AC_INIT(configure.in)
CONFIG_RULES
dnl
dnl
dnl We cannot use the autoconf form as it is too generic and sets other
dnl variables. This is only for the purpose of changing the link options.
AC_MSG_CHECKING(whether we are using GNU C)
AC_CACHE_VAL(krb5_cv_prog_gcc,
[
AC_EGREP_CPP(yes,[#ifdef __GNUC__
yes;
#endif],krb5_cv_prog_gcc=yes,krb5_cv_prog_gcc=no)
])dnl
AC_MSG_RESULT($krb5_cv_prog_gcc)
dnl
AC_MSG_CHECKING([for build host])
AC_CACHE_VAL(krb5_cv_host, [export CC
AC_CANONICAL_HOST
krb5_cv_host=$host])
AC_MSG_RESULT($krb5_cv_host)
AC_ARG_ENABLE([shared],
[ --enable-shared build shared libraries],[
case $krb5_cv_host in
*-*-netbsd*)
echo "Enabling shared libraries for NetBSD...."
krb5_cv_shlibs_cflags=-fpic
krb5_cv_shlibs_ext=so.0.0
krb5_cv_noshlibs_ext=a
krb5_cv_shlibs_dir=shared
krb5_cv_shlibs_ldflag=
krb5_cv_noshlibs_ldflag="-static"
krb5_cv_shlibs_sym_ufo="-u "
krb5_cv_shlibs_dirhead="-L"
krb5_cv_exe_need_dirs=yes
krb5_cv_shlibs_use_dirs=yes
krb5_cv_shlibs_use_colon_dirs=no
krb5_cv_shlibs_tail_comp=
krb5_cv_shlibs_enabled=yes
krb5_cv_staticlibs_enabled=yes
;;
*-*-linux*)
echo "Enabling shared libraries for Linux...."
krb5_cv_shlibs_cflags=-fPIC
krb5_cv_shlibs_ext=so
krb5_cv_noshlibs_ext=a
krb5_cv_shlibs_dir=shared
krb5_cv_shlibs_ldflag="-dy"
krb5_cv_noshlibs_ldflag="-dn"
krb5_cv_shlibs_sym_ufo="-u "
krb5_cv_shlibs_dirhead="-R"
krb5_cv_exe_need_dirs=yes
krb5_cv_shlibs_use_dirs=yes
krb5_cv_shlibs_use_colon_dirs=no
krb5_cv_shlibs_tail_comp=
krb5_cv_shlibs_enabled=yes
krb5_cv_staticlibs_enabled=yes
;;
*-*-aix*)
echo "Enabling shared libraries for AIX...."
krb5_cv_shlibs_cflags=
krb5_cv_shlibs_ext=a
krb5_cv_noshlibs_ext=do-not-make
krb5_cv_shlibs_dir=
if test $krb5_cv_prog_gcc = yes ; then
krb5_cv_shlibs_ldflag="-Xlinker -bex4:\$(BUILDTOP)/util/aix.bincmds"
krb5_cv_noshlibs_ldflag=
else
krb5_cv_shlibs_ldflag="-bex4:\$(BUILDTOP)/util/aix.bincmds"
krb5_cv_noshlibs_ldflag=
fi
krb5_cv_shlibs_sym_ufo=
krb5_cv_shlibs_dirhead="-L"
krb5_cv_exe_need_dirs=yes
krb5_cv_shlibs_use_dirs=no
krb5_cv_shlibs_use_colon_dirs=no
krb5_cv_staticlibs_enabled=
krb5_cv_shlibs_tail_comp=
krb5_cv_shlibs_enabled=yes
;;
*-*-solaris*)
echo "Enabling shared libraries for Solaris...."
if test $krb5_cv_prog_gcc = yes; then
krb5_cv_shlibs_cflags=-fpic
else
krb5_cv_shlibs_cflags=-Kpic
fi
krb5_cv_shlibs_ext=so
krb5_cv_noshlibs_ext=a
krb5_cv_shlibs_dir=shared
krb5_cv_shlibs_ldflag="-dy"
krb5_cv_noshlibs_ldflag="-dn"
krb5_cv_shlibs_sym_ufo="-u "
krb5_cv_shlibs_dirhead="-R"
krb5_cv_exe_need_dirs=yes
krb5_cv_shlibs_use_dirs=yes
krb5_cv_shlibs_use_colon_dirs=no
krb5_cv_shlibs_tail_comp=
krb5_cv_staticlibs_enabled=yes
krb5_cv_shlibs_enabled=yes
;;
alpha-dec-osf*)
echo "Enabling shared libraries for Alpha OSF...."
