mech_eap-0.9.2/0000755001755200017500000000000012406014773010277 500000000000000mech_eap-0.9.2/acinclude.m40000644001755200017500000003075112406014472012412 00000000000000dnl Based on the one from the Boinc project by Reinhard AC_DEFUN([AX_CHECK_WINDOWS], [AC_MSG_CHECKING(for windows) target_windows="no" AC_CHECK_HEADER(windows.h,[target_windows="yes"],[target_windows="no"]) AC_MSG_RESULT($target_windows) AM_CONDITIONAL(TARGET_WINDOWS,test "x$target_windows" = "xyes") ])dnl AC_DEFUN([AX_CHECK_KRB5], [AC_MSG_CHECKING(for GSS-API and Kerberos implementation) KRB5_DIR= found_krb5="no" AC_ARG_WITH(krb5, AC_HELP_STRING([--with-krb5], [Use krb5 (in specified installation directory)]), [check_krb5_dir="$withval"], [check_krb5_dir=]) for dir in $check_krb5_dir $prefix /usr/local /usr ; do krb5dir="$dir" if test -x "$dir/bin/krb5-config"; then found_krb5="yes"; if test "x$target_windows" = "xyes"; then KRB5_CFLAGS=-I"$check_krb5_dir/include"; KRB5_LDFLAGS="-L$check_krb5_dir/lib/"; KRB5_LIBS="-lkrb5_32 -lgssapi32"; COMPILE_ET="$check_krb5_dir/bin/compile_et"; AC_MSG_RESULT([yes]) else KRB5_CFLAGS=`$dir/bin/krb5-config gssapi --cflags`; KRB5_LDFLAGS="-L$dir/lib"; KRB5_LIBS=`$dir/bin/krb5-config gssapi --libs` AC_MSG_RESULT([yes]) AC_PATH_PROG(COMPILE_ET, [compile_et], [compile_et], [$dir/bin$PATH_SEPARATOr]) fi break; fi done if test x_$found_krb5 != x_yes; then AC_MSG_RESULT($found_krb5) AC_MSG_ERROR([ ---------------------------------------------------------------------- Cannot find GSS-API/Kerberos libraries. Please install MIT or Heimdal or specify installation directory with --with-krb5=(dir). ---------------------------------------------------------------------- ]) else printf "Kerberos found in $krb5dir\n"; AC_SUBST(KRB5_CFLAGS) AC_SUBST(KRB5_LDFLAGS) AC_SUBST(KRB5_LIBS) AC_SUBST(COMPILE_ET) AC_CHECK_LIB(krb5, GSS_C_NT_COMPOSITE_EXPORT, [AC_DEFINE_UNQUOTED([HAVE_GSS_C_NT_COMPOSITE_EXPORT], 1, [Define if GSS-API library supports recent naming extensions draft])], [], "$KRB5_LIBS") AC_CHECK_LIB(krb5, gss_inquire_attrs_for_mech, [AC_DEFINE_UNQUOTED([HAVE_GSS_INQUIRE_ATTRS_FOR_MECH], 1, [Define if GSS-API library supports RFC 5587])], [], "$KRB5_LIBS") AC_CHECK_LIB(krb5, gss_krb5_import_cred, [AC_DEFINE_UNQUOTED([HAVE_GSS_KRB5_IMPORT_CRED], 1, [Define if GSS-API library supports gss_krb5_import_cred])], [], "$KRB5_LIBS") AC_CHECK_LIB(krb5, heimdal_version, [AC_DEFINE_UNQUOTED([HAVE_HEIMDAL_VERSION], 1, [Define if building against Heimdal Kerberos implementation]), heimdal=yes], [heimdal=no], "$KRB5_LIBS") AM_CONDITIONAL(HEIMDAL, test "x$heimdal" != "xno") fi ])dnl AC_DEFUN([AX_CHECK_EAP], [AC_MSG_CHECKING(for EAP implementation) EAP_DIR= found_eap="no" AC_ARG_WITH(eap, AC_HELP_STRING([--with-eap], [Use eap (in specified installation directory)]), [check_eap_dir="$withval"], [check_eap_dir=]) for dir in $check_eap_dir $prefix /usr /usr/local ../libeap ; do eapdir="$dir" if test -f "$dir/src/eap_peer/eap.h"; then found_eap="yes"; EAP_DIR="${eapdir}" EAP_CFLAGS="-I$eapdir/src/common -I$eapdir/src -I$eapdir/src/utils"; break; fi done AC_MSG_RESULT($found_eap) if test x_$found_eap != x_yes; then AC_MSG_ERROR([ ---------------------------------------------------------------------- Cannot find EAP libraries. Please install wpa_supplicant or specify installation directory with --with-eap=(dir). ---------------------------------------------------------------------- ]) else printf "EAP found in $eapdir\n"; EAP_CFLAGS="$EAP_CFLAGS \ -DEAP_TLS \ -DEAP_PEAP \ -DEAP_TTLS \ -DEAP_MD5 \ -DEAP_MSCHAPv2 \ -DEAP_GTC \ -DEAP_OTP \ -DEAP_LEAP \ -DEAP_PSK \ -DEAP_PAX \ -DEAP_SAKE \ -DEAP_GPSK \ -DEAP_GPSK_SHA256 \ -DEAP_SERVER_IDENTITY \ -DEAP_SERVER_TLS \ -DEAP_SERVER_PEAP \ -DEAP_SERVER_TTLS \ -DEAP_SERVER_MD5 \ -DEAP_SERVER_MSCHAPV2 \ -DEAP_SERVER_GTC \ -DEAP_SERVER_PSK \ -DEAP_SERVER_PAX \ -DEAP_SERVER_SAKE \ -DEAP_SERVER_GPSK \ -DEAP_SERVER_GPSK_SHA256 \ -DIEEE8021X_EAPOL"; EAP_LIBS="-leap -lutils -lcrypto -ltls -lssl"; EAP_LDFLAGS="-L$eapdir/eap_example -L$eapdir/src/utils -L$eapdir/src/crypto -L$eapdir/src/tls"; AC_SUBST(EAP_CFLAGS) AC_SUBST(EAP_LDFLAGS) AC_SUBST(EAP_LIBS) fi ])dnl AC_DEFUN([AX_CHECK_SHIBSP], [AC_MSG_CHECKING(for Shibboleth implementation) SHIBSP_DIR= found_shibsp="no" AC_ARG_WITH(shibsp, AC_HELP_STRING([--with-shibsp], [Use shibspboleth (in specified installation directory)]), [check_shibsp_dir="$withval"], [check_shibsp_dir=]) for dir in $check_shibsp_dir $prefix /usr /usr/local ; do shibspdir="$dir" if test -f "$dir/include/shibsp/SPConfig.h"; then found_shibsp="yes"; SHIBSP_DIR="${shibspdir}" SHIBSP_CXXFLAGS="-I$shibspdir/include"; break; fi done AC_MSG_RESULT($found_shibsp) if test x_$found_shibsp != x_yes; then AC_MSG_ERROR([ ---------------------------------------------------------------------- Cannot find Shibboleth libraries. Please install Shibboleth or specify installation directory with --with-shibsp=(dir). ---------------------------------------------------------------------- ]) else printf "Shibboleth found in $shibspdir\n"; SHIBSP_LIBS="-lshibsp -lsaml -lxml-security-c -lxmltooling -lxerces-c"; SHIBSP_LDFLAGS="-L$shibspdir/lib"; AC_SUBST(SHIBSP_CXXFLAGS) AC_SUBST(SHIBSP_LDFLAGS) AC_SUBST(SHIBSP_LIBS) AC_DEFINE_UNQUOTED([HAVE_SHIBSP], 1, [Define is Shibboleth SP is available]) fi ])dnl AC_DEFUN([AX_CHECK_SHIBRESOLVER], [AC_MSG_CHECKING(for Shibboleth resolver implementation) SHIBRESOLVER_DIR= found_shibresolver="no" AC_ARG_WITH(shibresolver, AC_HELP_STRING([--with-shibresolver], [Use Shibboleth resolver (in specified installation directory)]), [check_shibresolver_dir="$withval"], [check_shibresolver_dir=]) if test x_$check_shibresolver_dir != x_no; then for dir in $check_shibresolver_dir $prefix /usr /usr/local ; do shibresolverdir="$dir" if test -f "$dir/include/shibresolver/resolver.h"; then found_shibresolver="yes"; SHIBRESOLVER_DIR="${shibresolverdir}" SHIBRESOLVER_CXXFLAGS="-I$shibresolverdir/include"; break; fi done fi AC_MSG_RESULT($found_shibresolver) if test x_$check_shibresolver_dir != x_no; then if test x_$found_shibresolver != x_yes; then AC_MSG_WARN([ ---------------------------------------------------------------------- Cannot find Shibboleth resolver libraries, building without Shibboleth support. Please install Shibboleth or specify installation directory with --with-shibresolver=(dir). ---------------------------------------------------------------------- ]) else printf "Shibboleth resolver found in $shibresolverdir\n"; SHIBRESOLVER_LIBS="-lshibresolver"; SHIBRESOLVER_LDFLAGS="-L$shibresolverdir/lib"; AC_SUBST(SHIBRESOLVER_CXXFLAGS) AC_SUBST(SHIBRESOLVER_LDFLAGS) AC_SUBST(SHIBRESOLVER_LIBS) AC_DEFINE_UNQUOTED([HAVE_SHIBRESOLVER], 1, [Define is Shibboleth resolver is available]) fi fi ])dnl AC_DEFUN([AX_CHECK_OPENSAML], [AC_MSG_CHECKING(for OpenSAML implementation) OPENSAML_DIR= found_opensaml="no" AC_ARG_WITH(opensaml, AC_HELP_STRING([--with-opensaml], [Use OpenSAML (in specified installation directory)]), [check_opensaml_dir="$withval"], [check_opensaml_dir=]) if test x_$check_opensaml_dir != x_no; then for dir in $check_opensaml_dir $prefix /usr /usr/local ; do opensamldir="$dir" if test -f "$dir/include/saml/Assertion.h"; then found_opensaml="yes"; OPENSAML_DIR="${opensamldir}" OPENSAML_CXXFLAGS="-I$opensamldir/include"; break; fi done fi AC_MSG_RESULT($found_opensaml) if test x_$check_opensaml_dir != x_no; then if test x_$found_opensaml != x_yes; then AC_MSG_WARN([ ---------------------------------------------------------------------- Cannot find OpenSAML libraries, building without OpenSAML support. Please install OpenSAML or specify installation directory with --with-opensaml=(dir). ---------------------------------------------------------------------- ]) else printf "OpenSAML found in $opensamldir\n"; OPENSAML_LIBS="-lsaml -lxml-security-c -lxmltooling -lxerces-c"; OPENSAML_LDFLAGS="-L$opensamldir/lib"; AC_SUBST(OPENSAML_CXXFLAGS) AC_SUBST(OPENSAML_LDFLAGS) AC_SUBST(OPENSAML_LIBS) AC_DEFINE_UNQUOTED([HAVE_OPENSAML], 1, [Define is OpenSAML is available]) fi fi ])dnl AC_DEFUN([AX_CHECK_OPENSSL], [AC_MSG_CHECKING(for OpenSSL) OPENSSL_DIR= found_openssl="no" AC_ARG_WITH(openssl, AC_HELP_STRING([--with-openssl], [Use OpenSSL (in specified installation directory)]), [check_openssl_dir="$withval"], [check_openssl_dir=]) for dir in $check_openssl_dir $prefix /usr /usr/local ; do openssldir="$dir" if test -f "$dir/include/openssl/opensslv.h"; then found_openssl="yes"; OPENSSL_DIR="${openssldir}" OPENSSL_CFLAGS="-I$openssldir/include"; break; fi done AC_MSG_RESULT($found_openssl) if test x_$found_openssl != x_yes; then AC_MSG_ERROR([ ---------------------------------------------------------------------- Cannot find OpenSSL libraries. Please install libssl or specify installation directory with --with-openssl=(dir). ---------------------------------------------------------------------- ]) else printf "OpenSSL found in $openssldir\n"; OPENSSL_LIBS="-lssl -lcrypto"; OPENSSL_LDFLAGS="-L$openssldir/lib"; AC_SUBST(OPENSSL_CFLAGS) AC_SUBST(OPENSSL_LDFLAGS) AC_SUBST(OPENSSL_LIBS) fi ])dnl AC_DEFUN([AX_CHECK_RADSEC], [AC_MSG_CHECKING(for radsec) RADSEC_DIR= found_radsec="no" AC_ARG_WITH(radsec, AC_HELP_STRING([--with-radsec], [Use radsec (in specified installation directory)]), [check_radsec_dir="$withval"], [check_radsec_dir=]) for dir in $check_radsec_dir $prefix /usr /usr/local ; do radsecdir="$dir" if test -f "$dir/include/radsec/radsec.h"; then found_radsec="yes"; RADSEC_DIR="${radsecdir}" RADSEC_CFLAGS="-I$radsecdir/include"; break; fi done AC_MSG_RESULT($found_radsec) if test x_$found_radsec != x_yes; then AC_MSG_ERROR([ ---------------------------------------------------------------------- Cannot find radsec libraries. Please install libradsec or specify installation directory with --with-radsec=(dir). ---------------------------------------------------------------------- ]) else printf "radsec found in $radsecdir\n"; RADSEC_LIBS="-lradsec"; RADSEC_LDFLAGS="-L$radsecdir/lib"; AC_SUBST(RADSEC_CFLAGS) AC_SUBST(RADSEC_LDFLAGS) AC_SUBST(RADSEC_LIBS) fi ])dnl AC_DEFUN([AX_CHECK_JANSSON], [AC_MSG_CHECKING(for jansson) JANSSON_DIR= found_jansson="no" AC_ARG_WITH(jansson, AC_HELP_STRING([--with-jansson], [Use jansson (in specified installation directory)]), [check_jansson_dir="$withval"], [check_jansson_dir=]) for dir in $check_jansson_dir $prefix /usr /usr/local ; do janssondir="$dir" if test -f "$dir/include/jansson.h"; then found_jansson="yes"; JANSSON_DIR="${janssondir}" JANSSON_CFLAGS="-I$janssondir/include"; break; fi done AC_MSG_RESULT($found_jansson) if test x_$found_jansson != x_yes; then AC_MSG_ERROR([ ---------------------------------------------------------------------- Cannot find jansson libraries. Please install libjansson or specify installation directory with --with-jansson=(dir). ---------------------------------------------------------------------- ]) else printf "jansson found in $janssondir\n"; JANSSON_LIBS="-ljansson"; JANSSON_LDFLAGS="-L$janssondir/lib"; AC_SUBST(JANSSON_CFLAGS) AC_SUBST(JANSSON_LDFLAGS) AC_SUBST(JANSSON_LIBS) fi ])dnl AC_DEFUN([AX_CHECK_LIBMOONSHOT], [AC_MSG_CHECKING(for Moonshot identity selector implementation) LIBMOONSHOT_DIR= LIBMOONSHOT_CFLAGS= LIBMOONSHOT_LDFLAGS= LIBMOONSHOT_LIBS= found_libmoonshot="no" AC_ARG_WITH(libmoonshot, AC_HELP_STRING([--with-libmoonshot], [Use libmoonshot (in specified installation directory)]), [check_libmoonshot_dir="$withval"], [check_libmoonshot_dir=]) for dir in $check_libmoonshot_dir $prefix /usr /usr/local ; do libmoonshotdir="$dir" if test -f "$dir/include/libmoonshot.h"; then found_libmoonshot="yes"; LIBMOONSHOT_DIR="${libmoonshotdir}" LIBMOONSHOT_CFLAGS="-I$libmoonshotdir/include"; break; fi done AC_MSG_RESULT($found_libmoonshot) if test x_$found_libmoonshot = x_yes; then printf "libmoonshot found in $libmoonshotdir\n"; LIBMOONSHOT_LIBS="-lmoonshot"; LIBMOONSHOT_LDFLAGS="-L$libmoonshot/lib"; AC_CHECK_LIB(moonshot, moonshot_get_identity, [AC_DEFINE_UNQUOTED([HAVE_MOONSHOT_GET_IDENTITY], 1, [Define if Moonshot identity selector is available])], [], "$LIBMOONSHOT_LIBS") fi AC_SUBST(LIBMOONSHOT_CFLAGS) AC_SUBST(LIBMOONSHOT_LDFLAGS) AC_SUBST(LIBMOONSHOT_LIBS) AM_CONDITIONAL(LIBMOONSHOT, test "x$found_libmoonshot" != "xno") ])dnl mech_eap-0.9.2/mech_eap.spec.in0000644001755200017500000000333612406014472013242 00000000000000%global _moonshot_krb5 %{!?_moonshot_krb5:krb5-devel}%{?_moonshot_krb5} Name: moonshot-gss-eap Version: @VERSION@ Release: 1%{?dist} Summary: Moonshot GSS-API Mechanism Group: Security Tools License: BSD URL: http://www.project-moonshot.org/ Source0: mech_eap-%{version}.tar.gz BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root BuildRequires: %{_moonshot_krb5} >= 1.9.1 BuildRequires: moonshot-ui-devel BuildRequires: jansson-devel Requires: moonshot-ui BuildRequires: libradsec-devel >= 0.0.3 BuildRequires: shibboleth-sp-devel >= 2.5 BuildRequires: libshibresolver-devel %description Project Moonshot provides federated access management. %prep %setup -q -n mech_eap-%{version} %build %configure --with-libmoonshot=%{_prefix} --with-krb5=%{_prefix} --enable-reauth LDFLAGs="${LDFLAGS} -L/opt/shibboleth/%{_lib} -Wl,--rpath=/opt/shibboleth/%{_lib}" CPPFLAGS="${CPPFLAGS} -I/opt/shibboleth/include" make %{?_smp_mflags} %install rm -rf $RPM_BUILD_ROOT make install DESTDIR=$RPM_BUILD_ROOT %clean rm -rf $RPM_BUILD_ROOT %post oid_aes128=1.3.6.1.5.5.15.1.1.17 oid_aes256=1.3.6.1.5.5.15.1.1.18 mechfile=%{_sysconfdir}/gss/mech mkdir -p %{_sysconfdir}/gss test -e $mechfile |touch $mechfile fgrep $oid_aes128 $mechfile ||echo eap-aes128 $oid_aes128 mech_eap.so >>$mechfile fgrep $oid_aes256 $mechfile ||echo eap-aes256 $oid_aes256 mech_eap.so >>$mechfile %files %defattr(-,root,root,-) %doc mech_eap/README %doc mech_eap/LICENSE %doc mech_eap/AUTHORS %{_libdir}/gss/mech_eap.so %exclude %{_libdir}/gss/mech_eap.la %{_includedir}/gssapi/*.h %exclude %{_libdir}/krb5/plugins/authdata/* #%{_libdir}/krb5/plugins/authdata/*.so %changelog * Wed Sep 28 2011 - @VERSION@-2 - Add radius_ad plugin mech_eap-0.9.2/Makefile.in0000644001755200017500000006412412406014764012273 00000000000000# Makefile.in generated by automake 1.14.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994-2013 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ VPATH = @srcdir@ am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ *) echo "am__make_running_with_option: internal error: invalid" \ "target option '$${target_option-}' specified" >&2; \ exit 1;; \ esac; \ has_opt=no; \ sane_makeflags=$$MAKEFLAGS; \ if $(am__is_gnu_make); then \ sane_makeflags=$$MFLAGS; \ else \ case $$MAKEFLAGS in \ *\\[\ \ ]*) \ bs=\\; \ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ esac; \ fi; \ skip_next=no; \ strip_trailopt () \ { \ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ }; \ for flg in $$sane_makeflags; do \ test $$skip_next = yes && { skip_next=no; continue; }; \ case $$flg in \ *=*|--*) continue;; \ -*I) strip_trailopt 'I'; skip_next=yes;; \ -*I?*) strip_trailopt 'I';; \ -*O) strip_trailopt 'O'; skip_next=yes;; \ -*O?*) strip_trailopt 'O';; \ -*l) strip_trailopt 'l'; skip_next=yes;; \ -*l?*) strip_trailopt 'l';; \ -[dEDm]) skip_next=yes;; \ -[JT]) skip_next=yes;; \ esac; \ case $$flg in \ *$$target_option*) has_opt=yes; break;; \ esac; \ done; \ test $$has_opt = yes am__make_dryrun = (target_option=n; $(am__make_running_with_option)) am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = . DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ $(top_srcdir)/configure $(am__configure_deps) \ $(srcdir)/config.h.in $(srcdir)/mech_eap.spec.in \ build-aux/compile build-aux/config.guess build-aux/config.sub \ build-aux/depcomp build-aux/install-sh build-aux/missing \ build-aux/ltmain.sh $(top_srcdir)/build-aux/compile \ $(top_srcdir)/build-aux/config.guess \ $(top_srcdir)/build-aux/config.sub \ $(top_srcdir)/build-aux/install-sh \ $(top_srcdir)/build-aux/ltmain.sh \ $(top_srcdir)/build-aux/missing ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ $(top_srcdir)/m4/minuso.m4 $(top_srcdir)/acinclude.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \ configure.lineno config.status.lineno mkinstalldirs = $(install_sh) -d CONFIG_HEADER = config.h CONFIG_CLEAN_FILES = mech_eap.spec CONFIG_CLEAN_VPATH_FILES = AM_V_P = $(am__v_P_@AM_V@) am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) am__v_P_0 = false am__v_P_1 = : AM_V_GEN = $(am__v_GEN_@AM_V@) am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) am__v_GEN_0 = @echo " GEN " $@; am__v_GEN_1 = AM_V_at = $(am__v_at_@AM_V@) am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) am__v_at_0 = @ am__v_at_1 = SOURCES = DIST_SOURCES = RECURSIVE_TARGETS = all-recursive check-recursive cscopelist-recursive \ ctags-recursive dvi-recursive html-recursive info-recursive \ install-data-recursive install-dvi-recursive \ install-exec-recursive install-html-recursive \ install-info-recursive install-pdf-recursive \ install-ps-recursive install-recursive installcheck-recursive \ installdirs-recursive pdf-recursive ps-recursive \ tags-recursive uninstall-recursive am__can_run_installinfo = \ case $$AM_UPDATE_INFO_DIR in \ n|no|NO) false;; \ *) (install-info --version) >/dev/null 2>&1;; \ esac RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ distclean-recursive maintainer-clean-recursive am__recursive_targets = \ $(RECURSIVE_TARGETS) \ $(RECURSIVE_CLEAN_TARGETS) \ $(am__extra_recursive_targets) AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \ cscope distdir dist dist-all distcheck am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) \ $(LISP)config.h.in # Read a list of newline-separated strings from the standard input, # and print each of them once, without duplicates. Input order is # *not* preserved. am__uniquify_input = $(AWK) '\ BEGIN { nonempty = 0; } \ { items[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in items) print i; }; } \ ' # Make sure the list of sources is unique. This is necessary because, # e.g., the same source file might be shared among _SOURCES variables # for different programs/libraries. am__define_uniq_tagged_files = \ list='$(am__tagged_files)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags CSCOPE = cscope DIST_SUBDIRS = $(SUBDIRS) DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) distdir = $(PACKAGE)-$(VERSION) top_distdir = $(distdir) am__remove_distdir = \ if test -d "$(distdir)"; then \ find "$(distdir)" -type d ! -perm -200 -exec chmod u+w {} ';' \ && rm -rf "$(distdir)" \ || { sleep 5 && rm -rf "$(distdir)"; }; \ else :; fi am__post_remove_distdir = $(am__remove_distdir) am__relativize = \ dir0=`pwd`; \ sed_first='s,^\([^/]*\)/.*$$,\1,'; \ sed_rest='s,^[^/]*/*,,'; \ sed_last='s,^.*/\([^/]*\)$$,\1,'; \ sed_butlast='s,/*[^/]*$$,,'; \ while test -n "$$dir1"; do \ first=`echo "$$dir1" | sed -e "$$sed_first"`; \ if test "$$first" != "."; then \ if test "$$first" = ".."; then \ dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \ dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \ else \ first2=`echo "$$dir2" | sed -e "$$sed_first"`; \ if test "$$first2" = "$$first"; then \ dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \ else \ dir2="../$$dir2"; \ fi; \ dir0="$$dir0"/"$$first"; \ fi; \ fi; \ dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \ done; \ reldir="$$dir2" DIST_ARCHIVES = $(distdir).tar.gz GZIP_ENV = --best DIST_TARGETS = dist-gzip distuninstallcheck_listfiles = find . -type f -print am__distuninstallcheck_listfiles = $(distuninstallcheck_listfiles) \ | sed 's|^\./|$(prefix)/|' | grep -v '$(infodir)/dir$$' distcleancheck_listfiles = find . -type f -print ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ AS = @AS@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ COMPILE_ET = @COMPILE_ET@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CXX = @CXX@ CXXCPP = @CXXCPP@ CXXDEPMODE = @CXXDEPMODE@ CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DLLTOOL = @DLLTOOL@ DSYMUTIL = @DSYMUTIL@ DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ JANSSON_CFLAGS = @JANSSON_CFLAGS@ JANSSON_LDFLAGS = @JANSSON_LDFLAGS@ JANSSON_LIBS = @JANSSON_LIBS@ KRB5_CFLAGS = @KRB5_CFLAGS@ KRB5_LDFLAGS = @KRB5_LDFLAGS@ KRB5_LIBS = @KRB5_LIBS@ LD = @LD@ LDFLAGS = @LDFLAGS@ LIBMOONSHOT_CFLAGS = @LIBMOONSHOT_CFLAGS@ LIBMOONSHOT_LDFLAGS = @LIBMOONSHOT_LDFLAGS@ LIBMOONSHOT_LIBS = @LIBMOONSHOT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ OPENSAML_CXXFLAGS = @OPENSAML_CXXFLAGS@ OPENSAML_LDFLAGS = @OPENSAML_LDFLAGS@ OPENSAML_LIBS = @OPENSAML_LIBS@ OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ OPENSSL_LDFLAGS = @OPENSSL_LDFLAGS@ OPENSSL_LIBS = @OPENSSL_LIBS@ OTOOL = @OTOOL@ OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ RADSEC_CFLAGS = @RADSEC_CFLAGS@ RADSEC_LDFLAGS = @RADSEC_LDFLAGS@ RADSEC_LIBS = @RADSEC_LIBS@ RANLIB = @RANLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ SHIBRESOLVER_CXXFLAGS = @SHIBRESOLVER_CXXFLAGS@ SHIBRESOLVER_LDFLAGS = @SHIBRESOLVER_LDFLAGS@ SHIBRESOLVER_LIBS = @SHIBRESOLVER_LIBS@ SHIBSP_CXXFLAGS = @SHIBSP_CXXFLAGS@ SHIBSP_LDFLAGS = @SHIBSP_LDFLAGS@ SHIBSP_LIBS = @SHIBSP_LIBS@ STRIP = @STRIP@ TARGET_CFLAGS = @TARGET_CFLAGS@ TARGET_LDFLAGS = @TARGET_LDFLAGS@ VERSION = @VERSION@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ ac_ct_CXX = @ac_ct_CXX@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ AUTOMAKE_OPTIONS = foreign ACLOCAL_AMFLAGS = -I m4 SUBDIRS = libeap mech_eap EXTRA_DIST = mech_eap.spec all: config.h $(MAKE) $(AM_MAKEFLAGS) all-recursive .SUFFIXES: am--refresh: Makefile @: $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ echo ' cd $(srcdir) && $(AUTOMAKE) --foreign'; \ $(am__cd) $(srcdir) && $(AUTOMAKE) --foreign \ && exit 0; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --foreign Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ echo ' $(SHELL) ./config.status'; \ $(SHELL) ./config.status;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) $(SHELL) ./config.status --recheck $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) $(am__cd) $(srcdir) && $(AUTOCONF) $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) $(am__cd) $(srcdir) && $(ACLOCAL) $(ACLOCAL_AMFLAGS) $(am__aclocal_m4_deps): config.h: stamp-h1 @test -f $@ || rm -f stamp-h1 @test -f $@ || $(MAKE) $(AM_MAKEFLAGS) stamp-h1 stamp-h1: $(srcdir)/config.h.in $(top_builddir)/config.status @rm -f stamp-h1 cd $(top_builddir) && $(SHELL) ./config.status config.h $(srcdir)/config.h.in: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) ($(am__cd) $(top_srcdir) && $(AUTOHEADER)) rm -f stamp-h1 touch $@ distclean-hdr: -rm -f config.h stamp-h1 mech_eap.spec: $(top_builddir)/config.status $(srcdir)/mech_eap.spec.in cd $(top_builddir) && $(SHELL) ./config.status $@ mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs distclean-libtool: -rm -f libtool config.lt # This directory's subdirectories are mostly independent; you can cd # into them and run 'make' without going through this Makefile. # To change the values of 'make' variables: instead of editing Makefiles, # (1) if the variable is set in 'config.status', edit 'config.status' # (which will cause the Makefiles to be regenerated when you run 'make'); # (2) otherwise, pass the desired values on the 'make' command line. $(am__recursive_targets): @fail=; \ if $(am__make_keepgoing); then \ failcom='fail=yes'; \ else \ failcom='exit 1'; \ fi; \ dot_seen=no; \ target=`echo $@ | sed s/-recursive//`; \ case "$@" in \ distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ *) list='$(SUBDIRS)' ;; \ esac; \ for subdir in $$list; do \ echo "Making $$target in $$subdir"; \ if test "$$subdir" = "."; then \ dot_seen=yes; \ local_target="$$target-am"; \ else \ local_target="$$target"; \ fi; \ ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ || eval $$failcom; \ done; \ if test "$$dot_seen" = "no"; then \ $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ fi; test -z "$$fail" ID: $(am__tagged_files) $(am__define_uniq_tagged_files); mkid -fID $$unique tags: tags-recursive TAGS: tags tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) set x; \ here=`pwd`; \ if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ include_option=--etags-include; \ empty_fix=.; \ else \ include_option=--include; \ empty_fix=; \ fi; \ list='$(SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ test ! -f $$subdir/TAGS || \ set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \ fi; \ done; \ $(am__define_uniq_tagged_files); \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: ctags-recursive CTAGS: ctags ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) $(am__define_uniq_tagged_files); \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" cscope: cscope.files test ! -s cscope.files \ || $(CSCOPE) -b -q $(AM_CSCOPEFLAGS) $(CSCOPEFLAGS) -i cscope.files $(CSCOPE_ARGS) clean-cscope: -rm -f cscope.files cscope.files: clean-cscope cscopelist cscopelist: cscopelist-recursive cscopelist-am: $(am__tagged_files) list='$(am__tagged_files)'; \ case "$(srcdir)" in \ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ *) sdir=$(subdir)/$(srcdir) ;; \ esac; \ for i in $$list; do \ if test -f "$$i"; then \ echo "$(subdir)/$$i"; \ else \ echo "$$sdir/$$i"; \ fi; \ done >> $(top_builddir)/cscope.files distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags -rm -f cscope.out cscope.in.out cscope.po.out cscope.files distdir: $(DISTFILES) $(am__remove_distdir) test -d "$(distdir)" || mkdir "$(distdir)" @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ $(am__make_dryrun) \ || test -d "$(distdir)/$$subdir" \ || $(MKDIR_P) "$(distdir)/$$subdir" \ || exit 1; \ dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ $(am__relativize); \ new_distdir=$$reldir; \ dir1=$$subdir; dir2="$(top_distdir)"; \ $(am__relativize); \ new_top_distdir=$$reldir; \ echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \ echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \ ($(am__cd) $$subdir && \ $(MAKE) $(AM_MAKEFLAGS) \ top_distdir="$$new_top_distdir" \ distdir="$$new_distdir" \ am__remove_distdir=: \ am__skip_length_check=: \ am__skip_mode_fix=: \ distdir) \ || exit 1; \ fi; \ done -test -n "$(am__skip_mode_fix)" \ || find "$(distdir)" -type d ! -perm -755 \ -exec chmod u+rwx,go+rx {} \; -o \ ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \ ! -type d ! -perm -400 -exec chmod a+r {} \; -o \ ! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \ || chmod -R a+r "$(distdir)" dist-gzip: distdir tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz $(am__post_remove_distdir) dist-bzip2: distdir tardir=$(distdir) && $(am__tar) | BZIP2=$${BZIP2--9} bzip2 -c >$(distdir).tar.bz2 $(am__post_remove_distdir) dist-lzip: distdir tardir=$(distdir) && $(am__tar) | lzip -c $${LZIP_OPT--9} >$(distdir).tar.lz $(am__post_remove_distdir) dist-xz: distdir tardir=$(distdir) && $(am__tar) | XZ_OPT=$${XZ_OPT--e} xz -c >$(distdir).tar.xz $(am__post_remove_distdir) dist-tarZ: distdir @echo WARNING: "Support for shar distribution archives is" \ "deprecated." >&2 @echo WARNING: "It will be removed altogether in Automake 2.0" >&2 tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z $(am__post_remove_distdir) dist-shar: distdir @echo WARNING: "Support for distribution archives compressed with" \ "legacy program 'compress' is deprecated." >&2 @echo WARNING: "It will be removed altogether in Automake 2.0" >&2 shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz $(am__post_remove_distdir) dist-zip: distdir -rm -f $(distdir).zip zip -rq $(distdir).zip $(distdir) $(am__post_remove_distdir) dist dist-all: $(MAKE) $(AM_MAKEFLAGS) $(DIST_TARGETS) am__post_remove_distdir='@:' $(am__post_remove_distdir) # This target untars the dist file and tries a VPATH configuration. Then # it guarantees that the distribution is self-contained by making another # tarfile. distcheck: dist case '$(DIST_ARCHIVES)' in \ *.tar.gz*) \ GZIP=$(GZIP_ENV) gzip -dc $(distdir).tar.gz | $(am__untar) ;;\ *.tar.bz2*) \ bzip2 -dc $(distdir).tar.bz2 | $(am__untar) ;;\ *.tar.lz*) \ lzip -dc $(distdir).tar.lz | $(am__untar) ;;\ *.tar.xz*) \ xz -dc $(distdir).tar.xz | $(am__untar) ;;\ *.tar.Z*) \ uncompress -c $(distdir).tar.Z | $(am__untar) ;;\ *.shar.gz*) \ GZIP=$(GZIP_ENV) gzip -dc $(distdir).shar.gz | unshar ;;\ *.zip*) \ unzip $(distdir).zip ;;\ esac chmod -R a-w $(distdir) chmod u+w $(distdir) mkdir $(distdir)/_build $(distdir)/_inst chmod a-w $(distdir) test -d $(distdir)/_build || exit 0; \ dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \ && dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \ && am__cwd=`pwd` \ && $(am__cd) $(distdir)/_build \ && ../configure \ $(AM_DISTCHECK_CONFIGURE_FLAGS) \ $(DISTCHECK_CONFIGURE_FLAGS) \ --srcdir=.. --prefix="$$dc_install_base" \ && $(MAKE) $(AM_MAKEFLAGS) \ && $(MAKE) $(AM_MAKEFLAGS) dvi \ && $(MAKE) $(AM_MAKEFLAGS) check \ && $(MAKE) $(AM_MAKEFLAGS) install \ && $(MAKE) $(AM_MAKEFLAGS) installcheck \ && $(MAKE) $(AM_MAKEFLAGS) uninstall \ && $(MAKE) $(AM_MAKEFLAGS) distuninstallcheck_dir="$$dc_install_base" \ distuninstallcheck \ && chmod -R a-w "$$dc_install_base" \ && ({ \ (cd ../.. && umask 077 && mkdir "$$dc_destdir") \ && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" install \ && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" uninstall \ && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" \ distuninstallcheck_dir="$$dc_destdir" distuninstallcheck; \ } || { rm -rf "$$dc_destdir"; exit 1; }) \ && rm -rf "$$dc_destdir" \ && $(MAKE) $(AM_MAKEFLAGS) dist \ && rm -rf $(DIST_ARCHIVES) \ && $(MAKE) $(AM_MAKEFLAGS) distcleancheck \ && cd "$$am__cwd" \ || exit 1 $(am__post_remove_distdir) @(echo "$(distdir) archives ready for distribution: "; \ list='$(DIST_ARCHIVES)'; for i in $$list; do echo $$i; done) | \ sed -e 1h -e 1s/./=/g -e 1p -e 1x -e '$$p' -e '$$x' distuninstallcheck: @test -n '$(distuninstallcheck_dir)' || { \ echo 'ERROR: trying to run $@ with an empty' \ '$$(distuninstallcheck_dir)' >&2; \ exit 1; \ }; \ $(am__cd) '$(distuninstallcheck_dir)' || { \ echo 'ERROR: cannot chdir into $(distuninstallcheck_dir)' >&2; \ exit 1; \ }; \ test `$(am__distuninstallcheck_listfiles) | wc -l` -eq 0 \ || { echo "ERROR: files left after uninstall:" ; \ if test -n "$(DESTDIR)"; then \ echo " (check DESTDIR support)"; \ fi ; \ $(distuninstallcheck_listfiles) ; \ exit 1; } >&2 distcleancheck: distclean @if test '$(srcdir)' = . ; then \ echo "ERROR: distcleancheck can only run from a VPATH build" ; \ exit 1 ; \ fi @test `$(distcleancheck_listfiles) | wc -l` -eq 0 \ || { echo "ERROR: files left in build directory after distclean:" ; \ $(distcleancheck_listfiles) ; \ exit 1; } >&2 check-am: all-am check: check-recursive all-am: Makefile config.h installdirs: installdirs-recursive installdirs-am: install: install-recursive install-exec: install-exec-recursive install-data: install-data-recursive uninstall: uninstall-recursive install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-recursive install-strip: if test -z '$(STRIP)'; then \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ install; \ else \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ fi mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-recursive clean-am: clean-generic clean-libtool mostlyclean-am distclean: distclean-recursive -rm -f $(am__CONFIG_DISTCLEAN_FILES) -rm -f Makefile distclean-am: clean-am distclean-generic distclean-hdr \ distclean-libtool distclean-tags dvi: dvi-recursive dvi-am: html: html-recursive html-am: info: info-recursive info-am: install-data-am: install-dvi: install-dvi-recursive install-dvi-am: install-exec-am: install-html: install-html-recursive install-html-am: install-info: install-info-recursive install-info-am: install-man: install-pdf: install-pdf-recursive install-pdf-am: install-ps: install-ps-recursive install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-recursive -rm -f $(am__CONFIG_DISTCLEAN_FILES) -rm -rf $(top_srcdir)/autom4te.cache -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-recursive mostlyclean-am: mostlyclean-generic mostlyclean-libtool pdf: pdf-recursive pdf-am: ps: ps-recursive ps-am: uninstall-am: .MAKE: $(am__recursive_targets) all install-am install-strip .PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am \ am--refresh check check-am clean clean-cscope clean-generic \ clean-libtool cscope cscopelist-am ctags ctags-am dist \ dist-all dist-bzip2 dist-gzip dist-lzip dist-shar dist-tarZ \ dist-xz dist-zip distcheck distclean distclean-generic \ distclean-hdr distclean-libtool distclean-tags distcleancheck \ distdir distuninstallcheck dvi dvi-am html html-am info \ info-am install install-am install-data install-data-am \ install-dvi install-dvi-am install-exec install-exec-am \ install-html install-html-am install-info install-info-am \ install-man install-pdf install-pdf-am install-ps \ install-ps-am install-strip installcheck installcheck-am \ installdirs installdirs-am maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-generic \ mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: mech_eap-0.9.2/configure.ac0000644001755200017500000000470712406014472012511 00000000000000AC_PREREQ([2.61]) AC_INIT([mech_eap], [0.9.2], [bugs@project-moonshot.org]) AC_CONFIG_MACRO_DIR([m4]) AC_CONFIG_AUX_DIR([build-aux]) dnl AM_INIT_AUTOMAKE([silent-rules]) AC_USE_SYSTEM_EXTENSIONS AM_INIT_AUTOMAKE AM_PROG_CC_C_O AM_MAINTAINER_MODE() LT_PREREQ([2.2]) LT_INIT([dlopen disable-static win32-dll]) dnl AC_PROG_CC AC_PROG_CXX AC_CONFIG_HEADERS([config.h]) AC_CHECK_HEADERS(stdarg.h stdio.h stdint.h sys/param.h) AC_REPLACE_FUNCS(vasprintf) dnl Check if we're on Solaris and set CFLAGS accordingly dnl AC_CANONICAL_TARGET dnl case "${target_os}" in dnl solaris*) dnl TARGET_CFLAGS="-DSYS_SOLARIS9 -D_POSIX_PTHREAD_SEMANTICS" dnl if test "$GCC" != yes ; then dnl TARGET_CFLAGS="$TARGET_CFLAGS -mt" dnl else dnl TARGET_CFLAGS="$TARGET_CFLAGS -pthreads" dnl fi dnl TARGET_LDFLAGS="-lpthread -lsocket -lnsl" dnl ;; dnl *) dnl TARGET_CFLAGS="-Wall -pedantic -pthread" dnl TARGET_LDFLAGS="" dnl esac reauth=no AC_ARG_ENABLE(reauth, [ --enable-reauth whether to enable fast reauthentication protocol: yes/no; default no ], [ if test "x$enableval" = "xyes" -o "x$enableval" = "xno" ; then reauth=$enableval else echo "--enable-reauth argument must be yes or no" exit -1 fi ]) if test "x$reauth" = "xyes" ; then echo "Fast reauthentication protocol enabled" TARGET_CFLAGS="$TARGET_CFLAGS -DGSSEAP_ENABLE_REAUTH" fi AM_CONDITIONAL(GSSEAP_ENABLE_REAUTH, test "x$reauth" != "xno") acceptor=yes AC_ARG_ENABLE(acceptor, [ --enable-acceptor whether to enable acceptor codepaths: yes/no; default yes ], [ if test "x$enableval" = "xyes" -o "x$enableval" = "xno" ; then acceptor=$enableval else echo "--enable-acceptor argument must be yes or no" exit -1 fi ]) if test "x$acceptor" = "xyes" ; then echo "acceptor enabled" TARGET_CFLAGS="$TARGET_CFLAGS -DGSSEAP_ENABLE_ACCEPTOR" fi AM_CONDITIONAL(GSSEAP_ENABLE_ACCEPTOR, test "x$acceptor" != "xno") AC_SUBST(TARGET_CFLAGS) AC_SUBST(TARGET_LDFLAGS) AX_CHECK_WINDOWS AX_CHECK_KRB5 AX_CHECK_OPENSAML AM_CONDITIONAL(OPENSAML, test "x_$check_opensaml_dir" != "x_no") AX_CHECK_SHIBRESOLVER AM_CONDITIONAL(SHIBRESOLVER, test "x_$check_shibresolver_dir" != "x_no") if test x_$found_shibresolver = x_yes; then AX_CHECK_SHIBSP fi AX_CHECK_OPENSSL if test "x$acceptor" = "xyes" ; then AX_CHECK_RADSEC AX_CHECK_JANSSON fi AX_CHECK_LIBMOONSHOT AC_CONFIG_FILES([Makefile libeap/Makefile mech_eap/Makefile mech_eap.spec]) AC_OUTPUT mech_eap-0.9.2/m4/0000755001755200017500000000000012406014773010617 500000000000000mech_eap-0.9.2/m4/ltversion.m40000644001755200017500000000126212406014640013020 00000000000000# ltversion.m4 -- version numbers -*- Autoconf -*- # # Copyright (C) 2004 Free Software Foundation, Inc. # Written by Scott James Remnant, 2004 # # This file is free software; the Free Software Foundation gives # unlimited permission to copy and/or distribute it, with or without # modifications, as long as this notice is preserved. # @configure_input@ # serial 3337 ltversion.m4 # This file is part of GNU Libtool m4_define([LT_PACKAGE_VERSION], [2.4.2]) m4_define([LT_PACKAGE_REVISION], [1.3337]) AC_DEFUN([LTVERSION_VERSION], [macro_version='2.4.2' macro_revision='1.3337' _LT_DECL(, macro_version, 0, [Which release of libtool.m4 was used?]) _LT_DECL(, macro_revision, 0) ]) mech_eap-0.9.2/m4/libtool.m40000644001755200017500000106011112406014640012436 00000000000000# libtool.m4 - Configure libtool for the host system. -*-Autoconf-*- # # Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, # 2006, 2007, 2008, 2009, 2010, 2011 Free Software # Foundation, Inc. # Written by Gordon Matzigkeit, 1996 # # This file is free software; the Free Software Foundation gives # unlimited permission to copy and/or distribute it, with or without # modifications, as long as this notice is preserved. m4_define([_LT_COPYING], [dnl # Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, # 2006, 2007, 2008, 2009, 2010, 2011 Free Software # Foundation, Inc. # Written by Gordon Matzigkeit, 1996 # # This file is part of GNU Libtool. # # GNU Libtool is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License as # published by the Free Software Foundation; either version 2 of # the License, or (at your option) any later version. # # As a special exception to the GNU General Public License, # if you distribute this file as part of a program or library that # is built using GNU Libtool, you may include this file under the # same distribution terms that you use for the rest of that program. # # GNU Libtool is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with GNU Libtool; see the file COPYING. If not, a copy # can be downloaded from http://www.gnu.org/licenses/gpl.html, or # obtained by writing to the Free Software Foundation, Inc., # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. ]) # serial 57 LT_INIT # LT_PREREQ(VERSION) # ------------------ # Complain and exit if this libtool version is less that VERSION. m4_defun([LT_PREREQ], [m4_if(m4_version_compare(m4_defn([LT_PACKAGE_VERSION]), [$1]), -1, [m4_default([$3], [m4_fatal([Libtool version $1 or higher is required], 63)])], [$2])]) # _LT_CHECK_BUILDDIR # ------------------ # Complain if the absolute build directory name contains unusual characters m4_defun([_LT_CHECK_BUILDDIR], [case `pwd` in *\ * | *\ *) AC_MSG_WARN([Libtool does not cope well with whitespace in `pwd`]) ;; esac ]) # LT_INIT([OPTIONS]) # ------------------ AC_DEFUN([LT_INIT], [AC_PREREQ([2.58])dnl We use AC_INCLUDES_DEFAULT AC_REQUIRE([AC_CONFIG_AUX_DIR_DEFAULT])dnl AC_BEFORE([$0], [LT_LANG])dnl AC_BEFORE([$0], [LT_OUTPUT])dnl AC_BEFORE([$0], [LTDL_INIT])dnl m4_require([_LT_CHECK_BUILDDIR])dnl dnl Autoconf doesn't catch unexpanded LT_ macros by default: m4_pattern_forbid([^_?LT_[A-Z_]+$])dnl m4_pattern_allow([^(_LT_EOF|LT_DLGLOBAL|LT_DLLAZY_OR_NOW|LT_MULTI_MODULE)$])dnl dnl aclocal doesn't pull ltoptions.m4, ltsugar.m4, or ltversion.m4 dnl unless we require an AC_DEFUNed macro: AC_REQUIRE([LTOPTIONS_VERSION])dnl AC_REQUIRE([LTSUGAR_VERSION])dnl AC_REQUIRE([LTVERSION_VERSION])dnl AC_REQUIRE([LTOBSOLETE_VERSION])dnl m4_require([_LT_PROG_LTMAIN])dnl _LT_SHELL_INIT([SHELL=${CONFIG_SHELL-/bin/sh}]) dnl Parse OPTIONS _LT_SET_OPTIONS([$0], [$1]) # This can be used to rebuild libtool when needed LIBTOOL_DEPS="$ltmain" # Always use our own libtool. LIBTOOL='$(SHELL) $(top_builddir)/libtool' AC_SUBST(LIBTOOL)dnl _LT_SETUP # Only expand once: m4_define([LT_INIT]) ])# LT_INIT # Old names: AU_ALIAS([AC_PROG_LIBTOOL], [LT_INIT]) AU_ALIAS([AM_PROG_LIBTOOL], [LT_INIT]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([AC_PROG_LIBTOOL], []) dnl AC_DEFUN([AM_PROG_LIBTOOL], []) # _LT_CC_BASENAME(CC) # ------------------- # Calculate cc_basename. Skip known compiler wrappers and cross-prefix. m4_defun([_LT_CC_BASENAME], [for cc_temp in $1""; do case $cc_temp in compile | *[[\\/]]compile | ccache | *[[\\/]]ccache ) ;; distcc | *[[\\/]]distcc | purify | *[[\\/]]purify ) ;; \-*) ;; *) break;; esac done cc_basename=`$ECHO "$cc_temp" | $SED "s%.*/%%; s%^$host_alias-%%"` ]) # _LT_FILEUTILS_DEFAULTS # ---------------------- # It is okay to use these file commands and assume they have been set # sensibly after `m4_require([_LT_FILEUTILS_DEFAULTS])'. m4_defun([_LT_FILEUTILS_DEFAULTS], [: ${CP="cp -f"} : ${MV="mv -f"} : ${RM="rm -f"} ])# _LT_FILEUTILS_DEFAULTS # _LT_SETUP # --------- m4_defun([_LT_SETUP], [AC_REQUIRE([AC_CANONICAL_HOST])dnl AC_REQUIRE([AC_CANONICAL_BUILD])dnl AC_REQUIRE([_LT_PREPARE_SED_QUOTE_VARS])dnl AC_REQUIRE([_LT_PROG_ECHO_BACKSLASH])dnl _LT_DECL([], [PATH_SEPARATOR], [1], [The PATH separator for the build system])dnl dnl _LT_DECL([], [host_alias], [0], [The host system])dnl _LT_DECL([], [host], [0])dnl _LT_DECL([], [host_os], [0])dnl dnl _LT_DECL([], [build_alias], [0], [The build system])dnl _LT_DECL([], [build], [0])dnl _LT_DECL([], [build_os], [0])dnl dnl AC_REQUIRE([AC_PROG_CC])dnl AC_REQUIRE([LT_PATH_LD])dnl AC_REQUIRE([LT_PATH_NM])dnl dnl AC_REQUIRE([AC_PROG_LN_S])dnl test -z "$LN_S" && LN_S="ln -s" _LT_DECL([], [LN_S], [1], [Whether we need soft or hard links])dnl dnl AC_REQUIRE([LT_CMD_MAX_LEN])dnl _LT_DECL([objext], [ac_objext], [0], [Object file suffix (normally "o")])dnl _LT_DECL([], [exeext], [0], [Executable file suffix (normally "")])dnl dnl m4_require([_LT_FILEUTILS_DEFAULTS])dnl m4_require([_LT_CHECK_SHELL_FEATURES])dnl m4_require([_LT_PATH_CONVERSION_FUNCTIONS])dnl m4_require([_LT_CMD_RELOAD])dnl m4_require([_LT_CHECK_MAGIC_METHOD])dnl m4_require([_LT_CHECK_SHAREDLIB_FROM_LINKLIB])dnl m4_require([_LT_CMD_OLD_ARCHIVE])dnl m4_require([_LT_CMD_GLOBAL_SYMBOLS])dnl m4_require([_LT_WITH_SYSROOT])dnl _LT_CONFIG_LIBTOOL_INIT([ # See if we are running on zsh, and set the options which allow our # commands through without removal of \ escapes INIT. if test -n "\${ZSH_VERSION+set}" ; then setopt NO_GLOB_SUBST fi ]) if test -n "${ZSH_VERSION+set}" ; then setopt NO_GLOB_SUBST fi _LT_CHECK_OBJDIR m4_require([_LT_TAG_COMPILER])dnl case $host_os in aix3*) # AIX sometimes has problems with the GCC collect2 program. For some # reason, if we set the COLLECT_NAMES environment variable, the problems # vanish in a puff of smoke. if test "X${COLLECT_NAMES+set}" != Xset; then COLLECT_NAMES= export COLLECT_NAMES fi ;; esac # Global variables: ofile=libtool can_build_shared=yes # All known linkers require a `.a' archive for static linking (except MSVC, # which needs '.lib'). libext=a with_gnu_ld="$lt_cv_prog_gnu_ld" old_CC="$CC" old_CFLAGS="$CFLAGS" # Set sane defaults for various variables test -z "$CC" && CC=cc test -z "$LTCC" && LTCC=$CC test -z "$LTCFLAGS" && LTCFLAGS=$CFLAGS test -z "$LD" && LD=ld test -z "$ac_objext" && ac_objext=o _LT_CC_BASENAME([$compiler]) # Only perform the check for file, if the check method requires it test -z "$MAGIC_CMD" && MAGIC_CMD=file case $deplibs_check_method in file_magic*) if test "$file_magic_cmd" = '$MAGIC_CMD'; then _LT_PATH_MAGIC fi ;; esac # Use C for the default configuration in the libtool script LT_SUPPORTED_TAG([CC]) _LT_LANG_C_CONFIG _LT_LANG_DEFAULT_CONFIG _LT_CONFIG_COMMANDS ])# _LT_SETUP # _LT_PREPARE_SED_QUOTE_VARS # -------------------------- # Define a few sed substitution that help us do robust quoting. m4_defun([_LT_PREPARE_SED_QUOTE_VARS], [# Backslashify metacharacters that are still active within # double-quoted strings. sed_quote_subst='s/\([["`$\\]]\)/\\\1/g' # Same as above, but do not quote variable references. double_quote_subst='s/\([["`\\]]\)/\\\1/g' # Sed substitution to delay expansion of an escaped shell variable in a # double_quote_subst'ed string. delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g' # Sed substitution to delay expansion of an escaped single quote. delay_single_quote_subst='s/'\''/'\'\\\\\\\'\''/g' # Sed substitution to avoid accidental globbing in evaled expressions no_glob_subst='s/\*/\\\*/g' ]) # _LT_PROG_LTMAIN # --------------- # Note that this code is called both from `configure', and `config.status' # now that we use AC_CONFIG_COMMANDS to generate libtool. Notably, # `config.status' has no value for ac_aux_dir unless we are using Automake, # so we pass a copy along to make sure it has a sensible value anyway. m4_defun([_LT_PROG_LTMAIN], [m4_ifdef([AC_REQUIRE_AUX_FILE], [AC_REQUIRE_AUX_FILE([ltmain.sh])])dnl _LT_CONFIG_LIBTOOL_INIT([ac_aux_dir='$ac_aux_dir']) ltmain="$ac_aux_dir/ltmain.sh" ])# _LT_PROG_LTMAIN ## ------------------------------------- ## ## Accumulate code for creating libtool. ## ## ------------------------------------- ## # So that we can recreate a full libtool script including additional # tags, we accumulate the chunks of code to send to AC_CONFIG_COMMANDS # in macros and then make a single call at the end using the `libtool' # label. # _LT_CONFIG_LIBTOOL_INIT([INIT-COMMANDS]) # ---------------------------------------- # Register INIT-COMMANDS to be passed to AC_CONFIG_COMMANDS later. m4_define([_LT_CONFIG_LIBTOOL_INIT], [m4_ifval([$1], [m4_append([_LT_OUTPUT_LIBTOOL_INIT], [$1 ])])]) # Initialize. m4_define([_LT_OUTPUT_LIBTOOL_INIT]) # _LT_CONFIG_LIBTOOL([COMMANDS]) # ------------------------------ # Register COMMANDS to be passed to AC_CONFIG_COMMANDS later. m4_define([_LT_CONFIG_LIBTOOL], [m4_ifval([$1], [m4_append([_LT_OUTPUT_LIBTOOL_COMMANDS], [$1 ])])]) # Initialize. m4_define([_LT_OUTPUT_LIBTOOL_COMMANDS]) # _LT_CONFIG_SAVE_COMMANDS([COMMANDS], [INIT_COMMANDS]) # ----------------------------------------------------- m4_defun([_LT_CONFIG_SAVE_COMMANDS], [_LT_CONFIG_LIBTOOL([$1]) _LT_CONFIG_LIBTOOL_INIT([$2]) ]) # _LT_FORMAT_COMMENT([COMMENT]) # ----------------------------- # Add leading comment marks to the start of each line, and a trailing # full-stop to the whole comment if one is not present already. m4_define([_LT_FORMAT_COMMENT], [m4_ifval([$1], [ m4_bpatsubst([m4_bpatsubst([$1], [^ *], [# ])], [['`$\]], [\\\&])]m4_bmatch([$1], [[!?.]$], [], [.]) )]) ## ------------------------ ## ## FIXME: Eliminate VARNAME ## ## ------------------------ ## # _LT_DECL([CONFIGNAME], VARNAME, VALUE, [DESCRIPTION], [IS-TAGGED?]) # ------------------------------------------------------------------- # CONFIGNAME is the name given to the value in the libtool script. # VARNAME is the (base) name used in the configure script. # VALUE may be 0, 1 or 2 for a computed quote escaped value based on # VARNAME. Any other value will be used directly. m4_define([_LT_DECL], [lt_if_append_uniq([lt_decl_varnames], [$2], [, ], [lt_dict_add_subkey([lt_decl_dict], [$2], [libtool_name], [m4_ifval([$1], [$1], [$2])]) lt_dict_add_subkey([lt_decl_dict], [$2], [value], [$3]) m4_ifval([$4], [lt_dict_add_subkey([lt_decl_dict], [$2], [description], [$4])]) lt_dict_add_subkey([lt_decl_dict], [$2], [tagged?], [m4_ifval([$5], [yes], [no])])]) ]) # _LT_TAGDECL([CONFIGNAME], VARNAME, VALUE, [DESCRIPTION]) # -------------------------------------------------------- m4_define([_LT_TAGDECL], [_LT_DECL([$1], [$2], [$3], [$4], [yes])]) # lt_decl_tag_varnames([SEPARATOR], [VARNAME1...]) # ------------------------------------------------ m4_define([lt_decl_tag_varnames], [_lt_decl_filter([tagged?], [yes], $@)]) # _lt_decl_filter(SUBKEY, VALUE, [SEPARATOR], [VARNAME1..]) # --------------------------------------------------------- m4_define([_lt_decl_filter], [m4_case([$#], [0], [m4_fatal([$0: too few arguments: $#])], [1], [m4_fatal([$0: too few arguments: $#: $1])], [2], [lt_dict_filter([lt_decl_dict], [$1], [$2], [], lt_decl_varnames)], [3], [lt_dict_filter([lt_decl_dict], [$1], [$2], [$3], lt_decl_varnames)], [lt_dict_filter([lt_decl_dict], $@)])[]dnl ]) # lt_decl_quote_varnames([SEPARATOR], [VARNAME1...]) # -------------------------------------------------- m4_define([lt_decl_quote_varnames], [_lt_decl_filter([value], [1], $@)]) # lt_decl_dquote_varnames([SEPARATOR], [VARNAME1...]) # --------------------------------------------------- m4_define([lt_decl_dquote_varnames], [_lt_decl_filter([value], [2], $@)]) # lt_decl_varnames_tagged([SEPARATOR], [VARNAME1...]) # --------------------------------------------------- m4_define([lt_decl_varnames_tagged], [m4_assert([$# <= 2])dnl _$0(m4_quote(m4_default([$1], [[, ]])), m4_ifval([$2], [[$2]], [m4_dquote(lt_decl_tag_varnames)]), m4_split(m4_normalize(m4_quote(_LT_TAGS)), [ ]))]) m4_define([_lt_decl_varnames_tagged], [m4_ifval([$3], [lt_combine([$1], [$2], [_], $3)])]) # lt_decl_all_varnames([SEPARATOR], [VARNAME1...]) # ------------------------------------------------ m4_define([lt_decl_all_varnames], [_$0(m4_quote(m4_default([$1], [[, ]])), m4_if([$2], [], m4_quote(lt_decl_varnames), m4_quote(m4_shift($@))))[]dnl ]) m4_define([_lt_decl_all_varnames], [lt_join($@, lt_decl_varnames_tagged([$1], lt_decl_tag_varnames([[, ]], m4_shift($@))))dnl ]) # _LT_CONFIG_STATUS_DECLARE([VARNAME]) # ------------------------------------ # Quote a variable value, and forward it to `config.status' so that its # declaration there will have the same value as in `configure'. VARNAME # must have a single quote delimited value for this to work. m4_define([_LT_CONFIG_STATUS_DECLARE], [$1='`$ECHO "$][$1" | $SED "$delay_single_quote_subst"`']) # _LT_CONFIG_STATUS_DECLARATIONS # ------------------------------ # We delimit libtool config variables with single quotes, so when # we write them to config.status, we have to be sure to quote all # embedded single quotes properly. In configure, this macro expands # each variable declared with _LT_DECL (and _LT_TAGDECL) into: # # ='`$ECHO "$" | $SED "$delay_single_quote_subst"`' m4_defun([_LT_CONFIG_STATUS_DECLARATIONS], [m4_foreach([_lt_var], m4_quote(lt_decl_all_varnames), [m4_n([_LT_CONFIG_STATUS_DECLARE(_lt_var)])])]) # _LT_LIBTOOL_TAGS # ---------------- # Output comment and list of tags supported by the script m4_defun([_LT_LIBTOOL_TAGS], [_LT_FORMAT_COMMENT([The names of the tagged configurations supported by this script])dnl available_tags="_LT_TAGS"dnl ]) # _LT_LIBTOOL_DECLARE(VARNAME, [TAG]) # ----------------------------------- # Extract the dictionary values for VARNAME (optionally with TAG) and # expand to a commented shell variable setting: # # # Some comment about what VAR is for. # visible_name=$lt_internal_name m4_define([_LT_LIBTOOL_DECLARE], [_LT_FORMAT_COMMENT(m4_quote(lt_dict_fetch([lt_decl_dict], [$1], [description])))[]dnl m4_pushdef([_libtool_name], m4_quote(lt_dict_fetch([lt_decl_dict], [$1], [libtool_name])))[]dnl m4_case(m4_quote(lt_dict_fetch([lt_decl_dict], [$1], [value])), [0], [_libtool_name=[$]$1], [1], [_libtool_name=$lt_[]$1], [2], [_libtool_name=$lt_[]$1], [_libtool_name=lt_dict_fetch([lt_decl_dict], [$1], [value])])[]dnl m4_ifval([$2], [_$2])[]m4_popdef([_libtool_name])[]dnl ]) # _LT_LIBTOOL_CONFIG_VARS # ----------------------- # Produce commented declarations of non-tagged libtool config variables # suitable for insertion in the LIBTOOL CONFIG section of the `libtool' # script. Tagged libtool config variables (even for the LIBTOOL CONFIG # section) are produced by _LT_LIBTOOL_TAG_VARS. m4_defun([_LT_LIBTOOL_CONFIG_VARS], [m4_foreach([_lt_var], m4_quote(_lt_decl_filter([tagged?], [no], [], lt_decl_varnames)), [m4_n([_LT_LIBTOOL_DECLARE(_lt_var)])])]) # _LT_LIBTOOL_TAG_VARS(TAG) # ------------------------- m4_define([_LT_LIBTOOL_TAG_VARS], [m4_foreach([_lt_var], m4_quote(lt_decl_tag_varnames), [m4_n([_LT_LIBTOOL_DECLARE(_lt_var, [$1])])])]) # _LT_TAGVAR(VARNAME, [TAGNAME]) # ------------------------------ m4_define([_LT_TAGVAR], [m4_ifval([$2], [$1_$2], [$1])]) # _LT_CONFIG_COMMANDS # ------------------- # Send accumulated output to $CONFIG_STATUS. Thanks to the lists of # variables for single and double quote escaping we saved from calls # to _LT_DECL, we can put quote escaped variables declarations # into `config.status', and then the shell code to quote escape them in # for loops in `config.status'. Finally, any additional code accumulated # from calls to _LT_CONFIG_LIBTOOL_INIT is expanded. m4_defun([_LT_CONFIG_COMMANDS], [AC_PROVIDE_IFELSE([LT_OUTPUT], dnl If the libtool generation code has been placed in $CONFIG_LT, dnl instead of duplicating it all over again into config.status, dnl then we will have config.status run $CONFIG_LT later, so it dnl needs to know what name is stored there: [AC_CONFIG_COMMANDS([libtool], [$SHELL $CONFIG_LT || AS_EXIT(1)], [CONFIG_LT='$CONFIG_LT'])], dnl If the libtool generation code is destined for config.status, dnl expand the accumulated commands and init code now: [AC_CONFIG_COMMANDS([libtool], [_LT_OUTPUT_LIBTOOL_COMMANDS], [_LT_OUTPUT_LIBTOOL_COMMANDS_INIT])]) ])#_LT_CONFIG_COMMANDS # Initialize. m4_define([_LT_OUTPUT_LIBTOOL_COMMANDS_INIT], [ # The HP-UX ksh and POSIX shell print the target directory to stdout # if CDPATH is set. (unset CDPATH) >/dev/null 2>&1 && unset CDPATH sed_quote_subst='$sed_quote_subst' double_quote_subst='$double_quote_subst' delay_variable_subst='$delay_variable_subst' _LT_CONFIG_STATUS_DECLARATIONS LTCC='$LTCC' LTCFLAGS='$LTCFLAGS' compiler='$compiler_DEFAULT' # A function that is used when there is no print builtin or printf. func_fallback_echo () { eval 'cat <<_LTECHO_EOF \$[]1 _LTECHO_EOF' } # Quote evaled strings. for var in lt_decl_all_varnames([[ \ ]], lt_decl_quote_varnames); do case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in *[[\\\\\\\`\\"\\\$]]*) eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED \\"\\\$sed_quote_subst\\"\\\`\\\\\\"" ;; *) eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\"" ;; esac done # Double-quote double-evaled strings. for var in lt_decl_all_varnames([[ \ ]], lt_decl_dquote_varnames); do case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in *[[\\\\\\\`\\"\\\$]]*) eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED -e \\"\\\$double_quote_subst\\" -e \\"\\\$sed_quote_subst\\" -e \\"\\\$delay_variable_subst\\"\\\`\\\\\\"" ;; *) eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\"" ;; esac done _LT_OUTPUT_LIBTOOL_INIT ]) # _LT_GENERATED_FILE_INIT(FILE, [COMMENT]) # ------------------------------------ # Generate a child script FILE with all initialization necessary to # reuse the environment learned by the parent script, and make the # file executable. If COMMENT is supplied, it is inserted after the # `#!' sequence but before initialization text begins. After this # macro, additional text can be appended to FILE to form the body of # the child script. The macro ends with non-zero status if the # file could not be fully written (such as if the disk is full). m4_ifdef([AS_INIT_GENERATED], [m4_defun([_LT_GENERATED_FILE_INIT],[AS_INIT_GENERATED($@)])], [m4_defun([_LT_GENERATED_FILE_INIT], [m4_require([AS_PREPARE])]dnl [m4_pushdef([AS_MESSAGE_LOG_FD])]dnl [lt_write_fail=0 cat >$1 <<_ASEOF || lt_write_fail=1 #! $SHELL # Generated by $as_me. $2 SHELL=\${CONFIG_SHELL-$SHELL} export SHELL _ASEOF cat >>$1 <<\_ASEOF || lt_write_fail=1 AS_SHELL_SANITIZE _AS_PREPARE exec AS_MESSAGE_FD>&1 _ASEOF test $lt_write_fail = 0 && chmod +x $1[]dnl m4_popdef([AS_MESSAGE_LOG_FD])])])# _LT_GENERATED_FILE_INIT # LT_OUTPUT # --------- # This macro allows early generation of the libtool script (before # AC_OUTPUT is called), incase it is used in configure for compilation # tests. AC_DEFUN([LT_OUTPUT], [: ${CONFIG_LT=./config.lt} AC_MSG_NOTICE([creating $CONFIG_LT]) _LT_GENERATED_FILE_INIT(["$CONFIG_LT"], [# Run this file to recreate a libtool stub with the current configuration.]) cat >>"$CONFIG_LT" <<\_LTEOF lt_cl_silent=false exec AS_MESSAGE_LOG_FD>>config.log { echo AS_BOX([Running $as_me.]) } >&AS_MESSAGE_LOG_FD lt_cl_help="\ \`$as_me' creates a local libtool stub from the current configuration, for use in further configure time tests before the real libtool is generated. Usage: $[0] [[OPTIONS]] -h, --help print this help, then exit -V, --version print version number, then exit -q, --quiet do not print progress messages -d, --debug don't remove temporary files Report bugs to ." lt_cl_version="\ m4_ifset([AC_PACKAGE_NAME], [AC_PACKAGE_NAME ])config.lt[]dnl m4_ifset([AC_PACKAGE_VERSION], [ AC_PACKAGE_VERSION]) configured by $[0], generated by m4_PACKAGE_STRING. Copyright (C) 2011 Free Software Foundation, Inc. This config.lt script is free software; the Free Software Foundation gives unlimited permision to copy, distribute and modify it." while test $[#] != 0 do case $[1] in --version | --v* | -V ) echo "$lt_cl_version"; exit 0 ;; --help | --h* | -h ) echo "$lt_cl_help"; exit 0 ;; --debug | --d* | -d ) debug=: ;; --quiet | --q* | --silent | --s* | -q ) lt_cl_silent=: ;; -*) AC_MSG_ERROR([unrecognized option: $[1] Try \`$[0] --help' for more information.]) ;; *) AC_MSG_ERROR([unrecognized argument: $[1] Try \`$[0] --help' for more information.]) ;; esac shift done if $lt_cl_silent; then exec AS_MESSAGE_FD>/dev/null fi _LTEOF cat >>"$CONFIG_LT" <<_LTEOF _LT_OUTPUT_LIBTOOL_COMMANDS_INIT _LTEOF cat >>"$CONFIG_LT" <<\_LTEOF AC_MSG_NOTICE([creating $ofile]) _LT_OUTPUT_LIBTOOL_COMMANDS AS_EXIT(0) _LTEOF chmod +x "$CONFIG_LT" # configure is writing to config.log, but config.lt does its own redirection, # appending to config.log, which fails on DOS, as config.log is still kept # open by configure. Here we exec the FD to /dev/null, effectively closing # config.log, so it can be properly (re)opened and appended to by config.lt. lt_cl_success=: test "$silent" = yes && lt_config_lt_args="$lt_config_lt_args --quiet" exec AS_MESSAGE_LOG_FD>/dev/null $SHELL "$CONFIG_LT" $lt_config_lt_args || lt_cl_success=false exec AS_MESSAGE_LOG_FD>>config.log $lt_cl_success || AS_EXIT(1) ])# LT_OUTPUT # _LT_CONFIG(TAG) # --------------- # If TAG is the built-in tag, create an initial libtool script with a # default configuration from the untagged config vars. Otherwise add code # to config.status for appending the configuration named by TAG from the # matching tagged config vars. m4_defun([_LT_CONFIG], [m4_require([_LT_FILEUTILS_DEFAULTS])dnl _LT_CONFIG_SAVE_COMMANDS([ m4_define([_LT_TAG], m4_if([$1], [], [C], [$1]))dnl m4_if(_LT_TAG, [C], [ # See if we are running on zsh, and set the options which allow our # commands through without removal of \ escapes. if test -n "${ZSH_VERSION+set}" ; then setopt NO_GLOB_SUBST fi cfgfile="${ofile}T" trap "$RM \"$cfgfile\"; exit 1" 1 2 15 $RM "$cfgfile" cat <<_LT_EOF >> "$cfgfile" #! $SHELL # `$ECHO "$ofile" | sed 's%^.*/%%'` - Provide generalized library-building support services. # Generated automatically by $as_me ($PACKAGE$TIMESTAMP) $VERSION # Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`: # NOTE: Changes made to this file will be lost: look at ltmain.sh. # _LT_COPYING _LT_LIBTOOL_TAGS # ### BEGIN LIBTOOL CONFIG _LT_LIBTOOL_CONFIG_VARS _LT_LIBTOOL_TAG_VARS # ### END LIBTOOL CONFIG _LT_EOF case $host_os in aix3*) cat <<\_LT_EOF >> "$cfgfile" # AIX sometimes has problems with the GCC collect2 program. For some # reason, if we set the COLLECT_NAMES environment variable, the problems # vanish in a puff of smoke. if test "X${COLLECT_NAMES+set}" != Xset; then COLLECT_NAMES= export COLLECT_NAMES fi _LT_EOF ;; esac _LT_PROG_LTMAIN # We use sed instead of cat because bash on DJGPP gets confused if # if finds mixed CR/LF and LF-only lines. Since sed operates in # text mode, it properly converts lines to CR/LF. This bash problem # is reportedly fixed, but why not run on old versions too? sed '$q' "$ltmain" >> "$cfgfile" \ || (rm -f "$cfgfile"; exit 1) _LT_PROG_REPLACE_SHELLFNS mv -f "$cfgfile" "$ofile" || (rm -f "$ofile" && cp "$cfgfile" "$ofile" && rm -f "$cfgfile") chmod +x "$ofile" ], [cat <<_LT_EOF >> "$ofile" dnl Unfortunately we have to use $1 here, since _LT_TAG is not expanded dnl in a comment (ie after a #). # ### BEGIN LIBTOOL TAG CONFIG: $1 _LT_LIBTOOL_TAG_VARS(_LT_TAG) # ### END LIBTOOL TAG CONFIG: $1 _LT_EOF ])dnl /m4_if ], [m4_if([$1], [], [ PACKAGE='$PACKAGE' VERSION='$VERSION' TIMESTAMP='$TIMESTAMP' RM='$RM' ofile='$ofile'], []) ])dnl /_LT_CONFIG_SAVE_COMMANDS ])# _LT_CONFIG # LT_SUPPORTED_TAG(TAG) # --------------------- # Trace this macro to discover what tags are supported by the libtool # --tag option, using: # autoconf --trace 'LT_SUPPORTED_TAG:$1' AC_DEFUN([LT_SUPPORTED_TAG], []) # C support is built-in for now m4_define([_LT_LANG_C_enabled], []) m4_define([_LT_TAGS], []) # LT_LANG(LANG) # ------------- # Enable libtool support for the given language if not already enabled. AC_DEFUN([LT_LANG], [AC_BEFORE([$0], [LT_OUTPUT])dnl m4_case([$1], [C], [_LT_LANG(C)], [C++], [_LT_LANG(CXX)], [Go], [_LT_LANG(GO)], [Java], [_LT_LANG(GCJ)], [Fortran 77], [_LT_LANG(F77)], [Fortran], [_LT_LANG(FC)], [Windows Resource], [_LT_LANG(RC)], [m4_ifdef([_LT_LANG_]$1[_CONFIG], [_LT_LANG($1)], [m4_fatal([$0: unsupported language: "$1"])])])dnl ])# LT_LANG # _LT_LANG(LANGNAME) # ------------------ m4_defun([_LT_LANG], [m4_ifdef([_LT_LANG_]$1[_enabled], [], [LT_SUPPORTED_TAG([$1])dnl m4_append([_LT_TAGS], [$1 ])dnl m4_define([_LT_LANG_]$1[_enabled], [])dnl _LT_LANG_$1_CONFIG($1)])dnl ])# _LT_LANG m4_ifndef([AC_PROG_GO], [ ############################################################ # NOTE: This macro has been submitted for inclusion into # # GNU Autoconf as AC_PROG_GO. When it is available in # # a released version of Autoconf we should remove this # # macro and use it instead. # ############################################################ m4_defun([AC_PROG_GO], [AC_LANG_PUSH(Go)dnl AC_ARG_VAR([GOC], [Go compiler command])dnl AC_ARG_VAR([GOFLAGS], [Go compiler flags])dnl _AC_ARG_VAR_LDFLAGS()dnl AC_CHECK_TOOL(GOC, gccgo) if test -z "$GOC"; then if test -n "$ac_tool_prefix"; then AC_CHECK_PROG(GOC, [${ac_tool_prefix}gccgo], [${ac_tool_prefix}gccgo]) fi fi if test -z "$GOC"; then AC_CHECK_PROG(GOC, gccgo, gccgo, false) fi ])#m4_defun ])#m4_ifndef # _LT_LANG_DEFAULT_CONFIG # ----------------------- m4_defun([_LT_LANG_DEFAULT_CONFIG], [AC_PROVIDE_IFELSE([AC_PROG_CXX], [LT_LANG(CXX)], [m4_define([AC_PROG_CXX], defn([AC_PROG_CXX])[LT_LANG(CXX)])]) AC_PROVIDE_IFELSE([AC_PROG_F77], [LT_LANG(F77)], [m4_define([AC_PROG_F77], defn([AC_PROG_F77])[LT_LANG(F77)])]) AC_PROVIDE_IFELSE([AC_PROG_FC], [LT_LANG(FC)], [m4_define([AC_PROG_FC], defn([AC_PROG_FC])[LT_LANG(FC)])]) dnl The call to [A][M_PROG_GCJ] is quoted like that to stop aclocal dnl pulling things in needlessly. AC_PROVIDE_IFELSE([AC_PROG_GCJ], [LT_LANG(GCJ)], [AC_PROVIDE_IFELSE([A][M_PROG_GCJ], [LT_LANG(GCJ)], [AC_PROVIDE_IFELSE([LT_PROG_GCJ], [LT_LANG(GCJ)], [m4_ifdef([AC_PROG_GCJ], [m4_define([AC_PROG_GCJ], defn([AC_PROG_GCJ])[LT_LANG(GCJ)])]) m4_ifdef([A][M_PROG_GCJ], [m4_define([A][M_PROG_GCJ], defn([A][M_PROG_GCJ])[LT_LANG(GCJ)])]) m4_ifdef([LT_PROG_GCJ], [m4_define([LT_PROG_GCJ], defn([LT_PROG_GCJ])[LT_LANG(GCJ)])])])])]) AC_PROVIDE_IFELSE([AC_PROG_GO], [LT_LANG(GO)], [m4_define([AC_PROG_GO], defn([AC_PROG_GO])[LT_LANG(GO)])]) AC_PROVIDE_IFELSE([LT_PROG_RC], [LT_LANG(RC)], [m4_define([LT_PROG_RC], defn([LT_PROG_RC])[LT_LANG(RC)])]) ])# _LT_LANG_DEFAULT_CONFIG # Obsolete macros: AU_DEFUN([AC_LIBTOOL_CXX], [LT_LANG(C++)]) AU_DEFUN([AC_LIBTOOL_F77], [LT_LANG(Fortran 77)]) AU_DEFUN([AC_LIBTOOL_FC], [LT_LANG(Fortran)]) AU_DEFUN([AC_LIBTOOL_GCJ], [LT_LANG(Java)]) AU_DEFUN([AC_LIBTOOL_RC], [LT_LANG(Windows Resource)]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([AC_LIBTOOL_CXX], []) dnl AC_DEFUN([AC_LIBTOOL_F77], []) dnl AC_DEFUN([AC_LIBTOOL_FC], []) dnl AC_DEFUN([AC_LIBTOOL_GCJ], []) dnl AC_DEFUN([AC_LIBTOOL_RC], []) # _LT_TAG_COMPILER # ---------------- m4_defun([_LT_TAG_COMPILER], [AC_REQUIRE([AC_PROG_CC])dnl _LT_DECL([LTCC], [CC], [1], [A C compiler])dnl _LT_DECL([LTCFLAGS], [CFLAGS], [1], [LTCC compiler flags])dnl _LT_TAGDECL([CC], [compiler], [1], [A language specific compiler])dnl _LT_TAGDECL([with_gcc], [GCC], [0], [Is the compiler the GNU compiler?])dnl # If no C compiler was specified, use CC. LTCC=${LTCC-"$CC"} # If no C compiler flags were specified, use CFLAGS. LTCFLAGS=${LTCFLAGS-"$CFLAGS"} # Allow CC to be a program name with arguments. compiler=$CC ])# _LT_TAG_COMPILER # _LT_COMPILER_BOILERPLATE # ------------------------ # Check for compiler boilerplate output or warnings with # the simple compiler test code. m4_defun([_LT_COMPILER_BOILERPLATE], [m4_require([_LT_DECL_SED])dnl ac_outfile=conftest.$ac_objext echo "$lt_simple_compile_test_code" >conftest.$ac_ext eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err _lt_compiler_boilerplate=`cat conftest.err` $RM conftest* ])# _LT_COMPILER_BOILERPLATE # _LT_LINKER_BOILERPLATE # ---------------------- # Check for linker boilerplate output or warnings with # the simple link test code. m4_defun([_LT_LINKER_BOILERPLATE], [m4_require([_LT_DECL_SED])dnl ac_outfile=conftest.$ac_objext echo "$lt_simple_link_test_code" >conftest.$ac_ext eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err _lt_linker_boilerplate=`cat conftest.err` $RM -r conftest* ])# _LT_LINKER_BOILERPLATE # _LT_REQUIRED_DARWIN_CHECKS # ------------------------- m4_defun_once([_LT_REQUIRED_DARWIN_CHECKS],[ case $host_os in rhapsody* | darwin*) AC_CHECK_TOOL([DSYMUTIL], [dsymutil], [:]) AC_CHECK_TOOL([NMEDIT], [nmedit], [:]) AC_CHECK_TOOL([LIPO], [lipo], [:]) AC_CHECK_TOOL([OTOOL], [otool], [:]) AC_CHECK_TOOL([OTOOL64], [otool64], [:]) _LT_DECL([], [DSYMUTIL], [1], [Tool to manipulate archived DWARF debug symbol files on Mac OS X]) _LT_DECL([], [NMEDIT], [1], [Tool to change global to local symbols on Mac OS X]) _LT_DECL([], [LIPO], [1], [Tool to manipulate fat objects and archives on Mac OS X]) _LT_DECL([], [OTOOL], [1], [ldd/readelf like tool for Mach-O binaries on Mac OS X]) _LT_DECL([], [OTOOL64], [1], [ldd/readelf like tool for 64 bit Mach-O binaries on Mac OS X 10.4]) AC_CACHE_CHECK([for -single_module linker flag],[lt_cv_apple_cc_single_mod], [lt_cv_apple_cc_single_mod=no if test -z "${LT_MULTI_MODULE}"; then # By default we will add the -single_module flag. You can override # by either setting the environment variable LT_MULTI_MODULE # non-empty at configure time, or by adding -multi_module to the # link flags. rm -rf libconftest.dylib* echo "int foo(void){return 1;}" > conftest.c echo "$LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \ -dynamiclib -Wl,-single_module conftest.c" >&AS_MESSAGE_LOG_FD $LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \ -dynamiclib -Wl,-single_module conftest.c 2>conftest.err _lt_result=$? # If there is a non-empty error log, and "single_module" # appears in it, assume the flag caused a linker warning if test -s conftest.err && $GREP single_module conftest.err; then cat conftest.err >&AS_MESSAGE_LOG_FD # Otherwise, if the output was created with a 0 exit code from # the compiler, it worked. elif test -f libconftest.dylib && test $_lt_result -eq 0; then lt_cv_apple_cc_single_mod=yes else cat conftest.err >&AS_MESSAGE_LOG_FD fi rm -rf libconftest.dylib* rm -f conftest.* fi]) AC_CACHE_CHECK([for -exported_symbols_list linker flag], [lt_cv_ld_exported_symbols_list], [lt_cv_ld_exported_symbols_list=no save_LDFLAGS=$LDFLAGS echo "_main" > conftest.sym LDFLAGS="$LDFLAGS -Wl,-exported_symbols_list,conftest.sym" AC_LINK_IFELSE([AC_LANG_PROGRAM([],[])], [lt_cv_ld_exported_symbols_list=yes], [lt_cv_ld_exported_symbols_list=no]) LDFLAGS="$save_LDFLAGS" ]) AC_CACHE_CHECK([for -force_load linker flag],[lt_cv_ld_force_load], [lt_cv_ld_force_load=no cat > conftest.c << _LT_EOF int forced_loaded() { return 2;} _LT_EOF echo "$LTCC $LTCFLAGS -c -o conftest.o conftest.c" >&AS_MESSAGE_LOG_FD $LTCC $LTCFLAGS -c -o conftest.o conftest.c 2>&AS_MESSAGE_LOG_FD echo "$AR cru libconftest.a conftest.o" >&AS_MESSAGE_LOG_FD $AR cru libconftest.a conftest.o 2>&AS_MESSAGE_LOG_FD echo "$RANLIB libconftest.a" >&AS_MESSAGE_LOG_FD $RANLIB libconftest.a 2>&AS_MESSAGE_LOG_FD cat > conftest.c << _LT_EOF int main() { return 0;} _LT_EOF echo "$LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a" >&AS_MESSAGE_LOG_FD $LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a 2>conftest.err _lt_result=$? if test -s conftest.err && $GREP force_load conftest.err; then cat conftest.err >&AS_MESSAGE_LOG_FD elif test -f conftest && test $_lt_result -eq 0 && $GREP forced_load conftest >/dev/null 2>&1 ; then lt_cv_ld_force_load=yes else cat conftest.err >&AS_MESSAGE_LOG_FD fi rm -f conftest.err libconftest.a conftest conftest.c rm -rf conftest.dSYM ]) case $host_os in rhapsody* | darwin1.[[012]]) _lt_dar_allow_undefined='${wl}-undefined ${wl}suppress' ;; darwin1.*) _lt_dar_allow_undefined='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' ;; darwin*) # darwin 5.x on # if running on 10.5 or later, the deployment target defaults # to the OS version, if on x86, and 10.4, the deployment # target defaults to 10.4. Don't you love it? case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in 10.0,*86*-darwin8*|10.0,*-darwin[[91]]*) _lt_dar_allow_undefined='${wl}-undefined ${wl}dynamic_lookup' ;; 10.[[012]]*) _lt_dar_allow_undefined='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' ;; 10.*) _lt_dar_allow_undefined='${wl}-undefined ${wl}dynamic_lookup' ;; esac ;; esac if test "$lt_cv_apple_cc_single_mod" = "yes"; then _lt_dar_single_mod='$single_module' fi if test "$lt_cv_ld_exported_symbols_list" = "yes"; then _lt_dar_export_syms=' ${wl}-exported_symbols_list,$output_objdir/${libname}-symbols.expsym' else _lt_dar_export_syms='~$NMEDIT -s $output_objdir/${libname}-symbols.expsym ${lib}' fi if test "$DSYMUTIL" != ":" && test "$lt_cv_ld_force_load" = "no"; then _lt_dsymutil='~$DSYMUTIL $lib || :' else _lt_dsymutil= fi ;; esac ]) # _LT_DARWIN_LINKER_FEATURES([TAG]) # --------------------------------- # Checks for linker and compiler features on darwin m4_defun([_LT_DARWIN_LINKER_FEATURES], [ m4_require([_LT_REQUIRED_DARWIN_CHECKS]) _LT_TAGVAR(archive_cmds_need_lc, $1)=no _LT_TAGVAR(hardcode_direct, $1)=no _LT_TAGVAR(hardcode_automatic, $1)=yes _LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported if test "$lt_cv_ld_force_load" = "yes"; then _LT_TAGVAR(whole_archive_flag_spec, $1)='`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience ${wl}-force_load,$conv\"; done; func_echo_all \"$new_convenience\"`' m4_case([$1], [F77], [_LT_TAGVAR(compiler_needs_object, $1)=yes], [FC], [_LT_TAGVAR(compiler_needs_object, $1)=yes]) else _LT_TAGVAR(whole_archive_flag_spec, $1)='' fi _LT_TAGVAR(link_all_deplibs, $1)=yes _LT_TAGVAR(allow_undefined_flag, $1)="$_lt_dar_allow_undefined" case $cc_basename in ifort*) _lt_dar_can_shared=yes ;; *) _lt_dar_can_shared=$GCC ;; esac if test "$_lt_dar_can_shared" = "yes"; then output_verbose_link_cmd=func_echo_all _LT_TAGVAR(archive_cmds, $1)="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod${_lt_dsymutil}" _LT_TAGVAR(module_cmds, $1)="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dsymutil}" _LT_TAGVAR(archive_expsym_cmds, $1)="sed 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring ${_lt_dar_single_mod}${_lt_dar_export_syms}${_lt_dsymutil}" _LT_TAGVAR(module_expsym_cmds, $1)="sed -e 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dar_export_syms}${_lt_dsymutil}" m4_if([$1], [CXX], [ if test "$lt_cv_apple_cc_single_mod" != "yes"; then _LT_TAGVAR(archive_cmds, $1)="\$CC -r -keep_private_externs -nostdlib -o \${lib}-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \${lib}-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring${_lt_dsymutil}" _LT_TAGVAR(archive_expsym_cmds, $1)="sed 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC -r -keep_private_externs -nostdlib -o \${lib}-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \${lib}-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring${_lt_dar_export_syms}${_lt_dsymutil}" fi ],[]) else _LT_TAGVAR(ld_shlibs, $1)=no fi ]) # _LT_SYS_MODULE_PATH_AIX([TAGNAME]) # ---------------------------------- # Links a minimal program and checks the executable # for the system default hardcoded library path. In most cases, # this is /usr/lib:/lib, but when the MPI compilers are used # the location of the communication and MPI libs are included too. # If we don't find anything, use the default library path according # to the aix ld manual. # Store the results from the different compilers for each TAGNAME. # Allow to override them for all tags through lt_cv_aix_libpath. m4_defun([_LT_SYS_MODULE_PATH_AIX], [m4_require([_LT_DECL_SED])dnl if test "${lt_cv_aix_libpath+set}" = set; then aix_libpath=$lt_cv_aix_libpath else AC_CACHE_VAL([_LT_TAGVAR([lt_cv_aix_libpath_], [$1])], [AC_LINK_IFELSE([AC_LANG_PROGRAM],[ lt_aix_libpath_sed='[ /Import File Strings/,/^$/ { /^0/ { s/^0 *\([^ ]*\) *$/\1/ p } }]' _LT_TAGVAR([lt_cv_aix_libpath_], [$1])=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` # Check for a 64-bit object if we didn't find anything. if test -z "$_LT_TAGVAR([lt_cv_aix_libpath_], [$1])"; then _LT_TAGVAR([lt_cv_aix_libpath_], [$1])=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` fi],[]) if test -z "$_LT_TAGVAR([lt_cv_aix_libpath_], [$1])"; then _LT_TAGVAR([lt_cv_aix_libpath_], [$1])="/usr/lib:/lib" fi ]) aix_libpath=$_LT_TAGVAR([lt_cv_aix_libpath_], [$1]) fi ])# _LT_SYS_MODULE_PATH_AIX # _LT_SHELL_INIT(ARG) # ------------------- m4_define([_LT_SHELL_INIT], [m4_divert_text([M4SH-INIT], [$1 ])])# _LT_SHELL_INIT # _LT_PROG_ECHO_BACKSLASH # ----------------------- # Find how we can fake an echo command that does not interpret backslash. # In particular, with Autoconf 2.60 or later we add some code to the start # of the generated configure script which will find a shell with a builtin # printf (which we can use as an echo command). m4_defun([_LT_PROG_ECHO_BACKSLASH], [ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO$ECHO AC_MSG_CHECKING([how to print strings]) # Test print first, because it will be a builtin if present. if test "X`( print -r -- -n ) 2>/dev/null`" = X-n && \ test "X`print -r -- $ECHO 2>/dev/null`" = "X$ECHO"; then ECHO='print -r --' elif test "X`printf %s $ECHO 2>/dev/null`" = "X$ECHO"; then ECHO='printf %s\n' else # Use this function as a fallback that always works. func_fallback_echo () { eval 'cat <<_LTECHO_EOF $[]1 _LTECHO_EOF' } ECHO='func_fallback_echo' fi # func_echo_all arg... # Invoke $ECHO with all args, space-separated. func_echo_all () { $ECHO "$*" } case "$ECHO" in printf*) AC_MSG_RESULT([printf]) ;; print*) AC_MSG_RESULT([print -r]) ;; *) AC_MSG_RESULT([cat]) ;; esac m4_ifdef([_AS_DETECT_SUGGESTED], [_AS_DETECT_SUGGESTED([ test -n "${ZSH_VERSION+set}${BASH_VERSION+set}" || ( ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO$ECHO PATH=/empty FPATH=/empty; export PATH FPATH test "X`printf %s $ECHO`" = "X$ECHO" \ || test "X`print -r -- $ECHO`" = "X$ECHO" )])]) _LT_DECL([], [SHELL], [1], [Shell to use when invoking shell scripts]) _LT_DECL([], [ECHO], [1], [An echo program that protects backslashes]) ])# _LT_PROG_ECHO_BACKSLASH # _LT_WITH_SYSROOT # ---------------- AC_DEFUN([_LT_WITH_SYSROOT], [AC_MSG_CHECKING([for sysroot]) AC_ARG_WITH([sysroot], [ --with-sysroot[=DIR] Search for dependent libraries within DIR (or the compiler's sysroot if not specified).], [], [with_sysroot=no]) dnl lt_sysroot will always be passed unquoted. We quote it here dnl in case the user passed a directory name. lt_sysroot= case ${with_sysroot} in #( yes) if test "$GCC" = yes; then lt_sysroot=`$CC --print-sysroot 2>/dev/null` fi ;; #( /*) lt_sysroot=`echo "$with_sysroot" | sed -e "$sed_quote_subst"` ;; #( no|'') ;; #( *) AC_MSG_RESULT([${with_sysroot}]) AC_MSG_ERROR([The sysroot must be an absolute path.]) ;; esac AC_MSG_RESULT([${lt_sysroot:-no}]) _LT_DECL([], [lt_sysroot], [0], [The root where to search for ]dnl [dependent libraries, and in which our libraries should be installed.])]) # _LT_ENABLE_LOCK # --------------- m4_defun([_LT_ENABLE_LOCK], [AC_ARG_ENABLE([libtool-lock], [AS_HELP_STRING([--disable-libtool-lock], [avoid locking (might break parallel builds)])]) test "x$enable_libtool_lock" != xno && enable_libtool_lock=yes # Some flags need to be propagated to the compiler or linker for good # libtool support. case $host in ia64-*-hpux*) # Find out which ABI we are using. echo 'int i;' > conftest.$ac_ext if AC_TRY_EVAL(ac_compile); then case `/usr/bin/file conftest.$ac_objext` in *ELF-32*) HPUX_IA64_MODE="32" ;; *ELF-64*) HPUX_IA64_MODE="64" ;; esac fi rm -rf conftest* ;; *-*-irix6*) # Find out which ABI we are using. echo '[#]line '$LINENO' "configure"' > conftest.$ac_ext if AC_TRY_EVAL(ac_compile); then if test "$lt_cv_prog_gnu_ld" = yes; then case `/usr/bin/file conftest.$ac_objext` in *32-bit*) LD="${LD-ld} -melf32bsmip" ;; *N32*) LD="${LD-ld} -melf32bmipn32" ;; *64-bit*) LD="${LD-ld} -melf64bmip" ;; esac else case `/usr/bin/file conftest.$ac_objext` in *32-bit*) LD="${LD-ld} -32" ;; *N32*) LD="${LD-ld} -n32" ;; *64-bit*) LD="${LD-ld} -64" ;; esac fi fi rm -rf conftest* ;; x86_64-*kfreebsd*-gnu|x86_64-*linux*|powerpc*-*linux*| \ s390*-*linux*|s390*-*tpf*|sparc*-*linux*) # Find out which ABI we are using. echo 'int i;' > conftest.$ac_ext if AC_TRY_EVAL(ac_compile); then case `/usr/bin/file conftest.o` in *32-bit*) case $host in x86_64-*kfreebsd*-gnu) LD="${LD-ld} -m elf_i386_fbsd" ;; x86_64-*linux*) case `/usr/bin/file conftest.o` in *x86-64*) LD="${LD-ld} -m elf32_x86_64" ;; *) LD="${LD-ld} -m elf_i386" ;; esac ;; powerpc64le-*) LD="${LD-ld} -m elf32lppclinux" ;; powerpc64-*) LD="${LD-ld} -m elf32ppclinux" ;; s390x-*linux*) LD="${LD-ld} -m elf_s390" ;; sparc64-*linux*) LD="${LD-ld} -m elf32_sparc" ;; esac ;; *64-bit*) case $host in x86_64-*kfreebsd*-gnu) LD="${LD-ld} -m elf_x86_64_fbsd" ;; x86_64-*linux*) LD="${LD-ld} -m elf_x86_64" ;; powerpcle-*) LD="${LD-ld} -m elf64lppc" ;; powerpc-*) LD="${LD-ld} -m elf64ppc" ;; s390*-*linux*|s390*-*tpf*) LD="${LD-ld} -m elf64_s390" ;; sparc*-*linux*) LD="${LD-ld} -m elf64_sparc" ;; esac ;; esac fi rm -rf conftest* ;; *-*-sco3.2v5*) # On SCO OpenServer 5, we need -belf to get full-featured binaries. SAVE_CFLAGS="$CFLAGS" CFLAGS="$CFLAGS -belf" AC_CACHE_CHECK([whether the C compiler needs -belf], lt_cv_cc_needs_belf, [AC_LANG_PUSH(C) AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],[[]])],[lt_cv_cc_needs_belf=yes],[lt_cv_cc_needs_belf=no]) AC_LANG_POP]) if test x"$lt_cv_cc_needs_belf" != x"yes"; then # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf CFLAGS="$SAVE_CFLAGS" fi ;; *-*solaris*) # Find out which ABI we are using. echo 'int i;' > conftest.$ac_ext if AC_TRY_EVAL(ac_compile); then case `/usr/bin/file conftest.o` in *64-bit*) case $lt_cv_prog_gnu_ld in yes*) case $host in i?86-*-solaris*) LD="${LD-ld} -m elf_x86_64" ;; sparc*-*-solaris*) LD="${LD-ld} -m elf64_sparc" ;; esac # GNU ld 2.21 introduced _sol2 emulations. Use them if available. if ${LD-ld} -V | grep _sol2 >/dev/null 2>&1; then LD="${LD-ld}_sol2" fi ;; *) if ${LD-ld} -64 -r -o conftest2.o conftest.o >/dev/null 2>&1; then LD="${LD-ld} -64" fi ;; esac ;; esac fi rm -rf conftest* ;; esac need_locks="$enable_libtool_lock" ])# _LT_ENABLE_LOCK # _LT_PROG_AR # ----------- m4_defun([_LT_PROG_AR], [AC_CHECK_TOOLS(AR, [ar], false) : ${AR=ar} : ${AR_FLAGS=cru} _LT_DECL([], [AR], [1], [The archiver]) _LT_DECL([], [AR_FLAGS], [1], [Flags to create an archive]) AC_CACHE_CHECK([for archiver @FILE support], [lt_cv_ar_at_file], [lt_cv_ar_at_file=no AC_COMPILE_IFELSE([AC_LANG_PROGRAM], [echo conftest.$ac_objext > conftest.lst lt_ar_try='$AR $AR_FLAGS libconftest.a @conftest.lst >&AS_MESSAGE_LOG_FD' AC_TRY_EVAL([lt_ar_try]) if test "$ac_status" -eq 0; then # Ensure the archiver fails upon bogus file names. rm -f conftest.$ac_objext libconftest.a AC_TRY_EVAL([lt_ar_try]) if test "$ac_status" -ne 0; then lt_cv_ar_at_file=@ fi fi rm -f conftest.* libconftest.a ]) ]) if test "x$lt_cv_ar_at_file" = xno; then archiver_list_spec= else archiver_list_spec=$lt_cv_ar_at_file fi _LT_DECL([], [archiver_list_spec], [1], [How to feed a file listing to the archiver]) ])# _LT_PROG_AR # _LT_CMD_OLD_ARCHIVE # ------------------- m4_defun([_LT_CMD_OLD_ARCHIVE], [_LT_PROG_AR AC_CHECK_TOOL(STRIP, strip, :) test -z "$STRIP" && STRIP=: _LT_DECL([], [STRIP], [1], [A symbol stripping program]) AC_CHECK_TOOL(RANLIB, ranlib, :) test -z "$RANLIB" && RANLIB=: _LT_DECL([], [RANLIB], [1], [Commands used to install an old-style archive]) # Determine commands to create old-style static archives. old_archive_cmds='$AR $AR_FLAGS $oldlib$oldobjs' old_postinstall_cmds='chmod 644 $oldlib' old_postuninstall_cmds= if test -n "$RANLIB"; then case $host_os in openbsd*) old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$tool_oldlib" ;; *) old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$tool_oldlib" ;; esac old_archive_cmds="$old_archive_cmds~\$RANLIB \$tool_oldlib" fi case $host_os in darwin*) lock_old_archive_extraction=yes ;; *) lock_old_archive_extraction=no ;; esac _LT_DECL([], [old_postinstall_cmds], [2]) _LT_DECL([], [old_postuninstall_cmds], [2]) _LT_TAGDECL([], [old_archive_cmds], [2], [Commands used to build an old-style archive]) _LT_DECL([], [lock_old_archive_extraction], [0], [Whether to use a lock for old archive extraction]) ])# _LT_CMD_OLD_ARCHIVE # _LT_COMPILER_OPTION(MESSAGE, VARIABLE-NAME, FLAGS, # [OUTPUT-FILE], [ACTION-SUCCESS], [ACTION-FAILURE]) # ---------------------------------------------------------------- # Check whether the given compiler option works AC_DEFUN([_LT_COMPILER_OPTION], [m4_require([_LT_FILEUTILS_DEFAULTS])dnl m4_require([_LT_DECL_SED])dnl AC_CACHE_CHECK([$1], [$2], [$2=no m4_if([$4], , [ac_outfile=conftest.$ac_objext], [ac_outfile=$4]) echo "$lt_simple_compile_test_code" > conftest.$ac_ext lt_compiler_flag="$3" # Insert the option either (1) after the last *FLAGS variable, or # (2) before a word containing "conftest.", or (3) at the end. # Note that $ac_compile itself does not contain backslashes and begins # with a dollar sign (not a hyphen), so the echo should work correctly. # The option is referenced via a variable to avoid confusing sed. lt_compile=`echo "$ac_compile" | $SED \ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [[^ ]]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&AS_MESSAGE_LOG_FD) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&AS_MESSAGE_LOG_FD echo "$as_me:$LINENO: \$? = $ac_status" >&AS_MESSAGE_LOG_FD if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' >conftest.exp $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then $2=yes fi fi $RM conftest* ]) if test x"[$]$2" = xyes; then m4_if([$5], , :, [$5]) else m4_if([$6], , :, [$6]) fi ])# _LT_COMPILER_OPTION # Old name: AU_ALIAS([AC_LIBTOOL_COMPILER_OPTION], [_LT_COMPILER_OPTION]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([AC_LIBTOOL_COMPILER_OPTION], []) # _LT_LINKER_OPTION(MESSAGE, VARIABLE-NAME, FLAGS, # [ACTION-SUCCESS], [ACTION-FAILURE]) # ---------------------------------------------------- # Check whether the given linker option works AC_DEFUN([_LT_LINKER_OPTION], [m4_require([_LT_FILEUTILS_DEFAULTS])dnl m4_require([_LT_DECL_SED])dnl AC_CACHE_CHECK([$1], [$2], [$2=no save_LDFLAGS="$LDFLAGS" LDFLAGS="$LDFLAGS $3" echo "$lt_simple_link_test_code" > conftest.$ac_ext if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then # The linker can only warn and ignore the option if not recognized # So say no if there are warnings if test -s conftest.err; then # Append any errors to the config.log. cat conftest.err 1>&AS_MESSAGE_LOG_FD $ECHO "$_lt_linker_boilerplate" | $SED '/^$/d' > conftest.exp $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 if diff conftest.exp conftest.er2 >/dev/null; then $2=yes fi else $2=yes fi fi $RM -r conftest* LDFLAGS="$save_LDFLAGS" ]) if test x"[$]$2" = xyes; then m4_if([$4], , :, [$4]) else m4_if([$5], , :, [$5]) fi ])# _LT_LINKER_OPTION # Old name: AU_ALIAS([AC_LIBTOOL_LINKER_OPTION], [_LT_LINKER_OPTION]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([AC_LIBTOOL_LINKER_OPTION], []) # LT_CMD_MAX_LEN #--------------- AC_DEFUN([LT_CMD_MAX_LEN], [AC_REQUIRE([AC_CANONICAL_HOST])dnl # find the maximum length of command line arguments AC_MSG_CHECKING([the maximum length of command line arguments]) AC_CACHE_VAL([lt_cv_sys_max_cmd_len], [dnl i=0 teststring="ABCD" case $build_os in msdosdjgpp*) # On DJGPP, this test can blow up pretty badly due to problems in libc # (any single argument exceeding 2000 bytes causes a buffer overrun # during glob expansion). Even if it were fixed, the result of this # check would be larger than it should be. lt_cv_sys_max_cmd_len=12288; # 12K is about right ;; gnu*) # Under GNU Hurd, this test is not required because there is # no limit to the length of command line arguments. # Libtool will interpret -1 as no limit whatsoever lt_cv_sys_max_cmd_len=-1; ;; cygwin* | mingw* | cegcc*) # On Win9x/ME, this test blows up -- it succeeds, but takes # about 5 minutes as the teststring grows exponentially. # Worse, since 9x/ME are not pre-emptively multitasking, # you end up with a "frozen" computer, even though with patience # the test eventually succeeds (with a max line length of 256k). # Instead, let's just punt: use the minimum linelength reported by # all of the supported platforms: 8192 (on NT/2K/XP). lt_cv_sys_max_cmd_len=8192; ;; mint*) # On MiNT this can take a long time and run out of memory. lt_cv_sys_max_cmd_len=8192; ;; amigaos*) # On AmigaOS with pdksh, this test takes hours, literally. # So we just punt and use a minimum line length of 8192. lt_cv_sys_max_cmd_len=8192; ;; netbsd* | freebsd* | openbsd* | darwin* | dragonfly*) # This has been around since 386BSD, at least. Likely further. if test -x /sbin/sysctl; then lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax` elif test -x /usr/sbin/sysctl; then lt_cv_sys_max_cmd_len=`/usr/sbin/sysctl -n kern.argmax` else lt_cv_sys_max_cmd_len=65536 # usable default for all BSDs fi # And add a safety zone lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4` lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3` ;; interix*) # We know the value 262144 and hardcode it with a safety zone (like BSD) lt_cv_sys_max_cmd_len=196608 ;; os2*) # The test takes a long time on OS/2. lt_cv_sys_max_cmd_len=8192 ;; osf*) # Dr. Hans Ekkehard Plesser reports seeing a kernel panic running configure # due to this test when exec_disable_arg_limit is 1 on Tru64. It is not # nice to cause kernel panics so lets avoid the loop below. # First set a reasonable default. lt_cv_sys_max_cmd_len=16384 # if test -x /sbin/sysconfig; then case `/sbin/sysconfig -q proc exec_disable_arg_limit` in *1*) lt_cv_sys_max_cmd_len=-1 ;; esac fi ;; sco3.2v5*) lt_cv_sys_max_cmd_len=102400 ;; sysv5* | sco5v6* | sysv4.2uw2*) kargmax=`grep ARG_MAX /etc/conf/cf.d/stune 2>/dev/null` if test -n "$kargmax"; then lt_cv_sys_max_cmd_len=`echo $kargmax | sed 's/.*[[ ]]//'` else lt_cv_sys_max_cmd_len=32768 fi ;; *) lt_cv_sys_max_cmd_len=`(getconf ARG_MAX) 2> /dev/null` if test -n "$lt_cv_sys_max_cmd_len" && \ test undefined != "$lt_cv_sys_max_cmd_len"; then lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4` lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3` else # Make teststring a little bigger before we do anything with it. # a 1K string should be a reasonable start. for i in 1 2 3 4 5 6 7 8 ; do teststring=$teststring$teststring done SHELL=${SHELL-${CONFIG_SHELL-/bin/sh}} # If test is not a shell built-in, we'll probably end up computing a # maximum length that is only half of the actual maximum length, but # we can't tell. while { test "X"`env echo "$teststring$teststring" 2>/dev/null` \ = "X$teststring$teststring"; } >/dev/null 2>&1 && test $i != 17 # 1/2 MB should be enough do i=`expr $i + 1` teststring=$teststring$teststring done # Only check the string length outside the loop. lt_cv_sys_max_cmd_len=`expr "X$teststring" : ".*" 2>&1` teststring= # Add a significant safety factor because C++ compilers can tack on # massive amounts of additional arguments before passing them to the # linker. It appears as though 1/2 is a usable value. lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 2` fi ;; esac ]) if test -n $lt_cv_sys_max_cmd_len ; then AC_MSG_RESULT($lt_cv_sys_max_cmd_len) else AC_MSG_RESULT(none) fi max_cmd_len=$lt_cv_sys_max_cmd_len _LT_DECL([], [max_cmd_len], [0], [What is the maximum length of a command?]) ])# LT_CMD_MAX_LEN # Old name: AU_ALIAS([AC_LIBTOOL_SYS_MAX_CMD_LEN], [LT_CMD_MAX_LEN]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([AC_LIBTOOL_SYS_MAX_CMD_LEN], []) # _LT_HEADER_DLFCN # ---------------- m4_defun([_LT_HEADER_DLFCN], [AC_CHECK_HEADERS([dlfcn.h], [], [], [AC_INCLUDES_DEFAULT])dnl ])# _LT_HEADER_DLFCN # _LT_TRY_DLOPEN_SELF (ACTION-IF-TRUE, ACTION-IF-TRUE-W-USCORE, # ACTION-IF-FALSE, ACTION-IF-CROSS-COMPILING) # ---------------------------------------------------------------- m4_defun([_LT_TRY_DLOPEN_SELF], [m4_require([_LT_HEADER_DLFCN])dnl if test "$cross_compiling" = yes; then : [$4] else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<_LT_EOF [#line $LINENO "configure" #include "confdefs.h" #if HAVE_DLFCN_H #include #endif #include #ifdef RTLD_GLOBAL # define LT_DLGLOBAL RTLD_GLOBAL #else # ifdef DL_GLOBAL # define LT_DLGLOBAL DL_GLOBAL # else # define LT_DLGLOBAL 0 # endif #endif /* We may have to define LT_DLLAZY_OR_NOW in the command line if we find out it does not work in some platform. */ #ifndef LT_DLLAZY_OR_NOW # ifdef RTLD_LAZY # define LT_DLLAZY_OR_NOW RTLD_LAZY # else # ifdef DL_LAZY # define LT_DLLAZY_OR_NOW DL_LAZY # else # ifdef RTLD_NOW # define LT_DLLAZY_OR_NOW RTLD_NOW # else # ifdef DL_NOW # define LT_DLLAZY_OR_NOW DL_NOW # else # define LT_DLLAZY_OR_NOW 0 # endif # endif # endif # endif #endif /* When -fvisbility=hidden is used, assume the code has been annotated correspondingly for the symbols needed. */ #if defined(__GNUC__) && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3)) int fnord () __attribute__((visibility("default"))); #endif int fnord () { return 42; } int main () { void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW); int status = $lt_dlunknown; if (self) { if (dlsym (self,"fnord")) status = $lt_dlno_uscore; else { if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore; else puts (dlerror ()); } /* dlclose (self); */ } else puts (dlerror ()); return status; }] _LT_EOF if AC_TRY_EVAL(ac_link) && test -s conftest${ac_exeext} 2>/dev/null; then (./conftest; exit; ) >&AS_MESSAGE_LOG_FD 2>/dev/null lt_status=$? case x$lt_status in x$lt_dlno_uscore) $1 ;; x$lt_dlneed_uscore) $2 ;; x$lt_dlunknown|x*) $3 ;; esac else : # compilation failed $3 fi fi rm -fr conftest* ])# _LT_TRY_DLOPEN_SELF # LT_SYS_DLOPEN_SELF # ------------------ AC_DEFUN([LT_SYS_DLOPEN_SELF], [m4_require([_LT_HEADER_DLFCN])dnl if test "x$enable_dlopen" != xyes; then enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown else lt_cv_dlopen=no lt_cv_dlopen_libs= case $host_os in beos*) lt_cv_dlopen="load_add_on" lt_cv_dlopen_libs= lt_cv_dlopen_self=yes ;; mingw* | pw32* | cegcc*) lt_cv_dlopen="LoadLibrary" lt_cv_dlopen_libs= ;; cygwin*) lt_cv_dlopen="dlopen" lt_cv_dlopen_libs= ;; darwin*) # if libdl is installed we need to link against it AC_CHECK_LIB([dl], [dlopen], [lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"],[ lt_cv_dlopen="dyld" lt_cv_dlopen_libs= lt_cv_dlopen_self=yes ]) ;; *) AC_CHECK_FUNC([shl_load], [lt_cv_dlopen="shl_load"], [AC_CHECK_LIB([dld], [shl_load], [lt_cv_dlopen="shl_load" lt_cv_dlopen_libs="-ldld"], [AC_CHECK_FUNC([dlopen], [lt_cv_dlopen="dlopen"], [AC_CHECK_LIB([dl], [dlopen], [lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"], [AC_CHECK_LIB([svld], [dlopen], [lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-lsvld"], [AC_CHECK_LIB([dld], [dld_link], [lt_cv_dlopen="dld_link" lt_cv_dlopen_libs="-ldld"]) ]) ]) ]) ]) ]) ;; esac if test "x$lt_cv_dlopen" != xno; then enable_dlopen=yes else enable_dlopen=no fi case $lt_cv_dlopen in dlopen) save_CPPFLAGS="$CPPFLAGS" test "x$ac_cv_header_dlfcn_h" = xyes && CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H" save_LDFLAGS="$LDFLAGS" wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $export_dynamic_flag_spec\" save_LIBS="$LIBS" LIBS="$lt_cv_dlopen_libs $LIBS" AC_CACHE_CHECK([whether a program can dlopen itself], lt_cv_dlopen_self, [dnl _LT_TRY_DLOPEN_SELF( lt_cv_dlopen_self=yes, lt_cv_dlopen_self=yes, lt_cv_dlopen_self=no, lt_cv_dlopen_self=cross) ]) if test "x$lt_cv_dlopen_self" = xyes; then wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $lt_prog_compiler_static\" AC_CACHE_CHECK([whether a statically linked program can dlopen itself], lt_cv_dlopen_self_static, [dnl _LT_TRY_DLOPEN_SELF( lt_cv_dlopen_self_static=yes, lt_cv_dlopen_self_static=yes, lt_cv_dlopen_self_static=no, lt_cv_dlopen_self_static=cross) ]) fi CPPFLAGS="$save_CPPFLAGS" LDFLAGS="$save_LDFLAGS" LIBS="$save_LIBS" ;; esac case $lt_cv_dlopen_self in yes|no) enable_dlopen_self=$lt_cv_dlopen_self ;; *) enable_dlopen_self=unknown ;; esac case $lt_cv_dlopen_self_static in yes|no) enable_dlopen_self_static=$lt_cv_dlopen_self_static ;; *) enable_dlopen_self_static=unknown ;; esac fi _LT_DECL([dlopen_support], [enable_dlopen], [0], [Whether dlopen is supported]) _LT_DECL([dlopen_self], [enable_dlopen_self], [0], [Whether dlopen of programs is supported]) _LT_DECL([dlopen_self_static], [enable_dlopen_self_static], [0], [Whether dlopen of statically linked programs is supported]) ])# LT_SYS_DLOPEN_SELF # Old name: AU_ALIAS([AC_LIBTOOL_DLOPEN_SELF], [LT_SYS_DLOPEN_SELF]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([AC_LIBTOOL_DLOPEN_SELF], []) # _LT_COMPILER_C_O([TAGNAME]) # --------------------------- # Check to see if options -c and -o are simultaneously supported by compiler. # This macro does not hard code the compiler like AC_PROG_CC_C_O. m4_defun([_LT_COMPILER_C_O], [m4_require([_LT_DECL_SED])dnl m4_require([_LT_FILEUTILS_DEFAULTS])dnl m4_require([_LT_TAG_COMPILER])dnl AC_CACHE_CHECK([if $compiler supports -c -o file.$ac_objext], [_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)], [_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)=no $RM -r conftest 2>/dev/null mkdir conftest cd conftest mkdir out echo "$lt_simple_compile_test_code" > conftest.$ac_ext lt_compiler_flag="-o out/conftest2.$ac_objext" # Insert the option either (1) after the last *FLAGS variable, or # (2) before a word containing "conftest.", or (3) at the end. # Note that $ac_compile itself does not contain backslashes and begins # with a dollar sign (not a hyphen), so the echo should work correctly. lt_compile=`echo "$ac_compile" | $SED \ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [[^ ]]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&AS_MESSAGE_LOG_FD) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&AS_MESSAGE_LOG_FD echo "$as_me:$LINENO: \$? = $ac_status" >&AS_MESSAGE_LOG_FD if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' > out/conftest.exp $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2 if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then _LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)=yes fi fi chmod u+w . 2>&AS_MESSAGE_LOG_FD $RM conftest* # SGI C++ compiler will create directory out/ii_files/ for # template instantiation test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files $RM out/* && rmdir out cd .. $RM -r conftest $RM conftest* ]) _LT_TAGDECL([compiler_c_o], [lt_cv_prog_compiler_c_o], [1], [Does compiler simultaneously support -c and -o options?]) ])# _LT_COMPILER_C_O # _LT_COMPILER_FILE_LOCKS([TAGNAME]) # ---------------------------------- # Check to see if we can do hard links to lock some files if needed m4_defun([_LT_COMPILER_FILE_LOCKS], [m4_require([_LT_ENABLE_LOCK])dnl m4_require([_LT_FILEUTILS_DEFAULTS])dnl _LT_COMPILER_C_O([$1]) hard_links="nottested" if test "$_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)" = no && test "$need_locks" != no; then # do not overwrite the value of need_locks provided by the user AC_MSG_CHECKING([if we can lock with hard links]) hard_links=yes $RM conftest* ln conftest.a conftest.b 2>/dev/null && hard_links=no touch conftest.a ln conftest.a conftest.b 2>&5 || hard_links=no ln conftest.a conftest.b 2>/dev/null && hard_links=no AC_MSG_RESULT([$hard_links]) if test "$hard_links" = no; then AC_MSG_WARN([`$CC' does not support `-c -o', so `make -j' may be unsafe]) need_locks=warn fi else need_locks=no fi _LT_DECL([], [need_locks], [1], [Must we lock files when doing compilation?]) ])# _LT_COMPILER_FILE_LOCKS # _LT_CHECK_OBJDIR # ---------------- m4_defun([_LT_CHECK_OBJDIR], [AC_CACHE_CHECK([for objdir], [lt_cv_objdir], [rm -f .libs 2>/dev/null mkdir .libs 2>/dev/null if test -d .libs; then lt_cv_objdir=.libs else # MS-DOS does not allow filenames that begin with a dot. lt_cv_objdir=_libs fi rmdir .libs 2>/dev/null]) objdir=$lt_cv_objdir _LT_DECL([], [objdir], [0], [The name of the directory that contains temporary libtool files])dnl m4_pattern_allow([LT_OBJDIR])dnl AC_DEFINE_UNQUOTED(LT_OBJDIR, "$lt_cv_objdir/", [Define to the sub-directory in which libtool stores uninstalled libraries.]) ])# _LT_CHECK_OBJDIR # _LT_LINKER_HARDCODE_LIBPATH([TAGNAME]) # -------------------------------------- # Check hardcoding attributes. m4_defun([_LT_LINKER_HARDCODE_LIBPATH], [AC_MSG_CHECKING([how to hardcode library paths into programs]) _LT_TAGVAR(hardcode_action, $1)= if test -n "$_LT_TAGVAR(hardcode_libdir_flag_spec, $1)" || test -n "$_LT_TAGVAR(runpath_var, $1)" || test "X$_LT_TAGVAR(hardcode_automatic, $1)" = "Xyes" ; then # We can hardcode non-existent directories. if test "$_LT_TAGVAR(hardcode_direct, $1)" != no && # If the only mechanism to avoid hardcoding is shlibpath_var, we # have to relink, otherwise we might link with an installed library # when we should be linking with a yet-to-be-installed one ## test "$_LT_TAGVAR(hardcode_shlibpath_var, $1)" != no && test "$_LT_TAGVAR(hardcode_minus_L, $1)" != no; then # Linking always hardcodes the temporary library directory. _LT_TAGVAR(hardcode_action, $1)=relink else # We can link without hardcoding, and we can hardcode nonexisting dirs. _LT_TAGVAR(hardcode_action, $1)=immediate fi else # We cannot hardcode anything, or else we can only hardcode existing # directories. _LT_TAGVAR(hardcode_action, $1)=unsupported fi AC_MSG_RESULT([$_LT_TAGVAR(hardcode_action, $1)]) if test "$_LT_TAGVAR(hardcode_action, $1)" = relink || test "$_LT_TAGVAR(inherit_rpath, $1)" = yes; then # Fast installation is not supported enable_fast_install=no elif test "$shlibpath_overrides_runpath" = yes || test "$enable_shared" = no; then # Fast installation is not necessary enable_fast_install=needless fi _LT_TAGDECL([], [hardcode_action], [0], [How to hardcode a shared library path into an executable]) ])# _LT_LINKER_HARDCODE_LIBPATH # _LT_CMD_STRIPLIB # ---------------- m4_defun([_LT_CMD_STRIPLIB], [m4_require([_LT_DECL_EGREP]) striplib= old_striplib= AC_MSG_CHECKING([whether stripping libraries is possible]) if test -n "$STRIP" && $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then test -z "$old_striplib" && old_striplib="$STRIP --strip-debug" test -z "$striplib" && striplib="$STRIP --strip-unneeded" AC_MSG_RESULT([yes]) else # FIXME - insert some real tests, host_os isn't really good enough case $host_os in darwin*) if test -n "$STRIP" ; then striplib="$STRIP -x" old_striplib="$STRIP -S" AC_MSG_RESULT([yes]) else AC_MSG_RESULT([no]) fi ;; *) AC_MSG_RESULT([no]) ;; esac fi _LT_DECL([], [old_striplib], [1], [Commands to strip libraries]) _LT_DECL([], [striplib], [1]) ])# _LT_CMD_STRIPLIB # _LT_SYS_DYNAMIC_LINKER([TAG]) # ----------------------------- # PORTME Fill in your ld.so characteristics m4_defun([_LT_SYS_DYNAMIC_LINKER], [AC_REQUIRE([AC_CANONICAL_HOST])dnl m4_require([_LT_DECL_EGREP])dnl m4_require([_LT_FILEUTILS_DEFAULTS])dnl m4_require([_LT_DECL_OBJDUMP])dnl m4_require([_LT_DECL_SED])dnl m4_require([_LT_CHECK_SHELL_FEATURES])dnl AC_MSG_CHECKING([dynamic linker characteristics]) m4_if([$1], [], [ if test "$GCC" = yes; then case $host_os in darwin*) lt_awk_arg="/^libraries:/,/LR/" ;; *) lt_awk_arg="/^libraries:/" ;; esac case $host_os in mingw* | cegcc*) lt_sed_strip_eq="s,=\([[A-Za-z]]:\),\1,g" ;; *) lt_sed_strip_eq="s,=/,/,g" ;; esac lt_search_path_spec=`$CC -print-search-dirs | awk $lt_awk_arg | $SED -e "s/^libraries://" -e $lt_sed_strip_eq` case $lt_search_path_spec in *\;*) # if the path contains ";" then we assume it to be the separator # otherwise default to the standard path separator (i.e. ":") - it is # assumed that no part of a normal pathname contains ";" but that should # okay in the real world where ";" in dirpaths is itself problematic. lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED 's/;/ /g'` ;; *) lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED "s/$PATH_SEPARATOR/ /g"` ;; esac # Ok, now we have the path, separated by spaces, we can step through it # and add multilib dir if necessary. lt_tmp_lt_search_path_spec= lt_multi_os_dir=`$CC $CPPFLAGS $CFLAGS $LDFLAGS -print-multi-os-directory 2>/dev/null` for lt_sys_path in $lt_search_path_spec; do if test -d "$lt_sys_path/$lt_multi_os_dir"; then lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path/$lt_multi_os_dir" else test -d "$lt_sys_path" && \ lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path" fi done lt_search_path_spec=`$ECHO "$lt_tmp_lt_search_path_spec" | awk ' BEGIN {RS=" "; FS="/|\n";} { lt_foo=""; lt_count=0; for (lt_i = NF; lt_i > 0; lt_i--) { if ($lt_i != "" && $lt_i != ".") { if ($lt_i == "..") { lt_count++; } else { if (lt_count == 0) { lt_foo="/" $lt_i lt_foo; } else { lt_count--; } } } } if (lt_foo != "") { lt_freq[[lt_foo]]++; } if (lt_freq[[lt_foo]] == 1) { print lt_foo; } }'` # AWK program above erroneously prepends '/' to C:/dos/paths # for these hosts. case $host_os in mingw* | cegcc*) lt_search_path_spec=`$ECHO "$lt_search_path_spec" |\ $SED 's,/\([[A-Za-z]]:\),\1,g'` ;; esac sys_lib_search_path_spec=`$ECHO "$lt_search_path_spec" | $lt_NL2SP` else sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib" fi]) library_names_spec= libname_spec='lib$name' soname_spec= shrext_cmds=".so" postinstall_cmds= postuninstall_cmds= finish_cmds= finish_eval= shlibpath_var= shlibpath_overrides_runpath=unknown version_type=none dynamic_linker="$host_os ld.so" sys_lib_dlsearch_path_spec="/lib /usr/lib" need_lib_prefix=unknown hardcode_into_libs=no # when you set need_version to no, make sure it does not cause -set_version # flags to be left without arguments need_version=unknown case $host_os in aix3*) version_type=linux # correct to gnu/linux during the next big refactor library_names_spec='${libname}${release}${shared_ext}$versuffix $libname.a' shlibpath_var=LIBPATH # AIX 3 has no versioning support, so we append a major version to the name. soname_spec='${libname}${release}${shared_ext}$major' ;; aix[[4-9]]*) version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no hardcode_into_libs=yes if test "$host_cpu" = ia64; then # AIX 5 supports IA64 library_names_spec='${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext}$versuffix $libname${shared_ext}' shlibpath_var=LD_LIBRARY_PATH else # With GCC up to 2.95.x, collect2 would create an import file # for dependence libraries. The import file would start with # the line `#! .'. This would cause the generated library to # depend on `.', always an invalid library. This was fixed in # development snapshots of GCC prior to 3.0. case $host_os in aix4 | aix4.[[01]] | aix4.[[01]].*) if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)' echo ' yes ' echo '#endif'; } | ${CC} -E - | $GREP yes > /dev/null; then : else can_build_shared=no fi ;; esac # AIX (on Power*) has no versioning support, so currently we can not hardcode correct # soname into executable. Probably we can add versioning support to # collect2, so additional links can be useful in future. if test "$aix_use_runtimelinking" = yes; then # If using run time linking (on AIX 4.2 or later) use lib.so # instead of lib.a to let people know that these are not # typical AIX shared libraries. library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' else # We preserve .a as extension for shared libraries through AIX4.2 # and later when we are not doing run time linking. library_names_spec='${libname}${release}.a $libname.a' soname_spec='${libname}${release}${shared_ext}$major' fi shlibpath_var=LIBPATH fi ;; amigaos*) case $host_cpu in powerpc) # Since July 2007 AmigaOS4 officially supports .so libraries. # When compiling the executable, add -use-dynld -Lsobjs: to the compileline. library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' ;; m68k) library_names_spec='$libname.ixlibrary $libname.a' # Create ${libname}_ixlibrary.a entries in /sys/libs. finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`func_echo_all "$lib" | $SED '\''s%^.*/\([[^/]]*\)\.ixlibrary$%\1%'\''`; test $RM /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done' ;; esac ;; beos*) library_names_spec='${libname}${shared_ext}' dynamic_linker="$host_os ld.so" shlibpath_var=LIBRARY_PATH ;; bsdi[[45]]*) version_type=linux # correct to gnu/linux during the next big refactor need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir' shlibpath_var=LD_LIBRARY_PATH sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib" sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib" # the default ld.so.conf also contains /usr/contrib/lib and # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow # libtool to hard-code these into programs ;; cygwin* | mingw* | pw32* | cegcc*) version_type=windows shrext_cmds=".dll" need_version=no need_lib_prefix=no case $GCC,$cc_basename in yes,*) # gcc library_names_spec='$libname.dll.a' # DLL is installed to $(libdir)/../bin by postinstall_cmds postinstall_cmds='base_file=`basename \${file}`~ dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i; echo \$dlname'\''`~ dldir=$destdir/`dirname \$dlpath`~ test -d \$dldir || mkdir -p \$dldir~ $install_prog $dir/$dlname \$dldir/$dlname~ chmod a+x \$dldir/$dlname~ if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then eval '\''$striplib \$dldir/$dlname'\'' || exit \$?; fi' postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~ dlpath=$dir/\$dldll~ $RM \$dlpath' shlibpath_overrides_runpath=yes case $host_os in cygwin*) # Cygwin DLLs use 'cyg' prefix rather than 'lib' soname_spec='`echo ${libname} | sed -e 's/^lib/cyg/'``echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}' m4_if([$1], [],[ sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/lib/w32api"]) ;; mingw* | cegcc*) # MinGW DLLs use traditional 'lib' prefix soname_spec='${libname}`echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}' ;; pw32*) # pw32 DLLs use 'pw' prefix rather than 'lib' library_names_spec='`echo ${libname} | sed -e 's/^lib/pw/'``echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}' ;; esac dynamic_linker='Win32 ld.exe' ;; *,cl*) # Native MSVC libname_spec='$name' soname_spec='${libname}`echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}' library_names_spec='${libname}.dll.lib' case $build_os in mingw*) sys_lib_search_path_spec= lt_save_ifs=$IFS IFS=';' for lt_path in $LIB do IFS=$lt_save_ifs # Let DOS variable expansion print the short 8.3 style file name. lt_path=`cd "$lt_path" 2>/dev/null && cmd //C "for %i in (".") do @echo %~si"` sys_lib_search_path_spec="$sys_lib_search_path_spec $lt_path" done IFS=$lt_save_ifs # Convert to MSYS style. sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | sed -e 's|\\\\|/|g' -e 's| \\([[a-zA-Z]]\\):| /\\1|g' -e 's|^ ||'` ;; cygwin*) # Convert to unix form, then to dos form, then back to unix form # but this time dos style (no spaces!) so that the unix form looks # like /cygdrive/c/PROGRA~1:/cygdr... sys_lib_search_path_spec=`cygpath --path --unix "$LIB"` sys_lib_search_path_spec=`cygpath --path --dos "$sys_lib_search_path_spec" 2>/dev/null` sys_lib_search_path_spec=`cygpath --path --unix "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` ;; *) sys_lib_search_path_spec="$LIB" if $ECHO "$sys_lib_search_path_spec" | [$GREP ';[c-zC-Z]:/' >/dev/null]; then # It is most probably a Windows format PATH. sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'` else sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` fi # FIXME: find the short name or the path components, as spaces are # common. (e.g. "Program Files" -> "PROGRA~1") ;; esac # DLL is installed to $(libdir)/../bin by postinstall_cmds postinstall_cmds='base_file=`basename \${file}`~ dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i; echo \$dlname'\''`~ dldir=$destdir/`dirname \$dlpath`~ test -d \$dldir || mkdir -p \$dldir~ $install_prog $dir/$dlname \$dldir/$dlname' postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~ dlpath=$dir/\$dldll~ $RM \$dlpath' shlibpath_overrides_runpath=yes dynamic_linker='Win32 link.exe' ;; *) # Assume MSVC wrapper library_names_spec='${libname}`echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext} $libname.lib' dynamic_linker='Win32 ld.exe' ;; esac # FIXME: first we should search . and the directory the executable is in shlibpath_var=PATH ;; darwin* | rhapsody*) dynamic_linker="$host_os dyld" version_type=darwin need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${major}$shared_ext ${libname}$shared_ext' soname_spec='${libname}${release}${major}$shared_ext' shlibpath_overrides_runpath=yes shlibpath_var=DYLD_LIBRARY_PATH shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`' m4_if([$1], [],[ sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/local/lib"]) sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib' ;; dgux*) version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname$shared_ext' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH ;; freebsd* | dragonfly*) # DragonFly does not have aout. When/if they implement a new # versioning mechanism, adjust this. if test -x /usr/bin/objformat; then objformat=`/usr/bin/objformat` else case $host_os in freebsd[[23]].