aboutsummaryrefslogtreecommitdiff
path: root/debian/patches/0016-checkfile.patch
diff options
context:
space:
mode:
Diffstat (limited to 'debian/patches/0016-checkfile.patch')
-rw-r--r--debian/patches/0016-checkfile.patch841
1 files changed, 841 insertions, 0 deletions
diff --git a/debian/patches/0016-checkfile.patch b/debian/patches/0016-checkfile.patch
new file mode 100644
index 0000000..e4aa270
--- /dev/null
+++ b/debian/patches/0016-checkfile.patch
@@ -0,0 +1,841 @@
+--- /dev/null
++++ b/client/checkfile.c
+@@ -0,0 +1,141 @@
++/*
++ * Test file object checksum against a file on the system
++ *
++ * Written by Bill MacAllister <whm@dropbox.com>
++ * Copyright 2020 Dropbox, Inc.
++ *
++ * SPDX-License-Identifier: MIT
++ */
++
++#include <config.h>
++#include <portable/system.h>
++
++#include <errno.h>
++#include <fcntl.h>
++#include <sys/stat.h>
++
++#include <client/internal.h>
++#include <util/messages.h>
++#include <util/xmalloc.h>
++
++#include <stdlib.h>
++#include <string.h>
++#include <openssl/md5.h>
++
++/* Given a string and its length return a checksum for the string.
++ */
++char *checkfile_str2md5(const char *str, int length) {
++ int n;
++ MD5_CTX c;
++ unsigned char digest[16];
++ char *out = (char*)malloc(33);
++
++ MD5_Init(&c);
++
++ while (length > 0) {
++ if (length > 512) {
++ MD5_Update(&c, str, 512);
++ } else {
++ MD5_Update(&c, str, length);
++ }
++ length -= 512;
++ str += 512;
++ }
++
++ MD5_Final(digest, &c);
++
++ for (n = 0; n < 16; ++n) {
++ snprintf(&(out[n*2]), 16*2, "%02x", (unsigned int)digest[n]);
++ }
++
++ return out;
++}
++
++/*
++ * Read all of a file into memory and return the contents in newly allocated
++ * memory. Returns the size of the file contents in the second argument if
++ * it's not NULL. Dies on any failure.
++ */
++void *
++checkfile_read_file(const char *name, size_t *length)
++{
++ char *contents;
++ size_t size, offset;
++ int fd;
++ struct stat st;
++ ssize_t status;
++
++ fd = open(name, O_RDONLY);
++ if (fd < 0)
++ return NULL;
++ if (fstat(fd, &st) < 0)
++ return NULL;
++ size = st.st_size;
++ contents = xmalloc(size);
++
++ offset = 0;
++ do {
++ if (offset >= size - 1) {
++ size += BUFSIZ;
++ contents = xrealloc(contents, size);
++ }
++ do {
++ status = read(fd, contents + offset, size - offset - 1);
++ } while (status == -1 && errno == EINTR);
++ if (status < 0)
++ sysdie("cannot read from file");
++ offset += status;
++ } while (status > 0);
++ close(fd);
++ if (length != NULL)
++ *length = offset;
++ return contents;
++}
++
++/*
++ * Given a remctl object, the command prefix, object type, and object name,
++ * and a file calculate the checksum of the file, get the checksum of
++ * the wallet object, and compare them. Returns 0 if the checksums
++ * match and an exit status on if the don't match.
++ */
++int
++checkfile(struct remctl *r, const char *prefix, const char *type,
++ const char *name, const char *file)
++{
++ const char *command[5];
++ char *file_data = NULL;
++ char *file_checksum = NULL;
++ size_t count, length;
++ char *wallet_checksum = NULL;
++ size_t wallet_length = 0;
++ int status;
++
++ /* Check to see if the file exists. It not return mismatch status */
++ file_data = checkfile_read_file(file, &length);
++ if (file_data == NULL) {
++ return 1;
++ }
++
++ command[0] = prefix;
++ command[1] = "checksum";
++ command[2] = type;
++ command[3] = name;
++ command[4] = NULL;
++ status = run_command(r, command, &wallet_checksum, &wallet_length);
++ if (status != 0) {
++ return status;
++ }
++
++ /* If the wallet object is empty or NULL return mismatch and let the
++ * subsequent call to file handle the error condition of an empty
++ * file object.
++ */
++ if ((wallet_length == 0) || (wallet_checksum == NULL)) {
++ return 1;
++ }
++
++ file_checksum = checkfile_str2md5(file_data, length);
++ status = strncmp(file_checksum, wallet_checksum, wallet_length);
++
++ return status;
++}
+--- a/client/wallet.c
++++ b/client/wallet.c
+@@ -124,9 +124,18 @@ main(int argc, char *argv[])
+ usage(1);
+
+ /* -f is only supported for get and store and -S with get keytab. */
+- if (file != NULL)
+- if (strcmp(argv[0], "get") != 0 && strcmp(argv[0], "store") != 0)
++ if (file != NULL) {
++ if (strcmp(argv[0], "get") != 0 &&
++ strcmp(argv[0], "store") != 0 &&
++ strcmp(argv[0], "checkfile") != 0)
++ {
+ die("-f only supported for get and store");
++ }
++ } else {
++ if (strcmp(argv[0], "checkfile") == 0)
++ die("-f is required by checkfile");
++ }
++
+ if (srvtab != NULL) {
+ if (strcmp(argv[0], "get") != 0 || strcmp(argv[1], "keytab") != 0)
+ die("-S only supported for get keytab");
+@@ -172,6 +181,14 @@ main(int argc, char *argv[])
+ if (argc > 2)
+ die("too many arguments");
+ status = rekey_keytab(r, ctx, options.type, argv[1]);
++ } else if (strcmp(argv[0], "checkfile") == 0) {
++ if (argc > 3)
++ die("too many arguments");
++ if (strcmp(argv[1], "keytab") == 0)
++ die("checkfile command is not valid for keytabs");
++ status = checkfile(r, options.type, argv[1], argv[2], file);
++ if (status != 0)
++ status = get_file(r, options.type, argv[1], argv[2], file);
+ } else {
+ count = argc + 1;
+ if (strcmp(argv[0], "store") == 0) {
+--- a/client/wallet.pod
++++ b/client/wallet.pod
+@@ -263,7 +263,14 @@ already exist.