krb5_cv_shlibs_cflags=
krb5_cv_shlibs_ext=so
krb5_cv_noshlibs_ext=a
krb5_cv_shlibs_dir=
krb5_cv_shlibs_ldflag="-call_shared"
krb5_cv_noshlibs_ldflag="-non_shared"
krb5_cv_shlibs_sym_ufo="-expect_unresolved "
krb5_cv_shlibs_dirhead="-rpath"
krb5_cv_exe_need_dirs=no
krb5_cv_shlibs_use_dirs=yes
krb5_cv_shlibs_use_colon_dirs=yes
krb5_cv_shlibs_tail_comp=
krb5_cv_staticlibs_enabled=yes
krb5_cv_shlibs_enabled=yes
if test ! -f so_locations; then
cp -p /usr/shlib/so_locations .
fi
if test $krb5_cv_prog_gcc = yes; then
krb5_cv_shlibs_ldflag=
krb5_cv_noshlibs_ldflag="-static"
fi
;;
*)
echo " "
echo "Shared libraries not supported on $krb5_cv_host"
exit 1
;;
esac],[krb5_cv_shlibs_cflags=
krb5_cv_shlibs_ext=
krb5_cv_noshlibs_ext=a
krb5_cv_shlibs_dir=
krb5_cv_shlibs_ldflag=
krb5_cv_noshlibs_ldflag=
krb5_cv_shlibs_sym_ufo=
krb5_cv_shlibs_dirhead=
krb5_cv_shlibs_tail_comp=
krb5_cv_staticlibs_enabled=yes
krb5_cv_shlibs_enabled=])
AC_ARG_ENABLE([athena],
[ --enable-athena build with MIT Project Athena configuration],,)
if test -z "$KRB4_LIB"; then
kadminv4=""
krb524=""
else
kadminv4=kadmin.v4
krb524=krb524
fi
CONFIG_DIRS(util include lib kdc admin kadmin $kadminv4 kadmin.old $krb524 slave clients appl tests)
DO_SUBDIRS
dnl dnl AC_OUTPUT(Makefile,[EXTRA_RULES])
V5_AC_OUTPUT_MAKEFILE
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
#!/bin/sh
if $VERBOSE; then
REDIRECT=
else
REDIRECT='>/dev/null'
fi
# Requires that $K5ROOT, /etc/krb.conf, and .k5.$REALM be world-writeable.
if [ "$TOP" = "" ]; then
echo "init_db: Environment variable \$TOP must point to top of build tree" 1>&2
exit 1
fi
if [ "$STOP" = "" ]; then
echo "init_db: Environment variable \$STOP must point to top of source tree" 1>&2
exit 1
fi
IROOT=$TOP/..