*) objformat=aout ;; *) objformat=elf ;; esac fi version_type=freebsd-$objformat case $version_type in freebsd-elf*) library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}' need_version=no need_lib_prefix=no ;; freebsd-*) library_names_spec='${libname}${release}${shared_ext}$versuffix $libname${shared_ext}$versuffix' need_version=yes ;; esac shlibpath_var=LD_LIBRARY_PATH case $host_os in freebsd2.*) shlibpath_overrides_runpath=yes ;; freebsd3.[[01]]* | freebsdelf3.[[01]]*) shlibpath_overrides_runpath=yes hardcode_into_libs=yes ;; freebsd3.[[2-9]]* | freebsdelf3.[[2-9]]* | \ freebsd4.[[0-5]] | freebsdelf4.[[0-5]] | freebsd4.1.1 | freebsdelf4.1.1) shlibpath_overrides_runpath=no hardcode_into_libs=yes ;; *) # from 4.6 on, and DragonFly shlibpath_overrides_runpath=yes hardcode_into_libs=yes ;; esac ;; haiku*) version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no dynamic_linker="$host_os runtime_loader" library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LIBRARY_PATH shlibpath_overrides_runpath=yes sys_lib_dlsearch_path_spec='/boot/home/config/lib /boot/common/lib /boot/system/lib' hardcode_into_libs=yes ;; hpux9* | hpux10* | hpux11*) # Give a soname corresponding to the major version so that dld.sl refuses to # link against other versions. version_type=sunos need_lib_prefix=no need_version=no case $host_cpu in ia64*) shrext_cmds='.so' hardcode_into_libs=yes dynamic_linker="$host_os dld.so" shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' if test "X$HPUX_IA64_MODE" = X32; then sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib" else sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64" fi sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec ;; hppa*64*) shrext_cmds='.sl' hardcode_into_libs=yes dynamic_linker="$host_os dld.sl" shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64" sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec ;; *) shrext_cmds='.sl' dynamic_linker="$host_os dld.sl" shlibpath_var=SHLIB_PATH shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' ;; esac # HP-UX runs *really* slowly unless shared libraries are mode 555, ... postinstall_cmds='chmod 555 $lib' # or fails outright, so override atomically: install_override_mode=555 ;; interix[[3-9]]*) version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=no hardcode_into_libs=yes ;; irix5* | irix6* | nonstopux*) case $host_os in nonstopux*) version_type=nonstopux ;; *) if test "$lt_cv_prog_gnu_ld" = yes; then version_type=linux # correct to gnu/linux during the next big refactor else version_type=irix fi ;; esac need_lib_prefix=no need_version=no soname_spec='${libname}${release}${shared_ext}$major' library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext} $libname${shared_ext}' case $host_os in irix5* | nonstopux*) libsuff= shlibsuff= ;; *) case $LD in # libtool.m4 will add one of these switches to LD *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ") libsuff= shlibsuff= libmagic=32-bit;; *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ") libsuff=32 shlibsuff=N32 libmagic=N32;; *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ") libsuff=64 shlibsuff=64 libmagic=64-bit;; *) libsuff= shlibsuff= libmagic=never-match;; esac ;; esac shlibpath_var=LD_LIBRARY${shlibsuff}_PATH shlibpath_overrides_runpath=no sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}" sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}" hardcode_into_libs=yes ;; # No shared lib support for Linux oldld, aout, or coff. linux*oldld* | linux*aout* | linux*coff*) dynamic_linker=no ;; # This must be glibc/ELF. linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*) version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=no # Some binutils ld are patched to set DT_RUNPATH AC_CACHE_VAL([lt_cv_shlibpath_overrides_runpath], [lt_cv_shlibpath_overrides_runpath=no save_LDFLAGS=$LDFLAGS save_libdir=$libdir eval "libdir=/foo; wl=\"$_LT_TAGVAR(lt_prog_compiler_wl, $1)\"; \ LDFLAGS=\"\$LDFLAGS $_LT_TAGVAR(hardcode_libdir_flag_spec, $1)\"" AC_LINK_IFELSE([AC_LANG_PROGRAM([],[])], [AS_IF([ ($OBJDUMP -p conftest$ac_exeext) 2>/dev/null | grep "RUNPATH.*$libdir" >/dev/null], [lt_cv_shlibpath_overrides_runpath=yes])]) LDFLAGS=$save_LDFLAGS libdir=$save_libdir ]) shlibpath_overrides_runpath=$lt_cv_shlibpath_overrides_runpath # This implies no fast_install, which is unacceptable. # Some rework will be needed to allow for fast_install # before this can be enabled. hardcode_into_libs=yes # Append ld.so.conf contents to the search path if test -f /etc/ld.so.conf; then lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \[$]2)); skip = 1; } { if (!skip) print \[$]0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '` sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra" fi # We used to test for /lib/ld.so.1 and disable shared libraries on # powerpc, because MkLinux only supported shared libraries with the # GNU dynamic linker. Since this was broken with cross compilers, # most powerpc-linux boxes support dynamic linking these days and # people can always --disable-shared, the test was removed, and we # assume the GNU/Linux dynamic linker is in use. dynamic_linker='GNU/Linux ld.so' ;; netbsdelf*-gnu) version_type=linux need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=no hardcode_into_libs=yes dynamic_linker='NetBSD ld.elf_so' ;; netbsd*) version_type=sunos need_lib_prefix=no need_version=no if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' dynamic_linker='NetBSD (a.out) ld.so' else library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' dynamic_linker='NetBSD ld.elf_so' fi shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes hardcode_into_libs=yes ;; newsos6) version_type=linux # correct to gnu/linux during the next big refactor library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes ;; *nto* | *qnx*) version_type=qnx need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=no hardcode_into_libs=yes dynamic_linker='ldqnx.so' ;; openbsd*) version_type=sunos sys_lib_dlsearch_path_spec="/usr/lib" need_lib_prefix=no # Some older versions of OpenBSD (3.3 at least) *do* need versioned libs. case $host_os in openbsd3.3 | openbsd3.3.*) need_version=yes ;; *) need_version=no ;; esac library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' shlibpath_var=LD_LIBRARY_PATH if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then case $host_os in openbsd2.[[89]] | openbsd2.[[89]].*) shlibpath_overrides_runpath=no ;; *) shlibpath_overrides_runpath=yes ;; esac else shlibpath_overrides_runpath=yes fi ;; os2*) libname_spec='$name' shrext_cmds=".dll" need_lib_prefix=no library_names_spec='$libname${shared_ext} $libname.a' dynamic_linker='OS/2 ld.exe' shlibpath_var=LIBPATH ;; osf3* | osf4* | osf5*) version_type=osf need_lib_prefix=no need_version=no soname_spec='${libname}${release}${shared_ext}$major' library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' shlibpath_var=LD_LIBRARY_PATH sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib" sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec" ;; rdos*) dynamic_linker=no ;; solaris*) version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes hardcode_into_libs=yes # ldd complains unless libraries are executable postinstall_cmds='chmod +x $lib' ;; sunos4*) version_type=sunos library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes if test "$with_gnu_ld" = yes; then need_lib_prefix=no fi need_version=yes ;; sysv4 | sysv4.3*) version_type=linux # correct to gnu/linux during the next big refactor library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH case $host_vendor in sni) shlibpath_overrides_runpath=no need_lib_prefix=no runpath_var=LD_RUN_PATH ;; siemens) need_lib_prefix=no ;; motorola) need_lib_prefix=no need_version=no shlibpath_overrides_runpath=no sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib' ;; esac ;; sysv4*MP*) if test -d /usr/nec ;then version_type=linux # correct to gnu/linux during the next big refactor library_names_spec='$libname${shared_ext}.$versuffix $libname${shared_ext}.$major $libname${shared_ext}' soname_spec='$libname${shared_ext}.$major' shlibpath_var=LD_LIBRARY_PATH fi ;; sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) version_type=freebsd-elf need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes hardcode_into_libs=yes if test "$with_gnu_ld" = yes; then sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib' else sys_lib_search_path_spec='/usr/ccs/lib /usr/lib' case $host_os in sco3.2v5*) sys_lib_search_path_spec="$sys_lib_search_path_spec /lib" ;; esac fi sys_lib_dlsearch_path_spec='/usr/lib' ;; tpf*) # TPF is a cross-target only. Preferred cross-host = GNU/Linux. version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=no hardcode_into_libs=yes ;; uts4*) version_type=linux # correct to gnu/linux during the next big refactor library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH ;; *) dynamic_linker=no ;; esac AC_MSG_RESULT([$dynamic_linker]) test "$dynamic_linker" = no && can_build_shared=no variables_saved_for_relink="PATH $shlibpath_var $runpath_var" if test "$GCC" = yes; then variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH" fi if test "${lt_cv_sys_lib_search_path_spec+set}" = set; then sys_lib_search_path_spec="$lt_cv_sys_lib_search_path_spec" fi if test "${lt_cv_sys_lib_dlsearch_path_spec+set}" = set; then sys_lib_dlsearch_path_spec="$lt_cv_sys_lib_dlsearch_path_spec" fi _LT_DECL([], [variables_saved_for_relink], [1], [Variables whose values should be saved in libtool wrapper scripts and restored at link time]) _LT_DECL([], [need_lib_prefix], [0], [Do we need the "lib" prefix for modules?]) _LT_DECL([], [need_version], [0], [Do we need a version for libraries?]) _LT_DECL([], [version_type], [0], [Library versioning type]) _LT_DECL([], [runpath_var], [0], [Shared library runtime path variable]) _LT_DECL([], [shlibpath_var], [0],[Shared library path variable]) _LT_DECL([], [shlibpath_overrides_runpath], [0], [Is shlibpath searched before the hard-coded library search path?]) _LT_DECL([], [libname_spec], [1], [Format of library name prefix]) _LT_DECL([], [library_names_spec], [1], [[List of archive names. First name is the real one, the rest are links. The last name is the one that the linker finds with -lNAME]]) _LT_DECL([], [soname_spec], [1], [[The coded name of the library, if different from the real name]]) _LT_DECL([], [install_override_mode], [1], [Permission mode override for installation of shared libraries]) _LT_DECL([], [postinstall_cmds], [2], [Command to use after installation of a shared archive]) _LT_DECL([], [postuninstall_cmds], [2], [Command to use after uninstallation of a shared archive]) _LT_DECL([], [finish_cmds], [2], [Commands used to finish a libtool library installation in a directory]) _LT_DECL([], [finish_eval], [1], [[As "finish_cmds", except a single script fragment to be evaled but not shown]]) _LT_DECL([], [hardcode_into_libs], [0], [Whether we should hardcode library paths into libraries]) _LT_DECL([], [sys_lib_search_path_spec], [2], [Compile-time system search path for libraries]) _LT_DECL([], [sys_lib_dlsearch_path_spec], [2], [Run-time system search path for libraries]) ])# _LT_SYS_DYNAMIC_LINKER # _LT_PATH_TOOL_PREFIX(TOOL) # -------------------------- # find a file program which can recognize shared library AC_DEFUN([_LT_PATH_TOOL_PREFIX], [m4_require([_LT_DECL_EGREP])dnl AC_MSG_CHECKING([for $1]) AC_CACHE_VAL(lt_cv_path_MAGIC_CMD, [case $MAGIC_CMD in [[\\/*] | ?:[\\/]*]) lt_cv_path_MAGIC_CMD="$MAGIC_CMD" # Let the user override the test with a path. ;; *) lt_save_MAGIC_CMD="$MAGIC_CMD" lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR dnl $ac_dummy forces splitting on constant user-supplied paths. dnl POSIX.2 word splitting is done only on the output of word expansions, dnl not every word. This closes a longstanding sh security hole. ac_dummy="m4_if([$2], , $PATH, [$2])" for ac_dir in $ac_dummy; do IFS="$lt_save_ifs" test -z "$ac_dir" && ac_dir=. if test -f $ac_dir/$1; then lt_cv_path_MAGIC_CMD="$ac_dir/$1" if test -n "$file_magic_test_file"; then case $deplibs_check_method in "file_magic "*) file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"` MAGIC_CMD="$lt_cv_path_MAGIC_CMD" if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null | $EGREP "$file_magic_regex" > /dev/null; then : else cat <<_LT_EOF 1>&2 *** Warning: the command libtool uses to detect shared libraries, *** $file_magic_cmd, produces output that libtool cannot recognize. *** The result is that libtool may fail to recognize shared libraries *** as such. This will affect the creation of libtool libraries that *** depend on shared libraries, but programs linked with such libtool *** libraries will work regardless of this problem. Nevertheless, you *** may want to report the problem to your system manager and/or to *** bug-libtool@gnu.org _LT_EOF fi ;; esac fi break fi done IFS="$lt_save_ifs" MAGIC_CMD="$lt_save_MAGIC_CMD" ;; esac]) MAGIC_CMD="$lt_cv_path_MAGIC_CMD" if test -n "$MAGIC_CMD"; then AC_MSG_RESULT($MAGIC_CMD) else AC_MSG_RESULT(no) fi _LT_DECL([], [MAGIC_CMD], [0], [Used to examine libraries when file_magic_cmd begins with "file"])dnl ])# _LT_PATH_TOOL_PREFIX # Old name: AU_ALIAS([AC_PATH_TOOL_PREFIX], [_LT_PATH_TOOL_PREFIX]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([AC_PATH_TOOL_PREFIX], []) # _LT_PATH_MAGIC # -------------- # find a file program which can recognize a shared library m4_defun([_LT_PATH_MAGIC], [_LT_PATH_TOOL_PREFIX(${ac_tool_prefix}file, /usr/bin$PATH_SEPARATOR$PATH) if test -z "$lt_cv_path_MAGIC_CMD"; then if test -n "$ac_tool_prefix"; then _LT_PATH_TOOL_PREFIX(file, /usr/bin$PATH_SEPARATOR$PATH) else MAGIC_CMD=: fi fi ])# _LT_PATH_MAGIC # LT_PATH_LD # ---------- # find the pathname to the GNU or non-GNU linker AC_DEFUN([LT_PATH_LD], [AC_REQUIRE([AC_PROG_CC])dnl AC_REQUIRE([AC_CANONICAL_HOST])dnl AC_REQUIRE([AC_CANONICAL_BUILD])dnl m4_require([_LT_DECL_SED])dnl m4_require([_LT_DECL_EGREP])dnl m4_require([_LT_PROG_ECHO_BACKSLASH])dnl AC_ARG_WITH([gnu-ld], [AS_HELP_STRING([--with-gnu-ld], [assume the C compiler uses GNU ld @<:@default=no@:>@])], [test "$withval" = no || with_gnu_ld=yes], [with_gnu_ld=no])dnl ac_prog=ld if test "$GCC" = yes; then # Check if gcc -print-prog-name=ld gives a path. AC_MSG_CHECKING([for ld used by $CC]) case $host in *-*-mingw*) # gcc leaves a trailing carriage return which upsets mingw ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;; *) ac_prog=`($CC -print-prog-name=ld) 2>&5` ;; esac case $ac_prog in # Accept absolute paths. [[\\/]]* | ?:[[\\/]]*) re_direlt='/[[^/]][[^/]]*/\.\./' # Canonicalize the pathname of ld ac_prog=`$ECHO "$ac_prog"| $SED 's%\\\\%/%g'` while $ECHO "$ac_prog" | $GREP "$re_direlt" > /dev/null 2>&1; do ac_prog=`$ECHO $ac_prog| $SED "s%$re_direlt%/%"` done test -z "$LD" && LD="$ac_prog" ;; "") # If it fails, then pretend we aren't using GCC. ac_prog=ld ;; *) # If it is relative, then search for the first ld in PATH. with_gnu_ld=unknown ;; esac elif test "$with_gnu_ld" = yes; then AC_MSG_CHECKING([for GNU ld]) else AC_MSG_CHECKING([for non-GNU ld]) fi AC_CACHE_VAL(lt_cv_path_LD, [if test -z "$LD"; then lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR for ac_dir in $PATH; do IFS="$lt_save_ifs" test -z "$ac_dir" && ac_dir=. if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then lt_cv_path_LD="$ac_dir/$ac_prog" # Check to see if the program is GNU ld. I'd rather use --version, # but apparently some variants of GNU ld only accept -v. # Break only if it was the GNU/non-GNU ld that we prefer. case `"$lt_cv_path_LD" -v 2>&1 &1 /dev/null 2>&1; then lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL' lt_cv_file_magic_cmd='func_win32_libid' else # Keep this pattern in sync with the one in func_win32_libid. lt_cv_deplibs_check_method='file_magic file format (pei*-i386(.*architecture: i386)?|pe-arm-wince|pe-x86-64)' lt_cv_file_magic_cmd='$OBJDUMP -f' fi ;; cegcc*) # use the weaker test based on 'objdump'. See mingw*. lt_cv_deplibs_check_method='file_magic file format pe-arm-.*little(.*architecture: arm)?' lt_cv_file_magic_cmd='$OBJDUMP -f' ;; darwin* | rhapsody*) lt_cv_deplibs_check_method=pass_all ;; freebsd* | dragonfly*) if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then case $host_cpu in i*86 ) # Not sure whether the presence of OpenBSD here was a mistake. # Let's accept both of them until this is cleared up. lt_cv_deplibs_check_method='file_magic (FreeBSD|OpenBSD|DragonFly)/i[[3-9]]86 (compact )?demand paged shared library' lt_cv_file_magic_cmd=/usr/bin/file lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*` ;; esac else lt_cv_deplibs_check_method=pass_all fi ;; haiku*) lt_cv_deplibs_check_method=pass_all ;; hpux10.20* | hpux11*) lt_cv_file_magic_cmd=/usr/bin/file case $host_cpu in ia64*) lt_cv_deplibs_check_method='file_magic (s[[0-9]][[0-9]][[0-9]]|ELF-[[0-9]][[0-9]]) shared object file - IA64' lt_cv_file_magic_test_file=/usr/lib/hpux32/libc.so ;; hppa*64*) [lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF[ -][0-9][0-9])(-bit)?( [LM]SB)? shared object( file)?[, -]* PA-RISC [0-9]\.[0-9]'] lt_cv_file_magic_test_file=/usr/lib/pa20_64/libc.sl ;; *) lt_cv_deplibs_check_method='file_magic (s[[0-9]][[0-9]][[0-9]]|PA-RISC[[0-9]]\.[[0-9]]) shared library' lt_cv_file_magic_test_file=/usr/lib/libc.sl ;; esac ;; interix[[3-9]]*) # PIC code is broken on Interix 3.x, that's why |\.a not |_pic\.a here lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so|\.a)$' ;; irix5* | irix6* | nonstopux*) case $LD in *-32|*"-32 ") libmagic=32-bit;; *-n32|*"-n32 ") libmagic=N32;; *-64|*"-64 ") libmagic=64-bit;; *) libmagic=never-match;; esac lt_cv_deplibs_check_method=pass_all ;; # This must be glibc/ELF. linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*) lt_cv_deplibs_check_method=pass_all ;; netbsd* | netbsdelf*-gnu) if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|_pic\.a)$' else lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so|_pic\.a)$' fi ;; newos6*) lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (executable|dynamic lib)' lt_cv_file_magic_cmd=/usr/bin/file lt_cv_file_magic_test_file=/usr/lib/libnls.so ;; *nto* | *qnx*) lt_cv_deplibs_check_method=pass_all ;; openbsd*) if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|\.so|_pic\.a)$' else lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|_pic\.a)$' fi ;; osf3* | osf4* | osf5*) lt_cv_deplibs_check_method=pass_all ;; rdos*) lt_cv_deplibs_check_method=pass_all ;; solaris*) lt_cv_deplibs_check_method=pass_all ;; sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) lt_cv_deplibs_check_method=pass_all ;; sysv4 | sysv4.3*) case $host_vendor in motorola) lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (shared object|dynamic lib) M[[0-9]][[0-9]]* Version [[0-9]]' lt_cv_file_magic_test_file=`echo /usr/lib/libc.so*` ;; ncr) lt_cv_deplibs_check_method=pass_all ;; sequent) lt_cv_file_magic_cmd='/bin/file' lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[LM]]SB (shared object|dynamic lib )' ;; sni) lt_cv_file_magic_cmd='/bin/file' lt_cv_deplibs_check_method="file_magic ELF [[0-9]][[0-9]]*-bit [[LM]]SB dynamic lib" lt_cv_file_magic_test_file=/lib/libc.so ;; siemens) lt_cv_deplibs_check_method=pass_all ;; pc) lt_cv_deplibs_check_method=pass_all ;; esac ;; tpf*) lt_cv_deplibs_check_method=pass_all ;; esac ]) file_magic_glob= want_nocaseglob=no if test "$build" = "$host"; then case $host_os in mingw* | pw32*) if ( shopt | grep nocaseglob ) >/dev/null 2>&1; then want_nocaseglob=yes else file_magic_glob=`echo aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ | $SED -e "s/\(..\)/s\/[[\1]]\/[[\1]]\/g;/g"` fi ;; esac fi file_magic_cmd=$lt_cv_file_magic_cmd deplibs_check_method=$lt_cv_deplibs_check_method test -z "$deplibs_check_method" && deplibs_check_method=unknown _LT_DECL([], [deplibs_check_method], [1], [Method to check whether dependent libraries are shared objects]) _LT_DECL([], [file_magic_cmd], [1], [Command to use when deplibs_check_method = "file_magic"]) _LT_DECL([], [file_magic_glob], [1], [How to find potential files when deplibs_check_method = "file_magic"]) _LT_DECL([], [want_nocaseglob], [1], [Find potential files using nocaseglob when deplibs_check_method = "file_magic"]) ])# _LT_CHECK_MAGIC_METHOD # LT_PATH_NM # ---------- # find the pathname to a BSD- or MS-compatible name lister AC_DEFUN([LT_PATH_NM], [AC_REQUIRE([AC_PROG_CC])dnl AC_CACHE_CHECK([for BSD- or MS-compatible name lister (nm)], lt_cv_path_NM, [if test -n "$NM"; then # Let the user override the test. lt_cv_path_NM="$NM" else lt_nm_to_check="${ac_tool_prefix}nm" if test -n "$ac_tool_prefix" && test "$build" = "$host"; then lt_nm_to_check="$lt_nm_to_check nm" fi for lt_tmp_nm in $lt_nm_to_check; do lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR for ac_dir in $PATH /usr/ccs/bin/elf /usr/ccs/bin /usr/ucb /bin; do IFS="$lt_save_ifs" test -z "$ac_dir" && ac_dir=. tmp_nm="$ac_dir/$lt_tmp_nm" if test -f "$tmp_nm" || test -f "$tmp_nm$ac_exeext" ; then # Check to see if the nm accepts a BSD-compat flag. # Adding the `sed 1q' prevents false positives on HP-UX, which says: # nm: unknown option "B" ignored # Tru64's nm complains that /dev/null is an invalid object file case `"$tmp_nm" -B /dev/null 2>&1 | sed '1q'` in */dev/null* | *'Invalid file or object type'*) lt_cv_path_NM="$tmp_nm -B" break ;; *) case `"$tmp_nm" -p /dev/null 2>&1 | sed '1q'` in */dev/null*) lt_cv_path_NM="$tmp_nm -p" break ;; *) lt_cv_path_NM=${lt_cv_path_NM="$tmp_nm"} # keep the first match, but continue # so that we can try to find one that supports BSD flags ;; esac ;; esac fi done IFS="$lt_save_ifs" done : ${lt_cv_path_NM=no} fi]) if test "$lt_cv_path_NM" != "no"; then NM="$lt_cv_path_NM" else # Didn't find any BSD compatible name lister, look for dumpbin. if test -n "$DUMPBIN"; then : # Let the user override the test. else AC_CHECK_TOOLS(DUMPBIN, [dumpbin "link -dump"], :) case `$DUMPBIN -symbols /dev/null 2>&1 | sed '1q'` in *COFF*) DUMPBIN="$DUMPBIN -symbols" ;; *) DUMPBIN=: ;; esac fi AC_SUBST([DUMPBIN]) if test "$DUMPBIN" != ":"; then NM="$DUMPBIN" fi fi test -z "$NM" && NM=nm AC_SUBST([NM]) _LT_DECL([], [NM], [1], [A BSD- or MS-compatible name lister])dnl AC_CACHE_CHECK([the name lister ($NM) interface], [lt_cv_nm_interface], [lt_cv_nm_interface="BSD nm" echo "int some_variable = 0;" > conftest.$ac_ext (eval echo "\"\$as_me:$LINENO: $ac_compile\"" >&AS_MESSAGE_LOG_FD) (eval "$ac_compile" 2>conftest.err) cat conftest.err >&AS_MESSAGE_LOG_FD (eval echo "\"\$as_me:$LINENO: $NM \\\"conftest.$ac_objext\\\"\"" >&AS_MESSAGE_LOG_FD) (eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out) cat conftest.err >&AS_MESSAGE_LOG_FD (eval echo "\"\$as_me:$LINENO: output\"" >&AS_MESSAGE_LOG_FD) cat conftest.out >&AS_MESSAGE_LOG_FD if $GREP 'External.*some_variable' conftest.out > /dev/null; then lt_cv_nm_interface="MS dumpbin" fi rm -f conftest*]) ])# LT_PATH_NM # Old names: AU_ALIAS([AM_PROG_NM], [LT_PATH_NM]) AU_ALIAS([AC_PROG_NM], [LT_PATH_NM]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([AM_PROG_NM], []) dnl AC_DEFUN([AC_PROG_NM], []) # _LT_CHECK_SHAREDLIB_FROM_LINKLIB # -------------------------------- # how to determine the name of the shared library # associated with a specific link library. # -- PORTME fill in with the dynamic library characteristics m4_defun([_LT_CHECK_SHAREDLIB_FROM_LINKLIB], [m4_require([_LT_DECL_EGREP]) m4_require([_LT_DECL_OBJDUMP]) m4_require([_LT_DECL_DLLTOOL]) AC_CACHE_CHECK([how to associate runtime and link libraries], lt_cv_sharedlib_from_linklib_cmd, [lt_cv_sharedlib_from_linklib_cmd='unknown' case $host_os in cygwin* | mingw* | pw32* | cegcc*) # two different shell functions defined in ltmain.sh # decide which to use based on capabilities of $DLLTOOL case `$DLLTOOL --help 2>&1` in *--identify-strict*) lt_cv_sharedlib_from_linklib_cmd=func_cygming_dll_for_implib ;; *) lt_cv_sharedlib_from_linklib_cmd=func_cygming_dll_for_implib_fallback ;; esac ;; *) # fallback: assume linklib IS sharedlib lt_cv_sharedlib_from_linklib_cmd="$ECHO" ;; esac ]) sharedlib_from_linklib_cmd=$lt_cv_sharedlib_from_linklib_cmd test -z "$sharedlib_from_linklib_cmd" && sharedlib_from_linklib_cmd=$ECHO _LT_DECL([], [sharedlib_from_linklib_cmd], [1], [Command to associate shared and link libraries]) ])# _LT_CHECK_SHAREDLIB_FROM_LINKLIB # _LT_PATH_MANIFEST_TOOL # ---------------------- # locate the manifest tool m4_defun([_LT_PATH_MANIFEST_TOOL], [AC_CHECK_TOOL(MANIFEST_TOOL, mt, :) test -z "$MANIFEST_TOOL" && MANIFEST_TOOL=mt AC_CACHE_CHECK([if $MANIFEST_TOOL is a manifest tool], [lt_cv_path_mainfest_tool], [lt_cv_path_mainfest_tool=no echo "$as_me:$LINENO: $MANIFEST_TOOL '-?'" >&AS_MESSAGE_LOG_FD $MANIFEST_TOOL '-?' 2>conftest.err > conftest.out cat conftest.err >&AS_MESSAGE_LOG_FD if $GREP 'Manifest Tool' conftest.out > /dev/null; then lt_cv_path_mainfest_tool=yes fi rm -f conftest*]) if test "x$lt_cv_path_mainfest_tool" != xyes; then MANIFEST_TOOL=: fi _LT_DECL([], [MANIFEST_TOOL], [1], [Manifest tool])dnl ])# _LT_PATH_MANIFEST_TOOL # LT_LIB_M # -------- # check for math library AC_DEFUN([LT_LIB_M], [AC_REQUIRE([AC_CANONICAL_HOST])dnl LIBM= case $host in *-*-beos* | *-*-cegcc* | *-*-cygwin* | *-*-haiku* | *-*-pw32* | *-*-darwin*) # These system don't have libm, or don't need it ;; *-ncr-sysv4.3*) AC_CHECK_LIB(mw, _mwvalidcheckl, LIBM="-lmw") AC_CHECK_LIB(m, cos, LIBM="$LIBM -lm") ;; *) AC_CHECK_LIB(m, cos, LIBM="-lm") ;; esac AC_SUBST([LIBM]) ])# LT_LIB_M # Old name: AU_ALIAS([AC_CHECK_LIBM], [LT_LIB_M]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([AC_CHECK_LIBM], []) # _LT_COMPILER_NO_RTTI([TAGNAME]) # ------------------------------- m4_defun([_LT_COMPILER_NO_RTTI], [m4_require([_LT_TAG_COMPILER])dnl _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)= if test "$GCC" = yes; then case $cc_basename in nvcc*) _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -Xcompiler -fno-builtin' ;; *) _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -fno-builtin' ;; esac _LT_COMPILER_OPTION([if $compiler supports -fno-rtti -fno-exceptions], lt_cv_prog_compiler_rtti_exceptions, [-fno-rtti -fno-exceptions], [], [_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)="$_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1) -fno-rtti -fno-exceptions"]) fi _LT_TAGDECL([no_builtin_flag], [lt_prog_compiler_no_builtin_flag], [1], [Compiler flag to turn off builtin functions]) ])# _LT_COMPILER_NO_RTTI # _LT_CMD_GLOBAL_SYMBOLS # ---------------------- m4_defun([_LT_CMD_GLOBAL_SYMBOLS], [AC_REQUIRE([AC_CANONICAL_HOST])dnl AC_REQUIRE([AC_PROG_CC])dnl AC_REQUIRE([AC_PROG_AWK])dnl AC_REQUIRE([LT_PATH_NM])dnl AC_REQUIRE([LT_PATH_LD])dnl m4_require([_LT_DECL_SED])dnl m4_require([_LT_DECL_EGREP])dnl m4_require([_LT_TAG_COMPILER])dnl # Check for command to grab the raw symbol name followed by C symbol from nm. AC_MSG_CHECKING([command to parse $NM output from $compiler object]) AC_CACHE_VAL([lt_cv_sys_global_symbol_pipe], [ # These are sane defaults that work on at least a few old systems. # [They come from Ultrix. What could be older than Ultrix?!! ;)] # Character class describing NM global symbol codes. symcode='[[BCDEGRST]]' # Regexp to match symbols that can be accessed directly from C. sympat='\([[_A-Za-z]][[_A-Za-z0-9]]*\)' # Define system-specific variables. case $host_os in aix*) symcode='[[BCDT]]' ;; cygwin* | mingw* | pw32* | cegcc*) symcode='[[ABCDGISTW]]' ;; hpux*) if test "$host_cpu" = ia64; then symcode='[[ABCDEGRST]]' fi ;; irix* | nonstopux*) symcode='[[BCDEGRST]]' ;; osf*) symcode='[[BCDEGQRST]]' ;; solaris*) symcode='[[BDRT]]' ;; sco3.2v5*) symcode='[[DT]]' ;; sysv4.2uw2*) symcode='[[DT]]' ;; sysv5* | sco5v6* | unixware* | OpenUNIX*) symcode='[[ABDT]]' ;; sysv4) symcode='[[DFNSTU]]' ;; esac # If we're using GNU nm, then use its standard symbol codes. case `$NM -V 2>&1` in *GNU* | *'with BFD'*) symcode='[[ABCDGIRSTW]]' ;; esac # Transform an extracted symbol line into a proper C declaration. # Some systems (esp. on ia64) link data and code symbols differently, # so use this general approach. lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^T .* \(.*\)$/extern int \1();/p' -e 's/^$symcode* .* \(.*\)$/extern char \1;/p'" # Transform an extracted symbol line into symbol name and symbol address lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([[^ ]]*\)[[ ]]*$/ {\\\"\1\\\", (void *) 0},/p' -e 's/^$symcode* \([[^ ]]*\) \([[^ ]]*\)$/ {\"\2\", (void *) \&\2},/p'" lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="sed -n -e 's/^: \([[^ ]]*\)[[ ]]*$/ {\\\"\1\\\", (void *) 0},/p' -e 's/^$symcode* \([[^ ]]*\) \(lib[[^ ]]*\)$/ {\"\2\", (void *) \&\2},/p' -e 's/^$symcode* \([[^ ]]*\) \([[^ ]]*\)$/ {\"lib\2\", (void *) \&\2},/p'" # Handle CRLF in mingw tool chain opt_cr= case $build_os in mingw*) opt_cr=`$ECHO 'x\{0,1\}' | tr x '\015'` # option cr in regexp ;; esac # Try without a prefix underscore, then with it. for ac_symprfx in "" "_"; do # Transform symcode, sympat, and symprfx into a raw symbol and a C symbol. symxfrm="\\1 $ac_symprfx\\2 \\2" # Write the raw and C identifiers. if test "$lt_cv_nm_interface" = "MS dumpbin"; then # Fake it for dumpbin and say T for any non-static function # and D for any global variable. # Also find C++ and __fastcall symbols from MSVC++, # which start with @ or ?. lt_cv_sys_global_symbol_pipe="$AWK ['"\ " {last_section=section; section=\$ 3};"\ " /^COFF SYMBOL TABLE/{for(i in hide) delete hide[i]};"\ " /Section length .*#relocs.*(pick any)/{hide[last_section]=1};"\ " \$ 0!~/External *\|/{next};"\ " / 0+ UNDEF /{next}; / UNDEF \([^|]\)*()/{next};"\ " {if(hide[section]) next};"\ " {f=0}; \$ 0~/\(\).*\|/{f=1}; {printf f ? \"T \" : \"D \"};"\ " {split(\$ 0, a, /\||\r/); split(a[2], s)};"\ " s[1]~/^[@?]/{print s[1], s[1]; next};"\ " s[1]~prfx {split(s[1],t,\"@\"); print t[1], substr(t[1],length(prfx))}"\ " ' prfx=^$ac_symprfx]" else lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[[ ]]\($symcode$symcode*\)[[ ]][[ ]]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'" fi lt_cv_sys_global_symbol_pipe="$lt_cv_sys_global_symbol_pipe | sed '/ __gnu_lto/d'" # Check to see that the pipe works correctly. pipe_works=no rm -f conftest* cat > conftest.$ac_ext <<_LT_EOF #ifdef __cplusplus extern "C" { #endif char nm_test_var; void nm_test_func(void); void nm_test_func(void){} #ifdef __cplusplus } #endif int main(){nm_test_var='a';nm_test_func();return(0);} _LT_EOF if AC_TRY_EVAL(ac_compile); then # Now try to grab the symbols. nlist=conftest.nm if AC_TRY_EVAL(NM conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist) && test -s "$nlist"; then # Try sorting and uniquifying the output. if sort "$nlist" | uniq > "$nlist"T; then mv -f "$nlist"T "$nlist" else rm -f "$nlist"T fi # Make sure that we snagged all the symbols we need. if $GREP ' nm_test_var$' "$nlist" >/dev/null; then if $GREP ' nm_test_func$' "$nlist" >/dev/null; then cat <<_LT_EOF > conftest.$ac_ext /* Keep this code in sync between libtool.m4, ltmain, lt_system.h, and tests. */ #if defined(_WIN32) || defined(__CYGWIN__) || defined(_WIN32_WCE) /* DATA imports from DLLs on WIN32 con't be const, because runtime relocations are performed -- see ld's documentation on pseudo-relocs. */ # define LT@&t@_DLSYM_CONST #elif defined(__osf__) /* This system does not cope well with relocations in const data. */ # define LT@&t@_DLSYM_CONST #else # define LT@&t@_DLSYM_CONST const #endif #ifdef __cplusplus extern "C" { #endif _LT_EOF # Now generate the symbol file. eval "$lt_cv_sys_global_symbol_to_cdecl"' < "$nlist" | $GREP -v main >> conftest.$ac_ext' cat <<_LT_EOF >> conftest.$ac_ext /* The mapping between symbol names and symbols. */ LT@&t@_DLSYM_CONST struct { const char *name; void *address; } lt__PROGRAM__LTX_preloaded_symbols[[]] = { { "@PROGRAM@", (void *) 0 }, _LT_EOF $SED "s/^$symcode$symcode* \(.*\) \(.*\)$/ {\"\2\", (void *) \&\2},/" < "$nlist" | $GREP -v main >> conftest.$ac_ext cat <<\_LT_EOF >> conftest.$ac_ext {0, (void *) 0} }; /* This works around a problem in FreeBSD linker */ #ifdef FREEBSD_WORKAROUND static const void *lt_preloaded_setup() { return lt__PROGRAM__LTX_preloaded_symbols; } #endif #ifdef __cplusplus } #endif _LT_EOF # Now try linking the two files. mv conftest.$ac_objext conftstm.$ac_objext lt_globsym_save_LIBS=$LIBS lt_globsym_save_CFLAGS=$CFLAGS LIBS="conftstm.$ac_objext" CFLAGS="$CFLAGS$_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)" if AC_TRY_EVAL(ac_link) && test -s conftest${ac_exeext}; then pipe_works=yes fi LIBS=$lt_globsym_save_LIBS CFLAGS=$lt_globsym_save_CFLAGS else echo "cannot find nm_test_func in $nlist" >&AS_MESSAGE_LOG_FD fi else echo "cannot find nm_test_var in $nlist" >&AS_MESSAGE_LOG_FD fi else echo "cannot run $lt_cv_sys_global_symbol_pipe" >&AS_MESSAGE_LOG_FD fi else echo "$progname: failed program was:" >&AS_MESSAGE_LOG_FD cat conftest.$ac_ext >&5 fi rm -rf conftest* conftst* # Do not use the global_symbol_pipe unless it works. if test "$pipe_works" = yes; then break else lt_cv_sys_global_symbol_pipe= fi done ]) if test -z "$lt_cv_sys_global_symbol_pipe"; then lt_cv_sys_global_symbol_to_cdecl= fi if test -z "$lt_cv_sys_global_symbol_pipe$lt_cv_sys_global_symbol_to_cdecl"; then AC_MSG_RESULT(failed) else AC_MSG_RESULT(ok) fi # Response file support. if test "$lt_cv_nm_interface" = "MS dumpbin"; then nm_file_list_spec='@' elif $NM --help 2>/dev/null | grep '[[@]]FILE' >/dev/null; then nm_file_list_spec='@' fi _LT_DECL([global_symbol_pipe], [lt_cv_sys_global_symbol_pipe], [1], [Take the output of nm and produce a listing of raw symbols and C names]) _LT_DECL([global_symbol_to_cdecl], [lt_cv_sys_global_symbol_to_cdecl], [1], [Transform the output of nm in a proper C declaration]) _LT_DECL([global_symbol_to_c_name_address], [lt_cv_sys_global_symbol_to_c_name_address], [1], [Transform the output of nm in a C name address pair]) _LT_DECL([global_symbol_to_c_name_address_lib_prefix], [lt_cv_sys_global_symbol_to_c_name_address_lib_prefix], [1], [Transform the output of nm in a C name address pair when lib prefix is needed]) _LT_DECL([], [nm_file_list_spec], [1], [Specify filename containing input files for $NM]) ]) # _LT_CMD_GLOBAL_SYMBOLS # _LT_COMPILER_PIC([TAGNAME]) # --------------------------- m4_defun([_LT_COMPILER_PIC], [m4_require([_LT_TAG_COMPILER])dnl _LT_TAGVAR(lt_prog_compiler_wl, $1)= _LT_TAGVAR(lt_prog_compiler_pic, $1)= _LT_TAGVAR(lt_prog_compiler_static, $1)= m4_if([$1], [CXX], [ # C++ specific cases for pic, static, wl, etc. if test "$GXX" = yes; then _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' case $host_os in aix*) # All AIX code is PIC. if test "$host_cpu" = ia64; then # AIX 5 now supports IA64 processor _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' fi ;; amigaos*) case $host_cpu in powerpc) # see comment about AmigaOS4 .so support _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' ;; m68k) # FIXME: we need at least 68020 code to build shared libraries, but # adding the `-m68020' flag to GCC prevents building anything better, # like `-m68040'. _LT_TAGVAR(lt_prog_compiler_pic, $1)='-m68020 -resident32 -malways-restore-a4' ;; esac ;; beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) # PIC is the default for these OSes. ;; mingw* | cygwin* | os2* | pw32* | cegcc*) # This hack is so that the source file can tell whether it is being # built for inclusion in a dll (and should export symbols for example). # Although the cygwin gcc ignores -fPIC, still need this for old-style # (--disable-auto-import) libraries m4_if([$1], [GCJ], [], [_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT']) ;; darwin* | rhapsody*) # PIC is the default on this platform # Common symbols not allowed in MH_DYLIB files _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common' ;; *djgpp*) # DJGPP does not support shared libraries at all _LT_TAGVAR(lt_prog_compiler_pic, $1)= ;; haiku*) # PIC is the default for Haiku. # The "-static" flag exists, but is broken. _LT_TAGVAR(lt_prog_compiler_static, $1)= ;; interix[[3-9]]*) # Interix 3.x gcc -fpic/-fPIC options generate broken code. # Instead, we relocate shared libraries at runtime. ;; sysv4*MP*) if test -d /usr/nec; then _LT_TAGVAR(lt_prog_compiler_pic, $1)=-Kconform_pic fi ;; hpux*) # PIC is the default for 64-bit PA HP-UX, but not for 32-bit # PA HP-UX. On IA64 HP-UX, PIC is the default but the pic flag # sets the default TLS model and affects inlining. case $host_cpu in hppa*64*) ;; *) _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' ;; esac ;; *qnx* | *nto*) # QNX uses GNU C++, but need to define -shared option too, otherwise # it will coredump. _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared' ;; *) _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' ;; esac else case $host_os in aix[[4-9]]*) # All AIX code is PIC. if test "$host_cpu" = ia64; then # AIX 5 now supports IA64 processor _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' else _LT_TAGVAR(lt_prog_compiler_static, $1)='-bnso -bI:/lib/syscalls.exp' fi ;; chorus*) case $cc_basename in cxch68*) # Green Hills C++ Compiler # _LT_TAGVAR(lt_prog_compiler_static, $1)="--no_auto_instantiation -u __main -u __premain -u _abort -r $COOL_DIR/lib/libOrb.a $MVME_DIR/lib/CC/libC.a $MVME_DIR/lib/classix/libcx.s.a" ;; esac ;; mingw* | cygwin* | os2* | pw32* | cegcc*) # This hack is so that the source file can tell whether it is being # built for inclusion in a dll (and should export symbols for example). m4_if([$1], [GCJ], [], [_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT']) ;; dgux*) case $cc_basename in ec++*) _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' ;; ghcx*) # Green Hills C++ Compiler _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic' ;; *) ;; esac ;; freebsd* | dragonfly*) # FreeBSD uses GNU C++ ;; hpux9* | hpux10* | hpux11*) case $cc_basename in CC*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_static, $1)='${wl}-a ${wl}archive' if test "$host_cpu" != ia64; then _LT_TAGVAR(lt_prog_compiler_pic, $1)='+Z' fi ;; aCC*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_static, $1)='${wl}-a ${wl}archive' case $host_cpu in hppa*64*|ia64*) # +Z the default ;; *) _LT_TAGVAR(lt_prog_compiler_pic, $1)='+Z' ;; esac ;; *) ;; esac ;; interix*) # This is c89, which is MS Visual C++ (no shared libs) # Anyone wants to do a port? ;; irix5* | irix6* | nonstopux*) case $cc_basename in CC*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' # CC pic flag -KPIC is the default. ;; *) ;; esac ;; linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*) case $cc_basename in KCC*) # KAI C++ Compiler _LT_TAGVAR(lt_prog_compiler_wl, $1)='--backend -Wl,' _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' ;; ecpc* ) # old Intel C++ for x86_64 which still supported -KPIC. _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' ;; icpc* ) # Intel C++, used to be incompatible with GCC. # ICC 10 doesn't accept -KPIC any more. _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' ;; pgCC* | pgcpp*) # Portland Group C++ compiler _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fpic' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' ;; cxx*) # Compaq C++ # Make sure the PIC flag is empty. It appears that all Alpha # Linux and Compaq Tru64 Unix objects are PIC. _LT_TAGVAR(lt_prog_compiler_pic, $1)= _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' ;; xlc* | xlC* | bgxl[[cC]]* | mpixl[[cC]]*) # IBM XL 8.0, 9.0 on PPC and BlueGene _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_pic, $1)='-qpic' _LT_TAGVAR(lt_prog_compiler_static, $1)='-qstaticlink' ;; *) case `$CC -V 2>&1 | sed 5q` in *Sun\ C*) # Sun C++ 5.9 _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ' ;; esac ;; esac ;; lynxos*) ;; m88k*) ;; mvs*) case $cc_basename in cxx*) _LT_TAGVAR(lt_prog_compiler_pic, $1)='-W c,exportall' ;; *) ;; esac ;; netbsd* | netbsdelf*-gnu) ;; *qnx* | *nto*) # QNX uses GNU C++, but need to define -shared option too, otherwise # it will coredump. _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared' ;; osf3* | osf4* | osf5*) case $cc_basename in KCC*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='--backend -Wl,' ;; RCC*) # Rational C++ 2.4.1 _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic' ;; cxx*) # Digital/Compaq C++ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' # Make sure the PIC flag is empty. It appears that all Alpha # Linux and Compaq Tru64 Unix objects are PIC. _LT_TAGVAR(lt_prog_compiler_pic, $1)= _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' ;; *) ;; esac ;; psos*) ;; solaris*) case $cc_basename in CC* | sunCC*) # Sun C++ 4.2, 5.x and Centerline C++ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ' ;; gcx*) # Green Hills C++ Compiler _LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC' ;; *) ;; esac ;; sunos4*) case $cc_basename in CC*) # Sun C++ 4.x _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' ;; lcc*) # Lucid _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic' ;; *) ;; esac ;; sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*) case $cc_basename in CC*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' ;; esac ;; tandem*) case $cc_basename in NCC*) # NonStop-UX NCC 3.20 _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' ;; *) ;; esac ;; vxworks*) ;; *) _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no ;; esac fi ], [ if test "$GCC" = yes; then _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' case $host_os in aix*) # All AIX code is PIC. if test "$host_cpu" = ia64; then # AIX 5 now supports IA64 processor _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' fi ;; amigaos*) case $host_cpu in powerpc) # see comment about AmigaOS4 .so support _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' ;; m68k) # FIXME: we need at least 68020 code to build shared libraries, but # adding the `-m68020' flag to GCC prevents building anything better, # like `-m68040'. _LT_TAGVAR(lt_prog_compiler_pic, $1)='-m68020 -resident32 -malways-restore-a4' ;; esac ;; beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) # PIC is the default for these OSes. ;; mingw* | cygwin* | pw32* | os2* | cegcc*) # This hack is so that the source file can tell whether it is being # built for inclusion in a dll (and should export symbols for example). # Although the cygwin gcc ignores -fPIC, still need this for old-style # (--disable-auto-import) libraries m4_if([$1], [GCJ], [], [_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT']) ;; darwin* | rhapsody*) # PIC is the default on this platform # Common symbols not allowed in MH_DYLIB files _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common' ;; haiku*) # PIC is the default for Haiku. # The "-static" flag exists, but is broken. _LT_TAGVAR(lt_prog_compiler_static, $1)= ;; hpux*) # PIC is the default for 64-bit PA HP-UX, but not for 32-bit # PA HP-UX. On IA64 HP-UX, PIC is the default but the pic flag # sets the default TLS model and affects inlining. case $host_cpu in hppa*64*) # +Z the default ;; *) _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' ;; esac ;; interix[[3-9]]*) # Interix 3.x gcc -fpic/-fPIC options generate broken code. # Instead, we relocate shared libraries at runtime. ;; msdosdjgpp*) # Just because we use GCC doesn't mean we suddenly get shared libraries # on systems that don't support them. _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no enable_shared=no ;; *nto* | *qnx*) # QNX uses GNU C++, but need to define -shared option too, otherwise # it will coredump. _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared' ;; sysv4*MP*) if test -d /usr/nec; then _LT_TAGVAR(lt_prog_compiler_pic, $1)=-Kconform_pic fi ;; *) _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' ;; esac case $cc_basename in nvcc*) # Cuda Compiler Driver 2.2 _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Xlinker ' if test -n "$_LT_TAGVAR(lt_prog_compiler_pic, $1)"; then _LT_TAGVAR(lt_prog_compiler_pic, $1)="-Xcompiler $_LT_TAGVAR(lt_prog_compiler_pic, $1)" fi ;; esac else # PORTME Check for flag to pass linker flags through the system compiler. case $host_os in aix*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' if test "$host_cpu" = ia64; then # AIX 5 now supports IA64 processor _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' else _LT_TAGVAR(lt_prog_compiler_static, $1)='-bnso -bI:/lib/syscalls.exp' fi ;; mingw* | cygwin* | pw32* | os2* | cegcc*) # This hack is so that the source file can tell whether it is being # built for inclusion in a dll (and should export symbols for example). m4_if([$1], [GCJ], [], [_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT']) ;; hpux9* | hpux10* | hpux11*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but # not for PA HP-UX. case $host_cpu in hppa*64*|ia64*) # +Z the default ;; *) _LT_TAGVAR(lt_prog_compiler_pic, $1)='+Z' ;; esac # Is there a better lt_prog_compiler_static that works with the bundled CC? _LT_TAGVAR(lt_prog_compiler_static, $1)='${wl}-a ${wl}archive' ;; irix5* | irix6* | nonstopux*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' # PIC (with -KPIC) is the default. _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' ;; linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*) case $cc_basename in # old Intel for x86_64 which still supported -KPIC. ecc*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' ;; # icc used to be incompatible with GCC. # ICC 10 doesn't accept -KPIC any more. icc* | ifort*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' ;; # Lahey Fortran 8.1. lf95*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_pic, $1)='--shared' _LT_TAGVAR(lt_prog_compiler_static, $1)='--static' ;; nagfor*) # NAG Fortran compiler _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,-Wl,,' _LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' ;; pgcc* | pgf77* | pgf90* | pgf95* | pgfortran*) # Portland Group compilers (*not* the Pentium gcc compiler, # which looks to be a dead project) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fpic' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' ;; ccc*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' # All Alpha code is PIC. _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' ;; xl* | bgxl* | bgf* | mpixl*) # IBM XL C 8.0/Fortran 10.1, 11.1 on PPC and BlueGene _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_pic, $1)='-qpic' _LT_TAGVAR(lt_prog_compiler_static, $1)='-qstaticlink' ;; *) case `$CC -V 2>&1 | sed 5q` in *Sun\ Ceres\ Fortran* | *Sun*Fortran*\ [[1-7]].* | *Sun*Fortran*\ 8.[[0-3]]*) # Sun Fortran 8.3 passes all unrecognized flags to the linker _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' _LT_TAGVAR(lt_prog_compiler_wl, $1)='' ;; *Sun\ F* | *Sun*Fortran*) _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ' ;; *Sun\ C*) # Sun C 5.9 _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' ;; *Intel*\ [[CF]]*Compiler*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' ;; *Portland\ Group*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fpic' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' ;; esac ;; esac ;; newsos6) _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' ;; *nto* | *qnx*) # QNX uses GNU C++, but need to define -shared option too, otherwise # it will coredump. _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared' ;; osf3* | osf4* | osf5*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' # All OSF/1 code is PIC. _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' ;; rdos*) _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' ;; solaris*) _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' case $cc_basename in f77* | f90* | f95* | sunf77* | sunf90* | sunf95*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ';; *) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,';; esac ;; sunos4*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ' _LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' ;; sysv4 | sysv4.2uw2* | sysv4.3*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' ;; sysv4*MP*) if test -d /usr/nec ;then _LT_TAGVAR(lt_prog_compiler_pic, $1)='-Kconform_pic' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' fi ;; sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' ;; unicos*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no ;; uts4*) _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' ;; *) _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no ;; esac fi ]) case $host_os in # For platforms which do not support PIC, -DPIC is meaningless: *djgpp*) _LT_TAGVAR(lt_prog_compiler_pic, $1)= ;; *) _LT_TAGVAR(lt_prog_compiler_pic, $1)="$_LT_TAGVAR(lt_prog_compiler_pic, $1)@&t@m4_if([$1],[],[ -DPIC],[m4_if([$1],[CXX],[ -DPIC],[])])" ;; esac AC_CACHE_CHECK([for $compiler option to produce PIC], [_LT_TAGVAR(lt_cv_prog_compiler_pic, $1)], [_LT_TAGVAR(lt_cv_prog_compiler_pic, $1)=$_LT_TAGVAR(lt_prog_compiler_pic, $1)]) _LT_TAGVAR(lt_prog_compiler_pic, $1)=$_LT_TAGVAR(lt_cv_prog_compiler_pic, $1) # # Check to make sure the PIC flag actually works. # if test -n "$_LT_TAGVAR(lt_prog_compiler_pic, $1)"; then _LT_COMPILER_OPTION([if $compiler PIC flag $_LT_TAGVAR(lt_prog_compiler_pic, $1) works], [_LT_TAGVAR(lt_cv_prog_compiler_pic_works, $1)], [$_LT_TAGVAR(lt_prog_compiler_pic, $1)@&t@m4_if([$1],[],[ -DPIC],[m4_if([$1],[CXX],[ -DPIC],[])])], [], [case $_LT_TAGVAR(lt_prog_compiler_pic, $1) in "" | " "*) ;; *) _LT_TAGVAR(lt_prog_compiler_pic, $1)=" $_LT_TAGVAR(lt_prog_compiler_pic, $1)" ;; esac], [_LT_TAGVAR(lt_prog_compiler_pic, $1)= _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no]) fi _LT_TAGDECL([pic_flag], [lt_prog_compiler_pic], [1], [Additional compiler flags for building library objects]) _LT_TAGDECL([wl], [lt_prog_compiler_wl], [1], [How to pass a linker flag through the compiler]) # # Check to make sure the static flag actually works. # wl=$_LT_TAGVAR(lt_prog_compiler_wl, $1) eval lt_tmp_static_flag=\"$_LT_TAGVAR(lt_prog_compiler_static, $1)\" _LT_LINKER_OPTION([if $compiler static flag $lt_tmp_static_flag works], _LT_TAGVAR(lt_cv_prog_compiler_static_works, $1), $lt_tmp_static_flag, [], [_LT_TAGVAR(lt_prog_compiler_static, $1)=]) _LT_TAGDECL([link_static_flag], [lt_prog_compiler_static], [1], [Compiler flag to prevent dynamic linking]) ])# _LT_COMPILER_PIC # _LT_LINKER_SHLIBS([TAGNAME]) # ---------------------------- # See if the linker supports building shared libraries. m4_defun([_LT_LINKER_SHLIBS], [AC_REQUIRE([LT_PATH_LD])dnl AC_REQUIRE([LT_PATH_NM])dnl m4_require([_LT_PATH_MANIFEST_TOOL])dnl m4_require([_LT_FILEUTILS_DEFAULTS])dnl m4_require([_LT_DECL_EGREP])dnl m4_require([_LT_DECL_SED])dnl m4_require([_LT_CMD_GLOBAL_SYMBOLS])dnl m4_require([_LT_TAG_COMPILER])dnl AC_MSG_CHECKING([whether the $compiler linker ($LD) supports shared libraries]) m4_if([$1], [CXX], [ _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' _LT_TAGVAR(exclude_expsyms, $1)=['_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*'] case $host_os in aix[[4-9]]*) # If we're using GNU nm, then we don't want the "-C" option. # -C means demangle to AIX nm, but means don't demangle with GNU nm # Also, AIX nm treats weak defined symbols like other global defined # symbols, whereas GNU nm marks them as "W". if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' else _LT_TAGVAR(export_symbols_cmds, $1)='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' fi ;; pw32*) _LT_TAGVAR(export_symbols_cmds, $1)="$ltdll_cmds" ;; cygwin* | mingw* | cegcc*) case $cc_basename in cl*) _LT_TAGVAR(exclude_expsyms, $1)='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*' ;; *) _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1 DATA/;s/^.*[[ ]]__nm__\([[^ ]]*\)[[ ]][[^ ]]*/\1 DATA/;/^I[[ ]]/d;/^[[AITW]][[ ]]/s/.* //'\'' | sort | uniq > $export_symbols' _LT_TAGVAR(exclude_expsyms, $1)=['[_]+GLOBAL_OFFSET_TABLE_|[_]+GLOBAL__[FID]_.*|[_]+head_[A-Za-z0-9_]+_dll|[A-Za-z0-9_]+_dll_iname'] ;; esac ;; linux* | k*bsd*-gnu | gnu*) _LT_TAGVAR(link_all_deplibs, $1)=no ;; *) _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' ;; esac ], [ runpath_var= _LT_TAGVAR(allow_undefined_flag, $1)= _LT_TAGVAR(always_export_symbols, $1)=no _LT_TAGVAR(archive_cmds, $1)= _LT_TAGVAR(archive_expsym_cmds, $1)= _LT_TAGVAR(compiler_needs_object, $1)=no _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no _LT_TAGVAR(export_dynamic_flag_spec, $1)= _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' _LT_TAGVAR(hardcode_automatic, $1)=no _LT_TAGVAR(hardcode_direct, $1)=no _LT_TAGVAR(hardcode_direct_absolute, $1)=no _LT_TAGVAR(hardcode_libdir_flag_spec, $1)= _LT_TAGVAR(hardcode_libdir_separator, $1)= _LT_TAGVAR(hardcode_minus_L, $1)=no _LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported _LT_TAGVAR(inherit_rpath, $1)=no _LT_TAGVAR(link_all_deplibs, $1)=unknown _LT_TAGVAR(module_cmds, $1)= _LT_TAGVAR(module_expsym_cmds, $1)= _LT_TAGVAR(old_archive_from_new_cmds, $1)= _LT_TAGVAR(old_archive_from_expsyms_cmds, $1)= _LT_TAGVAR(thread_safe_flag_spec, $1)= _LT_TAGVAR(whole_archive_flag_spec, $1)= # include_expsyms should be a list of space-separated symbols to be *always* # included in the symbol list _LT_TAGVAR(include_expsyms, $1)= # exclude_expsyms can be an extended regexp of symbols to exclude # it will be wrapped by ` (' and `)$', so one must not match beginning or # end of line. Example: `a|bc|.*d.*' will exclude the symbols `a' and `bc', # as well as any symbol that contains `d'. _LT_TAGVAR(exclude_expsyms, $1)=['_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*'] # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out # platforms (ab)use it in PIC code, but their linkers get confused if # the symbol is explicitly referenced. Since portable code cannot # rely on this symbol name, it's probably fine to never include it in # preloaded symbol tables. # Exclude shared library initialization/finalization symbols. dnl Note also adjust exclude_expsyms for C++ above. extract_expsyms_cmds= case $host_os in cygwin* | mingw* | pw32* | cegcc*) # FIXME: the MSVC++ port hasn't been tested in a loooong time # When not using gcc, we currently assume that we are using # Microsoft Visual C++. if test "$GCC" != yes; then with_gnu_ld=no fi ;; interix*) # we just hope/assume this is gcc and not c89 (= MSVC++) with_gnu_ld=yes ;; openbsd*) with_gnu_ld=no ;; linux* | k*bsd*-gnu | gnu*) _LT_TAGVAR(link_all_deplibs, $1)=no ;; esac _LT_TAGVAR(ld_shlibs, $1)=yes # On some targets, GNU ld is compatible enough with the native linker # that we're better off using the native interface for both. lt_use_gnu_ld_interface=no if test "$with_gnu_ld" = yes; then case $host_os in aix*) # The AIX port of GNU ld has always aspired to compatibility # with the native linker. However, as the warning in the GNU ld # block says, versions before 2.19.5* couldn't really create working # shared libraries, regardless of the interface used. case `$LD -v 2>&1` in *\ \(GNU\ Binutils\)\ 2.19.5*) ;; *\ \(GNU\ Binutils\)\ 2.[[2-9]]*) ;; *\ \(GNU\ Binutils\)\ [[3-9]]*) ;; *) lt_use_gnu_ld_interface=yes ;; esac ;; *) lt_use_gnu_ld_interface=yes ;; esac fi if test "$lt_use_gnu_ld_interface" = yes; then # If archive_cmds runs LD, not CC, wlarc should be empty wlarc='${wl}' # Set some defaults for GNU ld with shared library support. These # are reset later if shared libraries are not supported. Putting them # here allows them to be overridden if necessary. runpath_var=LD_RUN_PATH _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' # ancient GNU ld didn't support --whole-archive et. al. if $LD --help 2>&1 | $GREP 'no-whole-archive' > /dev/null; then _LT_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive' else _LT_TAGVAR(whole_archive_flag_spec, $1)= fi supports_anon_versioning=no case `$LD -v 2>&1` in *GNU\ gold*) supports_anon_versioning=yes ;; *\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.10.*) ;; # catch versions < 2.11 *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ... *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ... *\ 2.11.*) ;; # other 2.11 versions *) supports_anon_versioning=yes ;; esac # See if GNU ld supports shared libraries. case $host_os in aix[[3-9]]*) # On AIX/PPC, the GNU linker is very broken if test "$host_cpu" != ia64; then _LT_TAGVAR(ld_shlibs, $1)=no cat <<_LT_EOF 1>&2 *** Warning: the GNU linker, at least up to release 2.19, is reported *** to be unable to reliably create shared libraries on AIX. *** Therefore, libtool is disabling shared libraries support. If you *** really care for shared libraries, you may want to install binutils *** 2.20 or above, or modify your PATH so that a non-GNU linker is found. *** You will then need to restart the configuration process. _LT_EOF fi ;; amigaos*) case $host_cpu in powerpc) # see comment about AmigaOS4 .so support _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='' ;; m68k) _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' _LT_TAGVAR(hardcode_minus_L, $1)=yes ;; esac ;; beos*) if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then _LT_TAGVAR(allow_undefined_flag, $1)=unsupported # Joseph Beckenbach says some releases of gcc # support --undefined. This deserves some investigation. FIXME _LT_TAGVAR(archive_cmds, $1)='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' else _LT_TAGVAR(ld_shlibs, $1)=no fi ;; cygwin* | mingw* | pw32* | cegcc*) # _LT_TAGVAR(hardcode_libdir_flag_spec, $1) is actually meaningless, # as there is no search path for DLLs. _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-all-symbols' _LT_TAGVAR(allow_undefined_flag, $1)=unsupported _LT_TAGVAR(always_export_symbols, $1)=no _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1 DATA/;s/^.*[[ ]]__nm__\([[^ ]]*\)[[ ]][[^ ]]*/\1 DATA/;/^I[[ ]]/d;/^[[AITW]][[ ]]/s/.* //'\'' | sort | uniq > $export_symbols' _LT_TAGVAR(exclude_expsyms, $1)=['[_]+GLOBAL_OFFSET_TABLE_|[_]+GLOBAL__[FID]_.*|[_]+head_[A-Za-z0-9_]+_dll|[A-Za-z0-9_]+_dll_iname'] if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' # If the export-symbols file already is a .def file (1st line # is EXPORTS), use it as is; otherwise, prepend... _LT_TAGVAR(archive_expsym_cmds, $1)='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then cp $export_symbols $output_objdir/$soname.def; else echo EXPORTS > $output_objdir/$soname.def; cat $export_symbols >> $output_objdir/$soname.def; fi~ $CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' else _LT_TAGVAR(ld_shlibs, $1)=no fi ;; haiku*) _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' _LT_TAGVAR(link_all_deplibs, $1)=yes ;; interix[[3-9]]*) _LT_TAGVAR(hardcode_direct, $1)=no _LT_TAGVAR(hardcode_shlibpath_var, $1)=no _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc. # Instead, shared libraries are loaded at an image base (0x10000000 by # default) and relocated if they conflict, which is a slow very memory # consuming and fragmenting process. To avoid this, we pick a random, # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link # time. Moving up from 0x10000000 also allows more sbrk(2) space. _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' ;; gnu* | linux* | tpf* | k*bsd*-gnu | kopensolaris*-gnu) tmp_diet=no if test "$host_os" = linux-dietlibc; then case $cc_basename in diet\ *) tmp_diet=yes;; # linux-dietlibc with static linking (!diet-dyn) esac fi if $LD --help 2>&1 | $EGREP ': supported targets:.* elf' > /dev/null \ && test "$tmp_diet" = no then tmp_addflag=' $pic_flag' tmp_sharedflag='-shared' case $cc_basename,$host_cpu in pgcc*) # Portland Group C compiler _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive' tmp_addflag=' $pic_flag' ;; pgf77* | pgf90* | pgf95* | pgfortran*) # Portland Group f77 and f90 compilers _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive' tmp_addflag=' $pic_flag -Mnomain' ;; ecc*,ia64* | icc*,ia64*) # Intel C compiler on ia64 tmp_addflag=' -i_dynamic' ;; efc*,ia64* | ifort*,ia64*) # Intel Fortran compiler on ia64 tmp_addflag=' -i_dynamic -nofor_main' ;; ifc* | ifort*) # Intel Fortran compiler tmp_addflag=' -nofor_main' ;; lf95*) # Lahey Fortran 8.1 _LT_TAGVAR(whole_archive_flag_spec, $1)= tmp_sharedflag='--shared' ;; xl[[cC]]* | bgxl[[cC]]* | mpixl[[cC]]*) # IBM XL C 8.0 on PPC (deal with xlf below) tmp_sharedflag='-qmkshrobj' tmp_addflag= ;; nvcc*) # Cuda Compiler Driver 2.2 _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive' _LT_TAGVAR(compiler_needs_object, $1)=yes ;; esac case `$CC -V 2>&1 | sed 5q` in *Sun\ C*) # Sun C 5.9 _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive' _LT_TAGVAR(compiler_needs_object, $1)=yes tmp_sharedflag='-G' ;; *Sun\ F*) # Sun Fortran 8.3 tmp_sharedflag='-G' ;; esac _LT_TAGVAR(archive_cmds, $1)='$CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' if test "x$supports_anon_versioning" = xyes; then _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~ cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ echo "local: *; };" >> $output_objdir/$libname.ver~ $CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib' fi case $cc_basename in xlf* | bgf* | bgxlf* | mpixlf*) # IBM XL Fortran 10.1 on PPC cannot create shared libs itself _LT_TAGVAR(whole_archive_flag_spec, $1)='--whole-archive$convenience --no-whole-archive' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' _LT_TAGVAR(archive_cmds, $1)='$LD -shared $libobjs $deplibs $linker_flags -soname $soname -o $lib' if test "x$supports_anon_versioning" = xyes; then _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~ cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ echo "local: *; };" >> $output_objdir/$libname.ver~ $LD -shared $libobjs $deplibs $linker_flags -soname $soname -version-script $output_objdir/$libname.ver -o $lib' fi ;; esac else _LT_TAGVAR(ld_shlibs, $1)=no fi ;; netbsd* | netbsdelf*-gnu) if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib' wlarc= else _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' fi ;; solaris*) if $LD -v 2>&1 | $GREP 'BFD 2\.8' > /dev/null; then _LT_TAGVAR(ld_shlibs, $1)=no cat <<_LT_EOF 1>&2 *** Warning: The releases 2.8.* of the GNU linker cannot reliably *** create shared libraries on Solaris systems. Therefore, libtool *** is disabling shared libraries support. We urge you to upgrade GNU *** binutils to release 2.9.1 or newer. Another option is to modify *** your PATH or compiler configuration so that the native linker is *** used, and then restart. _LT_EOF elif $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' else _LT_TAGVAR(ld_shlibs, $1)=no fi ;; sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*) case `$LD -v 2>&1` in *\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.1[[0-5]].*) _LT_TAGVAR(ld_shlibs, $1)=no cat <<_LT_EOF 1>&2 *** Warning: Releases of the GNU linker prior to 2.16.91.0.3 can not *** reliably create shared libraries on SCO systems. Therefore, libtool *** is disabling shared libraries support. We urge you to upgrade GNU *** binutils to release 2.16.91.0.3 or newer. Another option is to modify *** your PATH or compiler configuration so that the native linker is *** used, and then restart. _LT_EOF ;; *) # For security reasons, it is highly recommended that you always # use absolute paths for naming shared libraries, and exclude the # DT_RUNPATH tag from executables and libraries. But doing so # requires that you compile everything twice, which is a pain. if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' else _LT_TAGVAR(ld_shlibs, $1)=no fi ;; esac ;; sunos4*) _LT_TAGVAR(archive_cmds, $1)='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags' wlarc= _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_shlibpath_var, $1)=no ;; *) if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' else _LT_TAGVAR(ld_shlibs, $1)=no fi ;; esac if test "$_LT_TAGVAR(ld_shlibs, $1)" = no; then runpath_var= _LT_TAGVAR(hardcode_libdir_flag_spec, $1)= _LT_TAGVAR(export_dynamic_flag_spec, $1)= _LT_TAGVAR(whole_archive_flag_spec, $1)= fi else # PORTME fill in a description of your system's linker (not GNU ld) case $host_os in aix3*) _LT_TAGVAR(allow_undefined_flag, $1)=unsupported _LT_TAGVAR(always_export_symbols, $1)=yes _LT_TAGVAR(archive_expsym_cmds, $1)='$LD -o $output_objdir/$soname $libobjs $deplibs $linker_flags -bE:$export_symbols -T512 -H512 -bM:SRE~$AR $AR_FLAGS $lib $output_objdir/$soname' # Note: this linker hardcodes the directories in LIBPATH if there # are no directories specified by -L. _LT_TAGVAR(hardcode_minus_L, $1)=yes if test "$GCC" = yes && test -z "$lt_prog_compiler_static"; then # Neither direct hardcoding nor static linking is supported with a # broken collect2. _LT_TAGVAR(hardcode_direct, $1)=unsupported fi ;; aix[[4-9]]*) if test "$host_cpu" = ia64; then # On IA64, the linker does run time linking by default, so we don't # have to do anything special. aix_use_runtimelinking=no exp_sym_flag='-Bexport' no_entry_flag="" else # If we're using GNU nm, then we don't want the "-C" option. # -C means demangle to AIX nm, but means don't demangle with GNU nm # Also, AIX nm treats weak defined symbols like other global # defined symbols, whereas GNU nm marks them as "W". if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' else _LT_TAGVAR(export_symbols_cmds, $1)='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' fi aix_use_runtimelinking=no # Test if we are trying to use run time linking or normal # AIX style linking. If -brtl is somewhere in LDFLAGS, we # need to do runtime linking. case $host_os in aix4.[[23]]|aix4.[[23]].*|aix[[5-9]]*) for ld_flag in $LDFLAGS; do if (test $ld_flag = "-brtl" || test $ld_flag = "-Wl,-brtl"); then aix_use_runtimelinking=yes break fi done ;; esac exp_sym_flag='-bexport' no_entry_flag='-bnoentry' fi # When large executables or shared objects are built, AIX ld can # have problems creating the table of contents. If linking a library # or program results in "error TOC overflow" add -mminimal-toc to # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS. _LT_TAGVAR(archive_cmds, $1)='' _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_direct_absolute, $1)=yes _LT_TAGVAR(hardcode_libdir_separator, $1)=':' _LT_TAGVAR(link_all_deplibs, $1)=yes _LT_TAGVAR(file_list_spec, $1)='${wl}-f,' if test "$GCC" = yes; then case $host_os in aix4.[[012]]|aix4.[[012]].*) # We only want to do this on AIX 4.2 and lower, the check # below for broken collect2 doesn't work under 4.3+ collect2name=`${CC} -print-prog-name=collect2` if test -f "$collect2name" && strings "$collect2name" | $GREP resolve_lib_name >/dev/null then # We have reworked collect2 : else # We have old collect2 _LT_TAGVAR(hardcode_direct, $1)=unsupported # It fails to find uninstalled libraries when the uninstalled # path is not listed in the libpath. Setting hardcode_minus_L # to unsupported forces relinking _LT_TAGVAR(hardcode_minus_L, $1)=yes _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)= fi ;; esac shared_flag='-shared' if test "$aix_use_runtimelinking" = yes; then shared_flag="$shared_flag "'${wl}-G' fi _LT_TAGVAR(link_all_deplibs, $1)=no else # not using gcc if test "$host_cpu" = ia64; then # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release # chokes on -Wl,-G. The following line is correct: shared_flag='-G' else if test "$aix_use_runtimelinking" = yes; then shared_flag='${wl}-G' else shared_flag='${wl}-bM:SRE' fi fi fi _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-bexpall' # It seems that -bexpall does not export symbols beginning with # underscore (_), so it is better to generate a list of symbols to export. _LT_TAGVAR(always_export_symbols, $1)=yes if test "$aix_use_runtimelinking" = yes; then # Warning - without using the other runtime loading flags (-brtl), # -berok will link without error, but may produce a broken library. _LT_TAGVAR(allow_undefined_flag, $1)='-berok' # Determine the default libpath from the value encoded in an # empty executable. _LT_SYS_MODULE_PATH_AIX([$1]) _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath" _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then func_echo_all "${wl}${allow_undefined_flag}"; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag" else if test "$host_cpu" = ia64; then _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R $libdir:/usr/lib:/lib' _LT_TAGVAR(allow_undefined_flag, $1)="-z nodefs" _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols" else # Determine the default libpath from the value encoded in an # empty executable. _LT_SYS_MODULE_PATH_AIX([$1]) _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath" # Warning - without using the other run time loading flags, # -berok will link without error, but may produce a broken library. _LT_TAGVAR(no_undefined_flag, $1)=' ${wl}-bernotok' _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-berok' if test "$with_gnu_ld" = yes; then # We only use this code for GNU lds that support --whole-archive. _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive$convenience ${wl}--no-whole-archive' else # Exported symbols can be pulled into shared objects from archives _LT_TAGVAR(whole_archive_flag_spec, $1)='$convenience' fi _LT_TAGVAR(archive_cmds_need_lc, $1)=yes # This is similar to how AIX traditionally builds its shared libraries. _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname' fi fi ;; amigaos*) case $host_cpu in powerpc) # see comment about AmigaOS4 .so support _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='' ;; m68k) _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' _LT_TAGVAR(hardcode_minus_L, $1)=yes ;; esac ;; bsdi[[45]]*) _LT_TAGVAR(export_dynamic_flag_spec, $1)=-rdynamic ;; cygwin* | mingw* | pw32* | cegcc*) # When not using gcc, we currently assume that we are using # Microsoft Visual C++. # hardcode_libdir_flag_spec is actually meaningless, as there is # no search path for DLLs. case $cc_basename in cl*) # Native MSVC _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' ' _LT_TAGVAR(allow_undefined_flag, $1)=unsupported _LT_TAGVAR(always_export_symbols, $1)=yes _LT_TAGVAR(file_list_spec, $1)='@' # Tell ltmain to make .lib files, not .a files. libext=lib # Tell ltmain to make .dll files, not .so files. shrext_cmds=".dll" # FIXME: Setting linknames here is a bad hack. _LT_TAGVAR(archive_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-dll~linknames=' _LT_TAGVAR(archive_expsym_cmds, $1)='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then sed -n -e 's/\\\\\\\(.*\\\\\\\)/-link\\\ -EXPORT:\\\\\\\1/' -e '1\\\!p' < $export_symbols > $output_objdir/$soname.exp; else sed -e 's/\\\\\\\(.*\\\\\\\)/-link\\\ -EXPORT:\\\\\\\1/' < $export_symbols > $output_objdir/$soname.exp; fi~ $CC -o $tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~ linknames=' # The linker will not automatically build a static lib if we build a DLL. # _LT_TAGVAR(old_archive_from_new_cmds, $1)='true' _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes _LT_TAGVAR(exclude_expsyms, $1)='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*' _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1,DATA/'\'' | $SED -e '\''/^[[AITW]][[ ]]/s/.*[[ ]]//'\'' | sort | uniq > $export_symbols' # Don't use ranlib _LT_TAGVAR(old_postinstall_cmds, $1)='chmod 644 $oldlib' _LT_TAGVAR(postlink_cmds, $1)='lt_outputfile="@OUTPUT@"~ lt_tool_outputfile="@TOOL_OUTPUT@"~ case $lt_outputfile in *.exe|*.EXE) ;; *) lt_outputfile="$lt_outputfile.exe" lt_tool_outputfile="$lt_tool_outputfile.exe" ;; esac~ if test "$MANIFEST_TOOL" != ":" && test -f "$lt_outputfile.manifest"; then $MANIFEST_TOOL -manifest "$lt_tool_outputfile.manifest" -outputresource:"$lt_tool_outputfile" || exit 1; $RM "$lt_outputfile.manifest"; fi' ;; *) # Assume MSVC wrapper _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' ' _LT_TAGVAR(allow_undefined_flag, $1)=unsupported # Tell ltmain to make .lib files, not .a files. libext=lib # Tell ltmain to make .dll files, not .so files. shrext_cmds=".dll" # FIXME: Setting linknames here is a bad hack. _LT_TAGVAR(archive_cmds, $1)='$CC -o $lib $libobjs $compiler_flags `func_echo_all "$deplibs" | $SED '\''s/ -lc$//'\''` -link -dll~linknames=' # The linker will automatically build a .lib file if we build a DLL. _LT_TAGVAR(old_archive_from_new_cmds, $1)='true' # FIXME: Should let the user specify the lib program. _LT_TAGVAR(old_archive_cmds, $1)='lib -OUT:$oldlib$oldobjs$old_deplibs' _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes ;; esac ;; darwin* | rhapsody*) _LT_DARWIN_LINKER_FEATURES($1) ;; dgux*) _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' _LT_TAGVAR(hardcode_shlibpath_var, $1)=no ;; # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor # support. Future versions do this automatically, but an explicit c++rt0.o # does not break anything, and helps significantly (at the cost of a little # extra space). freebsd2.2*) _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_shlibpath_var, $1)=no ;; # Unfortunately, older versions of FreeBSD 2 do not have this feature. freebsd2.*) _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_minus_L, $1)=yes _LT_TAGVAR(hardcode_shlibpath_var, $1)=no ;; # FreeBSD 3 and greater uses gcc -shared to do shared libraries. freebsd* | dragonfly*) _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_shlibpath_var, $1)=no ;; hpux9*) if test "$GCC" = yes; then _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -shared $pic_flag ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' else _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' fi _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: _LT_TAGVAR(hardcode_direct, $1)=yes # hardcode_minus_L: Not really in the search PATH, # but as the default location of the library. _LT_TAGVAR(hardcode_minus_L, $1)=yes _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' ;; hpux10*) if test "$GCC" = yes && test "$with_gnu_ld" = no; then _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' else _LT_TAGVAR(archive_cmds, $1)='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags' fi if test "$with_gnu_ld" = no; then _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_direct_absolute, $1)=yes _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' # hardcode_minus_L: Not really in the search PATH, # but as the default location of the library. _LT_TAGVAR(hardcode_minus_L, $1)=yes fi ;; hpux11*) if test "$GCC" = yes && test "$with_gnu_ld" = no; then case $host_cpu in hppa*64*) _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' ;; ia64*) _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' ;; *) _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' ;; esac else case $host_cpu in hppa*64*) _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' ;; ia64*) _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' ;; *) m4_if($1, [], [ # Older versions of the 11.00 compiler do not understand -b yet # (HP92453-01 A.11.01.20 doesn't, HP92453-01 B.11.X.35175-35176.GP does) _LT_LINKER_OPTION([if $CC understands -b], _LT_TAGVAR(lt_cv_prog_compiler__b, $1), [-b], [_LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'], [_LT_TAGVAR(archive_cmds, $1)='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags'])], [_LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags']) ;; esac fi if test "$with_gnu_ld" = no; then _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: case $host_cpu in hppa*64*|ia64*) _LT_TAGVAR(hardcode_direct, $1)=no _LT_TAGVAR(hardcode_shlibpath_var, $1)=no ;; *) _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_direct_absolute, $1)=yes _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' # hardcode_minus_L: Not really in the search PATH, # but as the default location of the library. _LT_TAGVAR(hardcode_minus_L, $1)=yes ;; esac fi ;; irix5* | irix6* | nonstopux*) if test "$GCC" = yes; then _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' # Try to use the -exported_symbol ld option, if it does not # work, assume that -exports_file does not work either and # implicitly export all symbols. # This should be the same for all languages, so no per-tag cache variable. AC_CACHE_CHECK([whether the $host_os linker accepts -exported_symbol], [lt_cv_irix_exported_symbol], [save_LDFLAGS="$LDFLAGS" LDFLAGS="$LDFLAGS -shared ${wl}-exported_symbol ${wl}foo ${wl}-update_registry ${wl}/dev/null" AC_LINK_IFELSE( [AC_LANG_SOURCE( [AC_LANG_CASE([C], [[int foo (void) { return 0; }]], [C++], [[int foo (void) { return 0; }]], [Fortran 77], [[ subroutine foo end]], [Fortran], [[ subroutine foo end]])])], [lt_cv_irix_exported_symbol=yes], [lt_cv_irix_exported_symbol=no]) LDFLAGS="$save_LDFLAGS"]) if test "$lt_cv_irix_exported_symbol" = yes; then _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations ${wl}-exports_file ${wl}$export_symbols -o $lib' fi else _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -exports_file $export_symbols -o $lib' fi _LT_TAGVAR(archive_cmds_need_lc, $1)='no' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: _LT_TAGVAR(inherit_rpath, $1)=yes _LT_TAGVAR(link_all_deplibs, $1)=yes ;; netbsd* | netbsdelf*-gnu) if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out else _LT_TAGVAR(archive_cmds, $1)='$LD -shared -o $lib $libobjs $deplibs $linker_flags' # ELF fi _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_shlibpath_var, $1)=no ;; newsos6) _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: _LT_TAGVAR(hardcode_shlibpath_var, $1)=no ;; *nto* | *qnx*) ;; openbsd*) if test -f /usr/libexec/ld.so; then _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_shlibpath_var, $1)=no _LT_TAGVAR(hardcode_direct_absolute, $1)=yes if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-retain-symbols-file,$export_symbols' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' else case $host_os in openbsd[[01]].* | openbsd2.[[0-7]] | openbsd2.[[0-7]].*) _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' ;; *) _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' ;; esac fi else _LT_TAGVAR(ld_shlibs, $1)=no fi ;; os2*) _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' _LT_TAGVAR(hardcode_minus_L, $1)=yes _LT_TAGVAR(allow_undefined_flag, $1)=unsupported _LT_TAGVAR(archive_cmds, $1)='$ECHO "LIBRARY $libname INITINSTANCE" > $output_objdir/$libname.def~$ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~echo DATA >> $output_objdir/$libname.def~echo " SINGLE NONSHARED" >> $output_objdir/$libname.def~echo EXPORTS >> $output_objdir/$libname.def~emxexp $libobjs >> $output_objdir/$libname.def~$CC -Zdll -Zcrtdll -o $lib $libobjs $deplibs $compiler_flags $output_objdir/$libname.def' _LT_TAGVAR(old_archive_from_new_cmds, $1)='emximp -o $output_objdir/$libname.a $output_objdir/$libname.def' ;; osf3*) if test "$GCC" = yes; then _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*' _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' else _LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*' _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib' fi _LT_TAGVAR(archive_cmds_need_lc, $1)='no' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: ;; osf4* | osf5*) # as osf3* with the addition of -msym flag if test "$GCC" = yes; then _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*' _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $pic_flag $libobjs $deplibs $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' else _LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*' _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags -msym -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; printf "%s\\n" "-hidden">> $lib.exp~ $CC -shared${allow_undefined_flag} ${wl}-input ${wl}$lib.exp $compiler_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && $ECHO "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib~$RM $lib.exp' # Both c and cxx compiler support -rpath directly _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir' fi _LT_TAGVAR(archive_cmds_need_lc, $1)='no' _LT_TAGVAR(hardcode_libdir_separator, $1)=: ;; solaris*) _LT_TAGVAR(no_undefined_flag, $1)=' -z defs' if test "$GCC" = yes; then wlarc='${wl}' _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag ${wl}-z ${wl}text ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ $CC -shared $pic_flag ${wl}-z ${wl}text ${wl}-M ${wl}$lib.exp ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp' else case `$CC -V 2>&1` in *"Compilers 5.0"*) wlarc='' _LT_TAGVAR(archive_cmds, $1)='$LD -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $linker_flags' _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ $LD -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$RM $lib.exp' ;; *) wlarc='${wl}' _LT_TAGVAR(archive_cmds, $1)='$CC -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $compiler_flags' _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ $CC -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp' ;; esac fi _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' _LT_TAGVAR(hardcode_shlibpath_var, $1)=no case $host_os in solaris2.[[0-5]] | solaris2.[[0-5]].*) ;; *) # The compiler driver will combine and reorder linker options, # but understands `-z linker_flag'. GCC discards it without `$wl', # but is careful enough not to reorder. # Supported since Solaris 2.6 (maybe 2.5.1?) if test "$GCC" = yes; then _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}-z ${wl}allextract$convenience ${wl}-z ${wl}defaultextract' else _LT_TAGVAR(whole_archive_flag_spec, $1)='-z allextract$convenience -z defaultextract' fi ;; esac _LT_TAGVAR(link_all_deplibs, $1)=yes ;; sunos4*) if test "x$host_vendor" = xsequent; then # Use $CC to link under sequent, because it throws in some extra .o # files that make .init and .fini sections work. _LT_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h $soname -o $lib $libobjs $deplibs $compiler_flags' else _LT_TAGVAR(archive_cmds, $1)='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags' fi _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_minus_L, $1)=yes _LT_TAGVAR(hardcode_shlibpath_var, $1)=no ;; sysv4) case $host_vendor in sni) _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' _LT_TAGVAR(hardcode_direct, $1)=yes # is this really true??? ;; siemens) ## LD is ld it makes a PLAMLIB ## CC just makes a GrossModule. _LT_TAGVAR(archive_cmds, $1)='$LD -G -o $lib $libobjs $deplibs $linker_flags' _LT_TAGVAR(reload_cmds, $1)='$CC -r -o $output$reload_objs' _LT_TAGVAR(hardcode_direct, $1)=no ;; motorola) _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' _LT_TAGVAR(hardcode_direct, $1)=no #Motorola manual says yes, but my tests say they lie ;; esac runpath_var='LD_RUN_PATH' _LT_TAGVAR(hardcode_shlibpath_var, $1)=no ;; sysv4.3*) _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' _LT_TAGVAR(hardcode_shlibpath_var, $1)=no _LT_TAGVAR(export_dynamic_flag_spec, $1)='-Bexport' ;; sysv4*MP*) if test -d /usr/nec; then _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' _LT_TAGVAR(hardcode_shlibpath_var, $1)=no runpath_var=LD_RUN_PATH hardcode_runpath_var=yes _LT_TAGVAR(ld_shlibs, $1)=yes fi ;; sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[[01]].[[10]]* | unixware7* | sco3.2v5.0.[[024]]*) _LT_TAGVAR(no_undefined_flag, $1)='${wl}-z,text' _LT_TAGVAR(archive_cmds_need_lc, $1)=no _LT_TAGVAR(hardcode_shlibpath_var, $1)=no runpath_var='LD_RUN_PATH' if test "$GCC" = yes; then _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' else _LT_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' fi ;; sysv5* | sco3.2v5* | sco5v6*) # Note: We can NOT use -z defs as we might desire, because we do not # link with -lc, and that would cause any symbols used from libc to # always be unresolved, which means just about no library would # ever link correctly. If we're not using GNU ld we use -z text # though, which does catch some bad symbols but isn't as heavy-handed # as -z defs. _LT_TAGVAR(no_undefined_flag, $1)='${wl}-z,text' _LT_TAGVAR(allow_undefined_flag, $1)='${wl}-z,nodefs' _LT_TAGVAR(archive_cmds_need_lc, $1)=no _LT_TAGVAR(hardcode_shlibpath_var, $1)=no _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R,$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=':' _LT_TAGVAR(link_all_deplibs, $1)=yes _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-Bexport' runpath_var='LD_RUN_PATH' if test "$GCC" = yes; then _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' else _LT_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' fi ;; uts4*) _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' _LT_TAGVAR(hardcode_shlibpath_var, $1)=no ;; *) _LT_TAGVAR(ld_shlibs, $1)=no ;; esac if test x$host_vendor = xsni; then case $host in sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*) _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-Blargedynsym' ;; esac fi fi ]) AC_MSG_RESULT([$_LT_TAGVAR(ld_shlibs, $1)]) test "$_LT_TAGVAR(ld_shlibs, $1)" = no && can_build_shared=no _LT_TAGVAR(with_gnu_ld, $1)=$with_gnu_ld _LT_DECL([], [libext], [0], [Old archive suffix (normally "a")])dnl _LT_DECL([], [shrext_cmds], [1], [Shared library suffix (normally ".so")])dnl _LT_DECL([], [extract_expsyms_cmds], [2], [The commands to extract the exported symbol list from a shared archive]) # # Do we need to explicitly link libc? # case "x$_LT_TAGVAR(archive_cmds_need_lc, $1)" in x|xyes) # Assume -lc should be added _LT_TAGVAR(archive_cmds_need_lc, $1)=yes if test "$enable_shared" = yes && test "$GCC" = yes; then case $_LT_TAGVAR(archive_cmds, $1) in *'~'*) # FIXME: we may have to deal with multi-command sequences. ;; '$CC '*) # Test whether the compiler implicitly links with -lc since on some # systems, -lgcc has to come before -lc. If gcc already passes -lc # to ld, don't add -lc before -lgcc. AC_CACHE_CHECK([whether -lc should be explicitly linked in], [lt_cv_]_LT_TAGVAR(archive_cmds_need_lc, $1), [$RM conftest* echo "$lt_simple_compile_test_code" > conftest.$ac_ext if AC_TRY_EVAL(ac_compile) 2>conftest.err; then soname=conftest lib=conftest libobjs=conftest.$ac_objext deplibs= wl=$_LT_TAGVAR(lt_prog_compiler_wl, $1) pic_flag=$_LT_TAGVAR(lt_prog_compiler_pic, $1) compiler_flags=-v linker_flags=-v verstring= output_objdir=. libname=conftest lt_save_allow_undefined_flag=$_LT_TAGVAR(allow_undefined_flag, $1) _LT_TAGVAR(allow_undefined_flag, $1)= if AC_TRY_EVAL(_LT_TAGVAR(archive_cmds, $1) 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1) then lt_cv_[]_LT_TAGVAR(archive_cmds_need_lc, $1)=no else lt_cv_[]_LT_TAGVAR(archive_cmds_need_lc, $1)=yes fi _LT_TAGVAR(allow_undefined_flag, $1)=$lt_save_allow_undefined_flag else cat conftest.err 1>&5 fi $RM conftest* ]) _LT_TAGVAR(archive_cmds_need_lc, $1)=$lt_cv_[]_LT_TAGVAR(archive_cmds_need_lc, $1) ;; esac fi ;; esac _LT_TAGDECL([build_libtool_need_lc], [archive_cmds_need_lc], [0], [Whether or not to add -lc for building shared libraries]) _LT_TAGDECL([allow_libtool_libs_with_static_runtimes], [enable_shared_with_static_runtimes], [0], [Whether or not to disallow shared libs when runtime libs are static]) _LT_TAGDECL([], [export_dynamic_flag_spec], [1], [Compiler flag to allow reflexive dlopens]) _LT_TAGDECL([], [whole_archive_flag_spec], [1], [Compiler flag to generate shared objects directly from archives]) _LT_TAGDECL([], [compiler_needs_object], [1], [Whether the compiler copes with passing no objects directly]) _LT_TAGDECL([], [old_archive_from_new_cmds], [2], [Create an old-style archive from a shared archive]) _LT_TAGDECL([], [old_archive_from_expsyms_cmds], [2], [Create a temporary old-style archive to link instead of a shared archive]) _LT_TAGDECL([], [archive_cmds], [2], [Commands used to build a shared archive]) _LT_TAGDECL([], [archive_expsym_cmds], [2]) _LT_TAGDECL([], [module_cmds], [2], [Commands used to build a loadable module if different from building a shared archive.]) _LT_TAGDECL([], [module_expsym_cmds], [2]) _LT_TAGDECL([], [with_gnu_ld], [1], [Whether we are building with GNU ld or not]) _LT_TAGDECL([], [allow_undefined_flag], [1], [Flag that allows shared libraries with undefined symbols to be built]) _LT_TAGDECL([], [no_undefined_flag], [1], [Flag that enforces no undefined symbols]) _LT_TAGDECL([], [hardcode_libdir_flag_spec], [1], [Flag to hardcode $libdir into a binary during linking. This must work even if $libdir does not exist]) _LT_TAGDECL([], [hardcode_libdir_separator], [1], [Whether we need a single "-rpath" flag with a separated argument]) _LT_TAGDECL([], [hardcode_direct], [0], [Set to "yes" if using DIR/libNAME${shared_ext} during linking hardcodes DIR into the resulting binary]) _LT_TAGDECL([], [hardcode_direct_absolute], [0], [Set to "yes" if using DIR/libNAME${shared_ext} during linking hardcodes DIR into the resulting binary and the resulting library dependency is "absolute", i.e impossible to change by setting ${shlibpath_var} if the library is relocated]) _LT_TAGDECL([], [hardcode_minus_L], [0], [Set to "yes" if using the -LDIR flag during linking hardcodes DIR into the resulting binary]) _LT_TAGDECL([], [hardcode_shlibpath_var], [0], [Set to "yes" if using SHLIBPATH_VAR=DIR during linking hardcodes DIR into the resulting binary]) _LT_TAGDECL([], [hardcode_automatic], [0], [Set to "yes" if building a shared library automatically hardcodes DIR into the library and all subsequent libraries and executables linked against it]) _LT_TAGDECL([], [inherit_rpath], [0], [Set to yes if linker adds runtime paths of dependent libraries to runtime path list]) _LT_TAGDECL([], [link_all_deplibs], [0], [Whether libtool must link a program against all its dependency libraries]) _LT_TAGDECL([], [always_export_symbols], [0], [Set to "yes" if exported symbols are required]) _LT_TAGDECL([], [export_symbols_cmds], [2], [The commands to list exported symbols]) _LT_TAGDECL([], [exclude_expsyms], [1], [Symbols that should not be listed in the preloaded symbols]) _LT_TAGDECL([], [include_expsyms], [1], [Symbols that must always be exported]) _LT_TAGDECL([], [prelink_cmds], [2], [Commands necessary for linking programs (against libraries) with templates]) _LT_TAGDECL([], [postlink_cmds], [2], [Commands necessary for finishing linking programs]) _LT_TAGDECL([], [file_list_spec], [1], [Specify filename containing input files]) dnl FIXME: Not yet implemented dnl _LT_TAGDECL([], [thread_safe_flag_spec], [1], dnl [Compiler flag to generate thread safe objects]) ])# _LT_LINKER_SHLIBS # _LT_LANG_C_CONFIG([TAG]) # ------------------------ # Ensure that the configuration variables for a C compiler are suitably # defined. These variables are subsequently used by _LT_CONFIG to write # the compiler configuration to `libtool'. m4_defun([_LT_LANG_C_CONFIG], [m4_require([_LT_DECL_EGREP])dnl lt_save_CC="$CC" AC_LANG_PUSH(C) # Source file extension for C test sources. ac_ext=c # Object file extension for compiled C test sources. objext=o _LT_TAGVAR(objext, $1)=$objext # Code to be used in simple compile tests lt_simple_compile_test_code="int some_variable = 0;" # Code to be used in simple link tests lt_simple_link_test_code='int main(){return(0);}' _LT_TAG_COMPILER # Save the default compiler, since it gets overwritten when the other # tags are being tested, and _LT_TAGVAR(compiler, []) is a NOP. compiler_DEFAULT=$CC # save warnings/boilerplate of simple test code _LT_COMPILER_BOILERPLATE _LT_LINKER_BOILERPLATE ## CAVEAT EMPTOR: ## There is no encapsulation within the following macros, do not change ## the running order or otherwise move them around unless you know exactly ## what you are doing... if test -n "$compiler"; then _LT_COMPILER_NO_RTTI($1) _LT_COMPILER_PIC($1) _LT_COMPILER_C_O($1) _LT_COMPILER_FILE_LOCKS($1) _LT_LINKER_SHLIBS($1) _LT_SYS_DYNAMIC_LINKER($1) _LT_LINKER_HARDCODE_LIBPATH($1) LT_SYS_DLOPEN_SELF _LT_CMD_STRIPLIB # Report which library types will actually be built AC_MSG_CHECKING([if libtool supports shared libraries]) AC_MSG_RESULT([$can_build_shared]) AC_MSG_CHECKING([whether to build shared libraries]) test "$can_build_shared" = "no" && enable_shared=no # On AIX, shared libraries and static libraries use the same namespace, and # are all built from PIC. case $host_os in aix3*) test "$enable_shared" = yes && enable_static=no if test -n "$RANLIB"; then archive_cmds="$archive_cmds~\$RANLIB \$lib" postinstall_cmds='$RANLIB $lib' fi ;; aix[[4-9]]*) if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then test "$enable_shared" = yes && enable_static=no fi ;; esac AC_MSG_RESULT([$enable_shared]) AC_MSG_CHECKING([whether to build static libraries]) # Make sure either enable_shared or enable_static is yes. test "$enable_shared" = yes || enable_static=yes AC_MSG_RESULT([$enable_static]) _LT_CONFIG($1) fi AC_LANG_POP CC="$lt_save_CC" ])# _LT_LANG_C_CONFIG # _LT_LANG_CXX_CONFIG([TAG]) # -------------------------- # Ensure that the configuration variables for a C++ compiler are suitably # defined. These variables are subsequently used by _LT_CONFIG to write # the compiler configuration to `libtool'. m4_defun([_LT_LANG_CXX_CONFIG], [m4_require([_LT_FILEUTILS_DEFAULTS])dnl m4_require([_LT_DECL_EGREP])dnl m4_require([_LT_PATH_MANIFEST_TOOL])dnl if test -n "$CXX" && ( test "X$CXX" != "Xno" && ( (test "X$CXX" = "Xg++" && `g++ -v >/dev/null 2>&1` ) || (test "X$CXX" != "Xg++"))) ; then AC_PROG_CXXCPP else _lt_caught_CXX_error=yes fi AC_LANG_PUSH(C++) _LT_TAGVAR(archive_cmds_need_lc, $1)=no _LT_TAGVAR(allow_undefined_flag, $1)= _LT_TAGVAR(always_export_symbols, $1)=no _LT_TAGVAR(archive_expsym_cmds, $1)= _LT_TAGVAR(compiler_needs_object, $1)=no _LT_TAGVAR(export_dynamic_flag_spec, $1)= _LT_TAGVAR(hardcode_direct, $1)=no _LT_TAGVAR(hardcode_direct_absolute, $1)=no _LT_TAGVAR(hardcode_libdir_flag_spec, $1)= _LT_TAGVAR(hardcode_libdir_separator, $1)= _LT_TAGVAR(hardcode_minus_L, $1)=no _LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported _LT_TAGVAR(hardcode_automatic, $1)=no _LT_TAGVAR(inherit_rpath, $1)=no _LT_TAGVAR(module_cmds, $1)= _LT_TAGVAR(module_expsym_cmds, $1)= _LT_TAGVAR(link_all_deplibs, $1)=unknown _LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds _LT_TAGVAR(reload_flag, $1)=$reload_flag _LT_TAGVAR(reload_cmds, $1)=$reload_cmds _LT_TAGVAR(no_undefined_flag, $1)= _LT_TAGVAR(whole_archive_flag_spec, $1)= _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no # Source file extension for C++ test sources. ac_ext=cpp # Object file extension for compiled C++ test sources. objext=o _LT_TAGVAR(objext, $1)=$objext # No sense in running all these tests if we already determined that # the CXX compiler isn't working. Some variables (like enable_shared) # are currently assumed to apply to all compilers on this platform, # and will be corrupted by setting them based on a non-working compiler. if test "$_lt_caught_CXX_error" != yes; then # Code to be used in simple compile tests lt_simple_compile_test_code="int some_variable = 0;" # Code to be used in simple link tests lt_simple_link_test_code='int main(int, char *[[]]) { return(0); }' # ltmain only uses $CC for tagged configurations so make sure $CC is set. _LT_TAG_COMPILER # save warnings/boilerplate of simple test code _LT_COMPILER_BOILERPLATE _LT_LINKER_BOILERPLATE # Allow CC to be a program name with arguments. lt_save_CC=$CC lt_save_CFLAGS=$CFLAGS lt_save_LD=$LD lt_save_GCC=$GCC GCC=$GXX lt_save_with_gnu_ld=$with_gnu_ld lt_save_path_LD=$lt_cv_path_LD if test -n "${lt_cv_prog_gnu_ldcxx+set}"; then lt_cv_prog_gnu_ld=$lt_cv_prog_gnu_ldcxx else $as_unset lt_cv_prog_gnu_ld fi if test -n "${lt_cv_path_LDCXX+set}"; then lt_cv_path_LD=$lt_cv_path_LDCXX else $as_unset lt_cv_path_LD fi test -z "${LDCXX+set}" || LD=$LDCXX CC=${CXX-"c++"} CFLAGS=$CXXFLAGS compiler=$CC _LT_TAGVAR(compiler, $1)=$CC _LT_CC_BASENAME([$compiler]) if test -n "$compiler"; then # We don't want -fno-exception when compiling C++ code, so set the # no_builtin_flag separately if test "$GXX" = yes; then _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -fno-builtin' else _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)= fi if test "$GXX" = yes; then # Set up default GNU C++ configuration LT_PATH_LD # Check if GNU C++ uses GNU ld as the underlying linker, since the # archiving commands below assume that GNU ld is being used. if test "$with_gnu_ld" = yes; then _LT_TAGVAR(archive_cmds, $1)='$CC $pic_flag -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC $pic_flag -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' # If archive_cmds runs LD, not CC, wlarc should be empty # XXX I think wlarc can be eliminated in ltcf-cxx, but I need to # investigate it a little bit more. (MM) wlarc='${wl}' # ancient GNU ld didn't support --whole-archive et. al. if eval "`$CC -print-prog-name=ld` --help 2>&1" | $GREP 'no-whole-archive' > /dev/null; then _LT_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive' else _LT_TAGVAR(whole_archive_flag_spec, $1)= fi else with_gnu_ld=no wlarc= # A generic and very simple default shared library creation # command for GNU C++ for the case where it uses the native # linker, instead of GNU ld. If possible, this setting should # overridden to take advantage of the native linker features on # the platform it is being used on. _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib' fi # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"' else GXX=no with_gnu_ld=no wlarc= fi # PORTME: fill in a description of your system's C++ link characteristics AC_MSG_CHECKING([whether the $compiler linker ($LD) supports shared libraries]) _LT_TAGVAR(ld_shlibs, $1)=yes case $host_os in aix3*) # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; aix[[4-9]]*) if test "$host_cpu" = ia64; then # On IA64, the linker does run time linking by default, so we don't # have to do anything special. aix_use_runtimelinking=no exp_sym_flag='-Bexport' no_entry_flag="" else aix_use_runtimelinking=no # Test if we are trying to use run time linking or normal # AIX style linking. If -brtl is somewhere in LDFLAGS, we # need to do runtime linking. case $host_os in aix4.[[23]]|aix4.[[23]].*|aix[[5-9]]*) for ld_flag in $LDFLAGS; do case $ld_flag in *-brtl*) aix_use_runtimelinking=yes break ;; esac done ;; esac exp_sym_flag='-bexport' no_entry_flag='-bnoentry' fi # When large executables or shared objects are built, AIX ld can # have problems creating the table of contents. If linking a library # or program results in "error TOC overflow" add -mminimal-toc to # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS. _LT_TAGVAR(archive_cmds, $1)='' _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_direct_absolute, $1)=yes _LT_TAGVAR(hardcode_libdir_separator, $1)=':' _LT_TAGVAR(link_all_deplibs, $1)=yes _LT_TAGVAR(file_list_spec, $1)='${wl}-f,' if test "$GXX" = yes; then case $host_os in aix4.[[012]]|aix4.[[012]].*) # We only want to do this on AIX 4.2 and lower, the check # below for broken collect2 doesn't work under 4.3+ collect2name=`${CC} -print-prog-name=collect2` if test -f "$collect2name" && strings "$collect2name" | $GREP resolve_lib_name >/dev/null then # We have reworked collect2 : else # We have old collect2 _LT_TAGVAR(hardcode_direct, $1)=unsupported # It fails to find uninstalled libraries when the uninstalled # path is not listed in the libpath. Setting hardcode_minus_L # to unsupported forces relinking _LT_TAGVAR(hardcode_minus_L, $1)=yes _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)= fi esac shared_flag='-shared' if test "$aix_use_runtimelinking" = yes; then shared_flag="$shared_flag "'${wl}-G' fi else # not using gcc if test "$host_cpu" = ia64; then # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release # chokes on -Wl,-G. The following line is correct: shared_flag='-G' else if test "$aix_use_runtimelinking" = yes; then shared_flag='${wl}-G' else shared_flag='${wl}-bM:SRE' fi fi fi _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-bexpall' # It seems that -bexpall does not export symbols beginning with # underscore (_), so it is better to generate a list of symbols to # export. _LT_TAGVAR(always_export_symbols, $1)=yes if test "$aix_use_runtimelinking" = yes; then # Warning - without using the other runtime loading flags (-brtl), # -berok will link without error, but may produce a broken library. _LT_TAGVAR(allow_undefined_flag, $1)='-berok' # Determine the default libpath from the value encoded in an empty # executable. _LT_SYS_MODULE_PATH_AIX([$1]) _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath" _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then func_echo_all "${wl}${allow_undefined_flag}"; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag" else if test "$host_cpu" = ia64; then _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R $libdir:/usr/lib:/lib' _LT_TAGVAR(allow_undefined_flag, $1)="-z nodefs" _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols" else # Determine the default libpath from the value encoded in an # empty executable. _LT_SYS_MODULE_PATH_AIX([$1]) _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath" # Warning - without using the other run time loading flags, # -berok will link without error, but may produce a broken library. _LT_TAGVAR(no_undefined_flag, $1)=' ${wl}-bernotok' _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-berok' if test "$with_gnu_ld" = yes; then # We only use this code for GNU lds that support --whole-archive. _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive$convenience ${wl}--no-whole-archive' else # Exported symbols can be pulled into shared objects from archives _LT_TAGVAR(whole_archive_flag_spec, $1)='$convenience' fi _LT_TAGVAR(archive_cmds_need_lc, $1)=yes # This is similar to how AIX traditionally builds its shared # libraries. _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname' fi fi ;; beos*) if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then _LT_TAGVAR(allow_undefined_flag, $1)=unsupported # Joseph Beckenbach says some releases of gcc # support --undefined. This deserves some investigation. FIXME _LT_TAGVAR(archive_cmds, $1)='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' else _LT_TAGVAR(ld_shlibs, $1)=no fi ;; chorus*) case $cc_basename in *) # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; esac ;; cygwin* | mingw* | pw32* | cegcc*) case $GXX,$cc_basename in ,cl* | no,cl*) # Native MSVC # hardcode_libdir_flag_spec is actually meaningless, as there is # no search path for DLLs. _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' ' _LT_TAGVAR(allow_undefined_flag, $1)=unsupported _LT_TAGVAR(always_export_symbols, $1)=yes _LT_TAGVAR(file_list_spec, $1)='@' # Tell ltmain to make .lib files, not .a files. libext=lib # Tell ltmain to make .dll files, not .so files. shrext_cmds=".dll" # FIXME: Setting linknames here is a bad hack. _LT_TAGVAR(archive_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-dll~linknames=' _LT_TAGVAR(archive_expsym_cmds, $1)='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then $SED -n -e 's/\\\\\\\(.*\\\\\\\)/-link\\\ -EXPORT:\\\\\\\1/' -e '1\\\!p' < $export_symbols > $output_objdir/$soname.exp; else $SED -e 's/\\\\\\\(.*\\\\\\\)/-link\\\ -EXPORT:\\\\\\\1/' < $export_symbols > $output_objdir/$soname.exp; fi~ $CC -o $tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~ linknames=' # The linker will not automatically build a static lib if we build a DLL. # _LT_TAGVAR(old_archive_from_new_cmds, $1)='true' _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes # Don't use ranlib _LT_TAGVAR(old_postinstall_cmds, $1)='chmod 644 $oldlib' _LT_TAGVAR(postlink_cmds, $1)='lt_outputfile="@OUTPUT@"~ lt_tool_outputfile="@TOOL_OUTPUT@"~ case $lt_outputfile in *.exe|*.EXE) ;; *) lt_outputfile="$lt_outputfile.exe" lt_tool_outputfile="$lt_tool_outputfile.exe" ;; esac~ func_to_tool_file "$lt_outputfile"~ if test "$MANIFEST_TOOL" != ":" && test -f "$lt_outputfile.manifest"; then $MANIFEST_TOOL -manifest "$lt_tool_outputfile.manifest" -outputresource:"$lt_tool_outputfile" || exit 1; $RM "$lt_outputfile.manifest"; fi' ;; *) # g++ # _LT_TAGVAR(hardcode_libdir_flag_spec, $1) is actually meaningless, # as there is no search path for DLLs. _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-all-symbols' _LT_TAGVAR(allow_undefined_flag, $1)=unsupported _LT_TAGVAR(always_export_symbols, $1)=no _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' # If the export-symbols file already is a .def file (1st line # is EXPORTS), use it as is; otherwise, prepend... _LT_TAGVAR(archive_expsym_cmds, $1)='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then cp $export_symbols $output_objdir/$soname.def; else echo EXPORTS > $output_objdir/$soname.def; cat $export_symbols >> $output_objdir/$soname.def; fi~ $CC -shared -nostdlib $output_objdir/$soname.def $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' else _LT_TAGVAR(ld_shlibs, $1)=no fi ;; esac ;; darwin* | rhapsody*) _LT_DARWIN_LINKER_FEATURES($1) ;; dgux*) case $cc_basename in ec++*) # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; ghcx*) # Green Hills C++ Compiler # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; *) # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; esac ;; freebsd2.*) # C++ shared libraries reported to be fairly broken before # switch to ELF _LT_TAGVAR(ld_shlibs, $1)=no ;; freebsd-elf*) _LT_TAGVAR(archive_cmds_need_lc, $1)=no ;; freebsd* | dragonfly*) # FreeBSD 3 and later use GNU C++ and GNU ld with standard ELF # conventions _LT_TAGVAR(ld_shlibs, $1)=yes ;; haiku*) _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' _LT_TAGVAR(link_all_deplibs, $1)=yes ;; hpux9*) _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_minus_L, $1)=yes # Not in the search PATH, # but as the default # location of the library. case $cc_basename in CC*) # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; aCC*) _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -b ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. # # There doesn't appear to be a way to prevent this compiler from # explicitly linking system object files so we need to strip them # from the output so that they don't get included in the library # dependencies. output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $EGREP "\-L"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"' ;; *) if test "$GXX" = yes; then _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -shared -nostdlib $pic_flag ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' else # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no fi ;; esac ;; hpux10*|hpux11*) if test $with_gnu_ld = no; then _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: case $host_cpu in hppa*64*|ia64*) ;; *) _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' ;; esac fi case $host_cpu in hppa*64*|ia64*) _LT_TAGVAR(hardcode_direct, $1)=no _LT_TAGVAR(hardcode_shlibpath_var, $1)=no ;; *) _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_direct_absolute, $1)=yes _LT_TAGVAR(hardcode_minus_L, $1)=yes # Not in the search PATH, # but as the default # location of the library. ;; esac case $cc_basename in CC*) # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; aCC*) case $host_cpu in hppa*64*) _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' ;; ia64*) _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' ;; *) _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' ;; esac # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. # # There doesn't appear to be a way to prevent this compiler from # explicitly linking system object files so we need to strip them # from the output so that they don't get included in the library # dependencies. output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $GREP "\-L"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"' ;; *) if test "$GXX" = yes; then if test $with_gnu_ld = no; then case $host_cpu in hppa*64*) _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib -fPIC ${wl}+h ${wl}$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' ;; ia64*) _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $pic_flag ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' ;; *) _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $pic_flag ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' ;; esac fi else # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no fi ;; esac ;; interix[[3-9]]*) _LT_TAGVAR(hardcode_direct, $1)=no _LT_TAGVAR(hardcode_shlibpath_var, $1)=no _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc. # Instead, shared libraries are loaded at an image base (0x10000000 by # default) and relocated if they conflict, which is a slow very memory # consuming and fragmenting process. To avoid this, we pick a random, # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link # time. Moving up from 0x10000000 also allows more sbrk(2) space. _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' ;; irix5* | irix6*) case $cc_basename in CC*) # SGI C++ _LT_TAGVAR(archive_cmds, $1)='$CC -shared -all -multigot $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib' # Archives containing C++ object files must be created using # "CC -ar", where "CC" is the IRIX C++ compiler. This is # necessary to make sure instantiated templates are included # in the archive. _LT_TAGVAR(old_archive_cmds, $1)='$CC -ar -WR,-u -o $oldlib $oldobjs' ;; *) if test "$GXX" = yes; then if test "$with_gnu_ld" = no; then _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' else _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` -o $lib' fi fi _LT_TAGVAR(link_all_deplibs, $1)=yes ;; esac _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: _LT_TAGVAR(inherit_rpath, $1)=yes ;; linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*) case $cc_basename in KCC*) # Kuck and Associates, Inc. (KAI) C++ Compiler # KCC will only create a shared library if the output file # ends with ".so" (or ".sl" for HP-UX), so rename the library # to its proper name (with version) after linking. _LT_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib ${wl}-retain-symbols-file,$export_symbols; mv \$templib $lib' # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. # # There doesn't appear to be a way to prevent this compiler from # explicitly linking system object files so we need to strip them # from the output so that they don't get included in the library # dependencies. output_verbose_link_cmd='templist=`$CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1 | $GREP "ld"`; rm -f libconftest$shared_ext; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' # Archives containing C++ object files must be created using # "CC -Bstatic", where "CC" is the KAI C++ compiler. _LT_TAGVAR(old_archive_cmds, $1)='$CC -Bstatic -o $oldlib $oldobjs' ;; icpc* | ecpc* ) # Intel C++ with_gnu_ld=yes # version 8.0 and above of icpc choke on multiply defined symbols # if we add $predep_objects and $postdep_objects, however 7.1 and # earlier do not add the objects themselves. case `$CC -V 2>&1` in *"Version 7."