summaryrefslogtreecommitdiffstats
path: root/src/configure.in
Commit message (Collapse)AuthorAgeFilesLines
* Assume <stdint.h> and fixed-width typesGreg Hudson2014-02-261-57/+0
| | | | | | | Make unconditional use of <stdint.h> and fixed-width types such as uint32_t. k5-plugin.h doesn't use any special integer types, so remove the conditional include block there. Nothing uses INT64_FMT/UINT64_FMT, so leave those out of k5-platform.h for now.
* Avoid duplicate "/etc/krb5.conf" in profile pathTom Yu2014-02-261-0/+9
| | | | | | | | | | | | | | | | If configure gets run with --sysconfdir=/etc, "/etc/krb5.conf" shows up twice in the profile path, which causes its contents to be read twice. This can cause some confusing and possibly problematic behavior. Add some logic to configure.in to avoid adding the duplicate entry for "/etc/krb5.conf". Reported independently by Denis Vlasenko and Fredrik Tolf. ticket: 3277 tags: pullup target_version: 1.12.2
* Move OTP sockets to KDC_RUN_DIRNathaniel McCallum2014-02-061-0/+6
| | | | | | | | | | | | Some system configurations expect Unix-domain sockets to live under /run or /var/run, and not other parts of /var where persistent application state lives. Define a new directory KDC_RUN_DIR using $runstatedir (new in autoconf 2.70, so fall back to $localstatedir/run if it's not set) and use that for the default socket path. [ghudson@mit.edu: commit message, otp.rst formatting fix] ticket: 7859 (new)
* Remove krb5-send-prTom Yu2014-01-281-1/+1
| | | | | | | Remove the GNATS-based krb5-send-pr script and replace it with a script that instructs users to send email. ticket: 7840 (new)
* Restrict AES-NI support to ELF platforms for nowGreg Hudson2014-01-101-5/+10
| | | | | | | | | | | Since we explicitly specify the ELF object format when building iaesx86.s or iaesx64.s, we need to restrict it to operating systems we know to be ELF platforms. Otherwise we can break the build on OS X, which uses the Mach-O object format. ticket: 7812 target_version: 1.12.1 tags: pullup
* Test for verto_set_flags in system libvertoGreg Hudson2013-12-201-1/+1
| | | | | | | | | | libkrad relies on verto_set_flags, which was added to libverto in release 0.2.4. Make sure the system libverto has this function before choosing it over the built-in version. ticket: 7808 (new) target_version: 1.12.1 tags: pullup
* Remove dangling --with-kdc-kdb-update referencesGreg Hudson2013-11-171-10/+0
| | | | | | This configure option hasn't done anything since 1.8, so don't mention it in configure --help or the documentation. The disable_last_success and disable_lockout DB options are now used to turn it off.
* Remove old master key testsGreg Hudson2013-10-251-1/+1
| | | | | | | | | | | | | | | Remove tests/mkeystash_compat and tests/mk_migr. These are superseded by t_mkey.py, with two exceptions: tests/mk_migr included tests for password history across master key rollovers. Historical keys are encrypted in the kadmin/history key (which is accessed like any other key), so there isn't a specific need to test this unless we implement #1221. tests/mk_migr had provisions for testing master key rollover with the LDAP KDB module. All master key logic used in the LDAP KDB module is shared with the DB2 module in lib/kdb, so there is no specific need to test this combination.