ADMIN=$TOP/dbutil
BIN=$IROOT/bin
ETC=$IROOT/etc
SBIN=$TOP/keytab:$TOP/server
DUMMY=${REALM=SECURE-TEST.OV.COM}; export REALM
DUMMY=${TESTDIR=$TOP/testing}; export TESTDIR
DUMMY=${STESTDIR=$STOP/testing}
DUMMY=${SRVTCL=$TESTDIR/util/ovsec_kadm_srv_tcl}; export SRVTCL
DUMMY=${TCLUTIL=$STESTDIR/tcl/util.t}; export TCLUTIL
DUMMY=${LOCAL_MAKE_KEYTAB=$TESTDIR/scripts/make-host-keytab.pl}
PATH=$ADMIN:$BIN:$ETC:$SBIN:$PATH; export PATH
if [ ! -x $SRVTCL ]; then
echo "+++" 1>&2
echo "+++ Error! $SRVTCL does not exist!" 1>&2
echo "+++ It was probably not compiled because TCL was not available. If you" 1>&2
echo "+++ now have TCL installed, cd into that directory, re-run configure" 1>&2
echo "+++ with the --with-tcl option, and then re-run make." 1>&2
echo "+++" 1>&2
exit 1
fi
rm -rf $K5ROOT/*
if [ -d $K5ROOT ]; then
true
else
mkdir $K5ROOT
fi
# touch $K5ROOT/syslog
# for pid in `$PS_ALL | awk '/syslogd/ && !/awk/ {print $2}'` ; do
# case "$pid" in
# xxx) ;;
# *)
# if $VERBOSE; then $PS_PID$pid | grep -v COMMAND; fi
# kill -1 $pid
# ;;
# esac
# done
qualname=`$QUALNAME`
sed -e "s/__REALM__/$REALM/g" -e "s#__K5ROOT__#$K5ROOT#g" \
-e "s/__KDCHOST__/$qualname/g" \
-e "s/__LOCALHOST__/$qualname/g" \
< $STESTDIR/proto/krb5.conf.proto > $K5ROOT/krb5.conf
sed -e "s/__REALM__/$REALM/g" -e "s#__K5ROOT__#$K5ROOT#g" \
< $STESTDIR/proto/kdc.conf.proto > $K5ROOT/kdc.conf
eval kdb5_util -r $REALM create -P mrroot -s $REDIRECT
cp $STESTDIR/proto/ovsec_adm.dict $K5ROOT/ovsec_adm.dict
cat - > /tmp/init_db$$ <<\EOF
source $env(TCLUTIL)
set r $env(REALM)
if {[info exists env(USER)]} {
set whoami $env(USER)
} else {
set whoami [exec whoami]
}
set cmds {
{ovsec_kadm_init $env(SRVTCL) mrroot null $r $OVSEC_KADM_STRUCT_VERSION \
$OVSEC_KADM_API_VERSION_1 server_handle}
{ovsec_kadm_create_policy $server_handle "test-pol 0 10000 8 2 3 0" \
{OVSEC_KADM_POLICY OVSEC_KADM_PW_MIN_LENGTH OVSEC_KADM_PW_MIN_CLASSES OVSEC_KADM_PW_MAX_LIFE OVSEC_KADM_PW_HISTORY_NUM}}
{ovsec_kadm_create_policy $server_handle "once-a-min 30 0 0 0 0 0" \
{OVSEC_KADM_POLICY OVSEC_KADM_PW_MIN_LIFE}}
{ovsec_kadm_create_policy $server_handle "dict-only 0 0 0 0 0 0" \
{OVSEC_KADM_POLICY}}
{ovsec_kadm_create_policy $server_handle [simple_policy test-pol-nopw] \
{OVSEC_KADM_POLICY}}
{ovsec_kadm_create_principal $server_handle \
[simple_principal testuser@$r] {OVSEC_KADM_PRINCIPAL} notathena}
{ovsec_kadm_create_principal $server_handle \
[simple_principal test1@$r] {OVSEC_KADM_PRINCIPAL} test1}
{ovsec_kadm_create_principal $server_handle \
[simple_principal test2@$r] {OVSEC_KADM_PRINCIPAL} test2}
{ovsec_kadm_create_principal $server_handle \
[simple_principal test3@$r] {OVSEC_KADM_PRINCIPAL} test3}
{ovsec_kadm_create_principal $server_handle \
[simple_principal admin@$r] {OVSEC_KADM_PRINCIPAL} admin}
{ovsec_kadm_create_principal $server_handle \
[simple_principal admin/get@$r] {OVSEC_KADM_PRINCIPAL} admin}
{ovsec_kadm_create_principal $server_handle \
[simple_principal admin/modify@$r] {OVSEC_KADM_PRINCIPAL} admin}
{ovsec_kadm_create_principal $server_handle \
[simple_principal admin/delete@$r] {OVSEC_KADM_PRINCIPAL} admin}