*) _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' ;; *) # Version 8.0 or newer tmp_idyn= case $host_cpu in ia64*) tmp_idyn=' -i_dynamic';; esac _LT_TAGVAR(archive_cmds, $1)='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' ;; esac _LT_TAGVAR(archive_cmds_need_lc, $1)=no _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive$convenience ${wl}--no-whole-archive' ;; pgCC* | pgcpp*) # Portland Group C++ compiler case `$CC -V` in *pgCC\ [[1-5]].* | *pgcpp\ [[1-5]].*) _LT_TAGVAR(prelink_cmds, $1)='tpldir=Template.dir~ rm -rf $tpldir~ $CC --prelink_objects --instantiation_dir $tpldir $objs $libobjs $compile_deplibs~ compile_command="$compile_command `find $tpldir -name \*.o | sort | $NL2SP`"' _LT_TAGVAR(old_archive_cmds, $1)='tpldir=Template.dir~ rm -rf $tpldir~ $CC --prelink_objects --instantiation_dir $tpldir $oldobjs$old_deplibs~ $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | sort | $NL2SP`~ $RANLIB $oldlib' _LT_TAGVAR(archive_cmds, $1)='tpldir=Template.dir~ rm -rf $tpldir~ $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~ $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='tpldir=Template.dir~ rm -rf $tpldir~ $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~ $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib' ;; *) # Version 6 and above use weak symbols _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib' ;; esac _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}--rpath ${wl}$libdir' _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive' ;; cxx*) # Compaq C++ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib ${wl}-retain-symbols-file $wl$export_symbols' runpath_var=LD_RUN_PATH _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. # # There doesn't appear to be a way to prevent this compiler from # explicitly linking system object files so we need to strip them # from the output so that they don't get included in the library # dependencies. output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld"`; templist=`func_echo_all "$templist" | $SED "s/\(^.*ld.*\)\( .*ld .*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "X$list" | $Xsed' ;; xl* | mpixl* | bgxl*) # IBM XL 8.0 on PPC, with GNU ld _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' _LT_TAGVAR(archive_cmds, $1)='$CC -qmkshrobj $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' if test "x$supports_anon_versioning" = xyes; then _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~ cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ echo "local: *; };" >> $output_objdir/$libname.ver~ $CC -qmkshrobj $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib' fi ;; *) case `$CC -V 2>&1 | sed 5q` in *Sun\ C*) # Sun C++ 5.9 _LT_TAGVAR(no_undefined_flag, $1)=' -zdefs' _LT_TAGVAR(archive_cmds, $1)='$CC -G${allow_undefined_flag} -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G${allow_undefined_flag} -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-retain-symbols-file ${wl}$export_symbols' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive' _LT_TAGVAR(compiler_needs_object, $1)=yes # Not sure whether something based on # $CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1 # would be better. output_verbose_link_cmd='func_echo_all' # Archives containing C++ object files must be created using # "CC -xar", where "CC" is the Sun C++ compiler. This is # necessary to make sure instantiated templates are included # in the archive. _LT_TAGVAR(old_archive_cmds, $1)='$CC -xar -o $oldlib $oldobjs' ;; esac ;; esac ;; lynxos*) # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; m88k*) # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; mvs*) case $cc_basename in cxx*) # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; *) # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; esac ;; netbsd*) if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $predep_objects $libobjs $deplibs $postdep_objects $linker_flags' wlarc= _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_shlibpath_var, $1)=no fi # Workaround some broken pre-1.5 toolchains output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP conftest.$objext | $SED -e "s:-lgcc -lc -lgcc::"' ;; *nto* | *qnx*) _LT_TAGVAR(ld_shlibs, $1)=yes ;; openbsd2*) # C++ shared libraries are fairly broken _LT_TAGVAR(ld_shlibs, $1)=no ;; openbsd*) if test -f /usr/libexec/ld.so; then _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_shlibpath_var, $1)=no _LT_TAGVAR(hardcode_direct_absolute, $1)=yes _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-retain-symbols-file,$export_symbols -o $lib' _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' _LT_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive' fi output_verbose_link_cmd=func_echo_all else _LT_TAGVAR(ld_shlibs, $1)=no fi ;; osf3* | osf4* | osf5*) case $cc_basename in KCC*) # Kuck and Associates, Inc. (KAI) C++ Compiler # KCC will only create a shared library if the output file # ends with ".so" (or ".sl" for HP-UX), so rename the library # to its proper name (with version) after linking. _LT_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo "$lib" | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: # Archives containing C++ object files must be created using # the KAI C++ compiler. case $host in osf3*) _LT_TAGVAR(old_archive_cmds, $1)='$CC -Bstatic -o $oldlib $oldobjs' ;; *) _LT_TAGVAR(old_archive_cmds, $1)='$CC -o $oldlib $oldobjs' ;; esac ;; RCC*) # Rational C++ 2.4.1 # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; cxx*) case $host in osf3*) _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*' _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $soname `test -n "$verstring" && func_echo_all "${wl}-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' ;; *) _LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*' _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done~ echo "-hidden">> $lib.exp~ $CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname ${wl}-input ${wl}$lib.exp `test -n "$verstring" && $ECHO "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib~ $RM $lib.exp' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir' ;; esac _LT_TAGVAR(hardcode_libdir_separator, $1)=: # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. # # There doesn't appear to be a way to prevent this compiler from # explicitly linking system object files so we need to strip them # from the output so that they don't get included in the library # dependencies. output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld" | $GREP -v "ld:"`; templist=`func_echo_all "$templist" | $SED "s/\(^.*ld.*\)\( .*ld.*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"' ;; *) if test "$GXX" = yes && test "$with_gnu_ld" = no; then _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*' case $host in osf3*) _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib ${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' ;; *) _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib ${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' ;; esac _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"' else # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no fi ;; esac ;; psos*) # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; sunos4*) case $cc_basename in CC*) # Sun C++ 4.x # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; lcc*) # Lucid # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; *) # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; esac ;; solaris*) case $cc_basename in CC* | sunCC*) # Sun C++ 4.2, 5.x and Centerline C++ _LT_TAGVAR(archive_cmds_need_lc,$1)=yes _LT_TAGVAR(no_undefined_flag, $1)=' -zdefs' _LT_TAGVAR(archive_cmds, $1)='$CC -G${allow_undefined_flag} -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ $CC -G${allow_undefined_flag} ${wl}-M ${wl}$lib.exp -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' _LT_TAGVAR(hardcode_shlibpath_var, $1)=no case $host_os in solaris2.[[0-5]] | solaris2.[[0-5]].*) ;; *) # The compiler driver will combine and reorder linker options, # but understands `-z linker_flag'. # Supported since Solaris 2.6 (maybe 2.5.1?) _LT_TAGVAR(whole_archive_flag_spec, $1)='-z allextract$convenience -z defaultextract' ;; esac _LT_TAGVAR(link_all_deplibs, $1)=yes output_verbose_link_cmd='func_echo_all' # Archives containing C++ object files must be created using # "CC -xar", where "CC" is the Sun C++ compiler. This is # necessary to make sure instantiated templates are included # in the archive. _LT_TAGVAR(old_archive_cmds, $1)='$CC -xar -o $oldlib $oldobjs' ;; gcx*) # Green Hills C++ Compiler _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib' # The C++ compiler must be used to create the archive. _LT_TAGVAR(old_archive_cmds, $1)='$CC $LDFLAGS -archive -o $oldlib $oldobjs' ;; *) # GNU C++ compiler with Solaris linker if test "$GXX" = yes && test "$with_gnu_ld" = no; then _LT_TAGVAR(no_undefined_flag, $1)=' ${wl}-z ${wl}defs' if $CC --version | $GREP -v '^2\.7' > /dev/null; then _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $LDFLAGS $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ $CC -shared $pic_flag -nostdlib ${wl}-M $wl$lib.exp -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp' # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"' else # g++ 2.7 appears to require `-G' NOT `-shared' on this # platform. _LT_TAGVAR(archive_cmds, $1)='$CC -G -nostdlib $LDFLAGS $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ $CC -G -nostdlib ${wl}-M $wl$lib.exp -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp' # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. output_verbose_link_cmd='$CC -G $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"' fi _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R $wl$libdir' case $host_os in solaris2.[[0-5]] | solaris2.[[0-5]].*) ;; *) _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}-z ${wl}allextract$convenience ${wl}-z ${wl}defaultextract' ;; esac fi ;; esac ;; sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[[01]].[[10]]* | unixware7* | sco3.2v5.0.[[024]]*) _LT_TAGVAR(no_undefined_flag, $1)='${wl}-z,text' _LT_TAGVAR(archive_cmds_need_lc, $1)=no _LT_TAGVAR(hardcode_shlibpath_var, $1)=no runpath_var='LD_RUN_PATH' case $cc_basename in CC*) _LT_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' ;; *) _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' ;; esac ;; sysv5* | sco3.2v5* | sco5v6*) # Note: We can NOT use -z defs as we might desire, because we do not # link with -lc, and that would cause any symbols used from libc to # always be unresolved, which means just about no library would # ever link correctly. If we're not using GNU ld we use -z text # though, which does catch some bad symbols but isn't as heavy-handed # as -z defs. _LT_TAGVAR(no_undefined_flag, $1)='${wl}-z,text' _LT_TAGVAR(allow_undefined_flag, $1)='${wl}-z,nodefs' _LT_TAGVAR(archive_cmds_need_lc, $1)=no _LT_TAGVAR(hardcode_shlibpath_var, $1)=no _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R,$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=':' _LT_TAGVAR(link_all_deplibs, $1)=yes _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-Bexport' runpath_var='LD_RUN_PATH' case $cc_basename in CC*) _LT_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' _LT_TAGVAR(old_archive_cmds, $1)='$CC -Tprelink_objects $oldobjs~ '"$_LT_TAGVAR(old_archive_cmds, $1)" _LT_TAGVAR(reload_cmds, $1)='$CC -Tprelink_objects $reload_objs~ '"$_LT_TAGVAR(reload_cmds, $1)" ;; *) _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' ;; esac ;; tandem*) case $cc_basename in NCC*) # NonStop-UX NCC 3.20 # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; *) # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; esac ;; vxworks*) # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; *) # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; esac AC_MSG_RESULT([$_LT_TAGVAR(ld_shlibs, $1)]) test "$_LT_TAGVAR(ld_shlibs, $1)" = no && can_build_shared=no _LT_TAGVAR(GCC, $1)="$GXX" _LT_TAGVAR(LD, $1)="$LD" ## CAVEAT EMPTOR: ## There is no encapsulation within the following macros, do not change ## the running order or otherwise move them around unless you know exactly ## what you are doing... _LT_SYS_HIDDEN_LIBDEPS($1) _LT_COMPILER_PIC($1) _LT_COMPILER_C_O($1) _LT_COMPILER_FILE_LOCKS($1) _LT_LINKER_SHLIBS($1) _LT_SYS_DYNAMIC_LINKER($1) _LT_LINKER_HARDCODE_LIBPATH($1) _LT_CONFIG($1) fi # test -n "$compiler" CC=$lt_save_CC CFLAGS=$lt_save_CFLAGS LDCXX=$LD LD=$lt_save_LD GCC=$lt_save_GCC with_gnu_ld=$lt_save_with_gnu_ld lt_cv_path_LDCXX=$lt_cv_path_LD lt_cv_path_LD=$lt_save_path_LD lt_cv_prog_gnu_ldcxx=$lt_cv_prog_gnu_ld lt_cv_prog_gnu_ld=$lt_save_with_gnu_ld fi # test "$_lt_caught_CXX_error" != yes AC_LANG_POP ])# _LT_LANG_CXX_CONFIG # _LT_FUNC_STRIPNAME_CNF # ---------------------- # func_stripname_cnf prefix suffix name # strip PREFIX and SUFFIX off of NAME. # PREFIX and SUFFIX must not contain globbing or regex special # characters, hashes, percent signs, but SUFFIX may contain a leading # dot (in which case that matches only a dot). # # This function is identical to the (non-XSI) version of func_stripname, # except this one can be used by m4 code that may be executed by configure, # rather than the libtool script. m4_defun([_LT_FUNC_STRIPNAME_CNF],[dnl AC_REQUIRE([_LT_DECL_SED]) AC_REQUIRE([_LT_PROG_ECHO_BACKSLASH]) func_stripname_cnf () { case ${2} in .*) func_stripname_result=`$ECHO "${3}" | $SED "s%^${1}%%; s%\\\\${2}\$%%"`;; *) func_stripname_result=`$ECHO "${3}" | $SED "s%^${1}%%; s%${2}\$%%"`;; esac } # func_stripname_cnf ])# _LT_FUNC_STRIPNAME_CNF # _LT_SYS_HIDDEN_LIBDEPS([TAGNAME]) # --------------------------------- # Figure out "hidden" library dependencies from verbose # compiler output when linking a shared library. # Parse the compiler output and extract the necessary # objects, libraries and library flags. m4_defun([_LT_SYS_HIDDEN_LIBDEPS], [m4_require([_LT_FILEUTILS_DEFAULTS])dnl AC_REQUIRE([_LT_FUNC_STRIPNAME_CNF])dnl # Dependencies to place before and after the object being linked: _LT_TAGVAR(predep_objects, $1)= _LT_TAGVAR(postdep_objects, $1)= _LT_TAGVAR(predeps, $1)= _LT_TAGVAR(postdeps, $1)= _LT_TAGVAR(compiler_lib_search_path, $1)= dnl we can't use the lt_simple_compile_test_code here, dnl because it contains code intended for an executable, dnl not a library. It's possible we should let each dnl tag define a new lt_????_link_test_code variable, dnl but it's only used here... m4_if([$1], [], [cat > conftest.$ac_ext <<_LT_EOF int a; void foo (void) { a = 0; } _LT_EOF ], [$1], [CXX], [cat > conftest.$ac_ext <<_LT_EOF class Foo { public: Foo (void) { a = 0; } private: int a; }; _LT_EOF ], [$1], [F77], [cat > conftest.$ac_ext <<_LT_EOF subroutine foo implicit none integer*4 a a=0 return end _LT_EOF ], [$1], [FC], [cat > conftest.$ac_ext <<_LT_EOF subroutine foo implicit none integer a a=0 return end _LT_EOF ], [$1], [GCJ], [cat > conftest.$ac_ext <<_LT_EOF public class foo { private int a; public void bar (void) { a = 0; } }; _LT_EOF ], [$1], [GO], [cat > conftest.$ac_ext <<_LT_EOF package foo func foo() { } _LT_EOF ]) _lt_libdeps_save_CFLAGS=$CFLAGS case "$CC $CFLAGS " in #( *\ -flto*\ *) CFLAGS="$CFLAGS -fno-lto" ;; *\ -fwhopr*\ *) CFLAGS="$CFLAGS -fno-whopr" ;; *\ -fuse-linker-plugin*\ *) CFLAGS="$CFLAGS -fno-use-linker-plugin" ;; esac dnl Parse the compiler output and extract the necessary dnl objects, libraries and library flags. if AC_TRY_EVAL(ac_compile); then # Parse the compiler output and extract the necessary # objects, libraries and library flags. # Sentinel used to keep track of whether or not we are before # the conftest object file. pre_test_object_deps_done=no for p in `eval "$output_verbose_link_cmd"`; do case ${prev}${p} in -L* | -R* | -l*) # Some compilers place space between "-{L,R}" and the path. # Remove the space. if test $p = "-L" || test $p = "-R"; then prev=$p continue fi # Expand the sysroot to ease extracting the directories later. if test -z "$prev"; then case $p in -L*) func_stripname_cnf '-L' '' "$p"; prev=-L; p=$func_stripname_result ;; -R*) func_stripname_cnf '-R' '' "$p"; prev=-R; p=$func_stripname_result ;; -l*) func_stripname_cnf '-l' '' "$p"; prev=-l; p=$func_stripname_result ;; esac fi case $p in =*) func_stripname_cnf '=' '' "$p"; p=$lt_sysroot$func_stripname_result ;; esac if test "$pre_test_object_deps_done" = no; then case ${prev} in -L | -R) # Internal compiler library paths should come after those # provided the user. The postdeps already come after the # user supplied libs so there is no need to process them. if test -z "$_LT_TAGVAR(compiler_lib_search_path, $1)"; then _LT_TAGVAR(compiler_lib_search_path, $1)="${prev}${p}" else _LT_TAGVAR(compiler_lib_search_path, $1)="${_LT_TAGVAR(compiler_lib_search_path, $1)} ${prev}${p}" fi ;; # The "-l" case would never come before the object being # linked, so don't bother handling this case. esac else if test -z "$_LT_TAGVAR(postdeps, $1)"; then _LT_TAGVAR(postdeps, $1)="${prev}${p}" else _LT_TAGVAR(postdeps, $1)="${_LT_TAGVAR(postdeps, $1)} ${prev}${p}" fi fi prev= ;; *.lto.$objext) ;; # Ignore GCC LTO objects *.$objext) # This assumes that the test object file only shows up # once in the compiler output. if test "$p" = "conftest.$objext"; then pre_test_object_deps_done=yes continue fi if test "$pre_test_object_deps_done" = no; then if test -z "$_LT_TAGVAR(predep_objects, $1)"; then _LT_TAGVAR(predep_objects, $1)="$p" else _LT_TAGVAR(predep_objects, $1)="$_LT_TAGVAR(predep_objects, $1) $p" fi else if test -z "$_LT_TAGVAR(postdep_objects, $1)"; then _LT_TAGVAR(postdep_objects, $1)="$p" else _LT_TAGVAR(postdep_objects, $1)="$_LT_TAGVAR(postdep_objects, $1) $p" fi fi ;; *) ;; # Ignore the rest. esac done # Clean up. rm -f a.out a.exe else echo "libtool.m4: error: problem compiling $1 test program" fi $RM -f confest.$objext CFLAGS=$_lt_libdeps_save_CFLAGS # PORTME: override above test on systems where it is broken m4_if([$1], [CXX], [case $host_os in interix[[3-9]]*) # Interix 3.5 installs completely hosed .la files for C++, so rather than # hack all around it, let's just trust "g++" to DTRT. _LT_TAGVAR(predep_objects,$1)= _LT_TAGVAR(postdep_objects,$1)= _LT_TAGVAR(postdeps,$1)= ;; linux*) case `$CC -V 2>&1 | sed 5q` in *Sun\ C*) # Sun C++ 5.9 # The more standards-conforming stlport4 library is # incompatible with the Cstd library. Avoid specifying # it if it's in CXXFLAGS. Ignore libCrun as # -library=stlport4 depends on it. case " $CXX $CXXFLAGS " in *" -library=stlport4 "*) solaris_use_stlport4=yes ;; esac if test "$solaris_use_stlport4" != yes; then _LT_TAGVAR(postdeps,$1)='-library=Cstd -library=Crun' fi ;; esac ;; solaris*) case $cc_basename in CC* | sunCC*) # The more standards-conforming stlport4 library is # incompatible with the Cstd library. Avoid specifying # it if it's in CXXFLAGS. Ignore libCrun as # -library=stlport4 depends on it. case " $CXX $CXXFLAGS " in *" -library=stlport4 "*) solaris_use_stlport4=yes ;; esac # Adding this requires a known-good setup of shared libraries for # Sun compiler versions before 5.6, else PIC objects from an old # archive will be linked into the output, leading to subtle bugs. if test "$solaris_use_stlport4" != yes; then _LT_TAGVAR(postdeps,$1)='-library=Cstd -library=Crun' fi ;; esac ;; esac ]) case " $_LT_TAGVAR(postdeps, $1) " in *" -lc "*) _LT_TAGVAR(archive_cmds_need_lc, $1)=no ;; esac _LT_TAGVAR(compiler_lib_search_dirs, $1)= if test -n "${_LT_TAGVAR(compiler_lib_search_path, $1)}"; then _LT_TAGVAR(compiler_lib_search_dirs, $1)=`echo " ${_LT_TAGVAR(compiler_lib_search_path, $1)}" | ${SED} -e 's! -L! !g' -e 's!^ !!'` fi _LT_TAGDECL([], [compiler_lib_search_dirs], [1], [The directories searched by this compiler when creating a shared library]) _LT_TAGDECL([], [predep_objects], [1], [Dependencies to place before and after the objects being linked to create a shared library]) _LT_TAGDECL([], [postdep_objects], [1]) _LT_TAGDECL([], [predeps], [1]) _LT_TAGDECL([], [postdeps], [1]) _LT_TAGDECL([], [compiler_lib_search_path], [1], [The library search path used internally by the compiler when linking a shared library]) ])# _LT_SYS_HIDDEN_LIBDEPS # _LT_LANG_F77_CONFIG([TAG]) # -------------------------- # Ensure that the configuration variables for a Fortran 77 compiler are # suitably defined. These variables are subsequently used by _LT_CONFIG # to write the compiler configuration to `libtool'. m4_defun([_LT_LANG_F77_CONFIG], [AC_LANG_PUSH(Fortran 77) if test -z "$F77" || test "X$F77" = "Xno"; then _lt_disable_F77=yes fi _LT_TAGVAR(archive_cmds_need_lc, $1)=no _LT_TAGVAR(allow_undefined_flag, $1)= _LT_TAGVAR(always_export_symbols, $1)=no _LT_TAGVAR(archive_expsym_cmds, $1)= _LT_TAGVAR(export_dynamic_flag_spec, $1)= _LT_TAGVAR(hardcode_direct, $1)=no _LT_TAGVAR(hardcode_direct_absolute, $1)=no _LT_TAGVAR(hardcode_libdir_flag_spec, $1)= _LT_TAGVAR(hardcode_libdir_separator, $1)= _LT_TAGVAR(hardcode_minus_L, $1)=no _LT_TAGVAR(hardcode_automatic, $1)=no _LT_TAGVAR(inherit_rpath, $1)=no _LT_TAGVAR(module_cmds, $1)= _LT_TAGVAR(module_expsym_cmds, $1)= _LT_TAGVAR(link_all_deplibs, $1)=unknown _LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds _LT_TAGVAR(reload_flag, $1)=$reload_flag _LT_TAGVAR(reload_cmds, $1)=$reload_cmds _LT_TAGVAR(no_undefined_flag, $1)= _LT_TAGVAR(whole_archive_flag_spec, $1)= _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no # Source file extension for f77 test sources. ac_ext=f # Object file extension for compiled f77 test sources. objext=o _LT_TAGVAR(objext, $1)=$objext # No sense in running all these tests if we already determined that # the F77 compiler isn't working. Some variables (like enable_shared) # are currently assumed to apply to all compilers on this platform, # and will be corrupted by setting them based on a non-working compiler. if test "$_lt_disable_F77" != yes; then # Code to be used in simple compile tests lt_simple_compile_test_code="\ subroutine t return end " # Code to be used in simple link tests lt_simple_link_test_code="\ program t end " # ltmain only uses $CC for tagged configurations so make sure $CC is set. _LT_TAG_COMPILER # save warnings/boilerplate of simple test code _LT_COMPILER_BOILERPLATE _LT_LINKER_BOILERPLATE # Allow CC to be a program name with arguments. lt_save_CC="$CC" lt_save_GCC=$GCC lt_save_CFLAGS=$CFLAGS CC=${F77-"f77"} CFLAGS=$FFLAGS compiler=$CC _LT_TAGVAR(compiler, $1)=$CC _LT_CC_BASENAME([$compiler]) GCC=$G77 if test -n "$compiler"; then AC_MSG_CHECKING([if libtool supports shared libraries]) AC_MSG_RESULT([$can_build_shared]) AC_MSG_CHECKING([whether to build shared libraries]) test "$can_build_shared" = "no" && enable_shared=no # On AIX, shared libraries and static libraries use the same namespace, and # are all built from PIC. case $host_os in aix3*) test "$enable_shared" = yes && enable_static=no if test -n "$RANLIB"; then archive_cmds="$archive_cmds~\$RANLIB \$lib" postinstall_cmds='$RANLIB $lib' fi ;; aix[[4-9]]*) if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then test "$enable_shared" = yes && enable_static=no fi ;; esac AC_MSG_RESULT([$enable_shared]) AC_MSG_CHECKING([whether to build static libraries]) # Make sure either enable_shared or enable_static is yes. test "$enable_shared" = yes || enable_static=yes AC_MSG_RESULT([$enable_static]) _LT_TAGVAR(GCC, $1)="$G77" _LT_TAGVAR(LD, $1)="$LD" ## CAVEAT EMPTOR: ## There is no encapsulation within the following macros, do not change ## the running order or otherwise move them around unless you know exactly ## what you are doing... _LT_COMPILER_PIC($1) _LT_COMPILER_C_O($1) _LT_COMPILER_FILE_LOCKS($1) _LT_LINKER_SHLIBS($1) _LT_SYS_DYNAMIC_LINKER($1) _LT_LINKER_HARDCODE_LIBPATH($1) _LT_CONFIG($1) fi # test -n "$compiler" GCC=$lt_save_GCC CC="$lt_save_CC" CFLAGS="$lt_save_CFLAGS" fi # test "$_lt_disable_F77" != yes AC_LANG_POP ])# _LT_LANG_F77_CONFIG # _LT_LANG_FC_CONFIG([TAG]) # ------------------------- # Ensure that the configuration variables for a Fortran compiler are # suitably defined. These variables are subsequently used by _LT_CONFIG # to write the compiler configuration to `libtool'. m4_defun([_LT_LANG_FC_CONFIG], [AC_LANG_PUSH(Fortran) if test -z "$FC" || test "X$FC" = "Xno"; then _lt_disable_FC=yes fi _LT_TAGVAR(archive_cmds_need_lc, $1)=no _LT_TAGVAR(allow_undefined_flag, $1)= _LT_TAGVAR(always_export_symbols, $1)=no _LT_TAGVAR(archive_expsym_cmds, $1)= _LT_TAGVAR(export_dynamic_flag_spec, $1)= _LT_TAGVAR(hardcode_direct, $1)=no _LT_TAGVAR(hardcode_direct_absolute, $1)=no _LT_TAGVAR(hardcode_libdir_flag_spec, $1)= _LT_TAGVAR(hardcode_libdir_separator, $1)= _LT_TAGVAR(hardcode_minus_L, $1)=no _LT_TAGVAR(hardcode_automatic, $1)=no _LT_TAGVAR(inherit_rpath, $1)=no _LT_TAGVAR(module_cmds, $1)= _LT_TAGVAR(module_expsym_cmds, $1)= _LT_TAGVAR(link_all_deplibs, $1)=unknown _LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds _LT_TAGVAR(reload_flag, $1)=$reload_flag _LT_TAGVAR(reload_cmds, $1)=$reload_cmds _LT_TAGVAR(no_undefined_flag, $1)= _LT_TAGVAR(whole_archive_flag_spec, $1)= _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no # Source file extension for fc test sources. ac_ext=${ac_fc_srcext-f} # Object file extension for compiled fc test sources. objext=o _LT_TAGVAR(objext, $1)=$objext # No sense in running all these tests if we already determined that # the FC compiler isn't working. Some variables (like enable_shared) # are currently assumed to apply to all compilers on this platform, # and will be corrupted by setting them based on a non-working compiler. if test "$_lt_disable_FC" != yes; then # Code to be used in simple compile tests lt_simple_compile_test_code="\ subroutine t return end " # Code to be used in simple link tests lt_simple_link_test_code="\ program t end " # ltmain only uses $CC for tagged configurations so make sure $CC is set. _LT_TAG_COMPILER # save warnings/boilerplate of simple test code _LT_COMPILER_BOILERPLATE _LT_LINKER_BOILERPLATE # Allow CC to be a program name with arguments. lt_save_CC="$CC" lt_save_GCC=$GCC lt_save_CFLAGS=$CFLAGS CC=${FC-"f95"} CFLAGS=$FCFLAGS compiler=$CC GCC=$ac_cv_fc_compiler_gnu _LT_TAGVAR(compiler, $1)=$CC _LT_CC_BASENAME([$compiler]) if test -n "$compiler"; then AC_MSG_CHECKING([if libtool supports shared libraries]) AC_MSG_RESULT([$can_build_shared]) AC_MSG_CHECKING([whether to build shared libraries]) test "$can_build_shared" = "no" && enable_shared=no # On AIX, shared libraries and static libraries use the same namespace, and # are all built from PIC. case $host_os in aix3*) test "$enable_shared" = yes && enable_static=no if test -n "$RANLIB"; then archive_cmds="$archive_cmds~\$RANLIB \$lib" postinstall_cmds='$RANLIB $lib' fi ;; aix[[4-9]]*) if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then test "$enable_shared" = yes && enable_static=no fi ;; esac AC_MSG_RESULT([$enable_shared]) AC_MSG_CHECKING([whether to build static libraries]) # Make sure either enable_shared or enable_static is yes. test "$enable_shared" = yes || enable_static=yes AC_MSG_RESULT([$enable_static]) _LT_TAGVAR(GCC, $1)="$ac_cv_fc_compiler_gnu" _LT_TAGVAR(LD, $1)="$LD" ## CAVEAT EMPTOR: ## There is no encapsulation within the following macros, do not change ## the running order or otherwise move them around unless you know exactly ## what you are doing... _LT_SYS_HIDDEN_LIBDEPS($1) _LT_COMPILER_PIC($1) _LT_COMPILER_C_O($1) _LT_COMPILER_FILE_LOCKS($1) _LT_LINKER_SHLIBS($1) _LT_SYS_DYNAMIC_LINKER($1) _LT_LINKER_HARDCODE_LIBPATH($1) _LT_CONFIG($1) fi # test -n "$compiler" GCC=$lt_save_GCC CC=$lt_save_CC CFLAGS=$lt_save_CFLAGS fi # test "$_lt_disable_FC" != yes AC_LANG_POP ])# _LT_LANG_FC_CONFIG # _LT_LANG_GCJ_CONFIG([TAG]) # -------------------------- # Ensure that the configuration variables for the GNU Java Compiler compiler # are suitably defined. These variables are subsequently used by _LT_CONFIG # to write the compiler configuration to `libtool'. m4_defun([_LT_LANG_GCJ_CONFIG], [AC_REQUIRE([LT_PROG_GCJ])dnl AC_LANG_SAVE # Source file extension for Java test sources. ac_ext=java # Object file extension for compiled Java test sources. objext=o _LT_TAGVAR(objext, $1)=$objext # Code to be used in simple compile tests lt_simple_compile_test_code="class foo {}" # Code to be used in simple link tests lt_simple_link_test_code='public class conftest { public static void main(String[[]] argv) {}; }' # ltmain only uses $CC for tagged configurations so make sure $CC is set. _LT_TAG_COMPILER # save warnings/boilerplate of simple test code _LT_COMPILER_BOILERPLATE _LT_LINKER_BOILERPLATE # Allow CC to be a program name with arguments. lt_save_CC=$CC lt_save_CFLAGS=$CFLAGS lt_save_GCC=$GCC GCC=yes CC=${GCJ-"gcj"} CFLAGS=$GCJFLAGS compiler=$CC _LT_TAGVAR(compiler, $1)=$CC _LT_TAGVAR(LD, $1)="$LD" _LT_CC_BASENAME([$compiler]) # GCJ did not exist at the time GCC didn't implicitly link libc in. _LT_TAGVAR(archive_cmds_need_lc, $1)=no _LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds _LT_TAGVAR(reload_flag, $1)=$reload_flag _LT_TAGVAR(reload_cmds, $1)=$reload_cmds ## CAVEAT EMPTOR: ## There is no encapsulation within the following macros, do not change ## the running order or otherwise move them around unless you know exactly ## what you are doing... if test -n "$compiler"; then _LT_COMPILER_NO_RTTI($1) _LT_COMPILER_PIC($1) _LT_COMPILER_C_O($1) _LT_COMPILER_FILE_LOCKS($1) _LT_LINKER_SHLIBS($1) _LT_LINKER_HARDCODE_LIBPATH($1) _LT_CONFIG($1) fi AC_LANG_RESTORE GCC=$lt_save_GCC CC=$lt_save_CC CFLAGS=$lt_save_CFLAGS ])# _LT_LANG_GCJ_CONFIG # _LT_LANG_GO_CONFIG([TAG]) # -------------------------- # Ensure that the configuration variables for the GNU Go compiler # are suitably defined. These variables are subsequently used by _LT_CONFIG # to write the compiler configuration to `libtool'. m4_defun([_LT_LANG_GO_CONFIG], [AC_REQUIRE([LT_PROG_GO])dnl AC_LANG_SAVE # Source file extension for Go test sources. ac_ext=go # Object file extension for compiled Go test sources. objext=o _LT_TAGVAR(objext, $1)=$objext # Code to be used in simple compile tests lt_simple_compile_test_code="package main; func main() { }" # Code to be used in simple link tests lt_simple_link_test_code='package main; func main() { }' # ltmain only uses $CC for tagged configurations so make sure $CC is set. _LT_TAG_COMPILER # save warnings/boilerplate of simple test code _LT_COMPILER_BOILERPLATE _LT_LINKER_BOILERPLATE # Allow CC to be a program name with arguments. lt_save_CC=$CC lt_save_CFLAGS=$CFLAGS lt_save_GCC=$GCC GCC=yes CC=${GOC-"gccgo"} CFLAGS=$GOFLAGS compiler=$CC _LT_TAGVAR(compiler, $1)=$CC _LT_TAGVAR(LD, $1)="$LD" _LT_CC_BASENAME([$compiler]) # Go did not exist at the time GCC didn't implicitly link libc in. _LT_TAGVAR(archive_cmds_need_lc, $1)=no _LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds _LT_TAGVAR(reload_flag, $1)=$reload_flag _LT_TAGVAR(reload_cmds, $1)=$reload_cmds ## CAVEAT EMPTOR: ## There is no encapsulation within the following macros, do not change ## the running order or otherwise move them around unless you know exactly ## what you are doing... if test -n "$compiler"; then _LT_COMPILER_NO_RTTI($1) _LT_COMPILER_PIC($1) _LT_COMPILER_C_O($1) _LT_COMPILER_FILE_LOCKS($1) _LT_LINKER_SHLIBS($1) _LT_LINKER_HARDCODE_LIBPATH($1) _LT_CONFIG($1) fi AC_LANG_RESTORE GCC=$lt_save_GCC CC=$lt_save_CC CFLAGS=$lt_save_CFLAGS ])# _LT_LANG_GO_CONFIG # _LT_LANG_RC_CONFIG([TAG]) # ------------------------- # Ensure that the configuration variables for the Windows resource compiler # are suitably defined. These variables are subsequently used by _LT_CONFIG # to write the compiler configuration to `libtool'. m4_defun([_LT_LANG_RC_CONFIG], [AC_REQUIRE([LT_PROG_RC])dnl AC_LANG_SAVE # Source file extension for RC test sources. ac_ext=rc # Object file extension for compiled RC test sources. objext=o _LT_TAGVAR(objext, $1)=$objext # Code to be used in simple compile tests lt_simple_compile_test_code='sample MENU { MENUITEM "&Soup", 100, CHECKED }' # Code to be used in simple link tests lt_simple_link_test_code="$lt_simple_compile_test_code" # ltmain only uses $CC for tagged configurations so make sure $CC is set. _LT_TAG_COMPILER # save warnings/boilerplate of simple test code _LT_COMPILER_BOILERPLATE _LT_LINKER_BOILERPLATE # Allow CC to be a program name with arguments. lt_save_CC="$CC" lt_save_CFLAGS=$CFLAGS lt_save_GCC=$GCC GCC= CC=${RC-"windres"} CFLAGS= compiler=$CC _LT_TAGVAR(compiler, $1)=$CC _LT_CC_BASENAME([$compiler]) _LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)=yes if test -n "$compiler"; then : _LT_CONFIG($1) fi GCC=$lt_save_GCC AC_LANG_RESTORE CC=$lt_save_CC CFLAGS=$lt_save_CFLAGS ])# _LT_LANG_RC_CONFIG # LT_PROG_GCJ # ----------- AC_DEFUN([LT_PROG_GCJ], [m4_ifdef([AC_PROG_GCJ], [AC_PROG_GCJ], [m4_ifdef([A][M_PROG_GCJ], [A][M_PROG_GCJ], [AC_CHECK_TOOL(GCJ, gcj,) test "x${GCJFLAGS+set}" = xset || GCJFLAGS="-g -O2" AC_SUBST(GCJFLAGS)])])[]dnl ]) # Old name: AU_ALIAS([LT_AC_PROG_GCJ], [LT_PROG_GCJ]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([LT_AC_PROG_GCJ], []) # LT_PROG_GO # ---------- AC_DEFUN([LT_PROG_GO], [AC_CHECK_TOOL(GOC, gccgo,) ]) # LT_PROG_RC # ---------- AC_DEFUN([LT_PROG_RC], [AC_CHECK_TOOL(RC, windres,) ]) # Old name: AU_ALIAS([LT_AC_PROG_RC], [LT_PROG_RC]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([LT_AC_PROG_RC], []) # _LT_DECL_EGREP # -------------- # If we don't have a new enough Autoconf to choose the best grep # available, choose the one first in the user's PATH. m4_defun([_LT_DECL_EGREP], [AC_REQUIRE([AC_PROG_EGREP])dnl AC_REQUIRE([AC_PROG_FGREP])dnl test -z "$GREP" && GREP=grep _LT_DECL([], [GREP], [1], [A grep program that handles long lines]) _LT_DECL([], [EGREP], [1], [An ERE matcher]) _LT_DECL([], [FGREP], [1], [A literal string matcher]) dnl Non-bleeding-edge autoconf doesn't subst GREP, so do it here too AC_SUBST([GREP]) ]) # _LT_DECL_OBJDUMP # -------------- # If we don't have a new enough Autoconf to choose the best objdump # available, choose the one first in the user's PATH. m4_defun([_LT_DECL_OBJDUMP], [AC_CHECK_TOOL(OBJDUMP, objdump, false) test -z "$OBJDUMP" && OBJDUMP=objdump _LT_DECL([], [OBJDUMP], [1], [An object symbol dumper]) AC_SUBST([OBJDUMP]) ]) # _LT_DECL_DLLTOOL # ---------------- # Ensure DLLTOOL variable is set. m4_defun([_LT_DECL_DLLTOOL], [AC_CHECK_TOOL(DLLTOOL, dlltool, false) test -z "$DLLTOOL" && DLLTOOL=dlltool _LT_DECL([], [DLLTOOL], [1], [DLL creation program]) AC_SUBST([DLLTOOL]) ]) # _LT_DECL_SED # ------------ # Check for a fully-functional sed program, that truncates # as few characters as possible. Prefer GNU sed if found. m4_defun([_LT_DECL_SED], [AC_PROG_SED test -z "$SED" && SED=sed Xsed="$SED -e 1s/^X//" _LT_DECL([], [SED], [1], [A sed program that does not truncate output]) _LT_DECL([], [Xsed], ["\$SED -e 1s/^X//"], [Sed that helps us avoid accidentally triggering echo(1) options like -n]) ])# _LT_DECL_SED m4_ifndef([AC_PROG_SED], [ ############################################################ # NOTE: This macro has been submitted for inclusion into # # GNU Autoconf as AC_PROG_SED. When it is available in # # a released version of Autoconf we should remove this # # macro and use it instead. # ############################################################ m4_defun([AC_PROG_SED], [AC_MSG_CHECKING([for a sed that does not truncate output]) AC_CACHE_VAL(lt_cv_path_SED, [# Loop through the user's path and test for sed and gsed. # Then use that list of sed's as ones to test for truncation. as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for lt_ac_prog in sed gsed; do for ac_exec_ext in '' $ac_executable_extensions; do if $as_executable_p "$as_dir/$lt_ac_prog$ac_exec_ext"; then lt_ac_sed_list="$lt_ac_sed_list $as_dir/$lt_ac_prog$ac_exec_ext" fi done done done IFS=$as_save_IFS lt_ac_max=0 lt_ac_count=0 # Add /usr/xpg4/bin/sed as it is typically found on Solaris # along with /bin/sed that truncates output. for lt_ac_sed in $lt_ac_sed_list /usr/xpg4/bin/sed; do test ! -f $lt_ac_sed && continue cat /dev/null > conftest.in lt_ac_count=0 echo $ECHO_N "0123456789$ECHO_C" >conftest.in # Check for GNU sed and select it if it is found. if "$lt_ac_sed" --version 2>&1 < /dev/null | grep 'GNU' > /dev/null; then lt_cv_path_SED=$lt_ac_sed break fi while true; do cat conftest.in conftest.in >conftest.tmp mv conftest.tmp conftest.in cp conftest.in conftest.nl echo >>conftest.nl $lt_ac_sed -e 's/a$//' < conftest.nl >conftest.out || break cmp -s conftest.out conftest.nl || break # 10000 chars as input seems more than enough test $lt_ac_count -gt 10 && break lt_ac_count=`expr $lt_ac_count + 1` if test $lt_ac_count -gt $lt_ac_max; then lt_ac_max=$lt_ac_count lt_cv_path_SED=$lt_ac_sed fi done done ]) SED=$lt_cv_path_SED AC_SUBST([SED]) AC_MSG_RESULT([$SED]) ])#AC_PROG_SED ])#m4_ifndef # Old name: AU_ALIAS([LT_AC_PROG_SED], [AC_PROG_SED]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([LT_AC_PROG_SED], []) # _LT_CHECK_SHELL_FEATURES # ------------------------ # Find out whether the shell is Bourne or XSI compatible, # or has some other useful features. m4_defun([_LT_CHECK_SHELL_FEATURES], [AC_MSG_CHECKING([whether the shell understands some XSI constructs]) # Try some XSI features xsi_shell=no ( _lt_dummy="a/b/c" test "${_lt_dummy##*/},${_lt_dummy%/*},${_lt_dummy#??}"${_lt_dummy%"$_lt_dummy"}, \ = c,a/b,b/c, \ && eval 'test $(( 1 + 1 )) -eq 2 \ && test "${#_lt_dummy}" -eq 5' ) >/dev/null 2>&1 \ && xsi_shell=yes AC_MSG_RESULT([$xsi_shell]) _LT_CONFIG_LIBTOOL_INIT([xsi_shell='$xsi_shell']) AC_MSG_CHECKING([whether the shell understands "+="]) lt_shell_append=no ( foo=bar; set foo baz; eval "$[1]+=\$[2]" && test "$foo" = barbaz ) \ >/dev/null 2>&1 \ && lt_shell_append=yes AC_MSG_RESULT([$lt_shell_append]) _LT_CONFIG_LIBTOOL_INIT([lt_shell_append='$lt_shell_append']) if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then lt_unset=unset else lt_unset=false fi _LT_DECL([], [lt_unset], [0], [whether the shell understands "unset"])dnl # test EBCDIC or ASCII case `echo X|tr X '\101'` in A) # ASCII based system # \n is not interpreted correctly by Solaris 8 /usr/ucb/tr lt_SP2NL='tr \040 \012' lt_NL2SP='tr \015\012 \040\040' ;; *) # EBCDIC based system lt_SP2NL='tr \100 \n' lt_NL2SP='tr \r\n \100\100' ;; esac _LT_DECL([SP2NL], [lt_SP2NL], [1], [turn spaces into newlines])dnl _LT_DECL([NL2SP], [lt_NL2SP], [1], [turn newlines into spaces])dnl ])# _LT_CHECK_SHELL_FEATURES # _LT_PROG_FUNCTION_REPLACE (FUNCNAME, REPLACEMENT-BODY) # ------------------------------------------------------ # In `$cfgfile', look for function FUNCNAME delimited by `^FUNCNAME ()$' and # '^} FUNCNAME ', and replace its body with REPLACEMENT-BODY. m4_defun([_LT_PROG_FUNCTION_REPLACE], [dnl { sed -e '/^$1 ()$/,/^} # $1 /c\ $1 ()\ {\ m4_bpatsubsts([$2], [$], [\\], [^\([ ]\)], [\\\1]) } # Extended-shell $1 implementation' "$cfgfile" > $cfgfile.tmp \ && mv -f "$cfgfile.tmp" "$cfgfile" \ || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") test 0 -eq $? || _lt_function_replace_fail=: ]) # _LT_PROG_REPLACE_SHELLFNS # ------------------------- # Replace existing portable implementations of several shell functions with # equivalent extended shell implementations where those features are available.. m4_defun([_LT_PROG_REPLACE_SHELLFNS], [if test x"$xsi_shell" = xyes; then _LT_PROG_FUNCTION_REPLACE([func_dirname], [dnl case ${1} in */*) func_dirname_result="${1%/*}${2}" ;; * ) func_dirname_result="${3}" ;; esac]) _LT_PROG_FUNCTION_REPLACE([func_basename], [dnl func_basename_result="${1##*/}"]) _LT_PROG_FUNCTION_REPLACE([func_dirname_and_basename], [dnl case ${1} in */*) func_dirname_result="${1%/*}${2}" ;; * ) func_dirname_result="${3}" ;; esac func_basename_result="${1##*/}"]) _LT_PROG_FUNCTION_REPLACE([func_stripname], [dnl # pdksh 5.2.14 does not do ${X%$Y} correctly if both X and Y are # positional parameters, so assign one to ordinary parameter first. func_stripname_result=${3} func_stripname_result=${func_stripname_result#"${1}"} func_stripname_result=${func_stripname_result%"${2}"}]) _LT_PROG_FUNCTION_REPLACE([func_split_long_opt], [dnl func_split_long_opt_name=${1%%=*} func_split_long_opt_arg=${1#*=}]) _LT_PROG_FUNCTION_REPLACE([func_split_short_opt], [dnl func_split_short_opt_arg=${1#??} func_split_short_opt_name=${1%"$func_split_short_opt_arg"}]) _LT_PROG_FUNCTION_REPLACE([func_lo2o], [dnl case ${1} in *.lo) func_lo2o_result=${1%.lo}.${objext} ;; *) func_lo2o_result=${1} ;; esac]) _LT_PROG_FUNCTION_REPLACE([func_xform], [ func_xform_result=${1%.*}.lo]) _LT_PROG_FUNCTION_REPLACE([func_arith], [ func_arith_result=$(( $[*] ))]) _LT_PROG_FUNCTION_REPLACE([func_len], [ func_len_result=${#1}]) fi if test x"$lt_shell_append" = xyes; then _LT_PROG_FUNCTION_REPLACE([func_append], [ eval "${1}+=\\${2}"]) _LT_PROG_FUNCTION_REPLACE([func_append_quoted], [dnl func_quote_for_eval "${2}" dnl m4 expansion turns \\\\ into \\, and then the shell eval turns that into \ eval "${1}+=\\\\ \\$func_quote_for_eval_result"]) # Save a `func_append' function call where possible by direct use of '+=' sed -e 's%func_append \([[a-zA-Z_]]\{1,\}\) "%\1+="%g' $cfgfile > $cfgfile.tmp \ && mv -f "$cfgfile.tmp" "$cfgfile" \ || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") test 0 -eq $? || _lt_function_replace_fail=: else # Save a `func_append' function call even when '+=' is not available sed -e 's%func_append \([[a-zA-Z_]]\{1,\}\) "%\1="$\1%g' $cfgfile > $cfgfile.tmp \ && mv -f "$cfgfile.tmp" "$cfgfile" \ || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") test 0 -eq $? || _lt_function_replace_fail=: fi if test x"$_lt_function_replace_fail" = x":"; then AC_MSG_WARN([Unable to substitute extended shell functions in $ofile]) fi ]) # _LT_PATH_CONVERSION_FUNCTIONS # ----------------------------- # Determine which file name conversion functions should be used by # func_to_host_file (and, implicitly, by func_to_host_path). These are needed # for certain cross-compile configurations and native mingw. m4_defun([_LT_PATH_CONVERSION_FUNCTIONS], [AC_REQUIRE([AC_CANONICAL_HOST])dnl AC_REQUIRE([AC_CANONICAL_BUILD])dnl AC_MSG_CHECKING([how to convert $build file names to $host format]) AC_CACHE_VAL(lt_cv_to_host_file_cmd, [case $host in *-*-mingw* ) case $build in *-*-mingw* ) # actually msys lt_cv_to_host_file_cmd=func_convert_file_msys_to_w32 ;; *-*-cygwin* ) lt_cv_to_host_file_cmd=func_convert_file_cygwin_to_w32 ;; * ) # otherwise, assume *nix lt_cv_to_host_file_cmd=func_convert_file_nix_to_w32 ;; esac ;; *-*-cygwin* ) case $build in *-*-mingw* ) # actually msys lt_cv_to_host_file_cmd=func_convert_file_msys_to_cygwin ;; *-*-cygwin* ) lt_cv_to_host_file_cmd=func_convert_file_noop ;; * ) # otherwise, assume *nix lt_cv_to_host_file_cmd=func_convert_file_nix_to_cygwin ;; esac ;; * ) # unhandled hosts (and "normal" native builds) lt_cv_to_host_file_cmd=func_convert_file_noop ;; esac ]) to_host_file_cmd=$lt_cv_to_host_file_cmd AC_MSG_RESULT([$lt_cv_to_host_file_cmd]) _LT_DECL([to_host_file_cmd], [lt_cv_to_host_file_cmd], [0], [convert $build file names to $host format])dnl AC_MSG_CHECKING([how to convert $build file names to toolchain format]) AC_CACHE_VAL(lt_cv_to_tool_file_cmd, [#assume ordinary cross tools, or native build. lt_cv_to_tool_file_cmd=func_convert_file_noop case $host in *-*-mingw* ) case $build in *-*-mingw* ) # actually msys lt_cv_to_tool_file_cmd=func_convert_file_msys_to_w32 ;; esac ;; esac ]) to_tool_file_cmd=$lt_cv_to_tool_file_cmd AC_MSG_RESULT([$lt_cv_to_tool_file_cmd]) _LT_DECL([to_tool_file_cmd], [lt_cv_to_tool_file_cmd], [0], [convert $build files to toolchain format])dnl ])# _LT_PATH_CONVERSION_FUNCTIONS mech_eap-0.9.2/m4/minuso.m40000644001755200017500000000246012406014472012311 00000000000000## -*- Autoconf -*- # Copyright (C) 1999, 2000, 2001, 2003, 2004, 2005, 2008 # Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # serial 6 # AM_PROG_CC_C_O # -------------- # Like AC_PROG_CC_C_O, but changed for automake. AC_DEFUN([AM_PROG_CC_C_O], [AC_REQUIRE([AC_PROG_CC_C_O])dnl AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl AC_REQUIRE_AUX_FILE([compile])dnl # FIXME: we rely on the cache variable name because # there is no other way. set dummy $CC am_cc=`echo $[2] | sed ['s/[^a-zA-Z0-9_]/_/g;s/^[0-9]/_/']` eval am_t=\$ac_cv_prog_cc_${am_cc}_c_o if test "$am_t" != yes; then # Losing compiler, so override with the script. # FIXME: It is wrong to rewrite CC. # But if we don't then we get into trouble of one sort or another. # A longer-term fix would be to have automake use am__CC in this case, # and then we could set am__CC="\$(top_srcdir)/compile \$(CC)" CC="$am_aux_dir/compile $CC" fi dnl Make sure AC_PROG_CC is never called again, or it will override our dnl setting of CC. m4_define([AC_PROG_CC], [m4_fatal([AC_PROG_CC cannot be called after AM_PROG_CC_C_O])]) ]) mech_eap-0.9.2/m4/ltsugar.m40000644001755200017500000001042412406014640012454 00000000000000# ltsugar.m4 -- libtool m4 base layer. -*-Autoconf-*- # # Copyright (C) 2004, 2005, 2007, 2008 Free Software Foundation, Inc. # Written by Gary V. Vaughan, 2004 # # This file is free software; the Free Software Foundation gives # unlimited permission to copy and/or distribute it, with or without # modifications, as long as this notice is preserved. # serial 6 ltsugar.m4 # This is to help aclocal find these macros, as it can't see m4_define. AC_DEFUN([LTSUGAR_VERSION], [m4_if([0.1])]) # lt_join(SEP, ARG1, [ARG2...]) # ----------------------------- # Produce ARG1SEPARG2...SEPARGn, omitting [] arguments and their # associated separator. # Needed until we can rely on m4_join from Autoconf 2.62, since all earlier # versions in m4sugar had bugs. m4_define([lt_join], [m4_if([$#], [1], [], [$#], [2], [[$2]], [m4_if([$2], [], [], [[$2]_])$0([$1], m4_shift(m4_shift($@)))])]) m4_define([_lt_join], [m4_if([$#$2], [2], [], [m4_if([$2], [], [], [[$1$2]])$0([$1], m4_shift(m4_shift($@)))])]) # lt_car(LIST) # lt_cdr(LIST) # ------------ # Manipulate m4 lists. # These macros are necessary as long as will still need to support # Autoconf-2.59 which quotes differently. m4_define([lt_car], [[$1]]) m4_define([lt_cdr], [m4_if([$#], 0, [m4_fatal([$0: cannot be called without arguments])], [$#], 1, [], [m4_dquote(m4_shift($@))])]) m4_define([lt_unquote], $1) # lt_append(MACRO-NAME, STRING, [SEPARATOR]) # ------------------------------------------ # Redefine MACRO-NAME to hold its former content plus `SEPARATOR'`STRING'. # Note that neither SEPARATOR nor STRING are expanded; they are appended # to MACRO-NAME as is (leaving the expansion for when MACRO-NAME is invoked). # No SEPARATOR is output if MACRO-NAME was previously undefined (different # than defined and empty). # # This macro is needed until we can rely on Autoconf 2.62, since earlier # versions of m4sugar mistakenly expanded SEPARATOR but not STRING. m4_define([lt_append], [m4_define([$1], m4_ifdef([$1], [m4_defn([$1])[$3]])[$2])]) # lt_combine(SEP, PREFIX-LIST, INFIX, SUFFIX1, [SUFFIX2...]) # ---------------------------------------------------------- # Produce a SEP delimited list of all paired combinations of elements of # PREFIX-LIST with SUFFIX1 through SUFFIXn. Each element of the list # has the form PREFIXmINFIXSUFFIXn. # Needed until we can rely on m4_combine added in Autoconf 2.62. m4_define([lt_combine], [m4_if(m4_eval([$# > 3]), [1], [m4_pushdef([_Lt_sep], [m4_define([_Lt_sep], m4_defn([lt_car]))])]]dnl [[m4_foreach([_Lt_prefix], [$2], [m4_foreach([_Lt_suffix], ]m4_dquote(m4_dquote(m4_shift(m4_shift(m4_shift($@)))))[, [_Lt_sep([$1])[]m4_defn([_Lt_prefix])[$3]m4_defn([_Lt_suffix])])])])]) # lt_if_append_uniq(MACRO-NAME, VARNAME, [SEPARATOR], [UNIQ], [NOT-UNIQ]) # ----------------------------------------------------------------------- # Iff MACRO-NAME does not yet contain VARNAME, then append it (delimited # by SEPARATOR if supplied) and expand UNIQ, else NOT-UNIQ. m4_define([lt_if_append_uniq], [m4_ifdef([$1], [m4_if(m4_index([$3]m4_defn([$1])[$3], [$3$2$3]), [-1], [lt_append([$1], [$2], [$3])$4], [$5])], [lt_append([$1], [$2], [$3])$4])]) # lt_dict_add(DICT, KEY, VALUE) # ----------------------------- m4_define([lt_dict_add], [m4_define([$1($2)], [$3])]) # lt_dict_add_subkey(DICT, KEY, SUBKEY, VALUE) # -------------------------------------------- m4_define([lt_dict_add_subkey], [m4_define([$1($2:$3)], [$4])]) # lt_dict_fetch(DICT, KEY, [SUBKEY]) # ---------------------------------- m4_define([lt_dict_fetch], [m4_ifval([$3], m4_ifdef([$1($2:$3)], [m4_defn([$1($2:$3)])]), m4_ifdef([$1($2)], [m4_defn([$1($2)])]))]) # lt_if_dict_fetch(DICT, KEY, [SUBKEY], VALUE, IF-TRUE, [IF-FALSE]) # ----------------------------------------------------------------- m4_define([lt_if_dict_fetch], [m4_if(lt_dict_fetch([$1], [$2], [$3]), [$4], [$5], [$6])]) # lt_dict_filter(DICT, [SUBKEY], VALUE, [SEPARATOR], KEY, [...]) # -------------------------------------------------------------- m4_define([lt_dict_filter], [m4_if([$5], [], [], [lt_join(m4_quote(m4_default([$4], [[, ]])), lt_unquote(m4_split(m4_normalize(m4_foreach(_Lt_key, lt_car([m4_shiftn(4, $@)]), [lt_if_dict_fetch([$1], _Lt_key, [$2], [$3], [_Lt_key ])])))))])[]dnl ]) mech_eap-0.9.2/m4/lt~obsolete.m40000644001755200017500000001375612406014640013360 00000000000000# lt~obsolete.m4 -- aclocal satisfying obsolete definitions. -*-Autoconf-*- # # Copyright (C) 2004, 2005, 2007, 2009 Free Software Foundation, Inc. # Written by Scott James Remnant, 2004. # # This file is free software; the Free Software Foundation gives # unlimited permission to copy and/or distribute it, with or without # modifications, as long as this notice is preserved. # serial 5 lt~obsolete.m4 # These exist entirely to fool aclocal when bootstrapping libtool. # # In the past libtool.m4 has provided macros via AC_DEFUN (or AU_DEFUN) # which have later been changed to m4_define as they aren't part of the # exported API, or moved to Autoconf or Automake where they belong. # # The trouble is, aclocal is a bit thick. It'll see the old AC_DEFUN # in /usr/share/aclocal/libtool.m4 and remember it, then when it sees us # using a macro with the same name in our local m4/libtool.m4 it'll # pull the old libtool.m4 in (it doesn't see our shiny new m4_define # and doesn't know about Autoconf macros at all.) # # So we provide this file, which has a silly filename so it's always # included after everything else. This provides aclocal with the # AC_DEFUNs it wants, but when m4 processes it, it doesn't do anything # because those macros already exist, or will be overwritten later. # We use AC_DEFUN over AU_DEFUN for compatibility with aclocal-1.6. # # Anytime we withdraw an AC_DEFUN or AU_DEFUN, remember to add it here. # Yes, that means every name once taken will need to remain here until # we give up compatibility with versions before 1.7, at which point # we need to keep only those names which we still refer to. # This is to help aclocal find these macros, as it can't see m4_define. AC_DEFUN([LTOBSOLETE_VERSION], [m4_if([1])]) m4_ifndef([AC_LIBTOOL_LINKER_OPTION], [AC_DEFUN([AC_LIBTOOL_LINKER_OPTION])]) m4_ifndef([AC_PROG_EGREP], [AC_DEFUN([AC_PROG_EGREP])]) m4_ifndef([_LT_AC_PROG_ECHO_BACKSLASH], [AC_DEFUN([_LT_AC_PROG_ECHO_BACKSLASH])]) m4_ifndef([_LT_AC_SHELL_INIT], [AC_DEFUN([_LT_AC_SHELL_INIT])]) m4_ifndef([_LT_AC_SYS_LIBPATH_AIX], [AC_DEFUN([_LT_AC_SYS_LIBPATH_AIX])]) m4_ifndef([_LT_PROG_LTMAIN], [AC_DEFUN([_LT_PROG_LTMAIN])]) m4_ifndef([_LT_AC_TAGVAR], [AC_DEFUN([_LT_AC_TAGVAR])]) m4_ifndef([AC_LTDL_ENABLE_INSTALL], [AC_DEFUN([AC_LTDL_ENABLE_INSTALL])]) m4_ifndef([AC_LTDL_PREOPEN], [AC_DEFUN([AC_LTDL_PREOPEN])]) m4_ifndef([_LT_AC_SYS_COMPILER], [AC_DEFUN([_LT_AC_SYS_COMPILER])]) m4_ifndef([_LT_AC_LOCK], [AC_DEFUN([_LT_AC_LOCK])]) m4_ifndef([AC_LIBTOOL_SYS_OLD_ARCHIVE], [AC_DEFUN([AC_LIBTOOL_SYS_OLD_ARCHIVE])]) m4_ifndef([_LT_AC_TRY_DLOPEN_SELF], [AC_DEFUN([_LT_AC_TRY_DLOPEN_SELF])]) m4_ifndef([AC_LIBTOOL_PROG_CC_C_O], [AC_DEFUN([AC_LIBTOOL_PROG_CC_C_O])]) m4_ifndef([AC_LIBTOOL_SYS_HARD_LINK_LOCKS], [AC_DEFUN([AC_LIBTOOL_SYS_HARD_LINK_LOCKS])]) m4_ifndef([AC_LIBTOOL_OBJDIR], [AC_DEFUN([AC_LIBTOOL_OBJDIR])]) m4_ifndef([AC_LTDL_OBJDIR], [AC_DEFUN([AC_LTDL_OBJDIR])]) m4_ifndef([AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH], [AC_DEFUN([AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH])]) m4_ifndef([AC_LIBTOOL_SYS_LIB_STRIP], [AC_DEFUN([AC_LIBTOOL_SYS_LIB_STRIP])]) m4_ifndef([AC_PATH_MAGIC], [AC_DEFUN([AC_PATH_MAGIC])]) m4_ifndef([AC_PROG_LD_GNU], [AC_DEFUN([AC_PROG_LD_GNU])]) m4_ifndef([AC_PROG_LD_RELOAD_FLAG], [AC_DEFUN([AC_PROG_LD_RELOAD_FLAG])]) m4_ifndef([AC_DEPLIBS_CHECK_METHOD], [AC_DEFUN([AC_DEPLIBS_CHECK_METHOD])]) m4_ifndef([AC_LIBTOOL_PROG_COMPILER_NO_RTTI], [AC_DEFUN([AC_LIBTOOL_PROG_COMPILER_NO_RTTI])]) m4_ifndef([AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE], [AC_DEFUN([AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE])]) m4_ifndef([AC_LIBTOOL_PROG_COMPILER_PIC], [AC_DEFUN([AC_LIBTOOL_PROG_COMPILER_PIC])]) m4_ifndef([AC_LIBTOOL_PROG_LD_SHLIBS], [AC_DEFUN([AC_LIBTOOL_PROG_LD_SHLIBS])]) m4_ifndef([AC_LIBTOOL_POSTDEP_PREDEP], [AC_DEFUN([AC_LIBTOOL_POSTDEP_PREDEP])]) m4_ifndef([LT_AC_PROG_EGREP], [AC_DEFUN([LT_AC_PROG_EGREP])]) m4_ifndef([LT_AC_PROG_SED], [AC_DEFUN([LT_AC_PROG_SED])]) m4_ifndef([_LT_CC_BASENAME], [AC_DEFUN([_LT_CC_BASENAME])]) m4_ifndef([_LT_COMPILER_BOILERPLATE], [AC_DEFUN([_LT_COMPILER_BOILERPLATE])]) m4_ifndef([_LT_LINKER_BOILERPLATE], [AC_DEFUN([_LT_LINKER_BOILERPLATE])]) m4_ifndef([_AC_PROG_LIBTOOL], [AC_DEFUN([_AC_PROG_LIBTOOL])]) m4_ifndef([AC_LIBTOOL_SETUP], [AC_DEFUN([AC_LIBTOOL_SETUP])]) m4_ifndef([_LT_AC_CHECK_DLFCN], [AC_DEFUN([_LT_AC_CHECK_DLFCN])]) m4_ifndef([AC_LIBTOOL_SYS_DYNAMIC_LINKER], [AC_DEFUN([AC_LIBTOOL_SYS_DYNAMIC_LINKER])]) m4_ifndef([_LT_AC_TAGCONFIG], [AC_DEFUN([_LT_AC_TAGCONFIG])]) m4_ifndef([AC_DISABLE_FAST_INSTALL], [AC_DEFUN([AC_DISABLE_FAST_INSTALL])]) m4_ifndef([_LT_AC_LANG_CXX], [AC_DEFUN([_LT_AC_LANG_CXX])]) m4_ifndef([_LT_AC_LANG_F77], [AC_DEFUN([_LT_AC_LANG_F77])]) m4_ifndef([_LT_AC_LANG_GCJ], [AC_DEFUN([_LT_AC_LANG_GCJ])]) m4_ifndef([AC_LIBTOOL_LANG_C_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_C_CONFIG])]) m4_ifndef([_LT_AC_LANG_C_CONFIG], [AC_DEFUN([_LT_AC_LANG_C_CONFIG])]) m4_ifndef([AC_LIBTOOL_LANG_CXX_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_CXX_CONFIG])]) m4_ifndef([_LT_AC_LANG_CXX_CONFIG], [AC_DEFUN([_LT_AC_LANG_CXX_CONFIG])]) m4_ifndef([AC_LIBTOOL_LANG_F77_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_F77_CONFIG])]) m4_ifndef([_LT_AC_LANG_F77_CONFIG], [AC_DEFUN([_LT_AC_LANG_F77_CONFIG])]) m4_ifndef([AC_LIBTOOL_LANG_GCJ_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_GCJ_CONFIG])]) m4_ifndef([_LT_AC_LANG_GCJ_CONFIG], [AC_DEFUN([_LT_AC_LANG_GCJ_CONFIG])]) m4_ifndef([AC_LIBTOOL_LANG_RC_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_RC_CONFIG])]) m4_ifndef([_LT_AC_LANG_RC_CONFIG], [AC_DEFUN([_LT_AC_LANG_RC_CONFIG])]) m4_ifndef([AC_LIBTOOL_CONFIG], [AC_DEFUN([AC_LIBTOOL_CONFIG])]) m4_ifndef([_LT_AC_FILE_LTDLL_C], [AC_DEFUN([_LT_AC_FILE_LTDLL_C])]) m4_ifndef([_LT_REQUIRED_DARWIN_CHECKS], [AC_DEFUN([_LT_REQUIRED_DARWIN_CHECKS])]) m4_ifndef([_LT_AC_PROG_CXXCPP], [AC_DEFUN([_LT_AC_PROG_CXXCPP])]) m4_ifndef([_LT_PREPARE_SED_QUOTE_VARS], [AC_DEFUN([_LT_PREPARE_SED_QUOTE_VARS])]) m4_ifndef([_LT_PROG_ECHO_BACKSLASH], [AC_DEFUN([_LT_PROG_ECHO_BACKSLASH])]) m4_ifndef([_LT_PROG_F77], [AC_DEFUN([_LT_PROG_F77])]) m4_ifndef([_LT_PROG_FC], [AC_DEFUN([_LT_PROG_FC])]) m4_ifndef([_LT_PROG_CXX], [AC_DEFUN([_LT_PROG_CXX])]) mech_eap-0.9.2/m4/ltoptions.m40000644001755200017500000003007312406014640013030 00000000000000# Helper functions for option handling. -*- Autoconf -*- # # Copyright (C) 2004, 2005, 2007, 2008, 2009 Free Software Foundation, # Inc. # Written by Gary V. Vaughan, 2004 # # This file is free software; the Free Software Foundation gives # unlimited permission to copy and/or distribute it, with or without # modifications, as long as this notice is preserved. # serial 7 ltoptions.m4 # This is to help aclocal find these macros, as it can't see m4_define. AC_DEFUN([LTOPTIONS_VERSION], [m4_if([1])]) # _LT_MANGLE_OPTION(MACRO-NAME, OPTION-NAME) # ------------------------------------------ m4_define([_LT_MANGLE_OPTION], [[_LT_OPTION_]m4_bpatsubst($1__$2, [[^a-zA-Z0-9_]], [_])]) # _LT_SET_OPTION(MACRO-NAME, OPTION-NAME) # --------------------------------------- # Set option OPTION-NAME for macro MACRO-NAME, and if there is a # matching handler defined, dispatch to it. Other OPTION-NAMEs are # saved as a flag. m4_define([_LT_SET_OPTION], [m4_define(_LT_MANGLE_OPTION([$1], [$2]))dnl m4_ifdef(_LT_MANGLE_DEFUN([$1], [$2]), _LT_MANGLE_DEFUN([$1], [$2]), [m4_warning([Unknown $1 option `$2'])])[]dnl ]) # _LT_IF_OPTION(MACRO-NAME, OPTION-NAME, IF-SET, [IF-NOT-SET]) # ------------------------------------------------------------ # Execute IF-SET if OPTION is set, IF-NOT-SET otherwise. m4_define([_LT_IF_OPTION], [m4_ifdef(_LT_MANGLE_OPTION([$1], [$2]), [$3], [$4])]) # _LT_UNLESS_OPTIONS(MACRO-NAME, OPTION-LIST, IF-NOT-SET) # ------------------------------------------------------- # Execute IF-NOT-SET unless all options in OPTION-LIST for MACRO-NAME # are set. m4_define([_LT_UNLESS_OPTIONS], [m4_foreach([_LT_Option], m4_split(m4_normalize([$2])), [m4_ifdef(_LT_MANGLE_OPTION([$1], _LT_Option), [m4_define([$0_found])])])[]dnl m4_ifdef([$0_found], [m4_undefine([$0_found])], [$3 ])[]dnl ]) # _LT_SET_OPTIONS(MACRO-NAME, OPTION-LIST) # ---------------------------------------- # OPTION-LIST is a space-separated list of Libtool options associated # with MACRO-NAME. If any OPTION has a matching handler declared with # LT_OPTION_DEFINE, dispatch to that macro; otherwise complain about # the unknown option and exit. m4_defun([_LT_SET_OPTIONS], [# Set options m4_foreach([_LT_Option], m4_split(m4_normalize([$2])), [_LT_SET_OPTION([$1], _LT_Option)]) m4_if([$1],[LT_INIT],[ dnl dnl Simply set some default values (i.e off) if boolean options were not dnl specified: _LT_UNLESS_OPTIONS([LT_INIT], [dlopen], [enable_dlopen=no ]) _LT_UNLESS_OPTIONS([LT_INIT], [win32-dll], [enable_win32_dll=no ]) dnl dnl If no reference was made to various pairs of opposing options, then dnl we run the default mode handler for the pair. For example, if neither dnl `shared' nor `disable-shared' was passed, we enable building of shared dnl archives by default: _LT_UNLESS_OPTIONS([LT_INIT], [shared disable-shared], [_LT_ENABLE_SHARED]) _LT_UNLESS_OPTIONS([LT_INIT], [static disable-static], [_LT_ENABLE_STATIC]) _LT_UNLESS_OPTIONS([LT_INIT], [pic-only no-pic], [_LT_WITH_PIC]) _LT_UNLESS_OPTIONS([LT_INIT], [fast-install disable-fast-install], [_LT_ENABLE_FAST_INSTALL]) ]) ])# _LT_SET_OPTIONS ## --------------------------------- ## ## Macros to handle LT_INIT options. ## ## --------------------------------- ## # _LT_MANGLE_DEFUN(MACRO-NAME, OPTION-NAME) # ----------------------------------------- m4_define([_LT_MANGLE_DEFUN], [[_LT_OPTION_DEFUN_]m4_bpatsubst(m4_toupper([$1__$2]), [[^A-Z0-9_]], [_])]) # LT_OPTION_DEFINE(MACRO-NAME, OPTION-NAME, CODE) # ----------------------------------------------- m4_define([LT_OPTION_DEFINE], [m4_define(_LT_MANGLE_DEFUN([$1], [$2]), [$3])[]dnl ])# LT_OPTION_DEFINE # dlopen # ------ LT_OPTION_DEFINE([LT_INIT], [dlopen], [enable_dlopen=yes ]) AU_DEFUN([AC_LIBTOOL_DLOPEN], [_LT_SET_OPTION([LT_INIT], [dlopen]) AC_DIAGNOSE([obsolete], [$0: Remove this warning and the call to _LT_SET_OPTION when you put the `dlopen' option into LT_INIT's first parameter.]) ]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([AC_LIBTOOL_DLOPEN], []) # win32-dll # --------- # Declare package support for building win32 dll's. LT_OPTION_DEFINE([LT_INIT], [win32-dll], [enable_win32_dll=yes case $host in *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-cegcc*) AC_CHECK_TOOL(AS, as, false) AC_CHECK_TOOL(DLLTOOL, dlltool, false) AC_CHECK_TOOL(OBJDUMP, objdump, false) ;; esac test -z "$AS" && AS=as _LT_DECL([], [AS], [1], [Assembler program])dnl test -z "$DLLTOOL" && DLLTOOL=dlltool _LT_DECL([], [DLLTOOL], [1], [DLL creation program])dnl test -z "$OBJDUMP" && OBJDUMP=objdump _LT_DECL([], [OBJDUMP], [1], [Object dumper program])dnl ])# win32-dll AU_DEFUN([AC_LIBTOOL_WIN32_DLL], [AC_REQUIRE([AC_CANONICAL_HOST])dnl _LT_SET_OPTION([LT_INIT], [win32-dll]) AC_DIAGNOSE([obsolete], [$0: Remove this warning and the call to _LT_SET_OPTION when you put the `win32-dll' option into LT_INIT's first parameter.]) ]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([AC_LIBTOOL_WIN32_DLL], []) # _LT_ENABLE_SHARED([DEFAULT]) # ---------------------------- # implement the --enable-shared flag, and supports the `shared' and # `disable-shared' LT_INIT options. # DEFAULT is either `yes' or `no'. If omitted, it defaults to `yes'. m4_define([_LT_ENABLE_SHARED], [m4_define([_LT_ENABLE_SHARED_DEFAULT], [m4_if($1, no, no, yes)])dnl AC_ARG_ENABLE([shared], [AS_HELP_STRING([--enable-shared@<:@=PKGS@:>@], [build shared libraries @<:@default=]_LT_ENABLE_SHARED_DEFAULT[@:>@])], [p=${PACKAGE-default} case $enableval in yes) enable_shared=yes ;; no) enable_shared=no ;; *) enable_shared=no # Look at the argument we got. We use all the common list separators. lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," for pkg in $enableval; do IFS="$lt_save_ifs" if test "X$pkg" = "X$p"; then enable_shared=yes fi done IFS="$lt_save_ifs" ;; esac], [enable_shared=]_LT_ENABLE_SHARED_DEFAULT) _LT_DECL([build_libtool_libs], [enable_shared], [0], [Whether or not to build shared libraries]) ])# _LT_ENABLE_SHARED LT_OPTION_DEFINE([LT_INIT], [shared], [_LT_ENABLE_SHARED([yes])]) LT_OPTION_DEFINE([LT_INIT], [disable-shared], [_LT_ENABLE_SHARED([no])]) # Old names: AC_DEFUN([AC_ENABLE_SHARED], [_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[shared]) ]) AC_DEFUN([AC_DISABLE_SHARED], [_LT_SET_OPTION([LT_INIT], [disable-shared]) ]) AU_DEFUN([AM_ENABLE_SHARED], [AC_ENABLE_SHARED($@)]) AU_DEFUN([AM_DISABLE_SHARED], [AC_DISABLE_SHARED($@)]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([AM_ENABLE_SHARED], []) dnl AC_DEFUN([AM_DISABLE_SHARED], []) # _LT_ENABLE_STATIC([DEFAULT]) # ---------------------------- # implement the --enable-static flag, and support the `static' and # `disable-static' LT_INIT options. # DEFAULT is either `yes' or `no'. If omitted, it defaults to `yes'. m4_define([_LT_ENABLE_STATIC], [m4_define([_LT_ENABLE_STATIC_DEFAULT], [m4_if($1, no, no, yes)])dnl AC_ARG_ENABLE([static], [AS_HELP_STRING([--enable-static@<:@=PKGS@:>@], [build static libraries @<:@default=]_LT_ENABLE_STATIC_DEFAULT[@:>@])], [p=${PACKAGE-default} case $enableval in yes) enable_static=yes ;; no) enable_static=no ;; *) enable_static=no # Look at the argument we got. We use all the common list separators. lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," for pkg in $enableval; do IFS="$lt_save_ifs" if test "X$pkg" = "X$p"; then enable_static=yes fi done IFS="$lt_save_ifs" ;; esac], [enable_static=]_LT_ENABLE_STATIC_DEFAULT) _LT_DECL([build_old_libs], [enable_static], [0], [Whether or not to build static libraries]) ])# _LT_ENABLE_STATIC LT_OPTION_DEFINE([LT_INIT], [static], [_LT_ENABLE_STATIC([yes])]) LT_OPTION_DEFINE([LT_INIT], [disable-static], [_LT_ENABLE_STATIC([no])]) # Old names: AC_DEFUN([AC_ENABLE_STATIC], [_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[static]) ]) AC_DEFUN([AC_DISABLE_STATIC], [_LT_SET_OPTION([LT_INIT], [disable-static]) ]) AU_DEFUN([AM_ENABLE_STATIC], [AC_ENABLE_STATIC($@)]) AU_DEFUN([AM_DISABLE_STATIC], [AC_DISABLE_STATIC($@)]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([AM_ENABLE_STATIC], []) dnl AC_DEFUN([AM_DISABLE_STATIC], []) # _LT_ENABLE_FAST_INSTALL([DEFAULT]) # ---------------------------------- # implement the --enable-fast-install flag, and support the `fast-install' # and `disable-fast-install' LT_INIT options. # DEFAULT is either `yes' or `no'. If omitted, it defaults to `yes'. m4_define([_LT_ENABLE_FAST_INSTALL], [m4_define([_LT_ENABLE_FAST_INSTALL_DEFAULT], [m4_if($1, no, no, yes)])dnl AC_ARG_ENABLE([fast-install], [AS_HELP_STRING([--enable-fast-install@<:@=PKGS@:>@], [optimize for fast installation @<:@default=]_LT_ENABLE_FAST_INSTALL_DEFAULT[@:>@])], [p=${PACKAGE-default} case $enableval in yes) enable_fast_install=yes ;; no) enable_fast_install=no ;; *) enable_fast_install=no # Look at the argument we got. We use all the common list separators. lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," for pkg in $enableval; do IFS="$lt_save_ifs" if test "X$pkg" = "X$p"; then enable_fast_install=yes fi done IFS="$lt_save_ifs" ;; esac], [enable_fast_install=]_LT_ENABLE_FAST_INSTALL_DEFAULT) _LT_DECL([fast_install], [enable_fast_install], [0], [Whether or not to optimize for fast installation])dnl ])# _LT_ENABLE_FAST_INSTALL LT_OPTION_DEFINE([LT_INIT], [fast-install], [_LT_ENABLE_FAST_INSTALL([yes])]) LT_OPTION_DEFINE([LT_INIT], [disable-fast-install], [_LT_ENABLE_FAST_INSTALL([no])]) # Old names: AU_DEFUN([AC_ENABLE_FAST_INSTALL], [_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[fast-install]) AC_DIAGNOSE([obsolete], [$0: Remove this warning and the call to _LT_SET_OPTION when you put the `fast-install' option into LT_INIT's first parameter.]) ]) AU_DEFUN([AC_DISABLE_FAST_INSTALL], [_LT_SET_OPTION([LT_INIT], [disable-fast-install]) AC_DIAGNOSE([obsolete], [$0: Remove this warning and the call to _LT_SET_OPTION when you put the `disable-fast-install' option into LT_INIT's first parameter.]) ]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([AC_ENABLE_FAST_INSTALL], []) dnl AC_DEFUN([AM_DISABLE_FAST_INSTALL], []) # _LT_WITH_PIC([MODE]) # -------------------- # implement the --with-pic flag, and support the `pic-only' and `no-pic' # LT_INIT options. # MODE is either `yes' or `no'. If omitted, it defaults to `both'. m4_define([_LT_WITH_PIC], [AC_ARG_WITH([pic], [AS_HELP_STRING([--with-pic@<:@=PKGS@:>@], [try to use only PIC/non-PIC objects @<:@default=use both@:>@])], [lt_p=${PACKAGE-default} case $withval in yes|no) pic_mode=$withval ;; *) pic_mode=default # Look at the argument we got. We use all the common list separators. lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," for lt_pkg in $withval; do IFS="$lt_save_ifs" if test "X$lt_pkg" = "X$lt_p"; then pic_mode=yes fi done IFS="$lt_save_ifs" ;; esac], [pic_mode=default]) test -z "$pic_mode" && pic_mode=m4_default([$1], [default]) _LT_DECL([], [pic_mode], [0], [What type of objects to build])dnl ])# _LT_WITH_PIC LT_OPTION_DEFINE([LT_INIT], [pic-only], [_LT_WITH_PIC([yes])]) LT_OPTION_DEFINE([LT_INIT], [no-pic], [_LT_WITH_PIC([no])]) # Old name: AU_DEFUN([AC_LIBTOOL_PICMODE], [_LT_SET_OPTION([LT_INIT], [pic-only]) AC_DIAGNOSE([obsolete], [$0: Remove this warning and the call to _LT_SET_OPTION when you put the `pic-only' option into LT_INIT's first parameter.]) ]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([AC_LIBTOOL_PICMODE], []) ## ----------------- ## ## LTDL_INIT Options ## ## ----------------- ## m4_define([_LTDL_MODE], []) LT_OPTION_DEFINE([LTDL_INIT], [nonrecursive], [m4_define([_LTDL_MODE], [nonrecursive])]) LT_OPTION_DEFINE([LTDL_INIT], [recursive], [m4_define([_LTDL_MODE], [recursive])]) LT_OPTION_DEFINE([LTDL_INIT], [subproject], [m4_define([_LTDL_MODE], [subproject])]) m4_define([_LTDL_TYPE], []) LT_OPTION_DEFINE([LTDL_INIT], [installable], [m4_define([_LTDL_TYPE], [installable])]) LT_OPTION_DEFINE([LTDL_INIT], [convenience], [m4_define([_LTDL_TYPE], [convenience])]) mech_eap-0.9.2/Makefile.am0000644001755200017500000000015012406014472012243 00000000000000AUTOMAKE_OPTIONS = foreign ACLOCAL_AMFLAGS = -I m4 SUBDIRS = libeap mech_eap EXTRA_DIST = mech_eap.spec mech_eap-0.9.2/mech_eap/0000755001755200017500000000000012406014773012040 500000000000000mech_eap-0.9.2/mech_eap/util_cksum.c0000644001755200017500000001776612406014472014320 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * Copyright 1993 by OpenVision Technologies, Inc. * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and * that both that copyright notice and this permission notice appear in * supporting documentation, and that the name of OpenVision not be used * in advertising or publicity pertaining to distribution of the software * without specific, written prior permission. OpenVision makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. * * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR * PERFORMANCE OF THIS SOFTWARE. */ /* * Message protection services: checksum helpers. */ #include "gssapiP_eap.h" static int gssEapChecksum(krb5_context context, krb5_cksumtype type, size_t rrc, #ifdef HAVE_HEIMDAL_VERSION krb5_crypto crypto, #else krb5_keyblock *crypto, #endif krb5_keyusage sign_usage, gss_iov_buffer_desc *iov, int iov_count, int verify, int *valid) { krb5_error_code code; gss_iov_buffer_desc *header; gss_iov_buffer_desc *trailer; krb5_crypto_iov *kiov; size_t kiov_count; int i = 0, j; size_t k5_checksumlen; if (verify) *valid = FALSE; code = krbCryptoLength(context, crypto, KRB5_CRYPTO_TYPE_CHECKSUM, &k5_checksumlen); if (code != 0) return code; header = gssEapLocateIov(iov, iov_count, GSS_IOV_BUFFER_TYPE_HEADER); GSSEAP_ASSERT(header != NULL); trailer = gssEapLocateIov(iov, iov_count, GSS_IOV_BUFFER_TYPE_TRAILER); GSSEAP_ASSERT(rrc != 0 || trailer != NULL); if (trailer == NULL) { if (rrc != k5_checksumlen) return KRB5_BAD_MSIZE; if (header->buffer.length != 16 + k5_checksumlen) return KRB5_BAD_MSIZE; } else if (trailer->buffer.length != k5_checksumlen) return KRB5_BAD_MSIZE; kiov_count = 2 + iov_count; kiov = (krb5_crypto_iov *)GSSEAP_MALLOC(kiov_count * sizeof(krb5_crypto_iov)); if (kiov == NULL) return ENOMEM; /* Checksum over ( Data | Header ) */ /* Data */ for (j = 0; j < iov_count; j++) { kiov[i].flags = gssEapMapCryptoFlag(iov[j].type); kiov[i].data.length = iov[j].buffer.length; kiov[i].data.data = (char *)iov[j].buffer.value; i++; } /* Header */ kiov[i].flags = KRB5_CRYPTO_TYPE_SIGN_ONLY; kiov[i].data.length = 16; kiov[i].data.data = (char *)header->buffer.value; i++; /* Checksum */ kiov[i].flags = KRB5_CRYPTO_TYPE_CHECKSUM; if (trailer == NULL) { kiov[i].data.length = header->buffer.length - 16; kiov[i].data.data = (char *)header->buffer.value + 16; } else { kiov[i].data.length = trailer->buffer.length; kiov[i].data.data = (char *)trailer->buffer.value; } i++; #ifdef HAVE_HEIMDAL_VERSION if (verify) { code = krb5_verify_checksum_iov(context, crypto, sign_usage, kiov, kiov_count, &type); *valid = (code == 0); } else { code = krb5_create_checksum_iov(context, crypto, sign_usage, kiov, kiov_count, &type); } #else if (verify) { krb5_boolean kvalid = FALSE; code = krb5_c_verify_checksum_iov(context, type, crypto, sign_usage, kiov, kiov_count, &kvalid); *valid = kvalid; } else { code = krb5_c_make_checksum_iov(context, type, crypto, sign_usage, kiov, kiov_count); } #endif /* HAVE_HEIMDAL_VERSION */ GSSEAP_FREE(kiov); return code; } int gssEapSign(krb5_context context, krb5_cksumtype type, size_t rrc, #ifdef HAVE_HEIMDAL_VERSION krb5_crypto crypto, #else krb5_keyblock *crypto, #endif krb5_keyusage sign_usage, gss_iov_buffer_desc *iov, int iov_count) { return gssEapChecksum(context, type, rrc, crypto, sign_usage, iov, iov_count, 0, NULL); } int gssEapVerify(krb5_context context, krb5_cksumtype type, size_t rrc, #ifdef HAVE_HEIMDAL_VERSION krb5_crypto crypto, #else krb5_keyblock *crypto, #endif krb5_keyusage sign_usage, gss_iov_buffer_desc *iov, int iov_count, int *valid) { return gssEapChecksum(context, type, rrc, crypto, sign_usage, iov, iov_count, 1, valid); } #if 0 OM_uint32 gssEapEncodeGssChannelBindings(OM_uint32 *minor, gss_channel_bindings_t chanBindings, gss_buffer_t encodedBindings) { OM_uint32 major, tmpMinor; size_t length; unsigned char *p; if (chanBindings != GSS_C_NO_CHANNEL_BINDINGS) { length = 24; length += chanBindings->initiator_address.length; length += chanBindings->acceptor_address.length; length += chanBindings->application_data.length; encodedBindings->value = GSSEAP_MALLOC(length); if (encodedBindings->value == NULL) { *minor = ENOMEM; return GSS_S_FAILURE; } encodedBindings->length = length; p = (unsigned char *)encodedBindings->value; store_uint32_be(chanBindings->initiator_addrtype, p); store_buffer(&chanBindings->initiator_address, p + 4, 0); p += 4 + chanBindings->initiator_address.length; store_uint32_be(chanBindings->acceptor_addrtype, p); store_buffer(&chanBindings->acceptor_address, p + 4, 0); p += 4 + chanBindings->acceptor_address.length; store_buffer(&chanBindings->application_data, p, 1); p += chanBindings->application_data.length; } else { encodedBindings->length = 0; encodedBindings->value = NULL; } *minor = 0; return GSS_S_COMPLETE; } #endif mech_eap-0.9.2/mech_eap/inquire_names_for_mech.c0000644001755200017500000000516612406014472016631 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * Return supported name OID types. */ #include "gssapiP_eap.h" OM_uint32 GSSAPI_CALLCONV gss_inquire_names_for_mech(OM_uint32 *minor, gss_OID mechanism, gss_OID_set *ret_name_types) { OM_uint32 major, tmpMinor; gss_OID nameTypes[] = { GSS_C_NT_USER_NAME, GSS_C_NT_HOSTBASED_SERVICE, GSS_C_NT_EXPORT_NAME, #ifdef HAVE_GSS_C_NT_COMPOSITE_EXPORT GSS_C_NT_COMPOSITE_EXPORT, #endif GSS_EAP_NT_EAP_NAME, GSS_C_NT_ANONYMOUS, }; size_t i; if (!gssEapIsMechanismOid(mechanism)) { *minor = GSSEAP_WRONG_MECH; return GSS_S_BAD_MECH; } major = gss_create_empty_oid_set(minor, ret_name_types); if (GSS_ERROR(major)) goto cleanup; for (i = 0; i < sizeof(nameTypes)/sizeof(nameTypes[0]); i++) { major = gss_add_oid_set_member(minor, nameTypes[i], ret_name_types); if (GSS_ERROR(major)) goto cleanup; } cleanup: if (GSS_ERROR(major)) gss_release_oid_set(&tmpMinor, ret_name_types); return major; } mech_eap-0.9.2/mech_eap/release_name.c0000644001755200017500000000335212406014472014543 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * Release a name. */ #include "gssapiP_eap.h" OM_uint32 GSSAPI_CALLCONV gss_release_name(OM_uint32 *minor, gss_name_t *name) { return gssEapReleaseName(minor, name); } mech_eap-0.9.2/mech_eap/get_name_attribute.c0000644001755200017500000000463112406014472015766 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "gssapiP_eap.h" /* * Wrapper for retrieving a naming attribute. */ OM_uint32 GSSAPI_CALLCONV gss_get_name_attribute(OM_uint32 *minor, gss_name_t name, gss_buffer_t attr, int *authenticated, int *complete, gss_buffer_t value, gss_buffer_t display_value, int *more) { OM_uint32 major; *minor = 0; if (name == GSS_C_NO_NAME) { *minor = EINVAL; return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_BAD_NAME; } GSSEAP_MUTEX_LOCK(&name->mutex); major = gssEapGetNameAttribute(minor, name, attr, authenticated, complete, value, display_value, more); GSSEAP_MUTEX_UNLOCK(&name->mutex); return major; } mech_eap-0.9.2/mech_eap/delete_name_attribute.c0000644001755200017500000000412512406014472016447 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * Wrapper for removing a name attribute. */ #include "gssapiP_eap.h" OM_uint32 GSSAPI_CALLCONV gss_delete_name_attribute(OM_uint32 *minor, gss_name_t name, gss_buffer_t attr) { OM_uint32 major; *minor = 0; if (name == GSS_C_NO_NAME) { *minor = EINVAL; return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_BAD_NAME; } GSSEAP_MUTEX_LOCK(&name->mutex); major = gssEapDeleteNameAttribute(minor, name, attr); GSSEAP_MUTEX_UNLOCK(&name->mutex); return major; } mech_eap-0.9.2/mech_eap/util_radius.h0000644001755200017500000001346112406014472014456 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * RADIUS attribute provider. */ #ifndef _UTIL_RADIUS_H_ #define _UTIL_RADIUS_H_ 1 #ifdef __cplusplus typedef std::pair gss_eap_attrid; #ifdef GSSEAP_ENABLE_ACCEPTOR struct gss_eap_radius_attr_provider : gss_eap_attr_provider { public: gss_eap_radius_attr_provider(void); ~gss_eap_radius_attr_provider(void); bool initWithExistingContext(const gss_eap_attr_ctx *source, const gss_eap_attr_provider *ctx); bool initWithGssContext(const gss_eap_attr_ctx *source, const gss_cred_id_t cred, const gss_ctx_id_t ctx); bool getAttributeTypes(gss_eap_attr_enumeration_cb, void *data) const; bool setAttribute(int complete, const gss_buffer_t attr, const gss_buffer_t value); bool deleteAttribute(const gss_buffer_t attr); bool getAttribute(const gss_buffer_t attr, int *authenticated, int *complete, gss_buffer_t value, gss_buffer_t display_value, int *more) const; gss_any_t mapToAny(int authenticated, gss_buffer_t type_id) const; void releaseAnyNameMapping(gss_buffer_t type_id, gss_any_t input) const; const char *prefix(void) const; const char *name(void) const; bool initWithJsonObject(const gss_eap_attr_ctx *manager, JSONObject &obj); JSONObject jsonRepresentation(void) const; bool getAttribute(const gss_eap_attrid &attrid, int *authenticated, int *complete, gss_buffer_t value, gss_buffer_t display_value, int *more) const; bool setAttribute(int complete, const gss_eap_attrid &attrid, const gss_buffer_t value); bool deleteAttribute(const gss_eap_attrid &attrid); bool getFragmentedAttribute(const gss_eap_attrid &attrid, int *authenticated, int *complete, gss_buffer_t value) const; bool authenticated(void) const { return m_authenticated; } time_t getExpiryTime(void) const; static bool init(void); static void finalize(void); static gss_eap_attr_provider *createAttrContext(void); private: rs_const_avp *getAvps(void) const { return m_vps; } rs_avp *m_vps; bool m_authenticated; }; #endif /* GSSEAP_ENABLE_ACCEPTOR */ /* For now */ extern "C" { #endif #ifdef GSSEAP_ENABLE_ACCEPTOR OM_uint32 gssEapRadiusAddAvp(OM_uint32 *minor, struct rs_packet *pkt, unsigned int type, unsigned int vendor, const gss_buffer_t buffer); OM_uint32 gssEapRadiusGetAvp(OM_uint32 *minor, struct rs_packet *pkt, unsigned int type, unsigned int vendor, gss_buffer_t buffer, int concat); OM_uint32 gssEapRadiusGetRawAvp(OM_uint32 *minor, rs_const_avp *vps, unsigned int type, unsigned int vendor, rs_const_avp **vp); OM_uint32 gssEapRadiusFreeAvps(OM_uint32 *minor, rs_avp **vps); OM_uint32 gssEapRadiusAttrProviderInit(OM_uint32 *minor); OM_uint32 gssEapRadiusAttrProviderFinalize(OM_uint32 *minor); OM_uint32 gssEapRadiusMapError(OM_uint32 *minor, struct rs_error *err); OM_uint32 gssEapCreateRadiusContext(OM_uint32 *minor, gss_cred_id_t cred, struct rs_context **pRadContext); #endif /* GSSEAP_ENABLE_ACCEPTOR */ /* initiator utilities that require only libeap, and not freeradius */ struct wpabuf; OM_uint32 gssEapRadiusAddAttr(OM_uint32 *minor, struct wpabuf **dst, uint16_t type, uint16_t vendor, gss_buffer_t value); /* This really needs to be a function call on Windows */ #define RS_CONFIG_FILE SYSCONFDIR "/radsec.conf" #ifdef __cplusplus } #endif #endif /* _UTIL_RADIUS_H_ */ mech_eap-0.9.2/mech_eap/unwrap.c0000644001755200017500000000555612406014472013447 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * Message protection services: unwrap. */ #include "gssapiP_eap.h" OM_uint32 GSSAPI_CALLCONV gss_unwrap(OM_uint32 *minor, gss_ctx_id_t ctx, gss_buffer_t input_message_buffer, gss_buffer_t output_message_buffer, int *conf_state, gss_qop_t *qop_state) { OM_uint32 major, tmpMinor; gss_iov_buffer_desc iov[2]; if (ctx == GSS_C_NO_CONTEXT) { *minor = EINVAL; return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CONTEXT; } *minor = 0; GSSEAP_MUTEX_LOCK(&ctx->mutex); if (!CTX_IS_ESTABLISHED(ctx)) { major = GSS_S_NO_CONTEXT; *minor = GSSEAP_CONTEXT_INCOMPLETE; goto cleanup; } iov[0].type = GSS_IOV_BUFFER_TYPE_STREAM; iov[0].buffer = *input_message_buffer; iov[1].type = GSS_IOV_BUFFER_TYPE_DATA | GSS_IOV_BUFFER_FLAG_ALLOCATE; iov[1].buffer.value = NULL; iov[1].buffer.length = 0; major = gssEapUnwrapOrVerifyMIC(minor, ctx, conf_state, qop_state, iov, 2, TOK_TYPE_WRAP); if (major == GSS_S_COMPLETE) { *output_message_buffer = iov[1].buffer; } else { if (iov[1].type & GSS_IOV_BUFFER_FLAG_ALLOCATED) gss_release_buffer(&tmpMinor, &iov[1].buffer); } cleanup: GSSEAP_MUTEX_UNLOCK(&ctx->mutex); return major; } mech_eap-0.9.2/mech_eap/Makefile.in0000644001755200017500000042224612406014764014037 00000000000000# Makefile.in generated by automake 1.14.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994-2013 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ VPATH = @srcdir@ am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ *) echo "am__make_running_with_option: internal error: invalid" \ "target option '$${target_option-}' specified" >&2; \ exit 1;; \ esac; \ has_opt=no; \ sane_makeflags=$$MAKEFLAGS; \ if $(am__is_gnu_make); then \ sane_makeflags=$$MFLAGS; \ else \ case $$MAKEFLAGS in \ *\\[\ \ ]*) \ bs=\\; \ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ esac; \ fi; \ skip_next=no; \ strip_trailopt () \ { \ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ }; \ for flg in $$sane_makeflags; do \ test $$skip_next = yes && { skip_next=no; continue; }; \ case $$flg in \ *=*|--*) continue;; \ -*I) strip_trailopt 'I'; skip_next=yes;; \ -*I?*) strip_trailopt 'I';; \ -*O) strip_trailopt 'O'; skip_next=yes;; \ -*O?*) strip_trailopt 'O';; \ -*l) strip_trailopt 'l'; skip_next=yes;; \ -*l?*) strip_trailopt 'l';; \ -[dEDm]) skip_next=yes;; \ -[JT]) skip_next=yes;; \ esac; \ case $$flg in \ *$$target_option*) has_opt=yes; break;; \ esac; \ done; \ test $$has_opt = yes am__make_dryrun = (target_option=n; $(am__make_running_with_option)) am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ @TARGET_WINDOWS_TRUE@am__append_1 = -DCONFIG_WIN32_DEFAULTS -DUSE_INTERNAL_CRYPTO @TARGET_WINDOWS_FALSE@am__append_2 = -DEAP_TLS -DEAP_PEAP -DEAP_TTLS -DEAP_MD5 -DEAP_MSCHAPv2 -DEAP_GTC -DEAP_OTP -DEAP_LEAP -DEAP_PSK -DEAP_PAX -DEAP_SAKE -DEAP_GPSK -DEAP_GPSK_SHA256 -DEAP_SERVER_IDENTITY -DEAP_SERVER_TLS -DEAP_SERVER_PEAP -DEAP_SERVER_TTLS -DEAP_SERVER_MD5 -DEAP_SERVER_MSCHAPV2 -DEAP_SERVER_GTC -DEAP_SERVER_PSK -DEAP_SERVER_PAX -DEAP_SERVER_SAKE -DEAP_SERVER_GPSK -DEAP_SERVER_GPSK_SHA256 -DIEEE8021X_EAPOL @TARGET_WINDOWS_TRUE@am__append_3 = -debug @LIBMOONSHOT_TRUE@am__append_4 = util_moonshot.c @LIBMOONSHOT_TRUE@am__append_5 = @LIBMOONSHOT_CFLAGS@ @LIBMOONSHOT_TRUE@am__append_6 = @LIBMOONSHOT_LDFLAGS@ @LIBMOONSHOT_TRUE@am__append_7 = @LIBMOONSHOT_LIBS@ @GSSEAP_ENABLE_ACCEPTOR_TRUE@am__append_8 = \ @GSSEAP_ENABLE_ACCEPTOR_TRUE@ accept_sec_context.c \ @GSSEAP_ENABLE_ACCEPTOR_TRUE@ delete_name_attribute.c \ @GSSEAP_ENABLE_ACCEPTOR_TRUE@ export_name_composite.c \ @GSSEAP_ENABLE_ACCEPTOR_TRUE@ get_name_attribute.c \ @GSSEAP_ENABLE_ACCEPTOR_TRUE@ inquire_name.c \ @GSSEAP_ENABLE_ACCEPTOR_TRUE@ map_name_to_any.c \ @GSSEAP_ENABLE_ACCEPTOR_TRUE@ release_any_name_mapping.c \ @GSSEAP_ENABLE_ACCEPTOR_TRUE@ set_name_attribute.c \ @GSSEAP_ENABLE_ACCEPTOR_TRUE@ util_attr.cpp \ @GSSEAP_ENABLE_ACCEPTOR_TRUE@ util_base64.c \ @GSSEAP_ENABLE_ACCEPTOR_TRUE@ util_json.cpp @GSSEAP_ENABLE_ACCEPTOR_TRUE@@OPENSAML_TRUE@am__append_9 = util_saml.cpp @GSSEAP_ENABLE_ACCEPTOR_TRUE@@SHIBRESOLVER_TRUE@am__append_10 = util_shib.cpp @GSSEAP_ENABLE_REAUTH_TRUE@am__append_11 = util_reauth.c subdir = mech_eap DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ $(top_srcdir)/build-aux/depcomp $(gssinclude_HEADERS) AUTHORS \ COPYING NEWS README TODO config.guess config.sub install-sh ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ $(top_srcdir)/m4/minuso.m4 $(top_srcdir)/acinclude.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; am__install_max = 40 am__nobase_strip_setup = \ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` am__nobase_strip = \ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" am__nobase_list = $(am__nobase_strip_setup); \ for p in $$list; do echo "$$p $$p"; done | \ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ if (++n[$$2] == $(am__install_max)) \ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ END { for (dir in files) print dir, files[dir] }' am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__uninstall_files_from_dir = { \ test -z "$$files" \ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ $(am__cd) "$$dir" && rm -f $$files; }; \ } am__installdirs = "$(DESTDIR)$(gssdir)" "$(DESTDIR)$(krb5pluginsdir)" \ "$(DESTDIR)$(gssincludedir)" LTLIBRARIES = $(gss_LTLIBRARIES) $(krb5plugins_LTLIBRARIES) am__DEPENDENCIES_1 = am__mech_eap_la_SOURCES_DIST = acquire_cred.c \ acquire_cred_with_password.c add_cred.c \ add_cred_with_password.c authorize_localname.c \ canonicalize_name.c compare_name.c context_time.c \ delete_sec_context.c display_name.c display_name_ext.c \ display_status.c duplicate_name.c eap_mech.c \ exchange_meta_data.c export_name.c export_sec_context.c \ get_mic.c gsseap_err.c import_name.c import_sec_context.c \ indicate_mechs.c init_sec_context.c inquire_attrs_for_mech.c \ inquire_context.c inquire_cred.c inquire_cred_by_mech.c \ inquire_cred_by_oid.c inquire_mech_for_saslname.c \ inquire_mechs_for_name.c inquire_names_for_mech.c \ inquire_saslname_for_mech.c inquire_sec_context_by_oid.c \ process_context_token.c pseudo_random.c query_mechanism_info.c \ query_meta_data.c radsec_err.c release_cred.c release_name.c \ release_oid.c set_cred_option.c set_sec_context_option.c \ store_cred.c unwrap.c unwrap_iov.c util_buffer.c \ util_context.c util_cksum.c util_cred.c util_crypt.c \ util_krb.c util_lucid.c util_mech.c util_name.c util_oid.c \ util_ordering.c util_radius.cpp util_sm.c util_tld.c \ util_token.c verify_mic.c wrap.c wrap_iov.c wrap_iov_length.c \ wrap_size_limit.c gssapiP_eap.h util_attr.h util_base64.h \ util.h util_json.h util_radius.h util_reauth.h util_saml.h \ util_shib.h util_moonshot.c accept_sec_context.c \ delete_name_attribute.c export_name_composite.c \ get_name_attribute.c inquire_name.c map_name_to_any.c \ release_any_name_mapping.c set_name_attribute.c util_attr.cpp \ util_base64.c util_json.cpp util_saml.cpp util_shib.cpp \ util_reauth.c @LIBMOONSHOT_TRUE@am__objects_1 = mech_eap_la-util_moonshot.lo @GSSEAP_ENABLE_ACCEPTOR_TRUE@am__objects_2 = mech_eap_la-accept_sec_context.lo \ @GSSEAP_ENABLE_ACCEPTOR_TRUE@ mech_eap_la-delete_name_attribute.lo \ @GSSEAP_ENABLE_ACCEPTOR_TRUE@ mech_eap_la-export_name_composite.lo \ @GSSEAP_ENABLE_ACCEPTOR_TRUE@ mech_eap_la-get_name_attribute.lo \ @GSSEAP_ENABLE_ACCEPTOR_TRUE@ mech_eap_la-inquire_name.lo \ @GSSEAP_ENABLE_ACCEPTOR_TRUE@ mech_eap_la-map_name_to_any.lo \ @GSSEAP_ENABLE_ACCEPTOR_TRUE@ mech_eap_la-release_any_name_mapping.lo \ @GSSEAP_ENABLE_ACCEPTOR_TRUE@ mech_eap_la-set_name_attribute.lo \ @GSSEAP_ENABLE_ACCEPTOR_TRUE@ mech_eap_la-util_attr.lo \ @GSSEAP_ENABLE_ACCEPTOR_TRUE@ mech_eap_la-util_base64.lo \ @GSSEAP_ENABLE_ACCEPTOR_TRUE@ mech_eap_la-util_json.lo @GSSEAP_ENABLE_ACCEPTOR_TRUE@@OPENSAML_TRUE@am__objects_3 = mech_eap_la-util_saml.lo @GSSEAP_ENABLE_ACCEPTOR_TRUE@@SHIBRESOLVER_TRUE@am__objects_4 = mech_eap_la-util_shib.lo @GSSEAP_ENABLE_REAUTH_TRUE@am__objects_5 = mech_eap_la-util_reauth.lo am_mech_eap_la_OBJECTS = mech_eap_la-acquire_cred.lo \ mech_eap_la-acquire_cred_with_password.lo \ mech_eap_la-add_cred.lo mech_eap_la-add_cred_with_password.lo \ mech_eap_la-authorize_localname.lo \ mech_eap_la-canonicalize_name.lo mech_eap_la-compare_name.lo \ mech_eap_la-context_time.lo mech_eap_la-delete_sec_context.lo \ mech_eap_la-display_name.lo mech_eap_la-display_name_ext.lo \ mech_eap_la-display_status.lo mech_eap_la-duplicate_name.lo \ mech_eap_la-eap_mech.lo mech_eap_la-exchange_meta_data.lo \ mech_eap_la-export_name.lo mech_eap_la-export_sec_context.lo \ mech_eap_la-get_mic.lo mech_eap_la-gsseap_err.lo \ mech_eap_la-import_name.lo mech_eap_la-import_sec_context.lo \ mech_eap_la-indicate_mechs.lo mech_eap_la-init_sec_context.lo \ mech_eap_la-inquire_attrs_for_mech.lo \ mech_eap_la-inquire_context.lo mech_eap_la-inquire_cred.lo \ mech_eap_la-inquire_cred_by_mech.lo \ mech_eap_la-inquire_cred_by_oid.lo \ mech_eap_la-inquire_mech_for_saslname.lo \ mech_eap_la-inquire_mechs_for_name.lo \ mech_eap_la-inquire_names_for_mech.lo \ mech_eap_la-inquire_saslname_for_mech.lo \ mech_eap_la-inquire_sec_context_by_oid.lo \ mech_eap_la-process_context_token.lo \ mech_eap_la-pseudo_random.lo \ mech_eap_la-query_mechanism_info.lo \ mech_eap_la-query_meta_data.lo mech_eap_la-radsec_err.lo \ mech_eap_la-release_cred.lo mech_eap_la-release_name.lo \ mech_eap_la-release_oid.lo mech_eap_la-set_cred_option.lo \ mech_eap_la-set_sec_context_option.lo \ mech_eap_la-store_cred.lo mech_eap_la-unwrap.lo \ mech_eap_la-unwrap_iov.lo mech_eap_la-util_buffer.lo \ mech_eap_la-util_context.lo mech_eap_la-util_cksum.lo \ mech_eap_la-util_cred.lo mech_eap_la-util_crypt.lo \ mech_eap_la-util_krb.lo mech_eap_la-util_lucid.lo \ mech_eap_la-util_mech.lo mech_eap_la-util_name.lo \ mech_eap_la-util_oid.lo mech_eap_la-util_ordering.lo \ mech_eap_la-util_radius.lo mech_eap_la-util_sm.lo \ mech_eap_la-util_tld.lo mech_eap_la-util_token.lo \ mech_eap_la-verify_mic.lo mech_eap_la-wrap.lo \ mech_eap_la-wrap_iov.lo mech_eap_la-wrap_iov_length.lo \ mech_eap_la-wrap_size_limit.lo $(am__objects_1) \ $(am__objects_2) $(am__objects_3) $(am__objects_4) \ $(am__objects_5) mech_eap_la_OBJECTS = $(am_mech_eap_la_OBJECTS) AM_V_lt = $(am__v_lt_@AM_V@) am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) am__v_lt_0 = --silent am__v_lt_1 = mech_eap_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CXX $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CXXLD) $(mech_eap_la_CXXFLAGS) \ $(CXXFLAGS) $(mech_eap_la_LDFLAGS) $(LDFLAGS) -o $@ radius_ad_la_DEPENDENCIES = am__radius_ad_la_SOURCES_DIST = util_adshim.c authdata_plugin.h @GSSEAP_ENABLE_REAUTH_TRUE@@HEIMDAL_FALSE@am_radius_ad_la_OBJECTS = radius_ad_la-util_adshim.lo radius_ad_la_OBJECTS = $(am_radius_ad_la_OBJECTS) radius_ad_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(radius_ad_la_CFLAGS) \ $(CFLAGS) $(radius_ad_la_LDFLAGS) $(LDFLAGS) -o $@ @GSSEAP_ENABLE_REAUTH_TRUE@@HEIMDAL_FALSE@am_radius_ad_la_rpath = \ @GSSEAP_ENABLE_REAUTH_TRUE@@HEIMDAL_FALSE@ -rpath \ @GSSEAP_ENABLE_REAUTH_TRUE@@HEIMDAL_FALSE@ $(krb5pluginsdir) AM_V_P = $(am__v_P_@AM_V@) am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) am__v_P_0 = false am__v_P_1 = : AM_V_GEN = $(am__v_GEN_@AM_V@) am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) am__v_GEN_0 = @echo " GEN " $@; am__v_GEN_1 = AM_V_at = $(am__v_at_@AM_V@) am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) am__v_at_0 = @ am__v_at_1 = DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp am__depfiles_maybe = depfiles am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ $(AM_CFLAGS) $(CFLAGS) AM_V_CC = $(am__v_CC_@AM_V@) am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) am__v_CC_0 = @echo " CC " $@; am__v_CC_1 = CCLD = $(CC) LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(AM_LDFLAGS) $(LDFLAGS) -o $@ AM_V_CCLD = $(am__v_CCLD_@AM_V@) am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) am__v_CCLD_0 = @echo " CCLD " $@; am__v_CCLD_1 = CXXCOMPILE = $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) LTCXXCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CXX $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) \ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ $(AM_CXXFLAGS) $(CXXFLAGS) AM_V_CXX = $(am__v_CXX_@AM_V@) am__v_CXX_ = $(am__v_CXX_@AM_DEFAULT_V@) am__v_CXX_0 = @echo " CXX " $@; am__v_CXX_1 = CXXLD = $(CXX) CXXLINK = $(LIBTOOL) $(AM_V_lt) --tag=CXX $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CXXLD) $(AM_CXXFLAGS) \ $(CXXFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ AM_V_CXXLD = $(am__v_CXXLD_@AM_V@) am__v_CXXLD_ = $(am__v_CXXLD_@AM_DEFAULT_V@) am__v_CXXLD_0 = @echo " CXXLD " $@; am__v_CXXLD_1 = SOURCES = $(mech_eap_la_SOURCES) $(radius_ad_la_SOURCES) DIST_SOURCES = $(am__mech_eap_la_SOURCES_DIST) \ $(am__radius_ad_la_SOURCES_DIST) am__can_run_installinfo = \ case $$AM_UPDATE_INFO_DIR in \ n|no|NO) false;; \ *) (install-info --version) >/dev/null 2>&1;; \ esac HEADERS = $(gssinclude_HEADERS) am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) # Read a list of newline-separated strings from the standard input, # and print each of them once, without duplicates. Input order is # *not* preserved. am__uniquify_input = $(AWK) '\ BEGIN { nonempty = 0; } \ { items[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in items) print i; }; } \ ' # Make sure the list of sources is unique. This is necessary because, # e.g., the same source file might be shared among _SOURCES variables # for different programs/libraries. am__define_uniq_tagged_files = \ list='$(am__tagged_files)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ AS = @AS@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ COMPILE_ET = @COMPILE_ET@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CXX = @CXX@ CXXCPP = @CXXCPP@ CXXDEPMODE = @CXXDEPMODE@ CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DLLTOOL = @DLLTOOL@ DSYMUTIL = @DSYMUTIL@ DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ JANSSON_CFLAGS = @JANSSON_CFLAGS@ JANSSON_LDFLAGS = @JANSSON_LDFLAGS@ JANSSON_LIBS = @JANSSON_LIBS@ KRB5_CFLAGS = @KRB5_CFLAGS@ KRB5_LDFLAGS = @KRB5_LDFLAGS@ KRB5_LIBS = @KRB5_LIBS@ LD = @LD@ LDFLAGS = @LDFLAGS@ LIBMOONSHOT_CFLAGS = @LIBMOONSHOT_CFLAGS@ LIBMOONSHOT_LDFLAGS = @LIBMOONSHOT_LDFLAGS@ LIBMOONSHOT_LIBS = @LIBMOONSHOT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ OPENSAML_CXXFLAGS = @OPENSAML_CXXFLAGS@ OPENSAML_LDFLAGS = @OPENSAML_LDFLAGS@ OPENSAML_LIBS = @OPENSAML_LIBS@ OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ OPENSSL_LDFLAGS = @OPENSSL_LDFLAGS@ OPENSSL_LIBS = @OPENSSL_LIBS@ OTOOL = @OTOOL@ OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ RADSEC_CFLAGS = @RADSEC_CFLAGS@ RADSEC_LDFLAGS = @RADSEC_LDFLAGS@ RADSEC_LIBS = @RADSEC_LIBS@ RANLIB = @RANLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ SHIBRESOLVER_CXXFLAGS = @SHIBRESOLVER_CXXFLAGS@ SHIBRESOLVER_LDFLAGS = @SHIBRESOLVER_LDFLAGS@ SHIBRESOLVER_LIBS = @SHIBRESOLVER_LIBS@ SHIBSP_CXXFLAGS = @SHIBSP_CXXFLAGS@ SHIBSP_LDFLAGS = @SHIBSP_LDFLAGS@ SHIBSP_LIBS = @SHIBSP_LIBS@ STRIP = @STRIP@ TARGET_CFLAGS = @TARGET_CFLAGS@ TARGET_LDFLAGS = @TARGET_LDFLAGS@ VERSION = @VERSION@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ ac_ct_CXX = @ac_ct_CXX@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ AUTOMAKE_OPTIONS = foreign EXTRA_DIST = gsseap_err.et radsec_err.et \ mech_eap.exports mech_eap-noacceptor.exports radius_ad.exports \ LICENSE AUTHORS mech \ README.samba4 NOTES radsec.conf gssincludedir = $(includedir)/gssapi gssinclude_HEADERS = gssapi_eap.h EAP_CFLAGS = -I$(srcdir)/../libeap/src \ -I$(srcdir)/../libeap/src/common \ -I$(srcdir)/../libeap/src/eap_common \ -I$(srcdir)/../libeap/src/utils $(am__append_1) \ $(am__append_2) @GSSEAP_ENABLE_ACCEPTOR_FALSE@GSSEAP_EXPORTS = $(srcdir)/mech_eap-noacceptor.exports @GSSEAP_ENABLE_ACCEPTOR_TRUE@GSSEAP_EXPORTS = $(srcdir)/mech_eap.exports gssdir = $(libdir)/gss gss_LTLIBRARIES = mech_eap.la @TARGET_WINDOWS_FALSE@OS_LIBS = @TARGET_WINDOWS_TRUE@OS_LIBS = -lshell32 -ladvapi32 -lws2_32 -lcomerr32 @TARGET_WINDOWS_FALSE@mech_eap_la_CFLAGS = -Werror -Wall \ @TARGET_WINDOWS_FALSE@ -Wunused-parameter @KRB5_CFLAGS@ \ @TARGET_WINDOWS_FALSE@ @RADSEC_CFLAGS@ @TARGET_CFLAGS@ \ @TARGET_WINDOWS_FALSE@ $(EAP_CFLAGS) $(am__append_5) @TARGET_WINDOWS_TRUE@mech_eap_la_CFLAGS = -Zi @KRB5_CFLAGS@ \ @TARGET_WINDOWS_TRUE@ @RADSEC_CFLAGS@ @TARGET_CFLAGS@ \ @TARGET_WINDOWS_TRUE@ $(EAP_CFLAGS) $(am__append_5) @TARGET_WINDOWS_FALSE@mech_eap_la_CXXFLAGS = -Werror -Wall \ @TARGET_WINDOWS_FALSE@ -Wunused-parameter @KRB5_CFLAGS@ \ @TARGET_WINDOWS_FALSE@ @RADSEC_CFLAGS@ @OPENSAML_CXXFLAGS@ \ @TARGET_WINDOWS_FALSE@ @SHIBRESOLVER_CXXFLAGS@ \ @TARGET_WINDOWS_FALSE@ @SHIBSP_CXXFLAGS@ @TARGET_CFLAGS@ \ @TARGET_WINDOWS_FALSE@ $(EAP_CFLAGS) @TARGET_WINDOWS_TRUE@mech_eap_la_CXXFLAGS = -Zi @KRB5_CFLAGS@ \ @TARGET_WINDOWS_TRUE@ @RADSEC_CFLAGS@ @OPENSAML_CXXFLAGS@ \ @TARGET_WINDOWS_TRUE@ @SHIBRESOLVER_CXXFLAGS@ @SHIBSP_CXXFLAGS@ \ @TARGET_WINDOWS_TRUE@ @TARGET_CFLAGS@ $(EAP_CFLAGS) mech_eap_la_DEPENDENCIES = $(GSSEAP_EXPORTS) mech_eap_la_CPPFLAGS = -DBUILD_GSSEAP_LIB -DSYSCONFDIR=\"${sysconfdir}\" -DDATAROOTDIR=\"${datarootdir}\" mech_eap_la_LDFLAGS = -avoid-version -module -export-symbols \ $(GSSEAP_EXPORTS) -no-undefined @KRB5_LDFLAGS@ \ @RADSEC_LDFLAGS@ @TARGET_LDFLAGS@ @OPENSSL_LDFLAGS@ \ $(am__append_3) $(am__append_6) mech_eap_la_LIBADD = @KRB5_LIBS@ ../libeap/libeap.la @RADSEC_LIBS@ \ @OPENSAML_LIBS@ @SHIBRESOLVER_LIBS@ @SHIBSP_LIBS@ \ @JANSSON_LIBS@ @OPENSSL_LIBS@ $(am__append_7) mech_eap_la_SOURCES = acquire_cred.c acquire_cred_with_password.c \ add_cred.c add_cred_with_password.c authorize_localname.c \ canonicalize_name.c compare_name.c context_time.c \ delete_sec_context.c display_name.c display_name_ext.c \ display_status.c duplicate_name.c eap_mech.c \ exchange_meta_data.c export_name.c export_sec_context.c \ get_mic.c gsseap_err.c import_name.c import_sec_context.c \ indicate_mechs.c init_sec_context.c inquire_attrs_for_mech.c \ inquire_context.c inquire_cred.c inquire_cred_by_mech.c \ inquire_cred_by_oid.c inquire_mech_for_saslname.c \ inquire_mechs_for_name.c inquire_names_for_mech.c \ inquire_saslname_for_mech.c inquire_sec_context_by_oid.c \ process_context_token.c pseudo_random.c query_mechanism_info.c \ query_meta_data.c radsec_err.c release_cred.c release_name.c \ release_oid.c set_cred_option.c set_sec_context_option.c \ store_cred.c unwrap.c unwrap_iov.c util_buffer.c \ util_context.c util_cksum.c util_cred.c util_crypt.c \ util_krb.c util_lucid.c util_mech.c util_name.c util_oid.c \ util_ordering.c util_radius.cpp util_sm.c util_tld.c \ util_token.c verify_mic.c wrap.c wrap_iov.c wrap_iov_length.c \ wrap_size_limit.c gssapiP_eap.h util_attr.h util_base64.h \ util.h util_json.h util_radius.h util_reauth.h util_saml.h \ util_shib.h $(am__append_4) $(am__append_8) $(am__append_9) \ $(am__append_10) $(am__append_11) BUILT_SOURCES = gsseap_err.c radsec_err.c gsseap_err.h radsec_err.h @GSSEAP_ENABLE_REAUTH_TRUE@@HEIMDAL_FALSE@krb5pluginsdir = $(libdir)/krb5/plugins/authdata @GSSEAP_ENABLE_REAUTH_TRUE@@HEIMDAL_FALSE@krb5plugins_LTLIBRARIES = radius_ad.la @GSSEAP_ENABLE_REAUTH_TRUE@@HEIMDAL_FALSE@radius_ad_la_CFLAGS = -Werror -Wall -Wunused-parameter \ @GSSEAP_ENABLE_REAUTH_TRUE@@HEIMDAL_FALSE@ @KRB5_CFLAGS@ $(EAP_CFLAGS) @RADSEC_CFLAGS@ @TARGET_CFLAGS@ @GSSEAP_ENABLE_REAUTH_TRUE@@HEIMDAL_FALSE@radius_ad_la_LDFLAGS = -avoid-version -module \ @GSSEAP_ENABLE_REAUTH_TRUE@@HEIMDAL_FALSE@ -export-symbols $(srcdir)/radius_ad.exports -no-undefined @GSSEAP_ENABLE_REAUTH_TRUE@@HEIMDAL_FALSE@radius_ad_la_LIBADD = @KRB5_LIBS@ @GSSEAP_ENABLE_REAUTH_TRUE@@HEIMDAL_FALSE@radius_ad_la_SOURCES = util_adshim.c authdata_plugin.h all: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) all-am .SUFFIXES: .SUFFIXES: .c .cpp .lo .o .obj $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign mech_eap/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --foreign mech_eap/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): install-gssLTLIBRARIES: $(gss_LTLIBRARIES) @$(NORMAL_INSTALL) @list='$(gss_LTLIBRARIES)'; test -n "$(gssdir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ list2="$$list2 $$p"; \ else :; fi; \ done; \ test -z "$$list2" || { \ echo " $(MKDIR_P) '$(DESTDIR)$(gssdir)'"; \ $(MKDIR_P) "$(DESTDIR)$(gssdir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(gssdir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(gssdir)"; \ } uninstall-gssLTLIBRARIES: @$(NORMAL_UNINSTALL) @list='$(gss_LTLIBRARIES)'; test -n "$(gssdir)" || list=; \ for p in $$list; do \ $(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(gssdir)/$$f'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(gssdir)/$$f"; \ done clean-gssLTLIBRARIES: -test -z "$(gss_LTLIBRARIES)" || rm -f $(gss_LTLIBRARIES) @list='$(gss_LTLIBRARIES)'; \ locs=`for p in $$list; do echo $$p; done | \ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ sort -u`; \ test -z "$$locs" || { \ echo rm -f $${locs}; \ rm -f $${locs}; \ } install-krb5pluginsLTLIBRARIES: $(krb5plugins_LTLIBRARIES) @$(NORMAL_INSTALL) @list='$(krb5plugins_LTLIBRARIES)'; test -n "$(krb5pluginsdir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ list2="$$list2 $$p"; \ else :; fi; \ done; \ test -z "$$list2" || { \ echo " $(MKDIR_P) '$(DESTDIR)$(krb5pluginsdir)'"; \ $(MKDIR_P) "$(DESTDIR)$(krb5pluginsdir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(krb5pluginsdir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(krb5pluginsdir)"; \ } uninstall-krb5pluginsLTLIBRARIES: @$(NORMAL_UNINSTALL) @list='$(krb5plugins_LTLIBRARIES)'; test -n "$(krb5pluginsdir)" || list=; \ for p in $$list; do \ $(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(krb5pluginsdir)/$$f'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(krb5pluginsdir)/$$f"; \ done clean-krb5pluginsLTLIBRARIES: -test -z "$(krb5plugins_LTLIBRARIES)" || rm -f $(krb5plugins_LTLIBRARIES) @list='$(krb5plugins_LTLIBRARIES)'; \ locs=`for p in $$list; do echo $$p; done | \ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ sort -u`; \ test -z "$$locs" || { \ echo rm -f $${locs}; \ rm -f $${locs}; \ } mech_eap.la: $(mech_eap_la_OBJECTS) $(mech_eap_la_DEPENDENCIES) $(EXTRA_mech_eap_la_DEPENDENCIES) $(AM_V_CXXLD)$(mech_eap_la_LINK) -rpath $(gssdir) $(mech_eap_la_OBJECTS) $(mech_eap_la_LIBADD) $(LIBS) radius_ad.la: $(radius_ad_la_OBJECTS) $(radius_ad_la_DEPENDENCIES) $(EXTRA_radius_ad_la_DEPENDENCIES) $(AM_V_CCLD)$(radius_ad_la_LINK) $(am_radius_ad_la_rpath) $(radius_ad_la_OBJECTS) $(radius_ad_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mech_eap_la-accept_sec_context.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mech_eap_la-acquire_cred.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mech_eap_la-acquire_cred_with_password.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mech_eap_la-add_cred.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mech_eap_la-add_cred_with_password.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mech_eap_la-authorize_localname.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mech_eap_la-canonicalize_name.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mech_eap_la-compare_name.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mech_eap_la-context_time.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mech_eap_la-delete_name_attribute.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mech_eap_la-delete_sec_context.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mech_eap_la-display_name.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mech_eap_la-display_name_ext.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mech_eap_la-display_status.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mech_eap_la-duplicate_name.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mech_eap_la-eap_mech.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mech_eap_la-exchange_meta_data.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mech_eap_la-export_name.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mech_eap_la-export_name_composite.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mech_eap_la-export_sec_context.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mech_eap_la-get_mic.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mech_eap_la-get_name_attribute.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mech_eap_la-gsseap_err.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mech_eap_la-import_name.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mech_eap_la-import_sec_context.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mech_eap_la-indicate_mechs.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mech_eap_la-init_sec_context.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mech_eap_la-inquire_attrs_for_mech.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mech_eap_la-inquire_context.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mech_eap_la-inquire_cred.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mech_eap_la-inquire_cred_by_mech.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mech_eap_la-inquire_cred_by_oid.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mech_eap_la-inquire_mech_for_saslname.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mech_eap_la-inquire_mechs_for_name.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mech_eap_la-inquire_name.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mech_eap_la-inquire_names_for_mech.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mech_eap_la-inquire_saslname_for_mech.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mech_eap_la-inquire_sec_context_by_oid.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mech_eap_la-map_name_to_any.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mech_eap_la-process_context_token.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mech_eap_la-pseudo_random.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mech_eap_la-query_mechanism_info.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mech_eap_la-query_meta_data.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mech_eap_la-radsec_err.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mech_eap_la-release_any_name_mapping.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mech_eap_la-release_cred.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mech_eap_la-release_name.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mech_eap_la-release_oid.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mech_eap_la-set_cred_option.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mech_eap_la-set_name_attribute.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mech_eap_la-set_sec_context_option.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mech_eap_la-store_cred.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mech_eap_la-unwrap.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mech_eap_la-unwrap_iov.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mech_eap_la-util_attr.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mech_eap_la-util_base64.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mech_eap_la-util_buffer.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mech_eap_la-util_cksum.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mech_eap_la-util_context.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mech_eap_la-util_cred.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mech_eap_la-util_crypt.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mech_eap_la-util_json.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mech_eap_la-util_krb.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mech_eap_la-util_lucid.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mech_eap_la-util_mech.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mech_eap_la-util_moonshot.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mech_eap_la-util_name.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mech_eap_la-util_oid.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mech_eap_la-util_ordering.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mech_eap_la-util_radius.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mech_eap_la-util_reauth.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mech_eap_la-util_saml.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mech_eap_la-util_shib.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mech_eap_la-util_sm.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mech_eap_la-util_tld.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mech_eap_la-util_token.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mech_eap_la-verify_mic.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mech_eap_la-wrap.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mech_eap_la-wrap_iov.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mech_eap_la-wrap_iov_length.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mech_eap_la-wrap_size_limit.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/radius_ad_la-util_adshim.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $< .c.obj: @am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< mech_eap_la-acquire_cred.lo: acquire_cred.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -MT mech_eap_la-acquire_cred.lo -MD -MP -MF $(DEPDIR)/mech_eap_la-acquire_cred.Tpo -c -o mech_eap_la-acquire_cred.lo `test -f 'acquire_cred.c' || echo '$(srcdir)/'`acquire_cred.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mech_eap_la-acquire_cred.Tpo $(DEPDIR)/mech_eap_la-acquire_cred.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='acquire_cred.c' object='mech_eap_la-acquire_cred.