* KDC Audit infrastructure and plugin implementationZhanna Tsitkov2013-10-041-0/+26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Per project http://k5wiki.kerberos.org/wiki/Projects/Audit The purpose of this project is to create an Audit infrastructure to monitor security related events on the KDC. The following events are targeted in the initial version: - startup and shutdown of the KDC; - AS_REQ and TGS_REQ exchanges. This includes client address and port, KDC request and request ID, KDC reply, primary and derived ticket and their ticket IDs, second ticket ID, cross-realm referral, was ticket renewed and validated, local policy violation and protocol constraints, and KDC status message. Ticket ID is introduced to allow to link tickets to their initial TGT at any stage of the Kerberos exchange. For the purpose of this project it is a private to KDC ticket ID: each successfully created ticket is hashed and recorded into audit log. The administrators can correlate the primary and derived ticket IDs after the fact. Request ID is a randomly generated alpha-numeric string. Using this ID an administrator can easily correlate multiple audit events related to a single request. It should be informative both in cases when the request is sent to multiple KDCs, or to the same KDC multiple times. For the purpose of testing and demo of the Audit, the JSON based modules are implemented: "test" and "simple" audit modules respectively. The file plugins/audit/j_dict.h is a dictionary used in this implememtations. The new Audit system is build-time enabled and run-time pluggable. [kaduk@mit.edu: remove potential KDC crashes, minor reordering] ticket: 7712 target_version: 1.12
* Add hostrealm interface testsGreg Hudson2013-08-151-0/+1
| | | | | | | | | | Create a test module for the hostrealm interface, a harness to call the realm mapping functions and display their results, and a Python script to exercise the functionality of the interface and each module (except the dns module, which we cannot easily test since it relies on TXT records in the public DNS). ticket: 7687
* Add server-side otp preauth pluginNathaniel McCallum2013-07-111-0/+1
| | | | | | | | | | This plugin implements the proposal for providing OTP support by proxying requests to RADIUS. Details can be found inside the provided documentation as well as on the project page. http://k5wiki.kerberos.org/wiki/Projects/OTPOverRADIUS ticket: 7678
* Add libkradNathaniel McCallum2013-07-111-1/+1
| | | | | | | | The new library libkrad provides code for the parsing of RADIUS packets as well as client implementation based around libverto. This library should be considered unstable. ticket: 7678 (new)
* Add tests for pwqual modules and plugin orderingGreg Hudson2013-06-271-0/+1
| | | | | | | | | | Create a test module for the pwqual interface, and script to exercise the built-in and test modules through kadmin.local. Also create a test harness to display the order of pwqual modules for the current configuration, and use it to test the plugin module ordering guarantees. ticket: 7665
* Change message macro for configure selectionGilles Espinasse2013-05-291-5/+5
| | | | | | | | | | AC_MSG_RESULT is to print result after AC_MSG_CHECKING. AC_MSG_NOTICE is to deliver message to user. So use AC_MSG_NOTICE for --with options. Remove overquoting too. ticket: 7648
* Add AES-NI support on LinuxGreg Hudson2013-05-241-0/+33
| | | | | | | If yasm and cpuid.h are present on a Linux i686 or x64 system, compile the modified Intel AES-NI assembly sources. In the builtin AES enc provider, check at runtime whether the CPU supports AES-NI instructions and use the assembly functions if so.
* Disable UDP pass of gssrpc tests on all platformsGreg Hudson2013-05-011-10/+1
| | | | | | | | | | | | | | | The AUTH_GSSAPI flavor of rpc authentication uses IP address channel bindings. These are broken over UDP, because svcudp_recv() fails to get the destination address of incoming packets (it tries to use the recvmsg() msg_name field to get the destination IP address, which instead gets the source address; see ticket #5540). There is no simple or comprehensive way to fix this; using IP_PKTINFO is a fair amount of code and only works on some platforms. It's also not very important--nobody should be using AUTH_GSSAPI except perhaps for compatibility with really old kadmin, and kadmin only runs over TCP. Since the gssrpc tests are closely wedded to AUTH_GSSAPI, the simplest fix is to only run the TCP pass.
* Add gssrpc to pkg-configGünther Deschner2013-05-011-0/+1
| | | | ticket: 7620
* Add tests for localauth interfaceGreg Hudson2013-03-091-0/+1
| | | | | | | | Create a test module, program, and script to exercise the krb5_aname_to_localname and krb5_k5userok functions as well as the localauth pluggable interface. ticket: 7583
* Refactor LDAP DB option parsing codeGreg Hudson2013-01-281-2/+1
| | | | | | | | | | krb5_ldap_open and krb5_ldap_create contain two large, almost identical blocks of DB option processing code. Factor it out into a new function krb5_ldap_parse_db_params in ldap_misc.c, and simplify the factored-out code. Create a helper function to add server entries and use it to simplify krb5_ldap_read_server_params as well as DB option parsing. Since the new DB option helper uses isspace instead of isblank, we no longer require portability goop for isblank.
* Install pkg-config data filesGreg Hudson2013-01-041-1/+9
| | | | | | | | | | | Add seven data files for pkg-config, corresponding to the five modules supported by krb5-config. For krb5 and krb5-gssapi, we also provide mit- versions for callers desiring to distinguish between our implementation and Heimdal's. Based on a patch from Stef Walter <stefw@gnome.org>. ticket: 7529 (new)
* Move krb5-config to new src/build-tools directoryGreg Hudson2013-01-041-2/+2
| | | | | | In preparation for adding a bunch of pkg-config data files, move krb5-config into a new source tree subdirectory containing tools we provide as outputs to other build systems.
* Avoid using grep -q in configure.inGreg Hudson2012-11-151-1/+1
| | | | grep -q isn't as portable as we would like, so don't use it.
* Remove nroff man pagesBen Kaduk2012-10-161-1/+1
| | | | | | | We generate man pages from RST sources now; they are checked into the tree in src/man/. The gen-manpages directory is no longer needed.