+ Check whether an object of type <type> and name <name> already exists. If
+ it does, prints C<yes>; if not, prints C<no>.
+
+-=item checksum
++=item checkfile <type> <name>
++
++Preforms a get command only if the wallet object checksum differs from
++the checksum of the file specified. The -f switch must be specified.
++This command is not valid for keytabs and the wallet object must have
++been stored.
++
++=item checksum <type> <name>
+
+ Returns the checksum for file objects.
+
+--- a/client/internal.h
++++ b/client/internal.h
+@@ -97,6 +97,15 @@ int get_file(struct remctl *, const char
+ const char *name, const char *file);
+
+ /*
++ * Given a remctl object, the command prefix, object type, and object name,
++ * and a file calculate the checksum of the file, get the checksum of
++ * the wallet object, and compare them. Returns 0 if the checksums
++ * match and an exit status on if the don't match.
++ */
++int checkfile(struct remctl *r, const char *prefix, const char *type,
++ const char *name, const char *file);
++
++/*
+ * Given a remctl object, the Kerberos context, the type for the wallet
+ * interface, the name of a keytab object, and a file name, call the correct
+ * wallet commands to download a keytab and write it to that file. If srvtab
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -20,119 +20,119 @@ WALLET_PERL_FLAGS ?=
+ # added to EXTRA_DIST and so that they can be copied over properly for
+ # builddir != srcdir builds.
+ PERL_FILES = perl/Build.PL perl/MANIFEST perl/MANIFEST.SKIP perl/create-ddl \
+- perl/lib/Wallet/ACL.pm perl/lib/Wallet/ACL/Base.pm \
+- perl/lib/Wallet/ACL/External.pm perl/lib/Wallet/ACL/Krb5.pm \
+- perl/lib/Wallet/ACL/Krb5/Regex.pm \
+- perl/lib/Wallet/ACL/LDAP/Attribute.pm \
+- perl/lib/Wallet/ACL/LDAP/Attribute/Root.pm \
+- perl/lib/Wallet/ACL/NetDB.pm perl/lib/Wallet/ACL/Nested.pm \
+- perl/lib/Wallet/ACL/NetDB/Root.pm perl/lib/Wallet/Admin.pm \
+- perl/lib/Wallet/Config.pm perl/lib/Wallet/Database.pm \
+- perl/lib/Wallet/Kadmin.pm perl/lib/Wallet/Kadmin/AD.pm \
+- perl/lib/Wallet/Kadmin/Heimdal.pm perl/lib/Wallet/Kadmin/MIT.pm \
+- perl/lib/Wallet/Object/Base.pm perl/lib/Wallet/Object/Duo.pm \
+- perl/lib/Wallet/Object/File.pm perl/lib/Wallet/Object/Keytab.pm \
+- perl/lib/Wallet/Object/Password.pm \
+- perl/lib/Wallet/Object/WAKeyring.pm \
+- perl/lib/Wallet/Policy/Stanford.pm perl/lib/Wallet/Report.pm \
+- perl/lib/Wallet/Schema.pm perl/lib/Wallet/Server.pm \
+- perl/lib/Wallet/Schema/Result/Acl.pm \
+- perl/lib/Wallet/Schema/Result/AclEntry.pm \
+- perl/lib/Wallet/Schema/Result/AclHistory.pm \
+- perl/lib/Wallet/Schema/Result/AclScheme.pm \
+- perl/lib/Wallet/Schema/Result/Duo.pm \
+- perl/lib/Wallet/Schema/Result/Enctype.pm \
+- perl/lib/Wallet/Schema/Result/Flag.pm \
+- perl/lib/Wallet/Schema/Result/KeytabEnctype.pm \
+- perl/lib/Wallet/Schema/Result/KeytabSync.pm \
+- perl/lib/Wallet/Schema/Result/Object.pm \
+- perl/lib/Wallet/Schema/Result/ObjectHistory.pm \
+- perl/lib/Wallet/Schema/Result/SyncTarget.pm \
+- perl/lib/Wallet/Schema/Result/Type.pm \
+- perl/sql/Wallet-Schema-0.07-0.08-MySQL.sql \
+- perl/sql/Wallet-Schema-0.07-0.08-SQLite.sql \
+- perl/sql/Wallet-Schema-0.07-MySQL.sql \
+- perl/sql/Wallet-Schema-0.07-SQLite.sql \
+- perl/sql/Wallet-Schema-0.08-0.09-MySQL.sql \
+- perl/sql/Wallet-Schema-0.08-0.09-PostgreSQL.sql \
+- perl/sql/Wallet-Schema-0.08-0.09-SQLite.sql \
+- perl/sql/Wallet-Schema-0.08-MySQL.sql \
+- perl/sql/Wallet-Schema-0.08-PostgreSQL.sql \
+- perl/sql/Wallet-Schema-0.08-SQLite.sql \
+- perl/sql/Wallet-Schema-0.09-MySQL.sql \
+- perl/sql/Wallet-Schema-0.09-PostgreSQL.sql \
+- perl/sql/Wallet-Schema-0.09-SQLite.sql \
+- perl/sql/Wallet-Schema-0.09-0.10-MySQL.sql \
+- perl/sql/Wallet-Schema-0.09-0.10-PostgreSQL.sql \
+- perl/sql/Wallet-Schema-0.09-0.10-SQLite.sql \
+- perl/sql/Wallet-Schema-0.10-MySQL.sql \
+- perl/sql/Wallet-Schema-0.10-PostgreSQL.sql \
+- perl/sql/Wallet-Schema-0.10-SQLite.sql \
+- perl/sql/wallet-1.3-update-duo.sql perl/t/data/README \
+- perl/t/data/acl-command perl/t/data/duo/integration.json \
+- perl/t/data/duo/integration-ldap.json \
+- perl/t/data/duo/integration-radius.json \