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -c -o mech_eap_la-acquire_cred.lo `test -f 'acquire_cred.c' || echo '$(srcdir)/'`acquire_cred.c mech_eap_la-acquire_cred_with_password.lo: acquire_cred_with_password.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -MT mech_eap_la-acquire_cred_with_password.lo -MD -MP -MF $(DEPDIR)/mech_eap_la-acquire_cred_with_password.Tpo -c -o mech_eap_la-acquire_cred_with_password.lo `test -f 'acquire_cred_with_password.c' || echo '$(srcdir)/'`acquire_cred_with_password.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mech_eap_la-acquire_cred_with_password.Tpo $(DEPDIR)/mech_eap_la-acquire_cred_with_password.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='acquire_cred_with_password.c' object='mech_eap_la-acquire_cred_with_password.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -c -o mech_eap_la-acquire_cred_with_password.lo `test -f 'acquire_cred_with_password.c' || echo '$(srcdir)/'`acquire_cred_with_password.c mech_eap_la-add_cred.lo: add_cred.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -MT mech_eap_la-add_cred.lo -MD -MP -MF $(DEPDIR)/mech_eap_la-add_cred.Tpo -c -o mech_eap_la-add_cred.lo `test -f 'add_cred.c' || echo '$(srcdir)/'`add_cred.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mech_eap_la-add_cred.Tpo $(DEPDIR)/mech_eap_la-add_cred.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='add_cred.c' object='mech_eap_la-add_cred.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -c -o mech_eap_la-add_cred.lo `test -f 'add_cred.c' || echo '$(srcdir)/'`add_cred.c mech_eap_la-add_cred_with_password.lo: add_cred_with_password.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -MT mech_eap_la-add_cred_with_password.lo -MD -MP -MF $(DEPDIR)/mech_eap_la-add_cred_with_password.Tpo -c -o mech_eap_la-add_cred_with_password.lo `test -f 'add_cred_with_password.c' || echo '$(srcdir)/'`add_cred_with_password.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mech_eap_la-add_cred_with_password.Tpo $(DEPDIR)/mech_eap_la-add_cred_with_password.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='add_cred_with_password.c' object='mech_eap_la-add_cred_with_password.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -c -o mech_eap_la-add_cred_with_password.lo `test -f 'add_cred_with_password.c' || echo '$(srcdir)/'`add_cred_with_password.c mech_eap_la-authorize_localname.lo: authorize_localname.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -MT mech_eap_la-authorize_localname.lo -MD -MP -MF $(DEPDIR)/mech_eap_la-authorize_localname.Tpo -c -o mech_eap_la-authorize_localname.lo `test -f 'authorize_localname.c' || echo '$(srcdir)/'`authorize_localname.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mech_eap_la-authorize_localname.Tpo $(DEPDIR)/mech_eap_la-authorize_localname.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='authorize_localname.c' object='mech_eap_la-authorize_localname.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -c -o mech_eap_la-authorize_localname.lo `test -f 'authorize_localname.c' || echo '$(srcdir)/'`authorize_localname.c mech_eap_la-canonicalize_name.lo: canonicalize_name.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -MT mech_eap_la-canonicalize_name.lo -MD -MP -MF $(DEPDIR)/mech_eap_la-canonicalize_name.Tpo -c -o mech_eap_la-canonicalize_name.lo `test -f 'canonicalize_name.c' || echo '$(srcdir)/'`canonicalize_name.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mech_eap_la-canonicalize_name.Tpo $(DEPDIR)/mech_eap_la-canonicalize_name.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='canonicalize_name.c' object='mech_eap_la-canonicalize_name.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -c -o mech_eap_la-canonicalize_name.lo `test -f 'canonicalize_name.c' || echo '$(srcdir)/'`canonicalize_name.c mech_eap_la-compare_name.lo: compare_name.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -MT mech_eap_la-compare_name.lo -MD -MP -MF $(DEPDIR)/mech_eap_la-compare_name.Tpo -c -o mech_eap_la-compare_name.lo `test -f 'compare_name.c' || echo '$(srcdir)/'`compare_name.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mech_eap_la-compare_name.Tpo $(DEPDIR)/mech_eap_la-compare_name.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='compare_name.c' object='mech_eap_la-compare_name.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -c -o mech_eap_la-compare_name.lo `test -f 'compare_name.c' || echo '$(srcdir)/'`compare_name.c mech_eap_la-context_time.lo: context_time.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -MT mech_eap_la-context_time.lo -MD -MP -MF $(DEPDIR)/mech_eap_la-context_time.Tpo -c -o mech_eap_la-context_time.lo `test -f 'context_time.c' || echo '$(srcdir)/'`context_time.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mech_eap_la-context_time.Tpo $(DEPDIR)/mech_eap_la-context_time.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='context_time.c' object='mech_eap_la-context_time.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -c -o mech_eap_la-context_time.lo `test -f 'context_time.c' || echo '$(srcdir)/'`context_time.c mech_eap_la-delete_sec_context.lo: delete_sec_context.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -MT mech_eap_la-delete_sec_context.lo -MD -MP -MF $(DEPDIR)/mech_eap_la-delete_sec_context.Tpo -c -o mech_eap_la-delete_sec_context.lo `test -f 'delete_sec_context.c' || echo '$(srcdir)/'`delete_sec_context.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mech_eap_la-delete_sec_context.Tpo $(DEPDIR)/mech_eap_la-delete_sec_context.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='delete_sec_context.c' object='mech_eap_la-delete_sec_context.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -c -o mech_eap_la-delete_sec_context.lo `test -f 'delete_sec_context.c' || echo '$(srcdir)/'`delete_sec_context.c mech_eap_la-display_name.lo: display_name.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -MT mech_eap_la-display_name.lo -MD -MP -MF $(DEPDIR)/mech_eap_la-display_name.Tpo -c -o mech_eap_la-display_name.lo `test -f 'display_name.c' || echo '$(srcdir)/'`display_name.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mech_eap_la-display_name.Tpo $(DEPDIR)/mech_eap_la-display_name.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='display_name.c' object='mech_eap_la-display_name.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -c -o mech_eap_la-display_name.lo `test -f 'display_name.c' || echo '$(srcdir)/'`display_name.c mech_eap_la-display_name_ext.lo: display_name_ext.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -MT mech_eap_la-display_name_ext.lo -MD -MP -MF $(DEPDIR)/mech_eap_la-display_name_ext.Tpo -c -o mech_eap_la-display_name_ext.lo `test -f 'display_name_ext.c' || echo '$(srcdir)/'`display_name_ext.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mech_eap_la-display_name_ext.Tpo $(DEPDIR)/mech_eap_la-display_name_ext.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='display_name_ext.c' object='mech_eap_la-display_name_ext.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -c -o mech_eap_la-display_name_ext.lo `test -f 'display_name_ext.c' || echo '$(srcdir)/'`display_name_ext.c mech_eap_la-display_status.lo: display_status.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -MT mech_eap_la-display_status.lo -MD -MP -MF $(DEPDIR)/mech_eap_la-display_status.Tpo -c -o mech_eap_la-display_status.lo `test -f 'display_status.c' || echo '$(srcdir)/'`display_status.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mech_eap_la-display_status.Tpo $(DEPDIR)/mech_eap_la-display_status.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='display_status.c' object='mech_eap_la-display_status.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -c -o mech_eap_la-display_status.lo `test -f 'display_status.c' || echo '$(srcdir)/'`display_status.c mech_eap_la-duplicate_name.lo: duplicate_name.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -MT mech_eap_la-duplicate_name.lo -MD -MP -MF $(DEPDIR)/mech_eap_la-duplicate_name.Tpo -c -o mech_eap_la-duplicate_name.lo `test -f 'duplicate_name.c' || echo '$(srcdir)/'`duplicate_name.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mech_eap_la-duplicate_name.Tpo $(DEPDIR)/mech_eap_la-duplicate_name.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='duplicate_name.c' object='mech_eap_la-duplicate_name.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -c -o mech_eap_la-duplicate_name.lo `test -f 'duplicate_name.c' || echo '$(srcdir)/'`duplicate_name.c mech_eap_la-eap_mech.lo: eap_mech.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -MT mech_eap_la-eap_mech.lo -MD -MP -MF $(DEPDIR)/mech_eap_la-eap_mech.Tpo -c -o mech_eap_la-eap_mech.lo `test -f 'eap_mech.c' || echo '$(srcdir)/'`eap_mech.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mech_eap_la-eap_mech.Tpo $(DEPDIR)/mech_eap_la-eap_mech.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='eap_mech.c' object='mech_eap_la-eap_mech.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -c -o mech_eap_la-eap_mech.lo `test -f 'eap_mech.c' || echo '$(srcdir)/'`eap_mech.c mech_eap_la-exchange_meta_data.lo: exchange_meta_data.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -MT mech_eap_la-exchange_meta_data.lo -MD -MP -MF $(DEPDIR)/mech_eap_la-exchange_meta_data.Tpo -c -o mech_eap_la-exchange_meta_data.lo `test -f 'exchange_meta_data.c' || echo '$(srcdir)/'`exchange_meta_data.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mech_eap_la-exchange_meta_data.Tpo $(DEPDIR)/mech_eap_la-exchange_meta_data.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='exchange_meta_data.c' object='mech_eap_la-exchange_meta_data.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -c -o mech_eap_la-exchange_meta_data.lo `test -f 'exchange_meta_data.c' || echo '$(srcdir)/'`exchange_meta_data.c mech_eap_la-export_name.lo: export_name.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -MT mech_eap_la-export_name.lo -MD -MP -MF $(DEPDIR)/mech_eap_la-export_name.Tpo -c -o mech_eap_la-export_name.lo `test -f 'export_name.c' || echo '$(srcdir)/'`export_name.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mech_eap_la-export_name.Tpo $(DEPDIR)/mech_eap_la-export_name.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='export_name.c' object='mech_eap_la-export_name.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -c -o mech_eap_la-export_name.lo `test -f 'export_name.c' || echo '$(srcdir)/'`export_name.c mech_eap_la-export_sec_context.lo: export_sec_context.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -MT mech_eap_la-export_sec_context.lo -MD -MP -MF $(DEPDIR)/mech_eap_la-export_sec_context.Tpo -c -o mech_eap_la-export_sec_context.lo `test -f 'export_sec_context.c' || echo '$(srcdir)/'`export_sec_context.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mech_eap_la-export_sec_context.Tpo $(DEPDIR)/mech_eap_la-export_sec_context.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='export_sec_context.c' object='mech_eap_la-export_sec_context.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -c -o mech_eap_la-export_sec_context.lo `test -f 'export_sec_context.c' || echo '$(srcdir)/'`export_sec_context.c mech_eap_la-get_mic.lo: get_mic.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -MT mech_eap_la-get_mic.lo -MD -MP -MF $(DEPDIR)/mech_eap_la-get_mic.Tpo -c -o mech_eap_la-get_mic.lo `test -f 'get_mic.c' || echo '$(srcdir)/'`get_mic.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mech_eap_la-get_mic.Tpo $(DEPDIR)/mech_eap_la-get_mic.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='get_mic.c' object='mech_eap_la-get_mic.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -c -o mech_eap_la-get_mic.lo `test -f 'get_mic.c' || echo '$(srcdir)/'`get_mic.c mech_eap_la-gsseap_err.lo: gsseap_err.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -MT mech_eap_la-gsseap_err.lo -MD -MP -MF $(DEPDIR)/mech_eap_la-gsseap_err.Tpo -c -o mech_eap_la-gsseap_err.lo `test -f 'gsseap_err.c' || echo '$(srcdir)/'`gsseap_err.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mech_eap_la-gsseap_err.Tpo $(DEPDIR)/mech_eap_la-gsseap_err.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='gsseap_err.c' object='mech_eap_la-gsseap_err.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -c -o mech_eap_la-gsseap_err.lo `test -f 'gsseap_err.c' || echo '$(srcdir)/'`gsseap_err.c mech_eap_la-import_name.lo: import_name.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -MT mech_eap_la-import_name.lo -MD -MP -MF $(DEPDIR)/mech_eap_la-import_name.Tpo -c -o mech_eap_la-import_name.lo `test -f 'import_name.c' || echo '$(srcdir)/'`import_name.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mech_eap_la-import_name.Tpo $(DEPDIR)/mech_eap_la-import_name.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='import_name.c' object='mech_eap_la-import_name.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -c -o mech_eap_la-import_name.lo `test -f 'import_name.c' || echo '$(srcdir)/'`import_name.c mech_eap_la-import_sec_context.lo: import_sec_context.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -MT mech_eap_la-import_sec_context.lo -MD -MP -MF $(DEPDIR)/mech_eap_la-import_sec_context.Tpo -c -o mech_eap_la-import_sec_context.lo `test -f 'import_sec_context.c' || echo '$(srcdir)/'`import_sec_context.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mech_eap_la-import_sec_context.Tpo $(DEPDIR)/mech_eap_la-import_sec_context.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='import_sec_context.c' object='mech_eap_la-import_sec_context.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -c -o mech_eap_la-import_sec_context.lo `test -f 'import_sec_context.c' || echo '$(srcdir)/'`import_sec_context.c mech_eap_la-indicate_mechs.lo: indicate_mechs.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -MT mech_eap_la-indicate_mechs.lo -MD -MP -MF $(DEPDIR)/mech_eap_la-indicate_mechs.Tpo -c -o mech_eap_la-indicate_mechs.lo `test -f 'indicate_mechs.c' || echo '$(srcdir)/'`indicate_mechs.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mech_eap_la-indicate_mechs.Tpo $(DEPDIR)/mech_eap_la-indicate_mechs.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='indicate_mechs.c' object='mech_eap_la-indicate_mechs.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -c -o mech_eap_la-indicate_mechs.lo `test -f 'indicate_mechs.c' || echo '$(srcdir)/'`indicate_mechs.c mech_eap_la-init_sec_context.lo: init_sec_context.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -MT mech_eap_la-init_sec_context.lo -MD -MP -MF $(DEPDIR)/mech_eap_la-init_sec_context.Tpo -c -o mech_eap_la-init_sec_context.lo `test -f 'init_sec_context.c' || echo '$(srcdir)/'`init_sec_context.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mech_eap_la-init_sec_context.Tpo $(DEPDIR)/mech_eap_la-init_sec_context.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='init_sec_context.c' object='mech_eap_la-init_sec_context.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -c -o mech_eap_la-init_sec_context.lo `test -f 'init_sec_context.c' || echo '$(srcdir)/'`init_sec_context.c mech_eap_la-inquire_attrs_for_mech.lo: inquire_attrs_for_mech.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -MT mech_eap_la-inquire_attrs_for_mech.lo -MD -MP -MF $(DEPDIR)/mech_eap_la-inquire_attrs_for_mech.Tpo -c -o mech_eap_la-inquire_attrs_for_mech.lo `test -f 'inquire_attrs_for_mech.c' || echo '$(srcdir)/'`inquire_attrs_for_mech.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mech_eap_la-inquire_attrs_for_mech.Tpo $(DEPDIR)/mech_eap_la-inquire_attrs_for_mech.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='inquire_attrs_for_mech.c' object='mech_eap_la-inquire_attrs_for_mech.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -c -o mech_eap_la-inquire_attrs_for_mech.lo `test -f 'inquire_attrs_for_mech.c' || echo '$(srcdir)/'`inquire_attrs_for_mech.c mech_eap_la-inquire_context.lo: inquire_context.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -MT mech_eap_la-inquire_context.lo -MD -MP -MF $(DEPDIR)/mech_eap_la-inquire_context.Tpo -c -o mech_eap_la-inquire_context.lo `test -f 'inquire_context.c' || echo '$(srcdir)/'`inquire_context.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mech_eap_la-inquire_context.Tpo $(DEPDIR)/mech_eap_la-inquire_context.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='inquire_context.c' object='mech_eap_la-inquire_context.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -c -o mech_eap_la-inquire_context.lo `test -f 'inquire_context.c' || echo '$(srcdir)/'`inquire_context.c mech_eap_la-inquire_cred.lo: inquire_cred.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -MT mech_eap_la-inquire_cred.lo -MD -MP -MF $(DEPDIR)/mech_eap_la-inquire_cred.Tpo -c -o mech_eap_la-inquire_cred.lo `test -f 'inquire_cred.c' || echo '$(srcdir)/'`inquire_cred.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mech_eap_la-inquire_cred.Tpo $(DEPDIR)/mech_eap_la-inquire_cred.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='inquire_cred.c' object='mech_eap_la-inquire_cred.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -c -o mech_eap_la-inquire_cred.lo `test -f 'inquire_cred.c' || echo '$(srcdir)/'`inquire_cred.c mech_eap_la-inquire_cred_by_mech.lo: inquire_cred_by_mech.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -MT mech_eap_la-inquire_cred_by_mech.lo -MD -MP -MF $(DEPDIR)/mech_eap_la-inquire_cred_by_mech.Tpo -c -o mech_eap_la-inquire_cred_by_mech.lo `test -f 'inquire_cred_by_mech.c' || echo '$(srcdir)/'`inquire_cred_by_mech.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mech_eap_la-inquire_cred_by_mech.Tpo $(DEPDIR)/mech_eap_la-inquire_cred_by_mech.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='inquire_cred_by_mech.c' object='mech_eap_la-inquire_cred_by_mech.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -c -o mech_eap_la-inquire_cred_by_mech.lo `test -f 'inquire_cred_by_mech.c' || echo '$(srcdir)/'`inquire_cred_by_mech.c mech_eap_la-inquire_cred_by_oid.lo: inquire_cred_by_oid.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -MT mech_eap_la-inquire_cred_by_oid.lo -MD -MP -MF $(DEPDIR)/mech_eap_la-inquire_cred_by_oid.Tpo -c -o mech_eap_la-inquire_cred_by_oid.lo `test -f 'inquire_cred_by_oid.c' || echo '$(srcdir)/'`inquire_cred_by_oid.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mech_eap_la-inquire_cred_by_oid.Tpo $(DEPDIR)/mech_eap_la-inquire_cred_by_oid.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='inquire_cred_by_oid.c' object='mech_eap_la-inquire_cred_by_oid.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -c -o mech_eap_la-inquire_cred_by_oid.lo `test -f 'inquire_cred_by_oid.c' || echo '$(srcdir)/'`inquire_cred_by_oid.c mech_eap_la-inquire_mech_for_saslname.lo: inquire_mech_for_saslname.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -MT mech_eap_la-inquire_mech_for_saslname.lo -MD -MP -MF $(DEPDIR)/mech_eap_la-inquire_mech_for_saslname.Tpo -c -o mech_eap_la-inquire_mech_for_saslname.lo `test -f 'inquire_mech_for_saslname.c' || echo '$(srcdir)/'`inquire_mech_for_saslname.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mech_eap_la-inquire_mech_for_saslname.Tpo $(DEPDIR)/mech_eap_la-inquire_mech_for_saslname.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='inquire_mech_for_saslname.c' object='mech_eap_la-inquire_mech_for_saslname.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -c -o mech_eap_la-inquire_mech_for_saslname.lo `test -f 'inquire_mech_for_saslname.c' || echo '$(srcdir)/'`inquire_mech_for_saslname.c mech_eap_la-inquire_mechs_for_name.lo: inquire_mechs_for_name.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -MT mech_eap_la-inquire_mechs_for_name.lo -MD -MP -MF $(DEPDIR)/mech_eap_la-inquire_mechs_for_name.Tpo -c -o mech_eap_la-inquire_mechs_for_name.lo `test -f 'inquire_mechs_for_name.c' || echo '$(srcdir)/'`inquire_mechs_for_name.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mech_eap_la-inquire_mechs_for_name.Tpo $(DEPDIR)/mech_eap_la-inquire_mechs_for_name.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='inquire_mechs_for_name.c' object='mech_eap_la-inquire_mechs_for_name.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -c -o mech_eap_la-inquire_mechs_for_name.lo `test -f 'inquire_mechs_for_name.c' || echo '$(srcdir)/'`inquire_mechs_for_name.c mech_eap_la-inquire_names_for_mech.lo: inquire_names_for_mech.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -MT mech_eap_la-inquire_names_for_mech.lo -MD -MP -MF $(DEPDIR)/mech_eap_la-inquire_names_for_mech.Tpo -c -o mech_eap_la-inquire_names_for_mech.lo `test -f 'inquire_names_for_mech.c' || echo '$(srcdir)/'`inquire_names_for_mech.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mech_eap_la-inquire_names_for_mech.Tpo $(DEPDIR)/mech_eap_la-inquire_names_for_mech.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='inquire_names_for_mech.c' object='mech_eap_la-inquire_names_for_mech.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -c -o mech_eap_la-inquire_names_for_mech.lo `test -f 'inquire_names_for_mech.c' || echo '$(srcdir)/'`inquire_names_for_mech.c mech_eap_la-inquire_saslname_for_mech.lo: inquire_saslname_for_mech.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -MT mech_eap_la-inquire_saslname_for_mech.lo -MD -MP -MF $(DEPDIR)/mech_eap_la-inquire_saslname_for_mech.Tpo -c -o mech_eap_la-inquire_saslname_for_mech.lo `test -f 'inquire_saslname_for_mech.c' || echo '$(srcdir)/'`inquire_saslname_for_mech.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mech_eap_la-inquire_saslname_for_mech.Tpo $(DEPDIR)/mech_eap_la-inquire_saslname_for_mech.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='inquire_saslname_for_mech.c' object='mech_eap_la-inquire_saslname_for_mech.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -c -o mech_eap_la-inquire_saslname_for_mech.lo `test -f 'inquire_saslname_for_mech.c' || echo '$(srcdir)/'`inquire_saslname_for_mech.c mech_eap_la-inquire_sec_context_by_oid.lo: inquire_sec_context_by_oid.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -MT mech_eap_la-inquire_sec_context_by_oid.lo -MD -MP -MF $(DEPDIR)/mech_eap_la-inquire_sec_context_by_oid.Tpo -c -o mech_eap_la-inquire_sec_context_by_oid.lo `test -f 'inquire_sec_context_by_oid.c' || echo '$(srcdir)/'`inquire_sec_context_by_oid.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mech_eap_la-inquire_sec_context_by_oid.Tpo $(DEPDIR)/mech_eap_la-inquire_sec_context_by_oid.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='inquire_sec_context_by_oid.c' object='mech_eap_la-inquire_sec_context_by_oid.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -c -o mech_eap_la-inquire_sec_context_by_oid.lo `test -f 'inquire_sec_context_by_oid.c' || echo '$(srcdir)/'`inquire_sec_context_by_oid.c mech_eap_la-process_context_token.lo: process_context_token.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -MT mech_eap_la-process_context_token.lo -MD -MP -MF $(DEPDIR)/mech_eap_la-process_context_token.Tpo -c -o mech_eap_la-process_context_token.lo `test -f 'process_context_token.c' || echo '$(srcdir)/'`process_context_token.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mech_eap_la-process_context_token.Tpo $(DEPDIR)/mech_eap_la-process_context_token.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='process_context_token.c' object='mech_eap_la-process_context_token.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -c -o mech_eap_la-process_context_token.lo `test -f 'process_context_token.c' || echo '$(srcdir)/'`process_context_token.c mech_eap_la-pseudo_random.lo: pseudo_random.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -MT mech_eap_la-pseudo_random.lo -MD -MP -MF $(DEPDIR)/mech_eap_la-pseudo_random.Tpo -c -o mech_eap_la-pseudo_random.lo `test -f 'pseudo_random.c' || echo '$(srcdir)/'`pseudo_random.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mech_eap_la-pseudo_random.Tpo $(DEPDIR)/mech_eap_la-pseudo_random.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='pseudo_random.c' object='mech_eap_la-pseudo_random.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -c -o mech_eap_la-pseudo_random.lo `test -f 'pseudo_random.c' || echo '$(srcdir)/'`pseudo_random.c mech_eap_la-query_mechanism_info.lo: query_mechanism_info.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -MT mech_eap_la-query_mechanism_info.lo -MD -MP -MF $(DEPDIR)/mech_eap_la-query_mechanism_info.Tpo -c -o mech_eap_la-query_mechanism_info.lo `test -f 'query_mechanism_info.c' || echo '$(srcdir)/'`query_mechanism_info.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mech_eap_la-query_mechanism_info.Tpo $(DEPDIR)/mech_eap_la-query_mechanism_info.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='query_mechanism_info.c' object='mech_eap_la-query_mechanism_info.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -c -o mech_eap_la-query_mechanism_info.lo `test -f 'query_mechanism_info.c' || echo '$(srcdir)/'`query_mechanism_info.c mech_eap_la-query_meta_data.lo: query_meta_data.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -MT mech_eap_la-query_meta_data.lo -MD -MP -MF $(DEPDIR)/mech_eap_la-query_meta_data.Tpo -c -o mech_eap_la-query_meta_data.lo `test -f 'query_meta_data.c' || echo '$(srcdir)/'`query_meta_data.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mech_eap_la-query_meta_data.Tpo $(DEPDIR)/mech_eap_la-query_meta_data.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='query_meta_data.c' object='mech_eap_la-query_meta_data.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -c -o mech_eap_la-query_meta_data.lo `test -f 'query_meta_data.c' || echo '$(srcdir)/'`query_meta_data.c mech_eap_la-radsec_err.lo: radsec_err.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -MT mech_eap_la-radsec_err.lo -MD -MP -MF $(DEPDIR)/mech_eap_la-radsec_err.Tpo -c -o mech_eap_la-radsec_err.lo `test -f 'radsec_err.c' || echo '$(srcdir)/'`radsec_err.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mech_eap_la-radsec_err.Tpo $(DEPDIR)/mech_eap_la-radsec_err.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='radsec_err.c' object='mech_eap_la-radsec_err.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -c -o mech_eap_la-radsec_err.lo `test -f 'radsec_err.c' || echo '$(srcdir)/'`radsec_err.c mech_eap_la-release_cred.lo: release_cred.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -MT mech_eap_la-release_cred.lo -MD -MP -MF $(DEPDIR)/mech_eap_la-release_cred.Tpo -c -o mech_eap_la-release_cred.lo `test -f 'release_cred.c' || echo '$(srcdir)/'`release_cred.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mech_eap_la-release_cred.Tpo $(DEPDIR)/mech_eap_la-release_cred.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='release_cred.c' object='mech_eap_la-release_cred.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -c -o mech_eap_la-release_cred.lo `test -f 'release_cred.c' || echo '$(srcdir)/'`release_cred.c mech_eap_la-release_name.lo: release_name.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -MT mech_eap_la-release_name.lo -MD -MP -MF $(DEPDIR)/mech_eap_la-release_name.Tpo -c -o mech_eap_la-release_name.lo `test -f 'release_name.c' || echo '$(srcdir)/'`release_name.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mech_eap_la-release_name.Tpo $(DEPDIR)/mech_eap_la-release_name.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='release_name.c' object='mech_eap_la-release_name.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -c -o mech_eap_la-release_name.lo `test -f 'release_name.c' || echo '$(srcdir)/'`release_name.c mech_eap_la-release_oid.lo: release_oid.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -MT mech_eap_la-release_oid.lo -MD -MP -MF $(DEPDIR)/mech_eap_la-release_oid.Tpo -c -o mech_eap_la-release_oid.lo `test -f 'release_oid.c' || echo '$(srcdir)/'`release_oid.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mech_eap_la-release_oid.Tpo $(DEPDIR)/mech_eap_la-release_oid.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='release_oid.c' object='mech_eap_la-release_oid.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -c -o mech_eap_la-release_oid.lo `test -f 'release_oid.c' || echo '$(srcdir)/'`release_oid.c mech_eap_la-set_cred_option.lo: set_cred_option.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -MT mech_eap_la-set_cred_option.lo -MD -MP -MF $(DEPDIR)/mech_eap_la-set_cred_option.Tpo -c -o mech_eap_la-set_cred_option.lo `test -f 'set_cred_option.c' || echo '$(srcdir)/'`set_cred_option.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mech_eap_la-set_cred_option.Tpo $(DEPDIR)/mech_eap_la-set_cred_option.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='set_cred_option.c' object='mech_eap_la-set_cred_option.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -c -o mech_eap_la-set_cred_option.lo `test -f 'set_cred_option.c' || echo '$(srcdir)/'`set_cred_option.c mech_eap_la-set_sec_context_option.lo: set_sec_context_option.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -MT mech_eap_la-set_sec_context_option.lo -MD -MP -MF $(DEPDIR)/mech_eap_la-set_sec_context_option.Tpo -c -o mech_eap_la-set_sec_context_option.lo `test -f 'set_sec_context_option.c' || echo '$(srcdir)/'`set_sec_context_option.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mech_eap_la-set_sec_context_option.Tpo $(DEPDIR)/mech_eap_la-set_sec_context_option.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='set_sec_context_option.c' object='mech_eap_la-set_sec_context_option.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -c -o mech_eap_la-set_sec_context_option.lo `test -f 'set_sec_context_option.c' || echo '$(srcdir)/'`set_sec_context_option.c mech_eap_la-store_cred.lo: store_cred.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -MT mech_eap_la-store_cred.lo -MD -MP -MF $(DEPDIR)/mech_eap_la-store_cred.Tpo -c -o mech_eap_la-store_cred.lo `test -f 'store_cred.c' || echo '$(srcdir)/'`store_cred.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mech_eap_la-store_cred.Tpo $(DEPDIR)/mech_eap_la-store_cred.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='store_cred.c' object='mech_eap_la-store_cred.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -c -o mech_eap_la-store_cred.lo `test -f 'store_cred.c' || echo '$(srcdir)/'`store_cred.c mech_eap_la-unwrap.lo: unwrap.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -MT mech_eap_la-unwrap.lo -MD -MP -MF $(DEPDIR)/mech_eap_la-unwrap.Tpo -c -o mech_eap_la-unwrap.lo `test -f 'unwrap.c' || echo '$(srcdir)/'`unwrap.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mech_eap_la-unwrap.Tpo $(DEPDIR)/mech_eap_la-unwrap.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='unwrap.c' object='mech_eap_la-unwrap.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -c -o mech_eap_la-unwrap.lo `test -f 'unwrap.c' || echo '$(srcdir)/'`unwrap.c mech_eap_la-unwrap_iov.lo: unwrap_iov.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -MT mech_eap_la-unwrap_iov.lo -MD -MP -MF $(DEPDIR)/mech_eap_la-unwrap_iov.Tpo -c -o mech_eap_la-unwrap_iov.lo `test -f 'unwrap_iov.c' || echo '$(srcdir)/'`unwrap_iov.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mech_eap_la-unwrap_iov.Tpo $(DEPDIR)/mech_eap_la-unwrap_iov.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='unwrap_iov.c' object='mech_eap_la-unwrap_iov.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -c -o mech_eap_la-unwrap_iov.lo `test -f 'unwrap_iov.c' || echo '$(srcdir)/'`unwrap_iov.c mech_eap_la-util_buffer.lo: util_buffer.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -MT mech_eap_la-util_buffer.lo -MD -MP -MF $(DEPDIR)/mech_eap_la-util_buffer.Tpo -c -o mech_eap_la-util_buffer.lo `test -f 'util_buffer.c' || echo '$(srcdir)/'`util_buffer.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mech_eap_la-util_buffer.Tpo $(DEPDIR)/mech_eap_la-util_buffer.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='util_buffer.c' object='mech_eap_la-util_buffer.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -c -o mech_eap_la-util_buffer.lo `test -f 'util_buffer.c' || echo '$(srcdir)/'`util_buffer.c mech_eap_la-util_context.lo: util_context.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -MT mech_eap_la-util_context.lo -MD -MP -MF $(DEPDIR)/mech_eap_la-util_context.Tpo -c -o mech_eap_la-util_context.lo `test -f 'util_context.c' || echo '$(srcdir)/'`util_context.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mech_eap_la-util_context.Tpo $(DEPDIR)/mech_eap_la-util_context.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='util_context.c' object='mech_eap_la-util_context.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -c -o mech_eap_la-util_context.lo `test -f 'util_context.c' || echo '$(srcdir)/'`util_context.c mech_eap_la-util_cksum.lo: util_cksum.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -MT mech_eap_la-util_cksum.lo -MD -MP -MF $(DEPDIR)/mech_eap_la-util_cksum.Tpo -c -o mech_eap_la-util_cksum.lo `test -f 'util_cksum.c' || echo '$(srcdir)/'`util_cksum.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mech_eap_la-util_cksum.Tpo $(DEPDIR)/mech_eap_la-util_cksum.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='util_cksum.c' object='mech_eap_la-util_cksum.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -c -o mech_eap_la-util_cksum.lo `test -f 'util_cksum.c' || echo '$(srcdir)/'`util_cksum.c mech_eap_la-util_cred.lo: util_cred.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -MT mech_eap_la-util_cred.lo -MD -MP -MF $(DEPDIR)/mech_eap_la-util_cred.Tpo -c -o mech_eap_la-util_cred.lo `test -f 'util_cred.c' || echo '$(srcdir)/'`util_cred.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mech_eap_la-util_cred.Tpo $(DEPDIR)/mech_eap_la-util_cred.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='util_cred.c' object='mech_eap_la-util_cred.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -c -o mech_eap_la-util_cred.lo `test -f 'util_cred.c' || echo '$(srcdir)/'`util_cred.c mech_eap_la-util_crypt.lo: util_crypt.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -MT mech_eap_la-util_crypt.lo -MD -MP -MF $(DEPDIR)/mech_eap_la-util_crypt.Tpo -c -o mech_eap_la-util_crypt.lo `test -f 'util_crypt.c' || echo '$(srcdir)/'`util_crypt.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mech_eap_la-util_crypt.Tpo $(DEPDIR)/mech_eap_la-util_crypt.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='util_crypt.c' object='mech_eap_la-util_crypt.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -c -o mech_eap_la-util_crypt.lo `test -f 'util_crypt.c' || echo '$(srcdir)/'`util_crypt.c mech_eap_la-util_krb.lo: util_krb.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -MT mech_eap_la-util_krb.lo -MD -MP -MF $(DEPDIR)/mech_eap_la-util_krb.Tpo -c -o mech_eap_la-util_krb.lo `test -f 'util_krb.c' || echo '$(srcdir)/'`util_krb.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mech_eap_la-util_krb.Tpo $(DEPDIR)/mech_eap_la-util_krb.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='util_krb.c' object='mech_eap_la-util_krb.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -c -o mech_eap_la-util_krb.lo `test -f 'util_krb.c' || echo '$(srcdir)/'`util_krb.c mech_eap_la-util_lucid.lo: util_lucid.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -MT mech_eap_la-util_lucid.lo -MD -MP -MF $(DEPDIR)/mech_eap_la-util_lucid.Tpo -c -o mech_eap_la-util_lucid.lo `test -f 'util_lucid.c' || echo '$(srcdir)/'`util_lucid.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mech_eap_la-util_lucid.Tpo $(DEPDIR)/mech_eap_la-util_lucid.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='util_lucid.c' object='mech_eap_la-util_lucid.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -c -o mech_eap_la-util_lucid.lo `test -f 'util_lucid.c' || echo '$(srcdir)/'`util_lucid.c mech_eap_la-util_mech.lo: util_mech.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -MT mech_eap_la-util_mech.lo -MD -MP -MF $(DEPDIR)/mech_eap_la-util_mech.Tpo -c -o mech_eap_la-util_mech.lo `test -f 'util_mech.c' || echo '$(srcdir)/'`util_mech.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mech_eap_la-util_mech.Tpo $(DEPDIR)/mech_eap_la-util_mech.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='util_mech.c' object='mech_eap_la-util_mech.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -c -o mech_eap_la-util_mech.lo `test -f 'util_mech.c' || echo '$(srcdir)/'`util_mech.c mech_eap_la-util_name.lo: util_name.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -MT mech_eap_la-util_name.lo -MD -MP -MF $(DEPDIR)/mech_eap_la-util_name.Tpo -c -o mech_eap_la-util_name.lo `test -f 'util_name.c' || echo '$(srcdir)/'`util_name.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mech_eap_la-util_name.Tpo $(DEPDIR)/mech_eap_la-util_name.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='util_name.c' object='mech_eap_la-util_name.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -c -o mech_eap_la-util_name.lo `test -f 'util_name.c' || echo '$(srcdir)/'`util_name.c mech_eap_la-util_oid.lo: util_oid.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -MT mech_eap_la-util_oid.lo -MD -MP -MF $(DEPDIR)/mech_eap_la-util_oid.Tpo -c -o mech_eap_la-util_oid.lo `test -f 'util_oid.c' || echo '$(srcdir)/'`util_oid.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mech_eap_la-util_oid.Tpo $(DEPDIR)/mech_eap_la-util_oid.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='util_oid.c' object='mech_eap_la-util_oid.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -c -o mech_eap_la-util_oid.lo `test -f 'util_oid.c' || echo '$(srcdir)/'`util_oid.c mech_eap_la-util_ordering.lo: util_ordering.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -MT mech_eap_la-util_ordering.lo -MD -MP -MF $(DEPDIR)/mech_eap_la-util_ordering.Tpo -c -o mech_eap_la-util_ordering.lo `test -f 'util_ordering.c' || echo '$(srcdir)/'`util_ordering.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mech_eap_la-util_ordering.Tpo $(DEPDIR)/mech_eap_la-util_ordering.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='util_ordering.c' object='mech_eap_la-util_ordering.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -c -o mech_eap_la-util_ordering.lo `test -f 'util_ordering.c' || echo '$(srcdir)/'`util_ordering.c mech_eap_la-util_sm.lo: util_sm.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -MT mech_eap_la-util_sm.lo -MD -MP -MF $(DEPDIR)/mech_eap_la-util_sm.Tpo -c -o mech_eap_la-util_sm.lo `test -f 'util_sm.c' || echo '$(srcdir)/'`util_sm.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mech_eap_la-util_sm.Tpo $(DEPDIR)/mech_eap_la-util_sm.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='util_sm.c' object='mech_eap_la-util_sm.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -c -o mech_eap_la-util_sm.lo `test -f 'util_sm.c' || echo '$(srcdir)/'`util_sm.c mech_eap_la-util_tld.lo: util_tld.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -MT mech_eap_la-util_tld.lo -MD -MP -MF $(DEPDIR)/mech_eap_la-util_tld.Tpo -c -o mech_eap_la-util_tld.lo `test -f 'util_tld.c' || echo '$(srcdir)/'`util_tld.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mech_eap_la-util_tld.Tpo $(DEPDIR)/mech_eap_la-util_tld.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='util_tld.c' object='mech_eap_la-util_tld.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -c -o mech_eap_la-util_tld.lo `test -f 'util_tld.c' || echo '$(srcdir)/'`util_tld.c mech_eap_la-util_token.lo: util_token.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -MT mech_eap_la-util_token.lo -MD -MP -MF $(DEPDIR)/mech_eap_la-util_token.Tpo -c -o mech_eap_la-util_token.lo `test -f 'util_token.c' || echo '$(srcdir)/'`util_token.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mech_eap_la-util_token.Tpo $(DEPDIR)/mech_eap_la-util_token.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='util_token.c' object='mech_eap_la-util_token.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -c -o mech_eap_la-util_token.lo `test -f 'util_token.c' || echo '$(srcdir)/'`util_token.c mech_eap_la-verify_mic.lo: verify_mic.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -MT mech_eap_la-verify_mic.lo -MD -MP -MF $(DEPDIR)/mech_eap_la-verify_mic.Tpo -c -o mech_eap_la-verify_mic.lo `test -f 'verify_mic.c' || echo '$(srcdir)/'`verify_mic.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mech_eap_la-verify_mic.Tpo $(DEPDIR)/mech_eap_la-verify_mic.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='verify_mic.c' object='mech_eap_la-verify_mic.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -c -o mech_eap_la-verify_mic.lo `test -f 'verify_mic.c' || echo '$(srcdir)/'`verify_mic.c mech_eap_la-wrap.lo: wrap.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -MT mech_eap_la-wrap.lo -MD -MP -MF $(DEPDIR)/mech_eap_la-wrap.Tpo -c -o mech_eap_la-wrap.lo `test -f 'wrap.c' || echo '$(srcdir)/'`wrap.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mech_eap_la-wrap.Tpo $(DEPDIR)/mech_eap_la-wrap.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='wrap.c' object='mech_eap_la-wrap.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -c -o mech_eap_la-wrap.lo `test -f 'wrap.c' || echo '$(srcdir)/'`wrap.c mech_eap_la-wrap_iov.lo: wrap_iov.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -MT mech_eap_la-wrap_iov.lo -MD -MP -MF $(DEPDIR)/mech_eap_la-wrap_iov.Tpo -c -o mech_eap_la-wrap_iov.lo `test -f 'wrap_iov.c' || echo '$(srcdir)/'`wrap_iov.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mech_eap_la-wrap_iov.Tpo $(DEPDIR)/mech_eap_la-wrap_iov.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='wrap_iov.c' object='mech_eap_la-wrap_iov.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -c -o mech_eap_la-wrap_iov.lo `test -f 'wrap_iov.c' || echo '$(srcdir)/'`wrap_iov.c mech_eap_la-wrap_iov_length.lo: wrap_iov_length.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -MT mech_eap_la-wrap_iov_length.lo -MD -MP -MF $(DEPDIR)/mech_eap_la-wrap_iov_length.Tpo -c -o mech_eap_la-wrap_iov_length.lo `test -f 'wrap_iov_length.c' || echo '$(srcdir)/'`wrap_iov_length.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mech_eap_la-wrap_iov_length.Tpo $(DEPDIR)/mech_eap_la-wrap_iov_length.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='wrap_iov_length.c' object='mech_eap_la-wrap_iov_length.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -c -o mech_eap_la-wrap_iov_length.lo `test -f 'wrap_iov_length.c' || echo '$(srcdir)/'`wrap_iov_length.c mech_eap_la-wrap_size_limit.lo: wrap_size_limit.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -MT mech_eap_la-wrap_size_limit.lo -MD -MP -MF $(DEPDIR)/mech_eap_la-wrap_size_limit.Tpo -c -o mech_eap_la-wrap_size_limit.lo `test -f 'wrap_size_limit.c' || echo '$(srcdir)/'`wrap_size_limit.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mech_eap_la-wrap_size_limit.Tpo $(DEPDIR)/mech_eap_la-wrap_size_limit.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='wrap_size_limit.c' object='mech_eap_la-wrap_size_limit.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -c -o mech_eap_la-wrap_size_limit.lo `test -f 'wrap_size_limit.c' || echo '$(srcdir)/'`wrap_size_limit.c mech_eap_la-util_moonshot.lo: util_moonshot.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -MT mech_eap_la-util_moonshot.lo -MD -MP -MF $(DEPDIR)/mech_eap_la-util_moonshot.Tpo -c -o mech_eap_la-util_moonshot.lo `test -f 'util_moonshot.c' || echo '$(srcdir)/'`util_moonshot.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mech_eap_la-util_moonshot.Tpo $(DEPDIR)/mech_eap_la-util_moonshot.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='util_moonshot.c' object='mech_eap_la-util_moonshot.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -c -o mech_eap_la-util_moonshot.lo `test -f 'util_moonshot.c' || echo '$(srcdir)/'`util_moonshot.c mech_eap_la-accept_sec_context.lo: accept_sec_context.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -MT mech_eap_la-accept_sec_context.lo -MD -MP -MF $(DEPDIR)/mech_eap_la-accept_sec_context.Tpo -c -o mech_eap_la-accept_sec_context.lo `test -f 'accept_sec_context.c' || echo '$(srcdir)/'`accept_sec_context.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mech_eap_la-accept_sec_context.Tpo $(DEPDIR)/mech_eap_la-accept_sec_context.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='accept_sec_context.c' object='mech_eap_la-accept_sec_context.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -c -o mech_eap_la-accept_sec_context.lo `test -f 'accept_sec_context.c' || echo '$(srcdir)/'`accept_sec_context.c mech_eap_la-delete_name_attribute.lo: delete_name_attribute.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -MT mech_eap_la-delete_name_attribute.lo -MD -MP -MF $(DEPDIR)/mech_eap_la-delete_name_attribute.Tpo -c -o mech_eap_la-delete_name_attribute.lo `test -f 'delete_name_attribute.c' || echo '$(srcdir)/'`delete_name_attribute.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mech_eap_la-delete_name_attribute.Tpo $(DEPDIR)/mech_eap_la-delete_name_attribute.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='delete_name_attribute.c' object='mech_eap_la-delete_name_attribute.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -c -o mech_eap_la-delete_name_attribute.lo `test -f 'delete_name_attribute.c' || echo '$(srcdir)/'`delete_name_attribute.c mech_eap_la-export_name_composite.lo: export_name_composite.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -MT mech_eap_la-export_name_composite.lo -MD -MP -MF $(DEPDIR)/mech_eap_la-export_name_composite.Tpo -c -o mech_eap_la-export_name_composite.lo `test -f 'export_name_composite.c' || echo '$(srcdir)/'`export_name_composite.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mech_eap_la-export_name_composite.Tpo $(DEPDIR)/mech_eap_la-export_name_composite.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='export_name_composite.c' object='mech_eap_la-export_name_composite.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -c -o mech_eap_la-export_name_composite.lo `test -f 'export_name_composite.c' || echo '$(srcdir)/'`export_name_composite.c mech_eap_la-get_name_attribute.lo: get_name_attribute.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -MT mech_eap_la-get_name_attribute.lo -MD -MP -MF $(DEPDIR)/mech_eap_la-get_name_attribute.Tpo -c -o mech_eap_la-get_name_attribute.lo `test -f 'get_name_attribute.c' || echo '$(srcdir)/'`get_name_attribute.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mech_eap_la-get_name_attribute.Tpo $(DEPDIR)/mech_eap_la-get_name_attribute.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='get_name_attribute.c' object='mech_eap_la-get_name_attribute.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -c -o mech_eap_la-get_name_attribute.lo `test -f 'get_name_attribute.c' || echo '$(srcdir)/'`get_name_attribute.c mech_eap_la-inquire_name.lo: inquire_name.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -MT mech_eap_la-inquire_name.lo -MD -MP -MF $(DEPDIR)/mech_eap_la-inquire_name.Tpo -c -o mech_eap_la-inquire_name.lo `test -f 'inquire_name.c' || echo '$(srcdir)/'`inquire_name.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mech_eap_la-inquire_name.Tpo $(DEPDIR)/mech_eap_la-inquire_name.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='inquire_name.c' object='mech_eap_la-inquire_name.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -c -o mech_eap_la-inquire_name.lo `test -f 'inquire_name.c' || echo '$(srcdir)/'`inquire_name.c mech_eap_la-map_name_to_any.lo: map_name_to_any.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -MT mech_eap_la-map_name_to_any.lo -MD -MP -MF $(DEPDIR)/mech_eap_la-map_name_to_any.Tpo -c -o mech_eap_la-map_name_to_any.lo `test -f 'map_name_to_any.c' || echo '$(srcdir)/'`map_name_to_any.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mech_eap_la-map_name_to_any.Tpo $(DEPDIR)/mech_eap_la-map_name_to_any.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='map_name_to_any.c' object='mech_eap_la-map_name_to_any.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -c -o mech_eap_la-map_name_to_any.lo `test -f 'map_name_to_any.c' || echo '$(srcdir)/'`map_name_to_any.c mech_eap_la-release_any_name_mapping.lo: release_any_name_mapping.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -MT mech_eap_la-release_any_name_mapping.lo -MD -MP -MF $(DEPDIR)/mech_eap_la-release_any_name_mapping.Tpo -c -o mech_eap_la-release_any_name_mapping.lo `test -f 'release_any_name_mapping.c' || echo '$(srcdir)/'`release_any_name_mapping.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mech_eap_la-release_any_name_mapping.Tpo $(DEPDIR)/mech_eap_la-release_any_name_mapping.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='release_any_name_mapping.c' object='mech_eap_la-release_any_name_mapping.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -c -o mech_eap_la-release_any_name_mapping.lo `test -f 'release_any_name_mapping.c' || echo '$(srcdir)/'`release_any_name_mapping.c mech_eap_la-set_name_attribute.lo: set_name_attribute.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -MT mech_eap_la-set_name_attribute.lo -MD -MP -MF $(DEPDIR)/mech_eap_la-set_name_attribute.Tpo -c -o mech_eap_la-set_name_attribute.lo `test -f 'set_name_attribute.c' || echo '$(srcdir)/'`set_name_attribute.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mech_eap_la-set_name_attribute.Tpo $(DEPDIR)/mech_eap_la-set_name_attribute.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='set_name_attribute.c' object='mech_eap_la-set_name_attribute.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -c -o mech_eap_la-set_name_attribute.lo `test -f 'set_name_attribute.c' || echo '$(srcdir)/'`set_name_attribute.c mech_eap_la-util_base64.lo: util_base64.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -MT mech_eap_la-util_base64.lo -MD -MP -MF $(DEPDIR)/mech_eap_la-util_base64.Tpo -c -o mech_eap_la-util_base64.lo `test -f 'util_base64.c' || echo '$(srcdir)/'`util_base64.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mech_eap_la-util_base64.Tpo $(DEPDIR)/mech_eap_la-util_base64.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='util_base64.c' object='mech_eap_la-util_base64.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -c -o mech_eap_la-util_base64.lo `test -f 'util_base64.c' || echo '$(srcdir)/'`util_base64.c mech_eap_la-util_reauth.lo: util_reauth.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -MT mech_eap_la-util_reauth.lo -MD -MP -MF $(DEPDIR)/mech_eap_la-util_reauth.Tpo -c -o mech_eap_la-util_reauth.lo `test -f 'util_reauth.c' || echo '$(srcdir)/'`util_reauth.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mech_eap_la-util_reauth.Tpo $(DEPDIR)/mech_eap_la-util_reauth.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='util_reauth.c' object='mech_eap_la-util_reauth.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CFLAGS) $(CFLAGS) -c -o mech_eap_la-util_reauth.lo `test -f 'util_reauth.c' || echo '$(srcdir)/'`util_reauth.c radius_ad_la-util_adshim.lo: util_adshim.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(radius_ad_la_CFLAGS) $(CFLAGS) -MT radius_ad_la-util_adshim.lo -MD -MP -MF $(DEPDIR)/radius_ad_la-util_adshim.Tpo -c -o radius_ad_la-util_adshim.lo `test -f 'util_adshim.c' || echo '$(srcdir)/'`util_adshim.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/radius_ad_la-util_adshim.Tpo $(DEPDIR)/radius_ad_la-util_adshim.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='util_adshim.c' object='radius_ad_la-util_adshim.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(radius_ad_la_CFLAGS) $(CFLAGS) -c -o radius_ad_la-util_adshim.lo `test -f 'util_adshim.c' || echo '$(srcdir)/'`util_adshim.c .cpp.o: @am__fastdepCXX_TRUE@ $(AM_V_CXX)$(CXXCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCXX_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCXX_FALSE@ $(AM_V_CXX)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCXX_FALSE@ $(AM_V_CXX@am__nodep@)$(CXXCOMPILE) -c -o $@ $< .cpp.obj: @am__fastdepCXX_TRUE@ $(AM_V_CXX)$(CXXCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCXX_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCXX_FALSE@ $(AM_V_CXX)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCXX_FALSE@ $(AM_V_CXX@am__nodep@)$(CXXCOMPILE) -c -o $@ `$(CYGPATH_W) '$<'` .cpp.lo: @am__fastdepCXX_TRUE@ $(AM_V_CXX)$(LTCXXCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCXX_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCXX_FALSE@ $(AM_V_CXX)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCXX_FALSE@ $(AM_V_CXX@am__nodep@)$(LTCXXCOMPILE) -c -o $@ $< mech_eap_la-util_radius.lo: util_radius.cpp @am__fastdepCXX_TRUE@ $(AM_V_CXX)$(LIBTOOL) $(AM_V_lt) --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CXXFLAGS) $(CXXFLAGS) -MT mech_eap_la-util_radius.lo -MD -MP -MF $(DEPDIR)/mech_eap_la-util_radius.Tpo -c -o mech_eap_la-util_radius.lo `test -f 'util_radius.cpp' || echo '$(srcdir)/'`util_radius.cpp @am__fastdepCXX_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mech_eap_la-util_radius.Tpo $(DEPDIR)/mech_eap_la-util_radius.Plo @AMDEP_TRUE@@am__fastdepCXX_FALSE@ $(AM_V_CXX)source='util_radius.cpp' object='mech_eap_la-util_radius.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCXX_FALSE@ $(AM_V_CXX@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CXXFLAGS) $(CXXFLAGS) -c -o mech_eap_la-util_radius.lo `test -f 'util_radius.cpp' || echo '$(srcdir)/'`util_radius.cpp mech_eap_la-util_attr.lo: util_attr.cpp @am__fastdepCXX_TRUE@ $(AM_V_CXX)$(LIBTOOL) $(AM_V_lt) --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CXXFLAGS) $(CXXFLAGS) -MT mech_eap_la-util_attr.lo -MD -MP -MF $(DEPDIR)/mech_eap_la-util_attr.Tpo -c -o mech_eap_la-util_attr.lo `test -f 'util_attr.cpp' || echo '$(srcdir)/'`util_attr.cpp @am__fastdepCXX_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mech_eap_la-util_attr.Tpo $(DEPDIR)/mech_eap_la-util_attr.Plo @AMDEP_TRUE@@am__fastdepCXX_FALSE@ $(AM_V_CXX)source='util_attr.cpp' object='mech_eap_la-util_attr.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCXX_FALSE@ $(AM_V_CXX@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CXXFLAGS) $(CXXFLAGS) -c -o mech_eap_la-util_attr.lo `test -f 'util_attr.cpp' || echo '$(srcdir)/'`util_attr.cpp mech_eap_la-util_json.lo: util_json.cpp @am__fastdepCXX_TRUE@ $(AM_V_CXX)$(LIBTOOL) $(AM_V_lt) --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CXXFLAGS) $(CXXFLAGS) -MT mech_eap_la-util_json.lo -MD -MP -MF $(DEPDIR)/mech_eap_la-util_json.Tpo -c -o mech_eap_la-util_json.lo `test -f 'util_json.cpp' || echo '$(srcdir)/'`util_json.cpp @am__fastdepCXX_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mech_eap_la-util_json.Tpo $(DEPDIR)/mech_eap_la-util_json.Plo @AMDEP_TRUE@@am__fastdepCXX_FALSE@ $(AM_V_CXX)source='util_json.cpp' object='mech_eap_la-util_json.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCXX_FALSE@ $(AM_V_CXX@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CXXFLAGS) $(CXXFLAGS) -c -o mech_eap_la-util_json.lo `test -f 'util_json.cpp' || echo '$(srcdir)/'`util_json.cpp mech_eap_la-util_saml.lo: util_saml.cpp @am__fastdepCXX_TRUE@ $(AM_V_CXX)$(LIBTOOL) $(AM_V_lt) --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CXXFLAGS) $(CXXFLAGS) -MT mech_eap_la-util_saml.lo -MD -MP -MF $(DEPDIR)/mech_eap_la-util_saml.Tpo -c -o mech_eap_la-util_saml.lo `test -f 'util_saml.cpp' || echo '$(srcdir)/'`util_saml.cpp @am__fastdepCXX_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mech_eap_la-util_saml.Tpo $(DEPDIR)/mech_eap_la-util_saml.Plo @AMDEP_TRUE@@am__fastdepCXX_FALSE@ $(AM_V_CXX)source='util_saml.cpp' object='mech_eap_la-util_saml.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCXX_FALSE@ $(AM_V_CXX@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CXXFLAGS) $(CXXFLAGS) -c -o mech_eap_la-util_saml.lo `test -f 'util_saml.cpp' || echo '$(srcdir)/'`util_saml.cpp mech_eap_la-util_shib.lo: util_shib.cpp @am__fastdepCXX_TRUE@ $(AM_V_CXX)$(LIBTOOL) $(AM_V_lt) --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CXXFLAGS) $(CXXFLAGS) -MT mech_eap_la-util_shib.lo -MD -MP -MF $(DEPDIR)/mech_eap_la-util_shib.Tpo -c -o mech_eap_la-util_shib.lo `test -f 'util_shib.cpp' || echo '$(srcdir)/'`util_shib.cpp @am__fastdepCXX_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mech_eap_la-util_shib.Tpo $(DEPDIR)/mech_eap_la-util_shib.Plo @AMDEP_TRUE@@am__fastdepCXX_FALSE@ $(AM_V_CXX)source='util_shib.cpp' object='mech_eap_la-util_shib.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCXX_FALSE@ $(AM_V_CXX@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mech_eap_la_CPPFLAGS) $(CPPFLAGS) $(mech_eap_la_CXXFLAGS) $(CXXFLAGS) -c -o mech_eap_la-util_shib.lo `test -f 'util_shib.cpp' || echo '$(srcdir)/'`util_shib.cpp mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs install-gssincludeHEADERS: $(gssinclude_HEADERS) @$(NORMAL_INSTALL) @list='$(gssinclude_HEADERS)'; test -n "$(gssincludedir)" || list=; \ if test -n "$$list"; then \ echo " $(MKDIR_P) '$(DESTDIR)$(gssincludedir)'"; \ $(MKDIR_P) "$(DESTDIR)$(gssincludedir)" || exit 1; \ fi; \ for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; \ done | $(am__base_list) | \ while read files; do \ echo " $(INSTALL_HEADER) $$files '$(DESTDIR)$(gssincludedir)'"; \ $(INSTALL_HEADER) $$files "$(DESTDIR)$(gssincludedir)" || exit $$?; \ done uninstall-gssincludeHEADERS: @$(NORMAL_UNINSTALL) @list='$(gssinclude_HEADERS)'; test -n "$(gssincludedir)" || list=; \ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ dir='$(DESTDIR)$(gssincludedir)'; $(am__uninstall_files_from_dir) ID: $(am__tagged_files) $(am__define_uniq_tagged_files); mkid -fID $$unique tags: tags-am TAGS: tags tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) set x; \ here=`pwd`; \ $(am__define_uniq_tagged_files); \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: ctags-am CTAGS: ctags ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) $(am__define_uniq_tagged_files); \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" cscopelist: cscopelist-am cscopelist-am: $(am__tagged_files) list='$(am__tagged_files)'; \ case "$(srcdir)" in \ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ *) sdir=$(subdir)/$(srcdir) ;; \ esac; \ for i in $$list; do \ if test -f "$$i"; then \ echo "$(subdir)/$$i"; \ else \ echo "$$sdir/$$i"; \ fi; \ done >> $(top_builddir)/cscope.files distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am check: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) check-am all-am: Makefile $(LTLIBRARIES) $(HEADERS) installdirs: for dir in "$(DESTDIR)$(gssdir)" "$(DESTDIR)$(krb5pluginsdir)" "$(DESTDIR)$(gssincludedir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: if test -z '$(STRIP)'; then \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ install; \ else \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ fi mostlyclean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -test -z "$(BUILT_SOURCES)" || rm -f $(BUILT_SOURCES) clean: clean-am clean-am: clean-generic clean-gssLTLIBRARIES \ clean-krb5pluginsLTLIBRARIES clean-libtool mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-gssLTLIBRARIES install-gssincludeHEADERS \ install-krb5pluginsLTLIBRARIES install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-gssLTLIBRARIES uninstall-gssincludeHEADERS \ uninstall-krb5pluginsLTLIBRARIES .MAKE: all check install install-am install-strip .PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \ clean-gssLTLIBRARIES clean-krb5pluginsLTLIBRARIES \ clean-libtool cscopelist-am ctags ctags-am distclean \ distclean-compile distclean-generic distclean-libtool \ distclean-tags distdir dvi dvi-am html html-am info info-am \ install install-am install-data install-data-am install-dvi \ install-dvi-am install-exec install-exec-am \ install-gssLTLIBRARIES install-gssincludeHEADERS install-html \ install-html-am install-info install-info-am \ install-krb5pluginsLTLIBRARIES install-man install-pdf \ install-pdf-am install-ps install-ps-am install-strip \ installcheck installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags tags-am uninstall uninstall-am uninstall-gssLTLIBRARIES \ uninstall-gssincludeHEADERS uninstall-krb5pluginsLTLIBRARIES gsseap_err.h gsseap_err.c: gsseap_err.et $(COMPILE_ET) $< radsec_err.h radsec_err.c: radsec_err.et $(COMPILE_ET) $< radsec_err.c: radsec_err.h clean-generic: rm -f gsseap_err.[ch] radsec_err.[ch] # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: mech_eap-0.9.2/mech_eap/util_token.c0000644001755200017500000003450012406014472014277 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * Portions Copyright 1993 by OpenVision Technologies, Inc. * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and * that both that copyright notice and this permission notice appear in * supporting documentation, and that the name of OpenVision not be used * in advertising or publicity pertaining to distribution of the software * without specific, written prior permission. OpenVision makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. * * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR * PERFORMANCE OF THIS SOFTWARE. */ /* * Utility routines for GSS tokens. */ #include "gssapiP_eap.h" OM_uint32 gssEapEncodeInnerTokens(OM_uint32 *minor, struct gss_eap_token_buffer_set *tokens, gss_buffer_t buffer) { OM_uint32 major, tmpMinor; size_t required = 0, i; unsigned char *p; buffer->value = NULL; buffer->length = 0; for (i = 0; i < tokens->buffers.count; i++) { required += 8 + tokens->buffers.elements[i].length; } /* * We must always return a non-NULL token otherwise the calling state * machine assumes we are finished. Hence care in case malloc(0) does * return NULL. */ buffer->value = GSSEAP_MALLOC(required ? required : 1); if (buffer->value == NULL) { major = GSS_S_FAILURE; *minor = ENOMEM; goto cleanup; } buffer->length = required; p = (unsigned char *)buffer->value; for (i = 0; i < tokens->buffers.count; i++) { gss_buffer_t tokenBuffer = &tokens->buffers.elements[i]; GSSEAP_ASSERT((tokens->types[i] & ITOK_FLAG_VERIFIED) == 0); /* private flag */ /* * Extensions are encoded as type-length-value, where the upper * bit of the type indicates criticality. */ store_uint32_be(tokens->types[i], &p[0]); store_uint32_be(tokenBuffer->length, &p[4]); memcpy(&p[8], tokenBuffer->value, tokenBuffer->length); p += 8 + tokenBuffer->length; } GSSEAP_ASSERT(p == (unsigned char *)buffer->value + required); GSSEAP_ASSERT(buffer->value != NULL); major = GSS_S_COMPLETE; *minor = 0; cleanup: if (GSS_ERROR(major)) { gss_release_buffer(&tmpMinor, buffer); } return major; } OM_uint32 gssEapDecodeInnerTokens(OM_uint32 *minor, const gss_buffer_t buffer, struct gss_eap_token_buffer_set *tokens) { OM_uint32 major, tmpMinor; unsigned char *p; size_t count = 0; size_t remain; tokens->buffers.count = 0; tokens->buffers.elements = NULL; tokens->types = NULL; if (buffer->length == 0) { major = GSS_S_COMPLETE; goto cleanup; } p = (unsigned char *)buffer->value; remain = buffer->length; do { OM_uint32 *ntypes; gss_buffer_desc tokenBuffer, *newTokenBuffers; if (remain < 8) { major = GSS_S_DEFECTIVE_TOKEN; *minor = GSSEAP_TOK_TRUNC; goto cleanup; } if (tokens->buffers.count <= count) { if (count == 0) count = 1; else count *= 2; ntypes = GSSEAP_MALLOC(count * sizeof(OM_uint32)); if (ntypes == NULL) { major = GSS_S_FAILURE; *minor = ENOMEM; goto cleanup; } if (tokens->types != NULL) { memcpy(ntypes, tokens->types, tokens->buffers.count * sizeof(OM_uint32)); GSSEAP_FREE(tokens->types); } tokens->types = ntypes; newTokenBuffers = GSSEAP_MALLOC(count * sizeof(gss_buffer_desc)); if (newTokenBuffers == NULL) { major = GSS_S_FAILURE; *minor = ENOMEM; goto cleanup; } if (tokens->buffers.elements != NULL) { memcpy(newTokenBuffers, tokens->buffers.elements, tokens->buffers.count * sizeof(gss_buffer_desc)); GSSEAP_FREE(tokens->buffers.elements); } tokens->buffers.elements = newTokenBuffers; } tokens->types[tokens->buffers.count] = load_uint32_be(&p[0]); tokenBuffer.length = load_uint32_be(&p[4]); if (remain < 8 + tokenBuffer.length) { major = GSS_S_DEFECTIVE_TOKEN; *minor = GSSEAP_TOK_TRUNC; goto cleanup; } tokenBuffer.value = &p[8]; tokens->buffers.elements[tokens->buffers.count] = tokenBuffer; tokens->buffers.count++; p += 8 + tokenBuffer.length; remain -= 8 + tokenBuffer.length; } while (remain != 0); major = GSS_S_COMPLETE; *minor = 0; cleanup: if (GSS_ERROR(major)) gssEapReleaseInnerTokens(&tmpMinor, tokens, 0); return major; } /* * $Id: util_token.c 23457 2009-12-08 00:04:48Z tlyu $ */ /* XXXX this code currently makes the assumption that a mech oid will never be longer than 127 bytes. This assumption is not inherent in the interfaces, so the code can be fixed if the OSI namespace balloons unexpectedly. */ /* * Each token looks like this: * 0x60 tag for APPLICATION 0, SEQUENCE * (constructed, definite-length) * possible multiple bytes, need to parse/generate * 0x06 tag for OBJECT IDENTIFIER * compile-time constant string (assume 1 byte) * compile-time constant string * the ANY containing the application token * bytes 0,1 are the token type * bytes 2,n are the token data * * Note that the token type field is a feature of RFC 1964 mechanisms and * is not used by other GSSAPI mechanisms. As such, a token type of -1 * is interpreted to mean that no token type should be expected or * generated. * * For the purposes of this abstraction, the token "header" consists of * the sequence tag and length octets, the mech OID DER encoding, and the * first two inner bytes, which indicate the token type. The token * "body" consists of everything else. */ static size_t der_length_size(size_t length) { if (length < (1<<7)) return 1; else if (length < (1<<8)) return 2; #if INT_MAX == 0x7fff else return 3; #else else if (length < (1<<16)) return 3; else if (length < (1<<24)) return 4; else return 5; #endif } static void der_write_length(unsigned char **buf, size_t length) { if (length < (1<<7)) { *(*buf)++ = (unsigned char)length; } else { *(*buf)++ = (unsigned char)(der_length_size(length)+127); #if INT_MAX > 0x7fff if (length >= (1<<24)) *(*buf)++ = (unsigned char)(length>>24); if (length >= (1<<16)) *(*buf)++ = (unsigned char)((length>>16)&0xff); #endif if (length >= (1<<8)) *(*buf)++ = (unsigned char)((length>>8)&0xff); *(*buf)++ = (unsigned char)(length&0xff); } } /* returns decoded length, or < 0 on failure. Advances buf and decrements bufsize */ static int der_read_length(unsigned char **buf, ssize_t *bufsize) { unsigned char sf; int ret; if (*bufsize < 1) return -1; sf = *(*buf)++; (*bufsize)--; if (sf & 0x80) { if ((sf &= 0x7f) > ((*bufsize)-1)) return -1; if (sf > sizeof(int)) return -1; ret = 0; for (; sf; sf--) { ret = (ret<<8) + (*(*buf)++); (*bufsize)--; } } else { ret = sf; } return ret; } /* returns the length of a token, given the mech oid and the body size */ size_t tokenSize(const gss_OID_desc *mech, size_t body_size) { GSSEAP_ASSERT(mech != GSS_C_NO_OID); /* set body_size to sequence contents size */ body_size += 4 + (size_t) mech->length; /* NEED overflow check */ return 1 + der_length_size(body_size) + body_size; } /* fills in a buffer with the token header. The buffer is assumed to be the right size. buf is advanced past the token header */ void makeTokenHeader( const gss_OID_desc *mech, size_t body_size, unsigned char **buf, enum gss_eap_token_type tok_type) { *(*buf)++ = 0x60; der_write_length(buf, 4 + mech->length + body_size); *(*buf)++ = 0x06; *(*buf)++ = (unsigned char)mech->length; memcpy(*buf, mech->elements, mech->length); *buf += mech->length; GSSEAP_ASSERT(tok_type != TOK_TYPE_NONE); *(*buf)++ = (unsigned char)((tok_type>>8) & 0xff); *(*buf)++ = (unsigned char)(tok_type & 0xff); } /* * Given a buffer containing a token, reads and verifies the token, * leaving buf advanced past the token header, and setting body_size * to the number of remaining bytes. Returns 0 on success, * G_BAD_TOK_HEADER for a variety of errors, and G_WRONG_MECH if the * mechanism in the token does not match the mech argument. buf and * *body_size are left unmodified on error. */ OM_uint32 verifyTokenHeader(OM_uint32 *minor, gss_OID mech, size_t *body_size, unsigned char **buf_in, size_t toksize_in, enum gss_eap_token_type *ret_tok_type) { unsigned char *buf = *buf_in; ssize_t seqsize; gss_OID_desc toid; ssize_t toksize = (ssize_t)toksize_in; *minor = GSSEAP_BAD_TOK_HEADER; if (ret_tok_type != NULL) *ret_tok_type = TOK_TYPE_NONE; if ((toksize -= 1) < 0) return GSS_S_DEFECTIVE_TOKEN; if (*buf++ != 0x60) return GSS_S_DEFECTIVE_TOKEN; seqsize = der_read_length(&buf, &toksize); if (seqsize < 0) return GSS_S_DEFECTIVE_TOKEN; if (seqsize != toksize) return GSS_S_DEFECTIVE_TOKEN; if ((toksize -= 1) < 0) return GSS_S_DEFECTIVE_TOKEN; if (*buf++ != 0x06) return GSS_S_DEFECTIVE_TOKEN; if ((toksize -= 1) < 0) return GSS_S_DEFECTIVE_TOKEN; toid.length = *buf++; if ((toksize -= toid.length) < 0) return GSS_S_DEFECTIVE_TOKEN; toid.elements = buf; buf += toid.length; if (mech->elements == NULL) { *mech = toid; if (toid.length == 0) return GSS_S_BAD_MECH; } else if (!oidEqual(&toid, mech)) { *minor = GSSEAP_WRONG_MECH; return GSS_S_BAD_MECH; } if (ret_tok_type != NULL) { if ((toksize -= 2) < 0) return GSS_S_DEFECTIVE_TOKEN; *ret_tok_type = load_uint16_be(buf); buf += 2; } *buf_in = buf; *body_size = toksize; *minor = 0; return GSS_S_COMPLETE; } OM_uint32 gssEapAllocInnerTokens(OM_uint32 *minor, size_t count, struct gss_eap_token_buffer_set *tokens) { OM_uint32 major; tokens->buffers.count = 0; tokens->buffers.elements = (gss_buffer_desc *)GSSEAP_CALLOC(count, sizeof(gss_buffer_desc)); if (tokens->buffers.elements == NULL) { major = GSS_S_FAILURE; *minor = ENOMEM; goto cleanup; } tokens->types = (OM_uint32 *)GSSEAP_CALLOC(count, sizeof(OM_uint32)); if (tokens->types == NULL) { major = GSS_S_FAILURE; *minor = ENOMEM; goto cleanup; } major = GSS_S_COMPLETE; *minor = 0; cleanup: if (GSS_ERROR(major)) { if (tokens->buffers.elements != NULL) { GSSEAP_FREE(tokens->buffers.elements); tokens->buffers.elements = NULL; } if (tokens->types != NULL) { GSSEAP_FREE(tokens->types); tokens->types = NULL; } } return major; } OM_uint32 gssEapReleaseInnerTokens(OM_uint32 *minor, struct gss_eap_token_buffer_set *tokens, int freeBuffers) { OM_uint32 tmpMinor; size_t i; if (tokens->buffers.elements != NULL) { if (freeBuffers) { for (i = 0; i < tokens->buffers.count; i++) gss_release_buffer(&tmpMinor, &tokens->buffers.elements[i]); } GSSEAP_FREE(tokens->buffers.elements); tokens->buffers.elements = NULL; } tokens->buffers.count = 0; if (tokens->types != NULL) { GSSEAP_FREE(tokens->types); tokens->types = NULL; } *minor = 0; return GSS_S_COMPLETE; } mech_eap-0.9.2/mech_eap/query_mechanism_info.c0000644001755200017500000000461412406014472016331 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * */ #include "gssapiP_eap.h" OM_uint32 gssQueryMechanismInfo(OM_uint32 *minor, gss_const_OID mech_oid, unsigned char auth_scheme[16]) { OM_uint32 major; krb5_enctype enctype; major = gssEapOidToEnctype(minor, (const gss_OID)mech_oid, &enctype); if (GSS_ERROR(major)) return major; /* the enctype is encoded in the increasing part of the GUID */ memcpy(auth_scheme, "\x39\xd7\x7d\x00\xe5\x00\x11\xe0\xac\x64\xcd\x53\x46\x50\xac\xb9", 16); auth_scheme[3] = (unsigned char)enctype; *minor = 0; return GSS_S_COMPLETE; } OM_uint32 GSSAPI_CALLCONV gss_query_mechanism_info(OM_uint32 *minor, gss_const_OID mech_oid, unsigned char auth_scheme[16]) { return gssQueryMechanismInfo(minor, mech_oid, auth_scheme); } mech_eap-0.9.2/mech_eap/mech0000644001755200017500000000040212406014476012613 00000000000000# # Sample mechanism glue configuration for EAP GSS mechanism. # # Any encryption type supported by Kerberos can be defined as the # last element of the OID arc. # eap-aes128 1.3.6.1.5.5.15.1.1.17 mech_eap.so eap-aes256 1.3.6.1.5.5.15.1.1.18 mech_eap.so mech_eap-0.9.2/mech_eap/util_lucid.c0000644001755200017500000001234112406014472014256 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * "Lucid" security context export routine (called by MIT Kerberos mechanism). */ #include "gssapiP_eap.h" OM_uint32 gssEapExportLucidSecContext(OM_uint32 *minor, gss_ctx_id_t ctx, const gss_OID desiredObject GSSEAP_UNUSED, gss_buffer_set_t *data_set) { OM_uint32 major = GSS_S_COMPLETE; int haveAcceptorSubkey = ((rfc4121Flags(ctx, 0) & TOK_FLAG_ACCEPTOR_SUBKEY) != 0); gss_buffer_desc rep; #ifdef HAVE_HEIMDAL_VERSION krb5_error_code code; krb5_storage *sp; krb5_data data = { 0 }; sp = krb5_storage_emem(); if (sp == NULL) { code = ENOMEM; goto cleanup; } code = krb5_store_int32(sp, 1); /* version */ if (code != 0) goto cleanup; code = krb5_store_int32(sp, CTX_IS_INITIATOR(ctx)); if (code != 0) goto cleanup; code = krb5_store_int32(sp, ctx->expiryTime); if (code != 0) goto cleanup; code = krb5_store_int32(sp, 0); if (code != 0) goto cleanup; code = krb5_store_int32(sp, ctx->sendSeq); if (code != 0) goto cleanup; code = krb5_store_int32(sp, 0); if (code != 0) goto cleanup; code = krb5_store_int32(sp, ctx->recvSeq); if (code != 0) goto cleanup; code = krb5_store_int32(sp, 1); /* is_cfx */ if (code != 0) goto cleanup; code = krb5_store_int32(sp, haveAcceptorSubkey); if (code != 0) goto cleanup; code = krb5_store_keyblock(sp, ctx->rfc3961Key); if (code != 0) goto cleanup; if (haveAcceptorSubkey) { code = krb5_store_keyblock(sp, ctx->rfc3961Key); if (code != 0) goto cleanup; } code = krb5_storage_to_data(sp, &data); if (code != 0) goto cleanup; rep.length = data.length; rep.value = data.data; major = gss_add_buffer_set_member(minor, &rep, data_set); if (GSS_ERROR(major)) goto cleanup; cleanup: krb5_data_free(&data); if (major == GSS_S_COMPLETE) { *minor = code; major = (code != 0) ? GSS_S_FAILURE : GSS_S_COMPLETE; } return major; #else gss_krb5_lucid_context_v1_t *lctx; gss_krb5_lucid_key_t *lkey = NULL; lctx = (gss_krb5_lucid_context_v1_t *)GSSEAP_CALLOC(1, sizeof(*lctx)); if (lctx == NULL) { major = GSS_S_FAILURE; *minor = ENOMEM; goto cleanup; } lctx->version = 1; lctx->initiate = CTX_IS_INITIATOR(ctx); if (ctx->expiryTime == 0) lctx->endtime = KRB_TIME_FOREVER; else lctx->endtime = ctx->expiryTime; lctx->send_seq = ctx->sendSeq; lctx->recv_seq = ctx->recvSeq; lctx->protocol = 1; lctx->cfx_kd.have_acceptor_subkey = haveAcceptorSubkey; lkey = haveAcceptorSubkey ? &lctx->cfx_kd.acceptor_subkey : &lctx->cfx_kd.ctx_key; lkey->type = KRB_KEY_TYPE(&ctx->rfc3961Key); lkey->data = GSSEAP_MALLOC(KRB_KEY_LENGTH(&ctx->rfc3961Key)); if (lkey->data == NULL) { major = GSS_S_FAILURE; *minor = ENOMEM; goto cleanup; } lkey->length = KRB_KEY_LENGTH(&ctx->rfc3961Key); memcpy(lkey->data, KRB_KEY_DATA(&ctx->rfc3961Key), lkey->length); rep.value = &lctx; rep.length = sizeof(void *); major = gss_add_buffer_set_member(minor, &rep, data_set); if (GSS_ERROR(major)) goto cleanup; cleanup: if (GSS_ERROR(major)) { if (lctx != NULL) { if (lkey != NULL && lkey->data != NULL) { memset(lkey->data, 0, lkey->length); GSSEAP_FREE(lkey->data); } GSSEAP_FREE(lctx); } } return major; #endif /* HAVE_HEIMDAL_VERSION */ } mech_eap-0.9.2/mech_eap/process_context_token.c0000644001755200017500000000477412406014472016556 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "gssapiP_eap.h" OM_uint32 GSSAPI_CALLCONV gss_process_context_token(OM_uint32 *minor, gss_ctx_id_t ctx, gss_buffer_t token_buffer) { OM_uint32 major; gss_iov_buffer_desc iov[1]; *minor = 0; if (ctx == NULL) { *minor = EINVAL; return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CONTEXT; } GSSEAP_MUTEX_LOCK(&ctx->mutex); if (!CTX_IS_ESTABLISHED(ctx)) { GSSEAP_MUTEX_UNLOCK(&ctx->mutex); *minor = GSSEAP_CONTEXT_INCOMPLETE; return GSS_S_NO_CONTEXT; } iov[0].type = GSS_IOV_BUFFER_TYPE_HEADER; iov[0].buffer = *token_buffer; major = gssEapUnwrapOrVerifyMIC(minor, ctx, NULL, NULL, iov, 1, TOK_TYPE_DELETE_CONTEXT); if (GSS_ERROR(major)) { GSSEAP_MUTEX_UNLOCK(&ctx->mutex); return major; } GSSEAP_MUTEX_UNLOCK(&ctx->mutex); return gssEapReleaseContext(minor, &ctx); } mech_eap-0.9.2/mech_eap/util_base64.c0000644001755200017500000000763712406014472014256 00000000000000/* * Copyright (c) 1995-2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "gssapiP_eap.h" static const char base64_chars[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; static int pos(char c) { const char *p; for (p = base64_chars; *p; p++) if (*p == c) return p - base64_chars; return -1; } ssize_t base64Encode(const void *data, int size, char **str) { char *s, *p; int i; int c; const unsigned char *q; if (size > INT_MAX/4 || size < 0) { *str = NULL; return -1; } p = s = (char *)GSSEAP_MALLOC(BASE64_EXPAND(size)); if (p == NULL) { *str = NULL; return -1; } q = (const unsigned char *) data; for (i = 0; i < size;) { c = q[i++]; c *= 256; if (i < size) c += q[i]; i++; c *= 256; if (i < size) c += q[i]; i++; p[0] = base64_chars[(c & 0x00fc0000) >> 18]; p[1] = base64_chars[(c & 0x0003f000) >> 12]; p[2] = base64_chars[(c & 0x00000fc0) >> 6]; p[3] = base64_chars[(c & 0x0000003f) >> 0]; if (i > size) p[3] = '='; if (i > size + 1) p[2] = '='; p += 4; } *p = 0; *str = s; return strlen(s); } #define DECODE_ERROR 0xffffffff static unsigned int token_decode(const char *token) { int i; unsigned int val = 0; int marker = 0; if (strlen(token) < 4) return DECODE_ERROR; for (i = 0; i < 4; i++) { val *= 64; if (token[i] == '=') marker++; else if (marker > 0) return DECODE_ERROR; else val += pos(token[i]); } if (marker > 2) return DECODE_ERROR; return (marker << 24) | val; } ssize_t base64Decode(const char *str, void *data) { const char *p; unsigned char *q; q = data; p = str; while (*p && *p && (*p == '=' || strchr(base64_chars, *p))) { unsigned int val = token_decode(p); unsigned int marker = (val >> 24) & 0xff; if (val == DECODE_ERROR) return -1; *q++ = (val >> 16) & 0xff; if (marker < 2) *q++ = (val >> 8) & 0xff; if (marker < 1) *q++ = val & 0xff; p += 4; if (*p == '\n') p++; } return q - (unsigned char *) data; } int base64Valid(const char *str) { const char *p = str; int valid = 1; while (*p && *p && (*p == '=' || strchr(base64_chars, *p))) { unsigned int val = token_decode(p); if (val == DECODE_ERROR) { valid = 0; break; } p += 4; if (*p == '\n') p++; } return valid; } mech_eap-0.9.2/mech_eap/util_oid.c0000644001755200017500000001345712406014472013742 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * Copyright 1995-2010 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright * notice appear in all copies and that both that copyright notice and * this permission notice appear in supporting documentation, and that * the name of M.I.T. not be used in advertising or publicity pertaining * to distribution of the software without specific, written prior * permission. Furthermore if you modify this software you must label * your software as modified software and not distribute it in such a * fashion that it might be confused with the original M.I.T. software. * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. * */ /* * OID utility routines. */ #include "gssapiP_eap.h" OM_uint32 duplicateOid(OM_uint32 *minor, const gss_OID_desc * const oid, gss_OID *newOid) { gss_OID p; *newOid = GSS_C_NO_OID; p = (gss_OID)GSSEAP_MALLOC(sizeof(*p)); if (p == NULL) { *minor = ENOMEM; return GSS_S_FAILURE; } p->length = oid->length; p->elements = GSSEAP_MALLOC(p->length); if (p->elements == NULL) { GSSEAP_FREE(p); *minor = ENOMEM; return GSS_S_FAILURE; } memcpy(p->elements, oid->elements, p->length); *newOid = p; *minor = 0; return GSS_S_COMPLETE; } /* Compose an OID of a prefix and an integer suffix */ OM_uint32 composeOid(OM_uint32 *minor, const char *prefix, size_t prefix_len, int suffix, gss_OID_desc *oid) { int osuffix, i; size_t nbytes; unsigned char *op; if (oid == GSS_C_NO_OID) { *minor = EINVAL; return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_FAILURE; } if (oid->length < prefix_len) { *minor = GSSEAP_WRONG_SIZE; return GSS_S_FAILURE; } memcpy(oid->elements, prefix, prefix_len); nbytes = 0; osuffix = suffix; while (suffix) { nbytes++; suffix >>= 7; } suffix = osuffix; if (oid->length < prefix_len + nbytes) { *minor = GSSEAP_WRONG_SIZE; return GSS_S_FAILURE; } op = (unsigned char *) oid->elements + prefix_len + nbytes; i = -1; while (suffix) { op[i] = (unsigned char)suffix & 0x7f; if (i != -1) op[i] |= 0x80; i--; suffix >>= 7; } oid->length = prefix_len + nbytes; *minor = 0; return GSS_S_COMPLETE; } OM_uint32 decomposeOid(OM_uint32 *minor, const char *prefix, size_t prefix_len, gss_OID_desc *oid, int *suffix) { size_t i, slen; unsigned char *op; if (oid->length < prefix_len || memcmp(oid->elements, prefix, prefix_len) != 0) { return GSS_S_BAD_MECH; } op = (unsigned char *) oid->elements + prefix_len; *suffix = 0; slen = oid->length - prefix_len; for (i = 0; i < slen; i++) { *suffix = (*suffix << 7) | (op[i] & 0x7f); if (i + 1 != slen && (op[i] & 0x80) == 0) { *minor = GSSEAP_WRONG_SIZE; return GSS_S_FAILURE; } } return GSS_S_COMPLETE; } OM_uint32 duplicateOidSet(OM_uint32 *minor, const gss_OID_set src, gss_OID_set *dst) { OM_uint32 major, tmpMinor; int i; if (src == GSS_C_NO_OID_SET) { *dst = GSS_C_NO_OID_SET; return GSS_S_COMPLETE; } major = gss_create_empty_oid_set(minor, dst); if (GSS_ERROR(major)) return major; for (i = 0; i < src->count; i++) { gss_OID oid = &src->elements[i]; major = gss_add_oid_set_member(minor, oid, dst); if (GSS_ERROR(major)) break; } if (GSS_ERROR(major)) gss_release_oid_set(&tmpMinor, dst); return major; } mech_eap-0.9.2/mech_eap/add_cred_with_password.c0000644001755200017500000000666412406014472016636 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * Wrapper for acquiring a credential handle using a password. */ #include "gssapiP_eap.h" OM_uint32 GSSAPI_CALLCONV gss_add_cred_with_password(OM_uint32 *minor, const gss_cred_id_t input_cred_handle GSSEAP_UNUSED, const gss_name_t desired_name, const gss_OID desired_mech, const gss_buffer_t password, gss_cred_usage_t cred_usage, OM_uint32 initiator_time_req, OM_uint32 acceptor_time_req, gss_cred_id_t *output_cred_handle, gss_OID_set *actual_mechs, OM_uint32 *initiator_time_rec, OM_uint32 *acceptor_time_rec) { OM_uint32 major, tmpMinor; OM_uint32 time_req, time_rec = 0; gss_OID_set_desc mechs; *minor = 0; *output_cred_handle = GSS_C_NO_CREDENTIAL; if (cred_usage == GSS_C_ACCEPT) time_req = acceptor_time_req; else time_req = initiator_time_req; mechs.count = 1; mechs.elements = desired_mech; major = gssEapAcquireCred(minor, desired_name, time_req, &mechs, cred_usage, output_cred_handle, actual_mechs, &time_rec); if (GSS_ERROR(major)) goto cleanup; major = gssEapSetCredPassword(minor, *output_cred_handle, password); if (GSS_ERROR(major)) goto cleanup; if (initiator_time_rec != NULL) *initiator_time_rec = time_rec; if (acceptor_time_rec != NULL) *acceptor_time_rec = time_rec; cleanup: if (GSS_ERROR(major)) gssEapReleaseCred(&tmpMinor, output_cred_handle); return major; } mech_eap-0.9.2/mech_eap/inquire_context.c0000644001755200017500000000733312406014472015346 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * Return context handle properties. */ #include "gssapiP_eap.h" OM_uint32 GSSAPI_CALLCONV gss_inquire_context(OM_uint32 *minor, gss_ctx_id_t ctx, gss_name_t *src_name, gss_name_t *targ_name, OM_uint32 *lifetime_rec, gss_OID *mech_type, OM_uint32 *ctx_flags, int *locally_initiated, int *open) { OM_uint32 major, tmpMinor; if (ctx == GSS_C_NO_CONTEXT) { *minor = EINVAL; return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CONTEXT; } GSSEAP_MUTEX_LOCK(&ctx->mutex); if (src_name != NULL) { if (ctx->initiatorName != GSS_C_NO_NAME) { major = gssEapDuplicateName(minor, ctx->initiatorName, src_name); if (GSS_ERROR(major)) goto cleanup; } else *src_name = GSS_C_NO_NAME; } if (targ_name != NULL) { if (ctx->acceptorName != GSS_C_NO_NAME) { major = gssEapDuplicateName(minor, ctx->acceptorName, targ_name); if (GSS_ERROR(major)) goto cleanup; } else *targ_name = GSS_C_NO_NAME; } if (lifetime_rec != NULL) { time_t now, lifetime; if (ctx->expiryTime == 0) { lifetime = GSS_C_INDEFINITE; } else { now = time(NULL); lifetime = now - ctx->expiryTime; if (lifetime < 0) lifetime = 0; } *lifetime_rec = lifetime; } if (mech_type != NULL) { major = gssEapCanonicalizeOid(minor, ctx->mechanismUsed, 0, mech_type); if (GSS_ERROR(major)) goto cleanup; } if (ctx_flags != NULL) { *ctx_flags = ctx->gssFlags; } if (locally_initiated != NULL) { *locally_initiated = CTX_IS_INITIATOR(ctx); } if (open != NULL) { *open = CTX_IS_ESTABLISHED(ctx); } major = GSS_S_COMPLETE; *minor = 0; cleanup: GSSEAP_MUTEX_UNLOCK(&ctx->mutex); if (GSS_ERROR(major)) { gssEapReleaseName(&tmpMinor, src_name); gssEapReleaseName(&tmpMinor, targ_name); } return major; } mech_eap-0.9.2/mech_eap/util_sm.c0000644001755200017500000003152412406014472013601 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * Context establishment state machine. */ #include "gssapiP_eap.h" /* private flags */ #define SM_FLAG_TRANSITED 0x80000000 #define SM_ASSERT_VALID(ctx, status) do { \ GSSEAP_ASSERT(GSS_ERROR((status)) || \ ((status) == GSS_S_CONTINUE_NEEDED && ((ctx)->state > GSSEAP_STATE_INITIAL && (ctx)->state < GSSEAP_STATE_ESTABLISHED)) || \ ((status) == GSS_S_COMPLETE && (ctx)->state == GSSEAP_STATE_ESTABLISHED)); \ } while (0) #ifdef GSSEAP_DEBUG static const char * gssEapStateToString(enum gss_eap_state state) { const char *s; switch (state) { case GSSEAP_STATE_INITIAL: s = "INITIAL"; break; case GSSEAP_STATE_AUTHENTICATE: s = "AUTHENTICATE"; break; case GSSEAP_STATE_INITIATOR_EXTS: s = "INITIATOR_EXTS"; break; case GSSEAP_STATE_ACCEPTOR_EXTS: s = "ACCEPTOR_EXTS"; break; #ifdef GSSEAP_ENABLE_REAUTH case GSSEAP_STATE_REAUTHENTICATE: s = "REAUTHENTICATE"; break; #endif case GSSEAP_STATE_ESTABLISHED: s = "ESTABLISHED"; break; default: s = "INVALID"; break; } return s; } void gssEapSmTransition(gss_ctx_id_t ctx, enum gss_eap_state state) { GSSEAP_ASSERT(state >= GSSEAP_STATE_INITIAL); GSSEAP_ASSERT(state <= GSSEAP_STATE_ESTABLISHED); fprintf(stderr, "GSS-EAP: state transition %s->%s\n", gssEapStateToString(GSSEAP_SM_STATE(ctx)), gssEapStateToString(state)); ctx->state = state; } #endif /* GSSEAP_DEBUG */ static OM_uint32 makeErrorToken(OM_uint32 *minor, OM_uint32 majorStatus, OM_uint32 minorStatus, struct gss_eap_token_buffer_set *token) { OM_uint32 major, tmpMinor; unsigned char errorData[8]; gss_buffer_desc errorBuffer; GSSEAP_ASSERT(GSS_ERROR(majorStatus)); /* * Only return error codes that the initiator could have caused, * to avoid information leakage. */ if (IS_RADIUS_ERROR(minorStatus)) { /* Squash RADIUS error codes */ minorStatus = GSSEAP_RADIUS_PROT_FAILURE; } else if (!IS_WIRE_ERROR(minorStatus)) { /* Don't return non-wire error codes */ return GSS_S_COMPLETE; } minorStatus -= ERROR_TABLE_BASE_eapg; store_uint32_be(majorStatus, &errorData[0]); store_uint32_be(minorStatus, &errorData[4]); major = gssEapAllocInnerTokens(&tmpMinor, 1, token); if (GSS_ERROR(major)) { *minor = tmpMinor; return major; } errorBuffer.length = sizeof(errorData); errorBuffer.value = errorData; major = duplicateBuffer(&tmpMinor, &errorBuffer, &token->buffers.elements[0]); if (GSS_ERROR(major)) { gssEapReleaseInnerTokens(&tmpMinor, token, 1); *minor = tmpMinor; return major; } token->buffers.count = 1; token->types[0] = ITOK_TYPE_CONTEXT_ERR | ITOK_FLAG_CRITICAL; *minor = 0; return GSS_S_COMPLETE; } OM_uint32 gssEapSmStep(OM_uint32 *minor, gss_cred_id_t cred, gss_ctx_id_t ctx, gss_name_t target, gss_OID mech, OM_uint32 reqFlags, OM_uint32 timeReq, gss_channel_bindings_t chanBindings, gss_buffer_t inputToken, gss_buffer_t outputToken, struct gss_eap_sm *sm, /* ordered by state */ size_t smCount) { OM_uint32 major, tmpMajor, tmpMinor; struct gss_eap_token_buffer_set inputTokens = { { 0, GSS_C_NO_BUFFER }, NULL }; struct gss_eap_token_buffer_set outputTokens = { { 0, GSS_C_NO_BUFFER }, NULL }; gss_buffer_desc unwrappedInputToken = GSS_C_EMPTY_BUFFER; gss_buffer_desc unwrappedOutputToken = GSS_C_EMPTY_BUFFER; unsigned int smFlags = 0; size_t i, j; int initialContextToken = 0; enum gss_eap_token_type tokType; GSSEAP_ASSERT(smCount > 0); *minor = 0; outputToken->length = 0; outputToken->value = NULL; if (inputToken != GSS_C_NO_BUFFER && inputToken->length != 0) { major = gssEapVerifyToken(minor, ctx, inputToken, &tokType, &unwrappedInputToken); if (GSS_ERROR(major)) goto cleanup; if (tokType != (CTX_IS_INITIATOR(ctx) ? TOK_TYPE_ACCEPTOR_CONTEXT : TOK_TYPE_INITIATOR_CONTEXT)) { major = GSS_S_DEFECTIVE_TOKEN; *minor = GSSEAP_WRONG_TOK_ID; goto cleanup; } } else if (!CTX_IS_INITIATOR(ctx) || ctx->state != GSSEAP_STATE_INITIAL) { major = GSS_S_DEFECTIVE_TOKEN; *minor = GSSEAP_WRONG_SIZE; goto cleanup; } else { initialContextToken = 1; } if (CTX_IS_ESTABLISHED(ctx)) { major = GSS_S_BAD_STATUS; *minor = GSSEAP_CONTEXT_ESTABLISHED; goto cleanup; } GSSEAP_ASSERT(ctx->state < GSSEAP_STATE_ESTABLISHED); major = gssEapDecodeInnerTokens(minor, &unwrappedInputToken, &inputTokens); if (GSS_ERROR(major)) goto cleanup; major = gssEapAllocInnerTokens(minor, smCount, &outputTokens); if (GSS_ERROR(major)) goto cleanup; ctx->inputTokens = &inputTokens; ctx->outputTokens = &outputTokens; /* Process all the tokens that are valid for the current state. */ for (i = 0; i < smCount; i++) { struct gss_eap_sm *smp = &sm[i]; int processToken = 0; gss_buffer_t innerInputToken = GSS_C_NO_BUFFER; OM_uint32 *inputTokenType = NULL; gss_buffer_desc innerOutputToken = GSS_C_EMPTY_BUFFER; if ((smp->validStates & ctx->state) == 0) continue; /* * We special case the first call to gss_init_sec_context so that * all token providers have the opportunity to generate an initial * context token. Providers where inputTokenType is ITOK_TYPE_NONE * are always called and generally act on state transition boundaries, * for example to advance the state after a series of optional tokens * (as is the case with the extension token exchange) or to generate * a new token after the state was advanced by a provider which did * not emit a token. */ if (smp->inputTokenType == ITOK_TYPE_NONE || initialContextToken) { processToken = 1; } else if ((smFlags & SM_FLAG_TRANSITED) == 0) { /* Don't regurgitate a token which belonds to a previous state. */ for (j = 0; j < inputTokens.buffers.count; j++) { if ((inputTokens.types[j] & ITOK_TYPE_MASK) == smp->inputTokenType) { if (processToken) { /* Check for duplicate inner tokens */ major = GSS_S_DEFECTIVE_TOKEN; *minor = GSSEAP_DUPLICATE_ITOK; break; } processToken = 1; innerInputToken = &inputTokens.buffers.elements[j]; inputTokenType = &inputTokens.types[j]; } } if (GSS_ERROR(major)) break; } if (processToken) { enum gss_eap_state oldState = ctx->state; smFlags = 0; if (inputTokenType != NULL && (*inputTokenType & ITOK_FLAG_CRITICAL)) smFlags |= SM_FLAG_INPUT_TOKEN_CRITICAL; major = smp->processToken(minor, cred, ctx, target, mech, reqFlags, timeReq, chanBindings, innerInputToken, &innerOutputToken, &smFlags); if (GSS_ERROR(major)) break; if (inputTokenType != NULL) *inputTokenType |= ITOK_FLAG_VERIFIED; if (ctx->state < oldState) i = 0; /* restart */ else if (ctx->state != oldState) smFlags |= SM_FLAG_TRANSITED; if (innerOutputToken.value != NULL) { outputTokens.buffers.elements[outputTokens.buffers.count] = innerOutputToken; GSSEAP_ASSERT(smp->outputTokenType != ITOK_TYPE_NONE); outputTokens.types[outputTokens.buffers.count] = smp->outputTokenType; if (smFlags & SM_FLAG_OUTPUT_TOKEN_CRITICAL) outputTokens.types[outputTokens.buffers.count] |= ITOK_FLAG_CRITICAL; outputTokens.buffers.count++; } /* * Break out if we made a state transition and have some tokens to send. */ if ((smFlags & SM_FLAG_TRANSITED) && ((smFlags & SM_FLAG_FORCE_SEND_TOKEN) || outputTokens.buffers.count != 0)) { SM_ASSERT_VALID(ctx, major); break; } } else if ((smp->itokFlags & SM_ITOK_FLAG_REQUIRED) && smp->inputTokenType != ITOK_TYPE_NONE) { /* Check for required inner tokens */ major = GSS_S_DEFECTIVE_TOKEN; *minor = GSSEAP_MISSING_REQUIRED_ITOK; break; } } GSSEAP_ASSERT(outputTokens.buffers.count <= smCount); /* Check we understood all critical tokens sent by peer */ if (!GSS_ERROR(major)) { for (j = 0; j < inputTokens.buffers.count; j++) { if ((inputTokens.types[j] & ITOK_FLAG_CRITICAL) && (inputTokens.types[j] & ITOK_FLAG_VERIFIED) == 0) { major = GSS_S_UNAVAILABLE; *minor = GSSEAP_CRIT_ITOK_UNAVAILABLE; goto cleanup; } } } /* Optionaly emit an error token if we are the acceptor */ if (GSS_ERROR(major)) { if (CTX_IS_INITIATOR(ctx)) goto cleanup; /* return error directly to caller */ /* replace any emitted tokens with error token */ gssEapReleaseInnerTokens(&tmpMinor, &outputTokens, 1); tmpMajor = makeErrorToken(&tmpMinor, major, *minor, &outputTokens); if (GSS_ERROR(tmpMajor)) { major = tmpMajor; *minor = tmpMinor; goto cleanup; } } /* Format output token from inner tokens */ if (outputTokens.buffers.count != 0 || /* inner tokens to send */ !CTX_IS_INITIATOR(ctx) || /* any leg acceptor */ !CTX_IS_ESTABLISHED(ctx)) { /* non-last leg initiator */ tmpMajor = gssEapEncodeInnerTokens(&tmpMinor, &outputTokens, &unwrappedOutputToken); if (tmpMajor == GSS_S_COMPLETE) { if (CTX_IS_INITIATOR(ctx)) tokType = TOK_TYPE_INITIATOR_CONTEXT; else tokType = TOK_TYPE_ACCEPTOR_CONTEXT; tmpMajor = gssEapMakeToken(&tmpMinor, ctx, &unwrappedOutputToken, tokType, outputToken); if (GSS_ERROR(tmpMajor)) { major = tmpMajor; *minor = tmpMinor; goto cleanup; } } } /* If the context is established, empty tokens only to be emitted by initiator */ GSSEAP_ASSERT(!CTX_IS_ESTABLISHED(ctx) || ((outputToken->length == 0) == CTX_IS_INITIATOR(ctx))); SM_ASSERT_VALID(ctx, major); cleanup: gssEapReleaseInnerTokens(&tmpMinor, &inputTokens, 0); gssEapReleaseInnerTokens(&tmpMinor, &inputTokens, 1); gss_release_buffer(&tmpMinor, &unwrappedOutputToken); ctx->inputTokens = NULL; ctx->outputTokens = NULL; return major; } mech_eap-0.9.2/mech_eap/inquire_mech_for_saslname.c0000644001755200017500000000601412406014472017322 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * Map mechanism OID to a SASL mechanism name. */ #include "gssapiP_eap.h" OM_uint32 GSSAPI_CALLCONV gss_inquire_saslname_for_mech(OM_uint32 *minor, const gss_OID mech, gss_buffer_t sasl_mech_name, gss_buffer_t mech_name, gss_buffer_t mech_description) { OM_uint32 major; gss_buffer_t name; krb5_enctype etype = ENCTYPE_NULL; /* Dynamically construct mechanism name from Kerberos string enctype */ major = gssEapOidToEnctype(minor, mech, &etype); if (GSS_ERROR(major)) return major; if (mech_name != GSS_C_NO_BUFFER) { krb5_context krbContext; GSSEAP_KRB_INIT(&krbContext); *minor = krbEnctypeToString(krbContext, etype, "eap-", mech_name); if (*minor != 0) return GSS_S_FAILURE; } if (mech_description != GSS_C_NO_BUFFER) { major = makeStringBuffer(minor, "Extensible Authentication Protocol GSS-API Mechanism", mech_description); if (GSS_ERROR(major)) return major; } if (sasl_mech_name != GSS_C_NO_BUFFER) { name = gssEapOidToSaslName(mech); if (name == GSS_C_NO_BUFFER) { major = GSS_S_BAD_MECH; *minor = GSSEAP_WRONG_MECH; } else { major = duplicateBuffer(minor, name, sasl_mech_name); } } return major; } mech_eap-0.9.2/mech_eap/util_attr.h0000644001755200017500000002735112406014472014144 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * Attribute provider interface. */ #ifndef _UTIL_ATTR_H_ #define _UTIL_ATTR_H_ 1 #ifdef __cplusplus #include #include using namespace gss_eap_util; struct gss_eap_attr_provider; struct gss_eap_attr_ctx; typedef bool (*gss_eap_attr_enumeration_cb)(const gss_eap_attr_ctx *ctx, const gss_eap_attr_provider *source, const gss_buffer_t attribute, void *data); #define ATTR_TYPE_RADIUS 0U /* RADIUS AVPs */ #ifdef HAVE_OPENSAML #define ATTR_TYPE_SAML_ASSERTION 1U /* SAML assertion */ #define ATTR_TYPE_SAML 2U /* SAML attributes */ #endif #define ATTR_TYPE_LOCAL 3U /* Local attributes */ #define ATTR_TYPE_MIN ATTR_TYPE_RADIUS #define ATTR_TYPE_MAX ATTR_TYPE_LOCAL #define ATTR_FLAG_DISABLE_LOCAL 0x00000001 /* * Attribute provider: this represents a source of attributes derived * from the security context. */ struct gss_eap_attr_provider { public: gss_eap_attr_provider(void) {} virtual ~gss_eap_attr_provider(void) {} bool initWithManager(const gss_eap_attr_ctx *manager) { m_manager = manager; return true; } virtual bool initWithExistingContext(const gss_eap_attr_ctx *manager, const gss_eap_attr_provider *ctx GSSEAP_UNUSED) { return initWithManager(manager); } virtual bool initWithGssContext(const gss_eap_attr_ctx *manager, const gss_cred_id_t cred GSSEAP_UNUSED, const gss_ctx_id_t ctx GSSEAP_UNUSED) { return initWithManager(manager); } virtual bool getAttributeTypes(gss_eap_attr_enumeration_cb GSSEAP_UNUSED, void *data GSSEAP_UNUSED) const { return false; } virtual bool setAttribute(int complete GSSEAP_UNUSED, const gss_buffer_t attr GSSEAP_UNUSED, const gss_buffer_t value GSSEAP_UNUSED) { return false; } virtual bool deleteAttribute(const gss_buffer_t value GSSEAP_UNUSED) { return false; } virtual bool getAttribute(const gss_buffer_t attr GSSEAP_UNUSED, int *authenticated GSSEAP_UNUSED, int *complete GSSEAP_UNUSED, gss_buffer_t value GSSEAP_UNUSED, gss_buffer_t display_value GSSEAP_UNUSED, int *more GSSEAP_UNUSED) const { return false; } virtual gss_any_t mapToAny(int authenticated GSSEAP_UNUSED, gss_buffer_t type_id GSSEAP_UNUSED) const { return NULL; } virtual void releaseAnyNameMapping(gss_buffer_t type_id GSSEAP_UNUSED, gss_any_t input GSSEAP_UNUSED) const { } /* prefix to be prepended to attributes emitted by gss_get_name_attribute */ virtual const char *prefix(void) const { return NULL; } /* optional key for storing JSON dictionary */ virtual const char *name(void) const { return NULL; } virtual bool initWithJsonObject(const gss_eap_attr_ctx *manager, JSONObject &object GSSEAP_UNUSED) { return initWithManager(manager); } virtual JSONObject jsonRepresentation(void) const { return JSONObject::null(); } virtual time_t getExpiryTime(void) const { return 0; } virtual OM_uint32 mapException(OM_uint32 *minor GSSEAP_UNUSED, std::exception &e GSSEAP_UNUSED) const { return GSS_S_CONTINUE_NEEDED; } static bool init(void) { return true; } static void finalize(void) {} static gss_eap_attr_provider *createAttrContext(void) { return NULL; } protected: const gss_eap_attr_ctx *m_manager; private: /* make non-copyable */ gss_eap_attr_provider(const gss_eap_attr_provider&); gss_eap_attr_provider& operator=(const gss_eap_attr_provider&); }; typedef gss_eap_attr_provider *(*gss_eap_attr_create_provider)(void); /* * Attribute context: this manages a set of providers for a given * security context. */ struct gss_eap_attr_ctx { public: gss_eap_attr_ctx(void); ~gss_eap_attr_ctx(void); bool initWithExistingContext(const gss_eap_attr_ctx *manager); bool initWithGssContext(const gss_cred_id_t cred, const gss_ctx_id_t ctx); bool getAttributeTypes(gss_eap_attr_enumeration_cb, void *data) const; bool getAttributeTypes(gss_buffer_set_t *attrs); bool setAttribute(int complete, const gss_buffer_t attr, const gss_buffer_t value); bool deleteAttribute(const gss_buffer_t value); bool getAttribute(const gss_buffer_t attr, int *authenticated, int *complete, gss_buffer_t value, gss_buffer_t display_value, int *more) const; gss_any_t mapToAny(int authenticated, gss_buffer_t type_id) const; void releaseAnyNameMapping(gss_buffer_t type_id, gss_any_t input) const; void exportToBuffer(gss_buffer_t buffer) const; bool initWithBuffer(const gss_buffer_t buffer); static std::string composeAttributeName(const gss_buffer_t prefix, const gss_buffer_t suffix); static void decomposeAttributeName(const gss_buffer_t attribute, gss_buffer_t prefix, gss_buffer_t suffix); static void composeAttributeName(const gss_buffer_t prefix, const gss_buffer_t suffix, gss_buffer_t attribute); std::string composeAttributeName(unsigned int type, const gss_buffer_t suffix); void decomposeAttributeName(const gss_buffer_t attribute, unsigned int *type, gss_buffer_t suffix) const; void composeAttributeName(unsigned int type, const gss_buffer_t suffix, gss_buffer_t attribute) const; gss_eap_attr_provider *getProvider(unsigned int type) const; static void registerProvider(unsigned int type, gss_eap_attr_create_provider factory); static void unregisterProvider(unsigned int type); time_t getExpiryTime(void) const; OM_uint32 mapException(OM_uint32 *minor, std::exception &e) const; private: bool providerEnabled(unsigned int type) const; void releaseProvider(unsigned int type); unsigned int attributePrefixToType(const gss_buffer_t prefix) const; gss_buffer_desc attributeTypeToPrefix(unsigned int type) const; bool initWithJsonObject(JSONObject &object); JSONObject jsonRepresentation(void) const; gss_eap_attr_provider *getPrimaryProvider(void) const; /* make non-copyable */ gss_eap_attr_ctx(const gss_eap_attr_ctx&); gss_eap_attr_ctx& operator=(const gss_eap_attr_ctx&); uint32_t m_flags; gss_eap_attr_provider *m_providers[ATTR_TYPE_MAX + 1]; }; #endif /* __cplusplus */ #include "util_radius.h" #include "util_saml.h" #include "util_shib.h" #ifdef __cplusplus static inline void duplicateBuffer(gss_buffer_desc &src, gss_buffer_t dst) { OM_uint32 minor; if (GSS_ERROR(duplicateBuffer(&minor, &src, dst))) throw std::bad_alloc(); } static inline void duplicateBuffer(std::string &str, gss_buffer_t buffer) { gss_buffer_desc tmp; tmp.length = str.length(); tmp.value = (char *)str.c_str(); duplicateBuffer(tmp, buffer); } #else struct gss_eap_attr_ctx; #endif #ifdef __cplusplus extern "C" { #endif /* * C wrappers for attribute context functions. These match their * GSS naming extension equivalents. The caller is required to * obtain the name mutex. */ OM_uint32 gssEapCreateAttrContext(OM_uint32 *minor, gss_cred_id_t acceptorCred, gss_ctx_id_t acceptorCtx, struct gss_eap_attr_ctx **pAttrCtx, time_t *pExpiryTime); OM_uint32 gssEapInquireName(OM_uint32 *minor, gss_name_t name, int *name_is_MN, gss_OID *MN_mech, gss_buffer_set_t *attrs); OM_uint32 gssEapGetNameAttribute(OM_uint32 *minor, gss_name_t name, gss_buffer_t attr, int *authenticated, int *complete, gss_buffer_t value, gss_buffer_t display_value, int *more); OM_uint32 gssEapDeleteNameAttribute(OM_uint32 *minor, gss_name_t name, gss_buffer_t attr); OM_uint32 gssEapSetNameAttribute(OM_uint32 *minor, gss_name_t name, int complete, gss_buffer_t attr, gss_buffer_t value); OM_uint32 gssEapExportAttrContext(OM_uint32 *minor, gss_name_t name, gss_buffer_t buffer); OM_uint32 gssEapImportAttrContext(OM_uint32 *minor, gss_buffer_t buffer, gss_name_t name); OM_uint32 gssEapDuplicateAttrContext(OM_uint32 *minor, gss_name_t in, gss_name_t out); OM_uint32 gssEapMapNameToAny(OM_uint32 *minor, gss_name_t name, int authenticated, gss_buffer_t type_id, gss_any_t *output); OM_uint32 gssEapReleaseAnyNameMapping(OM_uint32 *minor, gss_name_t name, gss_buffer_t type_id, gss_any_t *input); OM_uint32 gssEapReleaseAttrContext(OM_uint32 *minor, gss_name_t name); OM_uint32 gssEapAttrProvidersFinalize(OM_uint32 *minor); #ifdef __cplusplus } #endif #endif /* _UTIL_ATTR_H_ */ mech_eap-0.9.2/mech_eap/inquire_cred_by_oid.c0000644001755200017500000000543212406014472016122 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * Return extended credential handle properties. */ #include "gssapiP_eap.h" #if 0 static struct { gss_OID_desc oid; OM_uint32 (*inquire)(OM_uint32 *, const gss_cred_id_t, const gss_OID, gss_buffer_set_t *); } inquireCredOps[] = { }; #endif OM_uint32 GSSAPI_CALLCONV gss_inquire_cred_by_oid(OM_uint32 *minor, const gss_cred_id_t cred_handle, const gss_OID desired_object GSSEAP_UNUSED, gss_buffer_set_t *data_set) { OM_uint32 major; #if 0 int i; #endif *data_set = GSS_C_NO_BUFFER_SET; if (cred_handle == GSS_C_NO_CREDENTIAL) { *minor = EINVAL; return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CRED; } GSSEAP_MUTEX_LOCK(&cred_handle->mutex); major = GSS_S_UNAVAILABLE; *minor = GSSEAP_BAD_CRED_OPTION; #if 0 for (i = 0; i < sizeof(inquireCredOps) / sizeof(inquireCredOps[0]); i++) { if (oidEqual(&inquireCredOps[i].oid, desired_object)) { major = (*inquireCredOps[i].inquire)(minor, cred_handle, desired_object, data_set); break; } } #endif GSSEAP_MUTEX_UNLOCK(&cred_handle->mutex); return major; } mech_eap-0.9.2/mech_eap/LICENSE0000644001755200017500000000304512406014472012763 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ mech_eap-0.9.2/mech_eap/inquire_attrs_for_mech.c0000644001755200017500000001154512406014472016661 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * Enumerate the features supported by the GSS EAP mechanism. */ #include "gssapiP_eap.h" #define MA_ADD(ma, set) do { \ major = gss_add_oid_set_member(minor, (gss_OID)(ma), (set)); \ if (GSS_ERROR(major)) \ goto cleanup; \ } while (0) #define MA_SUPPORTED(ma) MA_ADD((ma), mech_attrs) #define MA_KNOWN(ma) MA_ADD((ma), known_mech_attrs) OM_uint32 GSSAPI_CALLCONV gss_inquire_attrs_for_mech(OM_uint32 *minor, gss_const_OID mech_oid, gss_OID_set *mech_attrs, gss_OID_set *known_mech_attrs) { OM_uint32 major, tmpMinor; if (mech_attrs != NULL) *mech_attrs = GSS_C_NO_OID_SET; if (known_mech_attrs != NULL) *known_mech_attrs = GSS_C_NO_OID_SET; if (!gssEapIsConcreteMechanismOid((const gss_OID)mech_oid)) { *minor = GSSEAP_WRONG_MECH; return GSS_S_BAD_MECH; } if (mech_attrs != NULL) { major = gss_create_empty_oid_set(minor, mech_attrs); if (GSS_ERROR(major)) goto cleanup; #ifdef HAVE_GSS_INQUIRE_ATTRS_FOR_MECH if (oidEqual(mech_oid, GSS_EAP_MECHANISM)) MA_SUPPORTED(GSS_C_MA_MECH_PSEUDO); else MA_SUPPORTED(GSS_C_MA_MECH_CONCRETE); MA_SUPPORTED(GSS_C_MA_ITOK_FRAMED); MA_SUPPORTED(GSS_C_MA_AUTH_INIT); MA_SUPPORTED(GSS_C_MA_AUTH_TARG); MA_SUPPORTED(GSS_C_MA_AUTH_INIT_INIT); MA_SUPPORTED(GSS_C_MA_INTEG_PROT); MA_SUPPORTED(GSS_C_MA_CONF_PROT); MA_SUPPORTED(GSS_C_MA_MIC); MA_SUPPORTED(GSS_C_MA_WRAP); MA_SUPPORTED(GSS_C_MA_REPLAY_DET); MA_SUPPORTED(GSS_C_MA_OOS_DET); MA_SUPPORTED(GSS_C_MA_CBINDINGS); MA_SUPPORTED(GSS_C_MA_CTX_TRANS); #endif } if (known_mech_attrs != NULL) { major = gss_create_empty_oid_set(minor, known_mech_attrs); if (GSS_ERROR(major)) goto cleanup; #ifdef HAVE_GSS_INQUIRE_ATTRS_FOR_MECH MA_KNOWN(GSS_C_MA_MECH_CONCRETE); MA_KNOWN(GSS_C_MA_MECH_PSEUDO); MA_KNOWN(GSS_C_MA_MECH_COMPOSITE); MA_KNOWN(GSS_C_MA_MECH_NEGO); MA_KNOWN(GSS_C_MA_MECH_GLUE); MA_KNOWN(GSS_C_MA_NOT_MECH); MA_KNOWN(GSS_C_MA_DEPRECATED); MA_KNOWN(GSS_C_MA_NOT_DFLT_MECH); MA_KNOWN(GSS_C_MA_ITOK_FRAMED); MA_KNOWN(GSS_C_MA_AUTH_INIT); MA_KNOWN(GSS_C_MA_AUTH_TARG); MA_KNOWN(GSS_C_MA_AUTH_INIT_INIT); MA_KNOWN(GSS_C_MA_AUTH_TARG_INIT); MA_KNOWN(GSS_C_MA_AUTH_INIT_ANON); MA_KNOWN(GSS_C_MA_AUTH_TARG_ANON); MA_KNOWN(GSS_C_MA_DELEG_CRED); MA_KNOWN(GSS_C_MA_INTEG_PROT); MA_KNOWN(GSS_C_MA_CONF_PROT); MA_KNOWN(GSS_C_MA_MIC); MA_KNOWN(GSS_C_MA_WRAP); MA_KNOWN(GSS_C_MA_PROT_READY); MA_KNOWN(GSS_C_MA_REPLAY_DET); MA_KNOWN(GSS_C_MA_OOS_DET); MA_KNOWN(GSS_C_MA_CBINDINGS); MA_KNOWN(GSS_C_MA_PFS); MA_KNOWN(GSS_C_MA_COMPRESS); MA_KNOWN(GSS_C_MA_CTX_TRANS); #endif } major = GSS_S_COMPLETE; *minor = 0; cleanup: if (GSS_ERROR(major)) { gss_release_oid_set(&tmpMinor, mech_attrs); gss_release_oid_set(&tmpMinor, known_mech_attrs); } return major; } mech_eap-0.9.2/mech_eap/accept_sec_context.c0000644001755200017500000010322312406014472015756 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * Establish a security context on the acceptor (server). These functions * wrap around libradsec and (thus) talk to a RADIUS server or proxy. */ #include "gssapiP_eap.h" #ifdef GSSEAP_ENABLE_REAUTH static OM_uint32 eapGssSmAcceptGssReauth(OM_uint32 *minor, gss_cred_id_t cred, gss_ctx_id_t ctx, gss_name_t target, gss_OID mech, OM_uint32 reqFlags, OM_uint32 timeReq, gss_channel_bindings_t chanBindings, gss_buffer_t inputToken, gss_buffer_t outputToken, OM_uint32 *smFlags); #endif /* * Mark an acceptor context as ready for cryptographic operations */ static OM_uint32 acceptReadyEap(OM_uint32 *minor, gss_ctx_id_t ctx, gss_cred_id_t cred) { OM_uint32 major, tmpMinor; rs_const_avp *vp; gss_buffer_desc nameBuf = GSS_C_EMPTY_BUFFER; /* Cache encryption type derived from selected mechanism OID */ major = gssEapOidToEnctype(minor, ctx->mechanismUsed, &ctx->encryptionType); if (GSS_ERROR(major)) return major; gssEapReleaseName(&tmpMinor, &ctx->initiatorName); major = gssEapRadiusGetRawAvp(minor, ctx->acceptorCtx.vps, PW_USER_NAME, 0, &vp); if (major == GSS_S_COMPLETE && rs_avp_length(vp) != 0) { rs_avp_octets_value_byref((rs_avp *)vp, (unsigned char **)&nameBuf.value, &nameBuf.length); } else { ctx->gssFlags |= GSS_C_ANON_FLAG; } major = gssEapImportName(minor, &nameBuf, (ctx->gssFlags & GSS_C_ANON_FLAG) ? GSS_C_NT_ANONYMOUS : GSS_C_NT_USER_NAME, ctx->mechanismUsed, &ctx->initiatorName); if (GSS_ERROR(major)) return major; major = gssEapRadiusGetRawAvp(minor, ctx->acceptorCtx.vps, PW_MS_MPPE_SEND_KEY, VENDORPEC_MICROSOFT, &vp); if (GSS_ERROR(major)) { *minor = GSSEAP_KEY_UNAVAILABLE; return GSS_S_UNAVAILABLE; } major = gssEapDeriveRfc3961Key(minor, rs_avp_octets_value_const_ptr(vp), rs_avp_length(vp), ctx->encryptionType, &ctx->rfc3961Key); if (GSS_ERROR(major)) return major; major = rfc3961ChecksumTypeForKey(minor, &ctx->rfc3961Key, &ctx->checksumType); if (GSS_ERROR(major)) return major; major = sequenceInit(minor, &ctx->seqState, ctx->recvSeq, ((ctx->gssFlags & GSS_C_REPLAY_FLAG) != 0), ((ctx->gssFlags & GSS_C_SEQUENCE_FLAG) != 0), TRUE); if (GSS_ERROR(major)) return major; major = gssEapCreateAttrContext(minor, cred, ctx, &ctx->initiatorName->attrCtx, &ctx->expiryTime); if (GSS_ERROR(major)) return major; if (ctx->expiryTime != 0 && ctx->expiryTime < time(NULL)) { *minor = GSSEAP_CRED_EXPIRED; return GSS_S_CREDENTIALS_EXPIRED; } *minor = 0; return GSS_S_COMPLETE; } static OM_uint32 eapGssSmAcceptAcceptorName(OM_uint32 *minor, gss_cred_id_t cred GSSEAP_UNUSED, gss_ctx_id_t ctx, gss_name_t target GSSEAP_UNUSED, gss_OID mech GSSEAP_UNUSED, OM_uint32 reqFlags GSSEAP_UNUSED, OM_uint32 timeReq GSSEAP_UNUSED, gss_channel_bindings_t chanBindings GSSEAP_UNUSED, gss_buffer_t inputToken GSSEAP_UNUSED, gss_buffer_t outputToken, OM_uint32 *smFlags GSSEAP_UNUSED) { OM_uint32 major; /* XXX TODO import and validate name from inputToken */ if (ctx->acceptorName != GSS_C_NO_NAME) { /* Send desired target name to acceptor */ major = gssEapDisplayName(minor, ctx->acceptorName, outputToken, NULL); if (GSS_ERROR(major)) return major; } return GSS_S_CONTINUE_NEEDED; } #ifdef GSSEAP_DEBUG static OM_uint32 eapGssSmAcceptVendorInfo(OM_uint32 *minor, gss_cred_id_t cred GSSEAP_UNUSED, gss_ctx_id_t ctx GSSEAP_UNUSED, gss_name_t target GSSEAP_UNUSED, gss_OID mech GSSEAP_UNUSED, OM_uint32 reqFlags GSSEAP_UNUSED, OM_uint32 timeReq GSSEAP_UNUSED, gss_channel_bindings_t chanBindings GSSEAP_UNUSED, gss_buffer_t inputToken, gss_buffer_t outputToken GSSEAP_UNUSED, OM_uint32 *smFlags GSSEAP_UNUSED) { fprintf(stderr, "GSS-EAP: vendor: %.