* Avoid libdl dependencies in bundled libvertoGreg Hudson2012-09-041-4/+3
| | | | | | | | | | | | | | The upstream libverto depends on dynamic loading and in particular on dladdr(), which is not universal. To avoid this dependency, stub out support for module loading (by replacing module.c) and instead integrate the k5ev module directly into the bundled verto library. This change removes the need to link, include, and invoke libverto differently depending on whether we're using the bundled library; we can always just link with -lverto and call verto_default(). bigredbutton: whitespace ticket: 7351 (new)
* Change default client keytab nameGreg Hudson2012-08-021-2/+7
| | | | | | | Change the default client keytab name, if not overridden at build time, to FILE:$localstatedir/krb5/user/%{euid}/client.keytab. Introduce a second file from the autoconf archives in order to recursively expand $localstatedir within configure.in.
* Support changing the built-in ccache/keytab namesGreg Hudson2012-07-241-0/+35
| | | | | | | | | | | | | | * Add DEFCCNAME, DEFKTNAME, and DEFCKTNAME configure variables to change the built-in ccache and keytab names. * Add krb5-config options to display the built-in ccache and keytab names. * In the default build, use krb5-config to discover the system's built-in ccache and keytab names and use them (if not overridden). This can be controlled with the --with-krb5-config=PATH or --without-krb5-config configure options. * Make the built-in ccache name subject to parameter expansion. ticket: 7221 (new)
* Install path-substituted man pagesGreg Hudson2012-03-231-1/+1
| | | | | | | | | | | | | | Introduce src/doc/Makefile.in, which will eventually subsume doc/Makefile (but will still pull sources from doc). In the rstman target there, create man pages with symbolic path references (like @SBINDIR@). In man/Makefile.in, substitute the path references with the configured paths before installing. Man pages generated from RST source are now checked into the source tree under the name filename.man. This lets us use a single implicit .man.sub rule for the path substitutions. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25786 dc483132-0cff-0310-8789-dd5450dbe970
* Make localedir work in build with autoconf 2.5xGreg Hudson2012-03-191-0/+6
| | | | | | | | | | | autoconf 2.5x does not define localedir, so we have to detect that and do it ourselves. ticket: 7095 target_version: 1.10.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25777 dc483132-0cff-0310-8789-dd5450dbe970
* Patch from Richard Basch to work around Solaris 8 lacking isblank()Tom Yu2012-02-271-1/+1
| | | | | | | | ticket: 7074 target_version: 1.10.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25716 dc483132-0cff-0310-8789-dd5450dbe970
* install sphinx-generated manpagesTom Yu2012-01-091-1/+3
| | | | | | | | | | | | | | | | | Install sphinx-generated manpages. Original nroff manpages remain for reference until proofreading is complete. Modify doc/rst_source/conf.py to better deal with shadow manpages -- sphinx will now build k5login.5 instead of .k5login.5, and kadmin.1 instead of both kadmin.1 and kadmin.local.8. Proofreaders should ensure that the original nroff manpages (and associated Makefile rules) are deleted once their reST format equivalents have been proofread. ticket: 7064 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25625 dc483132-0cff-0310-8789-dd5450dbe970
* Add test cases for PKINIT ASN.1 encodersGreg Hudson2012-01-061-0/+3
| | | | | | | | | | | | Do not add decode tests, because those would trip some bugs in the decoders, and we can't safely fix some of those bugs without interop testing. Encode tests are sufficient to detect when we unintentionally change the output of the encoders. Fix trval2() not to use the context shortcut on primitive context tags. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25609 dc483132-0cff-0310-8789-dd5450dbe970
* Fix --with-system-verto without pkg-configGreg Hudson2011-11-291-1/+1
| | | | | | | | | | | | If we're using the system verto and pkg-config isn't found but libverto is, set VERTO_LIBS to just -lverto as there won't be a k5ev module. ticket: 7029 target_version: 1.10 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25493 dc483132-0cff-0310-8789-dd5450dbe970
* AC_CHECK_LIB should put -lcrypto in PKINIT_CRYPTO_IMPL_LIBS not LIBSSam Hartman2011-11-291-1/+1
| | | | | | | | | for pkinit. A similar problem exists for crypto_impl and is not addressed by this patch. ticket: new Subject: LIBS should not include PKINIT_CRYPTO_IMPL_LIBS tags: pullup target_version: 1.10 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25491 dc483132-0cff-0310-8789-dd5450dbe970
* Fix warnings and version check for NSS pkinitGreg Hudson2011-11-071-4/+2
| | | | | | | | | | From nalin@redhat.com. ticket: 6999 target_version: 1.10 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25445 dc483132-0cff-0310-8789-dd5450dbe970
* Conditionalize po subdir on msgfmt, not dgetextGreg Hudson2011-11-011-2/+6
