag("offset %lu: left %02x, right %02x", (unsigned long) i, + left_c[i], right_c[i]); + } printf("not ok %lu", testnum++); _failed++; } @@ -769,6 +833,8 @@ breallocarray(void *p, size_t n, size_t size) { if (n > 0 && UINT_MAX / n <= size) bail("reallocarray too large"); + if (n == 0) + n = 1; p = realloc(p, n * size); if (p == NULL) sysbail("failed to realloc %lu bytes", (unsigned long) (n * size)); @@ -820,17 +886,17 @@ bstrndup(const char *s, size_t n) /* - * Locate a test file. Given the partial path to a file, look under BUILD and - * then SOURCE for the file and return the full path to the file. Returns - * NULL if the file doesn't exist. A non-NULL return should be freed with - * test_file_path_free(). + * Locate a test file. Given the partial path to a file, look under + * C_TAP_BUILD and then C_TAP_SOURCE for the file and return the full path to + * the file. Returns NULL if the file doesn't exist. A non-NULL return + * should be freed with test_file_path_free(). */ char * test_file_path(const char *file) { char *base; char *path = NULL; - const char *envs[] = { "BUILD", "SOURCE", NULL }; + const char *envs[] = { "C_TAP_BUILD", "C_TAP_SOURCE", NULL }; int i; for (i = 0; envs[i] != NULL; i++) { @@ -860,7 +926,7 @@ test_file_path_free(char *path) /* - * Create a temporary directory, tmp, under BUILD if set and the current + * Create a temporary directory, tmp, under C_TAP_BUILD if set and the current * directory if it does not. Returns the path to the temporary directory in * newly allocated memory, and calls bail on any failure. The return value * should be freed with test_tmpdir_free. @@ -875,7 +941,7 @@ test_tmpdir(void) const char *build; char *path = NULL; - build = getenv("BUILD"); + build = getenv("C_TAP_BUILD"); if (build == NULL) build = "."; path = concat(build, "/tmp", (const char *) 0); diff --git a/tests/tap/basic.h b/tests/tap/basic.h index 4ecaaec..3f46e4f 100644 --- a/tests/tap/basic.h +++ b/tests/tap/basic.h @@ -2,11 +2,11 @@ * Basic utility routines for the TAP protocol. * * This file is part of C TAP Harness. The current version plus supporting - * documentation is at <http://www.eyrie.org/~eagle/software/c-tap-harness/>. + * documentation is at <https://www.eyrie.org/~eagle/software/c-tap-harness/>. * - * Copyright 2009, 2010, 2011, 2012, 2013, 2014, 2015 - * Russ Allbery <eagle@eyrie.org> - * Copyright 2001, 2002, 2004, 2005, 2006, 2007, 2008, 2011, 2012, 2014 + * Written by Russ Allbery <eagle@eyrie.org> + * Copyright 2009-2018 Russ Allbery <eagle@eyrie.org> + * Copyright 2001-2002, 2004-2008, 2011-2012, 2014 * The Board of Trustees of the Leland Stanford Junior University * * Permission is hereby granted, free of charge, to any person obtaining a @@ -26,6 +26,8 @@ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER * DEALINGS IN THE SOFTWARE. + * + * SPDX-License-Identifier: MIT */ #ifndef TAP_BASIC_H @@ -88,15 +90,21 @@ void skip_block(unsigned long count, const char *reason, ...) __attribute__((__format__(printf, 2, 3))); /* - * Check an expected value against a seen value. Returns true if the test - * passes and false if it fails. + * Compare two values. Returns true if the test passes and false if it fails. + * is_bool takes an int since the bool type isn't fully portable yet, but + * interprets both arguments for their truth value, not for their numeric + * value. */ -int is_int(long wanted, long seen, const char *format, ...) +int is_bool(int, int, const char *format, ...) + __attribute__((__format__(printf, 3, 4))); +int is_int(long, long, const char *format, ...) __attribute__((__format__(printf, 3, 4))); -int is_string(const char *wanted, const char *seen, const char *format, ...) +int is_string(const char *, const char *, const char *format, ...) __attribute__((__format__(printf, 3, 4))); -int is_hex(unsigned long wanted, unsigned long seen, const char *format, ...) +int is_hex(unsigned long, unsigned long, const char *format, ...) __attribute__((__format__(printf, 3, 4))); +int is_blob(const void *, const void *, size_t, const char *format, ...) + __attribute__((__format__(printf, 4, 5))); /* Bail out with an error. sysbail appends strerror(errno). */ void bail(const char *format, ...) @@ -137,16 +145,16 @@ char *bstrndup(const char *, size_t) __attribute__((__malloc__, __nonnull__, __warn_unused_result__)); /* - * Find a test file under BUILD or SOURCE, returning the full path. The - * returned path should be freed with test_file_path_free(). + * Find a test file under C_TAP_BUILD or C_TAP_SOURCE, returning the full + * path. The returned path should be freed with test_file_path_free(). */ char *test_file_path(const char *file) __attribute__((__malloc__, __nonnull__, __warn_unused_result__)); void test_file_path_free(char *path); /* - * Create a temporary directory relative to BUILD and return the path. The - * returned path should be freed with test_tmpdir_free. + * Create a temporary directory relative to C_TAP_BUILD and return the path. + * The returned path should be freed with test_tmpdir_free(). */ char *test_tmpdir(void) __attribute__((__malloc__, __warn_unused_result__)); diff --git a/tests/tap/kerberos.c b/tests/tap/kerberos.c index 6a5025a..89a36a3 100644 --- a/tests/tap/kerberos.c +++ b/tests/tap/kerberos.c @@ -12,10 +12,11 @@ * are available. * * The canonical version of this file is maintained in the rra-c-util package, - * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>. + * which can be found at <https://www.eyrie.org/~eagle/software/rra-c-util/>. * * Written by Russ Allbery <eagle@eyrie.org> - * Copyright 2006, 2007, 2009, 2010, 2011, 2012, 2013, 2014 + * Copyright 2017 Russ Allbery <eagle@eyrie.org> + * Copyright 2006-2007, 2009-2014 * The Board of Trustees of the Leland Stanford Junior University * * Permission is hereby granted, free of charge, to any person obtaining a @@ -35,6 +36,8 @@ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER * DEALINGS IN THE SOFTWARE. + * + * SPDX-License-Identifier: MIT */ #include <config.h> @@ -361,7 +364,7 @@ kerberos_setup(enum kerberos_needs needs) path = test_file_path("config/pkinit-principal"); if (path != NULL) file = fopen(path, "r"); - if (file != NULL) { + if (path != NULL && file != NULL) { if (fgets(buffer, sizeof(buffer), file) == NULL) bail("cannot read %s", path); if (buffer[strlen(buffer) - 1] != '\n') @@ -457,17 +460,19 @@ kerberos_generate_conf(const char *realm) /* - * Report a Kerberos error and bail out. + * Report a Kerberos error and bail out. Takes a long instead of a + * krb5_error_code because it can also handle a kadm5_ret_t (which may be a + * different size). */ void -bail_krb5(krb5_context ctx, krb5_error_code code, const char *format, ...) +bail_krb5(krb5_context ctx, long code, const char *format, ...) { const char *k5_msg = NULL; char *message; va_list args; if (ctx != NULL) - k5_msg = krb5_get_error_message(ctx, code); + k5_msg = krb5_get_error_message(ctx, (krb5_error_code) code); va_start(args, format); bvasprintf(&message, format, args); va_end(args); @@ -479,17 +484,19 @@ bail_krb5(krb5_context ctx, krb5_error_code code, const char *format, ...) /* - * Report a Kerberos error as a diagnostic to stderr. + * Report a Kerberos error as a diagnostic to stderr. Takes a long instead of + * a krb5_error_code because it can also handle a kadm5_ret_t (which may be a + * different size). */ void -diag_krb5(krb5_context ctx, krb5_error_code code, const char *format, ...) +diag_krb5(krb5_context ctx, long code, const char *format, ...) { const char *k5_msg = NULL; char *message; va_list args; if (ctx != NULL) - k5_msg = krb5_get_error_message(ctx, code); + k5_msg = krb5_get_error_message(ctx, (krb5_error_code) code); va_start(args, format); bvasprintf(&message, format, args); va_end(args); @@ -524,14 +531,12 @@ kerberos_keytab_principal(krb5_context ctx, const char *path) if (status != 0) bail_krb5(ctx, status, "error reading %s", path); status = krb5_kt_next_entry(ctx, keytab, &entry, &cursor); - if (status == 0) { - status = krb5_copy_principal(ctx, entry.principal, &princ); - if (status != 0) - bail_krb5(ctx, status, "error copying principal from %s", path); - krb5_kt_free_entry(ctx, &entry); - } if (status != 0) bail("no principal found in keytab file %s", path); + status = krb5_copy_principal(ctx, entry.principal, &princ); + if (status != 0) + bail_krb5(ctx, status, "error copying principal from %s", path); + krb5_kt_free_entry(ctx, &entry); krb5_kt_end_seq_get(ctx, keytab, &cursor); krb5_kt_close(ctx, keytab); return princ; diff --git a/tests/tap/kerberos.h b/tests/tap/kerberos.h index 26f45f9..c256822 100644 --- a/tests/tap/kerberos.h +++ b/tests/tap/kerberos.h @@ -2,10 +2,11 @@ * Utility functions for tests that use Kerberos. * * The canonical version of this file is maintained in the rra-c-util package, - * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>. + * which can be found at <https://www.eyrie.org/~eagle/software/rra-c-util/>. * * Written by Russ Allbery <eagle@eyrie.org> - * Copyright 2006, 2007, 2009, 2011, 2012, 2013, 2014 + * Copyright 2017 Russ Allbery <eagle@eyrie.org> + * Copyright 2006-2007, 2009, 2011-2014 * The Board of Trustees of the Leland Stanford Junior University * * Permission is hereby granted, free of charge, to any person obtaining a @@ -25,6 +26,8 @@ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER * DEALINGS IN THE SOFTWARE. + * + * SPDX-License-Identifier: MIT */ #ifndef TAP_KERBEROS_H @@ -107,12 +110,12 @@ void kerberos_cleanup_conf(void); #ifdef HAVE_KRB5 /* Bail out with an error, appending the Kerberos error message. */ -void bail_krb5(krb5_context, krb5_error_code, const char *format, ...) - __attribute__((__noreturn__, __nonnull__, __format__(printf, 3, 4))); +void bail_krb5(krb5_context, long, const char *format, ...) + __attribute__((__noreturn__, __nonnull__(3), __format__(printf, 3, 4))); /* Report a diagnostic with Kerberos error to stderr prefixed with #. */ -void diag_krb5(krb5_context, krb5_error_code, const char *format, ...) - __attribute__((__nonnull__, __format__(printf, 3, 4))); +void diag_krb5(krb5_context, long, const char *format, ...) + __attribute__((__nonnull__(3), __format__(printf, 3, 4))); /* * Given a Kerberos context and the path to a keytab, retrieve the principal diff --git a/tests/tap/kerberos.sh b/tests/tap/kerberos.sh index e970ae5..13b540d 100644 --- a/tests/tap/kerberos.sh +++ b/tests/tap/kerberos.sh @@ -6,10 +6,11 @@ # Bourne shell. Instead, all private variables are prefixed with "tap_". # # The canonical version of this file is maintained in the rra-c-util package, -# which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>. +# which can be found at <https://www.eyrie.org/~eagle/software/rra-c-util/>. # # Written by Russ Allbery <eagle@eyrie.org> -# Copyright 2009, 2010, 2011, 2012 +# Copyright 2016 Russ Allbery <eagle@eyrie.org> +# Copyright 2009-2012 # The Board of Trustees of the Leland Stanford Junior University # # Permission is hereby granted, free of charge, to any person obtaining a @@ -29,9 +30,10 @@ # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING # FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER # DEALINGS IN THE SOFTWARE. +# +# SPDX-License-Identifier: MIT -# We use test_tmpdir. -. "${SOURCE}/tap/libtap.sh" +. "${C_TAP_SOURCE}/tap/libtap.sh" # Set up Kerberos, including the ticket cache environment variable. Bail out # if not successful, return 0 if successful, and return 1 if Kerberos is not diff --git a/tests/tap/libtap.sh b/tests/tap/libtap.sh index 9731032..38181d9 100644 --- a/tests/tap/libtap.sh +++ b/tests/tap/libtap.sh @@ -7,10 +7,10 @@ # # This file provides a TAP-compatible shell function library useful for # writing test cases. It is part of C TAP Harness, which can be found at -# <http://www.eyrie.org/~eagle/software/c-tap-harness/>. +# <https://www.eyrie.org/~eagle/software/c-tap-harness/>. # # Written by Russ Allbery <eagle@eyrie.org> -# Copyright 2009, 2010, 2011, 2012 Russ Allbery <eagle@eyrie.org> +# Copyright 2009, 2010, 2011, 2012, 2016 Russ Allbery <eagle@eyrie.org> # Copyright 2006, 2007, 2008, 2013 # The Board of Trustees of the Leland Stanford Junior University # @@ -31,6 +31,8 @@ # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING # FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS # IN THE SOFTWARE. +# +# SPDX-License-Identifier: MIT # Print out the number of test cases we expect to run. plan () { @@ -212,32 +214,32 @@ diag () { echo '#' "$@" } -# Search for the given file first in $BUILD and then in $SOURCE and echo the -# path where the file was found, or the empty string if the file wasn't -# found. +# Search for the given file first in $C_TAP_BUILD and then in $C_TAP_SOURCE +# and echo the path where the file was found, or the empty string if the file +# wasn't found. # # This macro uses puts, so don't run it using backticks inside double quotes # or bizarre quoting behavior will happen with Solaris sh. test_file_path () { - if [ -n "$BUILD" ] && [ -f "$BUILD/$1" ] ; then - puts "$BUILD/$1" - elif [ -n "$SOURCE" ] && [ -f "$SOURCE/$1" ] ; then - puts "$SOURCE/$1" + if [ -n "$C_TAP_BUILD" ] && [ -f "$C_TAP_BUILD/$1" ] ; then + puts "$C_TAP_BUILD/$1" + elif [ -n "$C_TAP_SOURCE" ] && [ -f "$C_TAP_SOURCE/$1" ] ; then + puts "$C_TAP_SOURCE/$1" else echo '' fi } -# Create $BUILD/tmp for use by tests for storing temporary files and return -# the path (via standard output). +# Create $C_TAP_BUILD/tmp for use by tests for storing temporary files and +# return the path (via standard output). # # This macro uses puts, so don't run it using backticks inside double quotes # or bizarre quoting behavior will happen with Solaris sh. test_tmpdir () { - if [ -z "$BUILD" ] ; then + if [ -z "$C_TAP_BUILD" ] ; then tap_tmpdir="./tmp" else - tap_tmpdir="$BUILD"/tmp + tap_tmpdir="$C_TAP_BUILD"/tmp fi if [ ! -d "$tap_tmpdir" ] ; then mkdir "$tap_tmpdir" || bail "Error creating $tap_tmpdir" diff --git a/tests/tap/macros.h b/tests/tap/macros.h index 139cff0..32ed815 100644 --- a/tests/tap/macros.h +++ b/tests/tap/macros.h @@ -6,7 +6,7 @@ * everyone can pull them in. * * This file is part of C TAP Harness. The current version plus supporting - * documentation is at <http://www.eyrie.org/~eagle/software/c-tap-harness/>. + * documentation is at <https://www.eyrie.org/~eagle/software/c-tap-harness/>. * * Copyright 2008, 2012, 2013, 2015 Russ Allbery <eagle@eyrie.org> * @@ -27,6 +27,8 @@ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER * DEALINGS IN THE SOFTWARE. + * + * SPDX-License-Identifier: MIT */ #ifndef TAP_MACROS_H diff --git a/tests/tap/messages.c b/tests/tap/messages.c index 9c28789..a720ec7 100644 --- a/tests/tap/messages.c +++ b/tests/tap/messages.c @@ -6,10 +6,11 @@ * handling. * * The canonical version of this file is maintained in the rra-c-util package, - * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>. + * which can be found at <https://www.eyrie.org/~eagle/software/rra-c-util/>. * - * Copyright 2002, 2004, 2005, 2015 Russ Allbery <eagle@eyrie.org> - * Copyright 2006, 2007, 2009, 2012, 2014 + * Written by Russ Allbery <eagle@eyrie.org> + * Copyright 2002, 2004-2005, 2015 Russ Allbery <eagle@eyrie.org> + * Copyright 2006-2007, 2009, 2012, 2014 * The Board of Trustees of the Leland Stanford Junior University * * Permission is hereby granted, free of charge, to any person obtaining a @@ -29,6 +30,8 @@ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER * DEALINGS IN THE SOFTWARE. + * + * SPDX-License-Identifier: MIT */ #include <config.h> diff --git a/tests/tap/messages.h b/tests/tap/messages.h index 985b9cd..3076113 100644 --- a/tests/tap/messages.h +++ b/tests/tap/messages.h @@ -2,10 +2,11 @@ * Utility functions to test message handling. * * The canonical version of this file is maintained in the rra-c-util package, - * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>. + * which can be found at <https://www.eyrie.org/~eagle/software/rra-c-util/>. * + * Written by Russ Allbery <eagle@eyrie.org> * Copyright 2002 Russ Allbery <eagle@eyrie.org> - * Copyright 2006, 2007, 2009 + * Copyright 2006-2007, 2009 * The Board of Trustees of the Leland Stanford Junior University * * Permission is hereby granted, free of charge, to any person obtaining a @@ -25,6 +26,8 @@ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER * DEALINGS IN THE SOFTWARE. + * + * SPDX-License-Identifier: MIT */ #ifndef TAP_MESSAGES_H diff --git a/tests/tap/perl/Test/RRA.pm b/tests/tap/perl/Test/RRA.pm index 8608e31..807508c 100644 --- a/tests/tap/perl/Test/RRA.pm +++ b/tests/tap/perl/Test/RRA.pm @@ -5,6 +5,8 @@ # by both C packages with Automake and by stand-alone Perl modules. See # Test::RRA::Automake for additional functions specifically for C Automake # distributions. +# +# SPDX-License-Identifier: MIT package Test::RRA; @@ -13,6 +15,7 @@ use strict; use warnings; use Exporter; +use File::Temp; use Test::More; # For Perl 5.006 compatibility. @@ -26,12 +29,56 @@ our (@EXPORT_OK, @ISA, $VERSION); # consistency is good). BEGIN { @ISA = qw(Exporter); - @EXPORT_OK = qw(skip_unless_author skip_unless_automated use_prereq); + @EXPORT_OK = qw( + is_file_contents skip_unless_author skip_unless_automated use_prereq + ); # This version should match the corresponding rra-c-util release, but with # two digits for the minor version, including a leading zero if necessary, # so that it will sort properly. - $VERSION = '5.10'; + $VERSION = '7.02'; +} + +# Compare a string to the contents of a file, similar to the standard is() +# function, but to show the line-based unified diff between them if they +# differ. +# +# $got - The output that we received +# $expected - The path to the file containing the expected output +# $message - The message to use when reporting the test results +# +# Returns: undef +# Throws: Exception on failure to read or write files or run diff +sub is_file_contents { + my ($got, $expected, $message) = @_; + + # If they're equal, this is simple. + open(my $fh, '<', $expected) or BAIL_OUT("Cannot open $expected: $!\n"); + my $data = do { local $/ = undef; <$fh> }; + close($fh) or BAIL_OUT("Cannot close $expected: $!\n"); + if ($got eq $data) { + is($got, $data, $message); + return; + } + + # Otherwise, we show a diff, but only if we have IPC::System::Simple. + eval { require IPC::System::Simple }; + if ($@) { + ok(0, $message); + return; + } + + # They're not equal. Write out what we got so that we can run diff. + my $tmp = File::Temp->new(); + my $tmpname = $tmp->filename; + print {$tmp} $got or BAIL_OUT("Cannot write to $tmpname: $!\n"); + my @command = ('diff', '-u', $expected, $tmpname); + my $diff = IPC::System::Simple::capturex([0 .. 1], @command); + diag($diff); + + # Remove the temporary file and report failure. + ok(0, $message); + return; } # Skip this test unless author tests are requested. Takes a short description @@ -225,10 +272,14 @@ SOFTWARE. Test::More(3), Test::RRA::Automake(3), Test::RRA::Config(3) This module is maintained in the rra-c-util package. The current version is -available from L<http://www.eyrie.org/~eagle/software/rra-c-util/>. +available from L<https://www.eyrie.org/~eagle/software/rra-c-util/>. The functions to control when tests are run use environment variables defined by the L<Lancaster Consensus|https://github.com/Perl-Toolchain-Gang/toolchain-site/blob/master/lancaster-consensus.md>. =cut + +# Local Variables: +# copyright-at-end-flag: t +# End: diff --git a/tests/tap/perl/Test/RRA/Automake.pm b/tests/tap/perl/Test/RRA/Automake.pm index c6399ec..e4db56c 100644 --- a/tests/tap/perl/Test/RRA/Automake.pm +++ b/tests/tap/perl/Test/RRA/Automake.pm @@ -7,8 +7,11 @@ # require closely following the conventions implemented by the rra-c-util # utility collection. # -# All the functions here assume that BUILD and SOURCE are set in the -# environment. This is normally done via the C TAP Harness runtests wrapper. +# All the functions here assume that C_TAP_BUILD and C_TAP_SOURCE are set in +# the environment. This is normally done via the C TAP Harness runtests +# wrapper. +# +# SPDX-License-Identifier: MIT package Test::RRA::Automake; @@ -20,6 +23,7 @@ use warnings; ## no critic (ClassHierarchies::ProhibitExplicitISA) use Exporter; +use File::Find qw(find); use File::Spec; use Test::More; use Test::RRA::Config qw($LIBRARY_PATH); @@ -34,9 +38,9 @@ BEGIN { $PERL_BLIB_ARCH = File::Spec->catdir(qw(perl blib arch)); $PERL_BLIB_LIB = File::Spec->catdir(qw(perl blib lib)); - # If BUILD is set, we can come up with better values. - if (defined($ENV{BUILD})) { - my ($vol, $dirs) = File::Spec->splitpath($ENV{BUILD}, 1); + # If C_TAP_BUILD is set, we can come up with better values. + if (defined($ENV{C_TAP_BUILD})) { + my ($vol, $dirs) = File::Spec->splitpath($ENV{C_TAP_BUILD}, 1); my @dirs = File::Spec->splitdir($dirs); pop(@dirs); $PERL_BLIB_ARCH = File::Spec->catdir(@dirs, qw(perl blib arch)); @@ -57,47 +61,95 @@ our (@EXPORT_OK, @ISA, $VERSION); # consistency is good). BEGIN { @ISA = qw(Exporter); - @EXPORT_OK = qw(automake_setup perl_dirs test_file_path test_tmpdir); + @EXPORT_OK = qw( + all_files automake_setup perl_dirs test_file_path test_tmpdir + ); # This version should match the corresponding rra-c-util release, but with # two digits for the minor version, including a leading zero if necessary, # so that it will sort properly. - $VERSION = '5.10'; + $VERSION = '7.02'; } -# Perl directories to skip globally for perl_dirs. We ignore the perl -# directory if it exists since, in my packages, it is treated as a Perl module -# distribution and has its own standalone test suite. -my @GLOBAL_SKIP = qw(.git _build perl); +# Directories to skip globally when looking for all files, or for directories +# that could contain Perl files. +my @GLOBAL_SKIP = qw( + .git _build autom4te.cache build-aux perl/_build perl/blib +); + +# Additional paths to skip when building a list of all files in the +# distribution. This primarily skips build artifacts that aren't interesting +# to any of the tests. These match any path component. +my @FILES_SKIP = qw( + .deps .dirstamp .libs aclocal.m4 config.h config.h.in config.h.in~ config.log + config.status configure +); # The temporary directory created by test_tmpdir, if any. If this is set, # attempt to remove the directory stored here on program exit (but ignore # failure to do so). my $TMPDIR; +# Returns a list of all files in the distribution. +# +# Returns: List of files +sub all_files { + my @files; + + # Turn the skip lists into hashes for ease of querying. + my %skip = map { $_ => 1 } @GLOBAL_SKIP; + my %files_skip = map { $_ => 1 } @FILES_SKIP; + + # Wanted function for find. Prune anything matching either of the skip + # lists, or *.lo files, and then add all regular files to the list. + my $wanted = sub { + my $file = $_; + my $path = $File::Find::name; + $path =~ s{ \A [.]/ }{}xms; + if ($skip{$path} || $files_skip{$file} || $file =~ m{ [.] lo \z }xms) { + $File::Find::prune = 1; + return; + } + if (-f $file) { + push(@files, $path); + } + }; + + # Do the recursive search and return the results. + find($wanted, q{.