+- perl/t/data/duo/integration-rdp.json perl/t/data/duo/keys.json \
+- perl/t/data/keytab-fake perl/t/data/keytab.conf \
++ perl/lib/Wallet/ACL.pm perl/lib/Wallet/ACL/Base.pm \
++ perl/lib/Wallet/ACL/External.pm perl/lib/Wallet/ACL/Krb5.pm \
++ perl/lib/Wallet/ACL/Krb5/Regex.pm \
++ perl/lib/Wallet/ACL/LDAP/Attribute.pm \
++ perl/lib/Wallet/ACL/LDAP/Attribute/Root.pm \
++ perl/lib/Wallet/ACL/NetDB.pm perl/lib/Wallet/ACL/Nested.pm \
++ perl/lib/Wallet/ACL/NetDB/Root.pm perl/lib/Wallet/Admin.pm \
++ perl/lib/Wallet/Config.pm perl/lib/Wallet/Database.pm \
++ perl/lib/Wallet/Kadmin.pm perl/lib/Wallet/Kadmin/AD.pm \
++ perl/lib/Wallet/Kadmin/Heimdal.pm perl/lib/Wallet/Kadmin/MIT.pm \
++ perl/lib/Wallet/Object/Base.pm perl/lib/Wallet/Object/Duo.pm \
++ perl/lib/Wallet/Object/File.pm perl/lib/Wallet/Object/Keytab.pm \
++ perl/lib/Wallet/Object/Password.pm \
++ perl/lib/Wallet/Object/WAKeyring.pm \
++ perl/lib/Wallet/Policy/Stanford.pm perl/lib/Wallet/Report.pm \
++ perl/lib/Wallet/Schema.pm perl/lib/Wallet/Server.pm \
++ perl/lib/Wallet/Schema/Result/Acl.pm \
++ perl/lib/Wallet/Schema/Result/AclEntry.pm \
++ perl/lib/Wallet/Schema/Result/AclHistory.pm \
++ perl/lib/Wallet/Schema/Result/AclScheme.pm \
++ perl/lib/Wallet/Schema/Result/Duo.pm \
++ perl/lib/Wallet/Schema/Result/Enctype.pm \
++ perl/lib/Wallet/Schema/Result/Flag.pm \
++ perl/lib/Wallet/Schema/Result/KeytabEnctype.pm \
++ perl/lib/Wallet/Schema/Result/KeytabSync.pm \
++ perl/lib/Wallet/Schema/Result/Object.pm \
++ perl/lib/Wallet/Schema/Result/ObjectHistory.pm \
++ perl/lib/Wallet/Schema/Result/SyncTarget.pm \
++ perl/lib/Wallet/Schema/Result/Type.pm \
++ perl/sql/Wallet-Schema-0.07-0.08-MySQL.sql \
++ perl/sql/Wallet-Schema-0.07-0.08-SQLite.sql \
++ perl/sql/Wallet-Schema-0.07-MySQL.sql \
++ perl/sql/Wallet-Schema-0.07-SQLite.sql \
++ perl/sql/Wallet-Schema-0.08-0.09-MySQL.sql \
++ perl/sql/Wallet-Schema-0.08-0.09-PostgreSQL.sql \
++ perl/sql/Wallet-Schema-0.08-0.09-SQLite.sql \
++ perl/sql/Wallet-Schema-0.08-MySQL.sql \
++ perl/sql/Wallet-Schema-0.08-PostgreSQL.sql \
++ perl/sql/Wallet-Schema-0.08-SQLite.sql \
++ perl/sql/Wallet-Schema-0.09-MySQL.sql \
++ perl/sql/Wallet-Schema-0.09-PostgreSQL.sql \
++ perl/sql/Wallet-Schema-0.09-SQLite.sql \
++ perl/sql/Wallet-Schema-0.09-0.10-MySQL.sql \
++ perl/sql/Wallet-Schema-0.09-0.10-PostgreSQL.sql \
++ perl/sql/Wallet-Schema-0.09-0.10-SQLite.sql \
++ perl/sql/Wallet-Schema-0.10-MySQL.sql \
++ perl/sql/Wallet-Schema-0.10-PostgreSQL.sql \
++ perl/sql/Wallet-Schema-0.10-SQLite.sql \
++ perl/sql/wallet-1.3-update-duo.sql perl/t/data/README \
++ perl/t/data/acl-command perl/t/data/duo/integration.json \
++ perl/t/data/duo/integration-ldap.json \
++ perl/t/data/duo/integration-radius.json \
++ perl/t/data/duo/integration-rdp.json perl/t/data/duo/keys.json \
++ perl/t/data/keytab-fake perl/t/data/keytab.conf \
+ perl/t/data/netdb-fake perl/t/data/netdb.conf perl/t/data/perl.conf \
+ perl/t/docs/pod-spelling.t perl/t/docs/pod.t perl/t/general/acl.t \
+- perl/t/general/admin.t perl/t/general/config.t \
+- perl/t/general/init.t perl/t/general/report.t \
+- perl/t/general/server.t perl/t/lib/Util.pm perl/t/object/base.t \
+- perl/t/object/duo.t perl/t/object/duo-ldap.t \
+- perl/t/object/duo-pam.t perl/t/object/duo-radius.t \
++ perl/t/general/admin.t perl/t/general/config.t \
++ perl/t/general/init.t perl/t/general/report.t \
++ perl/t/general/server.t perl/t/lib/Util.pm perl/t/object/base.t \
++ perl/t/object/duo.t perl/t/object/duo-ldap.t \
++ perl/t/object/duo-pam.t perl/t/object/duo-radius.t \
+ perl/t/object/duo-rdp.t perl/t/object/file.t perl/t/object/keytab.t \
+- perl/t/object/password.t perl/t/object/wa-keyring.t \
+- perl/t/policy/stanford.t perl/t/style/minimum-version.t \
++ perl/t/object/password.t perl/t/object/wa-keyring.t \
++ perl/t/policy/stanford.t perl/t/style/minimum-version.t \
+ perl/t/style/strict.t perl/t/util/kadmin.t perl/t/verifier/basic.t \
+- perl/t/verifier/external.t perl/t/verifier/ldap-attr.t \
++ perl/t/verifier/external.t perl/t/verifier/ldap-attr.t \
+ perl/t/verifier/nested.t perl/t/verifier/netdb.t
+
+ # Directories that have to be created in builddir != srcdir builds before
+ # copying PERL_FILES over.