*s\n", (int)inputToken->length, (char *)inputToken->value); *minor = 0; return GSS_S_CONTINUE_NEEDED; } #endif /* * Emit a identity EAP request to force the initiator (peer) to identify * itself. */ static OM_uint32 eapGssSmAcceptIdentity(OM_uint32 *minor, gss_cred_id_t cred, gss_ctx_id_t ctx, gss_name_t target GSSEAP_UNUSED, gss_OID mech GSSEAP_UNUSED, OM_uint32 reqFlags GSSEAP_UNUSED, OM_uint32 timeReq GSSEAP_UNUSED, gss_channel_bindings_t chanBindings GSSEAP_UNUSED, gss_buffer_t inputToken, gss_buffer_t outputToken, OM_uint32 *smFlags) { OM_uint32 major; struct wpabuf *reqData; gss_buffer_desc pktBuffer; if (!gssEapCredAvailable(cred, ctx->mechanismUsed)) { *minor = GSSEAP_CRED_MECH_MISMATCH; return GSS_S_BAD_MECH; } if (inputToken != GSS_C_NO_BUFFER && inputToken->length != 0) { *minor = GSSEAP_WRONG_SIZE; return GSS_S_DEFECTIVE_TOKEN; } reqData = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_IDENTITY, 0, EAP_CODE_REQUEST, 0); if (reqData == NULL) { *minor = ENOMEM; return GSS_S_FAILURE; } pktBuffer.length = wpabuf_len(reqData); pktBuffer.value = (void *)wpabuf_head(reqData); major = duplicateBuffer(minor, &pktBuffer, outputToken); if (GSS_ERROR(major)) return major; wpabuf_free(reqData); GSSEAP_SM_TRANSITION_NEXT(ctx); *minor = 0; *smFlags |= SM_FLAG_OUTPUT_TOKEN_CRITICAL; return GSS_S_CONTINUE_NEEDED; } /* * Returns TRUE if the input token contains an EAP identity response. */ static int isIdentityResponseP(gss_buffer_t inputToken) { struct wpabuf respData; wpabuf_set(&respData, inputToken->value, inputToken->length); return (eap_get_type(&respData) == EAP_TYPE_IDENTITY); } /* * Save the asserted initiator identity from the EAP identity response. */ static OM_uint32 importInitiatorIdentity(OM_uint32 *minor, gss_ctx_id_t ctx, gss_buffer_t inputToken) { OM_uint32 tmpMinor; struct wpabuf respData; const unsigned char *pos; size_t len; gss_buffer_desc nameBuf; wpabuf_set(&respData, inputToken->value, inputToken->length); pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_IDENTITY, &respData, &len); if (pos == NULL) { *minor = GSSEAP_PEER_BAD_MESSAGE; return GSS_S_DEFECTIVE_TOKEN; } nameBuf.value = (void *)pos; nameBuf.length = len; gssEapReleaseName(&tmpMinor, &ctx->initiatorName); return gssEapImportName(minor, &nameBuf, GSS_C_NT_USER_NAME, ctx->mechanismUsed, &ctx->initiatorName); } /* * Pass the asserted initiator identity to the authentication server. */ static OM_uint32 setInitiatorIdentity(OM_uint32 *minor, gss_ctx_id_t ctx, struct rs_packet *req) { OM_uint32 major, tmpMinor; gss_buffer_desc nameBuf; /* * We should have got an EAP identity response, but if we didn't, then * we will just avoid sending User-Name. Note that radsecproxy requires * User-Name to be sent on every request (presumably so it can remain * stateless). */ if (ctx->initiatorName != GSS_C_NO_NAME) { major = gssEapDisplayName(minor, ctx->initiatorName, &nameBuf, NULL); if (GSS_ERROR(major)) return major; major = gssEapRadiusAddAvp(minor, req, PW_USER_NAME, 0, &nameBuf); if (GSS_ERROR(major)) return major; gss_release_buffer(&tmpMinor, &nameBuf); } *minor = 0; return GSS_S_COMPLETE; } /* * Pass the asserted acceptor identity to the authentication server. */ static OM_uint32 setAcceptorIdentity(OM_uint32 *minor, gss_ctx_id_t ctx, struct rs_packet *req) { OM_uint32 major; gss_buffer_desc nameBuf; krb5_context krbContext = NULL; krb5_principal krbPrinc; struct rs_context *rc = ctx->acceptorCtx.radContext; GSSEAP_ASSERT(rc != NULL); if (ctx->acceptorName == GSS_C_NO_NAME) { *minor = 0; return GSS_S_COMPLETE; } if ((ctx->acceptorName->flags & NAME_FLAG_SERVICE) == 0) { *minor = GSSEAP_BAD_SERVICE_NAME; return GSS_S_BAD_NAME; } GSSEAP_KRB_INIT(&krbContext); krbPrinc = ctx->acceptorName->krbPrincipal; GSSEAP_ASSERT(krbPrinc != NULL); GSSEAP_ASSERT(KRB_PRINC_LENGTH(krbPrinc) >= 1); /* Acceptor-Service-Name */ krbPrincComponentToGssBuffer(krbPrinc, 0, &nameBuf); major = gssEapRadiusAddAvp(minor, req, PW_GSS_ACCEPTOR_SERVICE_NAME, 0, &nameBuf); if (GSS_ERROR(major)) return major; /* Acceptor-Host-Name */ if (KRB_PRINC_LENGTH(krbPrinc) >= 2) { krbPrincComponentToGssBuffer(krbPrinc, 1, &nameBuf); major = gssEapRadiusAddAvp(minor, req, PW_GSS_ACCEPTOR_HOST_NAME, 0, &nameBuf); if (GSS_ERROR(major)) return major; } if (KRB_PRINC_LENGTH(krbPrinc) > 2) { /* Acceptor-Service-Specific */ *minor = krbPrincUnparseServiceSpecifics(krbContext, krbPrinc, &nameBuf); if (*minor != 0) return GSS_S_FAILURE; major = gssEapRadiusAddAvp(minor, req, PW_GSS_ACCEPTOR_SERVICE_SPECIFICS, 0, &nameBuf); krbFreeUnparsedName(krbContext, &nameBuf); if (GSS_ERROR(major)) return major; } krbPrincRealmToGssBuffer(krbPrinc, &nameBuf); if (nameBuf.length != 0) { /* Acceptor-Realm-Name */ major = gssEapRadiusAddAvp(minor, req, PW_GSS_ACCEPTOR_REALM_NAME, 0, &nameBuf); if (GSS_ERROR(major)) return major; } *minor = 0; return GSS_S_COMPLETE; } /* * Allocate a RadSec handle */ static OM_uint32 createRadiusHandle(OM_uint32 *minor, gss_cred_id_t cred, gss_ctx_id_t ctx) { struct gss_eap_acceptor_ctx *actx = &ctx->acceptorCtx; struct rs_error *err; const char *configStanza = "gss-eap"; OM_uint32 major; GSSEAP_ASSERT(actx->radContext == NULL); GSSEAP_ASSERT(actx->radConn == NULL); GSSEAP_ASSERT(cred != GSS_C_NO_CREDENTIAL); major = gssEapCreateRadiusContext(minor, cred, &actx->radContext); if (GSS_ERROR(major)) return major; if (cred->radiusConfigStanza.value != NULL) configStanza = (const char *)cred->radiusConfigStanza.value; if (rs_conn_create(actx->radContext, &actx->radConn, configStanza) != 0) { err = rs_err_conn_pop(actx->radConn); return gssEapRadiusMapError(minor, err); } if (actx->radServer != NULL) { if (rs_conn_select_peer(actx->radConn, actx->radServer) != 0) { err = rs_err_conn_pop(actx->radConn); return gssEapRadiusMapError(minor, err); } } *minor = 0; return GSS_S_COMPLETE; } /* * Process a EAP response from the initiator. */ static OM_uint32 eapGssSmAcceptAuthenticate(OM_uint32 *minor, gss_cred_id_t cred, gss_ctx_id_t ctx, gss_name_t target GSSEAP_UNUSED, gss_OID mech GSSEAP_UNUSED, OM_uint32 reqFlags GSSEAP_UNUSED, OM_uint32 timeReq GSSEAP_UNUSED, gss_channel_bindings_t chanBindings GSSEAP_UNUSED, gss_buffer_t inputToken, gss_buffer_t outputToken, OM_uint32 *smFlags) { OM_uint32 major, tmpMinor; struct rs_connection *rconn; struct rs_request *request = NULL; struct rs_packet *req = NULL, *resp = NULL; int isAccessChallenge; if (ctx->acceptorCtx.radContext == NULL) { /* May be NULL from an imported partial context */ major = createRadiusHandle(minor, cred, ctx); if (GSS_ERROR(major)) goto cleanup; } if (isIdentityResponseP(inputToken)) { major = importInitiatorIdentity(minor, ctx, inputToken); if (GSS_ERROR(major)) return major; } rconn = ctx->acceptorCtx.radConn; if (rs_packet_create_authn_request(rconn, &req, NULL, NULL) != 0) { major = gssEapRadiusMapError(minor, rs_err_conn_pop(rconn)); goto cleanup; } major = setInitiatorIdentity(minor, ctx, req); if (GSS_ERROR(major)) goto cleanup; major = setAcceptorIdentity(minor, ctx, req); if (GSS_ERROR(major)) goto cleanup; major = gssEapRadiusAddAvp(minor, req, PW_EAP_MESSAGE, 0, inputToken); if (GSS_ERROR(major)) goto cleanup; if (ctx->acceptorCtx.state.length != 0) { major = gssEapRadiusAddAvp(minor, req, PW_STATE, 0, &ctx->acceptorCtx.state); if (GSS_ERROR(major)) goto cleanup; gss_release_buffer(&tmpMinor, &ctx->acceptorCtx.state); } if (rs_request_create(rconn, &request) != 0) { major = gssEapRadiusMapError(minor, rs_err_conn_pop(rconn)); goto cleanup; } rs_request_add_reqpkt(request, req); req = NULL; if (rs_request_send(request, &resp) != 0) { major = gssEapRadiusMapError(minor, rs_err_conn_pop(rconn)); goto cleanup; } GSSEAP_ASSERT(resp != NULL); isAccessChallenge = 0; switch (rs_packet_code(resp)) { case PW_ACCESS_CHALLENGE: isAccessChallenge = 1; break; case PW_ACCESS_ACCEPT: break; case PW_ACCESS_REJECT: *minor = GSSEAP_RADIUS_AUTH_FAILURE; major = GSS_S_DEFECTIVE_CREDENTIAL; goto cleanup; break; default: *minor = GSSEAP_UNKNOWN_RADIUS_CODE; major = GSS_S_FAILURE; goto cleanup; break; } major = gssEapRadiusGetAvp(minor, resp, PW_EAP_MESSAGE, 0, outputToken, TRUE); if (major == GSS_S_UNAVAILABLE && isAccessChallenge) { *minor = GSSEAP_MISSING_EAP_REQUEST; major = GSS_S_DEFECTIVE_TOKEN; goto cleanup; } else if (GSS_ERROR(major)) goto cleanup; if (isAccessChallenge) { major = gssEapRadiusGetAvp(minor, resp, PW_STATE, 0, &ctx->acceptorCtx.state, TRUE); if (GSS_ERROR(major) && *minor != GSSEAP_NO_SUCH_ATTR) goto cleanup; } else { rs_avp **vps; rs_packet_avps(resp, &vps); ctx->acceptorCtx.vps = *vps; *vps = NULL; major = acceptReadyEap(minor, ctx, cred); if (GSS_ERROR(major)) goto cleanup; GSSEAP_SM_TRANSITION_NEXT(ctx); } major = GSS_S_CONTINUE_NEEDED; *minor = 0; *smFlags |= SM_FLAG_OUTPUT_TOKEN_CRITICAL; cleanup: if (request != NULL) rs_request_destroy(request); if (req != NULL) rs_packet_destroy(req); if (resp != NULL) rs_packet_destroy(resp); if (GSSEAP_SM_STATE(ctx) == GSSEAP_STATE_INITIATOR_EXTS) { GSSEAP_ASSERT(major == GSS_S_CONTINUE_NEEDED); rs_conn_destroy(ctx->acceptorCtx.radConn); ctx->acceptorCtx.radConn = NULL; } return major; } static OM_uint32 eapGssSmAcceptGssFlags(OM_uint32 *minor, gss_cred_id_t cred GSSEAP_UNUSED, gss_ctx_id_t ctx, gss_name_t target GSSEAP_UNUSED, gss_OID mech GSSEAP_UNUSED, OM_uint32 reqFlags GSSEAP_UNUSED, OM_uint32 timeReq GSSEAP_UNUSED, gss_channel_bindings_t chanBindings GSSEAP_UNUSED, gss_buffer_t inputToken, gss_buffer_t outputToken GSSEAP_UNUSED, OM_uint32 *smFlags GSSEAP_UNUSED) { unsigned char *p; OM_uint32 initiatorGssFlags; GSSEAP_ASSERT((ctx->flags & CTX_FLAG_KRB_REAUTH) == 0); if (inputToken->length < 4) { *minor = GSSEAP_TOK_TRUNC; return GSS_S_DEFECTIVE_TOKEN; } /* allow flags to grow for future expansion */ p = (unsigned char *)inputToken->value + inputToken->length - 4; initiatorGssFlags = load_uint32_be(p); initiatorGssFlags &= GSSEAP_WIRE_FLAGS_MASK; ctx->gssFlags |= initiatorGssFlags; return GSS_S_CONTINUE_NEEDED; } static OM_uint32 eapGssSmAcceptGssChannelBindings(OM_uint32 *minor, gss_cred_id_t cred GSSEAP_UNUSED, gss_ctx_id_t ctx, gss_name_t target GSSEAP_UNUSED, gss_OID mech GSSEAP_UNUSED, OM_uint32 reqFlags GSSEAP_UNUSED, OM_uint32 timeReq GSSEAP_UNUSED, gss_channel_bindings_t chanBindings, gss_buffer_t inputToken, gss_buffer_t outputToken GSSEAP_UNUSED, OM_uint32 *smFlags GSSEAP_UNUSED) { krb5_error_code code; krb5_context krbContext; krb5_data data; krb5_checksum cksum; krb5_boolean valid = FALSE; if (chanBindings == GSS_C_NO_CHANNEL_BINDINGS || chanBindings->application_data.length == 0) return GSS_S_CONTINUE_NEEDED; GSSEAP_KRB_INIT(&krbContext); KRB_DATA_INIT(&data); gssBufferToKrbData(&chanBindings->application_data, &data); KRB_CHECKSUM_INIT(&cksum, ctx->checksumType, inputToken); code = krb5_c_verify_checksum(krbContext, &ctx->rfc3961Key, KEY_USAGE_GSSEAP_CHBIND_MIC, &data, &cksum, &valid); if (code != 0) { *minor = code; return GSS_S_FAILURE; } if (valid == FALSE) { *minor = GSSEAP_BINDINGS_MISMATCH; return GSS_S_BAD_BINDINGS; } ctx->flags |= CTX_FLAG_CHANNEL_BINDINGS_VERIFIED; *minor = 0; return GSS_S_CONTINUE_NEEDED; } static OM_uint32 eapGssSmAcceptInitiatorMIC(OM_uint32 *minor, gss_cred_id_t cred GSSEAP_UNUSED, gss_ctx_id_t ctx, gss_name_t target GSSEAP_UNUSED, gss_OID mech GSSEAP_UNUSED, OM_uint32 reqFlags GSSEAP_UNUSED, OM_uint32 timeReq GSSEAP_UNUSED, gss_channel_bindings_t chanBindings, gss_buffer_t inputToken, gss_buffer_t outputToken GSSEAP_UNUSED, OM_uint32 *smFlags GSSEAP_UNUSED) { OM_uint32 major; /* * The channel binding token is optional, however if the caller indicated * bindings we must raise an error if it was absent. * * In the future, we might use a context option to allow the caller to * indicate that missing bindings are acceptable. */ if (chanBindings != NULL && chanBindings->application_data.length != 0 && (ctx->flags & CTX_FLAG_CHANNEL_BINDINGS_VERIFIED) == 0) { *minor = GSSEAP_MISSING_BINDINGS; return GSS_S_BAD_BINDINGS; } major = gssEapVerifyTokenMIC(minor, ctx, inputToken); if (GSS_ERROR(major)) return major; GSSEAP_SM_TRANSITION_NEXT(ctx); *minor = 0; return GSS_S_CONTINUE_NEEDED; } #ifdef GSSEAP_ENABLE_REAUTH static OM_uint32 eapGssSmAcceptReauthCreds(OM_uint32 *minor, gss_cred_id_t cred, gss_ctx_id_t ctx, gss_name_t target GSSEAP_UNUSED, gss_OID mech GSSEAP_UNUSED, OM_uint32 reqFlags GSSEAP_UNUSED, OM_uint32 timeReq GSSEAP_UNUSED, gss_channel_bindings_t chanBindings GSSEAP_UNUSED, gss_buffer_t inputToken GSSEAP_UNUSED, gss_buffer_t outputToken, OM_uint32 *smFlags GSSEAP_UNUSED) { OM_uint32 major; /* * If we're built with fast reauthentication enabled, then * fabricate a ticket from the initiator to ourselves. */ major = gssEapMakeReauthCreds(minor, ctx, cred, outputToken); if (major == GSS_S_UNAVAILABLE) major = GSS_S_COMPLETE; if (major == GSS_S_COMPLETE) major = GSS_S_CONTINUE_NEEDED; return major; } #endif static OM_uint32 eapGssSmAcceptAcceptorMIC(OM_uint32 *minor, gss_cred_id_t cred GSSEAP_UNUSED, gss_ctx_id_t ctx, gss_name_t target GSSEAP_UNUSED, gss_OID mech GSSEAP_UNUSED, OM_uint32 reqFlags GSSEAP_UNUSED, OM_uint32 timeReq GSSEAP_UNUSED, gss_channel_bindings_t chanBindings GSSEAP_UNUSED, gss_buffer_t inputToken GSSEAP_UNUSED, gss_buffer_t outputToken, OM_uint32 *smFlags) { OM_uint32 major; major = gssEapMakeTokenMIC(minor, ctx, outputToken); if (GSS_ERROR(major)) return major; GSSEAP_SM_TRANSITION(ctx, GSSEAP_STATE_ESTABLISHED); *minor = 0; *smFlags |= SM_FLAG_OUTPUT_TOKEN_CRITICAL; return GSS_S_COMPLETE; } static struct gss_eap_sm eapGssAcceptorSm[] = { { ITOK_TYPE_ACCEPTOR_NAME_REQ, ITOK_TYPE_ACCEPTOR_NAME_RESP, GSSEAP_STATE_INITIAL, 0, eapGssSmAcceptAcceptorName }, #ifdef GSSEAP_DEBUG { ITOK_TYPE_VENDOR_INFO, ITOK_TYPE_NONE, GSSEAP_STATE_INITIAL, 0, eapGssSmAcceptVendorInfo, }, #endif #ifdef GSSEAP_ENABLE_REAUTH { ITOK_TYPE_REAUTH_REQ, ITOK_TYPE_REAUTH_RESP, GSSEAP_STATE_INITIAL, 0, eapGssSmAcceptGssReauth, }, #endif { ITOK_TYPE_NONE, ITOK_TYPE_EAP_REQ, GSSEAP_STATE_INITIAL, SM_ITOK_FLAG_REQUIRED, eapGssSmAcceptIdentity, }, { ITOK_TYPE_EAP_RESP, ITOK_TYPE_EAP_REQ, GSSEAP_STATE_AUTHENTICATE, SM_ITOK_FLAG_REQUIRED, eapGssSmAcceptAuthenticate }, { ITOK_TYPE_GSS_FLAGS, ITOK_TYPE_NONE, GSSEAP_STATE_INITIATOR_EXTS, 0, eapGssSmAcceptGssFlags }, { ITOK_TYPE_GSS_CHANNEL_BINDINGS, ITOK_TYPE_NONE, GSSEAP_STATE_INITIATOR_EXTS, 0, eapGssSmAcceptGssChannelBindings, }, { ITOK_TYPE_INITIATOR_MIC, ITOK_TYPE_NONE, GSSEAP_STATE_INITIATOR_EXTS, SM_ITOK_FLAG_REQUIRED, eapGssSmAcceptInitiatorMIC, }, #ifdef GSSEAP_ENABLE_REAUTH { ITOK_TYPE_NONE, ITOK_TYPE_REAUTH_CREDS, GSSEAP_STATE_ACCEPTOR_EXTS, 0, eapGssSmAcceptReauthCreds, }, #endif { ITOK_TYPE_NONE, ITOK_TYPE_ACCEPTOR_NAME_RESP, GSSEAP_STATE_ACCEPTOR_EXTS, 0, eapGssSmAcceptAcceptorName }, { ITOK_TYPE_NONE, ITOK_TYPE_ACCEPTOR_MIC, GSSEAP_STATE_ACCEPTOR_EXTS, 0, eapGssSmAcceptAcceptorMIC }, }; OM_uint32 gssEapAcceptSecContext(OM_uint32 *minor, gss_ctx_id_t ctx, gss_cred_id_t cred, gss_buffer_t input_token, gss_channel_bindings_t input_chan_bindings, gss_name_t *src_name, gss_OID *mech_type, gss_buffer_t output_token, OM_uint32 *ret_flags, OM_uint32 *time_rec, gss_cred_id_t *delegated_cred_handle) { OM_uint32 major, tmpMinor; if (cred == GSS_C_NO_CREDENTIAL) { if (ctx->cred == GSS_C_NO_CREDENTIAL) { major = gssEapAcquireCred(minor, GSS_C_NO_NAME, GSS_C_INDEFINITE, GSS_C_NO_OID_SET, GSS_C_ACCEPT, &ctx->cred, NULL, NULL); if (GSS_ERROR(major)) goto cleanup; } cred = ctx->cred; } /* * Previously we acquired the credential mutex here, but it should not be * necessary as the acceptor does not access any mutable elements of the * credential handle. */ if (cred->name != GSS_C_NO_NAME) { major = gssEapDuplicateName(minor, cred->name, &ctx->acceptorName); if (GSS_ERROR(major)) goto cleanup; } major = gssEapSmStep(minor, cred, ctx, GSS_C_NO_NAME, GSS_C_NO_OID, 0, GSS_C_INDEFINITE, input_chan_bindings, input_token, output_token, eapGssAcceptorSm, sizeof(eapGssAcceptorSm) / sizeof(eapGssAcceptorSm[0])); if (GSS_ERROR(major)) goto cleanup; if (mech_type != NULL) { OM_uint32 tmpMajor; tmpMajor = gssEapCanonicalizeOid(&tmpMinor, ctx->mechanismUsed, 0, mech_type); if (GSS_ERROR(tmpMajor)) { major = tmpMajor; *minor = tmpMinor; goto cleanup; } } if (ret_flags != NULL) *ret_flags = ctx->gssFlags; if (delegated_cred_handle != NULL) *delegated_cred_handle = GSS_C_NO_CREDENTIAL; if (major == GSS_S_COMPLETE) { if (src_name != NULL && ctx->initiatorName != GSS_C_NO_NAME) { major = gssEapDuplicateName(&tmpMinor, ctx->initiatorName, src_name); if (GSS_ERROR(major)) goto cleanup; } if (time_rec != NULL) { major = gssEapContextTime(&tmpMinor, ctx, time_rec); if (GSS_ERROR(major)) goto cleanup; } } GSSEAP_ASSERT(CTX_IS_ESTABLISHED(ctx) || major == GSS_S_CONTINUE_NEEDED); cleanup: return major; } #ifdef GSSEAP_ENABLE_REAUTH static OM_uint32 acceptReadyKrb(OM_uint32 *minor, gss_ctx_id_t ctx, gss_cred_id_t cred, const gss_name_t initiator, const gss_OID mech, OM_uint32 timeRec) { OM_uint32 major; major = gssEapGlueToMechName(minor, ctx, initiator, &ctx->initiatorName); if (GSS_ERROR(major)) return major; major = gssEapReauthComplete(minor, ctx, cred, mech, timeRec); if (GSS_ERROR(major)) return major; *minor = 0; return GSS_S_COMPLETE; } static OM_uint32 eapGssSmAcceptGssReauth(OM_uint32 *minor, gss_cred_id_t cred, gss_ctx_id_t ctx, gss_name_t target GSSEAP_UNUSED, gss_OID mech, OM_uint32 reqFlags GSSEAP_UNUSED, OM_uint32 timeReq GSSEAP_UNUSED, gss_channel_bindings_t chanBindings, gss_buffer_t inputToken, gss_buffer_t outputToken, OM_uint32 *smFlags) { OM_uint32 major, tmpMinor; gss_name_t krbInitiator = GSS_C_NO_NAME; OM_uint32 gssFlags, timeRec = GSS_C_INDEFINITE; /* * If we're built with fast reauthentication support, it's valid * for an initiator to send a GSS reauthentication token as its * initial context token, causing us to short-circuit the state * machine and process Kerberos GSS messages instead. */ ctx->flags |= CTX_FLAG_KRB_REAUTH; major = gssAcceptSecContext(minor, &ctx->reauthCtx, cred->reauthCred, inputToken, chanBindings, &krbInitiator, &mech, outputToken, &gssFlags, &timeRec, NULL); if (major == GSS_S_COMPLETE) { major = acceptReadyKrb(minor, ctx, cred, krbInitiator, mech, timeRec); if (major == GSS_S_COMPLETE) { GSSEAP_SM_TRANSITION(ctx, GSSEAP_STATE_ESTABLISHED); } ctx->gssFlags = gssFlags; } else if (GSS_ERROR(major) && (*smFlags & SM_FLAG_INPUT_TOKEN_CRITICAL) == 0) { /* pretend reauthentication attempt never happened */ gssDeleteSecContext(&tmpMinor, &ctx->reauthCtx, GSS_C_NO_BUFFER); ctx->flags &= ~(CTX_FLAG_KRB_REAUTH); GSSEAP_SM_TRANSITION(ctx, GSSEAP_STATE_INITIAL); major = GSS_S_CONTINUE_NEEDED; } gssReleaseName(&tmpMinor, &krbInitiator); return major; } #endif /* GSSEAP_ENABLE_REAUTH */ OM_uint32 GSSAPI_CALLCONV gss_accept_sec_context(OM_uint32 *minor, gss_ctx_id_t *context_handle, gss_cred_id_t cred, gss_buffer_t input_token, gss_channel_bindings_t input_chan_bindings, gss_name_t *src_name, gss_OID *mech_type, gss_buffer_t output_token, OM_uint32 *ret_flags, OM_uint32 *time_rec, gss_cred_id_t *delegated_cred_handle) { OM_uint32 major, tmpMinor; gss_ctx_id_t ctx = *context_handle; *minor = 0; output_token->length = 0; output_token->value = NULL; if (src_name != NULL) *src_name = GSS_C_NO_NAME; if (input_token == GSS_C_NO_BUFFER || input_token->length == 0) { *minor = GSSEAP_TOK_TRUNC; return GSS_S_DEFECTIVE_TOKEN; } if (ctx == GSS_C_NO_CONTEXT) { major = gssEapAllocContext(minor, &ctx); if (GSS_ERROR(major)) return major; *context_handle = ctx; } GSSEAP_MUTEX_LOCK(&ctx->mutex); major = gssEapAcceptSecContext(minor, ctx, cred, input_token, input_chan_bindings, src_name, mech_type, output_token, ret_flags, time_rec, delegated_cred_handle); GSSEAP_MUTEX_UNLOCK(&ctx->mutex); if (GSS_ERROR(major)) gssEapReleaseContext(&tmpMinor, context_handle); return major; } mech_eap-0.9.2/mech_eap/radsec_err.et0000644001755200017500000000317712406014472014427 00000000000000# # Copyright (c) 2011, JANET(UK) # All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # 3. Neither the name of JANET(UK) nor the names of its contributors # may be used to endorse or promote products derived from this software # without specific prior written permission. # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # # Placeholders only error_table rse error_code GSSEAP_RSE_OK, "" end mech_eap-0.9.2/mech_eap/Makefile.am0000644001755200017500000001210112406014744014005 00000000000000AUTOMAKE_OPTIONS = foreign EXTRA_DIST = gsseap_err.et radsec_err.et \ mech_eap.exports mech_eap-noacceptor.exports radius_ad.exports \ LICENSE AUTHORS mech \ README.samba4 NOTES radsec.conf gssincludedir = $(includedir)/gssapi gssinclude_HEADERS = gssapi_eap.h EAP_CFLAGS = -I$(srcdir)/../libeap/src -I$(srcdir)/../libeap/src/common -I$(srcdir)/../libeap/src/eap_common \ -I$(srcdir)/../libeap/src/utils if GSSEAP_ENABLE_ACCEPTOR GSSEAP_EXPORTS = $(srcdir)/mech_eap.exports else GSSEAP_EXPORTS = $(srcdir)/mech_eap-noacceptor.exports endif gssdir = $(libdir)/gss gss_LTLIBRARIES = mech_eap.la if TARGET_WINDOWS EAP_CFLAGS += -DCONFIG_WIN32_DEFAULTS -DUSE_INTERNAL_CRYPTO OS_LIBS = -lshell32 -ladvapi32 -lws2_32 -lcomerr32 mech_eap_la_CFLAGS = -Zi mech_eap_la_CXXFLAGS = -Zi else EAP_CFLAGS += -DEAP_TLS -DEAP_PEAP -DEAP_TTLS -DEAP_MD5 -DEAP_MSCHAPv2 -DEAP_GTC -DEAP_OTP -DEAP_LEAP -DEAP_PSK -DEAP_PAX -DEAP_SAKE -DEAP_GPSK -DEAP_GPSK_SHA256 -DEAP_SERVER_IDENTITY -DEAP_SERVER_TLS -DEAP_SERVER_PEAP -DEAP_SERVER_TTLS -DEAP_SERVER_MD5 -DEAP_SERVER_MSCHAPV2 -DEAP_SERVER_GTC -DEAP_SERVER_PSK -DEAP_SERVER_PAX -DEAP_SERVER_SAKE -DEAP_SERVER_GPSK -DEAP_SERVER_GPSK_SHA256 -DIEEE8021X_EAPOL OS_LIBS = mech_eap_la_CFLAGS = -Werror -Wall -Wunused-parameter mech_eap_la_CXXFLAGS = -Werror -Wall -Wunused-parameter endif mech_eap_la_DEPENDENCIES = $(GSSEAP_EXPORTS) mech_eap_la_CPPFLAGS = -DBUILD_GSSEAP_LIB -DSYSCONFDIR=\"${sysconfdir}\" -DDATAROOTDIR=\"${datarootdir}\" mech_eap_la_CFLAGS += \ @KRB5_CFLAGS@ @RADSEC_CFLAGS@ @TARGET_CFLAGS@ $(EAP_CFLAGS) mech_eap_la_CXXFLAGS += \ @KRB5_CFLAGS@ @RADSEC_CFLAGS@ \ @OPENSAML_CXXFLAGS@ @SHIBRESOLVER_CXXFLAGS@ @SHIBSP_CXXFLAGS@ \ @TARGET_CFLAGS@ $(EAP_CFLAGS) mech_eap_la_LDFLAGS = -avoid-version -module \ -export-symbols $(GSSEAP_EXPORTS) -no-undefined \ @KRB5_LDFLAGS@ @RADSEC_LDFLAGS@ @TARGET_LDFLAGS@ @OPENSSL_LDFLAGS@ if TARGET_WINDOWS mech_eap_la_LDFLAGS += -debug endif mech_eap_la_LIBADD = @KRB5_LIBS@ ../libeap/libeap.la @RADSEC_LIBS@ \ @OPENSAML_LIBS@ @SHIBRESOLVER_LIBS@ @SHIBSP_LIBS@ @JANSSON_LIBS@ \ @OPENSSL_LIBS@ mech_eap_la_SOURCES = \ acquire_cred.c \ acquire_cred_with_password.c \ add_cred.c \ add_cred_with_password.c \ authorize_localname.c \ canonicalize_name.c \ compare_name.c \ context_time.c \ delete_sec_context.c \ display_name.c \ display_name_ext.c \ display_status.c \ duplicate_name.c \ eap_mech.c \ exchange_meta_data.c \ export_name.c \ export_sec_context.c \ get_mic.c \ gsseap_err.c \ import_name.c \ import_sec_context.c \ indicate_mechs.c \ init_sec_context.c \ inquire_attrs_for_mech.c \ inquire_context.c \ inquire_cred.c \ inquire_cred_by_mech.c \ inquire_cred_by_oid.c \ inquire_mech_for_saslname.c \ inquire_mechs_for_name.c \ inquire_names_for_mech.c \ inquire_saslname_for_mech.c \ inquire_sec_context_by_oid.c \ process_context_token.c \ pseudo_random.c \ query_mechanism_info.c \ query_meta_data.c \ radsec_err.c \ release_cred.c \ release_name.c \ release_oid.c \ set_cred_option.c \ set_sec_context_option.c \ store_cred.c \ unwrap.c \ unwrap_iov.c \ util_buffer.c \ util_context.c \ util_cksum.c \ util_cred.c \ util_crypt.c \ util_krb.c \ util_lucid.c \ util_mech.c \ util_name.c \ util_oid.c \ util_ordering.c \ util_radius.cpp \ util_sm.c \ util_tld.c \ util_token.c \ verify_mic.c \ wrap.c \ wrap_iov.c \ wrap_iov_length.c \ wrap_size_limit.c \ gssapiP_eap.h \ util_attr.h \ util_base64.h \ util.h \ util_json.h \ util_radius.h \ util_reauth.h \ util_saml.h \ util_shib.h if LIBMOONSHOT mech_eap_la_SOURCES += util_moonshot.c mech_eap_la_CFLAGS += @LIBMOONSHOT_CFLAGS@ mech_eap_la_LDFLAGS += @LIBMOONSHOT_LDFLAGS@ mech_eap_la_LIBADD += @LIBMOONSHOT_LIBS@ endif if GSSEAP_ENABLE_ACCEPTOR mech_eap_la_SOURCES += \ accept_sec_context.c \ delete_name_attribute.c \ export_name_composite.c \ get_name_attribute.c \ inquire_name.c \ map_name_to_any.c \ release_any_name_mapping.c \ set_name_attribute.c \ util_attr.cpp \ util_base64.c \ util_json.cpp if OPENSAML mech_eap_la_SOURCES += util_saml.cpp endif if SHIBRESOLVER mech_eap_la_SOURCES += util_shib.cpp endif endif BUILT_SOURCES = gsseap_err.c radsec_err.c gsseap_err.h radsec_err.h if GSSEAP_ENABLE_REAUTH mech_eap_la_SOURCES += util_reauth.c if !HEIMDAL krb5pluginsdir = $(libdir)/krb5/plugins/authdata krb5plugins_LTLIBRARIES = radius_ad.la radius_ad_la_CFLAGS = -Werror -Wall -Wunused-parameter \ @KRB5_CFLAGS@ $(EAP_CFLAGS) @RADSEC_CFLAGS@ @TARGET_CFLAGS@ radius_ad_la_LDFLAGS = -avoid-version -module \ -export-symbols $(srcdir)/radius_ad.exports -no-undefined radius_ad_la_LIBADD = @KRB5_LIBS@ radius_ad_la_SOURCES = util_adshim.c authdata_plugin.h endif endif gsseap_err.h gsseap_err.c: gsseap_err.et $(COMPILE_ET) $< radsec_err.h radsec_err.c: radsec_err.et $(COMPILE_ET) $< radsec_err.c: radsec_err.h clean-generic: rm -f gsseap_err.[ch] radsec_err.[ch] mech_eap-0.9.2/mech_eap/util_json.cpp0000644001755200017500000002604112406014472014471 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * JSONObject utilities. */ #include "gssapiP_eap.h" #include #include #include #include #include #define JSON_INIT(obj) do { \ if ((obj) == NULL) \ throw std::bad_alloc(); \ m_obj = (obj); \ } while (0) #define JSON_CHECK_CONTAINER() do { \ if (!json_is_object(m_obj) && !json_is_array(m_obj)) { \ std::string s("JSONObject is not a container"); \ throw JSONException(m_obj); \ } \ } while (0) #define JSON_CHECK_OBJECT() do { \ if (!json_is_object(m_obj)) { \ std::string s("JSONObject is not a dictionary"); \ throw JSONException(m_obj, JSON_OBJECT); \ } \ } while (0) #define JSON_CHECK_ARRAY() do { \ if (!json_is_array(m_obj)) { \ throw JSONException(m_obj, JSON_ARRAY); \ } \ } while (0) #define JSON_CHECK(s) do { \ if ((s) != 0) \ throw JSONException(); \ } while (0) JSONObject JSONObject::load(const char *input, size_t flags, json_error_t *error) { json_t *obj; obj = json_loads(input, flags, error); return JSONObject(obj, false); } JSONObject JSONObject::load(FILE *fp, size_t flags, json_error_t *error) { json_t *obj; obj = json_loadf(fp, flags, error); return JSONObject(obj, false); } char * JSONObject::dump(size_t flags) const { char *s = json_dumps(m_obj, flags); if (s == NULL) throw std::bad_alloc(); return s; } void JSONObject::dump(FILE *fp, size_t flags) const { int r = json_dumpf(m_obj, fp, flags); if (r != 0) throw std::bad_alloc(); } size_t JSONObject::size(void) const { if (json_is_object(m_obj)) return json_object_size(m_obj); else if (json_is_array(m_obj)) return json_array_size(m_obj); else return 0; } JSONObject::JSONObject(json_t *obj, bool retain) { if (retain) json_incref(obj); JSON_INIT(obj); } JSONObject::JSONObject(const char *value) { json_t *obj = json_string(value); JSON_INIT(obj); } JSONObject::JSONObject(json_int_t value) { json_t *obj = json_integer(value); JSON_INIT(obj); } JSONObject::JSONObject(double value) { json_t *obj = json_real(value); JSON_INIT(obj); } JSONObject::JSONObject(bool value) { json_t *obj = value ? json_true() : json_false(); JSON_INIT(obj); } JSONObject::JSONObject(void) { json_t *obj = json_object(); JSON_INIT(obj); } JSONObject JSONObject::object(void) { return JSONObject(); } JSONObject JSONObject::null(void) { return JSONObject(json_null(), false); } JSONObject JSONObject::array(void) { return JSONObject(json_array(), false); } void JSONObject::set(const char *key, JSONObject &value) { JSON_CHECK_OBJECT(); JSON_CHECK(json_object_set_new(m_obj, key, value.get())); } void JSONObject::set(const char *key, const char *value) { JSONObject jobj(value); set(key, jobj); } void JSONObject::set(const char *key, json_int_t value) { JSONObject jobj(value); set(key, jobj); } void JSONObject::del(const char *key) { json_object_del(m_obj, key); } JSONObject JSONObject::get(const char *key) const { json_t *obj; obj = json_object_get(m_obj, key); if (obj == NULL) return JSONObject::null(); return JSONObject(obj, true); } JSONObject JSONObject::get(size_t index) const { json_t *obj; obj = json_array_get(m_obj, index); if (obj == NULL) return JSONObject::null(); return JSONObject(obj, true); } void JSONObject::update(JSONObject &value) { JSON_CHECK_OBJECT(); json_t *other = value.get(); JSON_CHECK(json_object_update(m_obj, other)); json_decref(other); } JSONObject JSONObject::operator[](size_t index) const { return get(index); } JSONObject JSONObject::operator[](const char *key) const { return get(key); } void JSONObject::append(JSONObject &value) { JSON_CHECK_ARRAY(); JSON_CHECK(json_array_append_new(m_obj, value.get())); } void JSONObject::insert(size_t index, JSONObject &value) { JSON_CHECK_ARRAY(); JSON_CHECK(json_array_insert_new(m_obj, index, value.get())); } void JSONObject::remove(size_t index) { JSON_CHECK_ARRAY(); JSON_CHECK(json_array_remove(m_obj, index)); } void JSONObject::clear(void) { JSON_CHECK_CONTAINER(); if (json_is_object(m_obj)) { JSON_CHECK(json_object_clear(m_obj)); } else if (json_is_array(m_obj)) { JSON_CHECK(json_array_clear(m_obj)); } } void JSONObject::extend(JSONObject &value) { JSON_CHECK_ARRAY(); json_t *other = value.get(); JSON_CHECK(json_array_extend(m_obj, other)); json_decref(other); } const char * JSONObject::string(void) const { return json_string_value(m_obj); } json_int_t JSONObject::integer(void) const { return json_integer_value(m_obj); } double JSONObject::real(void) const { return json_real_value(m_obj); } double JSONObject::number(void) const { return json_number_value(m_obj); } #ifdef HAVE_SHIBRESOLVER JSONObject JSONObject::ddf(DDF &ddf) { if (ddf.isstruct()) { DDF elem = ddf.first(); JSONObject jobj = JSONObject::object(); while (!elem.isnull()) { JSONObject jtmp = JSONObject::ddf(elem); jobj.set(elem.name(), jtmp); elem = ddf.next(); } return jobj; } else if (ddf.islist()) { DDF elem = ddf.first(); JSONObject jobj = JSONObject::array(); while (!elem.isnull()) { JSONObject jtmp = JSONObject::ddf(elem); jobj.append(jtmp); elem = ddf.next(); } return jobj; } else if (ddf.isstring()) { return JSONObject(ddf.string()); } else if (ddf.isint()) { return JSONObject((json_int_t)ddf.integer()); } else if (ddf.isfloat()) { return JSONObject(ddf.floating()); } else if (ddf.isempty() || ddf.ispointer()) { return JSONObject::object(); } else if (ddf.isnull()) { return JSONObject::null(); } std::string s("Unbridgeable DDF object"); throw JSONException(); } DDF JSONObject::ddf(void) const { DDF ddf(NULL); switch (type()) { case JSON_OBJECT: { JSONIterator iter = iterator(); do { const char *key = iter.key(); DDF value = iter.value().ddf(); ddf.addmember(key).swap(value); } while (iter.next()); break; } case JSON_ARRAY: { size_t i, nelems = size(); for (i = 0; i < nelems; i++) { DDF value = get(i).ddf(); ddf.add(value); } break; } case JSON_STRING: ddf.string(string()); break; case JSON_INTEGER: ddf.integer(integer()); break; case JSON_REAL: ddf.floating(real()); break; case JSON_TRUE: ddf.integer(1L); break; case JSON_FALSE: ddf.integer(0L); break; case JSON_NULL: break; } return ddf; } #endif /* HAVE_SHIBRESOLVER */ bool JSONObject::isObject(void) const { return json_is_object(m_obj); } bool JSONObject::isArray(void) const { return json_is_array(m_obj); } bool JSONObject::isString(void) const { return json_is_string(m_obj); } bool JSONObject::isInteger(void) const { return json_is_integer(m_obj); } bool JSONObject::isNumber(void) const { return json_is_number(m_obj); } bool JSONObject::isBoolean(void) const { return json_is_boolean(m_obj); } bool JSONObject::isNull(void) const { return json_is_null(m_obj); } JSONIterator::JSONIterator(const JSONObject &obj) { m_obj = obj.get(); m_iter = json_object_iter(m_obj); } JSONIterator::~JSONIterator(void) { json_decref(m_obj); } const char * JSONIterator::key(void) const { return json_object_iter_key(m_iter); } JSONObject JSONIterator::value(void) const { return JSONObject(json_object_iter_value(m_iter)); } bool JSONIterator::next(void) { m_iter = json_object_iter_next(m_obj, m_iter); return m_iter != NULL; } JSONException::JSONException(json_t *obj, json_type type) { char *s = NULL; const char *t; m_obj = json_incref(obj); m_type = type; if (obj != NULL) s = json_dumps(m_obj, 0); switch (type) { case JSON_OBJECT: t = "OBJECT"; break; case JSON_ARRAY: t = "ARRAY"; break; case JSON_STRING: t = "STRING"; break; case JSON_INTEGER: t = "INTEGER"; break; case JSON_REAL: t = "REAL"; break; case JSON_TRUE: t = "TRUE"; break; case JSON_FALSE: t = "FALSE"; break; case JSON_NULL: t = "NULL"; break; default: t = "UNKNOWN"; break; } if (obj != NULL) { m_reason = "Invalid JSON object: " + std::string(s); if (type != JSON_NULL) m_reason += " (excepted type " + std::string(t) + ")"; } else { m_reason = "Internal JSON error"; } if (s != NULL) GSSEAP_FREE(s); } mech_eap-0.9.2/mech_eap/radsec_err.c0000444001755200017500000000220112406014660014221 00000000000000/* * radsec_err.c: * This file is automatically generated; please do not edit it. */ #include #define N_(a) a static const char * const text[] = { N_(""), 0 }; struct error_table { char const * const * msgs; long base; int n_msgs; }; struct et_list { struct et_list *next; const struct error_table * table; }; extern struct et_list *_et_list; const struct error_table et_rse_error_table = { text, 46882560L, 1 }; static struct et_list link = { 0, 0 }; void initialize_rse_error_table_r(struct et_list **list); void initialize_rse_error_table(void); void initialize_rse_error_table(void) { initialize_rse_error_table_r(&_et_list); } /* For Heimdal compatibility */ void initialize_rse_error_table_r(struct et_list **list) { struct et_list *et, **end; for (end = list, et = *list; et; end = &et->next, et = et->next) if (et->table->msgs == text) return; et = malloc(sizeof(struct et_list)); if (et == 0) { if (!link.table) et = &link; else return; } et->table = &et_rse_error_table; et->next = 0; *end = et; } mech_eap-0.9.2/mech_eap/exchange_meta_data.c0000644001755200017500000000570512406014472015710 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * */ #include "gssapiP_eap.h" OM_uint32 GSSAPI_CALLCONV gssEapExchangeMetaData(OM_uint32 *minor, gss_const_OID mech GSSEAP_UNUSED, gss_cred_id_t cred GSSEAP_UNUSED, gss_ctx_id_t *ctx GSSEAP_UNUSED, const gss_name_t name GSSEAP_UNUSED, OM_uint32 req_flags GSSEAP_UNUSED, gss_const_buffer_t meta_data GSSEAP_UNUSED) { *minor = 0; return GSS_S_COMPLETE; } OM_uint32 GSSAPI_CALLCONV gss_exchange_meta_data(OM_uint32 *minor, gss_const_OID mech, gss_cred_id_t cred, gss_ctx_id_t *context_handle, const gss_name_t name, OM_uint32 req_flags, gss_const_buffer_t meta_data) { gss_ctx_id_t ctx = *context_handle; OM_uint32 major; if (cred != GSS_C_NO_CREDENTIAL) GSSEAP_MUTEX_LOCK(&cred->mutex); if (*context_handle != GSS_C_NO_CONTEXT) GSSEAP_MUTEX_LOCK(&ctx->mutex); major = gssEapExchangeMetaData(minor, mech, cred, &ctx, name, req_flags, meta_data); if (*context_handle != GSS_C_NO_CONTEXT) GSSEAP_MUTEX_UNLOCK(&ctx->mutex); else *context_handle = ctx; if (cred != GSS_C_NO_CREDENTIAL) GSSEAP_MUTEX_UNLOCK(&cred->mutex); return major; } mech_eap-0.9.2/mech_eap/export_sec_context.c0000644001755200017500000001777612406014472016061 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * Serialise a security context. On the acceptor, this may be partially * established. */ #include "gssapiP_eap.h" #ifdef GSSEAP_ENABLE_ACCEPTOR static OM_uint32 gssEapExportPartialContext(OM_uint32 *minor, gss_ctx_id_t ctx, gss_buffer_t token) { OM_uint32 major, tmpMinor; size_t length, serverLen = 0; unsigned char *p; char serverBuf[MAXHOSTNAMELEN]; if (ctx->acceptorCtx.radConn != NULL) { if (rs_conn_get_current_peer(ctx->acceptorCtx.radConn, serverBuf, sizeof(serverBuf)) != 0) { #if 0 return gssEapRadiusMapError(minor, rs_err_conn_pop(ctx->acceptorCtx.radConn)); #else serverBuf[0] = '\0'; /* not implemented yet */ #endif } serverLen = strlen(serverBuf); } length = 4 + serverLen + 4 + ctx->acceptorCtx.state.length; token->value = GSSEAP_MALLOC(length); if (token->value == NULL) { major = GSS_S_FAILURE; *minor = ENOMEM; goto cleanup; } token->length = length; p = (unsigned char *)token->value; store_uint32_be(serverLen, p); p += 4; if (serverLen != 0) { memcpy(p, serverBuf, serverLen); p += serverLen; } store_uint32_be(ctx->acceptorCtx.state.length, p); p += 4; if (ctx->acceptorCtx.state.length != 0) { memcpy(p, ctx->acceptorCtx.state.value, ctx->acceptorCtx.state.length); p += ctx->acceptorCtx.state.length; } GSSEAP_ASSERT(p == (unsigned char *)token->value + token->length); major = GSS_S_COMPLETE; *minor = 0; cleanup: if (GSS_ERROR(major)) gss_release_buffer(&tmpMinor, token); return major; } #endif /* GSSEAP_ENABLE_ACCEPTOR */ OM_uint32 gssEapExportSecContext(OM_uint32 *minor, gss_ctx_id_t ctx, gss_buffer_t token) { OM_uint32 major, tmpMinor; size_t length; gss_buffer_desc initiatorName = GSS_C_EMPTY_BUFFER; gss_buffer_desc acceptorName = GSS_C_EMPTY_BUFFER; gss_buffer_desc partialCtx = GSS_C_EMPTY_BUFFER; gss_buffer_desc key; unsigned char *p; if ((CTX_IS_INITIATOR(ctx) && !CTX_IS_ESTABLISHED(ctx)) || ctx->mechanismUsed == GSS_C_NO_OID) { *minor = GSSEAP_CONTEXT_INCOMPLETE; return GSS_S_NO_CONTEXT; } key.length = KRB_KEY_LENGTH(&ctx->rfc3961Key); key.value = KRB_KEY_DATA(&ctx->rfc3961Key); /* * As a shortcut, we omit the mechanism OID of the initiator name because * we know it will match the context mechanism. The acceptor name mech OID * is always included. */ if (ctx->initiatorName != GSS_C_NO_NAME) { major = gssEapExportNameInternal(minor, ctx->initiatorName, &initiatorName, EXPORT_NAME_FLAG_COMPOSITE); if (GSS_ERROR(major)) goto cleanup; } if (ctx->acceptorName != GSS_C_NO_NAME) { major = gssEapExportNameInternal(minor, ctx->acceptorName, &acceptorName, EXPORT_NAME_FLAG_OID | EXPORT_NAME_FLAG_COMPOSITE); if (GSS_ERROR(major)) goto cleanup; } #ifdef GSSEAP_ENABLE_ACCEPTOR /* * The partial context is only transmitted for unestablished acceptor * contexts. */ if (!CTX_IS_INITIATOR(ctx) && !CTX_IS_ESTABLISHED(ctx) && (ctx->flags & CTX_FLAG_KRB_REAUTH) == 0) { major = gssEapExportPartialContext(minor, ctx, &partialCtx); if (GSS_ERROR(major)) goto cleanup; } #endif length = 16; /* version, state, flags, */ length += 4 + ctx->mechanismUsed->length; /* mechanismUsed */ length += 12 + key.length; /* rfc3961Key.value */ length += 4 + initiatorName.length; /* initiatorName.value */ length += 4 + acceptorName.length; /* acceptorName.value */ length += 24 + sequenceSize(ctx->seqState); /* seqState */ if (partialCtx.value != NULL) length += 4 + partialCtx.length; /* partialCtx.value */ token->value = GSSEAP_MALLOC(length); if (token->value == NULL) { major = GSS_S_FAILURE; *minor = ENOMEM; goto cleanup; } token->length = length; p = (unsigned char *)token->value; store_uint32_be(EAP_EXPORT_CONTEXT_V1, &p[0]); /* version */ store_uint32_be(GSSEAP_SM_STATE(ctx), &p[4]); store_uint32_be(ctx->flags, &p[8]); store_uint32_be(ctx->gssFlags, &p[12]); p = store_oid(ctx->mechanismUsed, &p[16]); store_uint32_be(ctx->checksumType, &p[0]); store_uint32_be(ctx->encryptionType, &p[4]); p = store_buffer(&key, &p[8], FALSE); p = store_buffer(&initiatorName, p, FALSE); p = store_buffer(&acceptorName, p, FALSE); store_uint64_be(ctx->expiryTime, &p[0]); store_uint64_be(ctx->sendSeq, &p[8]); store_uint64_be(ctx->recvSeq, &p[16]); p += 24; major = sequenceExternalize(minor, ctx->seqState, &p, &length); if (GSS_ERROR(major)) goto cleanup; if (partialCtx.value != NULL) p = store_buffer(&partialCtx, p, FALSE); GSSEAP_ASSERT(p == (unsigned char *)token->value + token->length); major = GSS_S_COMPLETE; *minor = 0; cleanup: if (GSS_ERROR(major)) gss_release_buffer(&tmpMinor, token); gss_release_buffer(&tmpMinor, &initiatorName); gss_release_buffer(&tmpMinor, &acceptorName); gss_release_buffer(&tmpMinor, &partialCtx); return major; } OM_uint32 GSSAPI_CALLCONV gss_export_sec_context(OM_uint32 *minor, gss_ctx_id_t *context_handle, gss_buffer_t interprocess_token) { OM_uint32 major, tmpMinor; gss_ctx_id_t ctx = *context_handle; interprocess_token->length = 0; interprocess_token->value = NULL; if (ctx == GSS_C_NO_CONTEXT) { *minor = EINVAL; return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CONTEXT; } *minor = 0; GSSEAP_MUTEX_LOCK(&ctx->mutex); major = gssEapExportSecContext(minor, ctx, interprocess_token); if (GSS_ERROR(major)) { GSSEAP_MUTEX_UNLOCK(&ctx->mutex); return major; } *context_handle = GSS_C_NO_CONTEXT; GSSEAP_MUTEX_UNLOCK(&ctx->mutex); gssEapReleaseContext(&tmpMinor, &ctx); return GSS_S_COMPLETE; } mech_eap-0.9.2/mech_eap/util_krb.c0000644001755200017500000004346612406014472013750 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * Kerberos 5 helpers. */ #include "gssapiP_eap.h" void gssEapDestroyKrbContext(krb5_context context) { if (context != NULL) krb5_free_context(context); } static krb5_error_code initKrbContext(krb5_context *pKrbContext) { krb5_context krbContext; krb5_error_code code; char *defaultRealm = NULL; *pKrbContext = NULL; code = krb5_init_context(&krbContext); if (code != 0) goto cleanup; krb5_appdefault_string(krbContext, "eap_gss", NULL, "default_realm", "", &defaultRealm); if (defaultRealm != NULL && defaultRealm[0] != '\0') { code = krb5_set_default_realm(krbContext, defaultRealm); if (code != 0) goto cleanup; } *pKrbContext = krbContext; cleanup: krb5_free_default_realm(krbContext, defaultRealm); if (code != 0 && krbContext != NULL) krb5_free_context(krbContext); return code; } OM_uint32 gssEapKerberosInit(OM_uint32 *minor, krb5_context *context) { struct gss_eap_thread_local_data *tld; *minor = 0; *context = NULL; tld = gssEapGetThreadLocalData(); if (tld != NULL) { if (tld->krbContext == NULL) { *minor = initKrbContext(&tld->krbContext); if (*minor != 0) tld->krbContext = NULL; } *context = tld->krbContext; } else { *minor = GSSEAP_GET_LAST_ERROR(); } GSSEAP_ASSERT(*context != NULL || *minor != 0); return (*minor == 0) ? GSS_S_COMPLETE : GSS_S_FAILURE; } /* * Derive a key K for RFC 4121 use by using the following * derivation function (based on RFC 4402); * * KMSK = random-to-key(MSK) * Tn = pseudo-random(KMSK, n || "rfc4121-gss-eap") * L = output key size * K = truncate(L, T1 || T2 || .. || Tn) * * The output must be freed by krb5_free_keyblock_contents(), * not GSSEAP_FREE(). */ OM_uint32 gssEapDeriveRfc3961Key(OM_uint32 *minor, const unsigned char *inputKey, size_t inputKeyLength, krb5_enctype encryptionType, krb5_keyblock *pKey) { krb5_context krbContext; #ifndef HAVE_HEIMDAL_VERSION krb5_data data; #endif krb5_data ns, t, derivedKeyData; krb5_keyblock kd; krb5_error_code code; size_t randomLength, keyLength, prfLength; unsigned char constant[4 + sizeof("rfc4121-gss-eap") - 1], *p; ssize_t i, remain; GSSEAP_KRB_INIT(&krbContext); GSSEAP_ASSERT(encryptionType != ENCTYPE_NULL); KRB_KEY_INIT(pKey); KRB_KEY_INIT(&kd); KRB_KEY_TYPE(&kd) = encryptionType; KRB_DATA_INIT(&ns); KRB_DATA_INIT(&t); KRB_DATA_INIT(&derivedKeyData); code = krb5_c_keylengths(krbContext, encryptionType, &randomLength, &keyLength); if (code != 0) goto cleanup; /* Convert EAP MSK into a Kerberos key */ #ifdef HAVE_HEIMDAL_VERSION code = krb5_random_to_key(krbContext, encryptionType, inputKey, MIN(inputKeyLength, randomLength), &kd); #else data.length = MIN(inputKeyLength, randomLength); data.data = (char *)inputKey; KRB_KEY_DATA(&kd) = KRB_MALLOC(keyLength); if (KRB_KEY_DATA(&kd) == NULL) { code = ENOMEM; goto cleanup; } KRB_KEY_LENGTH(&kd) = keyLength; code = krb5_c_random_to_key(krbContext, encryptionType, &data, &kd); #endif /* HAVE_HEIMDAL_VERSION */ if (code != 0) goto cleanup; memset(&constant[0], 0, 4); memcpy(&constant[4], "rfc4121-gss-eap", sizeof("rfc4121-gss-eap") - 1); ns.length = sizeof(constant); ns.data = (char *)constant; /* Plug derivation constant and key into PRF */ code = krb5_c_prf_length(krbContext, encryptionType, &prfLength); if (code != 0) goto cleanup; #ifndef HAVE_HEIMDAL_VERSION /* Same API, but different allocation rules, unfortunately. */ t.length = prfLength; t.data = GSSEAP_MALLOC(t.length); if (t.data == NULL) { code = ENOMEM; goto cleanup; } #endif derivedKeyData.length = randomLength; derivedKeyData.data = GSSEAP_MALLOC(derivedKeyData.length); if (derivedKeyData.data == NULL) { code = ENOMEM; goto cleanup; } for (i = 0, p = (unsigned char *)derivedKeyData.data, remain = randomLength; remain > 0; p += t.length, remain -= t.length, i++) { store_uint32_be(i, ns.data); code = krb5_c_prf(krbContext, &kd, &ns, &t); if (code != 0) goto cleanup; memcpy(p, t.data, MIN(t.length, remain)); } /* Finally, convert PRF output into a new key which we will return */ #ifdef HAVE_HEIMDAL_VERSION krb5_free_keyblock_contents(krbContext, &kd); KRB_KEY_INIT(&kd); code = krb5_random_to_key(krbContext, encryptionType, derivedKeyData.data, derivedKeyData.length, &kd); #else code = krb5_c_random_to_key(krbContext, encryptionType, &derivedKeyData, &kd); #endif if (code != 0) goto cleanup; *pKey = kd; cleanup: if (code != 0) krb5_free_keyblock_contents(krbContext, &kd); #ifdef HAVE_HEIMDAL_VERSION krb5_data_free(&t); #else if (t.data != NULL) { memset(t.data, 0, t.length); GSSEAP_FREE(t.data); } #endif if (derivedKeyData.data != NULL) { memset(derivedKeyData.data, 0, derivedKeyData.length); GSSEAP_FREE(derivedKeyData.data); } *minor = code; return (code == 0) ? GSS_S_COMPLETE : GSS_S_FAILURE; } #ifdef HAVE_KRB5INT_C_MANDATORY_CKSUMTYPE extern krb5_error_code krb5int_c_mandatory_cksumtype(krb5_context, krb5_enctype, krb5_cksumtype *); #endif OM_uint32 rfc3961ChecksumTypeForKey(OM_uint32 *minor, krb5_keyblock *key, krb5_cksumtype *cksumtype) { krb5_context krbContext; #ifndef HAVE_KRB5INT_C_MANDATORY_CKSUMTYPE krb5_data data; krb5_checksum cksum; #endif GSSEAP_KRB_INIT(&krbContext); #ifdef HAVE_KRB5INT_C_MANDATORY_CKSUMTYPE *minor = krb5int_c_mandatory_cksumtype(krbContext, KRB_KEY_TYPE(key), cksumtype); if (*minor != 0) return GSS_S_FAILURE; #else KRB_DATA_INIT(&data); memset(&cksum, 0, sizeof(cksum)); /* * This is a complete hack but it's the only way to work with * MIT Kerberos pre-1.9 without using private API, as it does * not support passing in zero as the checksum type. */ *minor = krb5_c_make_checksum(krbContext, 0, key, 0, &data, &cksum); if (*minor != 0) return GSS_S_FAILURE; *cksumtype = KRB_CHECKSUM_TYPE(&cksum); krb5_free_checksum_contents(krbContext, &cksum); #endif /* HAVE_KRB5INT_C_MANDATORY_CKSUMTYPE */ if (!krb5_c_is_keyed_cksum(*cksumtype)) { *minor = (OM_uint32)KRB5KRB_AP_ERR_INAPP_CKSUM; return GSS_S_FAILURE; } return GSS_S_COMPLETE; } krb5_error_code krbCryptoLength(krb5_context krbContext, #ifdef HAVE_HEIMDAL_VERSION krb5_crypto krbCrypto, #else krb5_keyblock *key, #endif int type, size_t *length) { #ifdef HAVE_HEIMDAL_VERSION return krb5_crypto_length(krbContext, krbCrypto, type, length); #else unsigned int len; krb5_error_code code; code = krb5_c_crypto_length(krbContext, KRB_KEY_TYPE(key), type, &len); if (code == 0) *length = (size_t)len; return code; #endif } krb5_error_code krbPaddingLength(krb5_context krbContext, #ifdef HAVE_HEIMDAL_VERSION krb5_crypto krbCrypto, #else krb5_keyblock *key, #endif size_t dataLength, size_t *padLength) { krb5_error_code code; #ifdef HAVE_HEIMDAL_VERSION size_t headerLength, paddingLength; code = krbCryptoLength(krbContext, krbCrypto, KRB5_CRYPTO_TYPE_HEADER, &headerLength); if (code != 0) return code; dataLength += headerLength; code = krb5_crypto_length(krbContext, krbCrypto, KRB5_CRYPTO_TYPE_PADDING, &paddingLength); if (code != 0) return code; if (paddingLength != 0 && (dataLength % paddingLength) != 0) *padLength = paddingLength - (dataLength % paddingLength); else *padLength = 0; return 0; #else unsigned int pad; code = krb5_c_padding_length(krbContext, KRB_KEY_TYPE(key), dataLength, &pad); if (code == 0) *padLength = (size_t)pad; return code; #endif /* HAVE_HEIMDAL_VERSION */ } krb5_error_code krbBlockSize(krb5_context krbContext, #ifdef HAVE_HEIMDAL_VERSION krb5_crypto krbCrypto, #else krb5_keyblock *key, #endif size_t *blockSize) { #ifdef HAVE_HEIMDAL_VERSION return krb5_crypto_getblocksize(krbContext, krbCrypto, blockSize); #else return krb5_c_block_size(krbContext, KRB_KEY_TYPE(key), blockSize); #endif } krb5_error_code krbEnctypeToString( #ifdef HAVE_HEIMDAL_VERSION krb5_context krbContext, #else krb5_context krbContext GSSEAP_UNUSED, #endif krb5_enctype enctype, const char *prefix, gss_buffer_t string) { krb5_error_code code; #ifdef HAVE_HEIMDAL_VERSION char *enctypeBuf = NULL; #else char enctypeBuf[128]; #endif size_t prefixLength, enctypeLength; #ifdef HAVE_HEIMDAL_VERSION code = krb5_enctype_to_string(krbContext, enctype, &enctypeBuf); #else code = krb5_enctype_to_name(enctype, 0, enctypeBuf, sizeof(enctypeBuf)); #endif if (code != 0) return code; prefixLength = (prefix != NULL) ? strlen(prefix) : 0; enctypeLength = strlen(enctypeBuf); string->value = GSSEAP_MALLOC(prefixLength + enctypeLength + 1); if (string->value == NULL) { #ifdef HAVE_HEIMDAL_VERSION krb5_xfree(enctypeBuf); #endif return ENOMEM; } if (prefixLength != 0) memcpy(string->value, prefix, prefixLength); memcpy((char *)string->value + prefixLength, enctypeBuf, enctypeLength); string->length = prefixLength + enctypeLength; ((char *)string->value)[string->length] = '\0'; #ifdef HAVE_HEIMDAL_VERSION krb5_xfree(enctypeBuf); #endif return 0; } krb5_error_code krbMakeAuthDataKdcIssued(krb5_context context, const krb5_keyblock *key, krb5_const_principal issuer, #ifdef HAVE_HEIMDAL_VERSION const AuthorizationData *authdata, AuthorizationData *adKdcIssued #else krb5_authdata *const *authdata, krb5_authdata ***adKdcIssued #endif ) { #ifdef HAVE_HEIMDAL_VERSION krb5_error_code code; AD_KDCIssued kdcIssued; AuthorizationDataElement adDatum; unsigned char *buf; size_t buf_size, len; krb5_crypto crypto = NULL; memset(&kdcIssued, 0, sizeof(kdcIssued)); memset(adKdcIssued, 0, sizeof(*adKdcIssued)); kdcIssued.i_realm = issuer->realm != NULL ? (Realm *)&issuer->realm : NULL; kdcIssued.i_sname = (PrincipalName *)&issuer->name; kdcIssued.elements = *authdata; ASN1_MALLOC_ENCODE(AuthorizationData, buf, buf_size, authdata, &len, code); if (code != 0) goto cleanup; code = krb5_crypto_init(context, key, 0, &crypto); if (code != 0) goto cleanup; code = krb5_create_checksum(context, crypto, KRB5_KU_AD_KDC_ISSUED, 0, buf, buf_size, &kdcIssued.ad_checksum); if (code != 0) goto cleanup; free(buf); /* match ASN1_MALLOC_ENCODE */ buf = NULL; ASN1_MALLOC_ENCODE(AD_KDCIssued, buf, buf_size, &kdcIssued, &len, code); if (code != 0) goto cleanup; adDatum.ad_type = KRB5_AUTHDATA_KDC_ISSUED; adDatum.ad_data.length = buf_size; adDatum.ad_data.data = buf; code = add_AuthorizationData(adKdcIssued, &adDatum); if (code != 0) goto cleanup; cleanup: if (buf != NULL) free(buf); /* match ASN1_MALLOC_ENCODE */ if (crypto != NULL) krb5_crypto_destroy(context, crypto); free_Checksum(&kdcIssued.ad_checksum); return code; #else return krb5_make_authdata_kdc_issued(context, key, issuer, authdata, adKdcIssued); #endif /* HAVE_HEIMDAL_VERSION */ } krb5_error_code krbMakeCred(krb5_context krbContext, krb5_auth_context authContext, krb5_creds *creds, krb5_data *data) { krb5_error_code code; #ifdef HAVE_HEIMDAL_VERSION KRB_CRED krbCred; KrbCredInfo krbCredInfo; EncKrbCredPart encKrbCredPart; krb5_keyblock *key; krb5_crypto krbCrypto = NULL; krb5_data encKrbCredPartData; krb5_replay_data rdata; size_t len; #else krb5_data *d = NULL; #endif memset(data, 0, sizeof(*data)); #ifdef HAVE_HEIMDAL_VERSION memset(&krbCred, 0, sizeof(krbCred)); memset(&krbCredInfo, 0, sizeof(krbCredInfo)); memset(&encKrbCredPart, 0, sizeof(encKrbCredPart)); memset(&rdata, 0, sizeof(rdata)); if (authContext->local_subkey) key = authContext->local_subkey; else if (authContext->remote_subkey) key = authContext->remote_subkey; else key = authContext->keyblock; krbCred.pvno = 5; krbCred.msg_type = krb_cred; krbCred.tickets.val = (Ticket *)GSSEAP_CALLOC(1, sizeof(Ticket)); if (krbCred.tickets.val == NULL) { code = ENOMEM; goto cleanup; } krbCred.tickets.len = 1; code = decode_Ticket(creds->ticket.data, creds->ticket.length, krbCred.tickets.val, &len); if (code != 0) goto cleanup; krbCredInfo.key = creds->session; krbCredInfo.prealm = &creds->client->realm; krbCredInfo.pname = &creds->client->name; krbCredInfo.flags = &creds->flags.b; krbCredInfo.authtime = &creds->times.authtime; krbCredInfo.starttime = &creds->times.starttime; krbCredInfo.endtime = &creds->times.endtime; krbCredInfo.renew_till = &creds->times.renew_till; krbCredInfo.srealm = &creds->server->realm; krbCredInfo.sname = &creds->server->name; krbCredInfo.caddr = creds->addresses.len ? &creds->addresses : NULL; encKrbCredPart.ticket_info.len = 1; encKrbCredPart.ticket_info.val = &krbCredInfo; if (authContext->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) { rdata.seq = authContext->local_seqnumber; encKrbCredPart.nonce = (int32_t *)&rdata.seq; } else { encKrbCredPart.nonce = NULL; } if (authContext->flags & KRB5_AUTH_CONTEXT_DO_TIME) { krb5_us_timeofday(krbContext, &rdata.timestamp, &rdata.usec); encKrbCredPart.timestamp = &rdata.timestamp; encKrbCredPart.usec = &rdata.usec; } else { encKrbCredPart.timestamp = NULL; encKrbCredPart.usec = NULL; } encKrbCredPart.s_address = authContext->local_address; encKrbCredPart.r_address = authContext->remote_address; ASN1_MALLOC_ENCODE(EncKrbCredPart, encKrbCredPartData.data, encKrbCredPartData.length, &encKrbCredPart, &len, code); if (code != 0) goto cleanup; code = krb5_crypto_init(krbContext, key, 0, &krbCrypto); if (code != 0) goto cleanup; code = krb5_encrypt_EncryptedData(krbContext, krbCrypto, KRB5_KU_KRB_CRED, encKrbCredPartData.data, encKrbCredPartData.length, 0, &krbCred.enc_part); if (code != 0) goto cleanup; ASN1_MALLOC_ENCODE(KRB_CRED, data->data, data->length, &krbCred, &len, code); if (code != 0) goto cleanup; if (authContext->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) authContext->local_seqnumber++; cleanup: if (krbCrypto != NULL) krb5_crypto_destroy(krbContext, krbCrypto); free_KRB_CRED(&krbCred); krb5_data_free(&encKrbCredPartData); return code; #else code = krb5_mk_1cred(krbContext, authContext, creds, &d, NULL); if (code == 0) { *data = *d; GSSEAP_FREE(d); } return code; #endif /* HAVE_HEIMDAL_VERSION */ } mech_eap-0.9.2/mech_eap/TODO0000644001755200017500000000061012406014472012441 00000000000000- draft-ietf-radext-radius-extensions - integration with initiator-side EAP channel bindings - investigate initiator-side credential locking - always intern OIDs so they never need to be freed - handle many-to-many Shibboleth attribute mappings; need to encode both attribute and value index into more - add --with-xerces option - proper acquire_cred_ext implementation pending specification mech_eap-0.9.2/mech_eap/export_name_composite.c0000644001755200017500000000437712406014472016536 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * Serialise a name and its attributes. */ #include "gssapiP_eap.h" OM_uint32 GSSAPI_CALLCONV gss_export_name_composite(OM_uint32 *minor, gss_name_t input_name, gss_buffer_t exported_name) { OM_uint32 major; *minor = 0; if (input_name == GSS_C_NO_NAME) { *minor = EINVAL; return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_BAD_NAME; } GSSEAP_MUTEX_LOCK(&input_name->mutex); major = gssEapExportNameInternal(minor, input_name, exported_name, EXPORT_NAME_FLAG_OID | EXPORT_NAME_FLAG_COMPOSITE); GSSEAP_MUTEX_UNLOCK(&input_name->mutex); return major; } mech_eap-0.9.2/mech_eap/install-sh0000755001755200017500000003253712406014472013772 00000000000000#!/bin/sh # install - install a program, script, or datafile scriptversion=2009-04-28.21; # UTC # This originates from X11R5 (mit/util/scripts/install.sh), which was # later released in X11R6 (xc/config/util/install.sh) with the # following copyright and license. # # Copyright (C) 1994 X Consortium # # Permission is hereby granted, free of charge, to any person obtaining a copy # of this software and associated documentation files (the "Software"), to # deal in the Software without restriction, including without limitation the # rights to use, copy, modify, merge, publish, distribute, sublicense, and/or # sell copies of the Software, and to permit persons to whom the Software is # furnished to do so, subject to the following conditions: # # The above copyright notice and this permission notice shall be included in # all copies or substantial portions of the Software. # # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE # X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN # AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC- # TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. # # Except as contained in this notice, the name of the X Consortium shall not # be used in advertising or otherwise to promote the sale, use or other deal- # ings in this Software without prior written authorization from the X Consor- # tium. # # # FSF changes to this file are in the public domain. # # Calling this script install-sh is preferred over install.sh, to prevent # `make' implicit rules from creating a file called install from it # when there is no Makefile. # # This script is compatible with the BSD install script, but was written # from scratch. nl=' ' IFS=" "" $nl" # set DOITPROG to echo to test this script # Don't use :- since 4.3BSD and earlier shells don't like it. doit=${DOITPROG-} if test -z "$doit"; then doit_exec=exec else doit_exec=$doit fi # Put in absolute file names if you don't have them in your path; # or use environment vars. chgrpprog=${CHGRPPROG-chgrp} chmodprog=${CHMODPROG-chmod} chownprog=${CHOWNPROG-chown} cmpprog=${CMPPROG-cmp} cpprog=${CPPROG-cp} mkdirprog=${MKDIRPROG-mkdir} mvprog=${MVPROG-mv} rmprog=${RMPROG-rm} stripprog=${STRIPPROG-strip} posix_glob='?' initialize_posix_glob=' test "$posix_glob" != "?" || { if (set -f) 2>/dev/null; then posix_glob= else posix_glob=: fi } ' posix_mkdir= # Desired mode of installed file. mode=0755 chgrpcmd= chmodcmd=$chmodprog chowncmd= mvcmd=$mvprog rmcmd="$rmprog -f" stripcmd= src= dst= dir_arg= dst_arg= copy_on_change=false no_target_directory= usage="\ Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE or: $0 [OPTION]... SRCFILES... DIRECTORY or: $0 [OPTION]... -t DIRECTORY SRCFILES... or: $0 [OPTION]... -d DIRECTORIES... In the 1st form, copy SRCFILE to DSTFILE. In the 2nd and 3rd, copy all SRCFILES to DIRECTORY. In the 4th, create DIRECTORIES. Options: --help display this help and exit. --version display version info and exit. -c (ignored) -C install only if different (preserve the last data modification time) -d create directories instead of installing files. -g GROUP $chgrpprog installed files to GROUP. -m MODE $chmodprog installed files to MODE. -o USER $chownprog installed files to USER. -s $stripprog installed files. -t DIRECTORY install into DIRECTORY. -T report an error if DSTFILE is a directory. Environment variables override the default commands: CHGRPPROG CHMODPROG CHOWNPROG CMPPROG CPPROG MKDIRPROG MVPROG RMPROG STRIPPROG " while test $# -ne 0; do case $1 in -c) ;; -C) copy_on_change=true;; -d) dir_arg=true;; -g) chgrpcmd="$chgrpprog $2" shift;; --help) echo "$usage"; exit $?;; -m) mode=$2 case $mode in *' '* | *' '* | *' '* | *'*'* | *'?'* | *'['*) echo "$0: invalid mode: $mode" >&2 exit 1;; esac shift;; -o) chowncmd="$chownprog $2" shift;; -s) stripcmd=$stripprog;; -t) dst_arg=$2 shift;; -T) no_target_directory=true;; --version) echo "$0 $scriptversion"; exit $?;; --) shift break;; -*) echo "$0: invalid option: $1" >&2 exit 1;; *) break;; esac shift done if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then # When -d is used, all remaining arguments are directories to create. # When -t is used, the destination is already specified. # Otherwise, the last argument is the destination. Remove it from $@. for arg do if test -n "$dst_arg"; then # $@ is not empty: it contains at least $arg. set fnord "$@" "$dst_arg" shift # fnord fi shift # arg dst_arg=$arg done fi if test $# -eq 0; then if test -z "$dir_arg"; then echo "$0: no input file specified." >&2 exit 1 fi # It's OK to call `install-sh -d' without argument. # This can happen when creating conditional directories. exit 0 fi if test -z "$dir_arg"; then trap '(exit $?); exit' 1 2 13 15 # Set umask so as not to create temps with too-generous modes. # However, 'strip' requires both read and write access to temps. case $mode in # Optimize common cases. *644) cp_umask=133;; *755) cp_umask=22;; *[0-7]) if test -z "$stripcmd"; then u_plus_rw= else u_plus_rw='% 200' fi cp_umask=`expr '(' 777 - $mode % 1000 ')' $u_plus_rw`;; *) if test -z "$stripcmd"; then u_plus_rw= else u_plus_rw=,u+rw fi cp_umask=$mode$u_plus_rw;; esac fi for src do # Protect names starting with `-'. case $src in -*) src=./$src;; esac if test -n "$dir_arg"; then dst=$src dstdir=$dst test -d "$dstdir" dstdir_status=$? else # Waiting for this to be detected by the "$cpprog $src $dsttmp" command # might cause directories to be created, which would be especially bad # if $src (and thus $dsttmp) contains '*'. if test ! -f "$src" && test ! -d "$src"; then echo "$0: $src does not exist." >&2 exit 1 fi if test -z "$dst_arg"; then echo "$0: no destination specified." >&2 exit 1 fi dst=$dst_arg # Protect names starting with `-'. case $dst in -*) dst=./$dst;; esac # If destination is a directory, append the input filename; won't work # if double slashes aren't ignored. if test -d "$dst"; then if test -n "$no_target_directory"; then echo "$0: $dst_arg: Is a directory" >&2 exit 1 fi dstdir=$dst dst=$dstdir/`basename "$src"` dstdir_status=0 else # Prefer dirname, but fall back on a substitute if dirname fails. dstdir=` (dirname "$dst") 2>/dev/null || expr X"$dst" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$dst" : 'X\(//\)[^/]' \| \ X"$dst" : 'X\(//\)$' \| \ X"$dst" : 'X\(/\)' \| . 2>/dev/null || echo X"$dst" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q' ` test -d "$dstdir" dstdir_status=$? fi fi obsolete_mkdir_used=false if test $dstdir_status != 0; then case $posix_mkdir in '') # Create intermediate dirs using mode 755 as modified by the umask. # This is like FreeBSD 'install' as of 1997-10-28. umask=`umask` case $stripcmd.$umask in # Optimize common cases. *[2367][2367]) mkdir_umask=$umask;; .*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;; *[0-7]) mkdir_umask=`expr $umask + 22 \ - $umask % 100 % 40 + $umask % 20 \ - $umask % 10 % 4 + $umask % 2 `;; *) mkdir_umask=$umask,go-w;; esac # With -d, create the new directory with the user-specified mode. # Otherwise, rely on $mkdir_umask. if test -n "$dir_arg"; then mkdir_mode=-m$mode else mkdir_mode= fi posix_mkdir=false case $umask in *[123567][0-7][0-7]) # POSIX mkdir -p sets u+wx bits regardless of umask, which # is incompatible with FreeBSD 'install' when (umask & 300) != 0. ;; *) tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$ trap 'ret=$?; rmdir "$tmpdir/d" "$tmpdir" 2>/dev/null; exit $ret' 0 if (umask $mkdir_umask && exec $mkdirprog $mkdir_mode -p -- "$tmpdir/d") >/dev/null 2>&1 then if test -z "$dir_arg" || { # Check for POSIX incompatibilities with -m. # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or # other-writeable bit of parent directory when it shouldn't. # FreeBSD 6.1 mkdir -m -p sets mode of existing directory. ls_ld_tmpdir=`ls -ld "$tmpdir"` case $ls_ld_tmpdir in d????-?r-*) different_mode=700;; d????-?--*) different_mode=755;; *) false;; esac && $mkdirprog -m$different_mode -p -- "$tmpdir" && { ls_ld_tmpdir_1=`ls -ld "$tmpdir"` test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1" } } then posix_mkdir=: fi rmdir "$tmpdir/d" "$tmpdir" else # Remove any dirs left behind by ancient mkdir implementations. rmdir ./$mkdir_mode ./-p ./-- 2>/dev/null fi trap '' 0;; esac;; esac if $posix_mkdir && ( umask $mkdir_umask && $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir" ) then : else # The umask is ridiculous, or mkdir does not conform to POSIX, # or it failed possibly due to a race condition. Create the # directory the slow way, step by step, checking for races as we go. case $dstdir in /*) prefix='/';; -*) prefix='./';; *) prefix='';; esac eval "$initialize_posix_glob" oIFS=$IFS IFS=/ $posix_glob set -f set fnord $dstdir shift $posix_glob set +f IFS=$oIFS prefixes= for d do test -z "$d" && continue prefix=$prefix$d if test -d "$prefix"; then prefixes= else if $posix_mkdir; then (umask=$mkdir_umask && $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break # Don't fail if two instances are running concurrently. test -d "$prefix" || exit 1 else case $prefix in *\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;; *) qprefix=$prefix;; esac prefixes="$prefixes '$qprefix'" fi fi prefix=$prefix/ done if test -n "$prefixes"; then # Don't fail if two instances are running concurrently. (umask $mkdir_umask && eval "\$doit_exec \$mkdirprog $prefixes") || test -d "$dstdir" || exit 1 obsolete_mkdir_used=true fi fi fi if test -n "$dir_arg"; then { test -z "$chowncmd" || $doit $chowncmd "$dst"; } && { test -z "$chgrpcmd" || $doit $chgrpcmd "$dst"; } && { test "$obsolete_mkdir_used$chowncmd$chgrpcmd" = false || test -z "$chmodcmd" || $doit $chmodcmd $mode "$dst"; } || exit 1 else # Make a couple of temp file names in the proper directory. dsttmp=$dstdir/_inst.$$_ rmtmp=$dstdir/_rm.$$_ # Trap to clean up those temp files at exit. trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0 # Copy the file name to the temp name. (umask $cp_umask && $doit_exec $cpprog "$src" "$dsttmp") && # and set any options; do chmod last to preserve setuid bits. # # If any of these fail, we abort the whole thing. If we want to # ignore errors from any of these, just make sure not to ignore # errors from the above "$doit $cpprog $src $dsttmp" command. # { test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } && { test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } && { test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } && { test -z "$chmodcmd" || $doit $chmodcmd $mode "$dsttmp"; } && # If -C, don't bother to copy if it wouldn't change the file. if $copy_on_change && old=`LC_ALL=C ls -dlL "$dst" 2>/dev/null` && new=`LC_ALL=C ls -dlL "$dsttmp" 2>/dev/null` && eval "$initialize_posix_glob" && $posix_glob set -f && set X $old && old=:$2:$4:$5:$6 && set X $new && new=:$2:$4:$5:$6 && $posix_glob set +f && test "$old" = "$new" && $cmpprog "$dst" "$dsttmp" >/dev/null 2>&1 then rm -f "$dsttmp" else # Rename the file to the real destination. $doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null || # The rename failed, perhaps because mv can't rename something else # to itself, or perhaps because mv is so ancient that it does not # support -f. { # Now remove or move aside any old file at destination location. # We try this two ways since rm can't unlink itself on some # systems and the destination file might be busy for other # reasons. In this case, the final cleanup might fail but the new # file should still install successfully. { test ! -f "$dst" || $doit $rmcmd -f "$dst" 2>/dev/null || { $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null && { $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; } } || { echo "$0: cannot unlink or rename $dst" >&2 (exit 1); exit 1 } } && # Now rename the file to the real destination. $doit $mvcmd "$dsttmp" "$dst" } fi || exit 1 trap '' 0 fi done # Local variables: # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "scriptversion=" # time-stamp-format: "%:y-%02m-%02d.%02H" # time-stamp-time-zone: "UTC" # time-stamp-end: "; # UTC" # End: mech_eap-0.9.2/mech_eap/canonicalize_name.c0000644001755200017500000000442612406014472015565 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * Function for canonicalizing a name; presently just duplicates it. */ #include "gssapiP_eap.h" OM_uint32 GSSAPI_CALLCONV gss_canonicalize_name(OM_uint32 *minor, const gss_name_t input_name, const gss_OID mech_type, gss_name_t *output_name) { OM_uint32 major; *minor = 0; if (!gssEapIsMechanismOid(mech_type)) return GSS_S_BAD_MECH; if (input_name == GSS_C_NO_NAME) { *minor = EINVAL; return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_BAD_NAME; } GSSEAP_MUTEX_LOCK(&input_name->mutex); major = gssEapCanonicalizeName(minor, input_name, mech_type, output_name); GSSEAP_MUTEX_UNLOCK(&input_name->mutex); return major; } mech_eap-0.9.2/mech_eap/util_radius.cpp0000644001755200017500000005660012406014472015013 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * RADIUS attribute provider implementation. */ #include "gssapiP_eap.h" #include "util_radius.h" #include "utils/radius_utils.h" #ifdef GSSEAP_ENABLE_ACCEPTOR #define RS_MAP_ERROR(code) (ERROR_TABLE_BASE_rse + (code)) static rs_avp *copyAvps(rs_const_avp *src); static OM_uint32 gssEapRadiusGetAvp(OM_uint32 *minor, rs_avp *vps, const gss_eap_attrid &attrid, gss_buffer_t buffer, int concat); static OM_uint32 gssEapRadiusAddAvp(OM_uint32 *minor, rs_avp **vps, const gss_eap_attrid &attrid, const gss_buffer_t buffer); static gss_eap_attrid avpToAttrId(rs_const_avp *vp) { gss_eap_attrid attrid; rs_avp_attrid(vp, &attrid.second, &attrid.first); return attrid; } gss_eap_radius_attr_provider::gss_eap_radius_attr_provider(void) { m_vps = NULL; m_authenticated = false; } gss_eap_radius_attr_provider::~gss_eap_radius_attr_provider(void) { if (m_vps != NULL) rs_avp_free(&m_vps); } bool gss_eap_radius_attr_provider::initWithExistingContext(const gss_eap_attr_ctx *manager, const gss_eap_attr_provider *ctx) { const gss_eap_radius_attr_provider *radius; if (!gss_eap_attr_provider::initWithExistingContext(manager, ctx)) return false; radius = static_cast(ctx); if (radius->m_vps != NULL) m_vps = copyAvps(radius->getAvps()); m_authenticated = radius->m_authenticated; return true; } bool gss_eap_radius_attr_provider::initWithGssContext(const gss_eap_attr_ctx *manager, const gss_cred_id_t gssCred, const gss_ctx_id_t gssCtx) { if (!gss_eap_attr_provider::initWithGssContext(manager, gssCred, gssCtx)) return false; if (gssCtx != GSS_C_NO_CONTEXT) { if (gssCtx->acceptorCtx.vps != NULL) { m_vps = copyAvps(gssCtx->acceptorCtx.vps); if (m_vps == NULL) return false; /* We assume libradsec validated this for us */ GSSEAP_ASSERT(rs_avp_find(m_vps, PW_MESSAGE_AUTHENTICATOR, 0) != NULL); m_authenticated = true; } } return true; } static bool alreadyAddedAttributeP(std::vector &attrs, gss_eap_attrid &attrid) { for (std::vector::const_iterator a = attrs.begin(); a != attrs.end(); ++a) { if (attrid.first == (*a).first && attrid.second == (*a).second) return true; } return false; } static bool isSecretAttributeP(const gss_eap_attrid &attrid) { bool bSecretAttribute = false; switch (attrid.first) { case VENDORPEC_MICROSOFT: switch (attrid.second) { case PW_MS_MPPE_SEND_KEY: case PW_MS_MPPE_RECV_KEY: bSecretAttribute = true; break; default: break; } default: break; } return bSecretAttribute; } static bool isSecretAttributeP(rs_const_avp *vp) { return isSecretAttributeP(avpToAttrId(vp)); } static bool isInternalAttributeP(const gss_eap_attrid &attrid) { bool bInternalAttribute = false; /* should have been filtered */ GSSEAP_ASSERT(!isSecretAttributeP(attrid)); switch (attrid.first) { case VENDORPEC_UKERNA: switch (attrid.second) { case PW_SAML_AAA_ASSERTION: bInternalAttribute = true; break; default: break; } break; case 0: switch (attrid.second) { case PW_GSS_ACCEPTOR_SERVICE_NAME: case PW_GSS_ACCEPTOR_HOST_NAME: case PW_GSS_ACCEPTOR_SERVICE_SPECIFICS: case PW_GSS_ACCEPTOR_REALM_NAME: bInternalAttribute = true; break; default: break; } break; default: break; } return bInternalAttribute; } static bool isInternalAttributeP(rs_const_avp *vp) { return isInternalAttributeP(avpToAttrId(vp)); } static bool isFragmentedAttributeP(const gss_eap_attrid &attrid) { /* A bit of a hack for the PAC for now. Should be configurable. */ return (attrid.first == VENDORPEC_UKERNA) && !isInternalAttributeP(attrid); } /* * Copy AVP list, same as paircopy except it filters out attributes * containing keys. */ static rs_avp * copyAvps(rs_const_avp *src) { rs_const_avp *vp; rs_avp *dst = NULL; for (vp = src; vp != NULL; vp = rs_avp_next_const(vp)) { rs_avp *vpcopy; if (isSecretAttributeP(vp)) continue; vpcopy = rs_avp_dup(vp); if (vpcopy == NULL) { rs_avp_free(&dst); throw std::bad_alloc(); } rs_avp_append(&dst, vpcopy); } return dst; } bool gss_eap_radius_attr_provider::getAttributeTypes(gss_eap_attr_enumeration_cb addAttribute, void *data) const { rs_avp *vp; std::vector seen; for (vp = m_vps; vp != NULL; vp = rs_avp_next(vp)) { gss_buffer_desc desc; gss_eap_attrid attrid; char buf[64]; /* Don't advertise attributes that are internal to the GSS-EAP mechanism */ if (isInternalAttributeP(vp)) continue; rs_avp_attrid(vp, &attrid.second, &attrid.first); if (alreadyAddedAttributeP(seen, attrid)) continue; if (rs_attr_display_name(attrid.second, attrid.first, buf, sizeof(buf), TRUE) != RSE_OK || strncmp(buf, "Attr-", 5) != 0) continue; desc.value = &buf[5]; desc.length = strlen((char *)desc.value); if (!addAttribute(m_manager, this, &desc, data)) return false; seen.push_back(attrid); } return true; } static bool getAttributeId(const gss_buffer_t desc, gss_eap_attrid *attrid) { char *strAttr, *s; int canon, code; if (desc->length == 0) return false; canon = isdigit(*(char *)desc->value); /* need to duplicate because attr may not be NUL terminated */ strAttr = (char *)GSSEAP_MALLOC((canon ? 5 : 0) + desc->length + 1); if (strAttr == NULL) throw new std::bad_alloc(); s = strAttr; if (canon) { memcpy(s, "Attr-", 5); s += 5; } memcpy(s, desc->value, desc->length); s += desc->length; *s = '\0'; code = rs_attr_parse_name(strAttr, &attrid->second, &attrid->first); GSSEAP_FREE(strAttr); return (code == RSE_OK); } bool gss_eap_radius_attr_provider::setAttribute(int complete GSSEAP_UNUSED, const gss_eap_attrid &attrid, const gss_buffer_t value) { OM_uint32 major = GSS_S_UNAVAILABLE, minor; if (!isSecretAttributeP(attrid) && !isInternalAttributeP(attrid)) { deleteAttribute(attrid); major = gssEapRadiusAddAvp(&minor, &m_vps, attrid, value); } return !GSS_ERROR(major); } bool gss_eap_radius_attr_provider::setAttribute(int complete, const gss_buffer_t attr, const gss_buffer_t value) { gss_eap_attrid attrid; if (!getAttributeId(attr, &attrid)) return false; return setAttribute(complete, attrid, value); } bool gss_eap_radius_attr_provider::deleteAttribute(const gss_eap_attrid &attrid) { if (isSecretAttributeP(attrid) || isInternalAttributeP(attrid) || rs_avp_find(m_vps, attrid.second, attrid.first) == NULL) return false; return (rs_avp_delete(&m_vps, attrid.second, attrid.first) == RSE_OK); } bool gss_eap_radius_attr_provider::deleteAttribute(const gss_buffer_t attr) { gss_eap_attrid attrid; if (!getAttributeId(attr, &attrid)) return false; return deleteAttribute(attrid); } bool gss_eap_radius_attr_provider::getAttribute(const gss_buffer_t attr, int *authenticated, int *complete, gss_buffer_t value, gss_buffer_t display_value, int *more) const { gss_eap_attrid attrid; if (!getAttributeId(attr, &attrid)) return false; return getAttribute(attrid, authenticated, complete, value, display_value, more); } bool gss_eap_radius_attr_provider::getAttribute(const gss_eap_attrid &attrid, int *authenticated, int *complete, gss_buffer_t value, gss_buffer_t display_value, int *more) const { rs_const_avp *vp; int i = *more, count = 0; *more = 0; if (i == -1) i = 0; if (isSecretAttributeP(attrid) || isInternalAttributeP(attrid)) { return false; } else if (isFragmentedAttributeP(attrid)) { return getFragmentedAttribute(attrid, authenticated, complete, value); } for (vp = rs_avp_find_const(m_vps, attrid.second, attrid.first); vp != NULL; vp = rs_avp_find_const(rs_avp_next_const(vp), attrid.second, attrid.first)) { if (count++ == i) { if (rs_avp_find_const(rs_avp_next_const(vp), attrid.second, attrid.first) != NULL) *more = count; break; } } if (vp == NULL && *more == 0) return false; if (value != GSS_C_NO_BUFFER) { gss_buffer_desc valueBuf; rs_avp_octets_value_byref((rs_avp *)vp, (unsigned char **)&valueBuf.value, &valueBuf.length); duplicateBuffer(valueBuf, value); } if (display_value != GSS_C_NO_BUFFER && !rs_avp_is_octets(vp)) { char displayString[RS_MAX_STRING_LEN]; gss_buffer_desc displayBuf; displayBuf.length = rs_avp_display_value(vp, displayString, sizeof(displayString)); displayBuf.value = (void *)displayString; duplicateBuffer(displayBuf, display_value); } if (authenticated != NULL) *authenticated = m_authenticated; if (complete != NULL) *complete = true; return true; } bool gss_eap_radius_attr_provider::getFragmentedAttribute(const gss_eap_attrid &attrid, int *authenticated, int *complete, gss_buffer_t value) const { OM_uint32 major, minor; major = gssEapRadiusGetAvp(&minor, m_vps, attrid, value, TRUE); if (authenticated != NULL) *authenticated = m_authenticated; if (complete != NULL) *complete = true; return !GSS_ERROR(major); } gss_any_t gss_eap_radius_attr_provider::mapToAny(int authenticated, gss_buffer_t type_id GSSEAP_UNUSED) const { if (authenticated && !m_authenticated) return (gss_any_t)NULL; return (gss_any_t)copyAvps(m_vps); } void gss_eap_radius_attr_provider::releaseAnyNameMapping(gss_buffer_t type_id GSSEAP_UNUSED, gss_any_t input) const { rs_avp *vp = (rs_avp *)input; rs_avp_free(&vp); } bool gss_eap_radius_attr_provider::init(void) { gss_eap_attr_ctx::registerProvider(ATTR_TYPE_RADIUS, createAttrContext); return true; } void gss_eap_radius_attr_provider::finalize(void) { gss_eap_attr_ctx::unregisterProvider(ATTR_TYPE_RADIUS); } gss_eap_attr_provider * gss_eap_radius_attr_provider::createAttrContext(void) { return new gss_eap_radius_attr_provider; } static OM_uint32 gssEapRadiusAddAvp(OM_uint32 *minor, rs_avp **vps, const gss_eap_attrid &attrid, const gss_buffer_t buffer) { unsigned char *p = (unsigned char *)buffer->value; size_t remain = buffer->length; do { rs_avp *vp; size_t n = remain; /* * There's an extra byte of padding; RADIUS AVPs can only * be 253 octets. */ if (n >= RS_MAX_STRING_LEN) n = RS_MAX_STRING_LEN - 1; vp = rs_avp_alloc(attrid.second, attrid.first); if (vp == NULL) { *minor = ENOMEM; return GSS_S_FAILURE; } rs_avp_octets_set(vp, p, n); rs_avp_append(vps, vp); p += n; remain -= n; } while (remain != 0); return GSS_S_COMPLETE; } OM_uint32 gssEapRadiusAddAvp(OM_uint32 *minor, struct rs_packet *pkt, unsigned int attribute, unsigned int vendor, const gss_buffer_t buffer) { gss_eap_attrid attrid(vendor, attribute); int code; code = rs_packet_append_avp(pkt, attrid.second, attrid.first, buffer->value, buffer->length); if (code != RSE_OK) { *minor = RS_MAP_ERROR(code); return GSS_S_FAILURE; } *minor = 0; return GSS_S_COMPLETE; } OM_uint32 gssEapRadiusGetRawAvp(OM_uint32 *minor, rs_const_avp *vps, unsigned int attribute, unsigned int vendor, rs_const_avp **vp) { *vp = rs_avp_find_const(vps, attribute, vendor); if (*vp == NULL) { *minor = GSSEAP_NO_SUCH_ATTR; return GSS_S_UNAVAILABLE; } return GSS_S_COMPLETE; } static OM_uint32 gssEapRadiusGetAvp(OM_uint32 *minor, rs_avp *vps, const gss_eap_attrid &attrid, gss_buffer_t buffer, int concat) { rs_const_avp *vp; int err; if (buffer != GSS_C_NO_BUFFER) { buffer->length = 0; buffer->value = NULL; } vp = rs_avp_find_const(vps, attrid.second, attrid.first); if (vp == NULL) { *minor = GSSEAP_NO_SUCH_ATTR; return GSS_S_UNAVAILABLE; } if (buffer != GSS_C_NO_BUFFER) { if (concat) rs_avp_fragmented_value(vp, NULL, &buffer->length); else buffer->length = rs_avp_length(vp); buffer->value = GSSEAP_MALLOC(buffer->length); if (buffer->value == NULL) { *minor = ENOMEM; return GSS_S_FAILURE; } if (concat) err = rs_avp_fragmented_value(vp, (unsigned char *)buffer->value, &buffer->length); else err = rs_avp_octets_value(vp, (unsigned char *)buffer->value, &buffer->length); if (err != 0) { *minor = RS_MAP_ERROR(err); return GSS_S_FAILURE; } } *minor = 0; return GSS_S_COMPLETE; } OM_uint32 gssEapRadiusGetAvp(OM_uint32 *minor, struct rs_packet *pkt, unsigned int attribute, unsigned int vendor, gss_buffer_t buffer, int concat) { rs_avp **vps; gss_eap_attrid attrid(vendor, attribute); rs_packet_avps(pkt, &vps); return gssEapRadiusGetAvp(minor, *vps, attrid, buffer, concat); } OM_uint32 gssEapRadiusFreeAvps(OM_uint32 *minor, rs_avp **vps) { rs_avp_free(vps); *minor = 0; return GSS_S_COMPLETE; } OM_uint32 gssEapRadiusAttrProviderInit(OM_uint32 *minor) { if (!gss_eap_radius_attr_provider::init()) { *minor = GSSEAP_RADSEC_INIT_FAILURE; return GSS_S_FAILURE; } return GSS_S_COMPLETE; } OM_uint32 gssEapRadiusAttrProviderFinalize(OM_uint32 *minor) { gss_eap_radius_attr_provider::finalize(); *minor = 0; return GSS_S_COMPLETE; } static JSONObject avpToJson(rs_const_avp *vp) { JSONObject obj; gss_eap_attrid attrid; GSSEAP_ASSERT(rs_avp_length(vp) <= RS_MAX_STRING_LEN); switch (rs_avp_typeof(vp)) { case RS_TYPE_INTEGER: obj.set("value", rs_avp_integer_value(vp)); break; case RS_TYPE_DATE: obj.set("value", rs_avp_date_value(vp)); break; case RS_TYPE_STRING: obj.set("value", rs_avp_string_value(vp)); break; default: { char *b64; if (base64Encode(rs_avp_octets_value_const_ptr(vp), rs_avp_length(vp), &b64) < 0) throw std::bad_alloc(); obj.set("value", b64); GSSEAP_FREE(b64); break; } } attrid = avpToAttrId(vp); obj.set("type", attrid.second); if (attrid.first != 0) obj.set("vendor", attrid.first); return obj; } static bool jsonToAvp(rs_avp **pVp, JSONObject &obj) { rs_avp *vp = NULL; gss_eap_attrid attrid; JSONObject type = obj["type"]; JSONObject vendor = obj["vendor"]; JSONObject value = obj["value"]; if (!type.isInteger()) goto fail; attrid.second = type.integer(); if (!vendor.isNull()) { if (!vendor.isInteger()) goto fail; attrid.first = vendor.integer(); } else { attrid.first = 0; } vp = rs_avp_alloc(attrid.second, attrid.first); if (vp == NULL) throw std::bad_alloc(); switch (rs_avp_typeof(vp)) { case RS_TYPE_INTEGER: case RS_TYPE_IPADDR: case RS_TYPE_DATE: if (!value.isInteger()) goto fail; if (rs_avp_integer_set(vp, value.integer()) != RSE_OK) goto fail; break; case RS_TYPE_STRING: { if (!value.isString()) goto fail; if (rs_avp_string_set(vp, value.string()) != RSE_OK) goto fail; break; } case RS_TYPE_OCTETS: default: { unsigned char buf[RS_MAX_STRING_LEN]; if (!value.isString()) goto fail; const char *str = value.string(); ssize_t len = strlen(str); /* this optimization requires base64Decode only understand packed encoding */ if (len >= BASE64_EXPAND(RS_MAX_STRING_LEN)) goto fail; len = base64Decode(str, buf); if (len < 0) goto fail; if (rs_avp_octets_set(vp, buf, len) != RSE_OK) goto fail; break; } } *pVp = vp; return true; fail: if (vp != NULL) rs_avp_free(&vp); *pVp = NULL; return false; } const char * gss_eap_radius_attr_provider::name(void) const { return "radius"; } bool gss_eap_radius_attr_provider::initWithJsonObject(const gss_eap_attr_ctx *ctx, JSONObject &obj) { if (!gss_eap_attr_provider::initWithJsonObject(ctx, obj)) return false; JSONObject attrs = obj["attributes"]; size_t nelems = attrs.size(); for (size_t i = 0; i < nelems; i++) { JSONObject attr = attrs[i]; rs_avp *vp; if (!jsonToAvp(&vp, attr)) return false; rs_avp_append(&m_vps, vp); } m_authenticated = obj["authenticated"].integer() ? true : false; return true; } const char * gss_eap_radius_attr_provider::prefix(void) const { return "urn:ietf:params:gss:radius-attribute"; } JSONObject gss_eap_radius_attr_provider::jsonRepresentation(void) const { JSONObject obj, attrs = JSONObject::array(); for (rs_avp *vp = m_vps; vp != NULL; vp = rs_avp_next(vp)) { JSONObject attr = avpToJson(vp); attrs.append(attr); } obj.set("attributes", attrs); obj.set("authenticated", m_authenticated); return obj; } time_t gss_eap_radius_attr_provider::getExpiryTime(void) const { rs_const_avp *vp; uint32_t value; vp = rs_avp_find(m_vps, PW_SESSION_TIMEOUT, 0); if (vp == NULL) return 0; value = rs_avp_integer_value(vp); if (value == 0) return 0; return time(NULL) + value; } OM_uint32 gssEapRadiusMapError(OM_uint32 *minor, struct rs_error *err) { int code; GSSEAP_ASSERT(err != NULL); code = rs_err_code(err, 0); if (code == RSE_OK) { *minor = 0; return GSS_S_COMPLETE; } *minor = RS_MAP_ERROR(code); gssEapSaveStatusInfo(*minor, "%s", rs_err_msg(err)); rs_err_free(err); return GSS_S_FAILURE; } OM_uint32 gssEapCreateRadiusContext(OM_uint32 *minor, gss_cred_id_t cred, struct rs_context **pRadContext) { const char *configFile = RS_CONFIG_FILE; struct rs_context *radContext; struct rs_alloc_scheme ralloc; struct rs_error *err; OM_uint32 major; *pRadContext = NULL; if (rs_context_create(&radContext) != 0) { *minor = GSSEAP_RADSEC_CONTEXT_FAILURE; return GSS_S_FAILURE; } if (cred->radiusConfigFile.value != NULL) configFile = (const char *)cred->radiusConfigFile.value; ralloc.calloc = GSSEAP_CALLOC; ralloc.malloc = GSSEAP_MALLOC; ralloc.free = GSSEAP_FREE; ralloc.realloc = GSSEAP_REALLOC; rs_context_set_alloc_scheme(radContext, &ralloc); if (rs_context_read_config(radContext, configFile) != 0) { err = rs_err_ctx_pop(radContext); goto fail; } *pRadContext = radContext; *minor = 0; return GSS_S_COMPLETE; fail: major = gssEapRadiusMapError(minor, err); rs_context_destroy(radContext); return major; } #endif /* GSSEAP_ENABLE_ACCEPTOR */ OM_uint32 gssEapRadiusAddAttr(OM_uint32 *minor, struct wpabuf **buf, uint16_t attr, uint16_t vendor, gss_buffer_t buffer) { if (radius_add_tlv(buf, attr, vendor, (u8 *)buffer->value, buffer->length) < 0) { *minor = ENOMEM; /* could be length too long, though */ return GSS_S_FAILURE; } return GSS_S_COMPLETE; } mech_eap-0.9.2/mech_eap/util_ordering.c0000644001755200017500000002170012406014472014766 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * Copyright 1993 by OpenVision Technologies, Inc. * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and * that both that copyright notice and this permission notice appear in * supporting documentation, and that the name of OpenVision not be used * in advertising or publicity pertaining to distribution of the software * without specific, written prior permission. OpenVision makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. * * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR * PERFORMANCE OF THIS SOFTWARE. */ /* * Functions to check sequence numbers for replay and sequencing */ #include "gssapiP_eap.h" #define QUEUE_LENGTH 20 typedef struct _queue { int do_replay; int do_sequence; int start; int length; uint64_t firstnum; /* Stored as deltas from firstnum. This way, the high bit won't overflow unless we've actually gone through 2**n messages, or gotten something *way* out of sequence. */ uint64_t elem[QUEUE_LENGTH]; /* All ones for 64-bit sequence numbers; 32 ones for 32-bit sequence numbers. */ uint64_t mask; } queue; /* rep invariant: * - the queue is a circular queue. The first element (q->elem[q->start]) * is the oldest. The last element is the newest. */ #define QSIZE(q) (sizeof((q)->elem)/sizeof((q)->elem[0])) #define QELEM(q,i) ((q)->elem[(i)%QSIZE(q)]) static void queue_insert(queue *q, int after, uint64_t seqnum) { /* insert. this is not the fastest way, but it's easy, and it's optimized for insert at end, which is the common case */ int i; /* common case: at end, after == q->start+q->length-1 */ /* move all the elements (after,last] up one slot */ for (i = q->start + q->length - 1; i > after; i--) QELEM(q,i+1) = QELEM(q,i); /* fill in slot after+1 */ QELEM(q,after+1) = seqnum; /* Either increase the length by one, or move the starting point up one (deleting the first element, which got bashed above), as appropriate. */ if (q->length == QSIZE(q)) { q->start++; if (q->start == QSIZE(q)) q->start = 0; } else { q->length++; } } OM_uint32 sequenceInit(OM_uint32 *minor, void **vqueue, uint64_t seqnum, int do_replay, int do_sequence, int wide_nums) { queue *q; q = (queue *)GSSEAP_CALLOC(1, sizeof(queue)); if (q == NULL) { *minor = ENOMEM; return GSS_S_FAILURE; } q->do_replay = do_replay; q->do_sequence = do_sequence; q->mask = wide_nums ? ~(uint64_t)0 : 0xffffffffUL; q->start = 0; q->length = 1; q->firstnum = seqnum; q->elem[q->start] = ((uint64_t)0 - 1) & q->mask; *vqueue = (void *)q; return GSS_S_COMPLETE; } OM_uint32 sequenceCheck(OM_uint32 *minor, void **vqueue, uint64_t seqnum) { queue *q; int i; uint64_t expected; *minor = 0; q = (queue *) (*vqueue); if (!q->do_replay && !q->do_sequence) return GSS_S_COMPLETE; /* All checks are done relative to the initial sequence number, to avoid (or at least put off) the pain of wrapping. */ seqnum -= q->firstnum; /* If we're only doing 32-bit values, adjust for that again. Note that this will probably be the wrong thing to if we get 2**32 messages sent with 32-bit sequence numbers. */ seqnum &= q->mask; /* rule 1: expected sequence number */ expected = (QELEM(q,q->start+q->length-1)+1) & q->mask; if (seqnum == expected) { queue_insert(q, q->start+q->length-1, seqnum); return GSS_S_COMPLETE; } /* rule 2: > expected sequence number */ if ((seqnum > expected)) { queue_insert(q, q->start+q->length-1, seqnum); if (q->do_replay && !q->do_sequence) return GSS_S_COMPLETE; else return GSS_S_GAP_TOKEN; } /* rule 3: seqnum < seqnum(first) */ if ((seqnum < QELEM(q,q->start)) && /* Is top bit of whatever width we're using set? We used to check for greater than or equal to firstnum, but (1) we've since switched to compute values relative to firstnum, so the lowest we can have is 0, and (2) the effect of the original scheme was highly dependent on whether firstnum was close to either side of 0. (Consider firstnum==0xFFFFFFFE and we miss three packets; the next packet is *new* but would look old.) This check should give us 2**31 or 2**63 messages "new", and just as many "old". That's not quite right either. */ (seqnum & (1 + (q->mask >> 1))) ) { if (q->do_replay && !q->do_sequence) return GSS_S_OLD_TOKEN; else return GSS_S_UNSEQ_TOKEN; } /* rule 4+5: seqnum in [seqnum(first),seqnum(last)] */ else { if (seqnum == QELEM(q,q->start+q->length - 1)) return GSS_S_DUPLICATE_TOKEN; for (i = q->start; i < q->start + q->length - 1; i++) { if (seqnum == QELEM(q,i)) return GSS_S_DUPLICATE_TOKEN; if ((seqnum > QELEM(q,i)) && (seqnum < QELEM(q,i+1))) { queue_insert(q, i, seqnum); if (q->do_replay && !q->do_sequence) return GSS_S_COMPLETE; else return GSS_S_UNSEQ_TOKEN; } } } /* this should never happen */ return GSS_S_FAILURE; } OM_uint32 sequenceFree(OM_uint32 *minor, void **vqueue) { queue *q; q = (queue *) (*vqueue); GSSEAP_FREE(q); *vqueue = NULL; *minor = 0; return GSS_S_COMPLETE; } /* * These support functions are for the serialization routines */ size_t sequenceSize(void *vqueue GSSEAP_UNUSED) { return sizeof(queue); } OM_uint32 sequenceExternalize(OM_uint32 *minor, void *vqueue, unsigned char **buf, size_t *lenremain) { if (*lenremain < sizeof(queue)) { *minor = GSSEAP_WRONG_SIZE; return GSS_S_FAILURE; } if (vqueue != NULL) memcpy(*buf, vqueue, sizeof(queue)); else memset(*buf, 0, sizeof(queue)); *buf += sizeof(queue); *lenremain -= sizeof(queue); return 0; } OM_uint32 sequenceInternalize(OM_uint32 *minor, void **vqueue, unsigned char **buf, size_t *lenremain) { void *q; if (*lenremain < sizeof(queue)) { *minor = GSSEAP_TOK_TRUNC; return GSS_S_DEFECTIVE_TOKEN; } q = GSSEAP_MALLOC(sizeof(queue)); if (q == NULL) { *minor = ENOMEM; return GSS_S_FAILURE; } memcpy(q, *buf, sizeof(queue)); *buf += sizeof(queue); *lenremain -= sizeof(queue); *vqueue = q; *minor = 0; return GSS_S_COMPLETE; } mech_eap-0.9.2/mech_eap/AUTHORS0000644001755200017500000000022012406014472013016 00000000000000The initial implementation of mech_eap was written by PADL Software under contract to JANET(UK). -- Luke Howard January, 2011 mech_eap-0.9.2/mech_eap/gssapi_eap.h0000644001755200017500000000575312406014472014252 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #ifndef _GSSAPI_EAP_H_ #define _GSSAPI_EAP_H_ 1 #include #ifdef __cplusplus extern "C" { #endif /* __cplusplus */ /* * GSS EAP mechanism OIDs. */ extern gss_OID GSS_EAP_AES128_CTS_HMAC_SHA1_96_MECHANISM; extern gss_OID GSS_EAP_AES256_CTS_HMAC_SHA1_96_MECHANISM; /* * Mechanism name OID. */ extern gss_OID GSS_EAP_NT_EAP_NAME; /* * The libradsec configuration file; defaults to radsec.conf * in the system configuration directory if unspecified. */ extern gss_OID GSS_EAP_CRED_SET_RADIUS_CONFIG_FILE; /* * The stanza in the libradsec configuration file; defaults * to "gss-eap" if unspecified. */ extern gss_OID GSS_EAP_CRED_SET_RADIUS_CONFIG_STANZA; /* * Flags as a 32-bit integer in network byte order, * followed by a boolean octet indicating whether to * clear the specified flags (if absent, defaults to * FALSE, ie. set flags). */ extern gss_OID GSS_EAP_CRED_SET_CRED_FLAG; /* * Password; for mechanism glues that do not support * gss_acquire_cred_with_password(), this can be set * on an existing credentials handle. */ extern gss_OID GSS_EAP_CRED_SET_CRED_PASSWORD; /* * Path to PKCS#12 private key file for use with EAP-TLS * authentication. */ extern gss_OID GSS_EAP_CRED_SET_CRED_PRIVATE_KEY; /* * Credentials flag indicating the local attributes * processing should be skipped. */ #define GSS_EAP_DISABLE_LOCAL_ATTRS_FLAG 0x00000001 #ifdef __cplusplus } #endif /* __cplusplus */ #endif /* _GSSAPI_EAP_H_ */ mech_eap-0.9.2/mech_eap/authdata_plugin.h0000644001755200017500000003557712406014472015317 00000000000000/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * krb5/authdata_plugin.h * * Copyright (C) 2007 Apple Inc. All Rights Reserved. * * Export of this software from the United States of America may * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright * notice appear in all copies and that both that copyright notice and * this permission notice appear in supporting documentation, and that * the name of M.I.T. not be used in advertising or publicity pertaining * to distribution of the software without specific, written prior * permission. Furthermore if you modify this software you must label * your software as modified software and not distribute it in such a * fashion that it might be confused with the original M.I.T. software. * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. * * AuthorizationData plugin definitions for Kerberos 5. */ /* * This is considered an INTERNAL interface at this time. * * Some work is needed before exporting it: * * + Documentation. * + Sample code. * + Test cases (preferably automated testing under "make check"). * + Hook into TGS exchange too; will change API. * + Examine memory management issues, especially for Windows; may * change API. * * Other changes that would be nice to have, but not necessarily * before making this interface public: * * + Library support for AD-IF-RELEVANT and similar wrappers. (We can * make the plugin construct them if it wants them.) * + KDC could combine/optimize wrapped AD elements provided by * multiple plugins, e.g., two IF-RELEVANT sequences could be * merged. (The preauth plugin API also has this bug, we're going * to need a general fix.) */ #ifndef KRB5_AUTHDATA_PLUGIN_H_INCLUDED #define KRB5_AUTHDATA_PLUGIN_H_INCLUDED #include /* * While arguments of these types are passed-in, for the most part a * authorization data module can treat them as opaque. If we need * keying data, we can ask for it directly. */ struct _krb5_db_entry_new; /* * The function table / structure which an authdata server module must export as * "authdata_server_0". NOTE: replace "0" with "1" for the type and * variable names if this gets picked up by upstream. If the interfaces work * correctly, future versions of the table will add either more callbacks or * more arguments to callbacks, and in both cases we'll be able to wrap the v0 * functions. */ /* extern krb5plugin_authdata_ftable_v0 authdata_server_0; */ typedef struct krb5plugin_authdata_server_ftable_v0 { /* Not-usually-visible name. */ char *name; /* * Per-plugin initialization/cleanup. The init function is called * by the KDC when the plugin is loaded, and the fini function is * called before the plugin is unloaded. Both are optional. */ krb5_error_code (*init_proc)(krb5_context, void **); void (*fini_proc)(krb5_context, void *); /* * Actual authorization data handling function. If this field * holds a null pointer, this mechanism will be skipped, and the * init/fini functions will not be run. * * This function should only modify the field * enc_tkt_reply->authorization_data. All other values should be * considered inputs only. And, it should *modify* the field, not * overwrite it and assume that there are no other authdata * plugins in use. * * Memory management: authorization_data is a malloc-allocated, * null-terminated sequence of malloc-allocated pointers to * authorization data structures. This plugin code currently * assumes the libraries, KDC, and plugin all use the same malloc * pool, which may be a problem if/when we get the KDC code * running on Windows. * * If this function returns a non-zero error code, a message * is logged, but no other action is taken. Other authdata * plugins will be called, and a response will be sent to the * client (barring other problems). */ krb5_error_code (*authdata_proc)(krb5_context, struct _krb5_db_entry_new *client, krb5_data *req_pkt, krb5_kdc_req *request, krb5_enc_tkt_part *enc_tkt_reply); } krb5plugin_server_authdata_ftable_v0; typedef krb5plugin_server_authdata_ftable_v0 krb5plugin_authdata_ftable_v0; typedef struct krb5plugin_authdata_server_ftable_v2 { /* Not-usually-visible name. */ char *name; /* * Per-plugin initialization/cleanup. The init function is called * by the KDC when the plugin is loaded, and the fini function is * called before the plugin is unloaded. Both are optional. */ krb5_error_code (*init_proc)(krb5_context, void **); void (*fini_proc)(krb5_context, void *); /* * Actual authorization data handling function. If this field * holds a null pointer, this mechanism will be skipped, and the * init/fini functions will not be run. * * This function should only modify the field * enc_tkt_reply->authorization_data. All other values should be * considered inputs only. And, it should *modify* the field, not * overwrite it and assume that there are no other authdata * plugins in use. * * Memory management: authorization_data is a malloc-allocated, * null-terminated sequence of malloc-allocated pointers to * authorization data structures. This plugin code currently * assumes the libraries, KDC, and plugin all use the same malloc * pool, which may be a problem if/when we get the KDC code * running on Windows. * * If this function returns a non-zero error code, a message * is logged, but no other action is taken. Other authdata * plugins will be called, and a response will be sent to the * client (barring other problems). */ krb5_error_code (*authdata_proc)(krb5_context, unsigned int flags, struct _krb5_db_entry_new *client, struct _krb5_db_entry_new *server, struct _krb5_db_entry_new *tgs, krb5_keyblock *client_key, krb5_keyblock *server_key, krb5_keyblock *tgs_key, krb5_data *req_pkt, krb5_kdc_req *request, krb5_const_principal for_user_princ, krb5_enc_tkt_part *enc_tkt_request, krb5_enc_tkt_part *enc_tkt_reply); } krb5plugin_authdata_server_ftable_v2; typedef krb5plugin_authdata_server_ftable_v2 krb5plugin_authdata_ftable_v2; typedef krb5_error_code (*authdata_client_plugin_init_proc)(krb5_context context, void **plugin_context); #define AD_USAGE_AS_REQ 0x01 #define AD_USAGE_TGS_REQ 0x02 #define AD_USAGE_AP_REQ 0x04 #define AD_USAGE_KDC_ISSUED 0x08 #define AD_USAGE_MASK 0x0F #define AD_INFORMATIONAL 0x10 struct _krb5_authdata_context; typedef void (*authdata_client_plugin_flags_proc)(krb5_context kcontext, void *plugin_context, krb5_authdatatype ad_type, krb5_flags *flags); typedef void (*authdata_client_plugin_fini_proc)(krb5_context kcontext, void *plugin_context); typedef krb5_error_code (*authdata_client_request_init_proc)(krb5_context kcontext, struct _krb5_authdata_context *context, void *plugin_context, void **request_context); typedef void (*authdata_client_request_fini_proc)(krb5_context kcontext, struct _krb5_authdata_context *context, void *plugin_context, void *request_context); typedef krb5_error_code (*authdata_client_import_authdata_proc)(krb5_context kcontext, struct _krb5_authdata_context *context, void *plugin_context, void *request_context, krb5_authdata **authdata, krb5_boolean kdc_issued_flag, krb5_const_principal issuer); typedef krb5_error_code (*authdata_client_export_authdata_proc)(krb5_context kcontext, struct _krb5_authdata_context *context, void *plugin_context, void *request_context, krb5_flags usage, krb5_authdata ***authdata); typedef krb5_error_code (*authdata_client_get_attribute_types_proc)(krb5_context kcontext, struct _krb5_authdata_context *context, void *plugin_context, void *request_context, krb5_data **attrs); typedef krb5_error_code (*authdata_client_get_attribute_proc)(krb5_context kcontext, struct _krb5_authdata_context *context, void *plugin_context, void *request_context, const krb5_data *attribute, krb5_boolean *authenticated, krb5_boolean *complete, krb5_data *value, krb5_data *display_value, int *more); typedef krb5_error_code (*authdata_client_set_attribute_proc)(krb5_context kcontext, struct _krb5_authdata_context *context, void *plugin_context, void *request_context, krb5_boolean complete, const krb5_data *attribute, const krb5_data *value); typedef krb5_error_code (*authdata_client_delete_attribute_proc)(krb5_context kcontext, struct _krb5_authdata_context *context, void *plugin_context, void *request_context, const krb5_data *attribute); typedef krb5_error_code (*authdata_client_export_internal_proc)(krb5_context kcontext, struct _krb5_authdata_context *context, void *plugin_context, void *request_context, krb5_boolean restrict_authenticated, void **ptr); typedef void (*authdata_client_free_internal_proc)(krb5_context kcontext, struct _krb5_authdata_context *context, void *plugin_context, void *request_context, void *ptr); typedef krb5_error_code (*authdata_client_verify_proc)(krb5_context kcontext, struct _krb5_authdata_context *context, void *plugin_context, void *request_context, const krb5_auth_context *auth_context, const krb5_keyblock *key, const krb5_ap_req *req); typedef krb5_error_code (*authdata_client_size_proc)(krb5_context kcontext, struct _krb5_authdata_context *context, void *plugin_context, void *request_context, size_t *sizep); typedef krb5_error_code (*authdata_client_externalize_proc)(krb5_context kcontext, struct _krb5_authdata_context *context, void *plugin_context, void *request_context, krb5_octet **buffer, size_t *lenremain); typedef krb5_error_code (*authdata_client_internalize_proc)(krb5_context kcontext, struct _krb5_authdata_context *context, void *plugin_context, void *request_context, krb5_octet **buffer, size_t *lenremain); typedef krb5_error_code (*authdata_client_copy_proc)(krb5_context kcontext, struct _krb5_authdata_context *context, void *plugin_context, void *request_context, void *dst_plugin_context, void *dst_request_context); typedef struct krb5plugin_authdata_client_ftable_v0 { char *name; krb5_authdatatype *ad_type_list; authdata_client_plugin_init_proc init; authdata_client_plugin_fini_proc fini; authdata_client_plugin_flags_proc flags; authdata_client_request_init_proc request_init; authdata_client_request_fini_proc request_fini; authdata_client_get_attribute_types_proc get_attribute_types; authdata_client_get_attribute_proc get_attribute; authdata_client_set_attribute_proc set_attribute; authdata_client_delete_attribute_proc delete_attribute; authdata_client_export_authdata_proc export_authdata; authdata_client_import_authdata_proc import_authdata; authdata_client_export_internal_proc export_internal; authdata_client_free_internal_proc free_internal; authdata_client_verify_proc verify; authdata_client_size_proc size; authdata_client_externalize_proc externalize; authdata_client_internalize_proc internalize; authdata_client_copy_proc copy; /* optional */ } krb5plugin_authdata_client_ftable_v0; #endif /* KRB5_AUTHDATA_PLUGIN_H_INCLUDED */ mech_eap-0.9.2/mech_eap/util_mech.c0000644001755200017500000002366012406014472014100 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * General mechanism utility routines. */ #include "gssapiP_eap.h" /* * Mechanism and name types are taken from 1.3.6.1.5.5(mechanisms) * assigned at http://www.iana.org/assignments/smi-numbers * * abfab(15) * mechanisms(1) * gss-eap-v1(1) * eap-aes128-cts-hmac-sha1-96(17) * eap-aes256-cts-hmac-sha1-96(18) * nametypes(2) * GSS_EAP_NT_EAP_NAME(1) * * Implementation-internal OIDs are taken from 1.3.6.1.4.1.5322(padl) * gssEap(22) * apiExtensions(3) * inquireSecContextByOid(1) * inquireCredByOid(2) * setSecContextOption(3) * setCredOption(4) * mechInvoke(5) */ /* * Note: the enctype-less OID is used as the mechanism OID in non- * canonicalized exported names. */ static gss_OID_desc gssEapMechOids[] = { /* 1.3.6.1.5.5.15.1.1 */ { 8, "\x2B\x06\x01\x05\x05\x0f\x01\x01" }, /* 1.3.6.1.5.5.15.1.1.17 */ { 9, "\x2B\x06\x01\x05\x05\x0f\x01\x01\x11" }, /* 1.3.6.1.5.5.15.1.1.18 */ { 9, "\x2B\x06\x01\x05\x05\x0f\x01\x01\x12" }, }; gss_OID GSS_EAP_MECHANISM = &gssEapMechOids[0]; gss_OID GSS_EAP_AES128_CTS_HMAC_SHA1_96_MECHANISM = &gssEapMechOids[1]; gss_OID GSS_EAP_AES256_CTS_HMAC_SHA1_96_MECHANISM = &gssEapMechOids[2]; static int internalizeOid(const gss_OID oid, gss_OID *const pInternalizedOid); /* * Returns TRUE is the OID is a concrete mechanism OID, that is, one * with a Kerberos enctype as the last element. */ int gssEapIsConcreteMechanismOid(const gss_OID oid) { return oid->length > GSS_EAP_MECHANISM->length && memcmp(oid->elements, GSS_EAP_MECHANISM->elements, GSS_EAP_MECHANISM->length) == 0; } int gssEapIsMechanismOid(const gss_OID oid) { return oid == GSS_C_NO_OID || oidEqual(oid, GSS_EAP_MECHANISM) || gssEapIsConcreteMechanismOid(oid); } /* * Validate that all elements are concrete mechanism OIDs. */ OM_uint32 gssEapValidateMechs(OM_uint32 *minor, const gss_OID_set mechs) { int i; *minor = 0; if (mechs == GSS_C_NO_OID_SET) { return GSS_S_COMPLETE; } for (i = 0; i < mechs->count; i++) { gss_OID oid = &mechs->elements[i]; if (!gssEapIsConcreteMechanismOid(oid)) { *minor = GSSEAP_WRONG_MECH; return GSS_S_BAD_MECH; } } return GSS_S_COMPLETE; } OM_uint32 gssEapOidToEnctype(OM_uint32 *minor, const gss_OID oid, krb5_enctype *enctype) { OM_uint32 major; int suffix; major = decomposeOid(minor, GSS_EAP_MECHANISM->elements, GSS_EAP_MECHANISM->length, oid, &suffix); if (major == GSS_S_COMPLETE) *enctype = suffix; return major; } OM_uint32 gssEapEnctypeToOid(OM_uint32 *minor, krb5_enctype enctype, gss_OID *pOid) { OM_uint32 major; gss_OID oid; *pOid = NULL; oid = (gss_OID)GSSEAP_MALLOC(sizeof(*oid)); if (oid == NULL) { *minor = ENOMEM; return GSS_S_FAILURE; } oid->length = GSS_EAP_MECHANISM->length + 1; oid->elements = GSSEAP_MALLOC(oid->length); if (oid->elements == NULL) { *minor = ENOMEM; GSSEAP_FREE(oid); return GSS_S_FAILURE; } major = composeOid(minor, GSS_EAP_MECHANISM->elements, GSS_EAP_MECHANISM->length, enctype, oid); if (major == GSS_S_COMPLETE) { internalizeOid(oid, pOid); *pOid = oid; } else { GSSEAP_FREE(oid->elements); GSSEAP_FREE(oid); } return major; } OM_uint32 gssEapIndicateMechs(OM_uint32 *minor, gss_OID_set *mechs) { krb5_context krbContext; OM_uint32 major; krb5_enctype *etypes; int i; GSSEAP_KRB_INIT(&krbContext); *minor = krb5_get_permitted_enctypes(krbContext, &etypes); if (*minor != 0) { return GSS_S_FAILURE; } major = gss_create_empty_oid_set(minor, mechs); if (GSS_ERROR(major)) { GSSEAP_FREE(etypes); return major; } for (i = 0; etypes[i] != ENCTYPE_NULL; i++) { gss_OID mechOid; #ifndef HAVE_HEIMDAL_VERSION OM_uint32 tmpMinor; #endif /* XXX currently we aren't equipped to encode these enctypes */ if (etypes[i] < 0 || etypes[i] > 127) continue; major = gssEapEnctypeToOid(minor, etypes[i], &mechOid); if (GSS_ERROR(major)) break; major = gss_add_oid_set_member(minor, mechOid, mechs); if (GSS_ERROR(major)) break; #ifndef HAVE_HEIMDAL_VERSION gss_release_oid(&tmpMinor, &mechOid); #endif } GSSEAP_FREE(etypes); *minor = 0; return major; } OM_uint32 gssEapDefaultMech(OM_uint32 *minor, gss_OID *oid) { gss_OID_set mechs; OM_uint32 major, tmpMinor; major = gssEapIndicateMechs(minor, &mechs); if (GSS_ERROR(major)) { return major; } if (mechs->count == 0) { gss_release_oid_set(&tmpMinor, &mechs); return GSS_S_BAD_MECH; } if (!internalizeOid(&mechs->elements[0], oid)) { /* don't double-free if we didn't internalize it */ mechs->elements[0].length = 0; mechs->elements[0].elements = NULL; } gss_release_oid_set(&tmpMinor, &mechs); *minor = 0; return GSS_S_COMPLETE; } static int internalizeOid(const gss_OID oid, gss_OID *const pInternalizedOid) { int i; *pInternalizedOid = GSS_C_NO_OID; for (i = 0; i < sizeof(gssEapMechOids) / sizeof(gssEapMechOids[0]); i++) { if (oidEqual(oid, &gssEapMechOids[i])) { *pInternalizedOid = (const gss_OID)&gssEapMechOids[i]; break; } } if (*pInternalizedOid == GSS_C_NO_OID) { if (oidEqual(oid, GSS_EAP_NT_EAP_NAME)) *pInternalizedOid = (const gss_OID)GSS_EAP_NT_EAP_NAME; } if (*pInternalizedOid == GSS_C_NO_OID) { *pInternalizedOid = oid; return 0; } return 1; } OM_uint32 gssEapReleaseOid(OM_uint32 *minor, gss_OID *oid) { gss_OID internalizedOid = GSS_C_NO_OID; *minor = 0; if (internalizeOid(*oid, &internalizedOid)) { /* OID was internalized, so we can mark it as "freed" */ *oid = GSS_C_NO_OID; return GSS_S_COMPLETE; } /* we don't know about this OID */ return GSS_S_CONTINUE_NEEDED; } OM_uint32 gssEapCanonicalizeOid(OM_uint32 *minor, const gss_OID oid, OM_uint32 flags, gss_OID *pOid) { OM_uint32 major; int mapToNull = 0; major = GSS_S_COMPLETE; *minor = 0; *pOid = GSS_C_NULL_OID; if (oid == GSS_C_NULL_OID) { if ((flags & OID_FLAG_NULL_VALID) == 0) { *minor = GSSEAP_WRONG_MECH; return GSS_S_BAD_MECH; } else if (flags & OID_FLAG_MAP_NULL_TO_DEFAULT_MECH) { return gssEapDefaultMech(minor, pOid); } else { mapToNull = 1; } } else if (oidEqual(oid, GSS_EAP_MECHANISM)) { if ((flags & OID_FLAG_FAMILY_MECH_VALID) == 0) { *minor = GSSEAP_WRONG_MECH; return GSS_S_BAD_MECH; } else if (flags & OID_FLAG_MAP_FAMILY_MECH_TO_NULL) { mapToNull = 1; } } else if (!gssEapIsConcreteMechanismOid(oid)) { *minor = GSSEAP_WRONG_MECH; return GSS_S_BAD_MECH; } if (!mapToNull) { if (!internalizeOid(oid, pOid)) major = duplicateOid(minor, oid, pOid); } return major; } static gss_buffer_desc gssEapSaslMechs[] = { { sizeof("EAP") - 1, "EAP", }, /* not used */ { sizeof("EAP-AES128") - 1, "EAP-AES128" }, { sizeof("EAP-AES256") - 1, "EAP-AES256" }, }; gss_buffer_t gssEapOidToSaslName(const gss_OID oid) { size_t i; for (i = 1; i < sizeof(gssEapMechOids)/sizeof(gssEapMechOids[0]); i++) { if (oidEqual(&gssEapMechOids[i], oid)) return &gssEapSaslMechs[i]; } return GSS_C_NO_BUFFER; } gss_OID gssEapSaslNameToOid(const gss_buffer_t name) { size_t i; for (i = 1; i < sizeof(gssEapSaslMechs)/sizeof(gssEapSaslMechs[0]); i++) { if (bufferEqual(&gssEapSaslMechs[i], name)) return &gssEapMechOids[i]; } return GSS_C_NO_OID; } mech_eap-0.9.2/mech_eap/release_oid.c0000644001755200017500000000343512406014472014400 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * Mark an internalized OID as not required to be released. */ #include "gssapiP_eap.h" OM_uint32 GSSAPI_CALLCONV gss_internal_release_oid(OM_uint32 *minor, gss_OID *oid) { return gssEapReleaseOid(minor, oid); } mech_eap-0.9.2/mech_eap/inquire_cred.c0000644001755200017500000000423312406014472014573 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * Return credential handle properties. */ #include "gssapiP_eap.h" OM_uint32 GSSAPI_CALLCONV gss_inquire_cred(OM_uint32 *minor, gss_cred_id_t cred, gss_name_t *name, OM_uint32 *pLifetime, gss_cred_usage_t *cred_usage, gss_OID_set *mechanisms) { OM_uint32 major; if (cred == NULL) { *minor = EINVAL; return GSS_S_NO_CRED; } GSSEAP_MUTEX_LOCK(&cred->mutex); major = gssEapInquireCred(minor, cred, name, pLifetime, cred_usage, mechanisms); GSSEAP_MUTEX_UNLOCK(&cred->mutex); return major; } mech_eap-0.9.2/mech_eap/display_name.c0000644001755200017500000000377712406014472014603 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * Wrapper for "displaying" (returning string representation of) a name. */ #include "gssapiP_eap.h" OM_uint32 GSSAPI_CALLCONV gss_display_name(OM_uint32 *minor, gss_name_t name, gss_buffer_t output_name_buffer, gss_OID *output_name_type) { /* Lock not required as long as attributes are not used */ return gssEapDisplayName(minor, name, output_name_buffer, output_name_type); } mech_eap-0.9.2/mech_eap/NEWS0000644001755200017500000000000012406014472012441 00000000000000mech_eap-0.9.2/mech_eap/acquire_cred.c0000644001755200017500000000424412406014472014552 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * Wrapper for acquiring a credential handle. */ #include "gssapiP_eap.h" OM_uint32 GSSAPI_CALLCONV gss_acquire_cred(OM_uint32 *minor, gss_name_t desired_name, OM_uint32 time_req, gss_OID_set desired_mechs, gss_cred_usage_t cred_usage, gss_cred_id_t *output_cred_handle, gss_OID_set *actual_mechs, OM_uint32 *time_rec) { return gssEapAcquireCred(minor, desired_name, time_req, desired_mechs, cred_usage, output_cred_handle, actual_mechs, time_rec); } mech_eap-0.9.2/mech_eap/util_shib.h0000644001755200017500000001015512406014472014111 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * Local attribute provider. */ #ifndef _UTIL_SHIB_H_ #define _UTIL_SHIB_H_ 1 #ifdef __cplusplus #include namespace shibsp { class Attribute; }; namespace shibresolver { class ShibbolethResolver; }; struct gss_eap_shib_attr_provider : gss_eap_attr_provider { public: gss_eap_shib_attr_provider(void); ~gss_eap_shib_attr_provider(void); bool initWithExistingContext(const gss_eap_attr_ctx *source, const gss_eap_attr_provider *ctx); bool initWithGssContext(const gss_eap_attr_ctx *source, const gss_cred_id_t cred, const gss_ctx_id_t ctx); bool setAttribute(int complete, const gss_buffer_t attr, const gss_buffer_t value); bool deleteAttribute(const gss_buffer_t value); bool getAttributeTypes(gss_eap_attr_enumeration_cb, void *data) const; bool getAttribute(const gss_buffer_t attr, int *authenticated, int *complete, gss_buffer_t value, gss_buffer_t display_value, int *more) const; gss_any_t mapToAny(int authenticated, gss_buffer_t type_id) const; void releaseAnyNameMapping(gss_buffer_t type_id, gss_any_t input) const; const char *prefix(void) const; const char *name(void) const; bool initWithJsonObject(const gss_eap_attr_ctx *manager, JSONObject &obj); JSONObject jsonRepresentation(void) const; static bool init(void); static void finalize(void); OM_uint32 mapException(OM_uint32 *minor, std::exception &e) const; static gss_eap_attr_provider *createAttrContext(void); std::vector getAttributes(void) const { return m_attributes; } private: static shibsp::Attribute * duplicateAttribute(const shibsp::Attribute *src); static std::vector duplicateAttributes(const std::vector src); ssize_t getAttributeIndex(const gss_buffer_t attr) const; const shibsp::Attribute *getAttribute(const gss_buffer_t attr) const; bool authenticated(void) const { return m_authenticated; } bool m_initialized; bool m_authenticated; std::vector m_attributes; }; extern "C" { #endif OM_uint32 gssEapLocalAttrProviderInit(OM_uint32 *minor); OM_uint32 gssEapLocalAttrProviderFinalize(OM_uint32 *minor); #ifdef __cplusplus } #endif #endif /* _UTIL_SHIB_H_ */ mech_eap-0.9.2/mech_eap/acquire_cred_with_password.c0000644001755200017500000000530612406014472017527 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * Wrapper for acquiring a credential handle using a password. */ #include "gssapiP_eap.h" OM_uint32 GSSAPI_CALLCONV gssspi_acquire_cred_with_password(OM_uint32 *minor, const gss_name_t desired_name, const gss_buffer_t password, OM_uint32 time_req, const gss_OID_set desired_mechs, gss_cred_usage_t cred_usage, gss_cred_id_t *output_cred_handle, gss_OID_set *actual_mechs, OM_uint32 *time_rec) { OM_uint32 major, tmpMinor; major = gssEapAcquireCred(minor, desired_name, time_req, desired_mechs, cred_usage, output_cred_handle, actual_mechs, time_rec); if (GSS_ERROR(major)) goto cleanup; major = gssEapSetCredPassword(minor, *output_cred_handle, password); if (GSS_ERROR(major)) goto cleanup; cleanup: if (GSS_ERROR(major)) gssEapReleaseCred(&tmpMinor, output_cred_handle); return major; } mech_eap-0.9.2/mech_eap/radius_ad.exports0000644001755200017500000000002212406014472015327 00000000000000authdata_client_0 mech_eap-0.9.2/mech_eap/NOTES0000644001755200017500000000034412406014476012574 00000000000000- gss_xxx routines acquire lock, gssXxx don't - git If you do want to update with a rebase, deletethe branch from the server first then push the rebased branch to delete a branch from a server git push origin :branch_to_del mech_eap-0.9.2/mech_eap/pseudo_random.c0000644001755200017500000001355312406014472014766 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * Copyright 2009 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright * notice appear in all copies and that both that copyright notice and * this permission notice appear in supporting documentation, and that * the name of M.I.T. not be used in advertising or publicity pertaining * to distribution of the software without specific, written prior * permission. Furthermore if you modify this software you must label * your software as modified software and not distribute it in such a * fashion that it might be confused with the original M.I.T. software. * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. */ /* * PRF */ #include "gssapiP_eap.h" OM_uint32 gssEapPseudoRandom(OM_uint32 *minor, gss_ctx_id_t ctx, int prf_key, const gss_buffer_t prf_in, gss_buffer_t prf_out) { krb5_error_code code; int i; OM_uint32 tmpMinor; size_t prflen; krb5_data t, ns; unsigned char *p; krb5_context krbContext; ssize_t desired_output_len = prf_out->length; *minor = 0; GSSEAP_KRB_INIT(&krbContext); KRB_DATA_INIT(&t); KRB_DATA_INIT(&ns); if (prf_key != GSS_C_PRF_KEY_PARTIAL && prf_key != GSS_C_PRF_KEY_FULL) { code = GSSEAP_BAD_PRF_KEY; goto cleanup; } code = krb5_c_prf_length(krbContext, ctx->encryptionType, &prflen); if (code != 0) goto cleanup; ns.length = 4 + prf_in->length; ns.data = GSSEAP_MALLOC(ns.length); if (ns.data == NULL) { code = ENOMEM; goto cleanup; } #ifndef HAVE_HEIMDAL_VERSION /* Same API, but different allocation rules, unfortunately. */ t.length = prflen; t.data = GSSEAP_MALLOC(t.length); if (t.data == NULL) { code = ENOMEM; goto cleanup; } #endif memcpy((unsigned char *)ns.data + 4, prf_in->value, prf_in->length); i = 0; p = (unsigned char *)prf_out->value; while (desired_output_len > 0) { store_uint32_be(i, ns.data); code = krb5_c_prf(krbContext, &ctx->rfc3961Key, &ns, &t); if (code != 0) goto cleanup; memcpy(p, t.data, MIN(t.length, desired_output_len)); p += t.length; desired_output_len -= t.length; i++; } cleanup: if (code != 0) gss_release_buffer(&tmpMinor, prf_out); if (ns.data != NULL) { memset(ns.data, 0, ns.length); GSSEAP_FREE(ns.data); } #ifdef HAVE_HEIMDAL_VERSION krb5_data_free(&t); #else if (t.data != NULL) { memset(t.data, 0, t.length); GSSEAP_FREE(t.data); } #endif *minor = code; return (code == 0) ? GSS_S_COMPLETE : GSS_S_FAILURE; } OM_uint32 GSSAPI_CALLCONV gss_pseudo_random(OM_uint32 *minor, gss_ctx_id_t ctx, int prf_key, const gss_buffer_t prf_in, ssize_t desired_output_len, gss_buffer_t prf_out) { OM_uint32 major; if (ctx == GSS_C_NO_CONTEXT) { *minor = EINVAL; return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CONTEXT; } prf_out->length = 0; prf_out->value = NULL; *minor = 0; GSSEAP_MUTEX_LOCK(&ctx->mutex); if (!CTX_IS_ESTABLISHED(ctx)) { major = GSS_S_NO_CONTEXT; *minor = GSSEAP_CONTEXT_INCOMPLETE; goto cleanup; } prf_out->value = GSSEAP_MALLOC(desired_output_len); if (prf_out->value == NULL) { major = GSS_S_FAILURE; *minor = ENOMEM; goto cleanup; } prf_out->length = desired_output_len; major = gssEapPseudoRandom(minor, ctx, prf_key, prf_in, prf_out); cleanup: GSSEAP_MUTEX_UNLOCK(&ctx->mutex); return major; } mech_eap-0.9.2/mech_eap/compare_name.c0000644001755200017500000000351112406014472014546 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * Compare two names. */ #include "gssapiP_eap.h" OM_uint32 GSSAPI_CALLCONV gss_compare_name(OM_uint32 *minor, gss_name_t name1, gss_name_t name2, int *name_equal) { return gssEapCompareName(minor, name1, name2, 0, name_equal); } mech_eap-0.9.2/mech_eap/util_tld.c0000644001755200017500000001170512406014472013744 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * Thread local data abstraction, using pthreads on Unix and the TlsXXX * APIs on Windows. */ #include "gssapiP_eap.h" /* Clean up thread-local data; called on thread detach */ static void destroyThreadLocalData(struct gss_eap_thread_local_data *tld) { if (tld->statusInfo != NULL) gssEapDestroyStatusInfo(tld->statusInfo); if (tld->krbContext != NULL) gssEapDestroyKrbContext(tld->krbContext); GSSEAP_FREE(tld); } #ifdef WIN32 /* * This is the TLS index returned by TlsAlloc() on process init. * Each thread, on thread attach in DllMain(), allocates its thread-local * data and uses this index with TlsSetValue() to store it. * It can then subsequently be retrieved with TlsGetValue(). */ static DWORD tlsIndex = TLS_OUT_OF_INDEXES; /* Access thread-local data */ struct gss_eap_thread_local_data * gssEapGetThreadLocalData(void) { struct gss_eap_thread_local_data *tlsData; GSSEAP_ASSERT(tlsIndex != TLS_OUT_OF_INDEXES); tlsData = TlsGetValue(tlsIndex); if (tlsData == NULL) { tlsData = GSSEAP_CALLOC(1, sizeof(*tlsData)); TlsSetValue(tlsIndex, tlsData); } return tlsData; } BOOL WINAPI DllMain(HINSTANCE hDLL, /* DLL module handle */ DWORD reason, /* reason called */ LPVOID reserved) /* reserved */ { struct gss_eap_thread_local_data *tlsData; OM_uint32 major, minor; switch (reason) { case DLL_PROCESS_ATTACH: /* Allocate a TLS index. */ major = gssEapInitiatorInit(&minor); if (GSS_ERROR(major)) return FALSE; tlsIndex = TlsAlloc(); if (tlsIndex == TLS_OUT_OF_INDEXES) return FALSE; /* No break: Initialize the index for first thread.