}); + return @files; +} + # Perform initial test setup for running a Perl test in an Automake package. -# This verifies that BUILD and SOURCE are set and then changes directory to -# the SOURCE directory by default. Sets LD_LIBRARY_PATH if the $LIBRARY_PATH -# configuration option is set. Calls BAIL_OUT if BUILD or SOURCE are missing -# or if anything else fails. +# This verifies that C_TAP_BUILD and C_TAP_SOURCE are set and then changes +# directory to the C_TAP_SOURCE directory by default. Sets LD_LIBRARY_PATH if +# the $LIBRARY_PATH configuration option is set. Calls BAIL_OUT if +# C_TAP_BUILD or C_TAP_SOURCE are missing or if anything else fails. # # $args_ref - Reference to a hash of arguments to configure behavior: -# chdir_build - If set to a true value, changes to BUILD instead of SOURCE +# chdir_build - If set to a true value, changes to C_TAP_BUILD instead of +# C_TAP_SOURCE # # Returns: undef sub automake_setup { my ($args_ref) = @_; - # Bail if BUILD or SOURCE are not set. - if (!$ENV{BUILD}) { - BAIL_OUT('BUILD not defined (run under runtests)'); + # Bail if C_TAP_BUILD or C_TAP_SOURCE are not set. + if (!$ENV{C_TAP_BUILD}) { + BAIL_OUT('C_TAP_BUILD not defined (run under runtests)'); } - if (!$ENV{SOURCE}) { - BAIL_OUT('SOURCE not defined (run under runtests)'); + if (!$ENV{C_TAP_SOURCE}) { + BAIL_OUT('C_TAP_SOURCE not defined (run under runtests)'); } - # BUILD or SOURCE will be the test directory. Change to the parent. - my $start = $args_ref->{chdir_build} ? $ENV{BUILD} : $ENV{SOURCE}; + # C_TAP_BUILD or C_TAP_SOURCE will be the test directory. Change to the + # parent. + my $start; + if ($args_ref->{chdir_build}) { + $start = $ENV{C_TAP_BUILD}; + } else { + $start = $ENV{C_TAP_SOURCE}; + } my ($vol, $dirs) = File::Spec->splitpath($start, 1); my @dirs = File::Spec->splitdir($dirs); pop(@dirs); @@ -116,8 +168,9 @@ sub automake_setup { my $root = File::Spec->catpath($vol, File::Spec->catdir(@dirs), q{}); chdir($root) or BAIL_OUT("cannot chdir to $root: $!"); - # If BUILD is a subdirectory of SOURCE, add it to the global ignore list. - my ($buildvol, $builddirs) = File::Spec->splitpath($ENV{BUILD}, 1); + # If C_TAP_BUILD is a subdirectory of C_TAP_SOURCE, add it to the global + # ignore list. + my ($buildvol, $builddirs) = File::Spec->splitpath($ENV{C_TAP_BUILD}, 1); my @builddirs = File::Spec->splitdir($builddirs); pop(@builddirs); if ($buildvol eq $vol && @builddirs == @dirs + 1) { @@ -162,9 +215,11 @@ sub automake_setup { sub perl_dirs { my ($args_ref) = @_; - # Add the global skip list. + # Add the global skip list. We also ignore the perl directory if it + # exists since, in my packages, it is treated as a Perl module + # distribution and has its own standalone test suite. my @skip = $args_ref->{skip} ? @{ $args_ref->{skip} } : (); - push(@skip, @GLOBAL_SKIP); + push(@skip, @GLOBAL_SKIP, 'perl'); # Separate directories to skip under tests from top-level directories. my @skip_tests = grep { m{ \A tests/ }xms } @skip; @@ -206,9 +261,9 @@ sub perl_dirs { return @dirs; } -# Find a configuration file for the test suite. Searches relative to BUILD -# first and then SOURCE and returns whichever is found first. Calls BAIL_OUT -# if the file could not be found. +# Find a configuration file for the test suite. Searches relative to +# C_TAP_BUILD first and then C_TAP_SOURCE and returns whichever is found +# first. Calls BAIL_OUT if the file could not be found. # # $file - Partial path to the file # @@ -216,7 +271,7 @@ sub perl_dirs { sub test_file_path { my ($file) = @_; BASE: - for my $base ($ENV{BUILD}, $ENV{SOURCE}) { + for my $base ($ENV{C_TAP_BUILD}, $ENV{C_TAP_SOURCE}) { next if !defined($base); if (-f "$base/$file") { return "$base/$file"; @@ -236,11 +291,16 @@ sub test_tmpdir { my $path; # If we already figured out what directory to use, reuse the same path. - # Otherwise, create a directory relative to BUILD if set. + # Otherwise, create a directory relative to C_TAP_BUILD if set. if (defined($TMPDIR)) { $path = $TMPDIR; } else { - my $base = defined($ENV{BUILD}) ? $ENV{BUILD} : File::Spec->curdir; + my $base; + if (defined($ENV{C_TAP_BUILD})) { + $base = $ENV{C_TAP_BUILD}; + } else { + $base = File::Spec->curdir; + } $path = File::Spec->catdir($base, 'tmp'); } @@ -297,11 +357,11 @@ layout of a package that uses rra-c-util and C TAP Harness for the test structure. Loading this module will also add the directories C<perl/blib/arch> and -C<perl/blib/lib> to the Perl library search path, relative to BUILD if that -environment variable is set. This is harmless for C Automake projects that -don't contain an embedded Perl module, and for those projects that do, this -will allow subsequent C<use> calls to find modules that are built as part of -the package build process. +C<perl/blib/lib> to the Perl library search path, relative to C_TAP_BUILD if +that environment variable is set. This is harmless for C Automake projects +that don't contain an embedded Perl module, and for those projects that do, +this will allow subsequent C<use> calls to find modules that are built as part +of the package build process. The automake_setup() function should be called before calling any other functions provided by this module. @@ -314,11 +374,20 @@ BAIL_OUT (from Test::More). =over 4 +=item all_files() + +Returns a list of all "interesting" files in the distribution that a test +suite may want to look at. This excludes various products of the build system, +the build directory if it's under the source directory, and a few other +uninteresting directories like F<.git>. The returned paths will be paths +relative to the root of the package. + =item automake_setup([ARGS]) -Verifies that the BUILD and SOURCE environment variables are set and then -changes directory to the top of the source tree (which is one directory up -from the SOURCE path, since SOURCE points to the top of the tests directory). +Verifies that the C_TAP_BUILD and C_TAP_SOURCE environment variables are set +and then changes directory to the top of the source tree (which is one +directory up from the C_TAP_SOURCE path, since C_TAP_SOURCE points to the top +of the tests directory). If ARGS is given, it should be a reference to a hash of configuration options. Only one option is supported: C<chdir_build>. If it is set to a true value, @@ -343,30 +412,46 @@ C<tests/> that should be skipped. Given FILE, which should be a relative path, locates that file relative to the test directory in either the source or build tree. FILE will be checked for -relative to the environment variable BUILD first, and then relative to SOURCE. -test_file_path() returns the full path to FILE or calls BAIL_OUT if FILE could -not be found. +relative to the environment variable C_TAP_BUILD first, and then relative to +C_TAP_SOURCE. test_file_path() returns the full path to FILE or calls +BAIL_OUT if FILE could not be found. =item test_tmpdir() Create a temporary directory for tests to use for transient files and return -the path to that directory. The directory is created relative to the BUILD -environment variable, which must be set. Permissions on the directory are set -using the current umask. test_tmpdir() returns the full path to the temporary -directory or calls BAIL_OUT if it could not be created. +the path to that directory. The directory is created relative to the +C_TAP_BUILD environment variable, which must be set. Permissions on the +directory are set using the current umask. test_tmpdir() returns the full +path to the temporary directory or calls BAIL_OUT if it could not be created. The directory is automatically removed if possible on program exit. Failure to