| | | | | | | | | | | | The presence of dgettext in libc or libintl doesn't imply that msgfmt is installed, so conditionalize building the po subdir on whether msgfmt is installed. ticket: 6997 target_version: 1.10 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25425 dc483132-0cff-0310-8789-dd5450dbe970
* Add AC_LANG_SOURCE to PKINIT NSS version checkGreg Hudson2011-10-171-2/+2
| | | | | | | | The configure.in code for the PKINIT NSS back end version check was copied from the k5crypto NSS back end version check, but from before r25181 which added AC_LANG_SOURCE wrappers. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25360 dc483132-0cff-0310-8789-dd5450dbe970
* Add PKINIT NSS supportGreg Hudson2011-10-131-0/+42
| | | | | | | | | Add an implementation of PKINIT using NSS instead of OpenSSL, from nalin@redhat.com. ticket: 6975 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25327 dc483132-0cff-0310-8789-dd5450dbe970
* Add krb5int_gettimeofday to k5sprt for platforms w/o native gettimeofdaySam Hartman2011-10-051-0/+11
| | | | | | | | | | Microsecond accuracy on _WIN32, but only one second accuracy on other, AFAIK purely hypothetical, platforms that lack native gettimeofday. Shamelessly cribbed from Heimdal. Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25310 dc483132-0cff-0310-8789-dd5450dbe970
* Revert r25274 and just don't include sys/cdefs.hGreg Hudson2011-09-281-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25283 dc483132-0cff-0310-8789-dd5450dbe970
* Windows fix: add sys/cdefs.h to AC_CHECK_HEADERS and use guard macroSam Hartman2011-09-281-1/+1
| | | | | | Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25274 dc483132-0cff-0310-8789-dd5450dbe970
* Recast encrypted challenge as linked built-insGreg Hudson2011-09-231-1/+1
| | | | | | | | Since it has no external dependencies, split up encrypted preauth into clpreauth and kdcpreauth chunks and link them directly into the consumers. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25227 dc483132-0cff-0310-8789-dd5450dbe970
* Don't check for memmove, inet_ntoa, inet_aton, pthread.h, orKen Raeburn2011-09-181-3/+2
| | | | | | semaphore.h, since the results of the tests are never used. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25182 dc483132-0cff-0310-8789-dd5450dbe970
* Add invocations of AC_LANG_SOURCE to deal with autoconf 2.68 warningKen Raeburn2011-09-181-8/+8
| | | | | | | messages. Verified to produce the same configure script (under autoconf 2.68 on Mac OS X) as before. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25181 dc483132-0cff-0310-8789-dd5450dbe970
* Change how bundled libverto is linkedGreg Hudson2011-09-061-1/+2
| | | | | | | | | Give libverto-k5ev a header file. When using the internal verto library, link against -lverto-k5ev and use verto_default_k5ev() instead of verto_default(), bypassing the module loading logic and making static builds possible. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25166 dc483132-0cff-0310-8789-dd5450dbe970
* Add ccache collection support to toolsGreg Hudson2011-09-051-1/+1
| | | | | | | | | | | | | | | | * "kdestroy -A" destroys all caches in collection. * "kinit princ" searches the collection for a matching cache and overwrites it, or creates a new cache in the collection, if the type of the default cache is collection-enabled. The chosen cache also becomes the primary cache for the collection. * "klist -l" lists (in summary form) the caches in the collection. * "klist -A" lists the content of all of the caches in the collection. * "kswitch -c cache" (new command) makes cache the primary cache. * "kswitch -p princ" makes the cache for princ the primary cache. ticket: 6956 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25157 dc483132-0cff-0310-8789-dd5450dbe970
* Add fnmatch support to libkrb5supportGreg Hudson2011-09-051-3/+19
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25153 dc483132-0cff-0310-8789-dd5450dbe970
* Create k5ev verto module from libev sourcesGreg Hudson2011-09-021-0/+28
| | | | | | | | Add configure and build support for libverto and the libverto-k5ev module. Fix the version script rules to work for libraries with hyphens in their names. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25127 dc483132-0cff-0310-8789-dd5450dbe970
* Only build the po subdir if i18n is enabledGreg Hudson2011-08-241-0/+3
| | | | | | Also clean the built message catalogs in "make clean". git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25112 dc483132-0cff-0310-8789-dd5450dbe970
* Fix configure logic when libedit isn't presentGreg Hudson2011-07-221-1/+2
| | | | | | | The configure script was correctly detecting that libedit was absent, but was setting RL_CFLAGS to garbage in the process. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25036 dc483132-0cff-0310-8789-dd5450dbe970
* Add libedit/readline support to ssGreg Hudson2011-07-221-0/+38
| | | | | | | | | | | By default, look for libedit (using pkg-config) and use it in libss. Alternatively, the builder can explicitly ask for GNU Readline, but using it will break the dejagnu test suite and will also add a GPL dependency to libss and the programs using it. ticket: 6931 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25035 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2024-04-30 14:53:31 +0000