+-PERL_DIRECTORIES = perl perl/lib perl/lib/Wallet perl/lib/Wallet/ACL \
+- perl/lib/Wallet/ACL/Krb5 perl/lib/Wallet/ACL/LDAP \
+- perl/lib/Wallet/ACL/LDAP/Attribute perl/lib/Wallet/ACL/NetDB \
+- perl/lib/Wallet/Kadmin perl/lib/Wallet/Object \
+- perl/lib/Wallet/Policy perl/lib/Wallet/Schema \
+- perl/lib/Wallet/Schema/Result perl/sql perl/t perl/t/data \
++PERL_DIRECTORIES = perl perl/lib perl/lib/Wallet perl/lib/Wallet/ACL \
++ perl/lib/Wallet/ACL/Krb5 perl/lib/Wallet/ACL/LDAP \
++ perl/lib/Wallet/ACL/LDAP/Attribute perl/lib/Wallet/ACL/NetDB \
++ perl/lib/Wallet/Kadmin perl/lib/Wallet/Object \
++ perl/lib/Wallet/Policy perl/lib/Wallet/Schema \
++ perl/lib/Wallet/Schema/Result perl/sql perl/t perl/t/data \
+ perl/t/data/duo perl/t/docs perl/t/general perl/t/lib perl/t/object \
+ perl/t/policy perl/t/style perl/t/util perl/t/verifier
+
+ ACLOCAL_AMFLAGS = -I m4
+-EXTRA_DIST = .gitignore .travis.yml LICENSE README.md bootstrap \
+- client/wallet.pod client/wallet-rekey.pod config/allow-extract \
+- config/keytab config/keytab.acl config/wallet \
+- config/wallet-report.acl docs/design contrib/README \
+- contrib/ad-keytab contrib/ad-keytab.8 \
+- contrib/commerzbank/wallet-history contrib/convert-srvtab-db \
+- contrib/used-principals contrib/wallet-contacts \
+- contrib/wallet-rekey-periodic contrib/wallet-rekey-periodic.8 \
+- contrib/wallet-summary contrib/wallet-summary.8 \
+- contrib/wallet-unknown-hosts contrib/wallet-unknown-hosts.8 \
++EXTRA_DIST = .gitignore .travis.yml LICENSE README.md bootstrap \
++ client/wallet.pod client/wallet-rekey.pod config/allow-extract \
++ config/keytab config/keytab.acl config/wallet \
++ config/wallet-report.acl docs/design contrib/README \
++ contrib/ad-keytab contrib/ad-keytab.8 \
++ contrib/commerzbank/wallet-history contrib/convert-srvtab-db \
++ contrib/used-principals contrib/wallet-contacts \
++ contrib/wallet-rekey-periodic contrib/wallet-rekey-periodic.8 \
++ contrib/wallet-summary contrib/wallet-summary.8 \
++ contrib/wallet-unknown-hosts contrib/wallet-unknown-hosts.8 \
+ docs/design-acl docs/design-api docs/metadata docs/netdb-role-api \
+ docs/notes docs/objects-and-schemes docs/setup docs/stanford-naming \
+- examples/stanford.conf server/keytab-backend.in \
+- server/wallet-admin.in server/wallet-backend.in \
+- server/wallet-report.in tests/README tests/TESTS \
++ examples/stanford.conf server/keytab-backend.in \
++ server/wallet-admin.in server/wallet-backend.in \
++ server/wallet-report.in tests/README tests/TESTS \
+ tests/config/README tests/data/allow-extract tests/data/basic.conf \
+ tests/data/cmd-fake tests/data/cmd-wrapper tests/data/cppcheck.supp \
+ tests/data/fake-data tests/data/fake-kadmin tests/data/fake-keytab \
+- tests/data/fake-keytab-2 tests/data/fake-keytab-foreign \
+- tests/data/fake-keytab-merge tests/data/fake-keytab-old \
+- tests/data/fake-keytab-partial \
++ tests/data/fake-keytab-2 tests/data/fake-keytab-foreign \
++ tests/data/fake-keytab-merge tests/data/fake-keytab-old \
++ tests/data/fake-keytab-partial \
+ tests/data/fake-keytab-partial-result tests/data/fake-keytab-rekey \
+- tests/data/fake-keytab-unknown tests/data/fake-srvtab \
++ tests/data/fake-keytab-unknown tests/data/fake-srvtab \
+ tests/data/full.conf tests/data/perl.conf tests/data/wallet.conf \
+- tests/docs/pod-spelling-t tests/docs/pod-t \
+- tests/docs/spdx-license-t tests/perl/minimum-version-t \
+- tests/perl/module-version-t tests/perl/strict-t \
++ tests/docs/pod-spelling-t tests/docs/pod-t \
++ tests/docs/spdx-license-t tests/perl/minimum-version-t \
++ tests/perl/module-version-t tests/perl/strict-t \
+ tests/server/admin-t tests/server/backend-t tests/server/keytab-t \
+- tests/server/report-t tests/style/obsolete-strings-t \
+- tests/tap/kerberos.sh tests/tap/libtap.sh \
+- tests/tap/perl/Test/RRA.pm tests/tap/perl/Test/RRA/Automake.pm \
+- tests/tap/perl/Test/RRA/Config.pm \
+- tests/tap/perl/Test/RRA/ModuleVersion.pm tests/tap/remctl.sh \
++ tests/server/report-t tests/style/obsolete-strings-t \
++ tests/tap/kerberos.sh tests/tap/libtap.sh \
++ tests/tap/perl/Test/RRA.pm tests/tap/perl/Test/RRA/Automake.pm \
++ tests/tap/perl/Test/RRA/Config.pm \
++ tests/tap/perl/Test/RRA/ModuleVersion.pm tests/tap/remctl.sh \
+ tests/util/xmalloc-t $(PERL_FILES)
+
+ # Supporting convenience libraries used by other targets.
+@@ -142,7 +142,7 @@ portable_libportable_a_SOURCES = portabl
+ portable/uio.h
+ portable_libportable_a_CPPFLAGS = $(KRB5_CPPFLAGS)
+ portable_libportable_a_LIBADD = $(LIBOBJS)
+-util_libutil_a_SOURCES = util/macros.h util/messages-krb5.c \
++util_libutil_a_SOURCES = util/macros.h util/messages-krb5.c \
+ util/messages-krb5.h util/messages.c util/messages.h util/xmalloc.c \
+ util/xmalloc.h
+ util_libutil_a_CPPFLAGS = $(KRB5_CPPFLAGS)
+@@ -150,21 +150,22 @@ util_libutil_a_CPPFLAGS = $(KRB5_CPPFLAG
+ # The private library used by both wallet and wallet-rekey.