remove the directory on exit is reported with diag() and otherwise ignored. =back +=head1 ENVIRONMENT + +=over 4 + +=item C_TAP_BUILD + +The root of the tests directory in Automake build directory for this package, +used to find files as documented above. + +=item C_TAP_SOURCE + +The root of the tests directory in the source tree for this package, used to +find files as documented above. + +=back + =head1 AUTHOR Russ Allbery <eagle@eyrie.org> =head1 COPYRIGHT AND LICENSE -Copyright 2014, 2015 Russ Allbery <eagle@eyrie.org> +Copyright 2014, 2015, 2018 Russ Allbery <eagle@eyrie.org> Copyright 2013 The Board of Trustees of the Leland Stanford Junior University @@ -393,9 +478,13 @@ SOFTWARE. Test::More(3), Test::RRA(3), Test::RRA::Config(3) This module is maintained in the rra-c-util package. The current version is -available from L<http://www.eyrie.org/~eagle/software/rra-c-util/>. +available from L<https://www.eyrie.org/~eagle/software/rra-c-util/>. The C TAP Harness test driver and libraries for TAP-based C testing are -available from L<http://www.eyrie.org/~eagle/software/c-tap-harness/>. +available from L<https://www.eyrie.org/~eagle/software/c-tap-harness/>. =cut + +# Local Variables: +# copyright-at-end-flag: t +# End: diff --git a/tests/tap/perl/Test/RRA/Config.pm b/tests/tap/perl/Test/RRA/Config.pm index a5b0d0d..7cb0916 100644 --- a/tests/tap/perl/Test/RRA/Config.pm +++ b/tests/tap/perl/Test/RRA/Config.pm @@ -4,6 +4,8 @@ # configuration file to store some package-specific data. This module loads # that configuration and provides the namespace for the configuration # settings. +# +# SPDX-License-Identifier: MIT package Test::RRA::Config; @@ -34,16 +36,16 @@ BEGIN { # This version should match the corresponding rra-c-util release, but with # two digits for the minor version, including a leading zero if necessary, # so that it will sort properly. - $VERSION = '5.10'; + $VERSION = '7.02'; } -# If BUILD or SOURCE are set in the environment, look for data/perl.conf under -# those paths for a C Automake package. Otherwise, look in t/data/perl.conf -# for a standalone Perl module or tests/data/perl.conf for Perl tests embedded -# in a larger distribution. Don't use Test::RRA::Automake since it may not -# exist. +# If C_TAP_BUILD or C_TAP_SOURCE are set in the environment, look for +# data/perl.conf under those paths for a C Automake package. Otherwise, look +# in t/data/perl.conf for a standalone Perl module or tests/data/perl.conf for +# Perl tests embedded in a larger distribution. Don't use Test::RRA::Automake +# since it may not exist. our $PATH; -for my $base ($ENV{BUILD}, $ENV{SOURCE}, 't', 'tests') { +for my $base ($ENV{C_TAP_BUILD}, $ENV{C_TAP_SOURCE}, './t', './tests') { next if !defined($base); my $path = "$base/data/perl.conf"; if (-r $path) { @@ -70,7 +72,7 @@ our @STRICT_PREREQ; # Load the configuration. if (!do($PATH)) { my $error = $@ || $! || 'loading file did not return true'; - BAIL_OUT("cannot load data/perl.conf: $error"); + BAIL_OUT("cannot load $PATH: $error"); } 1; @@ -98,10 +100,10 @@ for both C Automake packages and stand-alone Perl modules. Test::RRA::Config looks for a file named F<data/perl.conf> relative to the root of the test directory. That root is taken from the environment variables -BUILD or SOURCE (in that order) if set, which will be the case for C Automake -packages using C TAP Harness. If neither is set, it expects the root of the -test directory to be a directory named F<t> relative to the current directory, -which will be the case for stand-alone Perl modules. +C_TAP_BUILD or C_TAP_SOURCE (in that order) if set, which will be the case for +C Automake packages using C TAP Harness. If neither is set, it expects the +root of the test directory to be a directory named F<t> relative to the +current directory, which will be the case for stand-alone Perl modules. The following variables are supported: @@ -185,6 +187,8 @@ Russ Allbery <eagle@eyrie.org> =head1 COPYRIGHT AND LICENSE +Copyright 2015, 2016 Russ Allbery <eagle@eyrie.org> + Copyright 2013, 2014 The Board of Trustees of the Leland Stanford Junior University @@ -212,9 +216,13 @@ perlcritic(1), Test::MinimumVersion(3), Test::RRA(3), Test::RRA::Automake(3), Test::Strict(3) This module is maintained in the rra-c-util package. The current version is -available from L<http://www.eyrie.org/~eagle/software/rra-c-util/>. +available from L<https://www.eyrie.org/~eagle/software/rra-c-util/>. The C TAP Harness test driver and libraries for TAP-based C testing are -available from L<http://www.eyrie.org/~eagle/software/c-tap-harness/>. +available from L<https://www.eyrie.org/~eagle/software/c-tap-harness/>. =cut + +# Local Variables: +# copyright-at-end-flag: t +# End: diff --git a/tests/tap/perl/Test/RRA/ModuleVersion.pm b/tests/tap/perl/Test/RRA/ModuleVersion.pm index f02877a..49acac4 100644 --- a/tests/tap/perl/Test/RRA/ModuleVersion.pm +++ b/tests/tap/perl/Test/RRA/ModuleVersion.pm @@ -3,6 +3,8 @@ # This module contains the common code for testing and updating Perl module # versions for consistency within a Perl module distribution and within a # larger package that contains both Perl modules and other code. +# +# SPDX-License-Identifier: MIT package Test::RRA::ModuleVersion; @@ -31,7 +33,7 @@ BEGIN { # This version should match the corresponding rra-c-util release, but with # two digits for the minor version, including a leading zero if necessary, # so that it will sort properly. - $VERSION = '5.10'; + $VERSION = '7.02'; } # A regular expression matching the version string for a module using the @@ -290,6 +292,10 @@ SOFTWARE. Test::More(3), Test::RRA::Config(3) This module is maintained in the rra-c-util package. The current version -is available from L<http://www.eyrie.org/~eagle/software/rra-c-util/>. +is available from L<https://www.eyrie.org/~eagle/software/rra-c-util/>. =cut + +# Local Variables: +# copyright-at-end-flag: t +# End: diff --git a/tests/tap/process.c b/tests/tap/process.c index 8c22324..d9e94d8 100644 --- a/tests/tap/process.c +++ b/tests/tap/process.c @@ -11,11 +11,11 @@ * mkstemp. * * The canonical version of this file is maintained in the rra-c-util package, - * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>. + * which can be found at <https://www.eyrie.org/~eagle/software/rra-c-util/>. * * Written by Russ Allbery <eagle@eyrie.org> - * Copyright 2002, 2004, 2005, 2013 Russ Allbery <eagle@eyrie.org> - * Copyright 2009, 2010, 2011, 2013, 2014 + * Copyright 2002, 2004-2005, 2013, 2016-2017 Russ Allbery <eagle@eyrie.org> + * Copyright 2009-2011, 2013-2014 * The Board of Trustees of the Leland Stanford Junior University * * Permission is hereby granted, free of charge, to any person obtaining a @@ -35,6 +35,8 @@ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER * DEALINGS IN THE SOFTWARE. + * + * SPDX-License-Identifier: MIT */ #include <config.h> @@ -134,6 +136,8 @@ run_child_function(test_function_type function, void *data, int *status, count = 0; do { ret = read(fds[0], buf + count, buflen - count - 1); + if (SSIZE_MAX - count <= ret) + bail("maximum output size exceeded in run_child_function"); if (ret > 0) count += ret; if (count >= buflen - 1) { @@ -141,7 +145,7 @@ run_child_function(test_function_type function, void *data, int *status, buf = brealloc(buf, buflen); } } while (ret > 0); - buf[count < 0 ? 