*/ case DLL_THREAD_ATTACH: /* Initialize the TLS index for this thread. */ tlsData = GSSEAP_CALLOC(1, sizeof(*tlsData)); if (tlsData == NULL) return FALSE; TlsSetValue(tlsIndex, tlsData); break; case DLL_THREAD_DETACH: /* Release the allocated memory for this thread. */ tlsData = TlsGetValue(tlsIndex); if (tlsData != NULL) { destroyThreadLocalData(tlsData); TlsSetValue(tlsIndex, NULL); } break; case DLL_PROCESS_DETACH: /* Release the TLS index. */ TlsFree(tlsIndex); gssEapFinalize(); break; default: break; } return TRUE; UNREFERENCED_PARAMETER(hDLL); UNREFERENCED_PARAMETER(reserved); } #else /* WIN32 */ /* pthreads implementation */ static GSSEAP_THREAD_ONCE tldKeyOnce = GSSEAP_ONCE_INITIALIZER; static GSSEAP_THREAD_KEY tldKey; static void pthreadDestroyThreadLocalData(void *arg) { struct gss_eap_thread_local_data* tld = arg; if (tld != NULL) destroyThreadLocalData(tld); } static void createThreadLocalDataKey(void) { GSSEAP_KEY_CREATE(&tldKey, pthreadDestroyThreadLocalData); } struct gss_eap_thread_local_data * gssEapGetThreadLocalData() { struct gss_eap_thread_local_data *tld; GSSEAP_ONCE(&tldKeyOnce, createThreadLocalDataKey); tld = GSSEAP_GETSPECIFIC(tldKey); if (tld == NULL) { tld = GSSEAP_CALLOC(1, sizeof(*tld)); if (tld == NULL) return NULL; GSSEAP_SETSPECIFIC(tldKey, tld); } return tld; } #endif /* WIN32 */ mech_eap-0.9.2/mech_eap/util.h0000644001755200017500000010433412406014472013107 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * Portions Copyright 2003-2010 Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright * notice appear in all copies and that both that copyright notice and * this permission notice appear in supporting documentation, and that * the name of M.I.T. not be used in advertising or publicity pertaining * to distribution of the software without specific, written prior * permission. Furthermore if you modify this software you must label * your software as modified software and not distribute it in such a * fashion that it might be confused with the original M.I.T. software. * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. * */ /* * Utility functions. */ #ifndef _UTIL_H_ #define _UTIL_H_ 1 #ifdef HAVE_SYS_PARAM_H #include #endif #ifdef HAVE_STDINT_H #include #endif #include #include #include #ifdef WIN32 # ifndef __cplusplus # define inline __inline # endif #define snprintf _snprintf #endif #ifdef __cplusplus extern "C" { #endif #ifndef MIN #define MIN(_a,_b) ((_a)<(_b)?(_a):(_b)) #endif #if !defined(WIN32) && !(defined(__cplusplus)) || (__GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 4)) #define GSSEAP_UNUSED __attribute__ ((__unused__)) #else #define GSSEAP_UNUSED #endif /* util_buffer.c */ OM_uint32 makeStringBuffer(OM_uint32 *minor, const char *string, gss_buffer_t buffer); #define makeStringBufferOrCleanup(src, dst) \ do { \ major = makeStringBuffer((minor), (src), (dst));\ if (GSS_ERROR(major)) \ goto cleanup; \ } while (0) OM_uint32 bufferToString(OM_uint32 *minor, const gss_buffer_t buffer, char **pString); OM_uint32 duplicateBuffer(OM_uint32 *minor, const gss_buffer_t src, gss_buffer_t dst); #define duplicateBufferOrCleanup(src, dst) \ do { \ major = duplicateBuffer((minor), (src), (dst)); \ if (GSS_ERROR(major)) \ goto cleanup; \ } while (0) static inline int bufferEqual(const gss_buffer_t b1, const gss_buffer_t b2) { return (b1->length == b2->length && memcmp(b1->value, b2->value, b2->length) == 0); } static inline int bufferEqualString(const gss_buffer_t b1, const char *s) { gss_buffer_desc b2; b2.length = strlen(s); b2.value = (char *)s; return bufferEqual(b1, &b2); } /* util_cksum.c */ int gssEapSign(krb5_context context, krb5_cksumtype type, size_t rrc, #ifdef HAVE_HEIMDAL_VERSION krb5_crypto crypto, #else krb5_keyblock *key, #endif krb5_keyusage sign_usage, gss_iov_buffer_desc *iov, int iov_count); int gssEapVerify(krb5_context context, krb5_cksumtype type, size_t rrc, #ifdef HAVE_HEIMDAL_VERSION krb5_crypto crypto, #else krb5_keyblock *key, #endif krb5_keyusage sign_usage, gss_iov_buffer_desc *iov, int iov_count, int *valid); #if 0 OM_uint32 gssEapEncodeGssChannelBindings(OM_uint32 *minor, gss_channel_bindings_t chanBindings, gss_buffer_t encodedBindings); #endif /* util_context.c */ #define EAP_EXPORT_CONTEXT_V1 1 enum gss_eap_token_type { TOK_TYPE_NONE = 0x0000, /* no token */ TOK_TYPE_MIC = 0x0404, /* RFC 4121 MIC token */ TOK_TYPE_WRAP = 0x0504, /* RFC 4121 wrap token */ TOK_TYPE_EXPORT_NAME = 0x0401, /* RFC 2743 exported name */ TOK_TYPE_EXPORT_NAME_COMPOSITE = 0x0402, /* exported composite name */ TOK_TYPE_DELETE_CONTEXT = 0x0405, /* RFC 2743 delete context */ TOK_TYPE_INITIATOR_CONTEXT = 0x0601, /* initiator-sent context token */ TOK_TYPE_ACCEPTOR_CONTEXT = 0x0602, /* acceptor-sent context token */ }; /* inner token types and flags */ #define ITOK_TYPE_NONE 0x00000000 #define ITOK_TYPE_CONTEXT_ERR 0x00000001 /* critical */ #define ITOK_TYPE_ACCEPTOR_NAME_REQ 0x00000002 /* TBD */ #define ITOK_TYPE_ACCEPTOR_NAME_RESP 0x00000003 /* TBD */ #define ITOK_TYPE_EAP_RESP 0x00000004 /* critical, required, if not reauth */ #define ITOK_TYPE_EAP_REQ 0x00000005 /* critical, required, if not reauth */ #define ITOK_TYPE_GSS_CHANNEL_BINDINGS 0x00000006 /* critical, required, if not reauth */ #define ITOK_TYPE_REAUTH_CREDS 0x00000007 /* optional */ #define ITOK_TYPE_REAUTH_REQ 0x00000008 /* optional */ #define ITOK_TYPE_REAUTH_RESP 0x00000009 /* optional */ #define ITOK_TYPE_VERSION_INFO 0x0000000A /* optional */ #define ITOK_TYPE_VENDOR_INFO 0x0000000B /* optional */ #define ITOK_TYPE_GSS_FLAGS 0x0000000C /* optional */ #define ITOK_TYPE_INITIATOR_MIC 0x0000000D /* critical, required, if not reauth */ #define ITOK_TYPE_ACCEPTOR_MIC 0x0000000E /* TBD */ #define ITOK_FLAG_CRITICAL 0x80000000 /* critical, wire flag */ #define ITOK_FLAG_VERIFIED 0x40000000 /* verified, API flag */ #define ITOK_TYPE_MASK (~(ITOK_FLAG_CRITICAL | ITOK_FLAG_VERIFIED)) #define GSSEAP_WIRE_FLAGS_MASK ( GSS_C_MUTUAL_FLAG | \ GSS_C_DCE_STYLE | \ GSS_C_IDENTIFY_FLAG | \ GSS_C_EXTENDED_ERROR_FLAG ) OM_uint32 gssEapAllocContext(OM_uint32 *minor, gss_ctx_id_t *pCtx); OM_uint32 gssEapReleaseContext(OM_uint32 *minor, gss_ctx_id_t *pCtx); OM_uint32 gssEapMakeToken(OM_uint32 *minor, gss_ctx_id_t ctx, const gss_buffer_t innerToken, enum gss_eap_token_type tokenType, gss_buffer_t outputToken); OM_uint32 gssEapVerifyToken(OM_uint32 *minor, gss_ctx_id_t ctx, const gss_buffer_t inputToken, enum gss_eap_token_type *tokenType, gss_buffer_t innerInputToken); OM_uint32 gssEapContextTime(OM_uint32 *minor, gss_ctx_id_t context_handle, OM_uint32 *time_rec); OM_uint32 gssEapMakeTokenMIC(OM_uint32 *minor, gss_ctx_id_t ctx, gss_buffer_t tokenMIC); OM_uint32 gssEapVerifyTokenMIC(OM_uint32 *minor, gss_ctx_id_t ctx, const gss_buffer_t tokenMIC); /* util_cred.c */ OM_uint32 gssEapAllocCred(OM_uint32 *minor, gss_cred_id_t *pCred); OM_uint32 gssEapReleaseCred(OM_uint32 *minor, gss_cred_id_t *pCred); gss_OID gssEapPrimaryMechForCred(gss_cred_id_t cred); OM_uint32 gssEapAcquireCred(OM_uint32 *minor, const gss_name_t desiredName, OM_uint32 timeReq, const gss_OID_set desiredMechs, int cred_usage, gss_cred_id_t *pCred, gss_OID_set *pActualMechs, OM_uint32 *timeRec); OM_uint32 gssEapSetCredPassword(OM_uint32 *minor, gss_cred_id_t cred, const gss_buffer_t password); OM_uint32 gssEapSetCredClientCertificate(OM_uint32 *minor, gss_cred_id_t cred, const gss_buffer_t clientCert, const gss_buffer_t privateKey); OM_uint32 gssEapSetCredService(OM_uint32 *minor, gss_cred_id_t cred, const gss_name_t target); OM_uint32 gssEapResolveInitiatorCred(OM_uint32 *minor, const gss_cred_id_t cred, const gss_name_t target, gss_cred_id_t *resolvedCred); int gssEapCredAvailable(gss_cred_id_t cred, gss_OID mech); OM_uint32 gssEapInquireCred(OM_uint32 *minor, gss_cred_id_t cred, gss_name_t *name, OM_uint32 *pLifetime, gss_cred_usage_t *cred_usage, gss_OID_set *mechanisms); /* util_crypt.c */ int gssEapEncrypt(krb5_context context, int dce_style, size_t ec, size_t rrc, #ifdef HAVE_HEIMDAL_VERSION krb5_crypto crypto, #else krb5_keyblock *key, #endif int usage, gss_iov_buffer_desc *iov, int iov_count); int gssEapDecrypt(krb5_context context, int dce_style, size_t ec, size_t rrc, #ifdef HAVE_HEIMDAL_VERSION krb5_crypto crypto, #else krb5_keyblock *key, #endif int usage, gss_iov_buffer_desc *iov, int iov_count); int gssEapMapCryptoFlag(OM_uint32 type); gss_iov_buffer_t gssEapLocateIov(gss_iov_buffer_desc *iov, int iov_count, OM_uint32 type); void gssEapIovMessageLength(gss_iov_buffer_desc *iov, int iov_count, size_t *data_length, size_t *assoc_data_length); void gssEapReleaseIov(gss_iov_buffer_desc *iov, int iov_count); int gssEapIsIntegrityOnly(gss_iov_buffer_desc *iov, int iov_count); int gssEapAllocIov(gss_iov_buffer_t iov, size_t size); OM_uint32 gssEapDeriveRfc3961Key(OM_uint32 *minor, const unsigned char *key, size_t keyLength, krb5_enctype enctype, krb5_keyblock *pKey); /* util_krb.c */ #ifndef KRB_MALLOC /* * If your Kerberos library uses a different allocator to your * GSS mechanism glue, then you might wish to define these in * config.h or elsewhere. This should eventually go away when * we no longer need to allocate memory that is freed by the * Kerberos library. */ #define KRB_CALLOC calloc #define KRB_MALLOC malloc #define KRB_FREE free #define KRB_REALLOC realloc #endif /* KRB_MALLOC */ #ifdef HAVE_HEIMDAL_VERSION #define KRB_TIME_FOREVER ((time_t)~0L) #define KRB_KEY_TYPE(key) ((key)->keytype) #define KRB_KEY_DATA(key) ((key)->keyvalue.data) #define KRB_KEY_LENGTH(key) ((key)->keyvalue.length) #define KRB_PRINC_LENGTH(princ) ((princ)->name.name_string.len) #define KRB_PRINC_TYPE(princ) ((princ)->name.name_type) #define KRB_PRINC_NAME(princ) ((princ)->name.name_string.val) #define KRB_PRINC_REALM(princ) ((princ)->realm) #define KRB_KT_ENT_KEYBLOCK(e) (&(e)->keyblock) #define KRB_KT_ENT_FREE(c, e) krb5_kt_free_entry((c), (e)) #define KRB_CRYPTO_CONTEXT(ctx) (krbCrypto) #define KRB_DATA_INIT(d) krb5_data_zero((d)) #define KRB_CHECKSUM_TYPE(c) ((c)->cksumtype) #define KRB_CHECKSUM_LENGTH(c) ((c)->checksum.length) #define KRB_CHECKSUM_DATA(c) ((c)->checksum.data) #define KRB_CHECKSUM_INIT(cksum, type, d) do { \ (cksum)->cksumtype = (type); \ (cksum)->checksum.length = (d)->length; \ (cksum)->checksum.data = (d)->value; \ } while (0) #else #define KRB_TIME_FOREVER KRB5_INT32_MAX #define KRB_KEY_TYPE(key) ((key)->enctype) #define KRB_KEY_DATA(key) ((key)->contents) #define KRB_KEY_LENGTH(key) ((key)->length) #define KRB_PRINC_LENGTH(princ) (krb5_princ_size(NULL, (princ))) #define KRB_PRINC_TYPE(princ) (krb5_princ_type(NULL, (princ))) #define KRB_PRINC_NAME(princ) (krb5_princ_name(NULL, (princ))) #define KRB_PRINC_REALM(princ) (krb5_princ_realm(NULL, (princ))) #define KRB_PRINC_COMPONENT(princ, component) \ (krb5_princ_component(NULL, (princ), (component))) #define KRB_KT_ENT_KEYBLOCK(e) (&(e)->key) #define KRB_KT_ENT_FREE(c, e) krb5_free_keytab_entry_contents((c), (e)) #define KRB_CRYPTO_CONTEXT(ctx) (&(ctx)->rfc3961Key) #define KRB_DATA_INIT(d) do { \ (d)->magic = KV5M_DATA; \ (d)->length = 0; \ (d)->data = NULL; \ } while (0) #define KRB_CHECKSUM_TYPE(c) ((c)->checksum_type) #define KRB_CHECKSUM_LENGTH(c) ((c)->length) #define KRB_CHECKSUM_DATA(c) ((c)->contents) #define KRB_CHECKSUM_INIT(cksum, type, d) do { \ (cksum)->checksum_type = (type); \ (cksum)->length = (d)->length; \ (cksum)->contents = (d)->value; \ } while (0) #endif /* HAVE_HEIMDAL_VERSION */ #define KRB_KEY_INIT(key) do { \ KRB_KEY_TYPE(key) = ENCTYPE_NULL; \ KRB_KEY_DATA(key) = NULL; \ KRB_KEY_LENGTH(key) = 0; \ } while (0) #define GSSEAP_KRB_INIT(ctx) do { \ OM_uint32 tmpMajor; \ \ tmpMajor = gssEapKerberosInit(minor, ctx); \ if (GSS_ERROR(tmpMajor)) { \ return tmpMajor; \ } \ } while (0) OM_uint32 gssEapKerberosInit(OM_uint32 *minor, krb5_context *context); OM_uint32 rfc3961ChecksumTypeForKey(OM_uint32 *minor, krb5_keyblock *key, krb5_cksumtype *cksumtype); krb5_error_code krbCryptoLength(krb5_context krbContext, #ifdef HAVE_HEIMDAL_VERSION krb5_crypto krbCrypto, #else krb5_keyblock *key, #endif int type, size_t *length); krb5_error_code krbPaddingLength(krb5_context krbContext, #ifdef HAVE_HEIMDAL_VERSION krb5_crypto krbCrypto, #else krb5_keyblock *key, #endif size_t dataLength, size_t *padLength); krb5_error_code krbBlockSize(krb5_context krbContext, #ifdef HAVE_HEIMDAL_VERSION krb5_crypto krbCrypto, #else krb5_keyblock *key, #endif size_t *blockSize); krb5_error_code krbEnctypeToString(krb5_context krbContext, krb5_enctype enctype, const char *prefix, gss_buffer_t string); krb5_error_code krbMakeAuthDataKdcIssued(krb5_context context, const krb5_keyblock *key, krb5_const_principal issuer, #ifdef HAVE_HEIMDAL_VERSION const AuthorizationData *authdata, AuthorizationData *adKdcIssued #else krb5_authdata *const *authdata, krb5_authdata ***adKdcIssued #endif ); krb5_error_code krbMakeCred(krb5_context context, krb5_auth_context authcontext, krb5_creds *creds, krb5_data *data); /* util_lucid.c */ OM_uint32 gssEapExportLucidSecContext(OM_uint32 *minor, gss_ctx_id_t ctx, const gss_OID desiredObject, gss_buffer_set_t *data_set); /* util_mech.c */ extern gss_OID GSS_EAP_MECHANISM; #define OID_FLAG_NULL_VALID 0x00000001 #define OID_FLAG_FAMILY_MECH_VALID 0x00000002 #define OID_FLAG_MAP_NULL_TO_DEFAULT_MECH 0x00000004 #define OID_FLAG_MAP_FAMILY_MECH_TO_NULL 0x00000008 OM_uint32 gssEapCanonicalizeOid(OM_uint32 *minor, const gss_OID oid, OM_uint32 flags, gss_OID *pOid); OM_uint32 gssEapReleaseOid(OM_uint32 *minor, gss_OID *oid); OM_uint32 gssEapDefaultMech(OM_uint32 *minor, gss_OID *oid); OM_uint32 gssEapIndicateMechs(OM_uint32 *minor, gss_OID_set *mechs); OM_uint32 gssEapEnctypeToOid(OM_uint32 *minor, krb5_enctype enctype, gss_OID *pOid); OM_uint32 gssEapOidToEnctype(OM_uint32 *minor, const gss_OID oid, krb5_enctype *enctype); int gssEapIsMechanismOid(const gss_OID oid); int gssEapIsConcreteMechanismOid(const gss_OID oid); OM_uint32 gssEapValidateMechs(OM_uint32 *minor, const gss_OID_set mechs); gss_buffer_t gssEapOidToSaslName(const gss_OID oid); gss_OID gssEapSaslNameToOid(const gss_buffer_t name); /* util_moonshot.c */ OM_uint32 libMoonshotResolveDefaultIdentity(OM_uint32 *minor, const gss_cred_id_t cred, gss_name_t *pName); OM_uint32 libMoonshotResolveInitiatorCred(OM_uint32 *minor, gss_cred_id_t cred, const gss_name_t targetName); /* util_name.c */ #define EXPORT_NAME_FLAG_OID 0x1 #define EXPORT_NAME_FLAG_COMPOSITE 0x2 #define EXPORT_NAME_FLAG_ALLOW_COMPOSITE 0x4 OM_uint32 gssEapAllocName(OM_uint32 *minor, gss_name_t *pName); OM_uint32 gssEapReleaseName(OM_uint32 *minor, gss_name_t *pName); OM_uint32 gssEapExportName(OM_uint32 *minor, const gss_name_t name, gss_buffer_t exportedName); OM_uint32 gssEapExportNameInternal(OM_uint32 *minor, const gss_name_t name, gss_buffer_t exportedName, OM_uint32 flags); OM_uint32 gssEapImportName(OM_uint32 *minor, const gss_buffer_t input_name_buffer, const gss_OID input_name_type, const gss_OID input_mech_type, gss_name_t *output_name); OM_uint32 gssEapImportNameInternal(OM_uint32 *minor, const gss_buffer_t input_name_buffer, gss_name_t *output_name, OM_uint32 flags); OM_uint32 gssEapDuplicateName(OM_uint32 *minor, const gss_name_t input_name, gss_name_t *dest_name); OM_uint32 gssEapCanonicalizeName(OM_uint32 *minor, const gss_name_t input_name, const gss_OID mech_type, gss_name_t *dest_name); OM_uint32 gssEapDisplayName(OM_uint32 *minor, gss_name_t name, gss_buffer_t output_name_buffer, gss_OID *output_name_type); #define COMPARE_NAME_FLAG_IGNORE_EMPTY_REALMS 0x1 OM_uint32 gssEapCompareName(OM_uint32 *minor, gss_name_t name1, gss_name_t name2, OM_uint32 flags, int *name_equal); /* util_oid.c */ OM_uint32 composeOid(OM_uint32 *minor_status, const char *prefix, size_t prefix_len, int suffix, gss_OID_desc *oid); OM_uint32 decomposeOid(OM_uint32 *minor_status, const char *prefix, size_t prefix_len, gss_OID_desc *oid, int *suffix) ; OM_uint32 duplicateOid(OM_uint32 *minor_status, const gss_OID_desc * const oid, gss_OID *new_oid); OM_uint32 duplicateOidSet(OM_uint32 *minor, const gss_OID_set src, gss_OID_set *dst); static inline int oidEqual(const gss_OID_desc *o1, const gss_OID_desc *o2) { if (o1 == GSS_C_NO_OID) return (o2 == GSS_C_NO_OID); else if (o2 == GSS_C_NO_OID) return (o1 == GSS_C_NO_OID); else return (o1->length == o2->length && memcmp(o1->elements, o2->elements, o1->length) == 0); } /* util_ordering.c */ OM_uint32 sequenceInternalize(OM_uint32 *minor, void **vqueue, unsigned char **buf, size_t *lenremain); OM_uint32 sequenceExternalize(OM_uint32 *minor, void *vqueue, unsigned char **buf, size_t *lenremain); size_t sequenceSize(void *vqueue); OM_uint32 sequenceFree(OM_uint32 *minor, void **vqueue); OM_uint32 sequenceCheck(OM_uint32 *minor, void **vqueue, uint64_t seqnum); OM_uint32 sequenceInit(OM_uint32 *minor, void **vqueue, uint64_t seqnum, int do_replay, int do_sequence, int wide_nums); /* util_sm.c */ enum gss_eap_state { GSSEAP_STATE_INITIAL = 0x01, /* initial state */ GSSEAP_STATE_AUTHENTICATE = 0x02, /* exchange EAP messages */ GSSEAP_STATE_INITIATOR_EXTS = 0x04, /* initiator extensions */ GSSEAP_STATE_ACCEPTOR_EXTS = 0x08, /* acceptor extensions */ #ifdef GSSEAP_ENABLE_REAUTH GSSEAP_STATE_REAUTHENTICATE = 0x10, /* GSS reauthentication messages */ #endif GSSEAP_STATE_ESTABLISHED = 0x20, /* context established */ GSSEAP_STATE_ALL = 0x3F }; #define GSSEAP_STATE_NEXT(s) ((s) << 1) #define GSSEAP_SM_STATE(ctx) ((ctx)->state) #ifdef GSSEAP_DEBUG void gssEapSmTransition(gss_ctx_id_t ctx, enum gss_eap_state state); #define GSSEAP_SM_TRANSITION(ctx, state) gssEapSmTransition((ctx), (state)) #else #define GSSEAP_SM_TRANSITION(ctx, newstate) do { (ctx)->state = (newstate); } while (0) #endif #define GSSEAP_SM_TRANSITION_NEXT(ctx) GSSEAP_SM_TRANSITION((ctx), GSSEAP_STATE_NEXT(GSSEAP_SM_STATE((ctx)))) /* state machine entry */ struct gss_eap_sm { OM_uint32 inputTokenType; OM_uint32 outputTokenType; enum gss_eap_state validStates; OM_uint32 itokFlags; OM_uint32 (*processToken)(OM_uint32 *, gss_cred_id_t, gss_ctx_id_t, gss_name_t, gss_OID, OM_uint32, OM_uint32, gss_channel_bindings_t, gss_buffer_t, gss_buffer_t, OM_uint32 *); }; /* state machine flags, set by handler */ #define SM_FLAG_FORCE_SEND_TOKEN 0x00000001 /* send token even if no inner tokens */ #define SM_FLAG_OUTPUT_TOKEN_CRITICAL 0x00000002 /* output token is critical */ /* state machine flags, set by state machine */ #define SM_FLAG_INPUT_TOKEN_CRITICAL 0x10000000 /* input token was critical */ #define SM_ITOK_FLAG_REQUIRED 0x00000001 /* received tokens must be present */ OM_uint32 gssEapSmStep(OM_uint32 *minor, gss_cred_id_t cred, gss_ctx_id_t ctx, gss_name_t target, gss_OID mech, OM_uint32 reqFlags, OM_uint32 timeReq, gss_channel_bindings_t chanBindings, gss_buffer_t inputToken, gss_buffer_t outputToken, struct gss_eap_sm *sm, size_t smCount); void gssEapSmTransition(gss_ctx_id_t ctx, enum gss_eap_state state); /* util_token.c */ struct gss_eap_token_buffer_set { gss_buffer_set_desc buffers; /* pointers only */ OM_uint32 *types; }; OM_uint32 gssEapEncodeInnerTokens(OM_uint32 *minor, struct gss_eap_token_buffer_set *tokens, gss_buffer_t buffer); OM_uint32 gssEapDecodeInnerTokens(OM_uint32 *minor, const gss_buffer_t buffer, struct gss_eap_token_buffer_set *tokens); OM_uint32 gssEapReleaseInnerTokens(OM_uint32 *minor, struct gss_eap_token_buffer_set *tokens, int freeBuffers); OM_uint32 gssEapAllocInnerTokens(OM_uint32 *minor, size_t count, struct gss_eap_token_buffer_set *tokens); size_t tokenSize(const gss_OID_desc *mech, size_t body_size); void makeTokenHeader(const gss_OID_desc *mech, size_t body_size, unsigned char **buf, enum gss_eap_token_type tok_type); OM_uint32 verifyTokenHeader(OM_uint32 *minor, gss_OID mech, size_t *body_size, unsigned char **buf_in, size_t toksize_in, enum gss_eap_token_type *ret_tok_type); /* Helper macros */ #ifndef GSSEAP_MALLOC #if _WIN32 #include #define GSSEAP_MALLOC gssalloc_malloc #define GSSEAP_CALLOC gssalloc_calloc #define GSSEAP_FREE gssalloc_free #define GSSEAP_REALLOC gssalloc_realloc #else #define GSSEAP_CALLOC calloc #define GSSEAP_MALLOC malloc #define GSSEAP_FREE free #define GSSEAP_REALLOC realloc #endif /* _WIN32 */ #endif /* !GSSEAP_MALLOC */ #ifndef GSSAPI_CALLCONV #define GSSAPI_CALLCONV KRB5_CALLCONV #endif #ifndef GSSEAP_ASSERT #include #define GSSEAP_ASSERT(x) assert((x)) #endif /* !GSSEAP_ASSERT */ #ifdef WIN32 #define GSSEAP_CONSTRUCTOR #define GSSEAP_DESTRUCTOR #else #define GSSEAP_CONSTRUCTOR __attribute__((constructor)) #define GSSEAP_DESTRUCTOR __attribute__((destructor)) #endif #define GSSEAP_NOT_IMPLEMENTED do { \ GSSEAP_ASSERT(0 && "not implemented"); \ *minor = ENOSYS; \ return GSS_S_FAILURE; \ } while (0) #ifdef WIN32 #include #define GSSEAP_GET_LAST_ERROR() (GetLastError()) /* XXX FIXME */ #define GSSEAP_MUTEX CRITICAL_SECTION #define GSSEAP_MUTEX_INIT(m) (InitializeCriticalSection((m)), 0) #define GSSEAP_MUTEX_DESTROY(m) DeleteCriticalSection((m)) #define GSSEAP_MUTEX_LOCK(m) EnterCriticalSection((m)) #define GSSEAP_MUTEX_UNLOCK(m) LeaveCriticalSection((m)) #define GSSEAP_ONCE_LEAVE do { return TRUE; } while (0) /* Thread-local is handled separately */ #define GSSEAP_THREAD_ONCE INIT_ONCE #define GSSEAP_ONCE_CALLBACK(cb) BOOL CALLBACK cb(PINIT_ONCE InitOnce, PVOID Parameter, PVOID *Context) #define GSSEAP_ONCE(o, i) InitOnceExecuteOnce((o), (i), NULL, NULL) #define GSSEAP_ONCE_INITIALIZER INIT_ONCE_STATIC_INIT #else #include #define GSSEAP_GET_LAST_ERROR() (errno) #define GSSEAP_MUTEX pthread_mutex_t #define GSSEAP_MUTEX_INIT(m) pthread_mutex_init((m), NULL) #define GSSEAP_MUTEX_DESTROY(m) pthread_mutex_destroy((m)) #define GSSEAP_MUTEX_LOCK(m) pthread_mutex_lock((m)) #define GSSEAP_MUTEX_UNLOCK(m) pthread_mutex_unlock((m)) #define GSSEAP_THREAD_KEY pthread_key_t #define GSSEAP_KEY_CREATE(k, d) pthread_key_create((k), (d)) #define GSSEAP_GETSPECIFIC(k) pthread_getspecific((k)) #define GSSEAP_SETSPECIFIC(k, d) pthread_setspecific((k), (d)) #define GSSEAP_THREAD_ONCE pthread_once_t #define GSSEAP_ONCE_CALLBACK(cb) void cb(void) #define GSSEAP_ONCE(o, i) pthread_once((o), (i)) #define GSSEAP_ONCE_INITIALIZER PTHREAD_ONCE_INIT #define GSSEAP_ONCE_LEAVE do { } while (0) #endif /* WIN32 */ /* Helper functions */ static inline void store_uint16_be(uint16_t val, void *vp) { unsigned char *p = (unsigned char *)vp; p[0] = (val >> 8) & 0xff; p[1] = (val ) & 0xff; } static inline uint16_t load_uint16_be(const void *cvp) { const unsigned char *p = (const unsigned char *)cvp; return (p[1] | (p[0] << 8)); } static inline void store_uint32_be(uint32_t val, void *vp) { unsigned char *p = (unsigned char *)vp; p[0] = (val >> 24) & 0xff; p[1] = (val >> 16) & 0xff; p[2] = (val >> 8) & 0xff; p[3] = (val ) & 0xff; } static inline uint32_t load_uint32_be(const void *cvp) { const unsigned char *p = (const unsigned char *)cvp; return (p[3] | (p[2] << 8) | ((uint32_t) p[1] << 16) | ((uint32_t) p[0] << 24)); } static inline void store_uint64_be(uint64_t val, void *vp) { unsigned char *p = (unsigned char *)vp; p[0] = (unsigned char)((val >> 56) & 0xff); p[1] = (unsigned char)((val >> 48) & 0xff); p[2] = (unsigned char)((val >> 40) & 0xff); p[3] = (unsigned char)((val >> 32) & 0xff); p[4] = (unsigned char)((val >> 24) & 0xff); p[5] = (unsigned char)((val >> 16) & 0xff); p[6] = (unsigned char)((val >> 8) & 0xff); p[7] = (unsigned char)((val ) & 0xff); } static inline uint64_t load_uint64_be(const void *cvp) { const unsigned char *p = (const unsigned char *)cvp; return ((uint64_t)load_uint32_be(p) << 32) | load_uint32_be(p + 4); } static inline unsigned char * store_buffer(gss_buffer_t buffer, void *vp, int wide_nums) { unsigned char *p = (unsigned char *)vp; if (wide_nums) { store_uint64_be(buffer->length, p); p += 8; } else { store_uint32_be(buffer->length, p); p += 4; } if (buffer->value != NULL) { memcpy(p, buffer->value, buffer->length); p += buffer->length; } return p; } static inline unsigned char * load_buffer(const void *cvp, size_t length, gss_buffer_t buffer) { buffer->length = 0; buffer->value = GSSEAP_MALLOC(length); if (buffer->value == NULL) return NULL; buffer->length = length; memcpy(buffer->value, cvp, length); return (unsigned char *)cvp + length; } static inline unsigned char * store_oid(gss_OID oid, void *vp) { gss_buffer_desc buf; if (oid != GSS_C_NO_OID) { buf.length = oid->length; buf.value = oid->elements; } else { buf.length = 0; buf.value = NULL; } return store_buffer(&buf, vp, FALSE); } static inline void krbDataToGssBuffer(krb5_data *data, gss_buffer_t buffer) { buffer->value = (void *)data->data; buffer->length = data->length; } static inline void krbPrincComponentToGssBuffer(krb5_principal krbPrinc, int index, gss_buffer_t buffer) { if (KRB_PRINC_LENGTH(krbPrinc) <= index) { buffer->value = NULL; buffer->length = 0; } else { #ifdef HAVE_HEIMDAL_VERSION buffer->value = (void *)KRB_PRINC_NAME(krbPrinc)[index]; buffer->length = strlen((char *)buffer->value); #else buffer->value = (void *)krb5_princ_component(NULL, krbPrinc, index)->data; buffer->length = krb5_princ_component(NULL, krbPrinc, index)->length; #endif /* HAVE_HEIMDAL_VERSION */ } } static inline krb5_error_code krbPrincUnparseServiceSpecifics(krb5_context krbContext, krb5_principal krbPrinc, gss_buffer_t nameBuf) { krb5_error_code result = 0; if (KRB_PRINC_LENGTH(krbPrinc) > 2) { /* Acceptor-Service-Specific */ krb5_principal_data ssiPrinc = *krbPrinc; char *ssi; KRB_PRINC_LENGTH(&ssiPrinc) -= 2; KRB_PRINC_NAME(&ssiPrinc) += 2; result = krb5_unparse_name_flags(krbContext, &ssiPrinc, KRB5_PRINCIPAL_UNPARSE_NO_REALM, &ssi); if (result != 0) return result; nameBuf->value = ssi; nameBuf->length = strlen(ssi); } else { nameBuf->value = NULL; nameBuf->length = 0; } return result; } static inline void krbFreeUnparsedName(krb5_context krbContext, gss_buffer_t nameBuf) { #ifdef HAVE_HEIMDAL_VERSION krb5_xfree((char *) nameBuf->value); #else krb5_free_unparsed_name(krbContext, (char *)(nameBuf->value)); #endif nameBuf->value = NULL; nameBuf->length = 0; } static inline void krbPrincRealmToGssBuffer(krb5_principal krbPrinc, gss_buffer_t buffer) { #ifdef HAVE_HEIMDAL_VERSION buffer->value = (void *)KRB_PRINC_REALM(krbPrinc); buffer->length = strlen((char *)buffer->value); #else krbDataToGssBuffer(KRB_PRINC_REALM(krbPrinc), buffer); #endif } static inline void gssBufferToKrbData(gss_buffer_t buffer, krb5_data *data) { data->data = (char *)buffer->value; data->length = buffer->length; } /* util_tld.c */ struct gss_eap_status_info; struct gss_eap_thread_local_data { krb5_context krbContext; struct gss_eap_status_info *statusInfo; }; struct gss_eap_thread_local_data * gssEapGetThreadLocalData(void); void gssEapDestroyStatusInfo(struct gss_eap_status_info *status); void gssEapDestroyKrbContext(krb5_context context); #ifdef __cplusplus } #endif #ifdef GSSEAP_ENABLE_ACCEPTOR #include "util_json.h" #include "util_attr.h" #include "util_base64.h" #endif /* GSSEAP_ENABLE_ACCEPTOR */ #ifdef GSSEAP_ENABLE_REAUTH #include "util_reauth.h" #endif #endif /* _UTIL_H_ */ mech_eap-0.9.2/mech_eap/inquire_saslname_for_mech.c0000644001755200017500000000377112406014472017331 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * Map SASL mechanism name to a mechanism OID. */ #include "gssapiP_eap.h" OM_uint32 GSSAPI_CALLCONV gss_inquire_mech_for_saslname(OM_uint32 *minor, const gss_buffer_t sasl_mech_name, gss_OID *mech_type) { *mech_type = gssEapSaslNameToOid(sasl_mech_name); if (*mech_type == GSS_C_NO_OID) { *minor = GSSEAP_WRONG_MECH; return GSS_S_BAD_MECH; } return GSS_S_COMPLETE; } mech_eap-0.9.2/mech_eap/verify_mic.c0000644001755200017500000000466612406014472014270 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * Message protection services: verify a message integrity check. */ #include "gssapiP_eap.h" OM_uint32 GSSAPI_CALLCONV gss_verify_mic(OM_uint32 *minor, gss_ctx_id_t ctx, gss_buffer_t message_buffer, gss_buffer_t message_token, gss_qop_t *qop_state) { OM_uint32 major; gss_iov_buffer_desc iov[3]; int conf_state; if (message_token->length < 16) { *minor = GSSEAP_TOK_TRUNC; return GSS_S_BAD_SIG; } *minor = 0; iov[0].type = GSS_IOV_BUFFER_TYPE_DATA; iov[0].buffer = *message_buffer; iov[1].type = GSS_IOV_BUFFER_TYPE_HEADER; iov[1].buffer = *message_token; GSSEAP_MUTEX_LOCK(&ctx->mutex); major = gssEapUnwrapOrVerifyMIC(minor, ctx, &conf_state, qop_state, iov, 2, TOK_TYPE_MIC); GSSEAP_MUTEX_UNLOCK(&ctx->mutex); return major; } mech_eap-0.9.2/mech_eap/mech_eap-noacceptor.exports0000644001755200017500000000232412406014472017277 00000000000000gss_acquire_cred gss_add_cred gss_add_cred_with_password gss_canonicalize_name gss_compare_name gss_context_time gss_delete_sec_context gss_display_name gss_display_name_ext gss_display_status gss_duplicate_name gss_exchange_meta_data gss_export_name gss_export_sec_context gss_get_mic gss_import_name gss_import_sec_context gss_indicate_mechs gss_init_sec_context gss_inquire_attrs_for_mech gss_inquire_context gss_inquire_cred gss_inquire_cred_by_mech gss_inquire_cred_by_oid gss_inquire_mechs_for_name gss_inquire_mech_for_saslname gss_inquire_names_for_mech gss_inquire_saslname_for_mech gss_inquire_sec_context_by_oid gss_process_context_token gss_pseudo_random gss_query_mechanism_info gss_query_meta_data gss_release_cred gss_release_name gss_internal_release_oid gss_set_sec_context_option gss_store_cred gss_unwrap gss_unwrap_iov gss_verify_mic gss_wrap gss_wrap_iov gss_wrap_iov_length gss_wrap_size_limit GSS_EAP_AES128_CTS_HMAC_SHA1_96_MECHANISM GSS_EAP_AES256_CTS_HMAC_SHA1_96_MECHANISM GSS_EAP_NT_EAP_NAME GSS_EAP_CRED_SET_CRED_FLAG GSS_EAP_CRED_SET_CRED_PASSWORD GSS_EAP_CRED_SET_RADIUS_CONFIG_FILE GSS_EAP_CRED_SET_RADIUS_CONFIG_STANZA gssspi_acquire_cred_with_password gssspi_authorize_localname gssspi_set_cred_option mech_eap-0.9.2/mech_eap/import_sec_context.c0000644001755200017500000002534612406014472016042 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * Deserialise a context handle. */ #include "gssapiP_eap.h" #define UPDATE_REMAIN(n) do { \ p += (n); \ remain -= (n); \ } while (0) #define CHECK_REMAIN(n) do { \ if (remain < (n)) { \ *minor = GSSEAP_TOK_TRUNC; \ return GSS_S_DEFECTIVE_TOKEN; \ } \ } while (0) #ifdef GSSEAP_ENABLE_ACCEPTOR static OM_uint32 gssEapImportPartialContext(OM_uint32 *minor, unsigned char **pBuf, size_t *pRemain, gss_ctx_id_t ctx) { OM_uint32 major; unsigned char *p = *pBuf; size_t remain = *pRemain; gss_buffer_desc buf; size_t ctxLength, serverLen; /* Length of partial RADIUS context */ CHECK_REMAIN(4); ctxLength = load_uint32_be(p); UPDATE_REMAIN(4); CHECK_REMAIN(ctxLength); remain = ctxLength; /* check against partial context length */ /* Selected RADIUS server */ CHECK_REMAIN(4); serverLen = load_uint32_be(p); UPDATE_REMAIN(4); if (serverLen != 0) { CHECK_REMAIN(serverLen); ctx->acceptorCtx.radServer = GSSEAP_MALLOC(serverLen + 1); if (ctx->acceptorCtx.radServer == NULL) { *minor = ENOMEM; return GSS_S_FAILURE; } memcpy(ctx->acceptorCtx.radServer, p, serverLen); ctx->acceptorCtx.radServer[serverLen] = '\0'; UPDATE_REMAIN(serverLen); } /* RADIUS state blob */ CHECK_REMAIN(4); buf.length = load_uint32_be(p); UPDATE_REMAIN(4); if (buf.length != 0) { CHECK_REMAIN(buf.length); buf.value = p; major = duplicateBuffer(minor, &buf, &ctx->acceptorCtx.state); if (GSS_ERROR(major)) return major; UPDATE_REMAIN(buf.length); } #ifdef GSSEAP_DEBUG GSSEAP_ASSERT(remain == 0); #endif *pBuf = p; *pRemain -= 4 + ctxLength; return GSS_S_COMPLETE; } #endif /* GSSEAP_ENABLE_ACCEPTOR */ static OM_uint32 importMechanismOid(OM_uint32 *minor, unsigned char **pBuf, size_t *pRemain, gss_OID *pOid) { OM_uint32 major; unsigned char *p = *pBuf; size_t remain = *pRemain; gss_OID_desc oidBuf; oidBuf.length = load_uint32_be(p); if (remain < 4 + oidBuf.length || oidBuf.length == 0) { *minor = GSSEAP_TOK_TRUNC; return GSS_S_DEFECTIVE_TOKEN; } oidBuf.elements = &p[4]; major = gssEapCanonicalizeOid(minor, &oidBuf, 0, pOid); if (GSS_ERROR(major)) return major; *pBuf += 4 + oidBuf.length; *pRemain -= 4 + oidBuf.length; *minor = 0; return GSS_S_COMPLETE; } static OM_uint32 importKerberosKey(OM_uint32 *minor, unsigned char **pBuf, size_t *pRemain, krb5_cksumtype *checksumType, krb5_enctype *pEncryptionType, krb5_keyblock *pKey) { unsigned char *p = *pBuf; size_t remain = *pRemain; OM_uint32 encryptionType; OM_uint32 length; krb5_context krbContext; krb5_keyblock key; krb5_error_code code; GSSEAP_KRB_INIT(&krbContext); KRB_KEY_INIT(pKey); if (remain < 12) { *minor = GSSEAP_TOK_TRUNC; return GSS_S_DEFECTIVE_TOKEN; } *checksumType = load_uint32_be(&p[0]); encryptionType = load_uint32_be(&p[4]); length = load_uint32_be(&p[8]); if ((length != 0) != (encryptionType != ENCTYPE_NULL)) { *minor = GSSEAP_BAD_CONTEXT_TOKEN; return GSS_S_DEFECTIVE_TOKEN; } if (remain - 12 < length) { *minor = GSSEAP_TOK_TRUNC; return GSS_S_DEFECTIVE_TOKEN; } if (encryptionType != ENCTYPE_NULL) { KRB_KEY_INIT(&key); KRB_KEY_TYPE(&key) = encryptionType; KRB_KEY_LENGTH(&key) = length; KRB_KEY_DATA(&key) = &p[12]; code = krb5_copy_keyblock_contents(krbContext, &key, pKey); if (code != 0) { *minor = code; return GSS_S_FAILURE; } } *pBuf += 12 + length; *pRemain -= 12 + length; *pEncryptionType = encryptionType; *minor = 0; return GSS_S_COMPLETE; } static OM_uint32 importName(OM_uint32 *minor, gss_OID mech, unsigned char **pBuf, size_t *pRemain, gss_name_t *pName) { OM_uint32 major, tmpMinor, flags; unsigned char *p = *pBuf; size_t remain = *pRemain; gss_buffer_desc tmp; if (remain < 4) { *minor = GSSEAP_TOK_TRUNC; return GSS_S_DEFECTIVE_TOKEN; } tmp.length = load_uint32_be(p); if (tmp.length != 0) { if (remain - 4 < tmp.length) { *minor = GSSEAP_TOK_TRUNC; return GSS_S_DEFECTIVE_TOKEN; } tmp.value = p + 4; flags = EXPORT_NAME_FLAG_COMPOSITE; if (mech == GSS_C_NO_OID) flags |= EXPORT_NAME_FLAG_OID; major = gssEapImportNameInternal(minor, &tmp, pName, flags); if (GSS_ERROR(major)) return major; if ((flags & EXPORT_NAME_FLAG_OID) == 0) { major = gssEapCanonicalizeOid(minor, mech, 0, &(*pName)->mechanismUsed); if (GSS_ERROR(major)) { gssEapReleaseName(&tmpMinor, pName); return major; } } } *pBuf += 4 + tmp.length; *pRemain -= 4 + tmp.length; *minor = 0; return GSS_S_COMPLETE; } OM_uint32 gssEapImportContext(OM_uint32 *minor, gss_buffer_t token, gss_ctx_id_t ctx) { OM_uint32 major; unsigned char *p = (unsigned char *)token->value; size_t remain = token->length; if (remain < 16) { *minor = GSSEAP_TOK_TRUNC; return GSS_S_DEFECTIVE_TOKEN; } if (load_uint32_be(&p[0]) != EAP_EXPORT_CONTEXT_V1) { *minor = GSSEAP_BAD_CONTEXT_TOKEN; return GSS_S_DEFECTIVE_TOKEN; } ctx->state = load_uint32_be(&p[4]); ctx->flags = load_uint32_be(&p[8]); ctx->gssFlags = load_uint32_be(&p[12]); p += 16; remain -= 16; /* Validate state */ if (GSSEAP_SM_STATE(ctx) < GSSEAP_STATE_INITIAL || GSSEAP_SM_STATE(ctx) > GSSEAP_STATE_ESTABLISHED) return GSS_S_DEFECTIVE_TOKEN; /* Only acceptor can export partial context tokens */ if (CTX_IS_INITIATOR(ctx) && !CTX_IS_ESTABLISHED(ctx)) return GSS_S_DEFECTIVE_TOKEN; major = importMechanismOid(minor, &p, &remain, &ctx->mechanismUsed); if (GSS_ERROR(major)) return major; major = importKerberosKey(minor, &p, &remain, &ctx->checksumType, &ctx->encryptionType, &ctx->rfc3961Key); if (GSS_ERROR(major)) return major; /* Initiator name OID matches the context mechanism, so it's not encoded */ major = importName(minor, ctx->mechanismUsed, &p, &remain, &ctx->initiatorName); if (GSS_ERROR(major)) return major; major = importName(minor, GSS_C_NO_OID, &p, &remain, &ctx->acceptorName); if (GSS_ERROR(major)) return major; /* Check that, if context is established, names are valid */ if (CTX_IS_ESTABLISHED(ctx) && (CTX_IS_INITIATOR(ctx) ? ctx->acceptorName == GSS_C_NO_NAME : ctx->initiatorName == GSS_C_NO_NAME)) { return GSS_S_DEFECTIVE_TOKEN; } if (remain < 24 + sequenceSize(ctx->seqState)) { *minor = GSSEAP_TOK_TRUNC; return GSS_S_DEFECTIVE_TOKEN; } ctx->expiryTime = (time_t)load_uint64_be(&p[0]); ctx->sendSeq = load_uint64_be(&p[8]); ctx->recvSeq = load_uint64_be(&p[16]); p += 24; remain -= 24; major = sequenceInternalize(minor, &ctx->seqState, &p, &remain); if (GSS_ERROR(major)) return major; #ifdef GSSEAP_ENABLE_ACCEPTOR /* * The partial context should only be expected for unestablished * acceptor contexts. */ if (!CTX_IS_INITIATOR(ctx) && !CTX_IS_ESTABLISHED(ctx) && (ctx->flags & CTX_FLAG_KRB_REAUTH) == 0) { major = gssEapImportPartialContext(minor, &p, &remain, ctx); if (GSS_ERROR(major)) return major; } #ifdef GSSEAP_DEBUG GSSEAP_ASSERT(remain == 0); #endif #endif /* GSSEAP_ENABLE_ACCEPTOR */ major = GSS_S_COMPLETE; *minor = 0; return major; } OM_uint32 GSSAPI_CALLCONV gss_import_sec_context(OM_uint32 *minor, gss_buffer_t interprocess_token, gss_ctx_id_t *context_handle) { OM_uint32 major, tmpMinor; gss_ctx_id_t ctx = GSS_C_NO_CONTEXT; *context_handle = GSS_C_NO_CONTEXT; if (interprocess_token == GSS_C_NO_BUFFER || interprocess_token->length == 0) { *minor = GSSEAP_TOK_TRUNC; return GSS_S_DEFECTIVE_TOKEN; } major = gssEapAllocContext(minor, &ctx); if (GSS_ERROR(major)) goto cleanup; major = gssEapImportContext(minor, interprocess_token, ctx); if (GSS_ERROR(major)) goto cleanup; *context_handle = ctx; cleanup: if (GSS_ERROR(major)) gssEapReleaseContext(&tmpMinor, &ctx); return major; } mech_eap-0.9.2/mech_eap/wrap_iov.c0000644001755200017500000003037412406014472013755 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * Copyright 2008 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright * notice appear in all copies and that both that copyright notice and * this permission notice appear in supporting documentation, and that * the name of M.I.T. not be used in advertising or publicity pertaining * to distribution of the software without specific, written prior * permission. Furthermore if you modify this software you must label * your software as modified software and not distribute it in such a * fashion that it might be confused with the original M.I.T. software. * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. */ /* * Message protection services: wrap with scatter-gather API. */ #include "gssapiP_eap.h" unsigned char rfc4121Flags(gss_ctx_id_t ctx, int receiving) { unsigned char flags; int isAcceptor; isAcceptor = !CTX_IS_INITIATOR(ctx); if (receiving) isAcceptor = !isAcceptor; flags = 0; if (isAcceptor) flags |= TOK_FLAG_SENDER_IS_ACCEPTOR; if ((ctx->flags & CTX_FLAG_KRB_REAUTH) && (ctx->gssFlags & GSS_C_MUTUAL_FLAG)) flags |= TOK_FLAG_ACCEPTOR_SUBKEY; return flags; } OM_uint32 gssEapWrapOrGetMIC(OM_uint32 *minor, gss_ctx_id_t ctx, int conf_req_flag, int *conf_state, gss_iov_buffer_desc *iov, int iov_count, enum gss_eap_token_type toktype) { krb5_error_code code = 0; gss_iov_buffer_t header; gss_iov_buffer_t padding; gss_iov_buffer_t trailer; unsigned char flags; unsigned char *outbuf = NULL; unsigned char *tbuf = NULL; int keyUsage; size_t rrc = 0; size_t gssHeaderLen, gssTrailerLen; size_t dataLen, assocDataLen; krb5_context krbContext; #ifdef HAVE_HEIMDAL_VERSION krb5_crypto krbCrypto = NULL; #endif if (ctx->encryptionType == ENCTYPE_NULL) { *minor = GSSEAP_KEY_UNAVAILABLE; return GSS_S_UNAVAILABLE; } GSSEAP_KRB_INIT(&krbContext); flags = rfc4121Flags(ctx, FALSE); if (toktype == TOK_TYPE_WRAP) { keyUsage = CTX_IS_INITIATOR(ctx) ? KEY_USAGE_INITIATOR_SEAL : KEY_USAGE_ACCEPTOR_SEAL; } else { keyUsage = CTX_IS_INITIATOR(ctx) ? KEY_USAGE_INITIATOR_SIGN : KEY_USAGE_ACCEPTOR_SIGN; } gssEapIovMessageLength(iov, iov_count, &dataLen, &assocDataLen); header = gssEapLocateIov(iov, iov_count, GSS_IOV_BUFFER_TYPE_HEADER); if (header == NULL) { *minor = GSSEAP_MISSING_IOV; return GSS_S_FAILURE; } padding = gssEapLocateIov(iov, iov_count, GSS_IOV_BUFFER_TYPE_PADDING); if (padding != NULL) padding->buffer.length = 0; trailer = gssEapLocateIov(iov, iov_count, GSS_IOV_BUFFER_TYPE_TRAILER); #ifdef HAVE_HEIMDAL_VERSION code = krb5_crypto_init(krbContext, &ctx->rfc3961Key, ETYPE_NULL, &krbCrypto); if (code != 0) goto cleanup; #endif if (toktype == TOK_TYPE_WRAP && conf_req_flag) { size_t krbHeaderLen, krbTrailerLen, krbPadLen; size_t ec = 0, confDataLen = dataLen - assocDataLen; code = krbCryptoLength(krbContext, KRB_CRYPTO_CONTEXT(ctx), KRB5_CRYPTO_TYPE_HEADER, &krbHeaderLen); if (code != 0) goto cleanup; code = krbPaddingLength(krbContext, KRB_CRYPTO_CONTEXT(ctx), confDataLen + 16 /* E(Header) */, &krbPadLen); if (code != 0) goto cleanup; if (krbPadLen == 0 && (ctx->gssFlags & GSS_C_DCE_STYLE)) { /* Windows rejects AEAD tokens with non-zero EC */ code = krbBlockSize(krbContext, KRB_CRYPTO_CONTEXT(ctx), &ec); if (code != 0) goto cleanup; } else ec = krbPadLen; code = krbCryptoLength(krbContext, KRB_CRYPTO_CONTEXT(ctx), KRB5_CRYPTO_TYPE_TRAILER, &krbTrailerLen); if (code != 0) goto cleanup; gssHeaderLen = 16 /* Header */ + krbHeaderLen; gssTrailerLen = ec + 16 /* E(Header) */ + krbTrailerLen; if (trailer == NULL) { rrc = gssTrailerLen; /* Workaround for Windows bug where it rotates by EC + RRC */ if (ctx->gssFlags & GSS_C_DCE_STYLE) rrc -= ec; gssHeaderLen += gssTrailerLen; } if (header->type & GSS_IOV_BUFFER_FLAG_ALLOCATE) { code = gssEapAllocIov(header, (size_t)gssHeaderLen); } else if (header->buffer.length < gssHeaderLen) code = GSSEAP_WRONG_SIZE; if (code != 0) goto cleanup; outbuf = (unsigned char *)header->buffer.value; header->buffer.length = (size_t)gssHeaderLen; if (trailer != NULL) { if (trailer->type & GSS_IOV_BUFFER_FLAG_ALLOCATE) code = gssEapAllocIov(trailer, (size_t)gssTrailerLen); else if (trailer->buffer.length < gssTrailerLen) code = GSSEAP_WRONG_SIZE; if (code != 0) goto cleanup; trailer->buffer.length = (size_t)gssTrailerLen; } /* TOK_ID */ store_uint16_be((uint16_t)toktype, outbuf); /* flags */ outbuf[2] = flags | (conf_req_flag ? TOK_FLAG_WRAP_CONFIDENTIAL : 0); /* filler */ outbuf[3] = 0xFF; /* EC */ store_uint16_be(ec, outbuf + 4); /* RRC */ store_uint16_be(0, outbuf + 6); store_uint64_be(ctx->sendSeq, outbuf + 8); /* * EC | copy of header to be encrypted, located in * (possibly rotated) trailer */ if (trailer == NULL) tbuf = (unsigned char *)header->buffer.value + 16; /* Header */ else tbuf = (unsigned char *)trailer->buffer.value; memset(tbuf, 0xFF, ec); memcpy(tbuf + ec, header->buffer.value, 16); code = gssEapEncrypt(krbContext, ((ctx->gssFlags & GSS_C_DCE_STYLE) != 0), ec, rrc, KRB_CRYPTO_CONTEXT(ctx), keyUsage, iov, iov_count); if (code != 0) goto cleanup; /* RRC */ store_uint16_be(rrc, outbuf + 6); ctx->sendSeq++; } else if (toktype == TOK_TYPE_WRAP && !conf_req_flag) { wrap_with_checksum: gssHeaderLen = 16; code = krbCryptoLength(krbContext, KRB_CRYPTO_CONTEXT(ctx), KRB5_CRYPTO_TYPE_CHECKSUM, &gssTrailerLen); if (code != 0) goto cleanup; GSSEAP_ASSERT(gssTrailerLen <= 0xFFFF); if (trailer == NULL) { rrc = gssTrailerLen; gssHeaderLen += gssTrailerLen; } if (header->type & GSS_IOV_BUFFER_FLAG_ALLOCATE) code = gssEapAllocIov(header, (size_t)gssHeaderLen); else if (header->buffer.length < gssHeaderLen) code = GSSEAP_WRONG_SIZE; if (code != 0) goto cleanup; outbuf = (unsigned char *)header->buffer.value; header->buffer.length = (size_t)gssHeaderLen; if (trailer != NULL) { if (trailer->type & GSS_IOV_BUFFER_FLAG_ALLOCATE) code = gssEapAllocIov(trailer, (size_t)gssTrailerLen); else if (trailer->buffer.length < gssTrailerLen) code = GSSEAP_WRONG_SIZE; if (code != 0) goto cleanup; trailer->buffer.length = (size_t)gssTrailerLen; } /* TOK_ID */ store_uint16_be((uint16_t)toktype, outbuf); /* flags */ outbuf[2] = flags; /* filler */ outbuf[3] = 0xFF; if (toktype == TOK_TYPE_WRAP) { /* Use 0 for checksum calculation, substitute * checksum length later. */ /* EC */ store_uint16_be(0, outbuf + 4); /* RRC */ store_uint16_be(0, outbuf + 6); } else { /* MIC and DEL store 0xFF in EC and RRC */ store_uint16_be(0xFFFF, outbuf + 4); store_uint16_be(0xFFFF, outbuf + 6); } store_uint64_be(ctx->sendSeq, outbuf + 8); code = gssEapSign(krbContext, ctx->checksumType, rrc, KRB_CRYPTO_CONTEXT(ctx), keyUsage, iov, iov_count); if (code != 0) goto cleanup; ctx->sendSeq++; if (toktype == TOK_TYPE_WRAP) { /* Fix up EC field */ store_uint16_be(gssTrailerLen, outbuf + 4); /* Fix up RRC field */ store_uint16_be(rrc, outbuf + 6); } } else if (toktype == TOK_TYPE_MIC) { trailer = NULL; goto wrap_with_checksum; } else if (toktype == TOK_TYPE_DELETE_CONTEXT) { trailer = NULL; goto wrap_with_checksum; } else { abort(); } code = 0; if (conf_state != NULL) *conf_state = conf_req_flag; cleanup: if (code != 0) gssEapReleaseIov(iov, iov_count); #ifdef HAVE_HEIMDAL_VERSION if (krbCrypto != NULL) krb5_crypto_destroy(krbContext, krbCrypto); #endif *minor = code; return (code == 0) ? GSS_S_COMPLETE : GSS_S_FAILURE; } OM_uint32 GSSAPI_CALLCONV gss_wrap_iov(OM_uint32 *minor, gss_ctx_id_t ctx, int conf_req_flag, gss_qop_t qop_req, int *conf_state, gss_iov_buffer_desc *iov, int iov_count) { OM_uint32 major; if (ctx == GSS_C_NO_CONTEXT) { *minor = EINVAL; return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CONTEXT; } if (qop_req != GSS_C_QOP_DEFAULT) { *minor = GSSEAP_UNKNOWN_QOP; return GSS_S_UNAVAILABLE; } *minor = 0; GSSEAP_MUTEX_LOCK(&ctx->mutex); if (!CTX_IS_ESTABLISHED(ctx)) { major = GSS_S_NO_CONTEXT; *minor = GSSEAP_CONTEXT_INCOMPLETE; goto cleanup; } major = gssEapWrapOrGetMIC(minor, ctx, conf_req_flag, conf_state, iov, iov_count, TOK_TYPE_WRAP); if (GSS_ERROR(major)) goto cleanup; cleanup: GSSEAP_MUTEX_UNLOCK(&ctx->mutex); return major; } mech_eap-0.9.2/mech_eap/README0000644001755200017500000001040412406014472012633 00000000000000Overview ======== This is an implementation of the GSS EAP mechanism, as described in draft-ietf-abfab-gss-eap-01.txt. Building ======== In order to build this, a recent Kerberos implementation (MIT or Heimdal), Shibboleth, and EAP libraries are required, along with all of their dependencies. Note: not all SPIs are supported by the Heimdal mechanism glue, so not all features will be available. Installing ========== GSS mechglue ------------ When installing, be sure to edit $prefix/etc/gss/mech to register the EAP mechanisms. A sample configuration file is in this directory. You may need to specify an absolute path. RADIUS client library --------------------- Make sure your RADIUS library is configured to talk to the server of your choice: see the example radsec.conf in this directory. If you want to use TCP or TLS, you'll need to run radsecproxy in front of your RADIUS server. RADIUS server ------------- These instructions apply to FreeRADIUS only, which is downloadable from http://freeradius.org/. After configure, make, install, do the following: On the RADIUS server side, you need to install dictionary.ukerna to $prefix/etc/raddb and include it from the main dictionary file, by adding: $INCLUDE dictionary.ukerna to $prefix/etc/raddb/dictionary. Make sure these files are world- readable; they weren't in my installation. Edit $prefix/etc/raddb/users to add your test user and password: bob@PROJECT-MOONSHOT.ORG Cleartext-Password := secret Add an entry for your acceptor to $prefix/etc/raddb/clients.conf: client somehost { ipaddr = 127.0.0.1 secret = testing123 require_message_authenticator = yes } Edit $prefix/etc/raddb/eap.conf and set: eap { ... default_eap_type = ttls ... tls { certdir = ... cadir = ... private_key_file = ... certificate_file = ... } ttls { default_eap_type = mschapv2 copy_request_to_tunnel = no use_tunneled_reply = no virtual_server = "inner-tunnel" } ... } to enable EAP-TTLS. If you want the acceptor be able to identify the user, the RADIUS server needs to echo back the EAP username from the inner tunnel; for privacy, mech_eap only sends the realm in the EAP Identity response. To configure this with FreeRADIUS, add: update outer.reply { User-Name = "%{request:User-Name}" } If you want to add a SAML assertion, do this with "update reply" in $prefix/etc/raddb/sites-available/default: update reply { SAML-AAA-Assertion = ', and appropriately ( is the name of the host running the server, not the RADIUS server). % gss-client -port 5555 -spnego -mech "{1 3 6 1 5 5 15 1 1 18}" \ -user @ -pass host@ \ "Testing GSS EAP" % gss-server -port 5555 -export host@ Note: for SASL you will be prompted for a username and password. % client -C -p 5556 -s host -m EAP-AES128 % server -c -p 5556 -s host -h To test fast reauthentication support, add the following to /etc/krb5.conf: [appdefaults] eap_gss = { reauth_use_ccache = TRUE } This will store a Kerberos ticket for a GSS-EAP authenticated user in a credentials cache, which can then be used for re-authentication to the same acceptor. You must have a valid keytab configured. In this testing phase of Moonshot, it's also possible to store a default identity and credential in a file. The format consists of the string representation of the initiator identity and the password, separated by newlines. The default location of this file is .gss_eap_id in the user's home directory, however the GSSEAP_IDENTITY environment variable can be used to set an alternate location. You can also set a default realm in [appdefaults]; the Kerberos default realm is never used by mech_eap (or at least, that is the intention), so if unspecified you must always qualify names. It should generally not be necessary to specify this. mech_eap-0.9.2/mech_eap/radsec.conf0000644001755200017500000000025412406014476014071 00000000000000realm gss-eap { type = "UDP" timeout = 5 retries = 3 server { hostname = "localhost" service = "1812" secret = "testing123" } } mech_eap-0.9.2/mech_eap/util_crypt.c0000644001755200017500000002770512406014472014331 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * Copyright 2001, 2008 by the Massachusetts Institute of Technology. * Copyright 1993 by OpenVision Technologies, Inc. * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and * that both that copyright notice and this permission notice appear in * supporting documentation, and that the name of OpenVision not be used * in advertising or publicity pertaining to distribution of the software * without specific, written prior permission. OpenVision makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. * * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR * PERFORMANCE OF THIS SOFTWARE. */ /* * Copyright (C) 1998 by the FundsXpress, INC. * * All rights reserved. * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright * notice appear in all copies and that both that copyright notice and * this permission notice appear in supporting documentation, and that * the name of FundsXpress. not be used in advertising or publicity pertaining * to distribution of the software without specific, written prior * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. */ /* * Message protection services: cryptography helpers. */ #include "gssapiP_eap.h" /* * DCE_STYLE indicates actual RRC is EC + RRC * EC is extra rotate count for DCE_STYLE, pad length otherwise * RRC is rotate count. */ static krb5_error_code mapIov(krb5_context context, int dce_style, size_t ec, size_t rrc, #ifdef HAVE_HEIMDAL_VERSION krb5_crypto crypto, #else krb5_keyblock *crypto, #endif gss_iov_buffer_desc *iov, int iov_count, krb5_crypto_iov **pkiov, size_t *pkiov_count) { gss_iov_buffer_t header; gss_iov_buffer_t trailer; int i = 0, j; size_t kiov_count; krb5_crypto_iov *kiov; size_t k5_headerlen = 0, k5_trailerlen = 0; size_t gss_headerlen, gss_trailerlen; krb5_error_code code; *pkiov = NULL; *pkiov_count = 0; header = gssEapLocateIov(iov, iov_count, GSS_IOV_BUFFER_TYPE_HEADER); GSSEAP_ASSERT(header != NULL); trailer = gssEapLocateIov(iov, iov_count, GSS_IOV_BUFFER_TYPE_TRAILER); GSSEAP_ASSERT(trailer == NULL || rrc == 0); code = krbCryptoLength(context, crypto, KRB5_CRYPTO_TYPE_HEADER, &k5_headerlen); if (code != 0) return code; code = krbCryptoLength(context, crypto, KRB5_CRYPTO_TYPE_TRAILER, &k5_trailerlen); if (code != 0) return code; /* Check header and trailer sizes */ gss_headerlen = 16 /* GSS-Header */ + k5_headerlen; /* Kerb-Header */ gss_trailerlen = ec + 16 /* E(GSS-Header) */ + k5_trailerlen; /* Kerb-Trailer */ /* If we're caller without a trailer, we must rotate by trailer length */ if (trailer == NULL) { size_t actual_rrc = rrc; if (dce_style) actual_rrc += ec; /* compensate for Windows bug */ if (actual_rrc != gss_trailerlen) return KRB5_BAD_MSIZE; gss_headerlen += gss_trailerlen; } else { if (trailer->buffer.length != gss_trailerlen) return KRB5_BAD_MSIZE; } if (header->buffer.length != gss_headerlen) return KRB5_BAD_MSIZE; kiov_count = 3 + iov_count; kiov = (krb5_crypto_iov *)GSSEAP_MALLOC(kiov_count * sizeof(krb5_crypto_iov)); if (kiov == NULL) return ENOMEM; /* * The krb5 header is located at the end of the GSS header. */ kiov[i].flags = KRB5_CRYPTO_TYPE_HEADER; kiov[i].data.length = k5_headerlen; kiov[i].data.data = (char *)header->buffer.value + header->buffer.length - k5_headerlen; i++; for (j = 0; j < iov_count; j++) { kiov[i].flags = gssEapMapCryptoFlag(iov[j].type); if (kiov[i].flags == KRB5_CRYPTO_TYPE_EMPTY) continue; kiov[i].data.length = iov[j].buffer.length; kiov[i].data.data = (char *)iov[j].buffer.value; i++; } /* * The EC and encrypted GSS header are placed in the trailer, which may * be rotated directly after the plaintext header if no trailer buffer * is provided. */ kiov[i].flags = KRB5_CRYPTO_TYPE_DATA; kiov[i].data.length = ec + 16; /* E(Header) */ if (trailer == NULL) kiov[i].data.data = (char *)header->buffer.value + 16; else kiov[i].data.data = (char *)trailer->buffer.value; i++; /* * The krb5 trailer is placed after the encrypted copy of the * krb5 header (which may be in the GSS header or trailer). */ kiov[i].flags = KRB5_CRYPTO_TYPE_TRAILER; kiov[i].data.length = k5_trailerlen; kiov[i].data.data = (char *)kiov[i - 1].data.data + ec + 16; /* E(Header) */ i++; *pkiov = kiov; *pkiov_count = i; return 0; } int gssEapEncrypt(krb5_context context, int dce_style, size_t ec, size_t rrc, #ifdef HAVE_HEIMDAL_VERSION krb5_crypto crypto, #else krb5_keyblock *crypto, #endif int usage, gss_iov_buffer_desc *iov, int iov_count) { krb5_error_code code; size_t kiov_count; krb5_crypto_iov *kiov = NULL; code = mapIov(context, dce_style, ec, rrc, crypto, iov, iov_count, &kiov, &kiov_count); if (code != 0) goto cleanup; #ifdef HAVE_HEIMDAL_VERSION code = krb5_encrypt_iov_ivec(context, crypto, usage, kiov, kiov_count, NULL); #else code = krb5_c_encrypt_iov(context, crypto, usage, NULL, kiov, kiov_count); #endif if (code != 0) goto cleanup; cleanup: if (kiov != NULL) GSSEAP_FREE(kiov); return code; } int gssEapDecrypt(krb5_context context, int dce_style, size_t ec, size_t rrc, #ifdef HAVE_HEIMDAL_VERSION krb5_crypto crypto, #else krb5_keyblock *crypto, #endif int usage, gss_iov_buffer_desc *iov, int iov_count) { krb5_error_code code; size_t kiov_count; krb5_crypto_iov *kiov; code = mapIov(context, dce_style, ec, rrc, crypto, iov, iov_count, &kiov, &kiov_count); if (code != 0) goto cleanup; #ifdef HAVE_HEIMDAL_VERSION code = krb5_decrypt_iov_ivec(context, crypto, usage, kiov, kiov_count, NULL); #else code = krb5_c_decrypt_iov(context, crypto, usage, NULL, kiov, kiov_count); #endif cleanup: if (kiov != NULL) GSSEAP_FREE(kiov); return code; } int gssEapMapCryptoFlag(OM_uint32 type) { int ktype; switch (GSS_IOV_BUFFER_TYPE(type)) { case GSS_IOV_BUFFER_TYPE_DATA: case GSS_IOV_BUFFER_TYPE_PADDING: ktype = KRB5_CRYPTO_TYPE_DATA; break; case GSS_IOV_BUFFER_TYPE_SIGN_ONLY: ktype = KRB5_CRYPTO_TYPE_SIGN_ONLY; break; default: ktype = KRB5_CRYPTO_TYPE_EMPTY; break; } return ktype; } gss_iov_buffer_t gssEapLocateIov(gss_iov_buffer_desc *iov, int iov_count, OM_uint32 type) { int i; gss_iov_buffer_t p = GSS_C_NO_IOV_BUFFER; if (iov == GSS_C_NO_IOV_BUFFER) return GSS_C_NO_IOV_BUFFER; for (i = iov_count - 1; i >= 0; i--) { if (GSS_IOV_BUFFER_TYPE(iov[i].type) == type) { if (p == GSS_C_NO_IOV_BUFFER) p = &iov[i]; else return GSS_C_NO_IOV_BUFFER; } } return p; } void gssEapIovMessageLength(gss_iov_buffer_desc *iov, int iov_count, size_t *data_length_p, size_t *assoc_data_length_p) { int i; size_t data_length = 0, assoc_data_length = 0; GSSEAP_ASSERT(iov != GSS_C_NO_IOV_BUFFER); *data_length_p = *assoc_data_length_p = 0; for (i = 0; i < iov_count; i++) { OM_uint32 type = GSS_IOV_BUFFER_TYPE(iov[i].type); if (type == GSS_IOV_BUFFER_TYPE_SIGN_ONLY) assoc_data_length += iov[i].buffer.length; if (type == GSS_IOV_BUFFER_TYPE_DATA || type == GSS_IOV_BUFFER_TYPE_SIGN_ONLY) data_length += iov[i].buffer.length; } *data_length_p = data_length; *assoc_data_length_p = assoc_data_length; } void gssEapReleaseIov(gss_iov_buffer_desc *iov, int iov_count) { int i; OM_uint32 min_stat; GSSEAP_ASSERT(iov != GSS_C_NO_IOV_BUFFER); for (i = 0; i < iov_count; i++) { if (iov[i].type & GSS_IOV_BUFFER_FLAG_ALLOCATED) { gss_release_buffer(&min_stat, &iov[i].buffer); iov[i].type &= ~(GSS_IOV_BUFFER_FLAG_ALLOCATED); } } } int gssEapIsIntegrityOnly(gss_iov_buffer_desc *iov, int iov_count) { int i; krb5_boolean has_conf_data = FALSE; GSSEAP_ASSERT(iov != GSS_C_NO_IOV_BUFFER); for (i = 0; i < iov_count; i++) { if (GSS_IOV_BUFFER_TYPE(iov[i].type) == GSS_IOV_BUFFER_TYPE_DATA) { has_conf_data = TRUE; break; } } return (has_conf_data == FALSE); } int gssEapAllocIov(gss_iov_buffer_t iov, size_t size) { GSSEAP_ASSERT(iov != GSS_C_NO_IOV_BUFFER); GSSEAP_ASSERT(iov->type & GSS_IOV_BUFFER_FLAG_ALLOCATE); iov->buffer.length = size; iov->buffer.value = GSSEAP_MALLOC(size); if (iov->buffer.value == NULL) { iov->buffer.length = 0; return ENOMEM; } iov->type |= GSS_IOV_BUFFER_FLAG_ALLOCATED; return 0; } mech_eap-0.9.2/mech_eap/util_adshim.c0000644001755200017500000001751312406014472014431 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "gssapiP_eap.h" #include "authdata_plugin.h" /* * This rubbish is necessary because MIT doesn't provide another way * to access verified AD-KDCIssued elements. We can't verify them * ourselves because they're signed in the ticket session key, which * is destroyed immediately after the AP-REQ is processed. */ struct radius_ad_context { krb5_data avpdata; krb5_boolean verified; }; static krb5_data radius_ad_attr = { KV5M_DATA, sizeof("urn:authdata-aaa-radius") - 1, "urn:authdata-aaa-radius" }; static krb5_error_code radius_ad_init(krb5_context kcontext GSSEAP_UNUSED, void **plugin_context) { *plugin_context = 0; return 0; } static void radius_ad_flags(krb5_context kcontext GSSEAP_UNUSED, void *plugin_context GSSEAP_UNUSED, krb5_authdatatype ad_type GSSEAP_UNUSED, krb5_flags *flags) { *flags = AD_USAGE_KDC_ISSUED | AD_INFORMATIONAL; } static void radius_ad_fini(krb5_context kcontext GSSEAP_UNUSED, void *plugin_context GSSEAP_UNUSED) { return; } static krb5_error_code radius_ad_request_init(krb5_context kcontext GSSEAP_UNUSED, struct _krb5_authdata_context *context GSSEAP_UNUSED, void *plugin_context GSSEAP_UNUSED, void **request_context) { struct radius_ad_context *ctx; ctx = GSSEAP_CALLOC(1, sizeof(*ctx)); if (ctx == NULL) return ENOMEM; *request_context = ctx; return 0; } static krb5_error_code radius_ad_export_authdata(krb5_context kcontext, struct _krb5_authdata_context *context GSSEAP_UNUSED, void *plugin_context GSSEAP_UNUSED, void *request_context, krb5_flags usage GSSEAP_UNUSED, krb5_authdata ***out_authdata) { struct radius_ad_context *radius_ad = (struct radius_ad_context *)request_context; krb5_authdata *data[2]; krb5_authdata datum; datum.ad_type = KRB5_AUTHDATA_RADIUS_AVP; datum.length = radius_ad->avpdata.length; datum.contents = (krb5_octet *)radius_ad->avpdata.data; data[0] = &datum; data[1] = NULL; return krb5_copy_authdata(kcontext, data, out_authdata); } static krb5_error_code radius_ad_import_authdata(krb5_context kcontext, struct _krb5_authdata_context *context GSSEAP_UNUSED, void *plugin_context GSSEAP_UNUSED, void *request_context, krb5_authdata **authdata, krb5_boolean kdc_issued_flag, krb5_const_principal issuer GSSEAP_UNUSED) { struct radius_ad_context *radius_ad = (struct radius_ad_context *)request_context; krb5_free_data_contents(kcontext, &radius_ad->avpdata); radius_ad->verified = FALSE; GSSEAP_ASSERT(authdata[0] != NULL); radius_ad->avpdata.data = GSSEAP_MALLOC(authdata[0]->length); if (radius_ad->avpdata.data == NULL) return ENOMEM; memcpy(radius_ad->avpdata.data, authdata[0]->contents, authdata[0]->length); radius_ad->avpdata.length = authdata[0]->length; radius_ad->verified = kdc_issued_flag; return 0; } static void radius_ad_request_fini(krb5_context kcontext, struct _krb5_authdata_context *context GSSEAP_UNUSED, void *plugin_context GSSEAP_UNUSED, void *request_context) { struct radius_ad_context *radius_ad = (struct radius_ad_context *)request_context; if (radius_ad != NULL) { krb5_free_data_contents(kcontext, &radius_ad->avpdata); GSSEAP_FREE(radius_ad); } } static krb5_error_code radius_ad_get_attribute(krb5_context kcontext GSSEAP_UNUSED, struct _krb5_authdata_context *context GSSEAP_UNUSED, void *plugin_context GSSEAP_UNUSED, void *request_context, const krb5_data *attribute, krb5_boolean *authenticated, krb5_boolean *complete, krb5_data *value, krb5_data *display_value GSSEAP_UNUSED, int *more) { struct radius_ad_context *radius_ad = (struct radius_ad_context *)request_context; if (attribute->length != radius_ad_attr.length || memcmp(attribute->data, radius_ad_attr.data, radius_ad_attr.length) != 0) return ENOENT; if (radius_ad->avpdata.length == 0) return ENOENT; *authenticated = radius_ad->verified; *complete = TRUE; *more = 0; value->data = GSSEAP_MALLOC(radius_ad->avpdata.length); if (value->data == NULL) return ENOMEM; memcpy(value->data, radius_ad->avpdata.data, radius_ad->avpdata.length); value->length = radius_ad->avpdata.length; return 0; } static krb5_error_code radius_ad_copy(krb5_context kcontext GSSEAP_UNUSED, struct _krb5_authdata_context *context GSSEAP_UNUSED, void *plugin_context GSSEAP_UNUSED, void *request_context, void *dst_plugin_context GSSEAP_UNUSED, void *dst_request_context) { struct radius_ad_context *radius_ad_src = (struct radius_ad_context *)request_context; struct radius_ad_context *radius_ad_dst = (struct radius_ad_context *)dst_request_context; radius_ad_dst->avpdata.data = GSSEAP_MALLOC(radius_ad_src->avpdata.length); if (radius_ad_dst->avpdata.data == NULL) return ENOMEM; memcpy(radius_ad_dst->avpdata.data, radius_ad_src->avpdata.data, radius_ad_src->avpdata.length); radius_ad_dst->avpdata.length = radius_ad_src->avpdata.length; radius_ad_dst->verified = radius_ad_src->verified; return 0; } static krb5_authdatatype radius_ad_ad_types[] = { KRB5_AUTHDATA_RADIUS_AVP, 0 }; krb5plugin_authdata_client_ftable_v0 authdata_client_0 = { "radius_ad", radius_ad_ad_types, radius_ad_init, radius_ad_fini, radius_ad_flags, radius_ad_request_init, radius_ad_request_fini, NULL, radius_ad_get_attribute, NULL, NULL, radius_ad_export_authdata, radius_ad_import_authdata, NULL, NULL, NULL, NULL, NULL, NULL, radius_ad_copy }; mech_eap-0.9.2/mech_eap/release_cred.c0000644001755200017500000000341012406014472014533 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * Release a credential handle. */ #include "gssapiP_eap.h" OM_uint32 GSSAPI_CALLCONV gss_release_cred(OM_uint32 *minor, gss_cred_id_t *cred_handle) { return gssEapReleaseCred(minor, cred_handle); } mech_eap-0.9.2/mech_eap/util_saml.h0000644001755200017500000001372112406014472014122 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * SAML attribute provider. */ #ifndef _UTIL_SAML_H_ #define _UTIL_SAML_H_ 1 #ifdef __cplusplus namespace opensaml { namespace saml2 { class Attribute; class Assertion; class NameID; }; }; struct gss_eap_saml_assertion_provider : gss_eap_attr_provider { public: gss_eap_saml_assertion_provider(void); ~gss_eap_saml_assertion_provider(void); bool initWithExistingContext(const gss_eap_attr_ctx *source, const gss_eap_attr_provider *ctx); bool initWithGssContext(const gss_eap_attr_ctx *source, const gss_cred_id_t cred, const gss_ctx_id_t ctx); bool getAttributeTypes(gss_eap_attr_enumeration_cb, void *data) const; bool setAttribute(int complete, const gss_buffer_t attr, const gss_buffer_t value); bool deleteAttribute(const gss_buffer_t value); bool getAttribute(const gss_buffer_t attr, int *authenticated, int *complete, gss_buffer_t value, gss_buffer_t display_value, int *more) const; gss_any_t mapToAny(int authenticated, gss_buffer_t type_id) const; void releaseAnyNameMapping(gss_buffer_t type_id, gss_any_t input) const; const char *prefix(void) const; const char *name(void) const { return NULL; } bool initWithJsonObject(const gss_eap_attr_ctx *manager GSSEAP_UNUSED, JSONObject &object GSSEAP_UNUSED) { return false; } JSONObject jsonRepresentation(void) const { return JSONObject::null(); } opensaml::saml2::Assertion *initAssertion(void); opensaml::saml2::Assertion *getAssertion(void) const { return m_assertion; } bool authenticated(void) const { return m_authenticated; } time_t getExpiryTime(void) const; OM_uint32 mapException(OM_uint32 *minor, std::exception &e) const; static bool init(void); static void finalize(void); static gss_eap_attr_provider *createAttrContext(void); private: static opensaml::saml2::Assertion * parseAssertion(const gss_buffer_t buffer); void setAssertion(const opensaml::saml2::Assertion *assertion, bool authenticated = false); void setAssertion(const gss_buffer_t buffer, bool authenticated = false); opensaml::saml2::Assertion *m_assertion; bool m_authenticated; }; struct gss_eap_saml_attr_provider : gss_eap_attr_provider { public: gss_eap_saml_attr_provider(void) {} ~gss_eap_saml_attr_provider(void) {} bool getAttributeTypes(gss_eap_attr_enumeration_cb, void *data) const; bool setAttribute(int complete, const gss_buffer_t attr, const gss_buffer_t value); bool deleteAttribute(const gss_buffer_t value); bool getAttribute(const gss_buffer_t attr, int *authenticated, int *complete, gss_buffer_t value, gss_buffer_t display_value, int *more) const; gss_any_t mapToAny(int authenticated, gss_buffer_t type_id) const; void releaseAnyNameMapping(gss_buffer_t type_id, gss_any_t input) const; const char *prefix(void) const; const char *name(void) const { return NULL; } bool initWithJsonObject(const gss_eap_attr_ctx *manager GSSEAP_UNUSED, JSONObject &object GSSEAP_UNUSED) { return false; } JSONObject jsonRepresentation(void) const { return JSONObject::null(); } bool getAttribute(const gss_buffer_t attr, int *authenticated, int *complete, const opensaml::saml2::Attribute **pAttribute) const; bool getAssertion(int *authenticated, opensaml::saml2::Assertion **pAssertion, bool createIfAbsent = false) const; static bool init(void); static void finalize(void); static gss_eap_attr_provider *createAttrContext(void); private: }; extern "C" { #endif OM_uint32 gssEapSamlAttrProvidersInit(OM_uint32 *minor); OM_uint32 gssEapSamlAttrProvidersFinalize(OM_uint32 *minor); #ifdef __cplusplus } #endif #endif /* _UTIL_SAML_H_ */ mech_eap-0.9.2/mech_eap/util_base64.h0000644001755200017500000000366012406014472014253 00000000000000/* * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* $Id$ */ #ifndef _UTIL_BASE64_H_ #define _UTIL_BASE64_H_ #ifdef __cplusplus extern "C" { #endif ssize_t base64Encode(const void *, int, char **); ssize_t base64Decode(const char *, void *); int base64Valid(const char *str); #define BASE64_EXPAND(n) (n * 4 / 3 + 4) #ifdef __cplusplus } #endif #endif mech_eap-0.9.2/mech_eap/indicate_mechs.c0000644001755200017500000000342112406014472015057 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * Enumerate the supported mechanism OIDs. */ #include "gssapiP_eap.h" OM_uint32 GSSAPI_CALLCONV gss_indicate_mechs(OM_uint32 *minor, gss_OID_set *mech_set) { return gssEapIndicateMechs(minor, mech_set); } mech_eap-0.9.2/mech_eap/map_name_to_any.c0000644001755200017500000000420412406014472015246 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "gssapiP_eap.h" OM_uint32 GSSAPI_CALLCONV gss_map_name_to_any(OM_uint32 *minor, gss_name_t name, int authenticated, gss_buffer_t type_id, gss_any_t *output) { OM_uint32 major; *output = (gss_any_t)NULL; if (name == GSS_C_NO_NAME) { *minor = EINVAL; return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_BAD_NAME; } GSSEAP_MUTEX_LOCK(&name->mutex); major = gssEapMapNameToAny(minor, name, authenticated, type_id, output); GSSEAP_MUTEX_UNLOCK(&name->mutex); return major; } mech_eap-0.9.2/mech_eap/display_name_ext.c0000644001755200017500000000375112406014472015453 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * Parameterized version of gss_display_name(), currently unimplemented. */ #include "gssapiP_eap.h" OM_uint32 GSSAPI_CALLCONV gss_display_name_ext(OM_uint32 *minor, gss_name_t name GSSEAP_UNUSED, gss_OID display_as_name_type GSSEAP_UNUSED, gss_buffer_t display_name) { *minor = 0; display_name->length = 0; display_name->value = NULL; return GSS_S_UNAVAILABLE; } mech_eap-0.9.2/mech_eap/set_sec_context_option.c0000644001755200017500000000547512406014472016714 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * Set an extended property on a context handle. */ #include "gssapiP_eap.h" #if 0 static struct { gss_OID_desc oid; OM_uint32 (*setOption)(OM_uint32 *, gss_ctx_id_t *pCtx, const gss_OID, const gss_buffer_t); } setCtxOps[] = { }; #endif OM_uint32 GSSAPI_CALLCONV gss_set_sec_context_option(OM_uint32 *minor, gss_ctx_id_t *pCtx, const gss_OID desired_object GSSEAP_UNUSED, const gss_buffer_t value GSSEAP_UNUSED) { OM_uint32 major; gss_ctx_id_t ctx; #if 0 int i; #endif major = GSS_S_UNAVAILABLE; *minor = GSSEAP_BAD_CONTEXT_OPTION; if (pCtx == NULL) ctx = GSS_C_NO_CONTEXT; else ctx = *pCtx; if (ctx != GSS_C_NO_CONTEXT) GSSEAP_MUTEX_LOCK(&ctx->mutex); #if 0 for (i = 0; i < sizeof(setCtxOps) / sizeof(setCtxOps[0]); i++) { if (oidEqual(&setCtxOps[i].oid, desired_object)) { major = (*setCtxOps[i].setOption)(minor, &ctx, desired_object, value); break; } } #endif if (pCtx != NULL && *pCtx == NULL) *pCtx = ctx; else if (ctx != GSS_C_NO_CONTEXT) GSSEAP_MUTEX_UNLOCK(&ctx->mutex); return major; } mech_eap-0.9.2/mech_eap/util_moonshot.c0000644001755200017500000002214712406014472015031 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "gssapiP_eap.h" #ifdef HAVE_MOONSHOT_GET_IDENTITY #include static OM_uint32 libMoonshotMapError(OM_uint32 *minor, MoonshotError **pError) { MoonshotError *error = *pError; GSSEAP_ASSERT(error != NULL); switch (error->code) { case MOONSHOT_ERROR_UNABLE_TO_START_SERVICE: *minor = GSSEAP_UNABLE_TO_START_IDENTITY_SERVICE; break; case MOONSHOT_ERROR_NO_IDENTITY_SELECTED: *minor = GSSEAP_NO_IDENTITY_SELECTED; break; case MOONSHOT_ERROR_INSTALLATION_ERROR: *minor = GSSEAP_IDENTITY_SERVICE_INSTALL_ERROR; break; case MOONSHOT_ERROR_OS_ERROR: *minor = GSSEAP_IDENTITY_SERVICE_OS_ERROR; break; case MOONSHOT_ERROR_IPC_ERROR: *minor = GSSEAP_IDENTITY_SERVICE_IPC_ERROR; break; default: *minor = GSSEAP_IDENTITY_SERVICE_UNKNOWN_ERROR; break; } gssEapSaveStatusInfo(*minor, error->message); moonshot_error_free(error); *pError = NULL; return GSS_S_CRED_UNAVAIL; } OM_uint32 libMoonshotResolveDefaultIdentity(OM_uint32 *minor, const gss_cred_id_t cred, gss_name_t *pName) { OM_uint32 major, tmpMinor; gss_OID nameMech = gssEapPrimaryMechForCred(cred); gss_name_t name = GSS_C_NO_NAME; gss_buffer_desc tmpBuffer = GSS_C_EMPTY_BUFFER; char *nai = NULL; char *password = NULL; char *serverCertificateHash = NULL; char *caCertificate = NULL; char *subjectNameConstraint = NULL; char *subjectAltNameConstraint = NULL; MoonshotError *error = NULL; *pName = GSS_C_NO_NAME; if (!moonshot_get_default_identity(&nai, &password, &serverCertificateHash, &caCertificate, &subjectNameConstraint, &subjectAltNameConstraint, &error)) { if (error->code == MOONSHOT_ERROR_NO_IDENTITY_SELECTED) { major = GSS_S_CRED_UNAVAIL; *minor = GSSEAP_NO_DEFAULT_IDENTITY; moonshot_error_free(error); } else major = libMoonshotMapError(minor, &error); goto cleanup; } tmpBuffer.value = nai; tmpBuffer.length = strlen(nai); major = gssEapImportName(minor, &tmpBuffer, GSS_C_NT_USER_NAME, nameMech, &name); if (GSS_ERROR(major)) goto cleanup; *pName = name; name = GSS_C_NO_NAME; cleanup: moonshot_free(nai); moonshot_free(password); moonshot_free(serverCertificateHash); moonshot_free(caCertificate); moonshot_free(subjectNameConstraint); moonshot_free(subjectAltNameConstraint); gssEapReleaseName(&tmpMinor, &name); return major; } static int stringEmpty(const char * s) { if (s == NULL) return 1; if (strlen(s) > 0) return 0; return 1; } OM_uint32 libMoonshotResolveInitiatorCred(OM_uint32 *minor, gss_cred_id_t cred, const gss_name_t targetName) { OM_uint32 major, tmpMinor; gss_OID nameMech = gssEapPrimaryMechForCred(cred); gss_buffer_desc initiator = GSS_C_EMPTY_BUFFER; gss_buffer_desc target = GSS_C_EMPTY_BUFFER; gss_buffer_desc tmpBuffer = GSS_C_EMPTY_BUFFER; char *nai = NULL; char *password = NULL; char *serverCertificateHash = NULL; char *caCertificate = NULL; char *subjectNameConstraint = NULL; char *subjectAltNameConstraint = NULL; MoonshotError *error = NULL; if (cred->name != GSS_C_NO_NAME) { major = gssEapDisplayName(minor, cred->name, &initiator, NULL); if (GSS_ERROR(major)) goto cleanup; } if (targetName != GSS_C_NO_NAME) { major = gssEapDisplayName(minor, targetName, &target, NULL); if (GSS_ERROR(major)) goto cleanup; } if (!moonshot_get_identity((const char *)initiator.value, (const char *)cred->password.value, (const char *)target.value, &nai, &password, &serverCertificateHash, &caCertificate, &subjectNameConstraint, &subjectAltNameConstraint, &error)) { major = libMoonshotMapError(minor, &error); goto cleanup; } gssEapReleaseName(&tmpMinor, &cred->name); tmpBuffer.value = nai; tmpBuffer.length = strlen(nai); major = gssEapImportName(minor, &tmpBuffer, GSS_C_NT_USER_NAME, nameMech, &cred->name); if (GSS_ERROR(major)) goto cleanup; tmpBuffer.value = password; tmpBuffer.length = strlen(password); major = gssEapSetCredPassword(minor, cred, &tmpBuffer); if (GSS_ERROR(major)) goto cleanup; gss_release_buffer(&tmpMinor, &cred->caCertificate); gss_release_buffer(&tmpMinor, &cred->caCertificateBlob); gss_release_buffer(&tmpMinor, &cred->subjectNameConstraint); gss_release_buffer(&tmpMinor, &cred->subjectAltNameConstraint); if (!stringEmpty(serverCertificateHash)) { size_t len = strlen(serverCertificateHash); #define HASH_PREFIX "hash://server/sha256/" #define HASH_PREFIX_LEN (sizeof(HASH_PREFIX) - 1) cred->caCertificate.value = GSSEAP_MALLOC(HASH_PREFIX_LEN + len + 1); if (cred->caCertificate.value == NULL) { major = GSS_S_FAILURE; *minor = ENOMEM; goto cleanup; } memcpy(cred->caCertificate.value, HASH_PREFIX, HASH_PREFIX_LEN); memcpy((char *)cred->caCertificate.value + HASH_PREFIX_LEN, serverCertificateHash, len); ((char *)cred->caCertificate.value)[HASH_PREFIX_LEN + len] = '\0'; cred->caCertificate.length = HASH_PREFIX_LEN + len; } else if (!stringEmpty(caCertificate)) { void *blobData; ssize_t blobLength; ssize_t maxLength = ((strlen(caCertificate) + 3) / 4) * 3; if (maxLength < 3) { major = GSS_S_FAILURE; *minor = GSSEAP_BAD_CACERTIFICATE; goto cleanup; } blobData = GSSEAP_MALLOC(maxLength); if (blobData == NULL) { major = GSS_S_FAILURE; *minor = ENOMEM; goto cleanup; } blobLength = base64Decode(caCertificate, blobData); if ((blobLength <= 0) || (blobLength < maxLength - 2)) { major = GSS_S_DEFECTIVE_CREDENTIAL; *minor = GSSEAP_BAD_CACERTIFICATE; GSSEAP_FREE(blobData); goto cleanup; } cred->caCertificateBlob.value = blobData; cred->caCertificateBlob.length = blobLength; makeStringBufferOrCleanup("blob://ca-cert", &cred->caCertificate); } if (!stringEmpty(subjectNameConstraint)) makeStringBufferOrCleanup(subjectNameConstraint, &cred->subjectNameConstraint); if (!stringEmpty(subjectAltNameConstraint)) makeStringBufferOrCleanup(subjectAltNameConstraint, &cred->subjectAltNameConstraint); cleanup: moonshot_free(nai); moonshot_free(password); moonshot_free(serverCertificateHash); moonshot_free(caCertificate); moonshot_free(subjectNameConstraint); moonshot_free(subjectAltNameConstraint); gss_release_buffer(&tmpMinor, &initiator); gss_release_buffer(&tmpMinor, &target); return major; } #endif /* HAVE_MOONSHOT_GET_IDENTITY */ mech_eap-0.9.2/mech_eap/wrap.c0000644001755200017500000001034112406014472013070 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * Message protection services: wrap. */ #include "gssapiP_eap.h" OM_uint32 GSSAPI_CALLCONV gss_wrap(OM_uint32 *minor, gss_ctx_id_t ctx, int conf_req_flag, gss_qop_t qop_req, gss_buffer_t input_message_buffer, int *conf_state, gss_buffer_t output_message_buffer) { OM_uint32 major; if (ctx == GSS_C_NO_CONTEXT) { *minor = EINVAL; return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CONTEXT; } *minor = 0; GSSEAP_MUTEX_LOCK(&ctx->mutex); if (!CTX_IS_ESTABLISHED(ctx)) { major = GSS_S_NO_CONTEXT; *minor = GSSEAP_CONTEXT_INCOMPLETE; goto cleanup; } major = gssEapWrap(minor, ctx, conf_req_flag, qop_req, input_message_buffer, conf_state, output_message_buffer); if (GSS_ERROR(major)) goto cleanup; cleanup: GSSEAP_MUTEX_UNLOCK(&ctx->mutex); return major; } OM_uint32 gssEapWrap(OM_uint32 *minor, gss_ctx_id_t ctx, int conf_req_flag, gss_qop_t qop_req, gss_buffer_t input_message_buffer, int *conf_state, gss_buffer_t output_message_buffer) { OM_uint32 major, tmpMinor; gss_iov_buffer_desc iov[4]; unsigned char *p; int i; iov[0].type = GSS_IOV_BUFFER_TYPE_HEADER; iov[0].buffer.value = NULL; iov[0].buffer.length = 0; iov[1].type = GSS_IOV_BUFFER_TYPE_DATA; iov[1].buffer = *input_message_buffer; iov[2].type = GSS_IOV_BUFFER_TYPE_PADDING; iov[2].buffer.value = NULL; iov[2].buffer.length = 0; iov[3].type = GSS_IOV_BUFFER_TYPE_TRAILER; iov[3].buffer.value = NULL; iov[3].buffer.length = 0; major = gssEapWrapIovLength(minor, ctx, conf_req_flag, qop_req, NULL, iov, 4); if (GSS_ERROR(major)) { return major; } for (i = 0, output_message_buffer->length = 0; i < 4; i++) { output_message_buffer->length += iov[i].buffer.length; } output_message_buffer->value = GSSEAP_MALLOC(output_message_buffer->length); if (output_message_buffer->value == NULL) { *minor = ENOMEM; return GSS_S_FAILURE; } for (i = 0, p = output_message_buffer->value; i < 4; i++) { if (iov[i].type == GSS_IOV_BUFFER_TYPE_DATA) { memcpy(p, input_message_buffer->value, input_message_buffer->length); } iov[i].buffer.value = p; p += iov[i].buffer.length; } major = gssEapWrapOrGetMIC(minor, ctx, conf_req_flag, conf_state, iov, 4, TOK_TYPE_WRAP); if (GSS_ERROR(major)) { gss_release_buffer(&tmpMinor, output_message_buffer); } return major; } mech_eap-0.9.2/mech_eap/util_saml.cpp0000644001755200017500000005610312406014472014456 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * SAML attribute provider implementation. */ #include "gssapiP_eap.h" #include #include #include #include #include #include #include #include #include #include #include #include #include using namespace xmltooling; using namespace opensaml::saml2md; using namespace opensaml; using namespace xercesc; using namespace std; static const XMLCh base64Binary[] = {'b','a','s','e','6','4','B','i','n','a','r','y',0}; /* * gss_eap_saml_assertion_provider is for retrieving the underlying * assertion. */ gss_eap_saml_assertion_provider::gss_eap_saml_assertion_provider(void) { m_assertion = NULL; m_authenticated = false; } gss_eap_saml_assertion_provider::~gss_eap_saml_assertion_provider(void) { delete m_assertion; } bool gss_eap_saml_assertion_provider::initWithExistingContext(const gss_eap_attr_ctx *manager, const gss_eap_attr_provider *ctx) { /* Then we may be creating from an existing attribute context */ const gss_eap_saml_assertion_provider *saml; GSSEAP_ASSERT(m_assertion == NULL); if (!gss_eap_attr_provider::initWithExistingContext(manager, ctx)) return false; saml = static_cast(ctx); setAssertion(saml->getAssertion(), saml->authenticated()); return true; } bool gss_eap_saml_assertion_provider::initWithGssContext(const gss_eap_attr_ctx *manager, const gss_cred_id_t gssCred, const gss_ctx_id_t gssCtx) { const gss_eap_radius_attr_provider *radius; gss_buffer_desc value = GSS_C_EMPTY_BUFFER; int authenticated, complete; OM_uint32 minor; gss_eap_attrid attrid(VENDORPEC_UKERNA, PW_SAML_AAA_ASSERTION); GSSEAP_ASSERT(m_assertion == NULL); if (!gss_eap_attr_provider::initWithGssContext(manager, gssCred, gssCtx)) return false; /* * XXX TODO we need to support draft-howlett-radius-saml-attr-00 */ radius = static_cast (m_manager->getProvider(ATTR_TYPE_RADIUS)); if (radius != NULL && radius->getFragmentedAttribute(attrid, &authenticated, &complete, &value)) { setAssertion(&value, authenticated); gss_release_buffer(&minor, &value); } else { m_assertion = NULL; } return true; } void gss_eap_saml_assertion_provider::setAssertion(const saml2::Assertion *assertion, bool authenticated) { delete m_assertion; if (assertion != NULL) { #ifdef __APPLE__ m_assertion = (saml2::Assertion *)((void *)assertion->clone()); #else m_assertion = dynamic_cast(assertion->clone()); #endif m_authenticated = authenticated; } else { m_assertion = NULL; m_authenticated = false; } } void gss_eap_saml_assertion_provider::setAssertion(const gss_buffer_t buffer, bool authenticated) { delete m_assertion; m_assertion = parseAssertion(buffer); m_authenticated = (m_assertion != NULL && authenticated); } saml2::Assertion * gss_eap_saml_assertion_provider::parseAssertion(const gss_buffer_t buffer) { string str((char *)buffer->value, buffer->length); istringstream istream(str); DOMDocument *doc; const XMLObjectBuilder *b; try { doc = XMLToolingConfig::getConfig().getParser().parse(istream); if (doc == NULL) return NULL; b = XMLObjectBuilder::getBuilder(doc->getDocumentElement()); #ifdef __APPLE__ return (saml2::Assertion *)((void *)b->buildFromDocument(doc)); #else return dynamic_cast(b->buildFromDocument(doc)); #endif } catch (exception &e) { return NULL; } } bool gss_eap_saml_assertion_provider::getAttributeTypes(gss_eap_attr_enumeration_cb addAttribute, void *data) const { bool ret; /* just add the prefix */ if (m_assertion != NULL) ret = addAttribute(m_manager, this, GSS_C_NO_BUFFER, data); else ret = true; return ret; } bool gss_eap_saml_assertion_provider::setAttribute(int complete GSSEAP_UNUSED, const gss_buffer_t attr, const gss_buffer_t value) { if (attr == GSS_C_NO_BUFFER || attr->length == 0) { setAssertion(value); return true; } return false; } bool gss_eap_saml_assertion_provider::deleteAttribute(const gss_buffer_t value GSSEAP_UNUSED) { delete m_assertion; m_assertion = NULL; m_authenticated = false; return true; } time_t gss_eap_saml_assertion_provider::getExpiryTime(void) const { saml2::Conditions *conditions; time_t expiryTime = 0; if (m_assertion == NULL) return 0; conditions = m_assertion->getConditions(); if (conditions != NULL && conditions->getNotOnOrAfter() != NULL) expiryTime = conditions->getNotOnOrAfter()->getEpoch(); return expiryTime; } OM_uint32 gss_eap_saml_assertion_provider::mapException(OM_uint32 *minor, std::exception &e) const { if (typeid(e) == typeid(SecurityPolicyException)) *minor = GSSEAP_SAML_SEC_POLICY_FAILURE; else if (typeid(e) == typeid(BindingException)) *minor = GSSEAP_SAML_BINDING_FAILURE; else if (typeid(e) == typeid(ProfileException)) *minor = GSSEAP_SAML_PROFILE_FAILURE; else if (typeid(e) == typeid(FatalProfileException)) *minor = GSSEAP_SAML_FATAL_PROFILE_FAILURE; else if (typeid(e) == typeid(RetryableProfileException)) *minor = GSSEAP_SAML_RETRY_PROFILE_FAILURE; else if (typeid(e) == typeid(MetadataException)) *minor = GSSEAP_SAML_METADATA_FAILURE; else return GSS_S_CONTINUE_NEEDED; gssEapSaveStatusInfo(*minor, "%s", e.what()); return GSS_S_FAILURE; } bool gss_eap_saml_assertion_provider::getAttribute(const gss_buffer_t attr, int *authenticated, int *complete, gss_buffer_t value, gss_buffer_t display_value GSSEAP_UNUSED, int *more) const { string str; if (attr != GSS_C_NO_BUFFER && attr->length != 0) return false; if (m_assertion == NULL) return false; if (*more != -1) return false; if (authenticated != NULL) *authenticated = m_authenticated; if (complete != NULL) *complete = true; XMLHelper::serialize(m_assertion->marshall((DOMDocument *)NULL), str); if (value != NULL) duplicateBuffer(str, value); if (display_value != NULL) duplicateBuffer(str, display_value); *more = 0; return true; } gss_any_t gss_eap_saml_assertion_provider::mapToAny(int authenticated, gss_buffer_t type_id GSSEAP_UNUSED) const { if (authenticated && !m_authenticated) return (gss_any_t)NULL; return (gss_any_t)m_assertion; } void gss_eap_saml_assertion_provider::releaseAnyNameMapping(gss_buffer_t type_id GSSEAP_UNUSED, gss_any_t input) const { delete ((saml2::Assertion *)input); } const char * gss_eap_saml_assertion_provider::prefix(void) const { return "urn:ietf:params:gss:federated-saml-assertion"; } bool gss_eap_saml_assertion_provider::init(void) { bool ret = false; try { ret = SAMLConfig::getConfig().init(); } catch (exception &e) { } if (ret) gss_eap_attr_ctx::registerProvider(ATTR_TYPE_SAML_ASSERTION, createAttrContext); return ret; } void gss_eap_saml_assertion_provider::finalize(void) { gss_eap_attr_ctx::unregisterProvider(ATTR_TYPE_SAML_ASSERTION); } gss_eap_attr_provider * gss_eap_saml_assertion_provider::createAttrContext(void) { return new gss_eap_saml_assertion_provider; } saml2::Assertion * gss_eap_saml_assertion_provider::initAssertion(void) { delete m_assertion; m_assertion = saml2::AssertionBuilder::buildAssertion(); m_authenticated = false; return m_assertion; } /* * gss_eap_saml_attr_provider is for retrieving the underlying attributes. */ bool gss_eap_saml_attr_provider::getAssertion(int *authenticated, saml2::Assertion **pAssertion, bool createIfAbsent) const { gss_eap_saml_assertion_provider *saml; if (authenticated != NULL) *authenticated = false; if (pAssertion != NULL) *pAssertion = NULL; saml = static_cast (m_manager->getProvider(ATTR_TYPE_SAML_ASSERTION)); if (saml == NULL) return false; if (authenticated != NULL) *authenticated = saml->authenticated(); if (pAssertion != NULL) *pAssertion = saml->getAssertion(); if (saml->getAssertion() == NULL) { if (createIfAbsent) { if (authenticated != NULL) *authenticated = false; if (pAssertion != NULL) *pAssertion = saml->initAssertion(); } else return false; } return true; } bool gss_eap_saml_attr_provider::getAttributeTypes(gss_eap_attr_enumeration_cb addAttribute, void *data) const { saml2::Assertion *assertion; int authenticated; if (!getAssertion(&authenticated, &assertion)) return true; /* * Note: the first prefix is added by the attribute provider manager * * From draft-hartman-gss-eap-naming-00: * * Each attribute carried in the assertion SHOULD also be a GSS name * attribute. The name of this attribute has three parts, all separated * by an ASCII space character. The first part is * urn:ietf:params:gss:federated-saml-attribute. The second part is the URI for * the SAML attribute name format. The final part is the name of the * SAML attribute. If the mechanism performs an additional attribute * query, the retrieved attributes SHOULD be GSS-API name attributes * using the same name syntax. */ /* For each attribute statement, look for an attribute match */ const vector &statements = const_cast(assertion)->getAttributeStatements(); for (vector::const_iterator s = statements.begin(); s != statements.end(); ++s) { const vector &attrs = const_cast(*s)->getAttributes(); for (vector::const_iterator a = attrs.begin(); a != attrs.end(); ++a) { const XMLCh *attributeName, *attributeNameFormat; XMLCh space[2] = { ' ', 0 }; gss_buffer_desc utf8; attributeName = (*a)->getName(); attributeNameFormat = (*a)->getNameFormat(); if (attributeNameFormat == NULL || attributeNameFormat[0] == '\0') attributeNameFormat = saml2::Attribute::UNSPECIFIED; XMLCh qualifiedName[XMLString::stringLen(attributeNameFormat) + 1 + XMLString::stringLen(attributeName) + 1]; XMLString::copyString(qualifiedName, attributeNameFormat); XMLString::catString(qualifiedName, space); XMLString::catString(qualifiedName, attributeName); utf8.value = (void *)toUTF8(qualifiedName); utf8.length = strlen((char *)utf8.value); if (!addAttribute(m_manager, this, &utf8, data)) return false; } } return true; } static BaseRefVectorOf * decomposeAttributeName(const gss_buffer_t attr) { BaseRefVectorOf *components; string str((const char *)attr->value, attr->length); auto_ptr_XMLCh qualifiedAttr(str.c_str()); components = XMLString::tokenizeString(qualifiedAttr.get()); if (components->size() != 2) { delete components; components = NULL; } return components; } bool gss_eap_saml_attr_provider::setAttribute(int complete GSSEAP_UNUSED, const gss_buffer_t attr, const gss_buffer_t value) { saml2::Assertion *assertion; saml2::Attribute *attribute; saml2::AttributeValue *attributeValue; saml2::AttributeStatement *attributeStatement; if (!getAssertion(NULL, &assertion, true)) return false; if (assertion->getAttributeStatements().size() != 0) { attributeStatement = assertion->getAttributeStatements().front(); } else { attributeStatement = saml2::AttributeStatementBuilder::buildAttributeStatement(); assertion->getAttributeStatements().push_back(attributeStatement); } /* Check the attribute name consists of name format | whsp | name */ BaseRefVectorOf *components = decomposeAttributeName(attr); if (components == NULL) return false; attribute = saml2::AttributeBuilder::buildAttribute(); attribute->setNameFormat(components->elementAt(0)); attribute->setName(components->elementAt(1)); attributeValue = saml2::AttributeValueBuilder::buildAttributeValue(); auto_ptr_XMLCh unistr((char *)value->value, value->length); attributeValue->setTextContent(unistr.get()); attribute->getAttributeValues().push_back(attributeValue); GSSEAP_ASSERT(attributeStatement != NULL); attributeStatement->getAttributes().push_back(attribute); delete components; return true; } bool gss_eap_saml_attr_provider::deleteAttribute(const gss_buffer_t attr) { saml2::Assertion *assertion; bool ret = false; if (!getAssertion(NULL, &assertion) || assertion->getAttributeStatements().size() == 0) return false; /* Check the attribute name consists of name format | whsp | name */ BaseRefVectorOf *components = decomposeAttributeName(attr); if (components == NULL) return false; /* For each attribute statement, look for an attribute match */ const vector &statements = const_cast(assertion)->getAttributeStatements(); for (vector::const_iterator s = statements.begin(); s != statements.end(); ++s) { const vector &attrs = const_cast(*s)->getAttributes(); ssize_t index = -1, i = 0; /* There's got to be an easier way to do this */ for (vector::const_iterator a = attrs.begin(); a != attrs.end(); ++a) { if (XMLString::equals((*a)->getNameFormat(), components->elementAt(0)) && XMLString::equals((*a)->getName(), components->elementAt(1))) { index = i; break; } ++i; } if (index != -1) { (*s)->getAttributes().erase((*s)->getAttributes().begin() + index); ret = true; } } delete components; return ret; } bool gss_eap_saml_attr_provider::getAttribute(const gss_buffer_t attr, int *authenticated, int *complete, const saml2::Attribute **pAttribute) const { saml2::Assertion *assertion; if (authenticated != NULL) *authenticated = false; if (complete != NULL) *complete = true; *pAttribute = NULL; if (!getAssertion(authenticated, &assertion) || assertion->getAttributeStatements().size() == 0) return false; /* Check the attribute name consists of name format | whsp | name */ BaseRefVectorOf *components = decomposeAttributeName(attr); if (components == NULL) return false; /* For each attribute statement, look for an attribute match */ const vector &statements = const_cast(assertion)->getAttributeStatements(); const saml2::Attribute *ret = NULL; for (vector::const_iterator s = statements.begin(); s != statements.end(); ++s) { const vector &attrs = const_cast(*s)->getAttributes(); for (vector::const_iterator a = attrs.begin(); a != attrs.end(); ++a) { const XMLCh *attributeName, *attributeNameFormat; attributeName = (*a)->getName(); attributeNameFormat = (*a)->getNameFormat(); if (attributeNameFormat == NULL || attributeNameFormat[0] == '\0') attributeNameFormat = saml2::Attribute::UNSPECIFIED; if (XMLString::equals(attributeNameFormat, components->elementAt(0)) && XMLString::equals(attributeName, components->elementAt(1))) { ret = *a; break; } } if (ret != NULL) break; } delete components; *pAttribute = ret; return (ret != NULL); } static bool isBase64EncodedAttributeValueP(const saml2::AttributeValue *av) { const xmltooling::QName *type = av->getSchemaType(); if (type == NULL) return false; if (!type->hasNamespaceURI() || !XMLString::equals(type->getNamespaceURI(), xmlconstants::XSD_NS)) return false; if (!type->hasLocalPart() || !XMLString::equals(type->getLocalPart(), base64Binary)) return false; return true; } bool gss_eap_saml_attr_provider::getAttribute(const gss_buffer_t attr, int *authenticated, int *complete, gss_buffer_t value, gss_buffer_t display_value, int *more) const { const saml2::Attribute *a; const saml2::AttributeValue *av; int nvalues, i = *more; *more = 0; if (!getAttribute(attr, authenticated, complete, &a)) return false; nvalues = a->getAttributeValues().size(); if (i == -1) i = 0; if (i >= nvalues) return false; #ifdef __APPLE__ av = (const saml2::AttributeValue *)((void *)(a->getAttributeValues().at(i))); #else av = dynamic_cast(a->getAttributeValues().at(i)); #endif if (av != NULL) { bool base64Encoded = isBase64EncodedAttributeValueP(av); if (value != NULL) { char *stringValue = toUTF8(av->getTextContent(), true); size_t stringValueLen = strlen(stringValue); if (base64Encoded) { ssize_t octetLen; value->value = GSSEAP_MALLOC(stringValueLen); if (value->value == NULL) { GSSEAP_FREE(stringValue); throw new std::bad_alloc; } octetLen = base64Decode(stringValue, value->value); if (octetLen < 0) { GSSEAP_FREE(value->value); GSSEAP_FREE(stringValue); value->value = NULL; return false; } value->length = octetLen; GSSEAP_FREE(stringValue); } else { value->value = stringValue; value->length = stringValueLen; } } if (display_value != NULL && base64Encoded == false) { display_value->value = toUTF8(av->getTextContent(), true); display_value->length = strlen((char *)display_value->value); } } if (nvalues > ++i) *more = i; return true; } gss_any_t gss_eap_saml_attr_provider::mapToAny(int authenticated GSSEAP_UNUSED, gss_buffer_t type_id GSSEAP_UNUSED) const { return (gss_any_t)NULL; } void gss_eap_saml_attr_provider::releaseAnyNameMapping(gss_buffer_t type_id GSSEAP_UNUSED, gss_any_t input GSSEAP_UNUSED) const { } const char * gss_eap_saml_attr_provider::prefix(void) const { return "urn:ietf:params:gss:federated-saml-attribute"; } bool gss_eap_saml_attr_provider::init(void) { gss_eap_attr_ctx::registerProvider(ATTR_TYPE_SAML, createAttrContext); return true; } void gss_eap_saml_attr_provider::finalize(void) { gss_eap_attr_ctx::unregisterProvider(ATTR_TYPE_SAML); } gss_eap_attr_provider * gss_eap_saml_attr_provider::createAttrContext(void) { return new gss_eap_saml_attr_provider; } OM_uint32 gssEapSamlAttrProvidersInit(OM_uint32 *minor) { if (!gss_eap_saml_assertion_provider::init() || !gss_eap_saml_attr_provider::init()) { *minor = GSSEAP_SAML_INIT_FAILURE; return GSS_S_FAILURE; } return GSS_S_COMPLETE; } OM_uint32 gssEapSamlAttrProvidersFinalize(OM_uint32 *minor) { gss_eap_saml_attr_provider::finalize(); gss_eap_saml_assertion_provider::finalize(); *minor = 0; return GSS_S_COMPLETE; } mech_eap-0.9.2/mech_eap/store_cred.c0000644001755200017500000000573512406014472014263 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "gssapiP_eap.h" OM_uint32 GSSAPI_CALLCONV gss_store_cred(OM_uint32 *minor, const gss_cred_id_t cred, gss_cred_usage_t input_usage, const gss_OID desired_mech GSSEAP_UNUSED, #ifdef GSSEAP_ENABLE_REAUTH OM_uint32 overwrite_cred, OM_uint32 default_cred, #else OM_uint32 overwrite_cred GSSEAP_UNUSED, OM_uint32 default_cred GSSEAP_UNUSED, #endif gss_OID_set *elements_stored, gss_cred_usage_t *cred_usage_stored) { OM_uint32 major; if (elements_stored != NULL) *elements_stored = GSS_C_NO_OID_SET; if (cred_usage_stored != NULL) *cred_usage_stored = input_usage; if (cred == GSS_C_NO_CREDENTIAL) { *minor = EINVAL; return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CRED; } GSSEAP_MUTEX_LOCK(&cred->mutex); major = GSS_S_COMPLETE; *minor = 0; #ifdef GSSEAP_ENABLE_REAUTH if (cred->reauthCred != GSS_C_NO_CREDENTIAL) { major = gssStoreCred(minor, cred->reauthCred, input_usage, (gss_OID)gss_mech_krb5, overwrite_cred, default_cred, elements_stored, cred_usage_stored); } #endif GSSEAP_MUTEX_UNLOCK(&cred->mutex); return major; } mech_eap-0.9.2/mech_eap/COPYING0000644001755200017500000000011112406014472013000 00000000000000Copyright (c) 2011, JANET(UK) See the LICENSE file for licensing terms. mech_eap-0.9.2/mech_eap/display_status.c0000644001755200017500000001314612406014472015175 