+ noinst_LIBRARIES += client/libwallet.a
+ client_libwallet_a_SOURCES = client/file.c client/internal.h client/keytab.c \
+- client/krb5.c client/options.c client/remctl.c client/srvtab.c
++ client/krb5.c client/options.c client/remctl.c client/srvtab.c \
++ client/checkfile.c
+ client_libwallet_a_CPPFLAGS = $(REMCTL_CPPFLAGS) $(KRB5_CPPFLAGS)
+
+ # The client and server programs.
+ bin_PROGRAMS = client/wallet client/wallet-rekey
+ sbin_SCRIPTS = server/keytab-backend server/wallet-admin \
+ server/wallet-backend server/wallet-report
+-client_wallet_CPPFLAGS = $(REMCTL_CPPFLAGS) $(KRB5_CPPFLAGS)
+-client_wallet_LDFLAGS = $(REMCTL_LDFLAGS) $(KRB5_LDFLAGS)
++client_wallet_CPPFLAGS = $(REMCTL_CPPFLAGS) $(KRB5_CPPFLAGS) $(CRYPTO_CPPFLAGS)
++client_wallet_LDFLAGS = $(REMCTL_LDFLAGS) $(KRB5_LDFLAGS) $(CRYPTO_LDFLAGS)
+ client_wallet_LDADD = client/libwallet.a util/libutil.a \
+- portable/libportable.a $(REMCTL_LIBS) $(KRB5_LIBS)
+-client_wallet_rekey_CPPFLAGS = $(REMCTL_CPPFLAGS) $(KRB5_CPPFLAGS)
+-client_wallet_rekey_LDFLAGS = $(REMCTL_LDFLAGS) $(KRB5_LDFLAGS)
++ portable/libportable.a $(REMCTL_LIBS) $(KRB5_LIBS) $(CRYPTO_LIBS)
++client_wallet_rekey_CPPFLAGS = $(REMCTL_CPPFLAGS) $(KRB5_CPPFLAGS) $(CRYPTO_CPPFLAGS)
++client_wallet_rekey_LDFLAGS = $(REMCTL_LDFLAGS) $(KRB5_LDFLAGS) $(CRYPTO_LDFLAGS)
+ client_wallet_rekey_LDADD = client/libwallet.a util/libutil.a \
+- portable/libportable.a $(REMCTL_LIBS) $(KRB5_LIBS)
++ portable/libportable.a $(REMCTL_LIBS) $(KRB5_LIBS) $(CRYPTO_LIBS)
+
+ # The manual pages.
+ dist_man_MANS = client/wallet.1 client/wallet-rekey.1 server/keytab-backend.8 \
+@@ -189,18 +190,18 @@ dist_pkgdata_DATA = perl/sql/Wallet-Sche
+ # compiler warnings enabled as possible.
+ warnings:
+ $(MAKE) V=0 CFLAGS='$(WARNINGS_CFLAGS) $(AM_CFLAGS)' \
+- KRB5_CPPFLAGS='$(KRB5_CPPFLAGS_GCC)'
++ KRB5_CPPFLAGS='$(KRB5_CPPFLAGS_GCC)'
+ $(MAKE) V=0 CFLAGS='$(WARNINGS_CFLAGS) $(AM_CFLAGS)' \
+- KRB5_CPPFLAGS='$(KRB5_CPPFLAGS_GCC)' $(check_PROGRAMS)
++ KRB5_CPPFLAGS='$(KRB5_CPPFLAGS_GCC)' $(check_PROGRAMS)
+
+ # Remove some additional files.
+ CLEANFILES = perl/t/lib/Test/RRA.pm perl/t/lib/Test/RRA/Automake.pm \
+ perl/t/lib/Test/RRA/Config.pm server/keytab-backend \
+ server/wallet-admin server/wallet-backend server/wallet-report
+-MAINTAINERCLEANFILES = Makefile.in aclocal.m4 build-aux/compile \
+- build-aux/depcomp build-aux/install-sh build-aux/missing \
+- client/wallet.1 config.h.in config.h.in~ configure \
+- contrib/wallet-report.8 server/keytab-backend.8 \
++MAINTAINERCLEANFILES = Makefile.in aclocal.m4 build-aux/compile \
++ build-aux/depcomp build-aux/install-sh build-aux/missing \
++ client/wallet.1 config.h.in config.h.in~ configure \
++ contrib/wallet-report.8 server/keytab-backend.8 \
+ server/wallet-admin.8 server/wallet-backend.8 server/wallet-report.8
+
+ # For each of the Perl scripts, we need to fill in the path to the Perl
+@@ -226,17 +227,17 @@ all-local: perl/blib/lib/Wallet/Config.p
+
+ perl/blib/lib/Wallet/Config.pm: $(srcdir)/perl/lib/Wallet/Config.pm
+ set -e; if [ x"$(builddir)" != x"$(srcdir)" ] ; then \
+- for d in $(PERL_DIRECTORIES) ; do \
++ for d in $(PERL_DIRECTORIES) ; do \
+ [ -d "$(builddir)/$$d" ] || mkdir "$(builddir)/$$d" ; \
+- done ; \
+- for f in $(PERL_FILES) ; do \
++ done ; \
++ for f in $(PERL_FILES) ; do \
+ cp "$(srcdir)/$$f" "$(builddir)/$$f" ; \
+- done ; \
++ done ; \
+ fi
+ $(MKDIR_P) perl/t/lib/Test/RRA
+ $(INSTALL_DATA) $(srcdir)/tests/tap/perl/Test/RRA.pm perl/t/lib/Test/
+ $(INSTALL_DATA) $(srcdir)/tests/tap/perl/Test/RRA/Config.pm \
+- perl/t/lib/Test/RRA/
++ perl/t/lib/Test/RRA/
+ cd perl && $(PERL) Build.PL $(WALLET_PERL_FLAGS)
+ cd perl && ./Build
+
+@@ -251,13 +252,13 @@ perl/blib/lib/Wallet/Config.pm: $(srcdir
+ install-data-local:
+ set -e; flags= ; \
+ case "$(prefix)" in \
+- */_inst) flags="--install_base $(prefix)" ;; \
++ */_inst) flags="--install_base $(prefix)" ;; \
+ esac ; \
+ cd perl && ./Build install $$flags --destdir '$(DESTDIR)'
+
+ clean-local:
+ set -e; if [ -f "perl/Build" ] ; then \
+- cd perl && ./Build realclean ; \
++ cd perl && ./Build realclean ; \
+ fi
+
+ # Remove the Autoconf cache. Remove the files that we copy over if and only
+@@ -265,9 +266,9 @@ clean-local:
+ distclean-local:
+ rm -rf autom4te.cache
+ set -e; if [ x"$(builddir)" != x"$(srcdir)" ] ; then \
+- for f in $(PERL_FILES) ; do \
++ for f in $(PERL_FILES) ; do \
+ rm -f "$(builddir)/$$f" ; \
+- done ; \
++ done ; \
+ fi
+
+ # The bits below are for the test suite, not for the main package.