0 : count] = '\0'; + buf[count] = '\0'; if (waitpid(child, &rval, 0) == (pid_t) -1) sysbail("waitpid failed"); close(fds[0]); @@ -364,7 +368,7 @@ process_stop_all(int success UNUSED, int primary) * Read the PID of a process from a file. This is necessary when running * under fakeroot to get the actual PID of the remctld process. */ -static long +static pid_t read_pidfile(const char *path) { FILE *file; @@ -380,7 +384,7 @@ read_pidfile(const char *path) pid = strtol(buffer, NULL, 10); if (pid <= 0) bail("cannot read PID from %s", path); - return pid; + return (pid_t) pid; } diff --git a/tests/tap/process.h b/tests/tap/process.h index 8137d5d..da21ad3 100644 --- a/tests/tap/process.h +++ b/tests/tap/process.h @@ -2,10 +2,10 @@ * Utility functions for tests that use subprocesses. * * The canonical version of this file is maintained in the rra-c-util package, - * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>. + * which can be found at <https://www.eyrie.org/~eagle/software/rra-c-util/>. * * Written by Russ Allbery <eagle@eyrie.org> - * Copyright 2009, 2010, 2013 + * Copyright 2009-2010, 2013 * The Board of Trustees of the Leland Stanford Junior University * * Permission is hereby granted, free of charge, to any person obtaining a @@ -25,6 +25,8 @@ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER * DEALINGS IN THE SOFTWARE. + * + * SPDX-License-Identifier: MIT */ #ifndef TAP_PROCESS_H diff --git a/tests/tap/remctl.sh b/tests/tap/remctl.sh index 0a511a0..e39b88f 100644 --- a/tests/tap/remctl.sh +++ b/tests/tap/remctl.sh @@ -6,9 +6,10 @@ # Bourne shell. Instead, all private variables are prefixed with "tap_". # # The canonical version of this file is maintained in the rra-c-util package, -# which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>. +# which can be found at <https://www.eyrie.org/~eagle/software/rra-c-util/>. # # Written by Russ Allbery <eagle@eyrie.org> +# Copyright 2016 Russ Allbery <eagle@eyrie.org> # Copyright 2009, 2012 # The Board of Trustees of the Leland Stanford Junior University # @@ -29,6 +30,10 @@ # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING # FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER # DEALINGS IN THE SOFTWARE. +# +# SPDX-License-Identifier: MIT + +. "${C_TAP_SOURCE}/tap/libtap.sh" # Start remctld. Takes the path to remctld, which may be found via configure, # and the path to the configuration file. @@ -45,7 +50,7 @@ remctld_start () { ( "$VALGRIND" --log-file=valgrind.%p --leak-check=full "$1" -m \ -p 14373 -s "$tap_principal" -P "$tap_pidfile" -f "$2" -d -S -F \ -k "$tap_keytab" &) - [ -f "$BUILD/data/remctld.pid" ] || sleep 5 + [ -f "$tap_pidfile" ] || sleep 5 else ( "$1" -m -p 14373 -s "$tap_principal" -P "$tap_pidfile" -f "$2" \ -d -S -F -k "$tap_keytab" &) diff --git a/tests/tap/string.c b/tests/tap/string.c index 6ed7e68..71cf571 100644 --- a/tests/tap/string.c +++ b/tests/tap/string.c @@ -5,9 +5,9 @@ * because they rely on additional portability code from rra-c-util. * * The canonical version of this file is maintained in the rra-c-util package, - * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>. + * which can be found at <https://www.eyrie.org/~eagle/software/rra-c-util/>. * - * Copyright 2011, 2012 Russ Allbery <eagle@eyrie.org> + * Copyright 2011-2012 Russ Allbery <eagle@eyrie.org> * * Permission is hereby granted, free of charge, to any person obtaining a * copy of this software and associated documentation files (the "Software"), @@ -26,6 +26,8 @@ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER * DEALINGS IN THE SOFTWARE. + * + * SPDX-License-Identifier: MIT */ #include <config.h> diff --git a/tests/tap/string.h b/tests/tap/string.h index d58f75d..a520210 100644 --- a/tests/tap/string.h +++ b/tests/tap/string.h @@ -5,9 +5,9 @@ * because they rely on additional portability code from rra-c-util. * * The canonical version of this file is maintained in the rra-c-util package, - * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>. + * which can be found at <https://www.eyrie.org/~eagle/software/rra-c-util/>. * - * Copyright 2011, 2012 Russ Allbery <eagle@eyrie.org> + * Copyright 2011-2012 Russ Allbery <eagle@eyrie.org> * * Permission is hereby granted, free of charge, to any person obtaining a * copy of this software and associated documentation files (the "Software"), @@ -26,6 +26,8 @@ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER * DEALINGS IN THE SOFTWARE. + * + * SPDX-License-Identifier: MIT */ #ifndef TAP_STRING_H diff --git a/tests/util/messages-krb5-t.c b/tests/util/messages-krb5-t.c index c6de5a5..b22c4cf 100644 --- a/tests/util/messages-krb5-t.c +++ b/tests/util/messages-krb5-t.c @@ -2,10 +2,10 @@ * Test suite for Kerberos error handling routines. * * The canonical version of this file is maintained in the rra-c-util package, - * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>. + * which can be found at <https://www.eyrie.org/~eagle/software/rra-c-util/>. * * Written by Russ Allbery <eagle@eyrie.org> - * Copyright 2010, 2011, 2013, 2014 + * Copyright 2010-2011, 2013-2014 * The Board of Trustees of the Leland Stanford Junior University * * Permission is hereby granted, free of charge, to any person obtaining a @@ -25,6 +25,8 @@ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER * DEALINGS IN THE SOFTWARE. + * + * SPDX-License-Identifier: MIT */ #include <config.h> @@ -56,7 +58,7 @@ main(void) /* * Test functions. */ -static void +static void __attribute__((__noreturn__)) test_warn(void *data UNUSED) { krb5_context ctx; @@ -74,7 +76,7 @@ test_warn(void *data UNUSED) exit(0); } -static void +static void __attribute__((__noreturn__)) test_die(void *data UNUSED) { krb5_context ctx; diff --git a/tests/util/messages-t.c b/tests/util/messages-t.c index 1098314..e8a7835 100644 --- a/tests/util/messages-t.c +++ b/tests/util/messages-t.c @@ -2,11 +2,11 @@ * Test suite for error handling routines. * * The canonical version of this file is maintained in the rra-c-util package, - * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>. + * which can be found at <https://www.eyrie.org/~eagle/software/rra-c-util/>. * * Written by Russ Allbery <eagle@eyrie.org> - * Copyright 2002, 2004, 2005, 2015 Russ Allbery <eagle@eyrie.org> - * Copyright 2009, 2010, 2011, 2012 + * Copyright 2002, 2004-2005, 2015, 2017 Russ Allbery <eagle@eyrie.org> + * Copyright 2009-2012 * The Board of Trustees of the Leland Stanford Junior University * * Permission is hereby granted, free of charge, to any person obtaining a @@ -26,6 +26,8 @@ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER * DEALINGS IN THE SOFTWARE. + * + * SPDX-License-Identifier: MIT */ #include <config.h> @@ -46,45 +48,87 @@ /* * Test functions. */ -static void test1(void *data UNUSED) { warn("warning"); } -static void test2(void *data UNUSED) { die("fatal"); } -static void test3(void *data UNUSED) { errno = EPERM; syswarn("permissions"); } -static void test4(void *data UNUSED) { +static void +test1(void *data UNUSED) +{ + warn("warning"); +} + +static void __attribute__((__noreturn__)) +test2(void *data UNUSED) +{ + die("fatal"); +} + +static void +test3(void *data UNUSED) +{ + errno = EPERM; + syswarn("permissions"); +} + +static void __attribute__((__noreturn__)) +test4(void *data UNUSED) +{ errno = EACCES; sysdie("fatal access"); } -static void test5(void *data UNUSED) { + +static void +test5(void *data UNUSED) +{ message_program_name = "test5"; warn("warning"); } -static void test6(void *data UNUSED) { + +static void __attribute__((__noreturn__)) +test6(void *data UNUSED) +{ message_program_name = "test6"; die("fatal"); } -static void test7(void *data UNUSED) { + +static void +test7(void *data UNUSED) +{ message_program_name = "test7"; errno = EPERM; syswarn("perms %d", 7); } -static void test8(void *data UNUSED) { + +static void __attribute__((__noreturn__)) +test8(void *data UNUSED) +{ message_program_name = "test8"; errno = EACCES; sysdie("%st%s", "fa", "al"); } -static int return10(void) { return 