{ovsec_kadm_create_principal $server_handle \
[simple_principal admin/add@$r] {OVSEC_KADM_PRINCIPAL} admin}
{ovsec_kadm_create_principal $server_handle \
[simple_principal admin/none@$r] {OVSEC_KADM_PRINCIPAL} admin}
{ovsec_kadm_create_principal $server_handle \
[simple_principal admin/rename@$r] {OVSEC_KADM_PRINCIPAL} admin}
{ovsec_kadm_create_principal $server_handle \
[simple_principal admin/mod-add@$r] {OVSEC_KADM_PRINCIPAL} admin}
{ovsec_kadm_create_principal $server_handle \
[simple_principal admin/mod-delete@$r] {OVSEC_KADM_PRINCIPAL} \
admin}
{ovsec_kadm_create_principal $server_handle \
[simple_principal admin/get-add@$r] {OVSEC_KADM_PRINCIPAL} admin}
{ovsec_kadm_create_principal $server_handle \
[simple_principal admin/get-delete@$r] {OVSEC_KADM_PRINCIPAL} \
admin}
{ovsec_kadm_create_principal $server_handle \
[simple_principal admin/get-mod@$r] {OVSEC_KADM_PRINCIPAL} admin}
{ovsec_kadm_create_principal $server_handle \
[simple_principal admin/no-add@$r] {OVSEC_KADM_PRINCIPAL} admin}
{ovsec_kadm_create_principal $server_handle \
[simple_principal admin/no-delete@$r] {OVSEC_KADM_PRINCIPAL} admin}
{ovsec_kadm_create_principal $server_handle \
[princ_w_pol pol1@$r test-pol] {OVSEC_KADM_PRINCIPAL \
OVSEC_KADM_POLICY} pol111111}
{ovsec_kadm_create_principal $server_handle \
[princ_w_pol pol2@$r once-a-min] {OVSEC_KADM_PRINCIPAL \
OVSEC_KADM_POLICY} pol222222}
{ovsec_kadm_create_principal $server_handle \
[princ_w_pol pol3@$r dict-only] {OVSEC_KADM_PRINCIPAL \
OVSEC_KADM_POLICY} pol333333}
{ovsec_kadm_create_principal $server_handle \
[princ_w_pol admin/get-pol@$r test-pol-nopw] \
{OVSEC_KADM_PRINCIPAL OVSEC_KADM_POLICY} StupidAdmin}
{ovsec_kadm_create_principal $server_handle \
[princ_w_pol admin/pol@$r test-pol-nopw] {OVSEC_KADM_PRINCIPAL \
OVSEC_KADM_POLICY} StupidAdmin}
{ovsec_kadm_create_principal $server_handle \
[simple_principal changepw/kerberos] \
{OVSEC_KADM_PRINCIPAL} {XXX THIS IS WRONG}}
{ovsec_kadm_create_principal $server_handle \
[simple_principal $whoami] \
{OVSEC_KADM_PRINCIPAL} $whoami}
{ovsec_kadm_destroy $server_handle}
}
foreach cmd $cmds {
if {[catch $cmd output]} {
puts stderr "Error! Command: $cmd\nError: $output"
exit 1
} else {
puts stdout $output
}
}
EOF
eval "$SRVTCL < /tmp/init_db$$ $REDIRECT"
rm /tmp/init_db$$
if [ $? -ne 0 ]; then
echo "Error in $SRVTCL!" 1>&2
exit 1
fi
cat > $K5ROOT/ovsec_adm.acl <<EOF
admin@$REALM admcil
admin/get@$REALM il
admin/modify@$REALM mc
admin/delete@$REALM d
admin/add@$REALM a
admin/get-pol@$REALM il
admin/rename@$REALM adil
admin/mod-add@$REALM amc
admin/mod-delete@$REALM mcd
admin/get-add@$REALM ail
admin/get-delete@$REALM ild
admin/get-mod@$REALM ilmc
admin/no-add@$REALM mcdil
admin/no-delete@$REALM amcil
changepw/kerberos@$REALM cil
EOF
eval $LOCAL_MAKE_KEYTAB -princ kadmin/admin -princ kadmin/changepw -princ ovsec_adm/admin -princ ovsec_adm/changepw $K5ROOT/ovsec_adm.srvtab $REDIRECT
# Create $K5ROOT/setup.csh to make it easy to run other programs against
# the test db
cat > $K5ROOT/setup.csh <<EOF
setenv KRB5_CONFIG $KRB5_CONFIG
setenv KRB5_KDC_PROFILE $KRB5_KDC_PROFILE
setenv KRB5_KTNAME $KRB5_KTNAME
$KRB5_RUN_ENV_CSH
EOF
|