+@@ -313,8 +314,8 @@ check-local: $(check_PROGRAMS)
+ # Used by maintainers to check the source code with cppcheck.
+ check-cppcheck:
+ cd $(abs_top_srcdir) && cppcheck -q --error-exitcode=2 \
+- --suppressions-list=tests/data/cppcheck.supp \
+- --enable=warning,performance,portability,style .
++ --suppressions-list=tests/data/cppcheck.supp \
++ --enable=warning,performance,portability,style .
+
+ # Alas, we have to disable this check because there's no way to do an
+ # uninstall from Perl.
+--- a/configure.ac
++++ b/configure.ac
+@@ -74,6 +74,9 @@ AC_CHECK_FUNCS([krb5_appdefault_string],
+ AC_LIBOBJ([krb5-extra])
+ RRA_LIB_KRB5_RESTORE
+
++dnl Probe for optional libraries
++RRA_LIB_OPENSSL_OPTIONAL
++
+ dnl Probe for properties of the C library.
+ AC_HEADER_STDBOOL
+ AC_CHECK_HEADERS([strings.h sys/bitypes.h sys/uio.h sys/time.h syslog.h])
+--- /dev/null
++++ b/m4/openssl.m4
+@@ -0,0 +1,115 @@
++dnl Find the compiler and linker flags for OpenSSL.
++dnl
++dnl Finds the compiler and linker flags for linking with both the OpenSSL SSL
++dnl library and its crypto library. Provides the --with-openssl,
++dnl --with-openssl-lib, and --with-openssl-include configure options to
++dnl specify non-standard paths to the OpenSSL libraries.
++dnl
++dnl Provides the macro RRA_LIB_OPENSSL and sets the substitution variables
++dnl OPENSSL_CPPFLAGS, OPENSSL_LDFLAGS, OPENSSL_LIBS, CRYPTO_CPPFLAGS,
++dnl CRYPTO_LDFLAGS, and CRYPTO_LIBS. Also provides RRA_LIB_OPENSSL_SWITCH and
++dnl RRA_LIB_CRYPTO_SWITCH to set CPPFLAGS, LDFLAGS, and LIBS to include the
++dnl SSL or crypto libraries, saving the current values first, and
++dnl RRA_LIB_OPENSSL_RESTORE and RRA_LIB_CRYPTO_RESTORE to restore those
++dnl settings to before the last RRA_LIB_OPENSSL_SWITCH or
++dnl RRA_LIB_CRYPTO_SWITCH. Defines HAVE_OPENSSL and sets rra_use_OPENSSL to
++dnl true if the library is found.
++dnl
++dnl Provides the RRA_LIB_OPENSSL_OPTIONAL macro, which should be used if
++dnl OpenSSL support is optional. This macro will still set the substitution
++dnl variables and shell variables described above, but they'll be empty unless
++dnl OpenSSL libraries are detected. HAVE_OPENSSL will be defined only if the
++dnl library is found.
++dnl
++dnl Depends on RRA_ENABLE_REDUCED_DEPENDS and the lib-helper.m4 framework.
++dnl
++dnl The canonical version of this file is maintained in the rra-c-util
++dnl package, available at <https://www.eyrie.org/~eagle/software/rra-c-util/>.
++dnl
++dnl Written by Russ Allbery <eagle@eyrie.org>
++dnl Copyright 2016, 2018 Russ Allbery <eagle@eyrie.org>
++dnl Copyright 2010, 2013
++dnl The Board of Trustees of the Leland Stanford Junior University
++dnl
++dnl This file is free software; the authors give unlimited permission to copy
++dnl and/or distribute it, with or without modifications, as long as this
++dnl notice is preserved.
++dnl
++dnl SPDX-License-Identifier: FSFULLR
++
++dnl Save the current CPPFLAGS, LDFLAGS, and LIBS settings and switch to
++dnl versions that include the SSL or crypto flags. Used as a wrapper, with
++dnl RRA_LIB_OPENSSL_RESTORE or RRA_LIB_CRYPTO_RESTORE, around tests.
++AC_DEFUN([RRA_LIB_OPENSSL_SWITCH], [RRA_LIB_HELPER_SWITCH([OPENSSL])])
++AC_DEFUN([RRA_LIB_CRYPTO_SWITCH], [RRA_LIB_HELPER_SWITCH([CRYPTO])])
++
++dnl Restore CPPFLAGS, LDFLAGS, and LIBS to their previous values (before
++dnl RRA_LIB_OPENSSL_SWITCH or RRA_LIB_CRYPTO_SWITCH were called).
++AC_DEFUN([RRA_LIB_OPENSSL_RESTORE], [RRA_LIB_HELPER_RESTORE([OPENSSL])])
++AC_DEFUN([RRA_LIB_CRYPTO_RESTORE], [RRA_LIB_HELPER_RESTORE([CRYPTO])])
++
++dnl Check for the OpenSSL and crypto libraries and assemble OPENSSL_LIBS and
++dnl CRYPTO_LIBS. Helper function for _RRA_LIB_OPENSSL_INTERNAL. Must be
++dnl called with RRA_LIB_OPENSSL_SWITCH enabled.