10; } +static int +return10(void) +{ + return 10; +} -static void test9(void *data UNUSED) { +static void __attribute__((__noreturn__)) +test9(void *data UNUSED) +{ message_fatal_cleanup = return10; die("fatal"); } -static void test10(void *data UNUSED) { + +static void __attribute__((__noreturn__)) +test10(void *data UNUSED) +{ message_program_name = 0; message_fatal_cleanup = return10; errno = EPERM; sysdie("fatal perm"); } -static void test11(void *data UNUSED) { + +static void __attribute__((__noreturn__)) +test11(void *data UNUSED) +{ message_program_name = "test11"; message_fatal_cleanup = return10; errno = EPERM; @@ -93,61 +137,104 @@ static void test11(void *data UNUSED) { } static void __attribute__((__format__(printf, 2, 0))) -log_msg(size_t len, const char *format, va_list args, int error) { +log_msg(size_t len, const char *format, va_list args, int error) +{ fprintf(stderr, "%lu %d ", (unsigned long) len, error); vfprintf(stderr, format, args); fprintf(stderr, "\n"); } -static void test12(void *data UNUSED) { +static void +test12(void *data UNUSED) +{ message_handlers_warn(1, log_msg); warn("warning"); } -static void test13(void *data UNUSED) { + +static void __attribute__((__noreturn__)) +test13(void *data UNUSED) +{ message_handlers_die(1, log_msg); die("fatal"); } -static void test14(void *data UNUSED) { + +static void +test14(void *data UNUSED) +{ message_handlers_warn(2, log_msg, log_msg); errno = EPERM; syswarn("warning"); } -static void test15(void *data UNUSED) { + +static void __attribute__((__noreturn__)) +test15(void *data UNUSED) +{ message_handlers_die(2, log_msg, log_msg); message_fatal_cleanup = return10; errno = EPERM; sysdie("fatal"); } -static void test16(void *data UNUSED) { + +static void +test16(void *data UNUSED) +{ message_handlers_warn(2, message_log_stderr, log_msg); message_program_name = "test16"; errno = EPERM; syswarn("warning"); } -static void test17(void *data UNUSED) { notice("notice"); } -static void test18(void *data UNUSED) { + +static void +test17(void *data UNUSED) +{ + notice("notice"); +} + +static void +test18(void *data UNUSED) +{ message_program_name = "test18"; notice("notice"); } -static void test19(void *data UNUSED) { debug("debug"); } -static void test20(void *data UNUSED) { + +static void +test19(void *data UNUSED) +{ + debug("debug"); +} + +static void +test20(void *data UNUSED) +{ message_handlers_notice(1, log_msg); notice("foo"); } -static void test21(void *data UNUSED) { + +static void +test21(void *data UNUSED) +{ message_handlers_debug(1, message_log_stdout); message_program_name = "test23"; debug("baz"); } -static void test22(void *data UNUSED) { + +static void __attribute__((__noreturn__)) +test22(void *data UNUSED) +{ message_handlers_die(0); die("hi mom!"); } -static void test23(void *data UNUSED) { + +static +void test23(void *data UNUSED) +{ message_handlers_warn(0); warn("this is a test"); } -static void test24(void *data UNUSED) { + +static +void test24(void *data UNUSED) +{ notice("first"); message_handlers_notice(0); notice("second"); diff --git a/tests/util/xmalloc-t b/tests/util/xmalloc-t index af604ed..e73a7c6 100755 --- a/tests/util/xmalloc-t +++ b/tests/util/xmalloc-t @@ -3,11 +3,11 @@ # Test suite for xmalloc and friends. # # The canonical version of this file is maintained in the rra-c-util package, -# which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>. +# which can be found at <https://www.eyrie.org/~eagle/software/rra-c-util/>. # # Written by Russ Allbery <eagle@eyrie.org> -# Copyright 2000, 2001, 2006, 2014 Russ Allbery <eagle@eyrie.org> -# Copyright 2008, 2009, 2010, 2012 +# Copyright 2000-2001, 2006, 2014, 2016 Russ Allbery <eagle@eyrie.org> +# Copyright 2008-2010, 2012 # The Board of Trustees of the Leland Stanford Junior University # # Permission is hereby granted, free of charge, to any person obtaining a @@ -27,9 +27,11 @@ # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING # FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER # DEALINGS IN THE SOFTWARE. +# +# SPDX-License-Identifier: MIT -. "$SOURCE/tap/libtap.sh" -cd "$BUILD/util" +. "$C_TAP_SOURCE/tap/libtap.sh" +cd "$C_TAP_BUILD/util" # Run an xmalloc test. Takes the description, the expectd exit status, the # output, and the arguments. diff --git a/tests/util/xmalloc.c b/tests/util/xmalloc.c index 84ba081..d157bbb 100644 --- a/tests/util/xmalloc.c +++ b/tests/util/xmalloc.c @@ -2,10 +2,10 @@ * Test suite for xmalloc and family. * * The canonical version of this file is maintained in the rra-c-util package, - * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>. + * which can be found at <https://www.eyrie.org/~eagle/software/rra-c-util/>. * - * Copyright 2000, 2001, 2006 Russ Allbery <eagle@eyrie.org> - * Copyright 2008, 2012, 2013, 2014 + * Copyright 2000-2001, 2006, 2017 Russ Allbery <eagle@eyrie.org> + * Copyright 2008, 2012-2014 * The Board of Trustees of the Leland Stanford Junior University * * Permission is hereby granted, free of charge, to any person obtaining a @@ -25,6 +25,8 @@ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER * DEALINGS IN THE SOFTWARE. + * + * SPDX-License-Identifier: MIT */ #line 1 "xmalloc.c" @@ -50,7 +52,7 @@ * A customized error handler for checking xmalloc's support of them. Prints * out the error message and exits with status 1. */ -static void +static void __attribute__((__noreturn__)) test_handler(const char *function, size_t size, const char *file, int line) { die("%s %lu %s %d", function, (unsigned long) size, file, line); @@ -327,7 +329,7 @@ main(int argc, char *argv[]) code = argv[1][0]; if (isupper(code)) { xmalloc_error_handler = test_handler; - code = tolower(code); + code = (unsigned char) tolower(code); } /* @@ -390,9 +392,7 @@ main(int argc, char *argv[]) case 'n': exit(test_strndup(size) ? willfail : 1); case 'a': exit(test_asprintf(size) ? willfail : 1); case 'v': exit(test_vasprintf(size) ? willfail : 1); - default: - die("Unknown mode %c", argv[1][0]); - break; + default: die("Unknown mode %c", argv[1][0]); } exit(1); } diff --git a/util/macros.h b/util/macros.h index 4a773a2..612a88c 100644 --- a/util/macros.h +++ b/util/macros.h @@ -2,17 +2,19 @@ * Some standard helpful macros. * * The canonical version of this file is maintained in the rra-c-util package, - * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>. + * which can be found at <https://www.eyrie.org/~eagle/software/rra-c-util/>. * * Written by Russ Allbery <eagle@eyrie.org> + * Copyright 2014 Russ Allbery <eagle@eyrie.org> + * Copyright 2008-2011 + * The Board of Trustees of the Leland Stanford Junior University * - * The authors hereby relinquish any claim to any copyright that they may have - * in this work, whether granted under contract or by operation of law or - * international treaty, and hereby commit to the public, at large, that they - * shall not, at any time in the future, seek to enforce any copyright in this - * work against any person or entity, or prevent any person or entity from - * copying, publishing, distributing or creating derivative works of this - * work. + * Copying and distribution of this file, with or without modification, are + * permitted in any medium without royalty provided the copyright notice and + * this notice are preserved. This file is offered as-is, without any + * warranty. + * + * SPDX-License-Identifier: FSFAP */ #ifndef UTIL_MACROS_H diff --git a/util/messages-krb5.c b/util/messages-krb5.c index 961ea1d..a33d77a 100644 --- a/util/messages-krb5.c +++ b/util/messages-krb5.c @@ -6,10 +6,10 @@ * formatted message. * * The canonical version of this file is maintained in the rra-c-util package, - * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>. + * which can be found at <https://www.eyrie.org/~eagle/software/rra-c-util/>. * * Written by Russ Allbery <eagle@eyrie.org> - * Copyright 2006, 2007, 2008, 2009, 2010, 2013 + * Copyright 2006-2010, 2013 * The Board of Trustees of the Leland Stanford Junior University * * Permission is hereby granted, free of charge, to any person obtaining a @@ -29,6 +29,8 @@ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER * DEALINGS IN THE SOFTWARE. + * + * SPDX-License-Identifier: MIT */ #include <config.h> diff --git a/util/messages-krb5.h b/util/messages-krb5.h index 3fc0862..da96e4c 100644 --- a/util/messages-krb5.h +++ b/util/messages-krb5.h @@ -2,10 +2,10 @@ * Prototypes for error handling for Kerberos. * * The canonical version of this file is maintained in the rra-c-util package, - * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>. + * which can be found at <https://www.eyrie.org/~eagle/software/rra-c-util/>. * * Written by Russ Allbery <eagle@eyrie.org> - * Copyright 2006, 2007, 2008, 2009, 2010, 2013 + * Copyright 2006-2010, 2013 * The Board of Trustees of the Leland Stanford Junior University * * Permission is hereby granted, free of charge, to any person obtaining a @@ -25,6 +25,8 @@ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER * DEALINGS IN THE SOFTWARE. + * + * SPDX-License-Identifier: MIT */ #ifndef UTIL_MESSAGES_KRB5_H @@ -44,9 +46,9 @@ BEGIN_DECLS * an error code to get the Kerberos error. */ void die_krb5(krb5_context, krb5_error_code, const char *, ...) - __attribute__((__nonnull__, __noreturn__, __format__(printf, 3, 4))); + __attribute__((__nonnull__(3), __noreturn__, __format__(printf, 3, 4))); void warn_krb5(krb5_context, krb5_error_code, const char *, ...) - __attribute__((__nonnull__, __format__(printf, 3, 4))); + __attribute__((__nonnull__(3), __format__(printf, 3, 4))); /* Undo default visibility change. */ #pragma GCC visibility pop diff --git a/util/messages.c b/util/messages.c index b5c2dba..941a88f 100644 --- a/util/messages.c +++ b/util/messages.c @@ -51,15 +51,14 @@ * va_list, and the applicable errno value (if any). * * The canonical version of this file is maintained in the rra-c-util package, - * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>. + * which can be found at <https://www.eyrie.org/~eagle/software/rra-c-util/>. * * Written by Russ Allbery <eagle@eyrie.org> - * Copyright 2008, 2009, 2010, 2013 + * Copyright 2015-2016 Russ Allbery <eagle@eyrie.org> + * Copyright 2008-2010, 2013-2014 * The Board of Trustees of the Leland Stanford Junior University - * Copyright (c) 2004, 2005, 2006 - * by Internet Systems Consortium, Inc. ("ISC") - * Copyright (c) 1991, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, - * 2002, 2003 by The Internet Software Consortium and Rich Salz + * Copyright 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright 1991, 1994-2003 The Internet Software Consortium and Rich Salz * * This code is derived from software contributed to the Internet Software * Consortium by Rich Salz. @@ -75,6 +74,8 @@ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR * PERFORMANCE OF THIS SOFTWARE. + * + * SPDX-License-Identifier: ISC */ #include <config.h> @@ -238,7 +239,7 @@ message_log_syslog(int pri, size_t len, const char *fmt, va_list args, int err) exit(message_fatal_cleanup ? (*message_fatal_cleanup)() : 1); } status = vsnprintf(buffer, len + 1, fmt, args); - if (status < 0) { + if (status < 0 || (size_t) status >= len + 1) { warn("failed to format output with vsnprintf in syslog handler"); free(buffer); return; diff --git a/util/messages.h b/util/messages.h index cf91ba7..3620273 100644 --- a/util/messages.h +++ b/util/messages.h @@ -2,14 +2,14 @@ * Prototypes for message and error reporting (possibly fatal). * * The canonical version of this file is maintained in the rra-c-util package, - * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>. + * which can be found at <https://www.eyrie.org/~eagle/software/rra-c-util/>. * - * Copyright 2008, 2010, 2013, 2014 + * Written by Russ Allbery <eagle@eyrie.org> + * Copyright 2015 Russ Allbery <eagle@eyrie.org> + * Copyright 2008, 2010, 2013-2014 * The Board of Trustees of the Leland Stanford Junior University - * Copyright (c) 2004, 2005, 2006 - * by Internet Systems Consortium, Inc. ("ISC") - * Copyright (c) 1991, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, - * 2002, 2003 by The Internet Software Consortium and Rich Salz + * Copyright 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright 1991, 1994-2003 The Internet Software Consortium and Rich Salz * * This code is derived from software contributed to the Internet Software * Consortium by Rich Salz. @@ -25,6 +25,8 @@ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR * PERFORMANCE OF THIS SOFTWARE. + * + * SPDX-License-Identifier: ISC */ #ifndef UTIL_MESSAGES_H diff --git a/util/xmalloc.c b/util/xmalloc.c index 7fb0405..f5cacc3 100644 --- a/util/xmalloc.c +++ b/util/xmalloc.c @@ -60,15 +60,14 @@ * line number to these functions. * * The canonical version of this file is maintained in the rra-c-util package, - * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>. + * which can be found at <https://www.eyrie.org/~eagle/software/rra-c-util/>. * + * Written by Russ Allbery <eagle@eyrie.org> * Copyright 2015 Russ Allbery <eagle@eyrie.org> - * Copyright 2012, 2013, 2014 + * Copyright 2012-2014 * The Board of Trustees of the Leland Stanford Junior University - * Copyright (c) 2004, 2005, 2006 - * by Internet Systems Consortium, Inc. ("ISC") - * Copyright (c) 1991, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, - * 2002, 2003 by The Internet Software Consortium and Rich Salz + * Copyright 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright 1991, 1994-2003 The Internet Software Consortium and Rich Salz * * This code is derived from software contributed to the Internet Software * Consortium by Rich Salz. @@ -84,6 +83,8 @@ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR * PERFORMANCE OF THIS SOFTWARE. + * + * SPDX-License-Identifier: ISC */ #include <config.h> diff --git a/util/xmalloc.h b/util/xmalloc.h index 6aa9b93..61f5ed1 100644 --- a/util/xmalloc.h +++ b/util/xmalloc.h @@ -2,14 +2,13 @@ * Prototypes for malloc routines with failure handling. * * The canonical version of this file is maintained in the rra-c-util package, - * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>. + * which can be found at <https://www.eyrie.org/~eagle/software/rra-c-util/>. * - * Copyright 2010, 2012, 2013, 2014 + * Written by Russ Allbery <eagle@eyrie.org> + * Copyright 2010, 2012-2014 * The Board of Trustees of the Leland Stanford Junior University - * Copyright (c) 2004, 2005, 2006 - * by Internet Systems Consortium, Inc. ("ISC") - * Copyright (c) 1991, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, - * 2002, 2003 by The Internet Software Consortium and Rich Salz + * Copyright 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright 1991, 1994-2003 The Internet Software Consortium and Rich Salz * * This code is derived from software contributed to the Internet Software * Consortium by Rich Salz. @@ -25,6 +24,8 @@ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR * PERFORMANCE OF THIS SOFTWARE. + * + * SPDX-License-Identifier: ISC */ #ifndef UTIL_XMALLOC_H @@ -110,7 +111,7 @@ typedef void (*xmalloc_handler_type)(const char *, size_t, const char *, int); /* The default error handler. */ void xmalloc_fail(const char *, size_t, const char *, int) - __attribute__((__nonnull__)); + __attribute__((__nonnull__, __noreturn__)); /* * Assign to this variable to choose a handler other than the default, which |