++AC_DEFUN([_RRA_LIB_OPENSSL_INTERNAL_LIBS],
++[rra_openssl_extra=
++ LIBS=
++ AS_IF([test x"$rra_reduced_depends" != xtrue],
++ [AC_SEARCH_LIBS([dlopen], [dl])])
++ rra_openssl_extra="$LIBS"
++ LIBS="$rra_OPENSSL_save_LIBS"
++ AC_CHECK_LIB([crypto], [AES_cbc_encrypt],
++ [CRYPTO_LIBS="-lcrypto $rra_openssl_extra"],
++ [AS_IF([test x"$1" = xtrue],
++ [AC_MSG_ERROR([cannot find usable OpenSSL crypto library])])],
++ [$rra_openssl_extra])
++ AS_IF([test x"$rra_reduced_depends" = xtrue],
++ [AC_CHECK_LIB([ssl], [SSL_accept], [OPENSSL_LIBS=-lssl],
++ [AS_IF([test x"$1" = xtrue],
++ [AC_MSG_ERROR([cannot find usable OpenSSL library])])])],
++ [AC_CHECK_LIB([ssl], [SSL_accept],
++ [OPENSSL_LIBS="-lssl $CRYPTO_LIBS"],
++ [AS_IF([test x"$1" = xtrue],
++ [AC_MSG_ERROR([cannot find usable OpenSSL library])])],
++ [$CRYPTO_LIBS])])])
++
++dnl Checks if the OpenSSL header and OpenSSL and crypto libraries are present.
++dnl The single argument, if "true", says to fail if the OpenSSL SSL library
++dnl could not be found.
++AC_DEFUN([_RRA_LIB_OPENSSL_INTERNAL],
++[AC_REQUIRE([RRA_ENABLE_REDUCED_DEPENDS])
++ RRA_LIB_HELPER_PATHS([OPENSSL])
++ CRYPTO_CPPFLAGS="$OPENSSL_CPPFLAGS"
++ CRYPTO_LDFLAGS="$OPENSSL_LDFLAGS"
++ CRYPTO_LIBS=
++ AC_SUBST([CRYPTO_CPPFLAGS])
++ AC_SUBST([CRYPTO_LDFLAGS])
++ AC_SUBST([CRYPTO_LIBS])
++ RRA_LIB_OPENSSL_SWITCH
++ AC_CHECK_HEADER([openssl/ssl.h],
++ [_RRA_LIB_OPENSSL_INTERNAL_LIBS([$1])],
++ [AS_IF([test x"$1" = xtrue],
++ [AC_MSG_ERROR([cannot find usable OpenSSL header])])])
++ RRA_LIB_OPENSSL_RESTORE])
++
++dnl The main macro for packages with mandatory OpenSSL support.
++AC_DEFUN([RRA_LIB_OPENSSL],
++[RRA_LIB_HELPER_VAR_INIT([OPENSSL])
++ RRA_LIB_HELPER_WITH([openssl], [OpenSSL], [OPENSSL])
++ _RRA_LIB_OPENSSL_INTERNAL([true])
++ rra_use_OPENSSL=true
++ AC_DEFINE([HAVE_OPENSSL], 1, [Define if libssl is available.])])
++
++dnl The main macro for packages with optional OpenSSL support.
++AC_DEFUN([RRA_LIB_OPENSSL_OPTIONAL],
++[RRA_LIB_HELPER_VAR_INIT([OPENSSL])
++ RRA_LIB_HELPER_WITH_OPTIONAL([openssl], [OpenSSL], [OPENSSL])
++ AS_IF([test x"$rra_use_OPENSSL" != xfalse],
++ [AS_IF([test x"$rra_use_OPENSSL" = xtrue],
++ [_RRA_LIB_OPENSSL_INTERNAL([true])],
++ [_RRA_LIB_OPENSSL_INTERNAL([false])])])
++ AS_IF([test x"$OPENSSL_LIBS" = x],
++ [RRA_LIB_HELPER_VAR_CLEAR([OPENSSL])
++ RRA_LIB_HELPER_VAR_CLEAR([CRYPTO])],
++ [rra_use_OPENSSL=true
++ AC_DEFINE([HAVE_OPENSSL], 1, [Define if libssl is available.])])])
+--- /dev/null
++++ b/m4/lib-helper.m4
+@@ -0,0 +1,149 @@
++dnl Helper functions to manage compiler variables.
++dnl
++dnl These are a wide variety of helper macros to make it easier to construct
++dnl standard macros to probe for a library and to set library-specific
++dnl CPPFLAGS, LDFLAGS, and LIBS shell substitution variables. Most of them
++dnl take as one of the arguments the prefix string to use for variables, which
++dnl is usually something like "KRB5" or "GSSAPI".
++dnl
++dnl Depends on RRA_SET_LDFLAGS.
++dnl
++dnl The canonical version of this file is maintained in the rra-c-util
++dnl package, available at <https://www.eyrie.org/~eagle/software/rra-c-util/>.
++dnl
++dnl Written by Russ Allbery <eagle@eyrie.org>
++dnl Copyright 2018 Russ Allbery <eagle@eyrie.org>
++dnl Copyright 2011, 2013
++dnl The Board of Trustees of the Leland Stanford Junior University
++dnl
++dnl This file is free software; the authors give unlimited permission to copy
++dnl and/or distribute it, with or without modifications, as long as this
++dnl notice is preserved.
++dnl
++dnl SPDX-License-Identifier: FSFULLR
++
++dnl Add the library flags to the default compiler flags and then remove them.
++dnl
++dnl To use these macros, pass the prefix string used for the variables as the
++dnl only argument. For example, to use these for a library with KRB5 as a
++dnl prefix, one would use:
++dnl
++dnl AC_DEFUN([RRA_LIB_KRB5_SWITCH], [RRA_LIB_HELPER_SWITCH([KRB5])])
++dnl AC_DEFUN([RRA_LIB_KRB5_RESTORE], [RRA_LIB_HELPER_RESTORE([KRB5])])
++dnl
++dnl Then, wrap checks for library features with RRA_LIB_KRB5_SWITCH and
++dnl RRA_LIB_KRB5_RESTORE.
++AC_DEFUN([RRA_LIB_HELPER_SWITCH],
++[rra_$1[]_save_CPPFLAGS="$CPPFLAGS"
++ rra_$1[]_save_LDFLAGS="$LDFLAGS"
++ rra_$1[]_save_LIBS="$LIBS"
++ CPPFLAGS="$$1[]_CPPFLAGS $CPPFLAGS"
++ LDFLAGS="$$1[]_LDFLAGS $LDFLAGS"
++ LIBS="$$1[]_LIBS $LIBS"])
++
++AC_DEFUN([RRA_LIB_HELPER_RESTORE],
++[CPPFLAGS="$rra_$1[]_save_CPPFLAGS"
++ LDFLAGS="$rra_$1[]_save_LDFLAGS"
++ LIBS="$rra_$1[]_save_LIBS"])
++
++dnl Given _root, _libdir, and _includedir variables set for a library (set by
++dnl RRA_LIB_HELPER_WITH*), set the LDFLAGS and CPPFLAGS variables for that
++dnl library accordingly. Takes the variable prefix as the only argument.
++AC_DEFUN([RRA_LIB_HELPER_PATHS],
++[AS_IF([test x"$rra_$1[]_libdir" != x],
++ [$1[]_LDFLAGS="-L$rra_$1[]_libdir"],
++ [AS_IF([test x"$rra_$1[]_root" != x],
++ [RRA_SET_LDFLAGS([$1][_LDFLAGS], [${rra_$1[]_root}])])])
++ AS_IF([test x"$rra_$1[]_includedir" != x],
++ [$1[]_CPPFLAGS="-I$rra_$1[]_includedir"],
++ [AS_IF([test x"$rra_$1[]_root" != x],
++ [AS_IF([test x"$rra_$1[]_root" != x/usr],
++ [$1[]_CPPFLAGS="-I${rra_$1[]_root}/include"])])])])
++
++dnl Check whether a library works. This is used as a sanity check on the
++dnl results of *-config shell scripts. Takes four arguments; the first, if
++dnl "true", says that a working library is mandatory and errors out if it
++dnl doesn't. The second is the variable prefix. The third is a function to
++dnl look for that should be in the libraries. The fourth is the
++dnl human-readable name of the library for error messages.
++AC_DEFUN([RRA_LIB_HELPER_CHECK],
++[RRA_LIB_HELPER_SWITCH([$2])
++ AC_CHECK_FUNC([$3], [],
++ [AS_IF([test x"$1" = xtrue],
++ [AC_MSG_FAILURE([unable to link with $4 library])])
++ $2[]_CPPFLAGS=
++ $2[]_LDFLAGS=
++ $2[]_LIBS=])
++ RRA_LIB_HELPER_RESTORE([$2])])
++
++dnl Initialize the variables used by a library probe and set the appropriate
++dnl ones as substitution variables. Takes the library variable prefix as its
++dnl only argument.
++AC_DEFUN([RRA_LIB_HELPER_VAR_INIT],
++[rra_$1[]_root=
++ rra_$1[]_libdir=
++ rra_$1[]_includedir=
++ rra_use_$1=
++ $1[]_CPPFLAGS=
++ $1[]_LDFLAGS=
++ $1[]_LIBS=
++ AC_SUBST([$1][_CPPFLAGS])
++ AC_SUBST([$1][_LDFLAGS])
++ AC_SUBST([$1][_LIBS])])
++
++dnl Unset all of the variables used by a library probe. Used with the
++dnl _OPTIONAL versions of header probes when a header or library wasn't found
++dnl and therefore the library isn't usable.
++AC_DEFUN([RRA_LIB_HELPER_VAR_CLEAR],
++[$1[]_CPPFLAGS=
++ $1[]_LDFLAGS=
++ $1[]_LIBS=])
++
++dnl Handles --with options for a non-optional library. First argument is the
++dnl base for the switch names. Second argument is the short description.
++dnl Third argument is the variable prefix. The variables set are used by
++dnl RRA_LIB_HELPER_PATHS.
++AC_DEFUN([RRA_LIB_HELPER_WITH],
++[AC_ARG_WITH([$1],
++ [AS_HELP_STRING([--with-][$1][=DIR],
++ [Location of $2 headers and libraries])],
++ [AS_IF([test x"$withval" != xyes && test x"$withval" != xno],
++ [rra_$3[]_root="$withval"])])
++ AC_ARG_WITH([$1][-include],
++ [AS_HELP_STRING([--with-][$1][-include=DIR],
++ [Location of $2 headers])],
++ [AS_IF([test x"$withval" != xyes && test x"$withval" != xno],
++ [rra_$3[]_includedir="$withval"])])
++ AC_ARG_WITH([$1][-lib],
++ [AS_HELP_STRING([--with-][$1][-lib=DIR],
++ [Location of $2 libraries])],
++ [AS_IF([test x"$withval" != xyes && test x"$withval" != xno],
++ [rra_$3[]_libdir="$withval"])])])
++
++dnl Handles --with options for an optional library, so --with-<library> can
++dnl cause the checks to be skipped entirely or become mandatory. Sets an
++dnl rra_use_PREFIX variable to true or false if the library is explicitly
++dnl enabled or disabled.
++dnl
++dnl First argument is the base for the switch names. Second argument is the
++dnl short description. Third argument is the variable prefix.
++dnl
++dnl The variables set are used by RRA_LIB_HELPER_PATHS.
++AC_DEFUN([RRA_LIB_HELPER_WITH_OPTIONAL],
++[AC_ARG_WITH([$1],
++ [AS_HELP_STRING([--with-][$1][@<:@=DIR@:>@],
++ [Location of $2 headers and libraries])],
++ [AS_IF([test x"$withval" = xno],
++ [rra_use_$3=false],
++ [AS_IF([test x"$withval" != xyes], [rra_$3[]_root="$withval"])
++ rra_use_$3=true])])
++ AC_ARG_WITH([$1][-include],
++ [AS_HELP_STRING([--with-][$1][-include=DIR],
++ [Location of $2 headers])],
++ [AS_IF([test x"$withval" != xyes && test x"$withval" != xno],
++ [rra_$3[]_includedir="$withval"])])
++ AC_ARG_WITH([$1][-lib],
++ [AS_HELP_STRING([--with-][$1][-lib=DIR],
++ [Location of $2 libraries])],
++ [AS_IF([test x"$withval" != xyes && test x"$withval" != xno],
++ [rra_$3[]_libdir="$withval"])])])
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-05 15:46:58 +0000