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * Function for converting mechanism error codes to strings. */ #include "gssapiP_eap.h" struct gss_eap_status_info { OM_uint32 code; char *message; struct gss_eap_status_info *next; }; void gssEapDestroyStatusInfo(struct gss_eap_status_info *p) { struct gss_eap_status_info *next; for (; p != NULL; p = next) { next = p->next; GSSEAP_FREE(p->message); GSSEAP_FREE(p); } } /* * Associate a message with a mechanism (minor) status code. This function * takes ownership of the message regardless of success. The message must * be explicitly cleared, if required, so it is suggested that a specific * minor code is either always or never associated with a message, to avoid * dangling (and potentially confusing) error messages. */ static void saveStatusInfoNoCopy(OM_uint32 minor, char *message) { struct gss_eap_status_info **next = NULL, *p = NULL; struct gss_eap_thread_local_data *tld = gssEapGetThreadLocalData(); if (tld != NULL) { for (p = tld->statusInfo; p != NULL; p = p->next) { if (p->code == minor) { /* Set message in-place */ if (p->message != NULL) GSSEAP_FREE(p->message); p->message = message; return; } next = &p->next; } p = GSSEAP_CALLOC(1, sizeof(*p)); } if (p == NULL) { if (message != NULL) GSSEAP_FREE(message); return; } p->code = minor; p->message = message; if (next != NULL) *next = p; else tld->statusInfo = p; } static const char * getStatusInfo(OM_uint32 minor) { struct gss_eap_status_info *p; struct gss_eap_thread_local_data *tld = gssEapGetThreadLocalData(); if (tld != NULL) { for (p = tld->statusInfo; p != NULL; p = p->next) { if (p->code == minor) return p->message; } } return NULL; } void gssEapSaveStatusInfo(OM_uint32 minor, const char *format, ...) { #ifdef WIN32 OM_uint32 tmpMajor, tmpMinor; char buf[BUFSIZ]; gss_buffer_desc s = GSS_C_EMPTY_BUFFER; va_list ap; if (format != NULL) { va_start(ap, format); snprintf(buf, sizeof(buf), format, ap); va_end(ap); } tmpMajor = makeStringBuffer(&tmpMinor, buf, &s); if (!GSS_ERROR(tmpMajor)) saveStatusInfoNoCopy(minor, (char *)s.value); #else char *s = NULL; int n; va_list ap; if (format != NULL) { va_start(ap, format); n = vasprintf(&s, format, ap); if (n == -1) s = NULL; va_end(ap); } saveStatusInfoNoCopy(minor, s); #endif /* WIN32 */ } OM_uint32 gssEapDisplayStatus(OM_uint32 *minor, OM_uint32 status_value, gss_buffer_t status_string) { OM_uint32 major; krb5_context krbContext = NULL; const char *errMsg; status_string->length = 0; status_string->value = NULL; errMsg = getStatusInfo(status_value); if (errMsg == NULL) { GSSEAP_KRB_INIT(&krbContext); /* Try the com_err message */ errMsg = krb5_get_error_message(krbContext, status_value); } if (errMsg != NULL) { major = makeStringBuffer(minor, errMsg, status_string); } else { major = GSS_S_COMPLETE; *minor = 0; } if (krbContext != NULL) krb5_free_error_message(krbContext, errMsg); return major; } OM_uint32 GSSAPI_CALLCONV gss_display_status(OM_uint32 *minor, OM_uint32 status_value, int status_type, gss_OID mech_type, OM_uint32 *message_context, gss_buffer_t status_string) { if (!gssEapIsMechanismOid(mech_type)) { *minor = GSSEAP_WRONG_MECH; return GSS_S_BAD_MECH; } if (status_type != GSS_C_MECH_CODE || *message_context != 0) { /* we rely on the mechglue for GSS_C_GSS_CODE */ *minor = 0; return GSS_S_BAD_STATUS; } return gssEapDisplayStatus(minor, status_value, status_string); } mech_eap-0.9.2/mech_eap/inquire_cred_by_mech.c0000644001755200017500000000530312406014472016260 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * Return credential handle properties. */ #include "gssapiP_eap.h" OM_uint32 GSSAPI_CALLCONV gss_inquire_cred_by_mech(OM_uint32 *minor, gss_cred_id_t cred, gss_OID mech_type, gss_name_t *name, OM_uint32 *pInitiatorLifetime, OM_uint32 *pAcceptorLifetime, gss_cred_usage_t *cred_usage) { OM_uint32 major, lifetime; if (cred == NULL) { *minor = EINVAL; return GSS_S_NO_CRED; } GSSEAP_MUTEX_LOCK(&cred->mutex); if (!gssEapCredAvailable(cred, mech_type)) { major = GSS_S_BAD_MECH; *minor = GSSEAP_CRED_MECH_MISMATCH; goto cleanup; } major = gssEapInquireCred(minor, cred, name, &lifetime, cred_usage, NULL); if (GSS_ERROR(major)) goto cleanup; if (pInitiatorLifetime != NULL) *pInitiatorLifetime = (cred->flags & CRED_FLAG_INITIATE) ? lifetime : 0; if (pAcceptorLifetime != NULL) *pAcceptorLifetime = (cred->flags & CRED_FLAG_ACCEPT) ? lifetime : 0; cleanup: GSSEAP_MUTEX_UNLOCK(&cred->mutex); return major; } mech_eap-0.9.2/mech_eap/set_name_attribute.c0000644001755200017500000000421612406014472016001 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * Set an attribute on a name. */ #include "gssapiP_eap.h" OM_uint32 GSSAPI_CALLCONV gss_set_name_attribute(OM_uint32 *minor, gss_name_t name, int complete, gss_buffer_t attr, gss_buffer_t value) { OM_uint32 major; if (name == GSS_C_NO_NAME) { *minor = EINVAL; return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_BAD_NAME; } GSSEAP_MUTEX_LOCK(&name->mutex); major = gssEapSetNameAttribute(minor, name, complete, attr, value); GSSEAP_MUTEX_UNLOCK(&name->mutex); return major; } mech_eap-0.9.2/mech_eap/release_any_name_mapping.c0000644001755200017500000000417612406014472017132 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "gssapiP_eap.h" OM_uint32 GSSAPI_CALLCONV gss_release_any_name_mapping(OM_uint32 *minor, gss_name_t name, gss_buffer_t type_id, gss_any_t *input) { OM_uint32 major; *minor = 0; if (name == GSS_C_NO_NAME) { *minor = EINVAL; return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_BAD_NAME; } GSSEAP_MUTEX_LOCK(&name->mutex); major = gssEapReleaseAnyNameMapping(minor, name, type_id, input); *input = NULL; GSSEAP_MUTEX_UNLOCK(&name->mutex); return major; } mech_eap-0.9.2/mech_eap/util_buffer.c0000644001755200017500000000566612406014472014443 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * Buffer handling helpers. */ #include "gssapiP_eap.h" OM_uint32 makeStringBuffer(OM_uint32 *minor, const char *string, gss_buffer_t buffer) { size_t len = strlen(string); buffer->value = GSSEAP_MALLOC(len + 1); if (buffer->value == NULL) { *minor = ENOMEM; return GSS_S_FAILURE; } memcpy(buffer->value, string, len + 1); buffer->length = len; *minor = 0; return GSS_S_COMPLETE; } OM_uint32 bufferToString(OM_uint32 *minor, const gss_buffer_t buffer, char **pString) { char *s; s = GSSEAP_MALLOC(buffer->length + 1); if (s == NULL) { *minor = ENOMEM; return GSS_S_FAILURE; } memcpy(s, buffer->value, buffer->length); s[buffer->length] = '\0'; *pString = s; *minor = 0; return GSS_S_COMPLETE; } OM_uint32 duplicateBuffer(OM_uint32 *minor, const gss_buffer_t src, gss_buffer_t dst) { dst->length = 0; dst->value = NULL; if (src == GSS_C_NO_BUFFER) return GSS_S_COMPLETE; dst->value = GSSEAP_MALLOC(src->length + 1); if (dst->value == NULL) { *minor = ENOMEM; return GSS_S_FAILURE; } dst->length = src->length; memcpy(dst->value, src->value, dst->length); ((unsigned char *)dst->value)[dst->length] = '\0'; *minor = 0; return GSS_S_COMPLETE; } mech_eap-0.9.2/mech_eap/gsseap_err.c0000444001755200017500000001111012406014660014241 00000000000000/* * gsseap_err.c: * This file is automatically generated; please do not edit it. */ #include #define N_(a) a static const char * const text[] = { N_(""), N_("Buffer is incorrect size"), N_("Mechanism OID is incorrect"), N_("Token header is malformed or corrupt"), N_("Token is missing data"), N_("Packet was replayed in wrong direction"), N_("Received token ID does not match expected token ID"), N_("Critical inner token type unavailable"), N_("Missing required inner token"), N_("Duplicate inner token received"), N_("Recieved invalid inner token for current state"), N_("EAP key unavailable"), N_("EAP key too short"), N_("Authentication rejected by RADIUS server"), N_("Received unknown response code from RADIUS server"), N_("RADIUS response is missing EAP request"), N_("Generic RADIUS failure"), N_("Context is already fully established"), N_("Attempt to use incomplete security context"), N_("Context token is malformed or corrupt"), N_("Error token is malformed or corrupt"), N_("Bad context option"), N_("Name is not a valid service name"), N_("Initiator identity must be a valid name"), N_("Could not determine local host name"), N_("Could not determine acceptor identity"), N_("Acceptor identity different than expected"), N_("Acceptor name is too long or has too many components"), N_("Name token is malformed or corrupt"), N_("Unable to map name to a local identity"), N_("Credential usage type is unknown"), N_("Credential usage does not match requested usage"), N_("Credential is not usable with this mechanism"), N_("Attributes indicate credentials have expired"), N_("Bad credential option"), N_("Default credentials identity unavailable"), N_("Missing default password or other credentials"), N_("Credential is already fully resolved"), N_("CA Certificate blob could not be parsed"), N_("Unable to start identity service"), N_("No identity selected"), N_("Identity service installation error"), N_("Identity service OS error"), N_("Identity service IPC error"), N_("Unknown identity service error"), N_("Bad RFC 4121 wrap or MIC token"), N_("IOV is missing required buffer"), N_("Stream IOV can only contain a single data buffer"), N_("Padding IOV is not permitted for RFC 4121 tokens"), N_("Unknown quality of protection specified"), N_("PRF input too long"), N_("PRF key usage type is unknown"), N_("Failed to initialize EAP library"), N_("Failed to create EAP state machine"), N_("Failed to step EAP state machine"), N_("EAP peer authentication failure"), N_("Received bad EAP message"), N_("Failed to initialize RadSec library"), N_("Failed to create RadSec context"), N_("Name has no attributes"), N_("Failed to initialize attribute providers"), N_("Unknown naming attribute"), N_("Serialised attributes are malformed or corrupt"), N_("Failed to initialize attribute context"), N_("Failed to initialize SAML library"), N_("Failed to process SAML security policy"), N_("Failed in SAML binding processing"), N_("Failed to process SAML profile"), N_("Non-recoverable failure in SAML profile processing"), N_("Temporary failure in SAML profile processing"), N_("Failure related to SAML metadata use"), N_("Failed to initialize Shibboleth"), N_("Failure during local attribute processing"), N_("Failed to extract local attributes"), N_("Failed to filter local attributes"), N_("Failed to resolve local attributes"), N_("Local attribute configuration failure"), N_("Failed to communicate with local attribute server"), N_("Channel bindings do not match"), N_("Channel binding token missing"), N_("Could not find symbol in mechanism glue"), N_("Bad mechanism invoke OID"), 0 }; struct error_table { char const * const * msgs; long base; int n_msgs; }; struct et_list { struct et_list *next; const struct error_table * table; }; extern struct et_list *_et_list; const struct error_table et_eapg_error_table = { text, 2109382912L, 82 }; static struct et_list link = { 0, 0 }; void initialize_eapg_error_table_r(struct et_list **list); void initialize_eapg_error_table(void); void initialize_eapg_error_table(void) { initialize_eapg_error_table_r(&_et_list); } /* For Heimdal compatibility */ void initialize_eapg_error_table_r(struct et_list **list) { struct et_list *et, **end; for (end = list, et = *list; et; end = &et->next, et = et->next) if (et->table->msgs == text) return; et = malloc(sizeof(struct et_list)); if (et == 0) { if (!link.table) et = &link; else return; } et->table = &et_eapg_error_table; et->next = 0; *end = et; } mech_eap-0.9.2/mech_eap/util_json.h0000644001755200017500000001235612406014472014142 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * JSON object wrapper with not-entirely-toll-free DDF bridging. */ #ifndef _UTIL_JSON_H_ #define _UTIL_JSON_H_ 1 #ifdef __cplusplus #include #include #include #ifdef HAVE_SHIBRESOLVER #include using namespace shibsp; #endif namespace gss_eap_util { class JSONObject; class JSONException : public std::exception { public: JSONException(json_t *obj = NULL, json_type type = JSON_NULL); ~JSONException(void) throw() { json_decref(m_obj); } virtual const char *what(void) const throw() { return m_reason.c_str(); } private: json_t *m_obj; json_type m_type; std::string m_reason; }; class JSONIterator { public: JSONIterator(const JSONObject &obj); ~JSONIterator(void); const char *key(void) const; JSONObject value(void) const; bool next(void); private: json_t *m_obj; void *m_iter; }; class JSONObject { public: static JSONObject load(const char *input, size_t flags, json_error_t *error); static JSONObject load(FILE *, size_t flags, json_error_t *error); static JSONObject object(void); static JSONObject array(void); static JSONObject null(void); #ifdef HAVE_SHIBRESOLVER static JSONObject ddf(DDF &value); #endif char *dump(size_t flags = 0) const; void dump(FILE *fp, size_t flags = JSON_INDENT(4)) const; json_type type(void) const { return json_typeof(m_obj); } size_t size(void) const; JSONObject(void); JSONObject(const char *value); JSONObject(json_int_t value); JSONObject(double value); JSONObject(bool value); void set(const char *key, JSONObject &value); void set(const char *key, const char *value); void set(const char *key, json_int_t value); void del(const char *key); void update(JSONObject &value); JSONIterator iterator(void) const { return JSONIterator(*this); } JSONObject get(const char *key) const; JSONObject operator[](const char *key) const; JSONObject get(size_t index) const; JSONObject operator[](size_t index) const; void append(JSONObject &value); void insert(size_t index, JSONObject &value); void remove(size_t index); void clear(void); void extend(JSONObject &value); const char *string(void) const; json_int_t integer(void) const; double real(void) const; double number(void) const; #ifdef HAVE_SHIBRESOLVER DDF ddf(void) const; #endif bool isObject(void) const; bool isArray(void) const; bool isString(void) const; bool isInteger(void) const; bool isNumber(void) const; bool isBoolean(void) const; bool isNull(void) const; ~JSONObject(void) { if (m_obj != NULL) json_decref(m_obj); } JSONObject(const JSONObject &obj) { m_obj = json_incref(obj.m_obj); } JSONObject& operator=(const JSONObject &obj) { if (this != &obj) set(obj.m_obj); return *this; } private: friend class JSONIterator; json_t *get(void) const { return json_incref(m_obj); } void set(json_t *obj) { if (m_obj != obj) { json_decref(m_obj); m_obj = json_incref(m_obj); } } JSONObject(json_t *obj, bool retain = true); json_t *m_obj; }; } #endif /* __cplusplus */ #endif /* _UTIL_JSON_H_ */ mech_eap-0.9.2/mech_eap/util_context.c0000644001755200017500000003157512406014472014654 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * Utility routines for context handles. */ #include "gssapiP_eap.h" OM_uint32 gssEapAllocContext(OM_uint32 *minor, gss_ctx_id_t *pCtx) { OM_uint32 tmpMinor; gss_ctx_id_t ctx; GSSEAP_ASSERT(*pCtx == GSS_C_NO_CONTEXT); ctx = (gss_ctx_id_t)GSSEAP_CALLOC(1, sizeof(*ctx)); if (ctx == NULL) { *minor = ENOMEM; return GSS_S_FAILURE; } if (GSSEAP_MUTEX_INIT(&ctx->mutex) != 0) { *minor = GSSEAP_GET_LAST_ERROR(); gssEapReleaseContext(&tmpMinor, &ctx); return GSS_S_FAILURE; } ctx->state = GSSEAP_STATE_INITIAL; ctx->mechanismUsed = GSS_C_NO_OID; /* * Integrity, confidentiality, sequencing and replay detection are * always available. Regardless of what flags are requested in * GSS_Init_sec_context, implementations MUST set the flag corresponding * to these services in the output of GSS_Init_sec_context and * GSS_Accept_sec_context. */ ctx->gssFlags = GSS_C_TRANS_FLAG | /* exporting contexts */ GSS_C_INTEG_FLAG | /* integrity */ GSS_C_CONF_FLAG | /* confidentiality */ GSS_C_SEQUENCE_FLAG | /* sequencing */ GSS_C_REPLAY_FLAG; /* replay detection */ *pCtx = ctx; return GSS_S_COMPLETE; } static void releaseInitiatorContext(struct gss_eap_initiator_ctx *ctx) { eap_peer_sm_deinit(ctx->eap); } #ifdef GSSEAP_ENABLE_ACCEPTOR static void releaseAcceptorContext(struct gss_eap_acceptor_ctx *ctx) { OM_uint32 tmpMinor; if (ctx->radConn != NULL) rs_conn_destroy(ctx->radConn); if (ctx->radContext != NULL) rs_context_destroy(ctx->radContext); if (ctx->radServer != NULL) GSSEAP_FREE(ctx->radServer); gss_release_buffer(&tmpMinor, &ctx->state); if (ctx->vps != NULL) gssEapRadiusFreeAvps(&tmpMinor, &ctx->vps); } #endif /* GSSEAP_ENABLE_ACCEPTOR */ OM_uint32 gssEapReleaseContext(OM_uint32 *minor, gss_ctx_id_t *pCtx) { OM_uint32 tmpMinor; gss_ctx_id_t ctx = *pCtx; krb5_context krbContext = NULL; if (ctx == GSS_C_NO_CONTEXT) { return GSS_S_COMPLETE; } gssEapKerberosInit(&tmpMinor, &krbContext); #ifdef GSSEAP_ENABLE_REAUTH if (ctx->flags & CTX_FLAG_KRB_REAUTH) { gssDeleteSecContext(&tmpMinor, &ctx->reauthCtx, GSS_C_NO_BUFFER); } else #endif /* GSSEAP_ENABLE_REAUTH */ if (CTX_IS_INITIATOR(ctx)) { releaseInitiatorContext(&ctx->initiatorCtx); } #ifdef GSSEAP_ENABLE_ACCEPTOR else { releaseAcceptorContext(&ctx->acceptorCtx); } #endif /* GSSEAP_ENABLE_ACCEPTOR */ krb5_free_keyblock_contents(krbContext, &ctx->rfc3961Key); gssEapReleaseName(&tmpMinor, &ctx->initiatorName); gssEapReleaseName(&tmpMinor, &ctx->acceptorName); gssEapReleaseOid(&tmpMinor, &ctx->mechanismUsed); sequenceFree(&tmpMinor, &ctx->seqState); gssEapReleaseCred(&tmpMinor, &ctx->cred); GSSEAP_MUTEX_DESTROY(&ctx->mutex); memset(ctx, 0, sizeof(*ctx)); GSSEAP_FREE(ctx); *pCtx = GSS_C_NO_CONTEXT; *minor = 0; return GSS_S_COMPLETE; } OM_uint32 gssEapMakeToken(OM_uint32 *minor, gss_ctx_id_t ctx, const gss_buffer_t innerToken, enum gss_eap_token_type tokenType, gss_buffer_t outputToken) { unsigned char *p; GSSEAP_ASSERT(ctx->mechanismUsed != GSS_C_NO_OID); outputToken->length = tokenSize(ctx->mechanismUsed, innerToken->length); outputToken->value = GSSEAP_MALLOC(outputToken->length); if (outputToken->value == NULL) { *minor = ENOMEM; return GSS_S_FAILURE; } p = (unsigned char *)outputToken->value; makeTokenHeader(ctx->mechanismUsed, innerToken->length, &p, tokenType); memcpy(p, innerToken->value, innerToken->length); *minor = 0; return GSS_S_COMPLETE; } OM_uint32 gssEapVerifyToken(OM_uint32 *minor, gss_ctx_id_t ctx, const gss_buffer_t inputToken, enum gss_eap_token_type *actualToken, gss_buffer_t innerInputToken) { OM_uint32 major; size_t bodySize; unsigned char *p = (unsigned char *)inputToken->value; gss_OID_desc oidBuf; gss_OID oid; if (ctx->mechanismUsed != GSS_C_NO_OID) { oid = ctx->mechanismUsed; } else { oidBuf.elements = NULL; oidBuf.length = 0; oid = &oidBuf; } major = verifyTokenHeader(minor, oid, &bodySize, &p, inputToken->length, actualToken); if (GSS_ERROR(major)) return major; if (ctx->mechanismUsed == GSS_C_NO_OID) { major = gssEapCanonicalizeOid(minor, oid, 0, &ctx->mechanismUsed); if (GSS_ERROR(major)) return major; } innerInputToken->length = bodySize; innerInputToken->value = p; *minor = 0; return GSS_S_COMPLETE; } OM_uint32 gssEapContextTime(OM_uint32 *minor, gss_ctx_id_t context_handle, OM_uint32 *time_rec) { *minor = 0; if (context_handle->expiryTime == 0) { *time_rec = GSS_C_INDEFINITE; } else { time_t now, lifetime; time(&now); lifetime = context_handle->expiryTime - now; if (lifetime <= 0) { *time_rec = 0; return GSS_S_CONTEXT_EXPIRED; } *time_rec = lifetime; } return GSS_S_COMPLETE; } static OM_uint32 gssEapMakeOrVerifyTokenMIC(OM_uint32 *minor, gss_ctx_id_t ctx, gss_buffer_t tokenMIC, int verifyMIC) { OM_uint32 major; size_t i = 0, j; enum gss_eap_token_type tokType; OM_uint32 micTokType; unsigned char wireTokType[2]; unsigned char *innerTokTypes = NULL, *innerTokLengths = NULL; const struct gss_eap_token_buffer_set *tokens; ssize_t checksumIndex = -1; krb5_keyusage usage; krb5_error_code code = 0; krb5_context krbContext; krb5_crypto_iov *kiov = NULL; #ifdef HAVE_HEIMDAL_VERSION krb5_crypto krbCrypto = NULL; krb5_cksumtype cksumType; #endif size_t kiovCount; GSSEAP_KRB_INIT(&krbContext); tokens = verifyMIC ? ctx->inputTokens : ctx->outputTokens; GSSEAP_ASSERT(tokens != NULL); #ifdef HAVE_HEIMDAL_VERSION code = krb5_crypto_init(krbContext, &ctx->rfc3961Key, ETYPE_NULL, &krbCrypto); if (code != 0) goto cleanup; #endif kiovCount = 2 + (3 * tokens->buffers.count) + 1; if (verifyMIC) { assert(tokens->buffers.count != 0); kiovCount -= 3; } kiov = GSSEAP_CALLOC(kiovCount, sizeof(*kiov)); if (kiov == NULL) { *minor = ENOMEM; goto cleanup; } innerTokTypes = GSSEAP_MALLOC(4 * tokens->buffers.count); if (innerTokTypes == NULL) { *minor = ENOMEM; goto cleanup; } innerTokLengths = GSSEAP_MALLOC(4 * tokens->buffers.count); if (innerTokLengths == NULL) { *minor = ENOMEM; goto cleanup; } /* Mechanism OID */ GSSEAP_ASSERT(ctx->mechanismUsed != GSS_C_NO_OID); kiov[i].flags = KRB5_CRYPTO_TYPE_SIGN_ONLY; kiov[i].data.length = ctx->mechanismUsed->length; kiov[i].data.data = ctx->mechanismUsed->elements; i++; /* Token type */ if (CTX_IS_INITIATOR(ctx) ^ verifyMIC) { tokType = TOK_TYPE_INITIATOR_CONTEXT; micTokType = ITOK_TYPE_INITIATOR_MIC; usage = KEY_USAGE_GSSEAP_INITOKEN_MIC; } else { tokType = TOK_TYPE_ACCEPTOR_CONTEXT; micTokType = ITOK_TYPE_ACCEPTOR_MIC; usage = KEY_USAGE_GSSEAP_ACCTOKEN_MIC; } store_uint16_be(tokType, wireTokType); kiov[i].flags = KRB5_CRYPTO_TYPE_SIGN_ONLY; kiov[i].data.length = sizeof(wireTokType); kiov[i].data.data = (char *)wireTokType; i++; for (j = 0; j < tokens->buffers.count; j++) { if (verifyMIC && (tokens->types[j] & ITOK_TYPE_MASK) == micTokType) { continue; } kiov[i].flags = KRB5_CRYPTO_TYPE_SIGN_ONLY; kiov[i].data.length = 4; kiov[i].data.data = (char *)&innerTokTypes[j * 4]; store_uint32_be(tokens->types[j] & ~(ITOK_FLAG_VERIFIED), kiov[i].data.data); i++; kiov[i].flags = KRB5_CRYPTO_TYPE_SIGN_ONLY; kiov[i].data.length = 4; kiov[i].data.data = (char *)&innerTokLengths[j * 4]; store_uint32_be(tokens->buffers.elements[j].length, kiov[i].data.data); i++; kiov[i].flags = KRB5_CRYPTO_TYPE_SIGN_ONLY; gssBufferToKrbData(&tokens->buffers.elements[j], &kiov[i].data); i++; } kiov[i].flags = KRB5_CRYPTO_TYPE_CHECKSUM; if (verifyMIC) { gssBufferToKrbData(tokenMIC, &kiov[i].data); } else { size_t checksumSize; code = krb5_c_checksum_length(krbContext, ctx->checksumType, &checksumSize); if (code != 0) goto cleanup; kiov[i].data.data = GSSEAP_MALLOC(checksumSize); if (kiov[i].data.data == NULL) { code = ENOMEM; goto cleanup; } kiov[i].data.length = checksumSize; checksumIndex = i; } i++; GSSEAP_ASSERT(i == kiovCount); #ifdef HAVE_HEIMDAL_VERSION cksumType = ctx->checksumType; if (verifyMIC) { code = krb5_verify_checksum_iov(krbContext, krbCrypto, usage, kiov, i, &cksumType); } else { code = krb5_create_checksum_iov(krbContext, krbCrypto, usage, kiov, i, &cksumType); } #else if (verifyMIC) { krb5_boolean kvalid = FALSE; code = krb5_c_verify_checksum_iov(krbContext, ctx->checksumType, &ctx->rfc3961Key, usage, kiov, i, &kvalid); if (code == 0 && !kvalid) { code = KRB5KRB_AP_ERR_BAD_INTEGRITY; } } else { code = krb5_c_make_checksum_iov(krbContext, ctx->checksumType, &ctx->rfc3961Key, usage, kiov, i); } #endif /* HAVE_HEIMDAL_VERSION */ if (code == 0 && !verifyMIC) { krbDataToGssBuffer(&kiov[checksumIndex].data, tokenMIC); checksumIndex = -1; } cleanup: if (checksumIndex != -1) GSSEAP_FREE(kiov[checksumIndex].data.data); if (kiov != NULL) GSSEAP_FREE(kiov); if (innerTokTypes != NULL) GSSEAP_FREE(innerTokTypes); if (innerTokLengths != NULL) GSSEAP_FREE(innerTokLengths); #ifdef HAVE_HEIMDAL_VERSION if (krbCrypto != NULL) krb5_crypto_destroy(krbContext, krbCrypto); #endif *minor = code; switch (code) { case KRB5KRB_AP_ERR_BAD_INTEGRITY: major = GSS_S_BAD_SIG; break; case 0: major = GSS_S_COMPLETE; break; default: major = GSS_S_FAILURE; break; } return major; } OM_uint32 gssEapMakeTokenMIC(OM_uint32 *minor, gss_ctx_id_t ctx, gss_buffer_t tokenMIC) { tokenMIC->length = 0; tokenMIC->value = NULL; return gssEapMakeOrVerifyTokenMIC(minor, ctx, tokenMIC, FALSE); } OM_uint32 gssEapVerifyTokenMIC(OM_uint32 *minor, gss_ctx_id_t ctx, const gss_buffer_t tokenMIC) { return gssEapMakeOrVerifyTokenMIC(minor, ctx, tokenMIC, TRUE); } mech_eap-0.9.2/mech_eap/util_name.c0000644001755200017500000005530512406014472014105 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * Portions Copyright 2009 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright * notice appear in all copies and that both that copyright notice and * this permission notice appear in supporting documentation, and that * the name of M.I.T. not be used in advertising or publicity pertaining * to distribution of the software without specific, written prior * permission. Furthermore if you modify this software you must label * your software as modified software and not distribute it in such a * fashion that it might be confused with the original M.I.T. software. * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. */ /* * Name utility routines. */ #include "gssapiP_eap.h" static gss_OID_desc gssEapNtEapName = { /* 1.3.6.1.5.5.15.2.1 */ 8, "\x2B\x06\x01\x05\x05\x0f\x02\x01" }; gss_OID GSS_EAP_NT_EAP_NAME = &gssEapNtEapName; OM_uint32 gssEapAllocName(OM_uint32 *minor, gss_name_t *pName) { OM_uint32 tmpMinor; gss_name_t name; *pName = GSS_C_NO_NAME; name = (gss_name_t)GSSEAP_CALLOC(1, sizeof(*name)); if (name == NULL) { *minor = ENOMEM; return GSS_S_FAILURE; } if (GSSEAP_MUTEX_INIT(&name->mutex) != 0) { *minor = GSSEAP_GET_LAST_ERROR(); gssEapReleaseName(&tmpMinor, &name); return GSS_S_FAILURE; } *pName = name; return GSS_S_COMPLETE; } OM_uint32 gssEapReleaseName(OM_uint32 *minor, gss_name_t *pName) { gss_name_t name; krb5_context krbContext = NULL; OM_uint32 tmpMinor; *minor = 0; if (pName == NULL) { return GSS_S_COMPLETE; } name = *pName; if (name == GSS_C_NO_NAME) { return GSS_S_COMPLETE; } GSSEAP_KRB_INIT(&krbContext); krb5_free_principal(krbContext, name->krbPrincipal); gssEapReleaseOid(&tmpMinor, &name->mechanismUsed); #ifdef GSSEAP_ENABLE_ACCEPTOR gssEapReleaseAttrContext(&tmpMinor, name); #endif GSSEAP_MUTEX_DESTROY(&name->mutex); GSSEAP_FREE(name); *pName = NULL; return GSS_S_COMPLETE; } static OM_uint32 krbPrincipalToName(OM_uint32 *minor, krb5_principal *principal, gss_name_t *pName) { OM_uint32 major; gss_name_t name; major = gssEapAllocName(minor, &name); if (GSS_ERROR(major)) return major; name->krbPrincipal = *principal; *principal = NULL; if (KRB_PRINC_LENGTH(name->krbPrincipal) >= 1) { name->flags |= NAME_FLAG_SERVICE; } if (KRB_PRINC_LENGTH(name->krbPrincipal) == 1) { name->flags |= NAME_FLAG_NAI; } *pName = name; *minor = 0; return GSS_S_COMPLETE; } static char * gssEapGetDefaultRealm(krb5_context krbContext) { char *defaultRealm = NULL; krb5_appdefault_string(krbContext, "eap_gss", NULL, "default_realm", "", &defaultRealm); return defaultRealm; } static OM_uint32 importServiceName(OM_uint32 *minor, const gss_buffer_t nameBuffer, gss_name_t *pName) { OM_uint32 major; krb5_error_code code; krb5_context krbContext; krb5_principal krbPrinc; char *service, *host, *realm = NULL; GSSEAP_KRB_INIT(&krbContext); major = bufferToString(minor, nameBuffer, &service); if (GSS_ERROR(major)) return major; host = strchr(service, '@'); if (host != NULL) { *host = '\0'; host++; } realm = gssEapGetDefaultRealm(krbContext); code = krb5_build_principal(krbContext, &krbPrinc, realm != NULL ? strlen(realm) : 0, realm != NULL ? realm : "", service, host, NULL); if (code == 0) { KRB_PRINC_TYPE(krbPrinc) = KRB5_NT_SRV_HST; major = krbPrincipalToName(minor, &krbPrinc, pName); if (GSS_ERROR(major)) krb5_free_principal(krbContext, krbPrinc); } else { major = GSS_S_FAILURE; *minor = GSSEAP_BAD_SERVICE_NAME; } if (realm != NULL) krb5_free_default_realm(krbContext, realm); GSSEAP_FREE(service); return major; } #define IMPORT_FLAG_DEFAULT_REALM 0x1 /* * Import an EAP name, possibly appending the default GSS EAP realm, */ static OM_uint32 importEapNameFlags(OM_uint32 *minor, const gss_buffer_t nameBuffer, OM_uint32 importFlags, gss_name_t *pName) { OM_uint32 major; krb5_context krbContext; krb5_principal krbPrinc = NULL; krb5_error_code code; char *nameString; GSSEAP_KRB_INIT(&krbContext); if (nameBuffer == GSS_C_NO_BUFFER) { nameString = ""; code = KRB5_PARSE_MALFORMED; } else { major = bufferToString(minor, nameBuffer, &nameString); if (GSS_ERROR(major)) return major; /* * First, attempt to parse the name on the assumption that it includes * a qualifying realm. This allows us to avoid accidentally appending * the default Kerberos realm to an unqualified name. (A bug in MIT * Kerberos prevents the default realm being set to an empty value.) */ code = krb5_parse_name_flags(krbContext, nameString, KRB5_PRINCIPAL_PARSE_REQUIRE_REALM, &krbPrinc); } if (code == KRB5_PARSE_MALFORMED) { char *defaultRealm = NULL; int parseFlags = 0; /* Possibly append the default EAP realm if required */ if (importFlags & IMPORT_FLAG_DEFAULT_REALM) defaultRealm = gssEapGetDefaultRealm(krbContext); /* If no default realm, leave the realm empty in the parsed name */ if (defaultRealm == NULL || defaultRealm[0] == '\0') parseFlags |= KRB5_PRINCIPAL_PARSE_NO_REALM; code = krb5_parse_name_flags(krbContext, nameString, parseFlags, &krbPrinc); #ifdef HAVE_HEIMDAL_VERSION if (code == 0 && KRB_PRINC_REALM(krbPrinc) == NULL) { KRB_PRINC_REALM(krbPrinc) = KRB_CALLOC(1, sizeof(char)); if (KRB_PRINC_REALM(krbPrinc) == NULL) code = ENOMEM; } #endif if (defaultRealm != NULL) krb5_free_default_realm(krbContext, defaultRealm); } if (nameBuffer != GSS_C_NO_BUFFER) GSSEAP_FREE(nameString); if (code != 0) { *minor = code; return GSS_S_FAILURE; } GSSEAP_ASSERT(krbPrinc != NULL); major = krbPrincipalToName(minor, &krbPrinc, pName); if (GSS_ERROR(major)) krb5_free_principal(krbContext, krbPrinc); return major; } static OM_uint32 importEapName(OM_uint32 *minor, const gss_buffer_t nameBuffer, gss_name_t *pName) { return importEapNameFlags(minor, nameBuffer, 0, pName); } static OM_uint32 importUserName(OM_uint32 *minor, const gss_buffer_t nameBuffer, gss_name_t *pName) { return importEapNameFlags(minor, nameBuffer, IMPORT_FLAG_DEFAULT_REALM, pName); } static OM_uint32 importAnonymousName(OM_uint32 *minor, const gss_buffer_t nameBuffer GSSEAP_UNUSED, gss_name_t *pName) { return importEapNameFlags(minor, GSS_C_NO_BUFFER, 0, pName); } #define UPDATE_REMAIN(n) do { \ p += (n); \ remain -= (n); \ } while (0) #define CHECK_REMAIN(n) do { \ if (remain < (n)) { \ major = GSS_S_BAD_NAME; \ *minor = GSSEAP_TOK_TRUNC; \ goto cleanup; \ } \ } while (0) OM_uint32 gssEapImportNameInternal(OM_uint32 *minor, const gss_buffer_t nameBuffer, gss_name_t *pName, OM_uint32 flags) { OM_uint32 major, tmpMinor; krb5_context krbContext; unsigned char *p; size_t len, remain; gss_buffer_desc buf; gss_name_t name = GSS_C_NO_NAME; gss_OID mechanismUsed = GSS_C_NO_OID; GSSEAP_KRB_INIT(&krbContext); p = (unsigned char *)nameBuffer->value; remain = nameBuffer->length; if (flags & EXPORT_NAME_FLAG_OID) { gss_OID_desc mech; enum gss_eap_token_type tokType; uint16_t wireTokType; /* TOK_ID || MECH_OID_LEN || MECH_OID */ if (remain < 6) { *minor = GSSEAP_BAD_NAME_TOKEN; return GSS_S_BAD_NAME; } if (flags & EXPORT_NAME_FLAG_COMPOSITE) tokType = TOK_TYPE_EXPORT_NAME_COMPOSITE; else tokType = TOK_TYPE_EXPORT_NAME; /* TOK_ID */ wireTokType = load_uint16_be(p); if ((flags & EXPORT_NAME_FLAG_ALLOW_COMPOSITE) && wireTokType == TOK_TYPE_EXPORT_NAME_COMPOSITE) { tokType = TOK_TYPE_EXPORT_NAME_COMPOSITE; flags |= EXPORT_NAME_FLAG_COMPOSITE; } if (wireTokType != tokType) { *minor = GSSEAP_WRONG_TOK_ID; return GSS_S_BAD_NAME; } UPDATE_REMAIN(2); /* MECH_OID_LEN */ len = load_uint16_be(p); if (len < 2) { *minor = GSSEAP_BAD_NAME_TOKEN; return GSS_S_BAD_NAME; } UPDATE_REMAIN(2); /* MECH_OID */ if (p[0] != 0x06) { *minor = GSSEAP_BAD_NAME_TOKEN; return GSS_S_BAD_NAME; } mech.length = p[1]; mech.elements = &p[2]; CHECK_REMAIN(mech.length); major = gssEapCanonicalizeOid(minor, &mech, OID_FLAG_FAMILY_MECH_VALID | OID_FLAG_MAP_FAMILY_MECH_TO_NULL, &mechanismUsed); if (GSS_ERROR(major)) goto cleanup; UPDATE_REMAIN(2 + mech.length); } /* NAME_LEN */ CHECK_REMAIN(4); len = load_uint32_be(p); UPDATE_REMAIN(4); /* NAME */ CHECK_REMAIN(len); buf.length = len; buf.value = p; UPDATE_REMAIN(len); major = importEapNameFlags(minor, &buf, 0, &name); if (GSS_ERROR(major)) goto cleanup; name->mechanismUsed = mechanismUsed; mechanismUsed = GSS_C_NO_OID; #ifdef GSSEAP_ENABLE_ACCEPTOR if (flags & EXPORT_NAME_FLAG_COMPOSITE) { gss_buffer_desc buf; buf.length = remain; buf.value = p; major = gssEapImportAttrContext(minor, &buf, name); if (GSS_ERROR(major)) goto cleanup; } #endif major = GSS_S_COMPLETE; *minor = 0; cleanup: if (GSS_ERROR(major)) { gssEapReleaseOid(&tmpMinor, &mechanismUsed); gssEapReleaseName(&tmpMinor, &name); } else { *pName = name; } return major; } static OM_uint32 importExportName(OM_uint32 *minor, const gss_buffer_t nameBuffer, gss_name_t *name) { return gssEapImportNameInternal(minor, nameBuffer, name, EXPORT_NAME_FLAG_OID | EXPORT_NAME_FLAG_ALLOW_COMPOSITE); } #ifdef HAVE_GSS_C_NT_COMPOSITE_EXPORT static OM_uint32 importCompositeExportName(OM_uint32 *minor, const gss_buffer_t nameBuffer, gss_name_t *name) { return gssEapImportNameInternal(minor, nameBuffer, name, EXPORT_NAME_FLAG_OID | EXPORT_NAME_FLAG_COMPOSITE); } #endif struct gss_eap_name_import_provider { gss_const_OID oid; OM_uint32 (*import)(OM_uint32 *, const gss_buffer_t, gss_name_t *); }; OM_uint32 gssEapImportName(OM_uint32 *minor, const gss_buffer_t nameBuffer, const gss_OID nameType, const gss_OID mechType, gss_name_t *pName) { struct gss_eap_name_import_provider nameTypes[] = { { GSS_EAP_NT_EAP_NAME, importEapName }, { GSS_C_NT_USER_NAME, importUserName }, { GSS_C_NT_HOSTBASED_SERVICE, importServiceName }, { GSS_C_NT_HOSTBASED_SERVICE_X, importServiceName }, { GSS_C_NT_ANONYMOUS, importAnonymousName }, { GSS_C_NT_EXPORT_NAME, importExportName }, { GSS_KRB5_NT_PRINCIPAL_NAME, importUserName }, #ifdef HAVE_GSS_C_NT_COMPOSITE_EXPORT { GSS_C_NT_COMPOSITE_EXPORT, importCompositeExportName }, #endif }; size_t i; OM_uint32 major = GSS_S_BAD_NAMETYPE; OM_uint32 tmpMinor; gss_name_t name = GSS_C_NO_NAME; for (i = 0; i < sizeof(nameTypes) / sizeof(nameTypes[0]); i++) { if (oidEqual(nameTypes[i].oid, nameType == GSS_C_NO_OID ? GSS_EAP_NT_EAP_NAME : nameType)) { major = nameTypes[i].import(minor, nameBuffer, &name); break; } } if (major == GSS_S_COMPLETE && mechType != GSS_C_NO_OID) { GSSEAP_ASSERT(gssEapIsConcreteMechanismOid(mechType)); GSSEAP_ASSERT(name != GSS_C_NO_NAME); GSSEAP_ASSERT(name->mechanismUsed == GSS_C_NO_OID); major = gssEapCanonicalizeOid(minor, mechType, 0, &name->mechanismUsed); } if (GSS_ERROR(major)) gssEapReleaseName(&tmpMinor, &name); else *pName = name; return major; } OM_uint32 gssEapExportName(OM_uint32 *minor, const gss_name_t name, gss_buffer_t exportedName) { return gssEapExportNameInternal(minor, name, exportedName, EXPORT_NAME_FLAG_OID); } OM_uint32 gssEapExportNameInternal(OM_uint32 *minor, const gss_name_t name, gss_buffer_t exportedName, OM_uint32 flags) { OM_uint32 major = GSS_S_FAILURE, tmpMinor; gss_buffer_desc nameBuf = GSS_C_EMPTY_BUFFER; size_t exportedNameLen; unsigned char *p; gss_buffer_desc attrs = GSS_C_EMPTY_BUFFER; gss_OID mech; exportedName->length = 0; exportedName->value = NULL; if (name->mechanismUsed != GSS_C_NO_OID) mech = name->mechanismUsed; else mech = GSS_EAP_MECHANISM; major = gssEapDisplayName(minor, name, &nameBuf, NULL); if (GSS_ERROR(major)) goto cleanup; exportedNameLen = 0; if (flags & EXPORT_NAME_FLAG_OID) { exportedNameLen += 6 + mech->length; } exportedNameLen += 4 + nameBuf.length; #ifdef GSSEAP_ENABLE_ACCEPTOR if (flags & EXPORT_NAME_FLAG_COMPOSITE) { major = gssEapExportAttrContext(minor, name, &attrs); if (GSS_ERROR(major)) goto cleanup; exportedNameLen += attrs.length; } #endif exportedName->value = GSSEAP_MALLOC(exportedNameLen); if (exportedName->value == NULL) { major = GSS_S_FAILURE; *minor = ENOMEM; goto cleanup; } exportedName->length = exportedNameLen; p = (unsigned char *)exportedName->value; if (flags & EXPORT_NAME_FLAG_OID) { /* TOK | MECH_OID_LEN */ store_uint16_be((flags & EXPORT_NAME_FLAG_COMPOSITE) ? TOK_TYPE_EXPORT_NAME_COMPOSITE : TOK_TYPE_EXPORT_NAME, p); p += 2; store_uint16_be(mech->length + 2, p); p += 2; /* MECH_OID */ *p++ = 0x06; *p++ = mech->length & 0xff; memcpy(p, mech->elements, mech->length); p += mech->length; } /* NAME_LEN */ store_uint32_be(nameBuf.length, p); p += 4; /* NAME */ memcpy(p, nameBuf.value, nameBuf.length); p += nameBuf.length; if (flags & EXPORT_NAME_FLAG_COMPOSITE) { memcpy(p, attrs.value, attrs.length); p += attrs.length; } GSSEAP_ASSERT(p == (unsigned char *)exportedName->value + exportedNameLen); major = GSS_S_COMPLETE; *minor = 0; cleanup: gss_release_buffer(&tmpMinor, &attrs); gss_release_buffer(&tmpMinor, &nameBuf); if (GSS_ERROR(major)) gss_release_buffer(&tmpMinor, exportedName); return major; } OM_uint32 gssEapCanonicalizeName(OM_uint32 *minor, const gss_name_t input_name, const gss_OID mech_type, gss_name_t *dest_name) { OM_uint32 major, tmpMinor; krb5_context krbContext; gss_name_t name; gss_OID mech_used; if (input_name == GSS_C_NO_NAME) { *minor = EINVAL; return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_BAD_NAME; } GSSEAP_KRB_INIT(&krbContext); major = gssEapAllocName(minor, &name); if (GSS_ERROR(major)) { return major; } if (mech_type != GSS_C_NO_OID) mech_used = mech_type; else mech_used = input_name->mechanismUsed; major = gssEapCanonicalizeOid(minor, mech_used, OID_FLAG_NULL_VALID, &name->mechanismUsed); if (GSS_ERROR(major)) goto cleanup; name->flags = input_name->flags; *minor = krb5_copy_principal(krbContext, input_name->krbPrincipal, &name->krbPrincipal); if (*minor != 0) { major = GSS_S_FAILURE; goto cleanup; } #ifdef GSSEAP_ENABLE_ACCEPTOR if (input_name->attrCtx != NULL) { major = gssEapDuplicateAttrContext(minor, input_name, name); if (GSS_ERROR(major)) goto cleanup; } #endif *dest_name = name; cleanup: if (GSS_ERROR(major)) { gssEapReleaseName(&tmpMinor, &name); } return major; } OM_uint32 gssEapDuplicateName(OM_uint32 *minor, const gss_name_t input_name, gss_name_t *dest_name) { return gssEapCanonicalizeName(minor, input_name, GSS_C_NO_OID, dest_name); } static int hasRealmP(gss_name_t name) { #ifdef HAVE_HEIMDAL_VERSION if (KRB_PRINC_REALM(name->krbPrincipal) != NULL && KRB_PRINC_REALM(name->krbPrincipal)[0] != '\0') #else if (KRB_PRINC_REALM(name->krbPrincipal)->length != 0) #endif return TRUE; return FALSE; } OM_uint32 gssEapDisplayName(OM_uint32 *minor, gss_name_t name, gss_buffer_t output_name_buffer, gss_OID *output_name_type) { OM_uint32 major; krb5_context krbContext; char *krbName; gss_OID name_type; int flags = 0; GSSEAP_KRB_INIT(&krbContext); output_name_buffer->length = 0; output_name_buffer->value = NULL; if (name == GSS_C_NO_NAME) { *minor = EINVAL; return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_BAD_NAME; } /* * According to draft-ietf-abfab-gss-eap-01, when the realm is * absent the trailing '@' is not included. */ if (!hasRealmP(name)) flags |= KRB5_PRINCIPAL_UNPARSE_NO_REALM; *minor = krb5_unparse_name_flags(krbContext, name->krbPrincipal, flags, &krbName); if (*minor != 0) { return GSS_S_FAILURE; } major = makeStringBuffer(minor, krbName, output_name_buffer); #ifdef HAVE_HEIMDAL_VERSION krb5_xfree(krbName); #else krb5_free_unparsed_name(krbContext, krbName); #endif if (GSS_ERROR(major)) return major; if (output_name_buffer->length == 0) { name_type = GSS_C_NT_ANONYMOUS; } else if (name->flags & NAME_FLAG_NAI) { name_type = GSS_C_NT_USER_NAME; } else { name_type = GSS_EAP_NT_EAP_NAME; } if (output_name_type != NULL) *output_name_type = name_type; return GSS_S_COMPLETE; } OM_uint32 gssEapCompareName(OM_uint32 *minor, gss_name_t name1, gss_name_t name2, OM_uint32 flags, int *name_equal) { krb5_context krbContext; *minor = 0; if (name1 == GSS_C_NO_NAME && name2 == GSS_C_NO_NAME) { *name_equal = 1; } else if (name1 != GSS_C_NO_NAME && name2 != GSS_C_NO_NAME) { GSSEAP_KRB_INIT(&krbContext); /* krbPrincipal is immutable, so lock not required */ if ((flags & COMPARE_NAME_FLAG_IGNORE_EMPTY_REALMS) && (hasRealmP(name1) == FALSE || hasRealmP(name2) == FALSE)) { *name_equal = krb5_principal_compare_any_realm(krbContext, name1->krbPrincipal, name2->krbPrincipal); } else { *name_equal = krb5_principal_compare(krbContext, name1->krbPrincipal, name2->krbPrincipal); } } else { *name_equal = 0; } return GSS_S_COMPLETE; } mech_eap-0.9.2/mech_eap/gsseap_err.et0000644001755200017500000002147512406014472014451 00000000000000# # Copyright (c) 2011, JANET(UK) # All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # 3. Neither the name of JANET(UK) nor the names of its contributors # may be used to endorse or promote products derived from this software # without specific prior written permission. # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # error_table eapg # # Protocol errors that can be returned in an error token. This should match # up with makeErrorToken in accept_sec_context.c. # error_code GSSEAP_RESERVED, "" error_code GSSEAP_WRONG_SIZE, "Buffer is incorrect size" error_code GSSEAP_WRONG_MECH, "Mechanism OID is incorrect" error_code GSSEAP_BAD_TOK_HEADER, "Token header is malformed or corrupt" error_code GSSEAP_TOK_TRUNC, "Token is missing data" error_code GSSEAP_BAD_DIRECTION, "Packet was replayed in wrong direction" error_code GSSEAP_WRONG_TOK_ID, "Received token ID does not match expected token ID" error_code GSSEAP_CRIT_ITOK_UNAVAILABLE, "Critical inner token type unavailable" error_code GSSEAP_MISSING_REQUIRED_ITOK, "Missing required inner token" error_code GSSEAP_DUPLICATE_ITOK, "Duplicate inner token received" error_code GSSEAP_WRONG_ITOK, "Recieved invalid inner token for current state" error_code GSSEAP_KEY_UNAVAILABLE, "EAP key unavailable" error_code GSSEAP_KEY_TOO_SHORT, "EAP key too short" error_code GSSEAP_RADIUS_AUTH_FAILURE, "Authentication rejected by RADIUS server" error_code GSSEAP_UNKNOWN_RADIUS_CODE, "Received unknown response code from RADIUS server" error_code GSSEAP_MISSING_EAP_REQUEST, "RADIUS response is missing EAP request" error_code GSSEAP_RADIUS_PROT_FAILURE, "Generic RADIUS failure" # # Context errors # error_code GSSEAP_CONTEXT_ESTABLISHED, "Context is already fully established" error_code GSSEAP_CONTEXT_INCOMPLETE, "Attempt to use incomplete security context" error_code GSSEAP_BAD_CONTEXT_TOKEN, "Context token is malformed or corrupt" error_code GSSEAP_BAD_ERROR_TOKEN, "Error token is malformed or corrupt" error_code GSSEAP_BAD_CONTEXT_OPTION, "Bad context option" # # Name errors # error_code GSSEAP_BAD_SERVICE_NAME, "Name is not a valid service name" error_code GSSEAP_BAD_INITIATOR_NAME, "Initiator identity must be a valid name" error_code GSSEAP_NO_HOSTNAME, "Could not determine local host name" error_code GSSEAP_NO_ACCEPTOR_NAME, "Could not determine acceptor identity" error_code GSSEAP_WRONG_ACCEPTOR_NAME, "Acceptor identity different than expected" error_code GSSEAP_BAD_ACCEPTOR_NAME, "Acceptor name is too long or has too many components" error_code GSSEAP_BAD_NAME_TOKEN, "Name token is malformed or corrupt" error_code GSSEAP_NO_LOCAL_MAPPING, "Unable to map name to a local identity" # # Credential errors # error_code GSSEAP_BAD_USAGE, "Credential usage type is unknown" error_code GSSEAP_CRED_USAGE_MISMATCH, "Credential usage does not match requested usage" error_code GSSEAP_CRED_MECH_MISMATCH, "Credential is not usable with this mechanism" error_code GSSEAP_CRED_EXPIRED, "Attributes indicate credentials have expired" error_code GSSEAP_BAD_CRED_OPTION, "Bad credential option" error_code GSSEAP_NO_DEFAULT_IDENTITY, "Default credentials identity unavailable" error_code GSSEAP_NO_DEFAULT_CRED, "Missing default password or other credentials" error_code GSSEAP_CRED_RESOLVED, "Credential is already fully resolved" error_code GSSEAP_BAD_CACERTIFICATE, "CA Certificate blob could not be parsed" # # Local identity service errors # error_code GSSEAP_UNABLE_TO_START_IDENTITY_SERVICE, "Unable to start identity service" error_code GSSEAP_NO_IDENTITY_SELECTED, "No identity selected" error_code GSSEAP_IDENTITY_SERVICE_INSTALL_ERROR, "Identity service installation error" error_code GSSEAP_IDENTITY_SERVICE_OS_ERROR, "Identity service OS error" error_code GSSEAP_IDENTITY_SERVICE_IPC_ERROR, "Identity service IPC error" error_code GSSEAP_IDENTITY_SERVICE_UNKNOWN_ERROR, "Unknown identity service error" # # Wrap/unwrap/PRF errors # error_code GSSEAP_BAD_WRAP_TOKEN, "Bad RFC 4121 wrap or MIC token" error_code GSSEAP_MISSING_IOV, "IOV is missing required buffer" error_code GSSEAP_BAD_STREAM_IOV, "Stream IOV can only contain a single data buffer" error_code GSSEAP_BAD_PADDING_IOV, "Padding IOV is not permitted for RFC 4121 tokens" error_code GSSEAP_UNKNOWN_QOP, "Unknown quality of protection specified" error_code GSSEAP_INPUT_TOO_LONG, "PRF input too long" error_code GSSEAP_BAD_PRF_KEY, "PRF key usage type is unknown" # # libeap errors # error_code GSSEAP_LIBEAP_INIT_FAILURE, "Failed to initialize EAP library" error_code GSSEAP_PEER_SM_INIT_FAILURE, "Failed to create EAP state machine" error_code GSSEAP_PEER_SM_STEP_FAILURE, "Failed to step EAP state machine" error_code GSSEAP_PEER_AUTH_FAILURE, "EAP peer authentication failure" error_code GSSEAP_PEER_BAD_MESSAGE, "Received bad EAP message" # # RadSec initialisation errors # error_code GSSEAP_RADSEC_INIT_FAILURE, "Failed to initialize RadSec library" error_code GSSEAP_RADSEC_CONTEXT_FAILURE, "Failed to create RadSec context" # # Attribute errors # error_code GSSEAP_NO_ATTR_CONTEXT, "Name has no attributes" error_code GSSEAP_NO_ATTR_PROVIDERS, "Failed to initialize attribute providers" error_code GSSEAP_NO_SUCH_ATTR, "Unknown naming attribute" error_code GSSEAP_BAD_ATTR_TOKEN, "Serialised attributes are malformed or corrupt" error_code GSSEAP_ATTR_CONTEXT_FAILURE, "Failed to initialize attribute context" # # OpenSAML errors # error_code GSSEAP_SAML_INIT_FAILURE, "Failed to initialize SAML library" error_code GSSEAP_SAML_SEC_POLICY_FAILURE, "Failed to process SAML security policy" error_code GSSEAP_SAML_BINDING_FAILURE, "Failed in SAML binding processing" error_code GSSEAP_SAML_PROFILE_FAILURE, "Failed to process SAML profile" error_code GSSEAP_SAML_FATAL_PROFILE_FAILURE, "Non-recoverable failure in SAML profile processing" error_code GSSEAP_SAML_RETRY_PROFILE_FAILURE, "Temporary failure in SAML profile processing" error_code GSSEAP_SAML_METADATA_FAILURE, "Failure related to SAML metadata use" # # Shibboleth errors # error_code GSSEAP_SHIB_INIT_FAILURE, "Failed to initialize Shibboleth" error_code GSSEAP_SHIB_ATTR_FAILURE, "Failure during local attribute processing" error_code GSSEAP_SHIB_ATTR_EXTRACT_FAILURE, "Failed to extract local attributes" error_code GSSEAP_SHIB_ATTR_FILTER_FAILURE, "Failed to filter local attributes" error_code GSSEAP_SHIB_ATTR_RESOLVE_FAILURE, "Failed to resolve local attributes" error_code GSSEAP_SHIB_CONFIG_FAILURE, "Local attribute configuration failure" error_code GSSEAP_SHIB_LISTENER_FAILURE, "Failed to communicate with local attribute server" # # Extensions # error_code GSSEAP_BINDINGS_MISMATCH, "Channel bindings do not match" error_code GSSEAP_MISSING_BINDINGS, "Channel binding token missing" error_code GSSEAP_NO_MECHGLUE_SYMBOL, "Could not find symbol in mechanism glue" error_code GSSEAP_BAD_INVOCATION, "Bad mechanism invoke OID" end mech_eap-0.9.2/mech_eap/config.sub0000755001755200017500000010316712406014472013747 00000000000000#! /bin/sh # Configuration validation subroutine script. # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, # 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 # Free Software Foundation, Inc. timestamp='2009-11-20' # This file is (in principle) common to ALL GNU software. # The presence of a machine in this file suggests that SOME GNU software # can handle that machine. It does not imply ALL GNU software can. # # This file is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA # 02110-1301, USA. # # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under # the same distribution terms that you use for the rest of that program. # Please send patches to . Submit a context # diff and a properly formatted GNU ChangeLog entry. # # Configuration subroutine to validate and canonicalize a configuration type. # Supply the specified configuration type as an argument. # If it is invalid, we print an error message on stderr and exit with code 1. # Otherwise, we print the canonical config type on stdout and succeed. # You can get the latest version of this script from: # http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD # This file is supposed to be the same for all GNU packages # and recognize all the CPU types, system types and aliases # that are meaningful with *any* GNU software. # Each package is responsible for reporting which valid configurations # it does not support. The user should be able to distinguish # a failure to support a valid configuration from a meaningless # configuration. # The goal of this file is to map all the various variations of a given # machine specification into a single specification in the form: # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM # or in some cases, the newer four-part form: # CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM # It is wrong to echo any other type of specification. me=`echo "$0" | sed -e 's,.*/,,'` usage="\ Usage: $0 [OPTION] CPU-MFR-OPSYS $0 [OPTION] ALIAS Canonicalize a configuration name. Operation modes: -h, --help print this help, then exit -t, --time-stamp print date of last modification, then exit -v, --version print version number, then exit Report bugs and patches to ." version="\ GNU config.sub ($timestamp) Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." help=" Try \`$me --help' for more information." # Parse command line while test $# -gt 0 ; do case $1 in --time-stamp | --time* | -t ) echo "$timestamp" ; exit ;; --version | -v ) echo "$version" ; exit ;; --help | --h* | -h ) echo "$usage"; exit ;; -- ) # Stop option processing shift; break ;; - ) # Use stdin as input. break ;; -* ) echo "$me: invalid option $1$help" exit 1 ;; *local*) # First pass through any local machine types. echo $1 exit ;; * ) break ;; esac done case $# in 0) echo "$me: missing argument$help" >&2 exit 1;; 1) ;; *) echo "$me: too many arguments$help" >&2 exit 1;; esac # Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any). # Here we must recognize all the valid KERNEL-OS combinations. maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` case $maybe_os in nto-qnx* | linux-gnu* | linux-dietlibc | linux-newlib* | linux-uclibc* | \ uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* | \ kopensolaris*-gnu* | \ storm-chaos* | os2-emx* | rtmk-nova*) os=-$maybe_os basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` ;; *) basic_machine=`echo $1 | sed 's/-[^-]*$//'` if [ $basic_machine != $1 ] then os=`echo $1 | sed 's/.*-/-/'` else os=; fi ;; esac ### Let's recognize common machines as not being operating systems so ### that things like config.sub decstation-3100 work. We also ### recognize some manufacturers as not being operating systems, so we ### can provide default operating systems below. case $os in -sun*os*) # Prevent following clause from handling this invalid input. ;; -dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \ -att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \ -unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \ -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ -apple | -axis | -knuth | -cray | -microblaze) os= basic_machine=$1 ;; -bluegene*) os=-cnk ;; -sim | -cisco | -oki | -wec | -winbond) os= basic_machine=$1 ;; -scout) ;; -wrs) os=-vxworks basic_machine=$1 ;; -chorusos*) os=-chorusos basic_machine=$1 ;; -chorusrdb) os=-chorusrdb basic_machine=$1 ;; -hiux*) os=-hiuxwe2 ;; -sco6) os=-sco5v6 basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -sco5) os=-sco3.2v5 basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -sco4) os=-sco3.2v4 basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -sco3.2.[4-9]*) os=`echo $os | sed -e 's/sco3.2./sco3.2v/'` basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -sco3.2v[4-9]*) # Don't forget version if it is 3.2v4 or newer. basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -sco5v6*) # Don't forget version if it is 3.2v4 or newer. basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -sco*) os=-sco3.2v2 basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -udk*) basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -isc) os=-isc2.2 basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -clix*) basic_machine=clipper-intergraph ;; -isc*) basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -lynx*) os=-lynxos ;; -ptx*) basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'` ;; -windowsnt*) os=`echo $os | sed -e 's/windowsnt/winnt/'` ;; -psos*) os=-psos ;; -mint | -mint[0-9]*) basic_machine=m68k-atari os=-mint ;; esac # Decode aliases for certain CPU-COMPANY combinations. case $basic_machine in # Recognize the basic CPU types without company name. # Some are omitted here because they have special meanings below. 1750a | 580 \ | a29k \ | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \ | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \ | am33_2.0 \ | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr | avr32 \ | bfin \ | c4x | clipper \ | d10v | d30v | dlx | dsp16xx \ | fido | fr30 | frv \ | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ | i370 | i860 | i960 | ia64 \ | ip2k | iq2000 \ | lm32 \ | m32c | m32r | m32rle | m68000 | m68k | m88k \ | maxq | mb | microblaze | mcore | mep | metag \ | mips | mipsbe | mipseb | mipsel | mipsle \ | mips16 \ | mips64 | mips64el \ | mips64octeon | mips64octeonel \ | mips64orion | mips64orionel \ | mips64r5900 | mips64r5900el \ | mips64vr | mips64vrel \ | mips64vr4100 | mips64vr4100el \ | mips64vr4300 | mips64vr4300el \ | mips64vr5000 | mips64vr5000el \ | mips64vr5900 | mips64vr5900el \ | mipsisa32 | mipsisa32el \ | mipsisa32r2 | mipsisa32r2el \ | mipsisa64 | mipsisa64el \ | mipsisa64r2 | mipsisa64r2el \ | mipsisa64sb1 | mipsisa64sb1el \ | mipsisa64sr71k | mipsisa64sr71kel \ | mipstx39 | mipstx39el \ | mn10200 | mn10300 \ | moxie \ | mt \ | msp430 \ | nios | nios2 \ | ns16k | ns32k \ | or32 \ | pdp10 | pdp11 | pj | pjl \ | powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \ | pyramid \ | rx \ | score \ | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ | sh64 | sh64le \ | sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \ | sparcv8 | sparcv9 | sparcv9b | sparcv9v \ | spu | strongarm \ | tahoe | thumb | tic4x | tic80 | tron \ | ubicom32 \ | v850 | v850e \ | we32k \ | x86 | xc16x | xscale | xscalee[bl] | xstormy16 | xtensa \ | z8k | z80) basic_machine=$basic_machine-unknown ;; m6811 | m68hc11 | m6812 | m68hc12 | picochip) # Motorola 68HC11/12. basic_machine=$basic_machine-unknown os=-none ;; m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k) ;; ms1) basic_machine=mt-unknown ;; # We use `pc' rather than `unknown' # because (1) that's what they normally are, and # (2) the word "unknown" tends to confuse beginning users. i*86 | x86_64) basic_machine=$basic_machine-pc ;; # Object if more than one company name word. *-*-*) echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 exit 1 ;; # Recognize the basic CPU types with company name. 580-* \ | a29k-* \ | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \ | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \ | alphapca5[67]-* | alpha64pca5[67]-* | arc-* \ | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ | avr-* | avr32-* \ | bfin-* | bs2000-* \ | c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \ | clipper-* | craynv-* | cydra-* \ | d10v-* | d30v-* | dlx-* \ | elxsi-* \ | f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \ | h8300-* | h8500-* \ | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ | i*86-* | i860-* | i960-* | ia64-* \ | ip2k-* | iq2000-* \ | lm32-* \ | m32c-* | m32r-* | m32rle-* \ | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ | m88110-* | m88k-* | maxq-* | mcore-* | metag-* | microblaze-* \ | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ | mips16-* \ | mips64-* | mips64el-* \ | mips64octeon-* | mips64octeonel-* \ | mips64orion-* | mips64orionel-* \ | mips64r5900-* | mips64r5900el-* \ | mips64vr-* | mips64vrel-* \ | mips64vr4100-* | mips64vr4100el-* \ | mips64vr4300-* | mips64vr4300el-* \ | mips64vr5000-* | mips64vr5000el-* \ | mips64vr5900-* | mips64vr5900el-* \ | mipsisa32-* | mipsisa32el-* \ | mipsisa32r2-* | mipsisa32r2el-* \ | mipsisa64-* | mipsisa64el-* \ | mipsisa64r2-* | mipsisa64r2el-* \ | mipsisa64sb1-* | mipsisa64sb1el-* \ | mipsisa64sr71k-* | mipsisa64sr71kel-* \ | mipstx39-* | mipstx39el-* \ | mmix-* \ | mt-* \ | msp430-* \ | nios-* | nios2-* \ | none-* | np1-* | ns16k-* | ns32k-* \ | orion-* \ | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \ | pyramid-* \ | romp-* | rs6000-* | rx-* \ | sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \ | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ | sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \ | sparclite-* \ | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | strongarm-* | sv1-* | sx?-* \ | tahoe-* | thumb-* \ | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* | tile-* \ | tron-* \ | ubicom32-* \ | v850-* | v850e-* | vax-* \ | we32k-* \ | x86-* | x86_64-* | xc16x-* | xps100-* | xscale-* | xscalee[bl]-* \ | xstormy16-* | xtensa*-* \ | ymp-* \ | z8k-* | z80-*) ;; # Recognize the basic CPU types without company name, with glob match. xtensa*) basic_machine=$basic_machine-unknown ;; # Recognize the various machine names and aliases which stand # for a CPU type and a company and sometimes even an OS. 386bsd) basic_machine=i386-unknown os=-bsd ;; 3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc) basic_machine=m68000-att ;; 3b*) basic_machine=we32k-att ;; a29khif) basic_machine=a29k-amd os=-udi ;; abacus) basic_machine=abacus-unknown ;; adobe68k) basic_machine=m68010-adobe os=-scout ;; alliant | fx80) basic_machine=fx80-alliant ;; altos | altos3068) basic_machine=m68k-altos ;; am29k) basic_machine=a29k-none os=-bsd ;; amd64) basic_machine=x86_64-pc ;; amd64-*) basic_machine=x86_64-`echo $basic_machine | sed 's/^[^-]*-//'` ;; amdahl) basic_machine=580-amdahl os=-sysv ;; amiga | amiga-*) basic_machine=m68k-unknown ;; amigaos | amigados) basic_machine=m68k-unknown os=-amigaos ;; amigaunix | amix) basic_machine=m68k-unknown os=-sysv4 ;; apollo68) basic_machine=m68k-apollo os=-sysv ;; apollo68bsd) basic_machine=m68k-apollo os=-bsd ;; aros) basic_machine=i386-pc os=-aros ;; aux) basic_machine=m68k-apple os=-aux ;; balance) basic_machine=ns32k-sequent os=-dynix ;; blackfin) basic_machine=bfin-unknown os=-linux ;; blackfin-*) basic_machine=bfin-`echo $basic_machine | sed 's/^[^-]*-//'` os=-linux ;; bluegene*) basic_machine=powerpc-ibm os=-cnk ;; c90) basic_machine=c90-cray os=-unicos ;; cegcc) basic_machine=arm-unknown os=-cegcc ;; convex-c1) basic_machine=c1-convex os=-bsd ;; convex-c2) basic_machine=c2-convex os=-bsd ;; convex-c32) basic_machine=c32-convex os=-bsd ;; convex-c34) basic_machine=c34-convex os=-bsd ;; convex-c38) basic_machine=c38-convex os=-bsd ;; cray | j90) basic_machine=j90-cray os=-unicos ;; craynv) basic_machine=craynv-cray os=-unicosmp ;; cr16) basic_machine=cr16-unknown os=-elf ;; crds | unos) basic_machine=m68k-crds ;; crisv32 | crisv32-* | etraxfs*) basic_machine=crisv32-axis ;; cris | cris-* | etrax*) basic_machine=cris-axis ;; crx) basic_machine=crx-unknown os=-elf ;; da30 | da30-*) basic_machine=m68k-da30 ;; decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn) basic_machine=mips-dec ;; decsystem10* | dec10*) basic_machine=pdp10-dec os=-tops10 ;; decsystem20* | dec20*) basic_machine=pdp10-dec os=-tops20 ;; delta | 3300 | motorola-3300 | motorola-delta \ | 3300-motorola | delta-motorola) basic_machine=m68k-motorola ;; delta88) basic_machine=m88k-motorola os=-sysv3 ;; dicos) basic_machine=i686-pc os=-dicos ;; djgpp) basic_machine=i586-pc os=-msdosdjgpp ;; dpx20 | dpx20-*) basic_machine=rs6000-bull os=-bosx ;; dpx2* | dpx2*-bull) basic_machine=m68k-bull os=-sysv3 ;; ebmon29k) basic_machine=a29k-amd os=-ebmon ;; elxsi) basic_machine=elxsi-elxsi os=-bsd ;; encore | umax | mmax) basic_machine=ns32k-encore ;; es1800 | OSE68k | ose68k | ose | OSE) basic_machine=m68k-ericsson os=-ose ;; fx2800) basic_machine=i860-alliant ;; genix) basic_machine=ns32k-ns ;; gmicro) basic_machine=tron-gmicro os=-sysv ;; go32) basic_machine=i386-pc os=-go32 ;; h3050r* | hiux*) basic_machine=hppa1.1-hitachi os=-hiuxwe2 ;; h8300hms) basic_machine=h8300-hitachi os=-hms ;; h8300xray) basic_machine=h8300-hitachi os=-xray ;; h8500hms) basic_machine=h8500-hitachi os=-hms ;; harris) basic_machine=m88k-harris os=-sysv3 ;; hp300-*) basic_machine=m68k-hp ;; hp300bsd) basic_machine=m68k-hp os=-bsd ;; hp300hpux) basic_machine=m68k-hp os=-hpux ;; hp3k9[0-9][0-9] | hp9[0-9][0-9]) basic_machine=hppa1.0-hp ;; hp9k2[0-9][0-9] | hp9k31[0-9]) basic_machine=m68000-hp ;; hp9k3[2-9][0-9]) basic_machine=m68k-hp ;; hp9k6[0-9][0-9] | hp6[0-9][0-9]) basic_machine=hppa1.0-hp ;; hp9k7[0-79][0-9] | hp7[0-79][0-9]) basic_machine=hppa1.1-hp ;; hp9k78[0-9] | hp78[0-9]) # FIXME: really hppa2.0-hp basic_machine=hppa1.1-hp ;; hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893) # FIXME: really hppa2.0-hp basic_machine=hppa1.1-hp ;; hp9k8[0-9][13679] | hp8[0-9][13679]) basic_machine=hppa1.1-hp ;; hp9k8[0-9][0-9] | hp8[0-9][0-9]) basic_machine=hppa1.0-hp ;; hppa-next) os=-nextstep3 ;; hppaosf) basic_machine=hppa1.1-hp os=-osf ;; hppro) basic_machine=hppa1.1-hp os=-proelf ;; i370-ibm* | ibm*) basic_machine=i370-ibm ;; # I'm not sure what "Sysv32" means. Should this be sysv3.2? i*86v32) basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` os=-sysv32 ;; i*86v4*) basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` os=-sysv4 ;; i*86v) basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` os=-sysv ;; i*86sol2) basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` os=-solaris2 ;; i386mach) basic_machine=i386-mach os=-mach ;; i386-vsta | vsta) basic_machine=i386-unknown os=-vsta ;; iris | iris4d) basic_machine=mips-sgi case $os in -irix*) ;; *) os=-irix4 ;; esac ;; isi68 | isi) basic_machine=m68k-isi os=-sysv ;; m68knommu) basic_machine=m68k-unknown os=-linux ;; m68knommu-*) basic_machine=m68k-`echo $basic_machine | sed 's/^[^-]*-//'` os=-linux ;; m88k-omron*) basic_machine=m88k-omron ;; magnum | m3230) basic_machine=mips-mips os=-sysv ;; merlin) basic_machine=ns32k-utek os=-sysv ;; microblaze) basic_machine=microblaze-xilinx ;; mingw32) basic_machine=i386-pc os=-mingw32 ;; mingw32ce) basic_machine=arm-unknown os=-mingw32ce ;; miniframe) basic_machine=m68000-convergent ;; *mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*) basic_machine=m68k-atari os=-mint ;; mips3*-*) basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'` ;; mips3*) basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown ;; monitor) basic_machine=m68k-rom68k os=-coff ;; morphos) basic_machine=powerpc-unknown os=-morphos ;; msdos) basic_machine=i386-pc os=-msdos ;; ms1-*) basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'` ;; mvs) basic_machine=i370-ibm os=-mvs ;; ncr3000) basic_machine=i486-ncr os=-sysv4 ;; netbsd386) basic_machine=i386-unknown os=-netbsd ;; netwinder) basic_machine=armv4l-rebel os=-linux ;; news | news700 | news800 | news900) basic_machine=m68k-sony os=-newsos ;; news1000) basic_machine=m68030-sony os=-newsos ;; news-3600 | risc-news) basic_machine=mips-sony os=-newsos ;; necv70) basic_machine=v70-nec os=-sysv ;; next | m*-next ) basic_machine=m68k-next case $os in -nextstep* ) ;; -ns2*) os=-nextstep2 ;; *) os=-nextstep3 ;; esac ;; nh3000) basic_machine=m68k-harris os=-cxux ;; nh[45]000) basic_machine=m88k-harris os=-cxux ;; nindy960) basic_machine=i960-intel os=-nindy ;; mon960) basic_machine=i960-intel os=-mon960 ;; nonstopux) basic_machine=mips-compaq os=-nonstopux ;; np1) basic_machine=np1-gould ;; nsr-tandem) basic_machine=nsr-tandem ;; op50n-* | op60c-*) basic_machine=hppa1.1-oki os=-proelf ;; openrisc | openrisc-*) basic_machine=or32-unknown ;; os400) basic_machine=powerpc-ibm os=-os400 ;; OSE68000 | ose68000) basic_machine=m68000-ericsson os=-ose ;; os68k) basic_machine=m68k-none os=-os68k ;; pa-hitachi) basic_machine=hppa1.1-hitachi os=-hiuxwe2 ;; paragon) basic_machine=i860-intel os=-osf ;; parisc) basic_machine=hppa-unknown os=-linux ;; parisc-*) basic_machine=hppa-`echo $basic_machine | sed 's/^[^-]*-//'` os=-linux ;; pbd) basic_machine=sparc-tti ;; pbb) basic_machine=m68k-tti ;; pc532 | pc532-*) basic_machine=ns32k-pc532 ;; pc98) basic_machine=i386-pc ;; pc98-*) basic_machine=i386-`echo $basic_machine | sed 's/^[^-]*-//'` ;; pentium | p5 | k5 | k6 | nexgen | viac3) basic_machine=i586-pc ;; pentiumpro | p6 | 6x86 | athlon | athlon_*) basic_machine=i686-pc ;; pentiumii | pentium2 | pentiumiii | pentium3) basic_machine=i686-pc ;; pentium4) basic_machine=i786-pc ;; pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*) basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'` ;; pentiumpro-* | p6-* | 6x86-* | athlon-*) basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` ;; pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*) basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` ;; pentium4-*) basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'` ;; pn) basic_machine=pn-gould ;; power) basic_machine=power-ibm ;; ppc) basic_machine=powerpc-unknown ;; ppc-*) basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'` ;; ppcle | powerpclittle | ppc-le | powerpc-little) basic_machine=powerpcle-unknown ;; ppcle-* | powerpclittle-*) basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'` ;; ppc64) basic_machine=powerpc64-unknown ;; ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'` ;; ppc64le | powerpc64little | ppc64-le | powerpc64-little) basic_machine=powerpc64le-unknown ;; ppc64le-* | powerpc64little-*) basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'` ;; ps2) basic_machine=i386-ibm ;; pw32) basic_machine=i586-unknown os=-pw32 ;; rdos) basic_machine=i386-pc os=-rdos ;; rom68k) basic_machine=m68k-rom68k os=-coff ;; rm[46]00) basic_machine=mips-siemens ;; rtpc | rtpc-*) basic_machine=romp-ibm ;; s390 | s390-*) basic_machine=s390-ibm ;; s390x | s390x-*) basic_machine=s390x-ibm ;; sa29200) basic_machine=a29k-amd os=-udi ;; sb1) basic_machine=mipsisa64sb1-unknown ;; sb1el) basic_machine=mipsisa64sb1el-unknown ;; sde) basic_machine=mipsisa32-sde os=-elf ;; sei) basic_machine=mips-sei os=-seiux ;; sequent) basic_machine=i386-sequent ;; sh) basic_machine=sh-hitachi os=-hms ;; sh5el) basic_machine=sh5le-unknown ;; sh64) basic_machine=sh64-unknown ;; sparclite-wrs | simso-wrs) basic_machine=sparclite-wrs os=-vxworks ;; sps7) basic_machine=m68k-bull os=-sysv2 ;; spur) basic_machine=spur-unknown ;; st2000) basic_machine=m68k-tandem ;; stratus) basic_machine=i860-stratus os=-sysv4 ;; sun2) basic_machine=m68000-sun ;; sun2os3) basic_machine=m68000-sun os=-sunos3 ;; sun2os4) basic_machine=m68000-sun os=-sunos4 ;; sun3os3) basic_machine=m68k-sun os=-sunos3 ;; sun3os4) basic_machine=m68k-sun os=-sunos4 ;; sun4os3) basic_machine=sparc-sun os=-sunos3 ;; sun4os4) basic_machine=sparc-sun os=-sunos4 ;; sun4sol2) basic_machine=sparc-sun os=-solaris2 ;; sun3 | sun3-*) basic_machine=m68k-sun ;; sun4) basic_machine=sparc-sun ;; sun386 | sun386i | roadrunner) basic_machine=i386-sun ;; sv1) basic_machine=sv1-cray os=-unicos ;; symmetry) basic_machine=i386-sequent os=-dynix ;; t3e) basic_machine=alphaev5-cray os=-unicos ;; t90) basic_machine=t90-cray os=-unicos ;; tic54x | c54x*) basic_machine=tic54x-unknown os=-coff ;; tic55x | c55x*) basic_machine=tic55x-unknown os=-coff ;; tic6x | c6x*) basic_machine=tic6x-unknown os=-coff ;; tile*) basic_machine=tile-unknown os=-linux-gnu ;; tx39) basic_machine=mipstx39-unknown ;; tx39el) basic_machine=mipstx39el-unknown ;; toad1) basic_machine=pdp10-xkl os=-tops20 ;; tower | tower-32) basic_machine=m68k-ncr ;; tpf) basic_machine=s390x-ibm os=-tpf ;; udi29k) basic_machine=a29k-amd os=-udi ;; ultra3) basic_machine=a29k-nyu os=-sym1 ;; v810 | necv810) basic_machine=v810-nec os=-none ;; vaxv) basic_machine=vax-dec os=-sysv ;; vms) basic_machine=vax-dec os=-vms ;; vpp*|vx|vx-*) basic_machine=f301-fujitsu ;; vxworks960) basic_machine=i960-wrs os=-vxworks ;; vxworks68) basic_machine=m68k-wrs os=-vxworks ;; vxworks29k) basic_machine=a29k-wrs os=-vxworks ;; w65*) basic_machine=w65-wdc os=-none ;; w89k-*) basic_machine=hppa1.1-winbond os=-proelf ;; xbox) basic_machine=i686-pc os=-mingw32 ;; xps | xps100) basic_machine=xps100-honeywell ;; ymp) basic_machine=ymp-cray os=-unicos ;; z8k-*-coff) basic_machine=z8k-unknown os=-sim ;; z80-*-coff) basic_machine=z80-unknown os=-sim ;; none) basic_machine=none-none os=-none ;; # Here we handle the default manufacturer of certain CPU types. It is in # some cases the only manufacturer, in others, it is the most popular. w89k) basic_machine=hppa1.1-winbond ;; op50n) basic_machine=hppa1.1-oki ;; op60c) basic_machine=hppa1.1-oki ;; romp) basic_machine=romp-ibm ;; mmix) basic_machine=mmix-knuth ;; rs6000) basic_machine=rs6000-ibm ;; vax) basic_machine=vax-dec ;; pdp10) # there are many clones, so DEC is not a safe bet basic_machine=pdp10-unknown ;; pdp11) basic_machine=pdp11-dec ;; we32k) basic_machine=we32k-att ;; sh[1234] | sh[24]a | sh[24]aeb | sh[34]eb | sh[1234]le | sh[23]ele) basic_machine=sh-unknown ;; sparc | sparcv8 | sparcv9 | sparcv9b | sparcv9v) basic_machine=sparc-sun ;; cydra) basic_machine=cydra-cydrome ;; orion) basic_machine=orion-highlevel ;; orion105) basic_machine=clipper-highlevel ;; mac | mpw | mac-mpw) basic_machine=m68k-apple ;; pmac | pmac-mpw) basic_machine=powerpc-apple ;; *-unknown) # Make sure to match an already-canonicalized machine name. ;; *) echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 exit 1 ;; esac # Here we canonicalize certain aliases for manufacturers. case $basic_machine in *-digital*) basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'` ;; *-commodore*) basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'` ;; *) ;; esac # Decode manufacturer-specific aliases for certain operating systems. if [ x"$os" != x"" ] then case $os in # First match some system type aliases # that might get confused with valid system types. # -solaris* is a basic system type, with this one exception. -auroraux) os=-auroraux ;; -solaris1 | -solaris1.*) os=`echo $os | sed -e 's|solaris1|sunos4|'` ;; -solaris) os=-solaris2 ;; -svr4*) os=-sysv4 ;; -unixware*) os=-sysv4.2uw ;; -gnu/linux*) os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'` ;; # First accept the basic system types. # The portable systems comes first. # Each alternative MUST END IN A *, to match a version number. # -sysv* is not here because it comes later, after sysvr4. -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \ | -*vms* | -sco* | -esix* | -isc* | -aix* | -cnk* | -sunos | -sunos[34]*\ | -hpux* | -unos* | -osf* | -luna* | -dgux* | -auroraux* | -solaris* \ | -sym* | -kopensolaris* \ | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \ | -aos* | -aros* \ | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \ | -openbsd* | -solidbsd* \ | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \ | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ | -chorusos* | -chorusrdb* | -cegcc* \ | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ | -mingw32* | -linux-gnu* | -linux-newlib* | -linux-uclibc* \ | -uxpv* | -beos* | -mpeix* | -udk* \ | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \ | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \ | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \ | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \ | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \ | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es*) # Remember, each alternative MUST END IN *, to match a version number. ;; -qnx*) case $basic_machine in x86-* | i*86-*) ;; *) os=-nto$os ;; esac ;; -nto-qnx*) ;; -nto*) os=`echo $os | sed -e 's|nto|nto-qnx|'` ;; -sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \ | -windows* | -osx | -abug | -netware* | -os9* | -beos* | -haiku* \ | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*) ;; -mac*) os=`echo $os | sed -e 's|mac|macos|'` ;; -linux-dietlibc) os=-linux-dietlibc ;; -linux*) os=`echo $os | sed -e 's|linux|linux-gnu|'` ;; -sunos5*) os=`echo $os | sed -e 's|sunos5|solaris2|'` ;; -sunos6*) os=`echo $os | sed -e 's|sunos6|solaris3|'` ;; -opened*) os=-openedition ;; -os400*) os=-os400 ;; -wince*) os=-wince ;; -osfrose*) os=-osfrose ;; -osf*) os=-osf ;; -utek*) os=-bsd ;; -dynix*) os=-bsd ;; -acis*) os=-aos ;; -atheos*) os=-atheos ;; -syllable*) os=-syllable ;; -386bsd) os=-bsd ;; -ctix* | -uts*) os=-sysv ;; -nova*) os=-rtmk-nova ;; -ns2 ) os=-nextstep2 ;; -nsk*) os=-nsk ;; # Preserve the version number of sinix5. -sinix5.*) os=`echo $os | sed -e 's|sinix|sysv|'` ;; -sinix*) os=-sysv4 ;; -tpf*) os=-tpf ;; -triton*) os=-sysv3 ;; -oss*) os=-sysv3 ;; -svr4) os=-sysv4 ;; -svr3) os=-sysv3 ;; -sysvr4) os=-sysv4 ;; # This must come after -sysvr4. -sysv*) ;; -ose*) os=-ose ;; -es1800*) os=-ose ;; -xenix) os=-xenix ;; -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) os=-mint ;; -aros*) os=-aros ;; -kaos*) os=-kaos ;; -zvmoe) os=-zvmoe ;; -dicos*) os=-dicos ;; -none) ;; *) # Get rid of the `-' at the beginning of $os. os=`echo $os | sed 's/[^-]*-//'` echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2 exit 1 ;; esac else # Here we handle the default operating systems that come with various machines. # The value should be what the vendor currently ships out the door with their # machine or put another way, the most popular os provided with the machine. # Note that if you're going to try to match "-MANUFACTURER" here (say, # "-sun"), then you have to tell the case statement up towards the top # that MANUFACTURER isn't an operating system. Otherwise, code above # will signal an error saying that MANUFACTURER isn't an operating # system, and we'll never get to this point. case $basic_machine in score-*) os=-elf ;; spu-*) os=-elf ;; *-acorn) os=-riscix1.2 ;; arm*-rebel) os=-linux ;; arm*-semi) os=-aout ;; c4x-* | tic4x-*) os=-coff ;; # This must come before the *-dec entry. pdp10-*) os=-tops20 ;; pdp11-*) os=-none ;; *-dec | vax-*) os=-ultrix4.2 ;; m68*-apollo) os=-domain ;; i386-sun) os=-sunos4.0.2 ;; m68000-sun) os=-sunos3 # This also exists in the configure program, but was not the # default. # os=-sunos4 ;; m68*-cisco) os=-aout ;; mep-*) os=-elf ;; mips*-cisco) os=-elf ;; mips*-*) os=-elf ;; or32-*) os=-coff ;; *-tti) # must be before sparc entry or we get the wrong os. os=-sysv3 ;; sparc-* | *-sun) os=-sunos4.1.1 ;; *-be) os=-beos ;; *-haiku) os=-haiku ;; *-ibm) os=-aix ;; *-knuth) os=-mmixware ;; *-wec) os=-proelf ;; *-winbond) os=-proelf ;; *-oki) os=-proelf ;; *-hp) os=-hpux ;; *-hitachi) os=-hiux ;; i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent) os=-sysv ;; *-cbm) os=-amigaos ;; *-dg) os=-dgux ;; *-dolphin) os=-sysv3 ;; m68k-ccur) os=-rtu ;; m88k-omron*) os=-luna ;; *-next ) os=-nextstep ;; *-sequent) os=-ptx ;; *-crds) os=-unos ;; *-ns) os=-genix ;; i370-*) os=-mvs ;; *-next) os=-nextstep3 ;; *-gould) os=-sysv ;; *-highlevel) os=-bsd ;; *-encore) os=-bsd ;; *-sgi) os=-irix ;; *-siemens) os=-sysv4 ;; *-masscomp) os=-rtu ;; f30[01]-fujitsu | f700-fujitsu) os=-uxpv ;; *-rom68k) os=-coff ;; *-*bug) os=-coff ;; *-apple) os=-macos ;; *-atari*) os=-mint ;; *) os=-none ;; esac fi # Here we handle the case where we know the os, and the CPU type, but not the # manufacturer. We pick the logical manufacturer. vendor=unknown case $basic_machine in *-unknown) case $os in -riscix*) vendor=acorn ;; -sunos*) vendor=sun ;; -cnk*|-aix*) vendor=ibm ;; -beos*) vendor=be ;; -hpux*) vendor=hp ;; -mpeix*) vendor=hp ;; -hiux*) vendor=hitachi ;; -unos*) vendor=crds ;; -dgux*) vendor=dg ;; -luna*) vendor=omron ;; -genix*) vendor=ns ;; -mvs* | -opened*) vendor=ibm ;; -os400*) vendor=ibm ;; -ptx*) vendor=sequent ;; -tpf*) vendor=ibm ;; -vxsim* | -vxworks* | -windiss*) vendor=wrs ;; -aux*) vendor=apple ;; -hms*) vendor=hitachi ;; -mpw* | -macos*) vendor=apple ;; -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) vendor=atari ;; -vos*) vendor=stratus ;; esac basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"` ;; esac echo $basic_machine$os exit # Local variables: # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "timestamp='" # time-stamp-format: "%:y-%02m-%02d" # time-stamp-end: "'" # End: mech_eap-0.9.2/mech_eap/unwrap_iov.c0000644001755200017500000004347312406014472014324 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * Copyright 2008 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright * notice appear in all copies and that both that copyright notice and * this permission notice appear in supporting documentation, and that * the name of M.I.T. not be used in advertising or publicity pertaining * to distribution of the software without specific, written prior * permission. Furthermore if you modify this software you must label * your software as modified software and not distribute it in such a * fashion that it might be confused with the original M.I.T. software. * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. */ /* * Message protection services: unwrap with scatter-gather API. */ #include "gssapiP_eap.h" /* * Caller must provide TOKEN | DATA | PADDING | TRAILER, except * for DCE in which case it can just provide TOKEN | DATA (must * guarantee that DATA is padded) */ OM_uint32 unwrapToken(OM_uint32 *minor, gss_ctx_id_t ctx, #ifdef HAVE_HEIMDAL_VERSION krb5_crypto krbCrypto, #else krb5_keyblock *unused GSSEAP_UNUSED, #endif int *conf_state, gss_qop_t *qop_state, gss_iov_buffer_desc *iov, int iov_count, enum gss_eap_token_type toktype) { OM_uint32 major = GSS_S_FAILURE, code; gss_iov_buffer_t header; gss_iov_buffer_t padding; gss_iov_buffer_t trailer; unsigned char flags; unsigned char *ptr = NULL; int keyUsage; size_t rrc, ec; size_t dataLen, assocDataLen; uint64_t seqnum; int valid = 0; int conf_flag = 0; krb5_context krbContext; #ifdef HAVE_HEIMDAL_VERSION int freeCrypto = (krbCrypto == NULL); #endif GSSEAP_KRB_INIT(&krbContext); *minor = 0; if (qop_state != NULL) *qop_state = GSS_C_QOP_DEFAULT; header = gssEapLocateIov(iov, iov_count, GSS_IOV_BUFFER_TYPE_HEADER); GSSEAP_ASSERT(header != NULL); padding = gssEapLocateIov(iov, iov_count, GSS_IOV_BUFFER_TYPE_PADDING); if (padding != NULL && padding->buffer.length != 0) { code = GSSEAP_BAD_PADDING_IOV; major = GSS_S_DEFECTIVE_TOKEN; goto cleanup; } trailer = gssEapLocateIov(iov, iov_count, GSS_IOV_BUFFER_TYPE_TRAILER); flags = rfc4121Flags(ctx, TRUE); if (toktype == TOK_TYPE_WRAP) { keyUsage = !CTX_IS_INITIATOR(ctx) ? KEY_USAGE_INITIATOR_SEAL : KEY_USAGE_ACCEPTOR_SEAL; } else { keyUsage = !CTX_IS_INITIATOR(ctx) ? KEY_USAGE_INITIATOR_SIGN : KEY_USAGE_ACCEPTOR_SIGN; } gssEapIovMessageLength(iov, iov_count, &dataLen, &assocDataLen); ptr = (unsigned char *)header->buffer.value; if (header->buffer.length < 16) { code = GSSEAP_TOK_TRUNC; major = GSS_S_DEFECTIVE_TOKEN; goto cleanup; } if ((ptr[2] & flags) != flags) { code = GSSEAP_BAD_DIRECTION; major = GSS_S_BAD_SIG; goto cleanup; } #ifdef HAVE_HEIMDAL_VERSION if (krbCrypto == NULL) { code = krb5_crypto_init(krbContext, &ctx->rfc3961Key, ETYPE_NULL, &krbCrypto); if (code != 0) goto cleanup; } #endif if (toktype == TOK_TYPE_WRAP) { size_t krbTrailerLen; if (load_uint16_be(ptr) != TOK_TYPE_WRAP) goto defective; conf_flag = ((ptr[2] & TOK_FLAG_WRAP_CONFIDENTIAL) != 0); if (ptr[3] != 0xFF) goto defective; ec = load_uint16_be(ptr + 4); rrc = load_uint16_be(ptr + 6); seqnum = load_uint64_be(ptr + 8); code = krbCryptoLength(krbContext, KRB_CRYPTO_CONTEXT(ctx), conf_flag ? KRB5_CRYPTO_TYPE_TRAILER : KRB5_CRYPTO_TYPE_CHECKSUM, &krbTrailerLen); if (code != 0) goto cleanup; /* Deal with RRC */ if (trailer == NULL) { size_t desired_rrc = krbTrailerLen; if (conf_flag) { desired_rrc += 16; /* E(Header) */ if ((ctx->gssFlags & GSS_C_DCE_STYLE) == 0) desired_rrc += ec; } /* According to MS, we only need to deal with a fixed RRC for DCE */ if (rrc != desired_rrc) goto defective; } else if (rrc != 0) { goto defective; } if (conf_flag) { unsigned char *althdr; /* Decrypt */ code = gssEapDecrypt(krbContext, ((ctx->gssFlags & GSS_C_DCE_STYLE) != 0), ec, rrc, KRB_CRYPTO_CONTEXT(ctx), keyUsage, iov, iov_count); if (code != 0) { major = GSS_S_BAD_SIG; goto cleanup; } /* Validate header integrity */ if (trailer == NULL) althdr = (unsigned char *)header->buffer.value + 16 + ec; else althdr = (unsigned char *)trailer->buffer.value + ec; if (load_uint16_be(althdr) != TOK_TYPE_WRAP || althdr[2] != ptr[2] || althdr[3] != ptr[3] || memcmp(althdr + 8, ptr + 8, 8) != 0) { code = GSSEAP_BAD_WRAP_TOKEN; major = GSS_S_BAD_SIG; goto cleanup; } } else { /* Verify checksum: note EC is checksum size here, not padding */ if (ec != krbTrailerLen) goto defective; /* Zero EC, RRC before computing checksum */ store_uint16_be(0, ptr + 4); store_uint16_be(0, ptr + 6); code = gssEapVerify(krbContext, ctx->checksumType, rrc, KRB_CRYPTO_CONTEXT(ctx), keyUsage, iov, iov_count, &valid); if (code != 0 || valid == FALSE) { major = GSS_S_BAD_SIG; goto cleanup; } } major = sequenceCheck(&code, &ctx->seqState, seqnum); if (GSS_ERROR(major)) goto cleanup; } else if (toktype == TOK_TYPE_MIC) { if (load_uint16_be(ptr) != toktype) goto defective; verify_mic_1: if (ptr[3] != 0xFF) goto defective; seqnum = load_uint64_be(ptr + 8); /* * Although MIC tokens don't have a RRC, they are similarly * composed of a header and a checksum. So the verify_mic() * can be implemented with a single header buffer, fake the * RRC to the putative trailer length if no trailer buffer. */ code = gssEapVerify(krbContext, ctx->checksumType, trailer != NULL ? 0 : header->buffer.length - 16, KRB_CRYPTO_CONTEXT(ctx), keyUsage, iov, iov_count, &valid); if (code != 0 || valid == FALSE) { major = GSS_S_BAD_SIG; goto cleanup; } major = sequenceCheck(&code, &ctx->seqState, seqnum); if (GSS_ERROR(major)) goto cleanup; } else if (toktype == TOK_TYPE_DELETE_CONTEXT) { if (load_uint16_be(ptr) != TOK_TYPE_DELETE_CONTEXT) goto defective; goto verify_mic_1; } else { goto defective; } if (conf_state != NULL) *conf_state = conf_flag; code = 0; major = GSS_S_COMPLETE; goto cleanup; defective: code = GSSEAP_BAD_WRAP_TOKEN; major = GSS_S_DEFECTIVE_TOKEN; cleanup: *minor = code; #ifdef HAVE_HEIMDAL_VERSION if (freeCrypto && krbCrypto != NULL) krb5_crypto_destroy(krbContext, krbCrypto); #endif return major; } int rotateLeft(void *ptr, size_t bufsiz, size_t rc) { void *tbuf; if (bufsiz == 0) return 0; rc = rc % bufsiz; if (rc == 0) return 0; tbuf = GSSEAP_MALLOC(rc); if (tbuf == NULL) return ENOMEM; memcpy(tbuf, ptr, rc); memmove(ptr, (char *)ptr + rc, bufsiz - rc); memcpy((char *)ptr + bufsiz - rc, tbuf, rc); GSSEAP_FREE(tbuf); return 0; } /* * Split a STREAM | SIGN_DATA | DATA into * HEADER | SIGN_DATA | DATA | PADDING | TRAILER */ static OM_uint32 unwrapStream(OM_uint32 *minor, gss_ctx_id_t ctx, int *conf_state, gss_qop_t *qop_state, gss_iov_buffer_desc *iov, int iov_count, enum gss_eap_token_type toktype) { unsigned char *ptr; OM_uint32 code = 0, major = GSS_S_FAILURE; krb5_context krbContext; int conf_req_flag; int i = 0, j; gss_iov_buffer_desc *tiov = NULL; gss_iov_buffer_t stream, data = NULL; gss_iov_buffer_t theader, tdata = NULL, tpadding, ttrailer; #ifdef HAVE_HEIMDAL_VERSION krb5_crypto krbCrypto = NULL; #endif GSSEAP_KRB_INIT(&krbContext); GSSEAP_ASSERT(toktype == TOK_TYPE_WRAP); if (toktype != TOK_TYPE_WRAP) { code = GSSEAP_WRONG_TOK_ID; goto cleanup; } stream = gssEapLocateIov(iov, iov_count, GSS_IOV_BUFFER_TYPE_STREAM); GSSEAP_ASSERT(stream != NULL); if (stream->buffer.length < 16) { major = GSS_S_DEFECTIVE_TOKEN; goto cleanup; } ptr = (unsigned char *)stream->buffer.value; ptr += 2; /* skip token type */ tiov = (gss_iov_buffer_desc *)GSSEAP_CALLOC((size_t)iov_count + 2, sizeof(gss_iov_buffer_desc)); if (tiov == NULL) { code = ENOMEM; goto cleanup; } /* HEADER */ theader = &tiov[i++]; theader->type = GSS_IOV_BUFFER_TYPE_HEADER; theader->buffer.value = stream->buffer.value; theader->buffer.length = 16; /* n[SIGN_DATA] | DATA | m[SIGN_DATA] */ for (j = 0; j < iov_count; j++) { OM_uint32 type = GSS_IOV_BUFFER_TYPE(iov[j].type); if (type == GSS_IOV_BUFFER_TYPE_DATA) { if (data != NULL) { /* only a single DATA buffer can appear */ code = GSSEAP_BAD_STREAM_IOV; goto cleanup; } data = &iov[j]; tdata = &tiov[i]; } if (type == GSS_IOV_BUFFER_TYPE_DATA || type == GSS_IOV_BUFFER_TYPE_SIGN_ONLY) tiov[i++] = iov[j]; } if (data == NULL) { /* a single DATA buffer must be present */ code = GSSEAP_BAD_STREAM_IOV; goto cleanup; } /* PADDING | TRAILER */ tpadding = &tiov[i++]; tpadding->type = GSS_IOV_BUFFER_TYPE_PADDING; tpadding->buffer.length = 0; tpadding->buffer.value = NULL; ttrailer = &tiov[i++]; ttrailer->type = GSS_IOV_BUFFER_TYPE_TRAILER; #ifdef HAVE_HEIMDAL_VERSION code = krb5_crypto_init(krbContext, &ctx->rfc3961Key, ETYPE_NULL, &krbCrypto); if (code != 0) goto cleanup; #endif { size_t ec, rrc; size_t krbHeaderLen = 0; size_t krbTrailerLen = 0; conf_req_flag = ((ptr[0] & TOK_FLAG_WRAP_CONFIDENTIAL) != 0); ec = conf_req_flag ? load_uint16_be(ptr + 2) : 0; rrc = load_uint16_be(ptr + 4); if (rrc != 0) { code = rotateLeft((unsigned char *)stream->buffer.value + 16, stream->buffer.length - 16, rrc); if (code != 0) goto cleanup; store_uint16_be(0, ptr + 4); /* set RRC to zero */ } if (conf_req_flag) { code = krbCryptoLength(krbContext, KRB_CRYPTO_CONTEXT(ctx), KRB5_CRYPTO_TYPE_HEADER, &krbHeaderLen); if (code != 0) goto cleanup; theader->buffer.length += krbHeaderLen; /* length validated later */ } /* no PADDING for CFX, EC is used instead */ code = krbCryptoLength(krbContext, KRB_CRYPTO_CONTEXT(ctx), conf_req_flag ? KRB5_CRYPTO_TYPE_TRAILER : KRB5_CRYPTO_TYPE_CHECKSUM, &krbTrailerLen); if (code != 0) goto cleanup; ttrailer->buffer.length = ec + (conf_req_flag ? 16 : 0 /* E(Header) */) + krbTrailerLen; ttrailer->buffer.value = (unsigned char *)stream->buffer.value + stream->buffer.length - ttrailer->buffer.length; } /* IOV: -----------0-------------+---1---+--2--+----------------3--------------*/ /* CFX: GSS-Header | Kerb-Header | Data | | EC | E(Header) | Kerb-Trailer */ /* GSS: -------GSS-HEADER--------+-DATA--+-PAD-+----------GSS-TRAILER----------*/ /* validate lengths */ if (stream->buffer.length < theader->buffer.length + tpadding->buffer.length + ttrailer->buffer.length) { major = GSS_S_DEFECTIVE_TOKEN; code = GSSEAP_TOK_TRUNC; goto cleanup; } /* setup data */ tdata->buffer.length = stream->buffer.length - ttrailer->buffer.length - tpadding->buffer.length - theader->buffer.length; GSSEAP_ASSERT(data != NULL); if (data->type & GSS_IOV_BUFFER_FLAG_ALLOCATE) { code = gssEapAllocIov(tdata, tdata->buffer.length); if (code != 0) goto cleanup; memcpy(tdata->buffer.value, (unsigned char *)stream->buffer.value + theader->buffer.length, tdata->buffer.length); } else { tdata->buffer.value = (unsigned char *)stream->buffer.value + theader->buffer.length; } GSSEAP_ASSERT(i <= iov_count + 2); major = unwrapToken(&code, ctx, KRB_CRYPTO_CONTEXT(ctx), conf_state, qop_state, tiov, i, toktype); if (major == GSS_S_COMPLETE) { *data = *tdata; } else if (tdata->type & GSS_IOV_BUFFER_FLAG_ALLOCATED) { OM_uint32 tmp; gss_release_buffer(&tmp, &tdata->buffer); tdata->type &= ~(GSS_IOV_BUFFER_FLAG_ALLOCATED); } cleanup: if (tiov != NULL) GSSEAP_FREE(tiov); #ifdef HAVE_HEIMDAL_VERSION if (krbCrypto != NULL) krb5_crypto_destroy(krbContext, krbCrypto); #endif *minor = code; return major; } OM_uint32 gssEapUnwrapOrVerifyMIC(OM_uint32 *minor, gss_ctx_id_t ctx, int *conf_state, gss_qop_t *qop_state, gss_iov_buffer_desc *iov, int iov_count, enum gss_eap_token_type toktype) { OM_uint32 major; if (ctx->encryptionType == ENCTYPE_NULL) { *minor = GSSEAP_KEY_UNAVAILABLE; return GSS_S_UNAVAILABLE; } if (gssEapLocateIov(iov, iov_count, GSS_IOV_BUFFER_TYPE_STREAM) != NULL) { major = unwrapStream(minor, ctx, conf_state, qop_state, iov, iov_count, toktype); } else { major = unwrapToken(minor, ctx, NULL, /* krbCrypto */ conf_state, qop_state, iov, iov_count, toktype); } return major; } OM_uint32 GSSAPI_CALLCONV gss_unwrap_iov(OM_uint32 *minor, gss_ctx_id_t ctx, int *conf_state, gss_qop_t *qop_state, gss_iov_buffer_desc *iov, int iov_count) { OM_uint32 major; if (ctx == GSS_C_NO_CONTEXT) { *minor = EINVAL; return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CONTEXT; } *minor = 0; GSSEAP_MUTEX_LOCK(&ctx->mutex); if (!CTX_IS_ESTABLISHED(ctx)) { major = GSS_S_NO_CONTEXT; *minor = GSSEAP_CONTEXT_INCOMPLETE; goto cleanup; } major = gssEapUnwrapOrVerifyMIC(minor, ctx, conf_state, qop_state, iov, iov_count, TOK_TYPE_WRAP); if (GSS_ERROR(major)) goto cleanup; cleanup: GSSEAP_MUTEX_UNLOCK(&ctx->mutex); return major; } mech_eap-0.9.2/mech_eap/authorize_localname.c0000644001755200017500000000427112406014472016151 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * Local authorization services. */ #include "gssapiP_eap.h" OM_uint32 GSSAPI_CALLCONV gssspi_authorize_localname(OM_uint32 *minor, const gss_name_t name GSSEAP_UNUSED, gss_const_buffer_t local_user GSSEAP_UNUSED, gss_const_OID local_nametype GSSEAP_UNUSED) { /* * The MIT mechglue will fallback to comparing names in the absence * of a mechanism implementation of gss_userok. To avoid this and * force the mechglue to use attribute-based authorization, always * return access denied here. */ *minor = 0; return GSS_S_UNAUTHORIZED; } mech_eap-0.9.2/mech_eap/add_cred.c0000644001755200017500000000614012406014472013646 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * Wrapper for acquiring a credential handle. */ #include "gssapiP_eap.h" /* * Note that this shouldn't really be required to be implemented by anything * apart from the mechanism glue layer. However, Heimdal does call into the * mechanism here. */ OM_uint32 GSSAPI_CALLCONV gss_add_cred(OM_uint32 *minor, gss_cred_id_t input_cred_handle GSSEAP_UNUSED, gss_name_t desired_name, gss_OID desired_mech, gss_cred_usage_t cred_usage, OM_uint32 initiator_time_req, OM_uint32 acceptor_time_req, gss_cred_id_t *output_cred_handle, gss_OID_set *actual_mechs, OM_uint32 *initiator_time_rec, OM_uint32 *acceptor_time_rec) { OM_uint32 major; OM_uint32 time_req, time_rec = 0; gss_OID_set_desc mechs; *minor = 0; *output_cred_handle = GSS_C_NO_CREDENTIAL; if (cred_usage == GSS_C_ACCEPT) time_req = acceptor_time_req; else time_req = initiator_time_req; mechs.count = 1; mechs.elements = desired_mech; major = gssEapAcquireCred(minor, desired_name, time_req, &mechs, cred_usage, output_cred_handle, actual_mechs, &time_rec); if (initiator_time_rec != NULL) *initiator_time_rec = time_rec; if (acceptor_time_rec != NULL) *acceptor_time_rec = time_rec; return major; } mech_eap-0.9.2/mech_eap/inquire_mechs_for_name.c0000644001755200017500000000501312406014472016620 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * Determine mechanism OIDs supported by name. */ #include "gssapiP_eap.h" OM_uint32 GSSAPI_CALLCONV gss_inquire_mechs_for_name(OM_uint32 *minor, const gss_name_t input_name, gss_OID_set *mech_types) { OM_uint32 major, tmpMinor; *minor = 0; *mech_types = GSS_C_NO_OID_SET; if (input_name != GSS_C_NO_NAME && input_name->mechanismUsed != GSS_C_NO_OID) { major = gss_create_empty_oid_set(minor, mech_types); if (GSS_ERROR(major)) return major; major = gss_add_oid_set_member(minor, input_name->mechanismUsed, mech_types); if (GSS_ERROR(major)) { gss_release_oid_set(&tmpMinor, mech_types); return major; } } else { major = gssEapIndicateMechs(minor, mech_types); if (GSS_ERROR(major)) return major; } return major; } mech_eap-0.9.2/mech_eap/eap_mech.c0000644001755200017500000001167512406014472013673 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * Initialisation and finalise functions. */ #include "gssapiP_eap.h" static OM_uint32 eapPeerRegisterMethods(OM_uint32 *minor) { OM_uint32 ret = 0; #ifdef EAP_MD5 if (ret == 0) ret = eap_peer_md5_register(); #endif /* EAP_MD5 */ #ifdef EAP_TLS if (ret == 0) ret = eap_peer_tls_register(); #endif /* EAP_TLS */ #ifdef EAP_MSCHAPv2 if (ret == 0) ret = eap_peer_mschapv2_register(); #endif /* EAP_MSCHAPv2 */ #ifdef EAP_PEAP if (ret == 0) ret = eap_peer_peap_register(); #endif /* EAP_PEAP */ #ifdef EAP_TTLS if (ret == 0) ret = eap_peer_ttls_register(); #endif /* EAP_TTLS */ #ifdef EAP_GTC if (ret == 0) ret = eap_peer_gtc_register(); #endif /* EAP_GTC */ #ifdef EAP_OTP if (ret == 0) ret = eap_peer_otp_register(); #endif /* EAP_OTP */ #ifdef EAP_SIM if (ret == 0) ret = eap_peer_sim_register(); #endif /* EAP_SIM */ #ifdef EAP_LEAP if (ret == 0) ret = eap_peer_leap_register(); #endif /* EAP_LEAP */ #ifdef EAP_PSK if (ret == 0) ret = eap_peer_psk_register(); #endif /* EAP_PSK */ #ifdef EAP_AKA if (ret == 0) ret = eap_peer_aka_register(); #endif /* EAP_AKA */ #ifdef EAP_AKA_PRIME if (ret == 0) ret = eap_peer_aka_prime_register(); #endif /* EAP_AKA_PRIME */ #ifdef EAP_FAST if (ret == 0) ret = eap_peer_fast_register(); #endif /* EAP_FAST */ #ifdef EAP_PAX if (ret == 0) ret = eap_peer_pax_register(); #endif /* EAP_PAX */ #ifdef EAP_SAKE if (ret == 0) ret = eap_peer_sake_register(); #endif /* EAP_SAKE */ #ifdef EAP_GPSK if (ret == 0) ret = eap_peer_gpsk_register(); #endif /* EAP_GPSK */ #ifdef EAP_WSC if (ret == 0) ret = eap_peer_wsc_register(); #endif /* EAP_WSC */ #ifdef EAP_IKEV2 if (ret == 0) ret = eap_peer_ikev2_register(); #endif /* EAP_IKEV2 */ #ifdef EAP_VENDOR_TEST if (ret == 0) ret = eap_peer_vendor_test_register(); #endif /* EAP_VENDOR_TEST */ #ifdef EAP_TNC if (ret == 0) ret = eap_peer_tnc_register(); #endif /* EAP_TNC */ if (ret == 0) return GSS_S_COMPLETE; *minor = GSSEAP_LIBEAP_INIT_FAILURE; return GSS_S_FAILURE; } static OM_uint32 gssEapInitLibEap(OM_uint32 *minor) { return eapPeerRegisterMethods(minor); } static OM_uint32 gssEapInitLibRadsec(OM_uint32 *minor) { if (0) { *minor = GSSEAP_RADSEC_INIT_FAILURE; return GSS_S_FAILURE; } return GSS_S_COMPLETE; } void gssEapFinalize(void) GSSEAP_DESTRUCTOR; OM_uint32 gssEapInitiatorInit(OM_uint32 *minor) { OM_uint32 major; initialize_eapg_error_table(); initialize_rse_error_table(); major = gssEapInitLibEap(minor); if (GSS_ERROR(major)) return major; major = gssEapInitLibRadsec(minor); if (GSS_ERROR(major)) return major; #ifdef GSSEAP_ENABLE_REAUTH major = gssEapReauthInitialize(minor); if (GSS_ERROR(major)) return major; #endif *minor = 0; return GSS_S_COMPLETE; } void gssEapFinalize(void) { #ifdef GSSEAP_ENABLE_ACCEPTOR OM_uint32 minor; gssEapAttrProvidersFinalize(&minor); #endif eap_peer_unregister_methods(); } #ifdef GSSEAP_CONSTRUCTOR static void gssEapInitiatorInitAssert(void) GSSEAP_CONSTRUCTOR; static void gssEapInitiatorInitAssert(void) { OM_uint32 major, minor; major = gssEapInitiatorInit(&minor); GSSEAP_ASSERT(!GSS_ERROR(major)); } #endif mech_eap-0.9.2/mech_eap/duplicate_name.c0000644001755200017500000000412212406014472015071 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * Duplicate a name. */ #include "gssapiP_eap.h" OM_uint32 GSSAPI_CALLCONV gss_duplicate_name(OM_uint32 *minor, const gss_name_t input_name, gss_name_t *dest_name) { OM_uint32 major; *minor = 0; if (input_name == GSS_C_NO_NAME) { *minor = EINVAL; return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_BAD_NAME; } GSSEAP_MUTEX_LOCK(&input_name->mutex); major = gssEapDuplicateName(minor, input_name, dest_name); GSSEAP_MUTEX_UNLOCK(&input_name->mutex); return major; } mech_eap-0.9.2/mech_eap/inquire_name.c0000644001755200017500000000470212406014472014577 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * Enumerate name attributes. */ #include "gssapiP_eap.h" OM_uint32 GSSAPI_CALLCONV gss_inquire_name(OM_uint32 *minor, gss_name_t name, int *name_is_MN, gss_OID *MN_mech, gss_buffer_set_t *attrs) { OM_uint32 major, tmpMinor; *minor = 0; if (name_is_MN != NULL) *name_is_MN = 0; if (MN_mech != NULL) *MN_mech = GSS_C_NO_OID; if (attrs != NULL) *attrs = GSS_C_NO_BUFFER_SET; if (name == GSS_C_NO_NAME) { *minor = EINVAL; return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_BAD_NAME; } if (attrs == NULL) return GSS_S_COMPLETE; GSSEAP_MUTEX_LOCK(&name->mutex); major = gssEapInquireName(minor, name, name_is_MN, MN_mech, attrs); GSSEAP_MUTEX_UNLOCK(&name->mutex); if (GSS_ERROR(major)) gss_release_buffer_set(&tmpMinor, attrs); return major; } mech_eap-0.9.2/mech_eap/import_name.c0000644001755200017500000000364212406014472014437 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * Deserialise a name. */ #include "gssapiP_eap.h" OM_uint32 GSSAPI_CALLCONV gss_import_name(OM_uint32 *minor, gss_buffer_t import_name_buffer, gss_OID input_name_type, gss_name_t *output_name) { return gssEapImportName(minor, import_name_buffer, input_name_type, GSS_C_NO_OID, output_name); } mech_eap-0.9.2/mech_eap/set_cred_option.c0000644001755200017500000001513712406014472015307 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * Set an extended property on a credential handle. */ #include "gssapiP_eap.h" static OM_uint32 setCredRadiusConfigFile(OM_uint32 *minor, gss_cred_id_t cred, const gss_OID oid GSSEAP_UNUSED, const gss_buffer_t buffer) { OM_uint32 major, tmpMinor; gss_buffer_desc configFileBuffer = GSS_C_EMPTY_BUFFER; if (buffer != GSS_C_NO_BUFFER && buffer->length != 0) { major = duplicateBuffer(minor, buffer, &configFileBuffer); if (GSS_ERROR(major)) return major; } gss_release_buffer(&tmpMinor, &cred->radiusConfigFile); cred->radiusConfigFile = configFileBuffer; *minor = 0; return GSS_S_COMPLETE; } static OM_uint32 setCredRadiusConfigStanza(OM_uint32 *minor, gss_cred_id_t cred, const gss_OID oid GSSEAP_UNUSED, const gss_buffer_t buffer) { OM_uint32 major, tmpMinor; gss_buffer_desc configStanzaBuffer = GSS_C_EMPTY_BUFFER; if (buffer != GSS_C_NO_BUFFER && buffer->length != 0) { major = duplicateBuffer(minor, buffer, &configStanzaBuffer); if (GSS_ERROR(major)) return major; } gss_release_buffer(&tmpMinor, &cred->radiusConfigStanza); cred->radiusConfigStanza = configStanzaBuffer; *minor = 0; return GSS_S_COMPLETE; } static OM_uint32 setCredFlag(OM_uint32 *minor, gss_cred_id_t cred, const gss_OID oid GSSEAP_UNUSED, const gss_buffer_t buffer) { OM_uint32 flags; unsigned char *p; if (buffer == GSS_C_NO_BUFFER) { *minor = EINVAL; return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_FAILURE; } if (buffer->length < 4) { *minor = GSSEAP_WRONG_SIZE; return GSS_S_FAILURE; } p = (unsigned char *)buffer->value; flags = load_uint32_be(buffer->value) & CRED_FLAG_PUBLIC_MASK; if (buffer->length > 4 && p[4]) cred->flags &= ~(flags); else cred->flags |= flags; *minor = 0; return GSS_S_COMPLETE; } static OM_uint32 setCredPassword(OM_uint32 *minor, gss_cred_id_t cred, const gss_OID oid GSSEAP_UNUSED, const gss_buffer_t buffer) { return gssEapSetCredPassword(minor, cred, buffer); } static OM_uint32 setCredPrivateKey(OM_uint32 *minor, gss_cred_id_t cred, const gss_OID oid GSSEAP_UNUSED, const gss_buffer_t buffer) { return gssEapSetCredClientCertificate(minor, cred, GSS_C_NO_BUFFER, buffer); } static struct { gss_OID_desc oid; OM_uint32 (*setOption)(OM_uint32 *, gss_cred_id_t cred, const gss_OID, const gss_buffer_t); } setCredOps[] = { /* 1.3.6.1.4.1.5322.22.3.3.1 */ { { 11, "\x2B\x06\x01\x04\x01\xA9\x4A\x16\x03\x03\x01" }, setCredRadiusConfigFile, }, /* 1.3.6.1.4.1.5322.22.3.3.2 */ { { 11, "\x2B\x06\x01\x04\x01\xA9\x4A\x16\x03\x03\x02" }, setCredRadiusConfigStanza, }, /* 1.3.6.1.4.1.5322.22.3.3.3 */ { { 11, "\x2B\x06\x01\x04\x01\xA9\x4A\x16\x03\x03\x03" }, setCredFlag, }, /* 1.3.6.1.4.1.5322.22.3.3.4 */ { { 11, "\x2B\x06\x01\x04\x01\xA9\x4A\x16\x03\x03\x04" }, setCredPassword, }, /* 1.3.6.1.4.1.5322.22.3.3.5 */ { { 11, "\x2B\x06\x01\x04\x01\xA9\x4A\x16\x03\x03\x05" }, setCredPrivateKey, }, }; gss_OID GSS_EAP_CRED_SET_RADIUS_CONFIG_FILE = &setCredOps[0].oid; gss_OID GSS_EAP_CRED_SET_RADIUS_CONFIG_STANZA = &setCredOps[1].oid; gss_OID GSS_EAP_CRED_SET_CRED_FLAG = &setCredOps[2].oid; gss_OID GSS_EAP_CRED_SET_CRED_PASSWORD = &setCredOps[3].oid; gss_OID GSS_EAP_CRED_SET_CRED_PRIVATE_KEY = &setCredOps[4].oid; OM_uint32 GSSAPI_CALLCONV gssspi_set_cred_option(OM_uint32 *minor, gss_cred_id_t *pCred, const gss_OID desired_object, const gss_buffer_t value) { OM_uint32 major; gss_cred_id_t cred = *pCred; int i; if (cred == GSS_C_NO_CREDENTIAL) { *minor = EINVAL; return GSS_S_UNAVAILABLE; } GSSEAP_MUTEX_LOCK(&cred->mutex); major = GSS_S_UNAVAILABLE; *minor = GSSEAP_BAD_CRED_OPTION; for (i = 0; i < sizeof(setCredOps) / sizeof(setCredOps[0]); i++) { if (oidEqual(&setCredOps[i].oid, desired_object)) { major = (*setCredOps[i].setOption)(minor, cred, desired_object, value); break; } } GSSEAP_MUTEX_UNLOCK(&cred->mutex); return major; } #if 0 OM_uint32 gsseap_set_cred_flag(OM_uint32 *minor, gss_cred_id_t cred, OM_uint32 flag, int clear) { unsigned char buf[5]; gss_buffer_desc value; value.length = sizeof(buf); value.value = buf; store_uint32_be(flag, buf); buf[4] = (clear != 0); return gssspi_set_cred_option(minor, &cred, GSS_EAP_CRED_SET_CRED_FLAG, &value); } #endif mech_eap-0.9.2/mech_eap/mech_eap.exports0000644001755200017500000000261712406014472015151 00000000000000gss_accept_sec_context gss_acquire_cred gss_add_cred gss_add_cred_with_password gss_canonicalize_name gss_compare_name gss_context_time gss_delete_name_attribute gss_delete_sec_context gss_display_name gss_display_name_ext gss_display_status gss_duplicate_name gss_exchange_meta_data gss_export_name gss_export_name_composite gss_export_sec_context gss_get_mic gss_get_name_attribute gss_import_name gss_import_sec_context gss_indicate_mechs gss_init_sec_context gss_inquire_attrs_for_mech gss_inquire_context gss_inquire_cred gss_inquire_cred_by_mech gss_inquire_cred_by_oid gss_inquire_mechs_for_name gss_inquire_mech_for_saslname gss_inquire_name gss_inquire_names_for_mech gss_inquire_saslname_for_mech gss_inquire_sec_context_by_oid gss_map_name_to_any gss_process_context_token gss_pseudo_random gss_query_mechanism_info gss_query_meta_data gss_release_any_name_mapping gss_release_cred gss_release_name gss_internal_release_oid gss_set_name_attribute gss_set_sec_context_option gss_store_cred gss_unwrap gss_unwrap_iov gss_verify_mic gss_wrap gss_wrap_iov gss_wrap_iov_length gss_wrap_size_limit GSS_EAP_AES128_CTS_HMAC_SHA1_96_MECHANISM GSS_EAP_AES256_CTS_HMAC_SHA1_96_MECHANISM GSS_EAP_NT_EAP_NAME GSS_EAP_CRED_SET_CRED_FLAG GSS_EAP_CRED_SET_CRED_PASSWORD GSS_EAP_CRED_SET_RADIUS_CONFIG_FILE GSS_EAP_CRED_SET_RADIUS_CONFIG_STANZA gssspi_acquire_cred_with_password gssspi_authorize_localname gssspi_set_cred_option mech_eap-0.9.2/mech_eap/init_sec_context.c0000644001755200017500000012217712406014472015473 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * Establish a security context on the initiator (client). These functions * wrap around libeap. */ #include "gssapiP_eap.h" #include "radius/radius.h" #include "util_radius.h" #include "utils/radius_utils.h" /* methods allowed for phase1 authentication*/ static const struct eap_method_type allowed_eap_method_types[] = { {EAP_VENDOR_IETF, EAP_TYPE_TTLS}, {EAP_VENDOR_IETF, EAP_TYPE_NONE}}; static OM_uint32 policyVariableToFlag(enum eapol_bool_var variable) { OM_uint32 flag = 0; switch (variable) { case EAPOL_eapSuccess: flag = CTX_FLAG_EAP_SUCCESS; break; case EAPOL_eapRestart: flag = CTX_FLAG_EAP_RESTART; break; case EAPOL_eapFail: flag = CTX_FLAG_EAP_FAIL; break; case EAPOL_eapResp: flag = CTX_FLAG_EAP_RESP; break; case EAPOL_eapNoResp: flag = CTX_FLAG_EAP_NO_RESP; break; case EAPOL_eapReq: flag = CTX_FLAG_EAP_REQ; break; case EAPOL_portEnabled: flag = CTX_FLAG_EAP_PORT_ENABLED; break; case EAPOL_altAccept: flag = CTX_FLAG_EAP_ALT_ACCEPT; break; case EAPOL_altReject: flag = CTX_FLAG_EAP_ALT_REJECT; break; } return flag; } static struct eap_peer_config * peerGetConfig(void *ctx) { gss_ctx_id_t gssCtx = (gss_ctx_id_t)ctx; return &gssCtx->initiatorCtx.eapPeerConfig; } static Boolean peerGetBool(void *data, enum eapol_bool_var variable) { gss_ctx_id_t ctx = data; OM_uint32 flag; if (ctx == GSS_C_NO_CONTEXT) return FALSE; flag = policyVariableToFlag(variable); return ((ctx->flags & flag) != 0); } static void peerSetBool(void *data, enum eapol_bool_var variable, Boolean value) { gss_ctx_id_t ctx = data; OM_uint32 flag; if (ctx == GSS_C_NO_CONTEXT) return; flag = policyVariableToFlag(variable); if (value) ctx->flags |= flag; else ctx->flags &= ~(flag); } static unsigned int peerGetInt(void *data, enum eapol_int_var variable) { gss_ctx_id_t ctx = data; if (ctx == GSS_C_NO_CONTEXT) return FALSE; GSSEAP_ASSERT(CTX_IS_INITIATOR(ctx)); switch (variable) { case EAPOL_idleWhile: return ctx->initiatorCtx.idleWhile; break; } return 0; } static void peerSetInt(void *data, enum eapol_int_var variable, unsigned int value) { gss_ctx_id_t ctx = data; if (ctx == GSS_C_NO_CONTEXT) return; GSSEAP_ASSERT(CTX_IS_INITIATOR(ctx)); switch (variable) { case EAPOL_idleWhile: ctx->initiatorCtx.idleWhile = value; break; } } static struct wpabuf * peerGetEapReqData(void *ctx) { gss_ctx_id_t gssCtx = (gss_ctx_id_t)ctx; return &gssCtx->initiatorCtx.reqData; } static void peerSetConfigBlob(void *ctx GSSEAP_UNUSED, struct wpa_config_blob *blob GSSEAP_UNUSED) { } static const struct wpa_config_blob * peerGetConfigBlob(void *ctx, const char *name) { gss_ctx_id_t gssCtx = (gss_ctx_id_t)ctx; size_t index; if (strcmp(name, "client-cert") == 0) index = CONFIG_BLOB_CLIENT_CERT; else if (strcmp(name, "private-key") == 0) index = CONFIG_BLOB_PRIVATE_KEY; else if (strcmp(name, "ca-cert") == 0) index = CONFIG_BLOB_CA_CERT; else return NULL; return &gssCtx->initiatorCtx.configBlobs[index]; } static void peerNotifyPending(void *ctx GSSEAP_UNUSED) { } static struct eapol_callbacks gssEapPolicyCallbacks = { peerGetConfig, peerGetBool, peerSetBool, peerGetInt, peerSetInt, peerGetEapReqData, peerSetConfigBlob, peerGetConfigBlob, peerNotifyPending, }; #ifdef GSSEAP_DEBUG extern int wpa_debug_level; #endif #define CHBIND_SERVICE_NAME_FLAG 0x01 #define CHBIND_HOST_NAME_FLAG 0x02 #define CHBIND_SERVICE_SPECIFIC_FLAG 0x04 #define CHBIND_REALM_NAME_FLAG 0x08 static OM_uint32 peerInitEapChannelBinding(OM_uint32 *minor, gss_ctx_id_t ctx) { struct wpabuf *buf = NULL; unsigned int chbindReqFlags = 0; krb5_principal princ = NULL; gss_buffer_desc nameBuf = GSS_C_EMPTY_BUFFER; OM_uint32 major = GSS_S_COMPLETE; krb5_context krbContext = NULL; /* XXX is this check redundant? */ if (ctx->acceptorName == GSS_C_NO_NAME) { major = GSS_S_BAD_NAME; *minor = GSSEAP_NO_ACCEPTOR_NAME; goto cleanup; } princ = ctx->acceptorName->krbPrincipal; krbPrincComponentToGssBuffer(princ, 0, &nameBuf); if (nameBuf.length > 0) { major = gssEapRadiusAddAttr(minor, &buf, PW_GSS_ACCEPTOR_SERVICE_NAME, 0, &nameBuf); if (GSS_ERROR(major)) goto cleanup; chbindReqFlags |= CHBIND_SERVICE_NAME_FLAG; } krbPrincComponentToGssBuffer(princ, 1, &nameBuf); if (nameBuf.length > 0) { major = gssEapRadiusAddAttr(minor, &buf, PW_GSS_ACCEPTOR_HOST_NAME, 0, &nameBuf); if (GSS_ERROR(major)) goto cleanup; chbindReqFlags |= CHBIND_HOST_NAME_FLAG; } GSSEAP_KRB_INIT(&krbContext); *minor = krbPrincUnparseServiceSpecifics(krbContext, princ, &nameBuf); if (*minor != 0) goto cleanup; if (nameBuf.length > 0) { major = gssEapRadiusAddAttr(minor, &buf, PW_GSS_ACCEPTOR_SERVICE_SPECIFICS, 0, &nameBuf); if (GSS_ERROR(major)) goto cleanup; chbindReqFlags |= CHBIND_SERVICE_SPECIFIC_FLAG; } krbFreeUnparsedName(krbContext, &nameBuf); krbPrincRealmToGssBuffer(princ, &nameBuf); if (nameBuf.length > 0) { major = gssEapRadiusAddAttr(minor, &buf, PW_GSS_ACCEPTOR_REALM_NAME, 0, &nameBuf); if (GSS_ERROR(major)) goto cleanup; chbindReqFlags |= CHBIND_REALM_NAME_FLAG; } if (chbindReqFlags == 0) { major = GSS_S_BAD_NAME; *minor = GSSEAP_BAD_ACCEPTOR_NAME; goto cleanup; } ctx->initiatorCtx.chbindData = buf; ctx->initiatorCtx.chbindReqFlags = chbindReqFlags; buf = NULL; major = GSS_S_COMPLETE; *minor = 0; cleanup: /*namebuf is freed when used and may be left with a unowned pointer*/ wpabuf_free(buf); return major; } static void peerProcessChbindResponse(void *context, int code, int nsid, u8 *data, size_t len) { radius_parser msg; gss_ctx_id_t ctx = (gss_ctx_id_t )context; void *vsadata; u8 type; u32 vendor_id; u32 chbindRetFlags = 0; size_t vsadata_len; if (nsid != CHBIND_NSID_RADIUS) return; if (data == NULL) return; msg = radius_parser_start(data, len); if (msg == NULL) return; while (radius_parser_parse_tlv(msg, &type, &vendor_id, &vsadata, &vsadata_len) == 0) { switch (type) { case PW_GSS_ACCEPTOR_SERVICE_NAME: chbindRetFlags |= CHBIND_SERVICE_NAME_FLAG; break; case PW_GSS_ACCEPTOR_HOST_NAME: chbindRetFlags |= CHBIND_HOST_NAME_FLAG; break; case PW_GSS_ACCEPTOR_SERVICE_SPECIFICS: chbindRetFlags |= CHBIND_SERVICE_SPECIFIC_FLAG; break; case PW_GSS_ACCEPTOR_REALM_NAME: chbindRetFlags |= CHBIND_REALM_NAME_FLAG; break; } } radius_parser_finish(msg); if (code == CHBIND_CODE_SUCCESS && ((chbindRetFlags & ctx->initiatorCtx.chbindReqFlags) == ctx->initiatorCtx.chbindReqFlags)) { ctx->flags |= CTX_FLAG_EAP_CHBIND_ACCEPT; ctx->gssFlags |= GSS_C_MUTUAL_FLAG; } /* else log failures? */ } static OM_uint32 peerConfigInit(OM_uint32 *minor, gss_ctx_id_t ctx) { OM_uint32 major; krb5_context krbContext; struct eap_peer_config *eapPeerConfig = &ctx->initiatorCtx.eapPeerConfig; struct wpa_config_blob *configBlobs = ctx->initiatorCtx.configBlobs; gss_buffer_desc identity = GSS_C_EMPTY_BUFFER; gss_buffer_desc realm = GSS_C_EMPTY_BUFFER; gss_cred_id_t cred = ctx->cred; eapPeerConfig->identity = NULL; eapPeerConfig->identity_len = 0; eapPeerConfig->anonymous_identity = NULL; eapPeerConfig->anonymous_identity_len = 0; eapPeerConfig->password = NULL; eapPeerConfig->password_len = 0; eapPeerConfig->eap_methods = (struct eap_method_type *) allowed_eap_method_types; GSSEAP_ASSERT(cred != GSS_C_NO_CREDENTIAL); GSSEAP_KRB_INIT(&krbContext); eapPeerConfig->fragment_size = 1024; #ifdef GSSEAP_DEBUG wpa_debug_level = 0; #endif GSSEAP_ASSERT(cred->name != GSS_C_NO_NAME); if ((cred->name->flags & (NAME_FLAG_NAI | NAME_FLAG_SERVICE)) == 0) { *minor = GSSEAP_BAD_INITIATOR_NAME; return GSS_S_BAD_NAME; } /* identity */ major = gssEapDisplayName(minor, cred->name, &identity, NULL); if (GSS_ERROR(major)) return major; eapPeerConfig->identity = (unsigned char *)identity.value; eapPeerConfig->identity_len = identity.length; krbPrincRealmToGssBuffer(cred->name->krbPrincipal, &realm); /* anonymous_identity */ eapPeerConfig->anonymous_identity = GSSEAP_MALLOC(realm.length + 2); if (eapPeerConfig->anonymous_identity == NULL) { *minor = ENOMEM; return GSS_S_FAILURE; } eapPeerConfig->anonymous_identity[0] = '@'; memcpy(eapPeerConfig->anonymous_identity + 1, realm.value, realm.length); eapPeerConfig->anonymous_identity[1 + realm.length] = '\0'; eapPeerConfig->anonymous_identity_len = 1 + realm.length; /* password */ if ((cred->flags & CRED_FLAG_CERTIFICATE) == 0) { eapPeerConfig->password = (unsigned char *)cred->password.value; eapPeerConfig->password_len = cred->password.length; } /* certs */ eapPeerConfig->ca_cert = (unsigned char *)cred->caCertificate.value; eapPeerConfig->subject_match = (unsigned char *)cred->subjectNameConstraint.value; eapPeerConfig->altsubject_match = (unsigned char *)cred->subjectAltNameConstraint.value; configBlobs[CONFIG_BLOB_CA_CERT].data = cred->caCertificateBlob.value; configBlobs[CONFIG_BLOB_CA_CERT].len = cred->caCertificateBlob.length; /* eap channel binding */ if (ctx->initiatorCtx.chbindData != NULL) { struct eap_peer_chbind_config *chbind_config = (struct eap_peer_chbind_config *)GSSEAP_MALLOC(sizeof(struct eap_peer_chbind_config)); if (chbind_config == NULL) { *minor = ENOMEM; return GSS_S_FAILURE; } chbind_config->req_data = wpabuf_mhead_u8(ctx->initiatorCtx.chbindData); chbind_config->req_data_len = wpabuf_len(ctx->initiatorCtx.chbindData); chbind_config->nsid = CHBIND_NSID_RADIUS; chbind_config->response_cb = &peerProcessChbindResponse; chbind_config->ctx = ctx; eapPeerConfig->chbind_config = chbind_config; eapPeerConfig->chbind_config_len = 1; } else { eapPeerConfig->chbind_config = NULL; eapPeerConfig->chbind_config_len = 0; } if (cred->flags & CRED_FLAG_CERTIFICATE) { /* * CRED_FLAG_CONFIG_BLOB is an internal flag which will be used in the * future to directly pass certificate and private key data to the * EAP implementation, rather than an indirected string pointer. */ if (cred->flags & CRED_FLAG_CONFIG_BLOB) { eapPeerConfig->client_cert = (unsigned char *)"blob://client-cert"; configBlobs[CONFIG_BLOB_CLIENT_CERT].data = cred->clientCertificate.value; configBlobs[CONFIG_BLOB_CLIENT_CERT].len = cred->clientCertificate.length; eapPeerConfig->client_cert = (unsigned char *)"blob://private-key"; configBlobs[CONFIG_BLOB_PRIVATE_KEY].data = cred->clientCertificate.value; configBlobs[CONFIG_BLOB_PRIVATE_KEY].len = cred->privateKey.length; } else { eapPeerConfig->client_cert = (unsigned char *)cred->clientCertificate.value; eapPeerConfig->private_key = (unsigned char *)cred->privateKey.value; } eapPeerConfig->private_key_passwd = (unsigned char *)cred->password.value; } *minor = 0; return GSS_S_COMPLETE; } static OM_uint32 peerConfigFree(OM_uint32 *minor, gss_ctx_id_t ctx) { struct eap_peer_config *eapPeerConfig = &ctx->initiatorCtx.eapPeerConfig; if (eapPeerConfig->identity != NULL) { GSSEAP_FREE(eapPeerConfig->identity); eapPeerConfig->identity = NULL; eapPeerConfig->identity_len = 0; } if (eapPeerConfig->anonymous_identity != NULL) { GSSEAP_FREE(eapPeerConfig->anonymous_identity); eapPeerConfig->anonymous_identity = NULL; eapPeerConfig->anonymous_identity_len = 0; } *minor = 0; return GSS_S_COMPLETE; } /* * Mark an initiator context as ready for cryptographic operations */ static OM_uint32 initReady(OM_uint32 *minor, gss_ctx_id_t ctx) { OM_uint32 major; const unsigned char *key; size_t keyLength; /* Cache encryption type derived from selected mechanism OID */ major = gssEapOidToEnctype(minor, ctx->mechanismUsed, &ctx->encryptionType); if (GSS_ERROR(major)) return major; if (!eap_key_available(ctx->initiatorCtx.eap)) { *minor = GSSEAP_KEY_UNAVAILABLE; return GSS_S_UNAVAILABLE; } key = eap_get_eapKeyData(ctx->initiatorCtx.eap, &keyLength); if (keyLength < EAP_EMSK_LEN) { *minor = GSSEAP_KEY_TOO_SHORT; return GSS_S_UNAVAILABLE; } major = gssEapDeriveRfc3961Key(minor, &key[EAP_EMSK_LEN / 2], EAP_EMSK_LEN / 2, ctx->encryptionType, &ctx->rfc3961Key); if (GSS_ERROR(major)) return major; major = rfc3961ChecksumTypeForKey(minor, &ctx->rfc3961Key, &ctx->checksumType); if (GSS_ERROR(major)) return major; major = sequenceInit(minor, &ctx->seqState, ctx->recvSeq, ((ctx->gssFlags & GSS_C_REPLAY_FLAG) != 0), ((ctx->gssFlags & GSS_C_SEQUENCE_FLAG) != 0), TRUE); if (GSS_ERROR(major)) return major; *minor = 0; return GSS_S_COMPLETE; } static OM_uint32 initBegin(OM_uint32 *minor, gss_ctx_id_t ctx, gss_name_t target, gss_OID mech, OM_uint32 reqFlags GSSEAP_UNUSED, OM_uint32 timeReq, gss_channel_bindings_t chanBindings GSSEAP_UNUSED) { OM_uint32 major; gss_cred_id_t cred = ctx->cred; GSSEAP_ASSERT(cred != GSS_C_NO_CREDENTIAL); if (cred->expiryTime) ctx->expiryTime = cred->expiryTime; else if (timeReq == 0 || timeReq == GSS_C_INDEFINITE) ctx->expiryTime = 0; else ctx->expiryTime = time(NULL) + timeReq; /* * The credential mutex protects its name, however we need to * explicitly lock the acceptor name (unlikely as it may be * that it has attributes set on it). */ major = gssEapDuplicateName(minor, cred->name, &ctx->initiatorName); if (GSS_ERROR(major)) return major; if (target != GSS_C_NO_NAME) { GSSEAP_MUTEX_LOCK(&target->mutex); major = gssEapDuplicateName(minor, target, &ctx->acceptorName); if (GSS_ERROR(major)) { GSSEAP_MUTEX_UNLOCK(&target->mutex); return major; } GSSEAP_MUTEX_UNLOCK(&target->mutex); } major = gssEapCanonicalizeOid(minor, mech, OID_FLAG_NULL_VALID | OID_FLAG_MAP_NULL_TO_DEFAULT_MECH, &ctx->mechanismUsed); if (GSS_ERROR(major)) return major; /* If credentials were provided, check they're usable with this mech */ if (!gssEapCredAvailable(cred, ctx->mechanismUsed)) { *minor = GSSEAP_CRED_MECH_MISMATCH; return GSS_S_BAD_MECH; } *minor = 0; return GSS_S_COMPLETE; } static OM_uint32 eapGssSmInitError(OM_uint32 *minor, gss_cred_id_t cred GSSEAP_UNUSED, gss_ctx_id_t ctx GSSEAP_UNUSED, gss_name_t target GSSEAP_UNUSED, gss_OID mech GSSEAP_UNUSED, OM_uint32 reqFlags GSSEAP_UNUSED, OM_uint32 timeReq GSSEAP_UNUSED, gss_channel_bindings_t chanBindings GSSEAP_UNUSED, gss_buffer_t inputToken, gss_buffer_t outputToken GSSEAP_UNUSED, OM_uint32 *smFlags GSSEAP_UNUSED) { OM_uint32 major; unsigned char *p; if (inputToken->length < 8) { *minor = GSSEAP_TOK_TRUNC; return GSS_S_DEFECTIVE_TOKEN; } p = (unsigned char *)inputToken->value; major = load_uint32_be(&p[0]); *minor = ERROR_TABLE_BASE_eapg + load_uint32_be(&p[4]); if (!GSS_ERROR(major) || !IS_WIRE_ERROR(*minor)) { major = GSS_S_FAILURE; *minor = GSSEAP_BAD_ERROR_TOKEN; } GSSEAP_ASSERT(GSS_ERROR(major)); return major; } #ifdef GSSEAP_ENABLE_REAUTH static OM_uint32 eapGssSmInitGssReauth(OM_uint32 *minor, gss_cred_id_t cred, gss_ctx_id_t ctx, gss_name_t target, gss_OID mech GSSEAP_UNUSED, OM_uint32 reqFlags, OM_uint32 timeReq, gss_channel_bindings_t chanBindings, gss_buffer_t inputToken, gss_buffer_t outputToken, OM_uint32 *smFlags GSSEAP_UNUSED) { OM_uint32 major, tmpMinor; gss_name_t mechTarget = GSS_C_NO_NAME; gss_OID actualMech = GSS_C_NO_OID; OM_uint32 gssFlags, timeRec; /* * Here we use the passed in credential handle because the resolved * context credential does not currently have the reauth creds. */ if (GSSEAP_SM_STATE(ctx) == GSSEAP_STATE_INITIAL) { if (!gssEapCanReauthP(cred, target, timeReq)) return GSS_S_CONTINUE_NEEDED; ctx->flags |= CTX_FLAG_KRB_REAUTH; } else if ((ctx->flags & CTX_FLAG_KRB_REAUTH) == 0) { major = GSS_S_DEFECTIVE_TOKEN; *minor = GSSEAP_WRONG_ITOK; goto cleanup; } GSSEAP_ASSERT(cred != GSS_C_NO_CREDENTIAL); major = gssEapMechToGlueName(minor, target, &mechTarget); if (GSS_ERROR(major)) goto cleanup; major = gssInitSecContext(minor, cred->reauthCred, &ctx->reauthCtx, mechTarget, (gss_OID)gss_mech_krb5, reqFlags | GSS_C_MUTUAL_FLAG, timeReq, chanBindings, inputToken, &actualMech, outputToken, &gssFlags, &timeRec); if (GSS_ERROR(major)) goto cleanup; ctx->gssFlags = gssFlags; if (major == GSS_S_COMPLETE) { GSSEAP_ASSERT(GSSEAP_SM_STATE(ctx) == GSSEAP_STATE_REAUTHENTICATE); major = gssEapReauthComplete(minor, ctx, cred, actualMech, timeRec); if (GSS_ERROR(major)) goto cleanup; GSSEAP_SM_TRANSITION(ctx, GSSEAP_STATE_ESTABLISHED); } else { GSSEAP_SM_TRANSITION(ctx, GSSEAP_STATE_REAUTHENTICATE); } cleanup: gssReleaseName(&tmpMinor, &mechTarget); return major; } #endif /* GSSEAP_ENABLE_REAUTH */ #ifdef GSSEAP_DEBUG static OM_uint32 eapGssSmInitVendorInfo(OM_uint32 *minor, gss_cred_id_t cred GSSEAP_UNUSED, gss_ctx_id_t ctx GSSEAP_UNUSED, gss_name_t target GSSEAP_UNUSED, gss_OID mech GSSEAP_UNUSED, OM_uint32 reqFlags GSSEAP_UNUSED, OM_uint32 timeReq GSSEAP_UNUSED, gss_channel_bindings_t chanBindings GSSEAP_UNUSED, gss_buffer_t inputToken GSSEAP_UNUSED, gss_buffer_t outputToken, OM_uint32 *smFlags GSSEAP_UNUSED) { OM_uint32 major; major = makeStringBuffer(minor, "JANET(UK)", outputToken); if (GSS_ERROR(major)) return major; return GSS_S_CONTINUE_NEEDED; } #endif static OM_uint32 eapGssSmInitAcceptorName(OM_uint32 *minor, gss_cred_id_t cred GSSEAP_UNUSED, gss_ctx_id_t ctx, gss_name_t target GSSEAP_UNUSED, gss_OID mech GSSEAP_UNUSED, OM_uint32 reqFlags GSSEAP_UNUSED, OM_uint32 timeReq GSSEAP_UNUSED, gss_channel_bindings_t chanBindings GSSEAP_UNUSED, gss_buffer_t inputToken GSSEAP_UNUSED, gss_buffer_t outputToken, OM_uint32 *smFlags GSSEAP_UNUSED) { OM_uint32 major; if (GSSEAP_SM_STATE(ctx) == GSSEAP_STATE_INITIAL && ctx->acceptorName != GSS_C_NO_NAME) { /* Send desired target name to acceptor */ major = gssEapDisplayName(minor, ctx->acceptorName, outputToken, NULL); if (GSS_ERROR(major)) return major; } else if (inputToken != GSS_C_NO_BUFFER) { OM_uint32 tmpMinor; gss_name_t nameHint; int equal; /* Accept target name hint from acceptor or verify acceptor */ major = gssEapImportName(minor, inputToken, GSS_C_NT_USER_NAME, ctx->mechanismUsed, &nameHint); if (GSS_ERROR(major)) return major; if (ctx->acceptorName != GSS_C_NO_NAME) { /* verify name hint matched asserted acceptor name */ major = gssEapCompareName(minor, nameHint, ctx->acceptorName, COMPARE_NAME_FLAG_IGNORE_EMPTY_REALMS, &equal); if (GSS_ERROR(major)) { gssEapReleaseName(&tmpMinor, &nameHint); return major; } gssEapReleaseName(&tmpMinor, &nameHint); if (!equal) { *minor = GSSEAP_WRONG_ACCEPTOR_NAME; return GSS_S_DEFECTIVE_TOKEN; } } else { /* acceptor name is no_name */ /* accept acceptor name hint */ ctx->acceptorName = nameHint; nameHint = GSS_C_NO_NAME; } } /* * Currently, other parts of the code assume that the acceptor name * is available, hence this check. */ if (ctx->acceptorName == GSS_C_NO_NAME) { *minor = GSSEAP_NO_ACCEPTOR_NAME; return GSS_S_FAILURE; } /* * Generate channel binding data */ if (ctx->initiatorCtx.chbindData == NULL) { major = peerInitEapChannelBinding(minor, ctx); if (GSS_ERROR(major)) return major; } return GSS_S_CONTINUE_NEEDED; } static OM_uint32 eapGssSmInitIdentity(OM_uint32 *minor, gss_cred_id_t cred GSSEAP_UNUSED, gss_ctx_id_t ctx, gss_name_t target GSSEAP_UNUSED, gss_OID mech GSSEAP_UNUSED, OM_uint32 reqFlags GSSEAP_UNUSED, OM_uint32 timeReq GSSEAP_UNUSED, gss_channel_bindings_t chanBindings GSSEAP_UNUSED, gss_buffer_t inputToken GSSEAP_UNUSED, gss_buffer_t outputToken GSSEAP_UNUSED, OM_uint32 *smFlags) { struct eap_config eapConfig; #ifdef GSSEAP_ENABLE_REAUTH if (GSSEAP_SM_STATE(ctx) == GSSEAP_STATE_REAUTHENTICATE) { OM_uint32 tmpMinor; /* server didn't support reauthentication, sent EAP request */ gssDeleteSecContext(&tmpMinor, &ctx->reauthCtx, GSS_C_NO_BUFFER); ctx->flags &= ~(CTX_FLAG_KRB_REAUTH); GSSEAP_SM_TRANSITION(ctx, GSSEAP_STATE_INITIAL); } else #endif *smFlags |= SM_FLAG_FORCE_SEND_TOKEN; GSSEAP_ASSERT((ctx->flags & CTX_FLAG_KRB_REAUTH) == 0); GSSEAP_ASSERT(inputToken == GSS_C_NO_BUFFER); memset(&eapConfig, 0, sizeof(eapConfig)); ctx->initiatorCtx.eap = eap_peer_sm_init(ctx, &gssEapPolicyCallbacks, ctx, &eapConfig); if (ctx->initiatorCtx.eap == NULL) { *minor = GSSEAP_PEER_SM_INIT_FAILURE; return GSS_S_FAILURE; } ctx->flags |= CTX_FLAG_EAP_RESTART | CTX_FLAG_EAP_PORT_ENABLED; /* poke EAP state machine */ if (eap_peer_sm_step(ctx->initiatorCtx.eap) != 0) { *minor = GSSEAP_PEER_SM_STEP_FAILURE; return GSS_S_FAILURE; } GSSEAP_SM_TRANSITION_NEXT(ctx); *minor = 0; return GSS_S_CONTINUE_NEEDED; } static OM_uint32 eapGssSmInitAuthenticate(OM_uint32 *minor, gss_cred_id_t cred GSSEAP_UNUSED, gss_ctx_id_t ctx, gss_name_t target GSSEAP_UNUSED, gss_OID mech GSSEAP_UNUSED, OM_uint32 reqFlags GSSEAP_UNUSED, OM_uint32 timeReq GSSEAP_UNUSED, gss_channel_bindings_t chanBindings GSSEAP_UNUSED, gss_buffer_t inputToken GSSEAP_UNUSED, gss_buffer_t outputToken, OM_uint32 *smFlags) { OM_uint32 major; OM_uint32 tmpMinor; struct wpabuf *resp = NULL; *minor = 0; GSSEAP_ASSERT(inputToken != GSS_C_NO_BUFFER); major = peerConfigInit(minor, ctx); if (GSS_ERROR(major)) goto cleanup; GSSEAP_ASSERT(ctx->initiatorCtx.eap != NULL); GSSEAP_ASSERT(ctx->flags & CTX_FLAG_EAP_PORT_ENABLED); ctx->flags |= CTX_FLAG_EAP_REQ; /* we have a Request from the acceptor */ wpabuf_set(&ctx->initiatorCtx.reqData, inputToken->value, inputToken->length); major = GSS_S_CONTINUE_NEEDED; eap_peer_sm_step(ctx->initiatorCtx.eap); if (ctx->flags & CTX_FLAG_EAP_RESP) { ctx->flags &= ~(CTX_FLAG_EAP_RESP); resp = eap_get_eapRespData(ctx->initiatorCtx.eap); } else if (ctx->flags & CTX_FLAG_EAP_SUCCESS) { major = initReady(minor, ctx); if (GSS_ERROR(major)) goto cleanup; ctx->flags &= ~(CTX_FLAG_EAP_SUCCESS); major = GSS_S_CONTINUE_NEEDED; GSSEAP_SM_TRANSITION_NEXT(ctx); } else if (ctx->flags & CTX_FLAG_EAP_FAIL) { major = GSS_S_DEFECTIVE_CREDENTIAL; *minor = GSSEAP_PEER_AUTH_FAILURE; } else { major = GSS_S_DEFECTIVE_TOKEN; *minor = GSSEAP_PEER_BAD_MESSAGE; } cleanup: if (resp != NULL) { OM_uint32 tmpMajor; gss_buffer_desc respBuf; GSSEAP_ASSERT(major == GSS_S_CONTINUE_NEEDED); respBuf.length = wpabuf_len(resp); respBuf.value = (void *)wpabuf_head(resp); tmpMajor = duplicateBuffer(&tmpMinor, &respBuf, outputToken); if (GSS_ERROR(tmpMajor)) { major = tmpMajor; *minor = tmpMinor; } *smFlags |= SM_FLAG_OUTPUT_TOKEN_CRITICAL; } wpabuf_set(&ctx->initiatorCtx.reqData, NULL, 0); peerConfigFree(&tmpMinor, ctx); return major; } static OM_uint32 eapGssSmInitGssFlags(OM_uint32 *minor, gss_cred_id_t cred GSSEAP_UNUSED, gss_ctx_id_t ctx, gss_name_t target GSSEAP_UNUSED, gss_OID mech GSSEAP_UNUSED, OM_uint32 reqFlags GSSEAP_UNUSED, OM_uint32 timeReq GSSEAP_UNUSED, gss_channel_bindings_t chanBindings GSSEAP_UNUSED, gss_buffer_t inputToken GSSEAP_UNUSED, gss_buffer_t outputToken, OM_uint32 *smFlags GSSEAP_UNUSED) { unsigned char wireFlags[4]; gss_buffer_desc flagsBuf; /* * As a temporary measure, force mutual authentication until channel binding is * more widely deployed. */ ctx->gssFlags |= GSS_C_MUTUAL_FLAG; store_uint32_be(ctx->gssFlags & GSSEAP_WIRE_FLAGS_MASK, wireFlags); flagsBuf.length = sizeof(wireFlags); flagsBuf.value = wireFlags; return duplicateBuffer(minor, &flagsBuf, outputToken); } static OM_uint32 eapGssSmInitGssChannelBindings(OM_uint32 *minor, gss_cred_id_t cred GSSEAP_UNUSED, gss_ctx_id_t ctx, gss_name_t target GSSEAP_UNUSED, gss_OID mech GSSEAP_UNUSED, OM_uint32 reqFlags GSSEAP_UNUSED, OM_uint32 timeReq GSSEAP_UNUSED, gss_channel_bindings_t chanBindings, gss_buffer_t inputToken GSSEAP_UNUSED, gss_buffer_t outputToken, OM_uint32 *smFlags) { OM_uint32 major; krb5_error_code code; krb5_context krbContext; krb5_data data; krb5_checksum cksum; gss_buffer_desc cksumBuffer; if (chanBindings == GSS_C_NO_CHANNEL_BINDINGS || chanBindings->application_data.length == 0) return GSS_S_CONTINUE_NEEDED; GSSEAP_KRB_INIT(&krbContext); KRB_DATA_INIT(&data); gssBufferToKrbData(&chanBindings->application_data, &data); code = krb5_c_make_checksum(krbContext, ctx->checksumType, &ctx->rfc3961Key, KEY_USAGE_GSSEAP_CHBIND_MIC, &data, &cksum); if (code != 0) { *minor = code; return GSS_S_FAILURE; } cksumBuffer.length = KRB_CHECKSUM_LENGTH(&cksum); cksumBuffer.value = KRB_CHECKSUM_DATA(&cksum); major = duplicateBuffer(minor, &cksumBuffer, outputToken); if (GSS_ERROR(major)) { krb5_free_checksum_contents(krbContext, &cksum); return major; } *minor = 0; *smFlags |= SM_FLAG_OUTPUT_TOKEN_CRITICAL; krb5_free_checksum_contents(krbContext, &cksum); return GSS_S_CONTINUE_NEEDED; } static OM_uint32 eapGssSmInitInitiatorMIC(OM_uint32 *minor, gss_cred_id_t cred GSSEAP_UNUSED, gss_ctx_id_t ctx, gss_name_t target GSSEAP_UNUSED, gss_OID mech GSSEAP_UNUSED, OM_uint32 reqFlags GSSEAP_UNUSED, OM_uint32 timeReq GSSEAP_UNUSED, gss_channel_bindings_t chanBindings GSSEAP_UNUSED, gss_buffer_t inputToken GSSEAP_UNUSED, gss_buffer_t outputToken, OM_uint32 *smFlags) { OM_uint32 major; major = gssEapMakeTokenMIC(minor, ctx, outputToken); if (GSS_ERROR(major)) return major; GSSEAP_SM_TRANSITION_NEXT(ctx); *minor = 0; *smFlags |= SM_FLAG_OUTPUT_TOKEN_CRITICAL; return GSS_S_CONTINUE_NEEDED; } #ifdef GSSEAP_ENABLE_REAUTH static OM_uint32 eapGssSmInitReauthCreds(OM_uint32 *minor, gss_cred_id_t cred, gss_ctx_id_t ctx, gss_name_t target GSSEAP_UNUSED, gss_OID mech GSSEAP_UNUSED, OM_uint32 reqFlags GSSEAP_UNUSED, OM_uint32 timeReq GSSEAP_UNUSED, gss_channel_bindings_t chanBindings GSSEAP_UNUSED, gss_buffer_t inputToken, gss_buffer_t outputToken GSSEAP_UNUSED, OM_uint32 *smFlags GSSEAP_UNUSED) { OM_uint32 major; if (ctx->gssFlags & GSS_C_MUTUAL_FLAG) { major = gssEapStoreReauthCreds(minor, ctx, cred, inputToken); if (GSS_ERROR(major)) return major; } *minor = 0; return GSS_S_CONTINUE_NEEDED; } #endif /* GSSEAP_ENABLE_REAUTH */ static OM_uint32 eapGssSmInitAcceptorMIC(OM_uint32 *minor, gss_cred_id_t cred GSSEAP_UNUSED, gss_ctx_id_t ctx, gss_name_t target GSSEAP_UNUSED, gss_OID mech GSSEAP_UNUSED, OM_uint32 reqFlags GSSEAP_UNUSED, OM_uint32 timeReq GSSEAP_UNUSED, gss_channel_bindings_t chanBindings GSSEAP_UNUSED, gss_buffer_t inputToken, gss_buffer_t outputToken GSSEAP_UNUSED, OM_uint32 *smFlags GSSEAP_UNUSED) { OM_uint32 major; major = gssEapVerifyTokenMIC(minor, ctx, inputToken); if (GSS_ERROR(major)) return major; GSSEAP_SM_TRANSITION(ctx, GSSEAP_STATE_ESTABLISHED); *minor = 0; return GSS_S_COMPLETE; } static struct gss_eap_sm eapGssInitiatorSm[] = { { ITOK_TYPE_CONTEXT_ERR, ITOK_TYPE_NONE, GSSEAP_STATE_ALL & ~(GSSEAP_STATE_INITIAL), 0, eapGssSmInitError }, { ITOK_TYPE_ACCEPTOR_NAME_RESP, ITOK_TYPE_ACCEPTOR_NAME_REQ, GSSEAP_STATE_INITIAL | GSSEAP_STATE_AUTHENTICATE | GSSEAP_STATE_ACCEPTOR_EXTS, 0, eapGssSmInitAcceptorName }, #ifdef GSSEAP_DEBUG { ITOK_TYPE_NONE, ITOK_TYPE_VENDOR_INFO, GSSEAP_STATE_INITIAL, 0, eapGssSmInitVendorInfo }, #endif #ifdef GSSEAP_ENABLE_REAUTH { ITOK_TYPE_REAUTH_RESP, ITOK_TYPE_REAUTH_REQ, GSSEAP_STATE_INITIAL | GSSEAP_STATE_REAUTHENTICATE, 0, eapGssSmInitGssReauth }, #endif { ITOK_TYPE_NONE, ITOK_TYPE_NONE, #ifdef GSSEAP_ENABLE_REAUTH GSSEAP_STATE_REAUTHENTICATE | #endif GSSEAP_STATE_INITIAL, SM_ITOK_FLAG_REQUIRED, eapGssSmInitIdentity }, { ITOK_TYPE_EAP_REQ, ITOK_TYPE_EAP_RESP, GSSEAP_STATE_AUTHENTICATE, SM_ITOK_FLAG_REQUIRED, eapGssSmInitAuthenticate }, { ITOK_TYPE_NONE, ITOK_TYPE_GSS_FLAGS, GSSEAP_STATE_INITIATOR_EXTS, 0, eapGssSmInitGssFlags }, { ITOK_TYPE_NONE, ITOK_TYPE_GSS_CHANNEL_BINDINGS, GSSEAP_STATE_INITIATOR_EXTS, 0, eapGssSmInitGssChannelBindings }, { ITOK_TYPE_NONE, ITOK_TYPE_INITIATOR_MIC, GSSEAP_STATE_INITIATOR_EXTS, SM_ITOK_FLAG_REQUIRED, eapGssSmInitInitiatorMIC }, #ifdef GSSEAP_ENABLE_REAUTH { ITOK_TYPE_REAUTH_CREDS, ITOK_TYPE_NONE, GSSEAP_STATE_ACCEPTOR_EXTS, 0, eapGssSmInitReauthCreds }, #endif /* other extensions go here */ { ITOK_TYPE_ACCEPTOR_MIC, ITOK_TYPE_NONE, GSSEAP_STATE_ACCEPTOR_EXTS, SM_ITOK_FLAG_REQUIRED, eapGssSmInitAcceptorMIC } }; OM_uint32 gssEapInitSecContext(OM_uint32 *minor, gss_cred_id_t cred, gss_ctx_id_t ctx, gss_name_t target_name, gss_OID mech_type, OM_uint32 req_flags, OM_uint32 time_req, gss_channel_bindings_t input_chan_bindings, gss_buffer_t input_token, gss_OID *actual_mech_type, gss_buffer_t output_token, OM_uint32 *ret_flags, OM_uint32 *time_rec) { OM_uint32 major, tmpMinor; int initialContextToken = (ctx->mechanismUsed == GSS_C_NO_OID); /* * XXX is acquiring the credential lock here necessary? The password is * mutable but the contract could specify that this is not updated whilst * a context is being initialized. */ if (cred != GSS_C_NO_CREDENTIAL) GSSEAP_MUTEX_LOCK(&cred->mutex); if (ctx->cred == GSS_C_NO_CREDENTIAL) { major = gssEapResolveInitiatorCred(minor, cred, target_name, &ctx->cred); if (GSS_ERROR(major)) goto cleanup; GSSEAP_ASSERT(ctx->cred != GSS_C_NO_CREDENTIAL); } GSSEAP_MUTEX_LOCK(&ctx->cred->mutex); GSSEAP_ASSERT(ctx->cred->flags & CRED_FLAG_RESOLVED); GSSEAP_ASSERT(ctx->cred->flags & CRED_FLAG_INITIATE); if (initialContextToken) { major = initBegin(minor, ctx, target_name, mech_type, req_flags, time_req, input_chan_bindings); if (GSS_ERROR(major)) goto cleanup; } major = gssEapSmStep(minor, cred, ctx, target_name, mech_type, req_flags, time_req, input_chan_bindings, input_token, output_token, eapGssInitiatorSm, sizeof(eapGssInitiatorSm) / sizeof(eapGssInitiatorSm[0])); if (GSS_ERROR(major)) goto cleanup; if (actual_mech_type != NULL) { OM_uint32 tmpMajor; tmpMajor = gssEapCanonicalizeOid(&tmpMinor, ctx->mechanismUsed, 0, actual_mech_type); if (GSS_ERROR(tmpMajor)) { major = tmpMajor; *minor = tmpMinor; goto cleanup; } } if (ret_flags != NULL) *ret_flags = ctx->gssFlags; if (time_rec != NULL) gssEapContextTime(&tmpMinor, ctx, time_rec); GSSEAP_ASSERT(CTX_IS_ESTABLISHED(ctx) || major == GSS_S_CONTINUE_NEEDED); cleanup: if (cred != GSS_C_NO_CREDENTIAL) GSSEAP_MUTEX_UNLOCK(&cred->mutex); if (ctx->cred != GSS_C_NO_CREDENTIAL) GSSEAP_MUTEX_UNLOCK(&ctx->cred->mutex); return major; } OM_uint32 GSSAPI_CALLCONV gss_init_sec_context(OM_uint32 *minor, gss_cred_id_t cred, gss_ctx_id_t *context_handle, gss_name_t target_name, gss_OID mech_type, OM_uint32 req_flags, OM_uint32 time_req, gss_channel_bindings_t input_chan_bindings, gss_buffer_t input_token, gss_OID *actual_mech_type, gss_buffer_t output_token, OM_uint32 *ret_flags, OM_uint32 *time_rec) { OM_uint32 major, tmpMinor; gss_ctx_id_t ctx = *context_handle; *minor = 0; output_token->length = 0; output_token->value = NULL; if (ctx == GSS_C_NO_CONTEXT) { if (input_token != GSS_C_NO_BUFFER && input_token->length != 0) { *minor = GSSEAP_WRONG_SIZE; return GSS_S_DEFECTIVE_TOKEN; } major = gssEapAllocContext(minor, &ctx); if (GSS_ERROR(major)) return major; ctx->flags |= CTX_FLAG_INITIATOR; *context_handle = ctx; } GSSEAP_MUTEX_LOCK(&ctx->mutex); major = gssEapInitSecContext(minor, cred, ctx, target_name, mech_type, req_flags, time_req, input_chan_bindings, input_token, actual_mech_type, output_token, ret_flags, time_rec); GSSEAP_MUTEX_UNLOCK(&ctx->mutex); if (GSS_ERROR(major)) gssEapReleaseContext(&tmpMinor, context_handle); return major; } mech_eap-0.9.2/mech_eap/util_reauth.c0000644001755200017500000011061612406014472014452 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * Fast reauthentication support. */ #include "gssapiP_eap.h" #include /* * Fast reauthentication support for EAP GSS. */ krb5_error_code krb5_encrypt_tkt_part(krb5_context, const krb5_keyblock *, krb5_ticket *); krb5_error_code encode_krb5_ticket(const krb5_ticket *rep, krb5_data **code); static OM_uint32 gssDisplayName(OM_uint32 *minor, gss_name_t name, gss_buffer_t buffer, gss_OID *name_type); static OM_uint32 gssImportName(OM_uint32 *minor, gss_buffer_t buffer, gss_OID name_type, gss_name_t *name); static krb5_error_code getAcceptorKey(krb5_context krbContext, gss_ctx_id_t ctx, gss_cred_id_t cred, krb5_principal *princ, krb5_keyblock *key) { krb5_error_code code; krb5_keytab keytab = NULL; krb5_keytab_entry ktent = { 0 }; krb5_kt_cursor cursor; *princ = NULL; memset(key, 0, sizeof(*key)); memset(&cursor, 0, sizeof(cursor)); code = krb5_kt_default(krbContext, &keytab); if (code != 0) goto cleanup; if (cred != GSS_C_NO_CREDENTIAL && cred->name != GSS_C_NO_NAME) { code = krb5_kt_get_entry(krbContext, keytab, cred->name->krbPrincipal, 0, ctx->encryptionType, &ktent); if (code != 0) goto cleanup; } else { /* * It's not clear that looking encrypting the ticket in the * requested EAP enctype provides any value. */ code = krb5_kt_start_seq_get(krbContext, keytab, &cursor); if (code != 0) goto cleanup; while ((code = krb5_kt_next_entry(krbContext, keytab, &ktent, &cursor)) == 0) { if (KRB_KEY_TYPE(KRB_KT_ENT_KEYBLOCK(&ktent)) == ctx->encryptionType) break; else KRB_KT_ENT_FREE(krbContext, &ktent); } } if (code == 0) { *princ = ktent.principal; *key = *KRB_KT_ENT_KEYBLOCK(&ktent); } cleanup: if (cred == GSS_C_NO_CREDENTIAL || cred->name == GSS_C_NO_NAME) krb5_kt_end_seq_get(krbContext, keytab, &cursor); krb5_kt_close(krbContext, keytab); if (code != 0) KRB_KT_ENT_FREE(krbContext, &ktent); return code; } static OM_uint32 freezeAttrContext(OM_uint32 *minor, gss_name_t initiatorName, krb5_const_principal acceptorPrinc, krb5_keyblock *session, #ifdef HAVE_HEIMDAL_VERSION krb5_authdata *kdcIssuedAuthData #else krb5_authdata ***kdcIssuedAuthData #endif ) { OM_uint32 major, tmpMinor; krb5_error_code code; krb5_context krbContext; gss_buffer_desc attrBuf = GSS_C_EMPTY_BUFFER; #ifdef HAVE_HEIMDAL_VERSION krb5_authdata authDataBuf, *authData = &authDataBuf; AuthorizationDataElement authDatum = { 0 }; #else krb5_authdata *authData[2], authDatum = { 0 }; #endif memset(kdcIssuedAuthData, 0, sizeof(*kdcIssuedAuthData)); GSSEAP_KRB_INIT(&krbContext); major = gssEapExportAttrContext(minor, initiatorName, &attrBuf); if (GSS_ERROR(major)) return major; authDatum.ad_type = KRB5_AUTHDATA_RADIUS_AVP; #ifdef HAVE_HEIMDAL_VERSION authDatum.ad_data.length = attrBuf.length; authDatum.ad_data.data = attrBuf.value; authData->len = 1; authData->val = &authDatum; #else authDatum.length = attrBuf.length; authDatum.contents = attrBuf.value; authData[0] = &authDatum; authData[1] = NULL; #endif code = krbMakeAuthDataKdcIssued(krbContext, session, acceptorPrinc, authData, kdcIssuedAuthData); if (code != 0) { major = GSS_S_FAILURE; *minor = code; } else { major = GSS_S_COMPLETE; } gss_release_buffer(&tmpMinor, &attrBuf); return major; } /* * Fabricate a ticket to ourselves given a GSS EAP context. */ OM_uint32 gssEapMakeReauthCreds(OM_uint32 *minor, gss_ctx_id_t ctx, gss_cred_id_t cred, gss_buffer_t credBuf) { OM_uint32 major = GSS_S_COMPLETE; krb5_error_code code; krb5_context krbContext = NULL; krb5_keyblock session = { 0 }, acceptorKey = { 0 }; krb5_principal server = NULL; #ifdef HAVE_HEIMDAL_VERSION Ticket ticket; EncTicketPart enc_part; AuthorizationData authData = { 0 }; krb5_crypto krbCrypto = NULL; krb5_data ticketData = { 0 }; krb5_data encPartData = { 0 }; size_t len; #else krb5_ticket ticket; krb5_enc_tkt_part enc_part; krb5_data *ticketData = NULL; #endif krb5_data credsData = { 0 }; krb5_creds creds = { 0 }; krb5_auth_context authContext = NULL; memset(&ticket, 0, sizeof(ticket)); memset(&enc_part, 0, sizeof(enc_part)); credBuf->length = 0; credBuf->value = NULL; if (ctx->acceptorName == GSS_C_NO_NAME) { *minor = GSSEAP_NO_ACCEPTOR_NAME; return GSS_S_UNAVAILABLE; } GSSEAP_KRB_INIT(&krbContext); code = getAcceptorKey(krbContext, ctx, cred, &server, &acceptorKey); if (code != 0) { *minor = code; return GSS_S_UNAVAILABLE; } /* * Generate a random session key to place in the ticket and * sign the "KDC-Issued" authorization data element. */ #ifdef HAVE_HEIMDAL_VERSION ticket.realm = server->realm; ticket.sname = server->name; code = krb5_generate_random_keyblock(krbContext, ctx->encryptionType, &session); if (code != 0) goto cleanup; enc_part.flags.initial = 1; enc_part.key = session; enc_part.crealm = ctx->initiatorName->krbPrincipal->realm; enc_part.cname = ctx->initiatorName->krbPrincipal->name; enc_part.authtime = time(NULL); enc_part.starttime = &enc_part.authtime; enc_part.endtime = (ctx->expiryTime != 0) ? ctx->expiryTime : KRB_TIME_FOREVER; enc_part.renew_till = NULL; enc_part.authorization_data = &authData; major = freezeAttrContext(minor, ctx->initiatorName, server, &session, &authData); if (GSS_ERROR(major)) goto cleanup; ASN1_MALLOC_ENCODE(EncTicketPart, encPartData.data, encPartData.length, &enc_part, &len, code); if (code != 0) goto cleanup; code = krb5_crypto_init(krbContext, &acceptorKey, 0, &krbCrypto); if (code != 0) goto cleanup; code = krb5_encrypt_EncryptedData(krbContext, krbCrypto, KRB5_KU_TICKET, encPartData.data, encPartData.length, 0, &ticket.enc_part); if (code != 0) goto cleanup; ASN1_MALLOC_ENCODE(Ticket, ticketData.data, ticketData.length, &ticket, &len, code); if (code != 0) goto cleanup; #else ticket.server = server; code = krb5_c_make_random_key(krbContext, ctx->encryptionType, &session); if (code != 0) goto cleanup; enc_part.flags = TKT_FLG_INITIAL; enc_part.session = &session; enc_part.client = ctx->initiatorName->krbPrincipal; enc_part.times.authtime = time(NULL); enc_part.times.starttime = enc_part.times.authtime; enc_part.times.endtime = (ctx->expiryTime != 0) ? ctx->expiryTime : KRB_TIME_FOREVER; enc_part.times.renew_till = 0; major = freezeAttrContext(minor, ctx->initiatorName, server, &session, &enc_part.authorization_data); if (GSS_ERROR(major)) goto cleanup; ticket.enc_part2 = &enc_part; code = krb5_encrypt_tkt_part(krbContext, &acceptorKey, &ticket); if (code != 0) goto cleanup; code = encode_krb5_ticket(&ticket, &ticketData); if (code != 0) goto cleanup; #endif /* HAVE_HEIMDAL_VERSION */ creds.client = ctx->initiatorName->krbPrincipal; creds.server = server; #ifdef HAVE_HEIMDAL_VERSION creds.session = session; creds.times.authtime = enc_part.authtime; creds.times.starttime = *enc_part.starttime; creds.times.endtime = enc_part.endtime; creds.times.renew_till = 0; creds.flags.b = enc_part.flags; creds.ticket = ticketData; creds.authdata = authData; #else creds.keyblock = session; creds.times = enc_part.times; creds.ticket_flags = enc_part.flags; creds.ticket = *ticketData; creds.authdata = enc_part.authorization_data; #endif code = krb5_auth_con_init(krbContext, &authContext); if (code != 0) goto cleanup; code = krb5_auth_con_setflags(krbContext, authContext, 0); if (code != 0) goto cleanup; #ifdef HAVE_HEIMDAL_VERSION code = krb5_auth_con_setlocalsubkey(krbContext, authContext, &ctx->rfc3961Key); #else code = krb5_auth_con_setsendsubkey(krbContext, authContext, &ctx->rfc3961Key); #endif if (code != 0) goto cleanup; code = krbMakeCred(krbContext, authContext, &creds, &credsData); if (code != 0) goto cleanup; krbDataToGssBuffer(&credsData, credBuf); cleanup: #ifdef HAVE_HEIMDAL_VERSION if (krbCrypto != NULL) krb5_crypto_destroy(krbContext, krbCrypto); free_AuthorizationData(&authData); free_EncryptedData(&ticket.enc_part); krb5_data_free(&ticketData); krb5_data_free(&encPartData); #else krb5_free_authdata(krbContext, enc_part.authorization_data); if (ticket.enc_part.ciphertext.data != NULL) GSSEAP_FREE(ticket.enc_part.ciphertext.data); krb5_free_data(krbContext, ticketData); #endif krb5_free_keyblock_contents(krbContext, &session); krb5_free_principal(krbContext, server); krb5_free_keyblock_contents(krbContext, &acceptorKey); krb5_auth_con_free(krbContext, authContext); if (major == GSS_S_COMPLETE) { *minor = code; major = (code != 0) ? GSS_S_FAILURE : GSS_S_COMPLETE; } return major; } static int isTicketGrantingServiceP(krb5_context krbContext GSSEAP_UNUSED, krb5_const_principal principal) { if (KRB_PRINC_LENGTH(principal) == 2 && #ifdef HAVE_HEIMDAL_VERSION strcmp(KRB_PRINC_NAME(principal)[0], "krbtgt") == 0 #else krb5_princ_component(krbContext, principal, 0)->length == 6 && memcmp(krb5_princ_component(krbContext, principal, 0)->data, "krbtgt", 6) == 0 #endif ) return TRUE; return FALSE; } /* * Returns TRUE if the configuration variable reauth_use_ccache is * set in krb5.conf for the eap_gss application and the client realm. */ static int reauthUseCredsCache(krb5_context krbContext, krb5_principal principal) { int reauthUseCCache; /* if reauth_use_ccache, use default credentials cache if ticket is for us */ krb5_appdefault_boolean(krbContext, "eap_gss", KRB_PRINC_REALM(principal), "reauth_use_ccache", 0, &reauthUseCCache); return reauthUseCCache; } /* * Look in default credentials cache for reauthentication credentials, * if policy allows. */ static OM_uint32 getDefaultReauthCredentials(OM_uint32 *minor, gss_cred_id_t cred, gss_name_t target, time_t now, OM_uint32 timeReq) { OM_uint32 major = GSS_S_CRED_UNAVAIL; krb5_context krbContext = NULL; krb5_error_code code = 0; krb5_ccache ccache = NULL; krb5_creds match = { 0 }; krb5_creds creds = { 0 }; GSSEAP_KRB_INIT(&krbContext); GSSEAP_ASSERT(cred != GSS_C_NO_CREDENTIAL); GSSEAP_ASSERT(target != GSS_C_NO_NAME); if (cred->name == GSS_C_NO_NAME || !reauthUseCredsCache(krbContext, cred->name->krbPrincipal)) goto cleanup; match.client = cred->name->krbPrincipal; match.server = target->krbPrincipal; if (timeReq != 0 && timeReq != GSS_C_INDEFINITE) match.times.endtime = now + timeReq; code = krb5_cc_default(krbContext, &ccache); if (code != 0) goto cleanup; code = krb5_cc_retrieve_cred(krbContext, ccache, 0, &match, &creds); if (code != 0) goto cleanup; cred->flags |= CRED_FLAG_DEFAULT_CCACHE; cred->krbCredCache = ccache; ccache = NULL; major = gss_krb5_import_cred(minor, cred->krbCredCache, NULL, NULL, &cred->reauthCred); cleanup: if (major == GSS_S_CRED_UNAVAIL) *minor = code; if (ccache != NULL) krb5_cc_close(krbContext, ccache); krb5_free_cred_contents(krbContext, &creds); return major; } /* * Returns TRUE if the credential handle's reauth credentials are * valid or if we can use the default credentials cache. Credentials * handle must be locked. */ int gssEapCanReauthP(gss_cred_id_t cred, gss_name_t target, OM_uint32 timeReq) { time_t now, expiryReq; OM_uint32 minor; if (cred == GSS_C_NO_CREDENTIAL) return FALSE; now = time(NULL); expiryReq = now; if (timeReq != GSS_C_INDEFINITE) expiryReq += timeReq; if (cred->krbCredCache != NULL && cred->expiryTime > expiryReq) return TRUE; if (getDefaultReauthCredentials(&minor, cred, target, now, timeReq) == GSS_S_COMPLETE) return TRUE; return FALSE; } /* * Store re-authentication (Kerberos) credentials in a credential handle. * Credentials handle must be locked. */ OM_uint32 gssEapStoreReauthCreds(OM_uint32 *minor, gss_ctx_id_t ctx, gss_cred_id_t cred, gss_buffer_t credBuf) { OM_uint32 major = GSS_S_COMPLETE; krb5_error_code code; krb5_context krbContext = NULL; krb5_auth_context authContext = NULL; krb5_data credData = { 0 }; krb5_creds **creds = NULL; krb5_principal canonPrinc; krb5_principal ccPrinc = NULL; int i; if (credBuf->length == 0 || cred == GSS_C_NO_CREDENTIAL) return GSS_S_COMPLETE; GSSEAP_KRB_INIT(&krbContext); code = krb5_auth_con_init(krbContext, &authContext); if (code != 0) goto cleanup; code = krb5_auth_con_setflags(krbContext, authContext, 0); if (code != 0) goto cleanup; code = krb5_auth_con_setrecvsubkey(krbContext, authContext, &ctx->rfc3961Key); if (code != 0) goto cleanup; gssBufferToKrbData(credBuf, &credData); code = krb5_rd_cred(krbContext, authContext, &credData, &creds, NULL); if (code != 0) goto cleanup; if (creds == NULL || creds[0] == NULL) goto cleanup; code = krb5_copy_principal(krbContext, creds[0]->client, &canonPrinc); if (code != 0) goto cleanup; krb5_free_principal(krbContext, cred->name->krbPrincipal); cred->name->krbPrincipal = canonPrinc; if (creds[0]->times.endtime == KRB_TIME_FOREVER) cred->expiryTime = 0; else cred->expiryTime = creds[0]->times.endtime; if (cred->krbCredCache == NULL) { if (reauthUseCredsCache(krbContext, creds[0]->client) && krb5_cc_default(krbContext, &cred->krbCredCache) == 0) cred->flags |= CRED_FLAG_DEFAULT_CCACHE; } else { /* * If we already have an associated credentials cache, possibly from * the last time we stored a reauthentication credential, then we * need to clear it out and release the associated GSS credential. */ if (cred->flags & CRED_FLAG_DEFAULT_CCACHE) { krb5_cc_remove_cred(krbContext, cred->krbCredCache, 0, creds[0]); } else { krb5_cc_destroy(krbContext, cred->krbCredCache); cred->krbCredCache = NULL; } gssReleaseCred(minor, &cred->reauthCred); } if (cred->krbCredCache == NULL) { code = krb5_cc_new_unique(krbContext, "MEMORY", NULL, &cred->krbCredCache); if (code != 0) goto cleanup; } if ((cred->flags & CRED_FLAG_DEFAULT_CCACHE) == 0 || krb5_cc_get_principal(krbContext, cred->krbCredCache, &ccPrinc) != 0) { code = krb5_cc_initialize(krbContext, cred->krbCredCache, creds[0]->client); if (code != 0) goto cleanup; } for (i = 0; creds[i] != NULL; i++) { krb5_creds kcred = *(creds[i]); /* * Swap in the acceptor name the client asked for so * get_credentials() works. We're making the assumption that * any service tickets returned are for us. We'll need to * reflect some more on whether that is a safe assumption. */ if (!isTicketGrantingServiceP(krbContext, kcred.server)) kcred.server = ctx->acceptorName->krbPrincipal; code = krb5_cc_store_cred(krbContext, cred->krbCredCache, &kcred); if (code != 0) goto cleanup; } major = gss_krb5_import_cred(minor, cred->krbCredCache, NULL, NULL, &cred->reauthCred); if (GSS_ERROR(major)) goto cleanup; cleanup: *minor = code; krb5_free_principal(krbContext, ccPrinc); krb5_auth_con_free(krbContext, authContext); if (creds != NULL) { for (i = 0; creds[i] != NULL; i++) krb5_free_creds(krbContext, creds[i]); GSSEAP_FREE(creds); } if (major == GSS_S_COMPLETE) major = *minor ? GSS_S_FAILURE : GSS_S_COMPLETE; return major; } #ifndef HAVE_HEIMDAL_VERSION static gss_buffer_desc radiusAvpKrbAttr = { sizeof("urn:authdata-aaa-radius") - 1, "urn:authdata-aaa-radius" }; #endif /* * Unfortunately extracting an AD-KDCIssued authorization data element * is pretty implementation-dependent. It's not possible to verify the * signature ourselves because the ticket session key is not exposed * outside GSS. In an ideal world, all AD-KDCIssued elements would be * verified by the Kerberos library and authentication would fail if * verification failed. We're not quite there yet and as a result have * to go through some hoops to get this to work. The alternative would * be to sign the authorization data with our long-term key, but it * seems a pity to compromise the design because of current implementation * limitations. * * (Specifically, the hoops involve a libkrb5 authorisation data plugin * that exposes the verified and serialised attribute context through * the Kerberos GSS mechanism's naming extensions API.) */ static OM_uint32 defrostAttrContext(OM_uint32 *minor, #ifdef HAVE_HEIMDAL_VERSION gss_ctx_id_t glueContext, #else gss_name_t glueName, #endif gss_name_t mechName) { OM_uint32 major, tmpMinor; #ifdef HAVE_HEIMDAL_VERSION gss_OID_desc oid = { 0 }; gss_buffer_set_t authData = GSS_C_NO_BUFFER_SET; #else gss_buffer_desc authData = GSS_C_EMPTY_BUFFER; gss_buffer_desc authDataDisplay = GSS_C_EMPTY_BUFFER; int more = -1; int authenticated, complete; #endif #ifdef HAVE_HEIMDAL_VERSION major = composeOid(minor, GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X->elements, GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X->length, KRB5_AUTHDATA_RADIUS_AVP, &oid); if (GSS_ERROR(major)) return major; /* XXX we are assuming that this verifies AD-KDCIssued signature */ major = gssInquireSecContextByOid(minor, glueContext, &oid, &authData); if (major == GSS_S_COMPLETE) { if (authData == GSS_C_NO_BUFFER_SET || authData->count != 1) major = GSS_S_FAILURE; else major = gssEapImportAttrContext(minor, authData->elements, mechName); } else if (major == GSS_S_FAILURE && *minor == ENOENT) { /* This is the equivalent of GSS_S_UNAVAILABLE for MIT attr APIs */ *minor = 0; major = GSS_S_COMPLETE; } gss_release_buffer_set(&tmpMinor, &authData); GSSEAP_FREE(oid.elements); #else major = gssGetNameAttribute(minor, glueName, &radiusAvpKrbAttr, &authenticated, &complete, &authData, &authDataDisplay, &more); if (major == GSS_S_COMPLETE) { if (authenticated == 0) major = GSS_S_BAD_NAME; else major = gssEapImportAttrContext(minor, &authData, mechName); } else if (major == GSS_S_UNAVAILABLE) { major = GSS_S_COMPLETE; } gss_release_buffer(&tmpMinor, &authData); gss_release_buffer(&tmpMinor, &authDataDisplay); #endif /* HAVE_HEIMDAL_VERSION */ return major; } /* * Convert a mechanism glue to an EAP mechanism name by displaying and * importing it. This also handles the RADIUS attributes. */ OM_uint32 gssEapGlueToMechName(OM_uint32 *minor, gss_ctx_id_t ctx, gss_name_t glueName, gss_name_t *pMechName) { OM_uint32 major, tmpMinor; gss_buffer_desc nameBuf = GSS_C_EMPTY_BUFFER; *pMechName = GSS_C_NO_NAME; major = gssDisplayName(minor, glueName, &nameBuf, NULL); if (GSS_ERROR(major)) goto cleanup; major = gssEapImportName(minor, &nameBuf, GSS_C_NT_USER_NAME, ctx->mechanismUsed, pMechName); if (GSS_ERROR(major)) goto cleanup; major = defrostAttrContext(minor, #ifdef HAVE_HEIMDAL_VERSION ctx->reauthCtx, #else glueName, #endif *pMechName); if (GSS_ERROR(major)) goto cleanup; cleanup: if (GSS_ERROR(major)) { gssReleaseName(&tmpMinor, pMechName); *pMechName = GSS_C_NO_NAME; } gss_release_buffer(&tmpMinor, &nameBuf); return major; } /* * Convert an EAP mechanism name to a mechanism glue name by displaying * and importing it. */ OM_uint32 gssEapMechToGlueName(OM_uint32 *minor, gss_name_t mechName, gss_name_t *pGlueName) { OM_uint32 major, tmpMinor; gss_buffer_desc nameBuf = GSS_C_EMPTY_BUFFER; *pGlueName = GSS_C_NO_NAME; major = gssEapDisplayName(minor, mechName, &nameBuf, NULL); if (GSS_ERROR(major)) goto cleanup; major = gssImportName(minor, &nameBuf, GSS_C_NT_USER_NAME, pGlueName); if (GSS_ERROR(major)) goto cleanup; cleanup: gss_release_buffer(&tmpMinor, &nameBuf); return major; } /* * Suck out the analgous elements of a Kerberos GSS context into an EAP * one so that the application doesn't know the difference. */ OM_uint32 gssEapReauthComplete(OM_uint32 *minor, gss_ctx_id_t ctx, gss_cred_id_t cred GSSEAP_UNUSED, const gss_OID mech, OM_uint32 timeRec) { OM_uint32 major, tmpMinor; gss_buffer_set_t keyData = GSS_C_NO_BUFFER_SET; krb5_context krbContext = NULL; #ifdef HAVE_HEIMDAL_VERSION krb5_storage *sp = NULL; #endif GSSEAP_KRB_INIT(&krbContext); if (!oidEqual(mech, gss_mech_krb5)) { major = GSS_S_BAD_MECH; goto cleanup; } /* Get the raw subsession key and encryption type */ #ifdef HAVE_HEIMDAL_VERSION #define KRB_GSS_SUBKEY_COUNT 1 /* encoded session key */ major = gssInquireSecContextByOid(minor, ctx->reauthCtx, GSS_KRB5_GET_SUBKEY_X, &keyData); #else #define KRB_GSS_SUBKEY_COUNT 2 /* raw session key, enctype OID */ major = gssInquireSecContextByOid(minor, ctx->reauthCtx, GSS_C_INQ_SSPI_SESSION_KEY, &keyData); #endif if (GSS_ERROR(major)) goto cleanup; if (keyData == GSS_C_NO_BUFFER_SET || keyData->count < KRB_GSS_SUBKEY_COUNT) { *minor = GSSEAP_KEY_UNAVAILABLE; major = GSS_S_FAILURE; goto cleanup; } #ifdef HAVE_HEIMDAL_VERSION sp = krb5_storage_from_mem(keyData->elements[0].value, keyData->elements[0].length); if (sp == NULL) { *minor = ENOMEM; major = GSS_S_FAILURE; goto cleanup; } *minor = krb5_ret_keyblock(sp, &ctx->rfc3961Key); if (*minor != 0) { major = GSS_S_FAILURE; goto cleanup; } #else { gss_OID_desc oid; int suffix; oid.length = keyData->elements[1].length; oid.elements = keyData->elements[1].value; /* GSS_KRB5_SESSION_KEY_ENCTYPE_OID */ major = decomposeOid(minor, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x04", 10, &oid, &suffix); if (GSS_ERROR(major)) goto cleanup; ctx->encryptionType = suffix; } { krb5_keyblock key; KRB_KEY_LENGTH(&key) = keyData->elements[0].length; KRB_KEY_DATA(&key) = keyData->elements[0].value; KRB_KEY_TYPE(&key) = ctx->encryptionType; *minor = krb5_copy_keyblock_contents(krbContext, &key, &ctx->rfc3961Key); if (*minor != 0) { major = GSS_S_FAILURE; goto cleanup; } } #endif /* HAVE_HEIMDAL_VERSION */ major = rfc3961ChecksumTypeForKey(minor, &ctx->rfc3961Key, &ctx->checksumType); if (GSS_ERROR(major)) goto cleanup; if (timeRec != GSS_C_INDEFINITE) ctx->expiryTime = time(NULL) + timeRec; /* Initialize our sequence state */ major = sequenceInit(minor, &ctx->seqState, ctx->recvSeq, ((ctx->gssFlags & GSS_C_REPLAY_FLAG) != 0), ((ctx->gssFlags & GSS_C_SEQUENCE_FLAG) != 0), TRUE); if (GSS_ERROR(major)) goto cleanup; major = GSS_S_COMPLETE; cleanup: #ifdef HAVE_HEIMDAL_VERSION if (sp != NULL) krb5_storage_free(sp); #endif gss_release_buffer_set(&tmpMinor, &keyData); return major; } /* * The remainder of this file consists of wrappers so we can call into the * mechanism glue without calling ourselves. */ static OM_uint32 (*gssInitSecContextNext)(OM_uint32 *, gss_cred_id_t, gss_ctx_id_t *, gss_name_t, gss_OID, OM_uint32, OM_uint32, gss_channel_bindings_t, gss_buffer_t, gss_OID *, gss_buffer_t, OM_uint32 *, OM_uint32 *); static OM_uint32 (*gssAcceptSecContextNext)(OM_uint32 *, gss_ctx_id_t *, gss_cred_id_t, gss_buffer_t, gss_channel_bindings_t, gss_name_t *, gss_OID *, gss_buffer_t, OM_uint32 *, OM_uint32 *, gss_cred_id_t *); static OM_uint32 (*gssReleaseCredNext)(OM_uint32 *, gss_cred_id_t *); static OM_uint32 (*gssReleaseNameNext)(OM_uint32 *, gss_name_t *); static OM_uint32 (*gssInquireSecContextByOidNext)(OM_uint32 *, const gss_ctx_id_t, const gss_OID, gss_buffer_set_t *); static OM_uint32 (*gssDeleteSecContextNext)(OM_uint32 *, gss_ctx_id_t *, gss_buffer_t); static OM_uint32 (*gssDisplayNameNext)(OM_uint32 *, gss_name_t, gss_buffer_t, gss_OID *); static OM_uint32 (*gssImportNameNext)(OM_uint32 *, gss_buffer_t, gss_OID, gss_name_t *); static OM_uint32 (*gssStoreCredNext)(OM_uint32 *, const gss_cred_id_t, gss_cred_usage_t, const gss_OID, OM_uint32, OM_uint32, gss_OID_set *, gss_cred_usage_t *); static OM_uint32 (*gssGetNameAttributeNext)(OM_uint32 *, gss_name_t, gss_buffer_t, int *, int *, gss_buffer_t, gss_buffer_t, int *); #define NEXT_SYMBOL(local, global) do { \ ((local) = dlsym(RTLD_NEXT, (global))); \ if ((local) == NULL) { \ *minor = GSSEAP_NO_MECHGLUE_SYMBOL; \ major = GSS_S_UNAVAILABLE; \ /* but continue */ \ } \ } while (0) OM_uint32 gssEapReauthInitialize(OM_uint32 *minor) { OM_uint32 major = GSS_S_COMPLETE; NEXT_SYMBOL(gssInitSecContextNext, "gss_init_sec_context"); NEXT_SYMBOL(gssAcceptSecContextNext, "gss_accept_sec_context"); NEXT_SYMBOL(gssReleaseCredNext, "gss_release_cred"); NEXT_SYMBOL(gssReleaseNameNext, "gss_release_name"); NEXT_SYMBOL(gssInquireSecContextByOidNext, "gss_inquire_sec_context_by_oid"); NEXT_SYMBOL(gssDeleteSecContextNext, "gss_delete_sec_context"); NEXT_SYMBOL(gssDisplayNameNext, "gss_display_name"); NEXT_SYMBOL(gssImportNameNext, "gss_import_name"); NEXT_SYMBOL(gssStoreCredNext, "gss_store_cred"); #ifndef HAVE_HEIMDAL_VERSION NEXT_SYMBOL(gssGetNameAttributeNext, "gss_get_name_attribute"); #endif return major; } OM_uint32 gssInitSecContext(OM_uint32 *minor, gss_cred_id_t cred, gss_ctx_id_t *context_handle, gss_name_t target_name, gss_OID mech_type, OM_uint32 req_flags, OM_uint32 time_req, gss_channel_bindings_t input_chan_bindings, gss_buffer_t input_token, gss_OID *actual_mech_type, gss_buffer_t output_token, OM_uint32 *ret_flags, OM_uint32 *time_rec) { if (gssInitSecContextNext == NULL) { *minor = GSSEAP_NO_MECHGLUE_SYMBOL; return GSS_S_UNAVAILABLE; } return gssInitSecContextNext(minor, cred, context_handle, target_name, mech_type, req_flags, time_req, input_chan_bindings, input_token, actual_mech_type, output_token, ret_flags, time_rec); } OM_uint32 gssAcceptSecContext(OM_uint32 *minor, gss_ctx_id_t *context_handle, gss_cred_id_t cred, gss_buffer_t input_token, gss_channel_bindings_t input_chan_bindings, gss_name_t *src_name, gss_OID *mech_type, gss_buffer_t output_token, OM_uint32 *ret_flags, OM_uint32 *time_rec, gss_cred_id_t *delegated_cred_handle) { if (gssAcceptSecContextNext == NULL) { *minor = GSSEAP_NO_MECHGLUE_SYMBOL; return GSS_S_UNAVAILABLE; } return gssAcceptSecContextNext(minor, context_handle, cred, input_token, input_chan_bindings, src_name, mech_type, output_token, ret_flags, time_rec, delegated_cred_handle); } OM_uint32 gssReleaseCred(OM_uint32 *minor, gss_cred_id_t *cred_handle) { if (gssReleaseCredNext == NULL) { *minor = GSSEAP_NO_MECHGLUE_SYMBOL; return GSS_S_UNAVAILABLE; } return gssReleaseCredNext(minor, cred_handle); } OM_uint32 gssReleaseName(OM_uint32 *minor, gss_name_t *name) { if (gssReleaseName == NULL) { *minor = GSSEAP_NO_MECHGLUE_SYMBOL; return GSS_S_UNAVAILABLE; } return gssReleaseNameNext(minor, name); } OM_uint32 gssDeleteSecContext(OM_uint32 *minor, gss_ctx_id_t *context_handle, gss_buffer_t output_token) { if (gssDeleteSecContextNext == NULL) { *minor = GSSEAP_NO_MECHGLUE_SYMBOL; return GSS_S_UNAVAILABLE; } return gssDeleteSecContextNext(minor, context_handle, output_token); } static OM_uint32 gssDisplayName(OM_uint32 *minor, gss_name_t name, gss_buffer_t buffer, gss_OID *name_type) { if (gssDisplayNameNext == NULL) { *minor = GSSEAP_NO_MECHGLUE_SYMBOL; return GSS_S_UNAVAILABLE; } return gssDisplayNameNext(minor, name, buffer, name_type); } static OM_uint32 gssImportName(OM_uint32 *minor, gss_buffer_t buffer, gss_OID name_type, gss_name_t *name) { if (gssImportNameNext == NULL) { *minor = GSSEAP_NO_MECHGLUE_SYMBOL; return GSS_S_UNAVAILABLE; } return gssImportNameNext(minor, buffer, name_type, name); } OM_uint32 gssInquireSecContextByOid(OM_uint32 *minor, const gss_ctx_id_t context_handle, const gss_OID desired_object, gss_buffer_set_t *data_set) { if (gssInquireSecContextByOidNext == NULL) { *minor = GSSEAP_NO_MECHGLUE_SYMBOL; return GSS_S_UNAVAILABLE; } return gssInquireSecContextByOidNext(minor, context_handle, desired_object, data_set); } OM_uint32 gssStoreCred(OM_uint32 *minor, const gss_cred_id_t input_cred_handle, gss_cred_usage_t input_usage, const gss_OID desired_mech, OM_uint32 overwrite_cred, OM_uint32 default_cred, gss_OID_set *elements_stored, gss_cred_usage_t *cred_usage_stored) { if (gssStoreCredNext == NULL) { *minor = GSSEAP_NO_MECHGLUE_SYMBOL; return GSS_S_UNAVAILABLE; } return gssStoreCredNext(minor, input_cred_handle, input_usage, desired_mech, overwrite_cred, default_cred, elements_stored, cred_usage_stored); } OM_uint32 gssGetNameAttribute(OM_uint32 *minor, gss_name_t name, gss_buffer_t attr, int *authenticated, int *complete, gss_buffer_t value, gss_buffer_t display_value, int *more) { if (gssGetNameAttributeNext == NULL) { *minor = GSSEAP_NO_MECHGLUE_SYMBOL; return GSS_S_UNAVAILABLE; } return gssGetNameAttributeNext(minor, name, attr, authenticated, complete, value, display_value, more); } mech_eap-0.9.2/mech_eap/context_time.c0000644001755200017500000000441512406014472014626 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * Determine remaining lifetime of a context handle. */ #include "gssapiP_eap.h" OM_uint32 GSSAPI_CALLCONV gss_context_time(OM_uint32 *minor, gss_ctx_id_t ctx, OM_uint32 *time_rec) { OM_uint32 major; if (ctx == GSS_C_NO_CONTEXT) { *minor = EINVAL; return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CONTEXT; } *minor = 0; GSSEAP_MUTEX_LOCK(&ctx->mutex); if (!CTX_IS_ESTABLISHED(ctx)) { *minor = GSSEAP_CONTEXT_INCOMPLETE; major = GSS_S_NO_CONTEXT; goto cleanup; } major = gssEapContextTime(minor, ctx, time_rec); if (GSS_ERROR(major)) goto cleanup; cleanup: GSSEAP_MUTEX_UNLOCK(&ctx->mutex); return major; } mech_eap-0.9.2/mech_eap/gssapiP_eap.h0000644001755200017500000003111112406014472014355 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #ifndef _GSSAPIP_EAP_H_ #define _GSSAPIP_EAP_H_ 1 #include "config.h" #ifdef HAVE_HEIMDAL_VERSION #define KRB5_DEPRECATED /* so we can use krb5_free_unparsed_name() */ #endif #include #include #include #ifdef HAVE_UNISTD_H #include #endif #ifdef HAVE_STDLIB_H #include #endif #ifdef HAVE_STDARG_H #include #endif #include #ifdef HAVE_SYS_PARAM_H #include #endif #ifdef WIN32 #ifndef MAXHOSTNAMELEN # include # define MAXHOSTNAMELEN NI_MAXHOST #endif #endif /* GSS headers */ #include #include #ifdef HAVE_HEIMDAL_VERSION typedef struct gss_any *gss_any_t; #else #include #endif #include "gssapi_eap.h" #ifndef HAVE_GSS_INQUIRE_ATTRS_FOR_MECH typedef const gss_OID_desc *gss_const_OID; #endif /* Kerberos headers */ #include /* EAP headers */ #include #include #include #include #include #include #include #ifdef GSSEAP_ENABLE_ACCEPTOR /* libradsec headers */ #include #include #include #endif #include "gsseap_err.h" #include "radsec_err.h" #include "util.h" #ifdef __cplusplus extern "C" { #endif /* These name flags are informative and not actually used by anything yet */ #define NAME_FLAG_NAI 0x00000001 #define NAME_FLAG_SERVICE 0x00000002 #define NAME_FLAG_COMPOSITE 0x00000004 struct gss_eap_saml_attr_ctx; struct gss_eap_attr_ctx; #ifdef HAVE_HEIMDAL_VERSION struct gss_name_t_desc_struct #else struct gss_name_struct #endif { GSSEAP_MUTEX mutex; /* mutex protects attrCtx */ OM_uint32 flags; gss_OID mechanismUsed; /* this is immutable */ krb5_principal krbPrincipal; /* this is immutable */ #ifdef GSSEAP_ENABLE_ACCEPTOR struct gss_eap_attr_ctx *attrCtx; #endif }; #define CRED_FLAG_INITIATE 0x00010000 #define CRED_FLAG_ACCEPT 0x00020000 #define CRED_FLAG_PASSWORD 0x00040000 #define CRED_FLAG_DEFAULT_CCACHE 0x00080000 #define CRED_FLAG_RESOLVED 0x00100000 #define CRED_FLAG_TARGET 0x00200000 #define CRED_FLAG_CERTIFICATE 0x00400000 #define CRED_FLAG_CONFIG_BLOB 0x00800000 #define CRED_FLAG_PUBLIC_MASK 0x0000FFFF #ifdef HAVE_HEIMDAL_VERSION struct gss_cred_id_t_desc_struct #else struct gss_cred_id_struct #endif { GSSEAP_MUTEX mutex; OM_uint32 flags; gss_name_t name; gss_name_t target; /* for initiator */ gss_buffer_desc password; gss_OID_set mechanisms; time_t expiryTime; gss_buffer_desc radiusConfigFile; gss_buffer_desc radiusConfigStanza; gss_buffer_desc caCertificate; gss_buffer_desc subjectNameConstraint; gss_buffer_desc subjectAltNameConstraint; gss_buffer_desc clientCertificate; gss_buffer_desc privateKey; gss_buffer_desc caCertificateBlob; #ifdef GSSEAP_ENABLE_REAUTH krb5_ccache krbCredCache; gss_cred_id_t reauthCred; #endif }; #define CTX_FLAG_INITIATOR 0x00000001 #define CTX_FLAG_KRB_REAUTH 0x00000002 #define CTX_FLAG_CHANNEL_BINDINGS_VERIFIED 0x00000004 #define CTX_IS_INITIATOR(ctx) (((ctx)->flags & CTX_FLAG_INITIATOR) != 0) #define CTX_IS_ESTABLISHED(ctx) ((ctx)->state == GSSEAP_STATE_ESTABLISHED) /* Initiator context flags */ #define CTX_FLAG_EAP_SUCCESS 0x00010000 #define CTX_FLAG_EAP_RESTART 0x00020000 #define CTX_FLAG_EAP_FAIL 0x00040000 #define CTX_FLAG_EAP_RESP 0x00080000 #define CTX_FLAG_EAP_NO_RESP 0x00100000 #define CTX_FLAG_EAP_REQ 0x00200000 #define CTX_FLAG_EAP_PORT_ENABLED 0x00400000 #define CTX_FLAG_EAP_ALT_ACCEPT 0x00800000 #define CTX_FLAG_EAP_ALT_REJECT 0x01000000 #define CTX_FLAG_EAP_CHBIND_ACCEPT 0x02000000 #define CTX_FLAG_EAP_MASK 0xFFFF0000 #define CONFIG_BLOB_CLIENT_CERT 0 #define CONFIG_BLOB_PRIVATE_KEY 1 #define CONFIG_BLOB_CA_CERT 2 #define CONFIG_BLOB_MAX 3 struct gss_eap_initiator_ctx { unsigned int idleWhile; struct eap_peer_config eapPeerConfig; struct eap_sm *eap; struct wpabuf reqData; struct wpabuf *chbindData; unsigned int chbindReqFlags; struct wpa_config_blob configBlobs[CONFIG_BLOB_MAX]; }; #ifdef GSSEAP_ENABLE_ACCEPTOR struct gss_eap_acceptor_ctx { struct rs_context *radContext; struct rs_connection *radConn; char *radServer; gss_buffer_desc state; rs_avp *vps; }; #endif #ifdef HAVE_HEIMDAL_VERSION struct gss_ctx_id_t_desc_struct #else struct gss_ctx_id_struct #endif { GSSEAP_MUTEX mutex; enum gss_eap_state state; OM_uint32 flags; OM_uint32 gssFlags; gss_OID mechanismUsed; krb5_cksumtype checksumType; krb5_enctype encryptionType; krb5_keyblock rfc3961Key; gss_name_t initiatorName; gss_name_t acceptorName; time_t expiryTime; uint64_t sendSeq, recvSeq; void *seqState; gss_cred_id_t cred; union { struct gss_eap_initiator_ctx initiator; #define initiatorCtx ctxU.initiator #ifdef GSSEAP_ENABLE_ACCEPTOR struct gss_eap_acceptor_ctx acceptor; #define acceptorCtx ctxU.acceptor #endif #ifdef GSSEAP_ENABLE_REAUTH gss_ctx_id_t reauth; #define reauthCtx ctxU.reauth #endif } ctxU; const struct gss_eap_token_buffer_set *inputTokens; const struct gss_eap_token_buffer_set *outputTokens; }; #define TOK_FLAG_SENDER_IS_ACCEPTOR 0x01 #define TOK_FLAG_WRAP_CONFIDENTIAL 0x02 #define TOK_FLAG_ACCEPTOR_SUBKEY 0x04 #define KEY_USAGE_ACCEPTOR_SEAL 22 #define KEY_USAGE_ACCEPTOR_SIGN 23 #define KEY_USAGE_INITIATOR_SEAL 24 #define KEY_USAGE_INITIATOR_SIGN 25 #define KEY_USAGE_GSSEAP_CHBIND_MIC 60 #define KEY_USAGE_GSSEAP_ACCTOKEN_MIC 61 #define KEY_USAGE_GSSEAP_INITOKEN_MIC 62 /* accept_sec_context.c */ OM_uint32 gssEapAcceptSecContext(OM_uint32 *minor, gss_ctx_id_t ctx, gss_cred_id_t cred, gss_buffer_t input_token, gss_channel_bindings_t input_chan_bindings, gss_name_t *src_name, gss_OID *mech_type, gss_buffer_t output_token, OM_uint32 *ret_flags, OM_uint32 *time_rec, gss_cred_id_t *delegated_cred_handle); /* init_sec_context.c */ OM_uint32 gssEapInitSecContext(OM_uint32 *minor, gss_cred_id_t cred, gss_ctx_id_t ctx, gss_name_t target_name, gss_OID mech_type, OM_uint32 req_flags, OM_uint32 time_req, gss_channel_bindings_t input_chan_bindings, gss_buffer_t input_token, gss_OID *actual_mech_type, gss_buffer_t output_token, OM_uint32 *ret_flags, OM_uint32 *time_rec); /* wrap_iov.c */ OM_uint32 gssEapWrapOrGetMIC(OM_uint32 *minor, gss_ctx_id_t ctx, int conf_req_flag, int *conf_state, gss_iov_buffer_desc *iov, int iov_count, enum gss_eap_token_type toktype); OM_uint32 gssEapUnwrapOrVerifyMIC(OM_uint32 *minor_status, gss_ctx_id_t ctx, int *conf_state, gss_qop_t *qop_state, gss_iov_buffer_desc *iov, int iov_count, enum gss_eap_token_type toktype); OM_uint32 gssEapWrapIovLength(OM_uint32 *minor, gss_ctx_id_t ctx, int conf_req_flag, gss_qop_t qop_req, int *conf_state, gss_iov_buffer_desc *iov, int iov_count); OM_uint32 gssEapWrap(OM_uint32 *minor, gss_ctx_id_t ctx, int conf_req_flag, gss_qop_t qop_req, gss_buffer_t input_message_buffer, int *conf_state, gss_buffer_t output_message_buffer); unsigned char rfc4121Flags(gss_ctx_id_t ctx, int receiving); /* display_status.c */ void gssEapSaveStatusInfo(OM_uint32 minor, const char *format, ...); OM_uint32 gssEapDisplayStatus(OM_uint32 *minor, OM_uint32 status_value, gss_buffer_t status_string); #define IS_WIRE_ERROR(err) ((err) > GSSEAP_RESERVED && \ (err) <= GSSEAP_RADIUS_PROT_FAILURE) #ifdef GSSEAP_ENABLE_ACCEPTOR #define IS_RADIUS_ERROR(err) ((err) >= ERROR_TABLE_BASE_rse && \ (err) <= ERROR_TABLE_BASE_rse + RSE_MAX) #else #define IS_RADIUS_ERROR(err) (0) #endif /* exchange_meta_data.c */ OM_uint32 GSSAPI_CALLCONV gssEapExchangeMetaData(OM_uint32 *minor, gss_const_OID mech, gss_cred_id_t cred, gss_ctx_id_t *ctx, const gss_name_t name, OM_uint32 req_flags, gss_const_buffer_t meta_data); /* export_sec_context.c */ OM_uint32 gssEapExportSecContext(OM_uint32 *minor, gss_ctx_id_t ctx, gss_buffer_t token); /* import_sec_context.c */ OM_uint32 gssEapImportContext(OM_uint32 *minor, gss_buffer_t token, gss_ctx_id_t ctx); /* inquire_sec_context_by_oid.c */ #define NEGOEX_INITIATOR_SALT "gss-eap-negoex-initiator" #define NEGOEX_INITIATOR_SALT_LEN (sizeof(NEGOEX_INITIATOR_SALT) - 1) #define NEGOEX_ACCEPTOR_SALT "gss-eap-negoex-acceptor" #define NEGOEX_ACCEPTOR_SALT_LEN (sizeof(NEGOEX_ACCEPTOR_SALT) - 1) /* pseudo_random.c */ OM_uint32 gssEapPseudoRandom(OM_uint32 *minor, gss_ctx_id_t ctx, int prf_key, const gss_buffer_t prf_in, gss_buffer_t prf_out); /* query_mechanism_info.c */ OM_uint32 gssQueryMechanismInfo(OM_uint32 *minor, gss_const_OID mech_oid, unsigned char auth_scheme[16]); /* query_meta_data.c */ OM_uint32 gssEapQueryMetaData(OM_uint32 *minor, gss_const_OID mech GSSEAP_UNUSED, gss_cred_id_t cred, gss_ctx_id_t *context_handle, const gss_name_t name, OM_uint32 req_flags GSSEAP_UNUSED, gss_buffer_t meta_data); /* eap_mech.c */ OM_uint32 gssEapInitiatorInit(OM_uint32 *minor); void gssEapFinalize(void); #ifdef __cplusplus } #endif #endif /* _GSSAPIP_EAP_H_ */ mech_eap-0.9.2/mech_eap/delete_sec_context.c0000644001755200017500000000537012406014472015765 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * Release a context handle. */ #include "gssapiP_eap.h" OM_uint32 GSSAPI_CALLCONV gss_delete_sec_context(OM_uint32 *minor, gss_ctx_id_t *context_handle, gss_buffer_t output_token) { OM_uint32 major; gss_ctx_id_t ctx = *context_handle; *minor = 0; if (output_token != GSS_C_NO_BUFFER) { output_token->length = 0; output_token->value = NULL; } if (ctx == GSS_C_NO_CONTEXT) return GSS_S_COMPLETE; GSSEAP_MUTEX_LOCK(&ctx->mutex); if (output_token != GSS_C_NO_BUFFER) { gss_iov_buffer_desc iov[2]; iov[0].type = GSS_IOV_BUFFER_TYPE_DATA; iov[0].buffer.value = NULL; iov[0].buffer.length = 0; iov[1].type = GSS_IOV_BUFFER_TYPE_HEADER | GSS_IOV_BUFFER_FLAG_ALLOCATE; iov[1].buffer.value = NULL; iov[1].buffer.length = 0; major = gssEapWrapOrGetMIC(minor, ctx, FALSE, NULL, iov, 2, TOK_TYPE_DELETE_CONTEXT); if (GSS_ERROR(major)) { GSSEAP_MUTEX_UNLOCK(&ctx->mutex); return major; } } GSSEAP_MUTEX_UNLOCK(&ctx->mutex); return gssEapReleaseContext(minor, context_handle); } mech_eap-0.9.2/mech_eap/wrap_iov_length.c0000644001755200017500000001722212406014472015313 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * Copyright 2008 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright * notice appear in all copies and that both that copyright notice and * this permission notice appear in supporting documentation, and that * the name of M.I.T. not be used in advertising or publicity pertaining * to distribution of the software without specific, written prior * permission. Furthermore if you modify this software you must label * your software as modified software and not distribute it in such a * fashion that it might be confused with the original M.I.T. software. * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. */ /* * Message protection services: determine protected message size. */ #include "gssapiP_eap.h" #define INIT_IOV_DATA(_iov) do { (_iov)->buffer.value = NULL; \ (_iov)->buffer.length = 0; } \ while (0) OM_uint32 gssEapWrapIovLength(OM_uint32 *minor, gss_ctx_id_t ctx, int conf_req_flag, gss_qop_t qop_req, int *conf_state, gss_iov_buffer_desc *iov, int iov_count) { gss_iov_buffer_t header, trailer, padding; size_t dataLength, assocDataLength; size_t gssHeaderLen, gssPadLen, gssTrailerLen; size_t krbHeaderLen = 0, krbTrailerLen = 0, krbPadLen = 0; krb5_error_code code; krb5_context krbContext; int dce_style; size_t ec; #ifdef HAVE_HEIMDAL_VERSION krb5_crypto krbCrypto = NULL; #endif if (qop_req != GSS_C_QOP_DEFAULT) { *minor = GSSEAP_UNKNOWN_QOP; return GSS_S_UNAVAILABLE; } if (ctx->encryptionType == ENCTYPE_NULL) { *minor = GSSEAP_KEY_UNAVAILABLE; return GSS_S_UNAVAILABLE; } GSSEAP_KRB_INIT(&krbContext); header = gssEapLocateIov(iov, iov_count, GSS_IOV_BUFFER_TYPE_HEADER); if (header == NULL) { *minor = GSSEAP_MISSING_IOV; return GSS_S_FAILURE; } INIT_IOV_DATA(header); trailer = gssEapLocateIov(iov, iov_count, GSS_IOV_BUFFER_TYPE_TRAILER); if (trailer != NULL) { INIT_IOV_DATA(trailer); } dce_style = ((ctx->gssFlags & GSS_C_DCE_STYLE) != 0); /* For CFX, EC is used instead of padding, and is placed in header or trailer */ padding = gssEapLocateIov(iov, iov_count, GSS_IOV_BUFFER_TYPE_PADDING); if (padding != NULL) { INIT_IOV_DATA(padding); } gssEapIovMessageLength(iov, iov_count, &dataLength, &assocDataLength); if (conf_req_flag && gssEapIsIntegrityOnly(iov, iov_count)) conf_req_flag = FALSE; gssPadLen = gssTrailerLen = 0; #ifdef HAVE_HEIMDAL_VERSION code = krb5_crypto_init(krbContext, &ctx->rfc3961Key, ETYPE_NULL, &krbCrypto); if (code != 0) return code; #endif code = krbCryptoLength(krbContext, KRB_CRYPTO_CONTEXT(ctx), conf_req_flag ? KRB5_CRYPTO_TYPE_TRAILER : KRB5_CRYPTO_TYPE_CHECKSUM, &krbTrailerLen); if (code != 0) { *minor = code; return GSS_S_FAILURE; } if (conf_req_flag) { code = krbCryptoLength(krbContext, KRB_CRYPTO_CONTEXT(ctx), KRB5_CRYPTO_TYPE_HEADER, &krbHeaderLen); if (code != 0) { *minor = code; return GSS_S_FAILURE; } } gssHeaderLen = 16; /* Header */ if (conf_req_flag) { gssHeaderLen += krbHeaderLen; /* Kerb-Header */ gssTrailerLen = 16 /* E(Header) */ + krbTrailerLen; /* Kerb-Trailer */ code = krbPaddingLength(krbContext, KRB_CRYPTO_CONTEXT(ctx), dataLength - assocDataLength + 16 /* E(Header) */, &krbPadLen); if (code != 0) { *minor = code; return GSS_S_FAILURE; } if (krbPadLen == 0 && dce_style) { /* Windows rejects AEAD tokens with non-zero EC */ code = krbBlockSize(krbContext, KRB_CRYPTO_CONTEXT(ctx), &ec); if (code != 0) { *minor = code; return GSS_S_FAILURE; } } else ec = krbPadLen; gssTrailerLen += ec; } else { gssTrailerLen = krbTrailerLen; /* Kerb-Checksum */ } dataLength += gssPadLen; if (trailer == NULL) gssHeaderLen += gssTrailerLen; else trailer->buffer.length = gssTrailerLen; GSSEAP_ASSERT(gssPadLen == 0 || padding != NULL); if (padding != NULL) padding->buffer.length = gssPadLen; header->buffer.length = gssHeaderLen; if (conf_state != NULL) *conf_state = conf_req_flag; *minor = 0; return GSS_S_COMPLETE; } OM_uint32 GSSAPI_CALLCONV gss_wrap_iov_length(OM_uint32 *minor, gss_ctx_id_t ctx, int conf_req_flag, gss_qop_t qop_req, int *conf_state, gss_iov_buffer_desc *iov, int iov_count) { OM_uint32 major; if (ctx == GSS_C_NO_CONTEXT) { *minor = EINVAL; return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CONTEXT; } *minor = 0; GSSEAP_MUTEX_LOCK(&ctx->mutex); if (!CTX_IS_ESTABLISHED(ctx)) { major = GSS_S_NO_CONTEXT; *minor = GSSEAP_CONTEXT_INCOMPLETE; goto cleanup; } major = gssEapWrapIovLength(minor, ctx, conf_req_flag, qop_req, conf_state, iov, iov_count); if (GSS_ERROR(major)) goto cleanup; cleanup: GSSEAP_MUTEX_UNLOCK(&ctx->mutex); return major; } mech_eap-0.9.2/mech_eap/query_meta_data.c0000644001755200017500000000761212406014472015272 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * */ #include "gssapiP_eap.h" OM_uint32 gssEapQueryMetaData(OM_uint32 *minor, gss_const_OID mech GSSEAP_UNUSED, gss_cred_id_t cred, gss_ctx_id_t *context_handle, const gss_name_t name, OM_uint32 req_flags GSSEAP_UNUSED, gss_buffer_t meta_data) { OM_uint32 major = GSS_S_COMPLETE; int isInitiator = (name != GSS_C_NO_NAME); gss_ctx_id_t ctx = *context_handle; meta_data->length = 0; meta_data->value = NULL; if (ctx == GSS_C_NO_CONTEXT) { major = gssEapAllocContext(minor, &ctx); if (GSS_ERROR(major)) return major; if (isInitiator) ctx->flags |= CTX_FLAG_INITIATOR; } if (ctx->cred == GSS_C_NO_CREDENTIAL) { if (isInitiator) { major = gssEapResolveInitiatorCred(minor, cred, name, &ctx->cred); } else { major = gssEapAcquireCred(minor, GSS_C_NO_NAME, GSS_C_INDEFINITE, GSS_C_NO_OID_SET, GSS_C_ACCEPT, &ctx->cred, NULL, NULL); } } if (*context_handle == GSS_C_NO_CONTEXT) *context_handle = ctx; return major; } OM_uint32 GSSAPI_CALLCONV gss_query_meta_data(OM_uint32 *minor, gss_const_OID mech, gss_cred_id_t cred, gss_ctx_id_t *context_handle, const gss_name_t name, OM_uint32 req_flags, gss_buffer_t meta_data) { gss_ctx_id_t ctx = *context_handle; OM_uint32 major; if (cred != GSS_C_NO_CREDENTIAL) GSSEAP_MUTEX_LOCK(&cred->mutex); if (*context_handle != GSS_C_NO_CONTEXT) GSSEAP_MUTEX_LOCK(&ctx->mutex); major = gssEapQueryMetaData(minor, mech, cred, &ctx, name, req_flags, meta_data); if (*context_handle != GSS_C_NO_CONTEXT) GSSEAP_MUTEX_UNLOCK(&ctx->mutex); else *context_handle = ctx; if (cred != GSS_C_NO_CREDENTIAL) GSSEAP_MUTEX_UNLOCK(&cred->mutex); return major; } mech_eap-0.9.2/mech_eap/config.guess0000755001755200017500000012761512406014472014310 00000000000000#! /bin/sh # Attempt to guess a canonical system name. # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, # 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 # Free Software Foundation, Inc. timestamp='2009-11-20' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA # 02110-1301, USA. # # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under # the same distribution terms that you use for the rest of that program. # Originally written by Per Bothner. Please send patches (context # diff format) to and include a ChangeLog # entry. # # This script attempts to guess a canonical system name similar to # config.sub. If it succeeds, it prints the system name on stdout, and # exits with 0. Otherwise, it exits with 1. # # You can get the latest version of this script from: # http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD me=`echo "$0" | sed -e 's,.*/,,'` usage="\ Usage: $0 [OPTION] Output the configuration name of the system \`$me' is run on. Operation modes: -h, --help print this help, then exit -t, --time-stamp print date of last modification, then exit -v, --version print version number, then exit Report bugs and patches to ." version="\ GNU config.guess ($timestamp) Originally written by Per Bothner. Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." help=" Try \`$me --help' for more information." # Parse command line while test $# -gt 0 ; do case $1 in --time-stamp | --time* | -t ) echo "$timestamp" ; exit ;; --version | -v ) echo "$version" ; exit ;; --help | --h* | -h ) echo "$usage"; exit ;; -- ) # Stop option processing shift; break ;; - ) # Use stdin as input. break ;; -* ) echo "$me: invalid option $1$help" >&2 exit 1 ;; * ) break ;; esac done if test $# != 0; then echo "$me: too many arguments$help" >&2 exit 1 fi trap 'exit 1' 1 2 15 # CC_FOR_BUILD -- compiler used by this script. Note that the use of a # compiler to aid in system detection is discouraged as it requires # temporary files to be created and, as you can see below, it is a # headache to deal with in a portable fashion. # Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still # use `HOST_CC' if defined, but it is deprecated. # Portable tmp directory creation inspired by the Autoconf team. set_cc_for_build=' trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ; trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ; : ${TMPDIR=/tmp} ; { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } || { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } || { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } || { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ; dummy=$tmp/dummy ; tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ; case $CC_FOR_BUILD,$HOST_CC,$CC in ,,) echo "int x;" > $dummy.c ; for c in cc gcc c89 c99 ; do if ($c -c -o $dummy.o $dummy.c) >/dev/null 2>&1 ; then CC_FOR_BUILD="$c"; break ; fi ; done ; if test x"$CC_FOR_BUILD" = x ; then CC_FOR_BUILD=no_compiler_found ; fi ;; ,,*) CC_FOR_BUILD=$CC ;; ,*,*) CC_FOR_BUILD=$HOST_CC ;; esac ; set_cc_for_build= ;' # This is needed to find uname on a Pyramid OSx when run in the BSD universe. # (ghazi@noc.rutgers.edu 1994-08-24) if (test -f /.attbin/uname) >/dev/null 2>&1 ; then PATH=$PATH:/.attbin ; export PATH fi UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown # Note: order is significant - the case branches are not exclusive. case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in *:NetBSD:*:*) # NetBSD (nbsd) targets should (where applicable) match one or # more of the tupples: *-*-netbsdelf*, *-*-netbsdaout*, # *-*-netbsdecoff* and *-*-netbsd*. For targets that recently # switched to ELF, *-*-netbsd* would select the old # object file format. This provides both forward # compatibility and a consistent mechanism for selecting the # object file format. # # Note: NetBSD doesn't particularly care about the vendor # portion of the name. We always set it to "unknown". sysctl="sysctl -n hw.machine_arch" UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \ /usr/sbin/$sysctl 2>/dev/null || echo unknown)` case "${UNAME_MACHINE_ARCH}" in armeb) machine=armeb-unknown ;; arm*) machine=arm-unknown ;; sh3el) machine=shl-unknown ;; sh3eb) machine=sh-unknown ;; sh5el) machine=sh5le-unknown ;; *) machine=${UNAME_MACHINE_ARCH}-unknown ;; esac # The Operating System including object format, if it has switched # to ELF recently, or will in the future. case "${UNAME_MACHINE_ARCH}" in arm*|i386|m68k|ns32k|sh3*|sparc|vax) eval $set_cc_for_build if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \ | grep -q __ELF__ then # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout). # Return netbsd for either. FIX? os=netbsd else os=netbsdelf fi ;; *) os=netbsd ;; esac # The OS release # Debian GNU/NetBSD machines have a different userland, and # thus, need a distinct triplet. However, they do not need # kernel version information, so it can be replaced with a # suitable tag, in the style of linux-gnu. case "${UNAME_VERSION}" in Debian*) release='-gnu' ;; *) release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'` ;; esac # Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM: # contains redundant information, the shorter form: # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used. echo "${machine}-${os}${release}" exit ;; *:OpenBSD:*:*) UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'` echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE} exit ;; *:ekkoBSD:*:*) echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE} exit ;; *:SolidBSD:*:*) echo ${UNAME_MACHINE}-unknown-solidbsd${UNAME_RELEASE} exit ;; macppc:MirBSD:*:*) echo powerpc-unknown-mirbsd${UNAME_RELEASE} exit ;; *:MirBSD:*:*) echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE} exit ;; alpha:OSF1:*:*) case $UNAME_RELEASE in *4.0) UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'` ;; *5.*) UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'` ;; esac # According to Compaq, /usr/sbin/psrinfo has been available on # OSF/1 and Tru64 systems produced since 1995. I hope that # covers most systems running today. This code pipes the CPU # types through head -n 1, so we only detect the type of CPU 0. ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1` case "$ALPHA_CPU_TYPE" in "EV4 (21064)") UNAME_MACHINE="alpha" ;; "EV4.5 (21064)") UNAME_MACHINE="alpha" ;; "LCA4 (21066/21068)") UNAME_MACHINE="alpha" ;; "EV5 (21164)") UNAME_MACHINE="alphaev5" ;; "EV5.6 (21164A)") UNAME_MACHINE="alphaev56" ;; "EV5.6 (21164PC)") UNAME_MACHINE="alphapca56" ;; "EV5.7 (21164PC)") UNAME_MACHINE="alphapca57" ;; "EV6 (21264)") UNAME_MACHINE="alphaev6" ;; "EV6.7 (21264A)") UNAME_MACHINE="alphaev67" ;; "EV6.8CB (21264C)") UNAME_MACHINE="alphaev68" ;; "EV6.8AL (21264B)") UNAME_MACHINE="alphaev68" ;; "EV6.8CX (21264D)") UNAME_MACHINE="alphaev68" ;; "EV6.9A (21264/EV69A)") UNAME_MACHINE="alphaev69" ;; "EV7 (21364)") UNAME_MACHINE="alphaev7" ;; "EV7.9 (21364A)") UNAME_MACHINE="alphaev79" ;; esac # A Pn.n version is a patched version. # A Vn.n version is a released version. # A Tn.n version is a released field test version. # A Xn.n version is an unreleased experimental baselevel. # 1.2 uses "1.2" for uname -r. echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` exit ;; Alpha\ *:Windows_NT*:*) # How do we know it's Interix rather than the generic POSIX subsystem? # Should we change UNAME_MACHINE based on the output of uname instead # of the specific Alpha model? echo alpha-pc-interix exit ;; 21064:Windows_NT:50:3) echo alpha-dec-winnt3.5 exit ;; Amiga*:UNIX_System_V:4.0:*) echo m68k-unknown-sysv4 exit ;; *:[Aa]miga[Oo][Ss]:*:*) echo ${UNAME_MACHINE}-unknown-amigaos exit ;; *:[Mm]orph[Oo][Ss]:*:*) echo ${UNAME_MACHINE}-unknown-morphos exit ;; *:OS/390:*:*) echo i370-ibm-openedition exit ;; *:z/VM:*:*) echo s390-ibm-zvmoe exit ;; *:OS400:*:*) echo powerpc-ibm-os400 exit ;; arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) echo arm-acorn-riscix${UNAME_RELEASE} exit ;; arm:riscos:*:*|arm:RISCOS:*:*) echo arm-unknown-riscos exit ;; SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*) echo hppa1.1-hitachi-hiuxmpp exit ;; Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*) # akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE. if test "`(/bin/universe) 2>/dev/null`" = att ; then echo pyramid-pyramid-sysv3 else echo pyramid-pyramid-bsd fi exit ;; NILE*:*:*:dcosx) echo pyramid-pyramid-svr4 exit ;; DRS?6000:unix:4.0:6*) echo sparc-icl-nx6 exit ;; DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*) case `/usr/bin/uname -p` in sparc) echo sparc-icl-nx7; exit ;; esac ;; s390x:SunOS:*:*) echo ${UNAME_MACHINE}-ibm-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; sun4H:SunOS:5.*:*) echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*) echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; i86pc:AuroraUX:5.*:* | i86xen:AuroraUX:5.*:*) echo i386-pc-auroraux${UNAME_RELEASE} exit ;; i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*) eval $set_cc_for_build SUN_ARCH="i386" # If there is a compiler, see if it is configured for 64-bit objects. # Note that the Sun cc does not turn __LP64__ into 1 like gcc does. # This test works for both compilers. if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \ (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ grep IS_64BIT_ARCH >/dev/null then SUN_ARCH="x86_64" fi fi echo ${SUN_ARCH}-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; sun4*:SunOS:6*:*) # According to config.sub, this is the proper way to canonicalize # SunOS6. Hard to guess exactly what SunOS6 will be like, but # it's likely to be more like Solaris than SunOS4. echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; sun4*:SunOS:*:*) case "`/usr/bin/arch -k`" in Series*|S4*) UNAME_RELEASE=`uname -v` ;; esac # Japanese Language versions have a version number like `4.1.3-JL'. echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'` exit ;; sun3*:SunOS:*:*) echo m68k-sun-sunos${UNAME_RELEASE} exit ;; sun*:*:4.2BSD:*) UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null` test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3 case "`/bin/arch`" in sun3) echo m68k-sun-sunos${UNAME_RELEASE} ;; sun4) echo sparc-sun-sunos${UNAME_RELEASE} ;; esac exit ;; aushp:SunOS:*:*) echo sparc-auspex-sunos${UNAME_RELEASE} exit ;; # The situation for MiNT is a little confusing. The machine name # can be virtually everything (everything which is not # "atarist" or "atariste" at least should have a processor # > m68000). The system name ranges from "MiNT" over "FreeMiNT" # to the lowercase version "mint" (or "freemint"). Finally # the system name "TOS" denotes a system which is actually not # MiNT. But MiNT is downward compatible to TOS, so this should # be no problem. atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*) echo m68k-atari-mint${UNAME_RELEASE} exit ;; atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*) echo m68k-atari-mint${UNAME_RELEASE} exit ;; *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*) echo m68k-atari-mint${UNAME_RELEASE} exit ;; milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*) echo m68k-milan-mint${UNAME_RELEASE} exit ;; hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*) echo m68k-hades-mint${UNAME_RELEASE} exit ;; *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*) echo m68k-unknown-mint${UNAME_RELEASE} exit ;; m68k:machten:*:*) echo m68k-apple-machten${UNAME_RELEASE} exit ;; powerpc:machten:*:*) echo powerpc-apple-machten${UNAME_RELEASE} exit ;; RISC*:Mach:*:*) echo mips-dec-mach_bsd4.3 exit ;; RISC*:ULTRIX:*:*) echo mips-dec-ultrix${UNAME_RELEASE} exit ;; VAX*:ULTRIX*:*:*) echo vax-dec-ultrix${UNAME_RELEASE} exit ;; 2020:CLIX:*:* | 2430:CLIX:*:*) echo clipper-intergraph-clix${UNAME_RELEASE} exit ;; mips:*:*:UMIPS | mips:*:*:RISCos) eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #ifdef __cplusplus #include /* for printf() prototype */ int main (int argc, char *argv[]) { #else int main (argc, argv) int argc; char *argv[]; { #endif #if defined (host_mips) && defined (MIPSEB) #if defined (SYSTYPE_SYSV) printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0); #endif #if defined (SYSTYPE_SVR4) printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0); #endif #if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD) printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0); #endif #endif exit (-1); } EOF $CC_FOR_BUILD -o $dummy $dummy.c && dummyarg=`echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` && SYSTEM_NAME=`$dummy $dummyarg` && { echo "$SYSTEM_NAME"; exit; } echo mips-mips-riscos${UNAME_RELEASE} exit ;; Motorola:PowerMAX_OS:*:*) echo powerpc-motorola-powermax exit ;; Motorola:*:4.3:PL8-*) echo powerpc-harris-powermax exit ;; Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*) echo powerpc-harris-powermax exit ;; Night_Hawk:Power_UNIX:*:*) echo powerpc-harris-powerunix exit ;; m88k:CX/UX:7*:*) echo m88k-harris-cxux7 exit ;; m88k:*:4*:R4*) echo m88k-motorola-sysv4 exit ;; m88k:*:3*:R3*) echo m88k-motorola-sysv3 exit ;; AViiON:dgux:*:*) # DG/UX returns AViiON for all architectures UNAME_PROCESSOR=`/usr/bin/uname -p` if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ] then if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \ [ ${TARGET_BINARY_INTERFACE}x = x ] then echo m88k-dg-dgux${UNAME_RELEASE} else echo m88k-dg-dguxbcs${UNAME_RELEASE} fi else echo i586-dg-dgux${UNAME_RELEASE} fi exit ;; M88*:DolphinOS:*:*) # DolphinOS (SVR3) echo m88k-dolphin-sysv3 exit ;; M88*:*:R3*:*) # Delta 88k system running SVR3 echo m88k-motorola-sysv3 exit ;; XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3) echo m88k-tektronix-sysv3 exit ;; Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD) echo m68k-tektronix-bsd exit ;; *:IRIX*:*:*) echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'` exit ;; ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX. echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id exit ;; # Note that: echo "'`uname -s`'" gives 'AIX ' i*86:AIX:*:*) echo i386-ibm-aix exit ;; ia64:AIX:*:*) if [ -x /usr/bin/oslevel ] ; then IBM_REV=`/usr/bin/oslevel` else IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} fi echo ${UNAME_MACHINE}-ibm-aix${IBM_REV} exit ;; *:AIX:2:3) if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #include main() { if (!__power_pc()) exit(1); puts("powerpc-ibm-aix3.2.5"); exit(0); } EOF if $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` then echo "$SYSTEM_NAME" else echo rs6000-ibm-aix3.2.5 fi elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then echo rs6000-ibm-aix3.2.4 else echo rs6000-ibm-aix3.2 fi exit ;; *:AIX:*:[456]) IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'` if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then IBM_ARCH=rs6000 else IBM_ARCH=powerpc fi if [ -x /usr/bin/oslevel ] ; then IBM_REV=`/usr/bin/oslevel` else IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} fi echo ${IBM_ARCH}-ibm-aix${IBM_REV} exit ;; *:AIX:*:*) echo rs6000-ibm-aix exit ;; ibmrt:4.4BSD:*|romp-ibm:BSD:*) echo romp-ibm-bsd4.4 exit ;; ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to exit ;; # report: romp-ibm BSD 4.3 *:BOSX:*:*) echo rs6000-bull-bosx exit ;; DPX/2?00:B.O.S.:*:*) echo m68k-bull-sysv3 exit ;; 9000/[34]??:4.3bsd:1.*:*) echo m68k-hp-bsd exit ;; hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*) echo m68k-hp-bsd4.4 exit ;; 9000/[34678]??:HP-UX:*:*) HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` case "${UNAME_MACHINE}" in 9000/31? ) HP_ARCH=m68000 ;; 9000/[34]?? ) HP_ARCH=m68k ;; 9000/[678][0-9][0-9]) if [ -x /usr/bin/getconf ]; then sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null` sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null` case "${sc_cpu_version}" in 523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0 528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1 532) # CPU_PA_RISC2_0 case "${sc_kernel_bits}" in 32) HP_ARCH="hppa2.0n" ;; 64) HP_ARCH="hppa2.0w" ;; '') HP_ARCH="hppa2.0" ;; # HP-UX 10.20 esac ;; esac fi if [ "${HP_ARCH}" = "" ]; then eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #define _HPUX_SOURCE #include #include int main () { #if defined(_SC_KERNEL_BITS) long bits = sysconf(_SC_KERNEL_BITS); #endif long cpu = sysconf (_SC_CPU_VERSION); switch (cpu) { case CPU_PA_RISC1_0: puts ("hppa1.0"); break; case CPU_PA_RISC1_1: puts ("hppa1.1"); break; case CPU_PA_RISC2_0: #if defined(_SC_KERNEL_BITS) switch (bits) { case 64: puts ("hppa2.0w"); break; case 32: puts ("hppa2.0n"); break; default: puts ("hppa2.0"); break; } break; #else /* !defined(_SC_KERNEL_BITS) */ puts ("hppa2.0"); break; #endif default: puts ("hppa1.0"); break; } exit (0); } EOF (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy` test -z "$HP_ARCH" && HP_ARCH=hppa fi ;; esac if [ ${HP_ARCH} = "hppa2.0w" ] then eval $set_cc_for_build # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating # 32-bit code. hppa64-hp-hpux* has the same kernel and a compiler # generating 64-bit code. GNU and HP use different nomenclature: # # $ CC_FOR_BUILD=cc ./config.guess # => hppa2.0w-hp-hpux11.23 # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess # => hppa64-hp-hpux11.23 if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | grep -q __LP64__ then HP_ARCH="hppa2.0w" else HP_ARCH="hppa64" fi fi echo ${HP_ARCH}-hp-hpux${HPUX_REV} exit ;; ia64:HP-UX:*:*) HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` echo ia64-hp-hpux${HPUX_REV} exit ;; 3050*:HI-UX:*:*) eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #include int main () { long cpu = sysconf (_SC_CPU_VERSION); /* The order matters, because CPU_IS_HP_MC68K erroneously returns true for CPU_PA_RISC1_0. CPU_IS_PA_RISC returns correct results, however. */ if (CPU_IS_PA_RISC (cpu)) { switch (cpu) { case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break; case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break; case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break; default: puts ("hppa-hitachi-hiuxwe2"); break; } } else if (CPU_IS_HP_MC68K (cpu)) puts ("m68k-hitachi-hiuxwe2"); else puts ("unknown-hitachi-hiuxwe2"); exit (0); } EOF $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` && { echo "$SYSTEM_NAME"; exit; } echo unknown-hitachi-hiuxwe2 exit ;; 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* ) echo hppa1.1-hp-bsd exit ;; 9000/8??:4.3bsd:*:*) echo hppa1.0-hp-bsd exit ;; *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*) echo hppa1.0-hp-mpeix exit ;; hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* ) echo hppa1.1-hp-osf exit ;; hp8??:OSF1:*:*) echo hppa1.0-hp-osf exit ;; i*86:OSF1:*:*) if [ -x /usr/sbin/sysversion ] ; then echo ${UNAME_MACHINE}-unknown-osf1mk else echo ${UNAME_MACHINE}-unknown-osf1 fi exit ;; parisc*:Lites*:*:*) echo hppa1.1-hp-lites exit ;; C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*) echo c1-convex-bsd exit ;; C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*) if getsysinfo -f scalar_acc then echo c32-convex-bsd else echo c2-convex-bsd fi exit ;; C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*) echo c34-convex-bsd exit ;; C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*) echo c38-convex-bsd exit ;; C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*) echo c4-convex-bsd exit ;; CRAY*Y-MP:*:*:*) echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit ;; CRAY*[A-Z]90:*:*:*) echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \ | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \ -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \ -e 's/\.[^.]*$/.X/' exit ;; CRAY*TS:*:*:*) echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit ;; CRAY*T3E:*:*:*) echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit ;; CRAY*SV1:*:*:*) echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit ;; *:UNICOS/mp:*:*) echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit ;; F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*) FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'` echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" exit ;; 5000:UNIX_System_V:4.*:*) FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'` echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" exit ;; i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*) echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE} exit ;; sparc*:BSD/OS:*:*) echo sparc-unknown-bsdi${UNAME_RELEASE} exit ;; *:BSD/OS:*:*) echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE} exit ;; *:FreeBSD:*:*) case ${UNAME_MACHINE} in pc98) echo i386-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; amd64) echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; *) echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; esac exit ;; i*:CYGWIN*:*) echo ${UNAME_MACHINE}-pc-cygwin exit ;; *:MINGW*:*) echo ${UNAME_MACHINE}-pc-mingw32 exit ;; i*:windows32*:*) # uname -m includes "-pc" on this system. echo ${UNAME_MACHINE}-mingw32 exit ;; i*:PW*:*) echo ${UNAME_MACHINE}-pc-pw32 exit ;; *:Interix*:*) case ${UNAME_MACHINE} in x86) echo i586-pc-interix${UNAME_RELEASE} exit ;; authenticamd | genuineintel | EM64T) echo x86_64-unknown-interix${UNAME_RELEASE} exit ;; IA64) echo ia64-unknown-interix${UNAME_RELEASE} exit ;; esac ;; [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*) echo i${UNAME_MACHINE}-pc-mks exit ;; 8664:Windows_NT:*) echo x86_64-pc-mks exit ;; i*:Windows_NT*:* | Pentium*:Windows_NT*:*) # How do we know it's Interix rather than the generic POSIX subsystem? # It also conflicts with pre-2.0 versions of AT&T UWIN. Should we # UNAME_MACHINE based on the output of uname instead of i386? echo i586-pc-interix exit ;; i*:UWIN*:*) echo ${UNAME_MACHINE}-pc-uwin exit ;; amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*) echo x86_64-unknown-cygwin exit ;; p*:CYGWIN*:*) echo powerpcle-unknown-cygwin exit ;; prep*:SunOS:5.*:*) echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; *:GNU:*:*) # the GNU system echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'` exit ;; *:GNU/*:*:*) # other systems with GNU libc and userland echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-gnu exit ;; i*86:Minix:*:*) echo ${UNAME_MACHINE}-pc-minix exit ;; alpha:Linux:*:*) case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in EV5) UNAME_MACHINE=alphaev5 ;; EV56) UNAME_MACHINE=alphaev56 ;; PCA56) UNAME_MACHINE=alphapca56 ;; PCA57) UNAME_MACHINE=alphapca56 ;; EV6) UNAME_MACHINE=alphaev6 ;; EV67) UNAME_MACHINE=alphaev67 ;; EV68*) UNAME_MACHINE=alphaev68 ;; esac objdump --private-headers /bin/sh | grep -q ld.so.1 if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC} exit ;; arm*:Linux:*:*) eval $set_cc_for_build if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \ | grep -q __ARM_EABI__ then echo ${UNAME_MACHINE}-unknown-linux-gnu else echo ${UNAME_MACHINE}-unknown-linux-gnueabi fi exit ;; avr32*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; cris:Linux:*:*) echo cris-axis-linux-gnu exit ;; crisv32:Linux:*:*) echo crisv32-axis-linux-gnu exit ;; frv:Linux:*:*) echo frv-unknown-linux-gnu exit ;; i*86:Linux:*:*) LIBC=gnu eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #ifdef __dietlibc__ LIBC=dietlibc #endif EOF eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC'` echo "${UNAME_MACHINE}-pc-linux-${LIBC}" exit ;; ia64:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; m32r*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; m68*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; mips:Linux:*:* | mips64:Linux:*:*) eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #undef CPU #undef ${UNAME_MACHINE} #undef ${UNAME_MACHINE}el #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL) CPU=${UNAME_MACHINE}el #else #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB) CPU=${UNAME_MACHINE} #else CPU= #endif #endif EOF eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^CPU'` test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; } ;; or32:Linux:*:*) echo or32-unknown-linux-gnu exit ;; padre:Linux:*:*) echo sparc-unknown-linux-gnu exit ;; parisc64:Linux:*:* | hppa64:Linux:*:*) echo hppa64-unknown-linux-gnu exit ;; parisc:Linux:*:* | hppa:Linux:*:*) # Look for CPU level case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in PA7*) echo hppa1.1-unknown-linux-gnu ;; PA8*) echo hppa2.0-unknown-linux-gnu ;; *) echo hppa-unknown-linux-gnu ;; esac exit ;; ppc64:Linux:*:*) echo powerpc64-unknown-linux-gnu exit ;; ppc:Linux:*:*) echo powerpc-unknown-linux-gnu exit ;; s390:Linux:*:* | s390x:Linux:*:*) echo ${UNAME_MACHINE}-ibm-linux exit ;; sh64*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; sh*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; sparc:Linux:*:* | sparc64:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; vax:Linux:*:*) echo ${UNAME_MACHINE}-dec-linux-gnu exit ;; x86_64:Linux:*:*) echo x86_64-unknown-linux-gnu exit ;; xtensa*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; i*86:DYNIX/ptx:4*:*) # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. # earlier versions are messed up and put the nodename in both # sysname and nodename. echo i386-sequent-sysv4 exit ;; i*86:UNIX_SV:4.2MP:2.*) # Unixware is an offshoot of SVR4, but it has its own version # number series starting with 2... # I am not positive that other SVR4 systems won't match this, # I just have to hope. -- rms. # Use sysv4.2uw... so that sysv4* matches it. echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION} exit ;; i*86:OS/2:*:*) # If we were able to find `uname', then EMX Unix compatibility # is probably installed. echo ${UNAME_MACHINE}-pc-os2-emx exit ;; i*86:XTS-300:*:STOP) echo ${UNAME_MACHINE}-unknown-stop exit ;; i*86:atheos:*:*) echo ${UNAME_MACHINE}-unknown-atheos exit ;; i*86:syllable:*:*) echo ${UNAME_MACHINE}-pc-syllable exit ;; i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.[02]*:*) echo i386-unknown-lynxos${UNAME_RELEASE} exit ;; i*86:*DOS:*:*) echo ${UNAME_MACHINE}-pc-msdosdjgpp exit ;; i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*) UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'` if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL} else echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL} fi exit ;; i*86:*:5:[678]*) # UnixWare 7.x, OpenUNIX and OpenServer 6. case `/bin/uname -X | grep "^Machine"` in *486*) UNAME_MACHINE=i486 ;; *Pentium) UNAME_MACHINE=i586 ;; *Pent*|*Celeron) UNAME_MACHINE=i686 ;; esac echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION} exit ;; i*86:*:3.2:*) if test -f /usr/options/cb.name; then UNAME_REL=`sed -n 's/.*Version //p' /dev/null >/dev/null ; then UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')` (/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486 (/bin/uname -X|grep '^Machine.*Pentium' >/dev/null) \ && UNAME_MACHINE=i586 (/bin/uname -X|grep '^Machine.*Pent *II' >/dev/null) \ && UNAME_MACHINE=i686 (/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \ && UNAME_MACHINE=i686 echo ${UNAME_MACHINE}-pc-sco$UNAME_REL else echo ${UNAME_MACHINE}-pc-sysv32 fi exit ;; pc:*:*:*) # Left here for compatibility: # uname -m prints for DJGPP always 'pc', but it prints nothing about # the processor, so we play safe by assuming i586. # Note: whatever this is, it MUST be the same as what config.sub # prints for the "djgpp" host, or else GDB configury will decide that # this is a cross-build. echo i586-pc-msdosdjgpp exit ;; Intel:Mach:3*:*) echo i386-pc-mach3 exit ;; paragon:*:*:*) echo i860-intel-osf1 exit ;; i860:*:4.*:*) # i860-SVR4 if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4 else # Add other i860-SVR4 vendors below as they are discovered. echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4 fi exit ;; mini*:CTIX:SYS*5:*) # "miniframe" echo m68010-convergent-sysv exit ;; mc68k:UNIX:SYSTEM5:3.51m) echo m68k-convergent-sysv exit ;; M680?0:D-NIX:5.3:*) echo m68k-diab-dnix exit ;; M68*:*:R3V[5678]*:*) test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;; 3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0) OS_REL='' test -r /etc/.relid \ && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ && { echo i486-ncr-sysv4.3${OS_REL}; exit; } /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;; 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*) /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ && { echo i486-ncr-sysv4; exit; } ;; NCR*:*:4.2:* | MPRAS*:*:4.2:*) OS_REL='.3' test -r /etc/.relid \ && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ && { echo i486-ncr-sysv4.3${OS_REL}; exit; } /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ && { echo i586-ncr-sysv4.3${OS_REL}; exit; } /bin/uname -p 2>/dev/null | /bin/grep pteron >/dev/null \ && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;; m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*) echo m68k-unknown-lynxos${UNAME_RELEASE} exit ;; mc68030:UNIX_System_V:4.*:*) echo m68k-atari-sysv4 exit ;; TSUNAMI:LynxOS:2.*:*) echo sparc-unknown-lynxos${UNAME_RELEASE} exit ;; rs6000:LynxOS:2.*:*) echo rs6000-unknown-lynxos${UNAME_RELEASE} exit ;; PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.[02]*:*) echo powerpc-unknown-lynxos${UNAME_RELEASE} exit ;; SM[BE]S:UNIX_SV:*:*) echo mips-dde-sysv${UNAME_RELEASE} exit ;; RM*:ReliantUNIX-*:*:*) echo mips-sni-sysv4 exit ;; RM*:SINIX-*:*:*) echo mips-sni-sysv4 exit ;; *:SINIX-*:*:*) if uname -p 2>/dev/null >/dev/null ; then UNAME_MACHINE=`(uname -p) 2>/dev/null` echo ${UNAME_MACHINE}-sni-sysv4 else echo ns32k-sni-sysv fi exit ;; PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort # says echo i586-unisys-sysv4 exit ;; *:UNIX_System_V:4*:FTX*) # From Gerald Hewes . # How about differentiating between stratus architectures? -djm echo hppa1.1-stratus-sysv4 exit ;; *:*:*:FTX*) # From seanf@swdc.stratus.com. echo i860-stratus-sysv4 exit ;; i*86:VOS:*:*) # From Paul.Green@stratus.com. echo ${UNAME_MACHINE}-stratus-vos exit ;; *:VOS:*:*) # From Paul.Green@stratus.com. echo hppa1.1-stratus-vos exit ;; mc68*:A/UX:*:*) echo m68k-apple-aux${UNAME_RELEASE} exit ;; news*:NEWS-OS:6*:*) echo mips-sony-newsos6 exit ;; R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*) if [ -d /usr/nec ]; then echo mips-nec-sysv${UNAME_RELEASE} else echo mips-unknown-sysv${UNAME_RELEASE} fi exit ;; BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only. echo powerpc-be-beos exit ;; BeMac:BeOS:*:*) # BeOS running on Mac or Mac clone, PPC only. echo powerpc-apple-beos exit ;; BePC:BeOS:*:*) # BeOS running on Intel PC compatible. echo i586-pc-beos exit ;; BePC:Haiku:*:*) # Haiku running on Intel PC compatible. echo i586-pc-haiku exit ;; SX-4:SUPER-UX:*:*) echo sx4-nec-superux${UNAME_RELEASE} exit ;; SX-5:SUPER-UX:*:*) echo sx5-nec-superux${UNAME_RELEASE} exit ;; SX-6:SUPER-UX:*:*) echo sx6-nec-superux${UNAME_RELEASE} exit ;; SX-7:SUPER-UX:*:*) echo sx7-nec-superux${UNAME_RELEASE} exit ;; SX-8:SUPER-UX:*:*) echo sx8-nec-superux${UNAME_RELEASE} exit ;; SX-8R:SUPER-UX:*:*) echo sx8r-nec-superux${UNAME_RELEASE} exit ;; Power*:Rhapsody:*:*) echo powerpc-apple-rhapsody${UNAME_RELEASE} exit ;; *:Rhapsody:*:*) echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE} exit ;; *:Darwin:*:*) UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown case $UNAME_PROCESSOR in i386) eval $set_cc_for_build if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \ (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ grep IS_64BIT_ARCH >/dev/null then UNAME_PROCESSOR="x86_64" fi fi ;; unknown) UNAME_PROCESSOR=powerpc ;; esac echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE} exit ;; *:procnto*:*:* | *:QNX:[0123456789]*:*) UNAME_PROCESSOR=`uname -p` if test "$UNAME_PROCESSOR" = "x86"; then UNAME_PROCESSOR=i386 UNAME_MACHINE=pc fi echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE} exit ;; *:QNX:*:4*) echo i386-pc-qnx exit ;; NSE-?:NONSTOP_KERNEL:*:*) echo nse-tandem-nsk${UNAME_RELEASE} exit ;; NSR-?:NONSTOP_KERNEL:*:*) echo nsr-tandem-nsk${UNAME_RELEASE} exit ;; *:NonStop-UX:*:*) echo mips-compaq-nonstopux exit ;; BS2000:POSIX*:*:*) echo bs2000-siemens-sysv exit ;; DS/*:UNIX_System_V:*:*) echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE} exit ;; *:Plan9:*:*) # "uname -m" is not consistent, so use $cputype instead. 386 # is converted to i386 for consistency with other x86 # operating systems. if test "$cputype" = "386"; then UNAME_MACHINE=i386 else UNAME_MACHINE="$cputype" fi echo ${UNAME_MACHINE}-unknown-plan9 exit ;; *:TOPS-10:*:*) echo pdp10-unknown-tops10 exit ;; *:TENEX:*:*) echo pdp10-unknown-tenex exit ;; KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*) echo pdp10-dec-tops20 exit ;; XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*) echo pdp10-xkl-tops20 exit ;; *:TOPS-20:*:*) echo pdp10-unknown-tops20 exit ;; *:ITS:*:*) echo pdp10-unknown-its exit ;; SEI:*:*:SEIUX) echo mips-sei-seiux${UNAME_RELEASE} exit ;; *:DragonFly:*:*) echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` exit ;; *:*VMS:*:*) UNAME_MACHINE=`(uname -p) 2>/dev/null` case "${UNAME_MACHINE}" in A*) echo alpha-dec-vms ; exit ;; I*) echo ia64-dec-vms ; exit ;; V*) echo vax-dec-vms ; exit ;; esac ;; *:XENIX:*:SysV) echo i386-pc-xenix exit ;; i*86:skyos:*:*) echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//' exit ;; i*86:rdos:*:*) echo ${UNAME_MACHINE}-pc-rdos exit ;; i*86:AROS:*:*) echo ${UNAME_MACHINE}-pc-aros exit ;; esac #echo '(No uname command or uname output not recognized.)' 1>&2 #echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2 eval $set_cc_for_build cat >$dummy.c < # include #endif main () { #if defined (sony) #if defined (MIPSEB) /* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed, I don't know.... */ printf ("mips-sony-bsd\n"); exit (0); #else #include printf ("m68k-sony-newsos%s\n", #ifdef NEWSOS4 "4" #else "" #endif ); exit (0); #endif #endif #if defined (__arm) && defined (__acorn) && defined (__unix) printf ("arm-acorn-riscix\n"); exit (0); #endif #if defined (hp300) && !defined (hpux) printf ("m68k-hp-bsd\n"); exit (0); #endif #if defined (NeXT) #if !defined (__ARCHITECTURE__) #define __ARCHITECTURE__ "m68k" #endif int version; version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`; if (version < 4) printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version); else printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version); exit (0); #endif #if defined (MULTIMAX) || defined (n16) #if defined (UMAXV) printf ("ns32k-encore-sysv\n"); exit (0); #else #if defined (CMU) printf ("ns32k-encore-mach\n"); exit (0); #else printf ("ns32k-encore-bsd\n"); exit (0); #endif #endif #endif #if defined (__386BSD__) printf ("i386-pc-bsd\n"); exit (0); #endif #if defined (sequent) #if defined (i386) printf ("i386-sequent-dynix\n"); exit (0); #endif #if defined (ns32000) printf ("ns32k-sequent-dynix\n"); exit (0); #endif #endif #if defined (_SEQUENT_) struct utsname un; uname(&un); if (strncmp(un.version, "V2", 2) == 0) { printf ("i386-sequent-ptx2\n"); exit (0); } if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */ printf ("i386-sequent-ptx1\n"); exit (0); } printf ("i386-sequent-ptx\n"); exit (0); #endif #if defined (vax) # if !defined (ultrix) # include # if defined (BSD) # if BSD == 43 printf ("vax-dec-bsd4.3\n"); exit (0); # else # if BSD == 199006 printf ("vax-dec-bsd4.3reno\n"); exit (0); # else printf ("vax-dec-bsd\n"); exit (0); # endif # endif # else printf ("vax-dec-bsd\n"); exit (0); # endif # else printf ("vax-dec-ultrix\n"); exit (0); # endif #endif #if defined (alliant) && defined (i860) printf ("i860-alliant-bsd\n"); exit (0); #endif exit (1); } EOF $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && SYSTEM_NAME=`$dummy` && { echo "$SYSTEM_NAME"; exit; } # Apollos put the system type in the environment. test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit; } # Convex versions that predate uname can use getsysinfo(1) if [ -x /usr/convex/getsysinfo ] then case `getsysinfo -f cpu_type` in c1*) echo c1-convex-bsd exit ;; c2*) if getsysinfo -f scalar_acc then echo c32-convex-bsd else echo c2-convex-bsd fi exit ;; c34*) echo c34-convex-bsd exit ;; c38*) echo c38-convex-bsd exit ;; c4*) echo c4-convex-bsd exit ;; esac fi cat >&2 < in order to provide the needed information to handle your system. config.guess timestamp = $timestamp uname -m = `(uname -m) 2>/dev/null || echo unknown` uname -r = `(uname -r) 2>/dev/null || echo unknown` uname -s = `(uname -s) 2>/dev/null || echo unknown` uname -v = `(uname -v) 2>/dev/null || echo unknown` /usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null` /bin/uname -X = `(/bin/uname -X) 2>/dev/null` hostinfo = `(hostinfo) 2>/dev/null` /bin/universe = `(/bin/universe) 2>/dev/null` /usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null` /bin/arch = `(/bin/arch) 2>/dev/null` /usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null` /usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null` UNAME_MACHINE = ${UNAME_MACHINE} UNAME_RELEASE = ${UNAME_RELEASE} UNAME_SYSTEM = ${UNAME_SYSTEM} UNAME_VERSION = ${UNAME_VERSION} EOF exit 1 # Local variables: # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "timestamp='" # time-stamp-format: "%:y-%02m-%02d" # time-stamp-end: "'" # End: mech_eap-0.9.2/mech_eap/wrap_size_limit.c0000644001755200017500000000624712406014472015332 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * Message protection services: determine maximum input size. */ #include "gssapiP_eap.h" OM_uint32 GSSAPI_CALLCONV gss_wrap_size_limit(OM_uint32 *minor, gss_ctx_id_t ctx, int conf_req_flag, gss_qop_t qop_req, OM_uint32 req_output_size, OM_uint32 *max_input_size) { gss_iov_buffer_desc iov[4]; OM_uint32 major, overhead; if (ctx == GSS_C_NO_CONTEXT) { *minor = EINVAL; return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CONTEXT; } *minor = 0; GSSEAP_MUTEX_LOCK(&ctx->mutex); if (!CTX_IS_ESTABLISHED(ctx)) { major = GSS_S_NO_CONTEXT; *minor = GSSEAP_CONTEXT_INCOMPLETE; goto cleanup; } iov[0].type = GSS_IOV_BUFFER_TYPE_HEADER; iov[0].buffer.value = NULL; iov[0].buffer.length = 0; iov[1].type = GSS_IOV_BUFFER_TYPE_DATA; iov[1].buffer.length = req_output_size; iov[1].buffer.value = NULL; iov[2].type = GSS_IOV_BUFFER_TYPE_PADDING; iov[2].buffer.value = NULL; iov[2].buffer.length = 0; iov[3].type = GSS_IOV_BUFFER_TYPE_TRAILER; iov[3].buffer.value = NULL; iov[3].buffer.length = 0; major = gssEapWrapIovLength(minor, ctx, conf_req_flag, qop_req, NULL, iov, 4); if (GSS_ERROR(major)) goto cleanup; overhead = iov[0].buffer.length + iov[3].buffer.length; if (iov[2].buffer.length == 0 && overhead < req_output_size) *max_input_size = req_output_size - overhead; else *max_input_size = 0; cleanup: GSSEAP_MUTEX_UNLOCK(&ctx->mutex); return major; } mech_eap-0.9.2/mech_eap/util_reauth.h0000644001755200017500000001205312406014472014453 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * Fast reauthentication support. */ #include "gssapiP_eap.h" #ifndef _UTIL_REAUTH_H_ #define _UTIL_REAUTH_H_ 1 /* AD element containing serialised AVPs. */ #define KRB5_AUTHDATA_RADIUS_AVP 513 OM_uint32 gssInitSecContext(OM_uint32 *minor, gss_cred_id_t cred, gss_ctx_id_t *context_handle, gss_name_t target_name, gss_OID mech_type, OM_uint32 req_flags, OM_uint32 time_req, gss_channel_bindings_t input_chan_bindings, gss_buffer_t input_token, gss_OID *actual_mech_type, gss_buffer_t output_token, OM_uint32 *ret_flags, OM_uint32 *time_rec); OM_uint32 gssAcceptSecContext(OM_uint32 *minor, gss_ctx_id_t *context_handle, gss_cred_id_t cred, gss_buffer_t input_token, gss_channel_bindings_t input_chan_bindings, gss_name_t *src_name, gss_OID *mech_type, gss_buffer_t output_token, OM_uint32 *ret_flags, OM_uint32 *time_rec, gss_cred_id_t *delegated_cred_handle); OM_uint32 gssReleaseCred(OM_uint32 *minor, gss_cred_id_t *cred_handle); OM_uint32 gssReleaseName(OM_uint32 *minor, gss_name_t *name); OM_uint32 gssDeleteSecContext(OM_uint32 *minor, gss_ctx_id_t *context_handle, gss_buffer_t output_token); OM_uint32 gssInquireSecContextByOid(OM_uint32 *minor, const gss_ctx_id_t context_handle, const gss_OID desired_object, gss_buffer_set_t *data_set); OM_uint32 gssStoreCred(OM_uint32 *minor, const gss_cred_id_t input_cred_handle, gss_cred_usage_t input_usage, const gss_OID desired_mech, OM_uint32 overwrite_cred, OM_uint32 default_cred, gss_OID_set *elements_stored, gss_cred_usage_t *cred_usage_stored); OM_uint32 gssGetNameAttribute(OM_uint32 *minor, gss_name_t name, gss_buffer_t attr, int *authenticated, int *complete, gss_buffer_t value, gss_buffer_t display_value, int *more); OM_uint32 gssEapMakeReauthCreds(OM_uint32 *minor, gss_ctx_id_t ctx, gss_cred_id_t cred, gss_buffer_t credBuf); OM_uint32 gssEapStoreReauthCreds(OM_uint32 *minor, gss_ctx_id_t ctx, gss_cred_id_t cred, gss_buffer_t credBuf); OM_uint32 gssEapGlueToMechName(OM_uint32 *minor, gss_ctx_id_t glueContext, gss_name_t glueName, gss_name_t *pMechName); OM_uint32 gssEapMechToGlueName(OM_uint32 *minor, gss_name_t mechName, gss_name_t *pGlueName); OM_uint32 gssEapReauthComplete(OM_uint32 *minor, gss_ctx_id_t ctx, gss_cred_id_t cred, const gss_OID mech, OM_uint32 timeRec); OM_uint32 gssEapReauthInitialize(OM_uint32 *minor); int gssEapCanReauthP(gss_cred_id_t cred, gss_name_t target, OM_uint32 timeReq); #endif /* _UTIL_REAUTH_H_ */ mech_eap-0.9.2/mech_eap/get_mic.c0000644001755200017500000000551512406014472013535 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * Message protection services: make a message integerity check. */ #include "gssapiP_eap.h" OM_uint32 GSSAPI_CALLCONV gss_get_mic(OM_uint32 *minor, gss_ctx_id_t ctx, gss_qop_t qop_req, gss_buffer_t message_buffer, gss_buffer_t message_token) { OM_uint32 major; gss_iov_buffer_desc iov[2]; if (ctx == GSS_C_NO_CONTEXT) { *minor = EINVAL; return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CONTEXT; } if (qop_req != GSS_C_QOP_DEFAULT) { *minor = GSSEAP_UNKNOWN_QOP; return GSS_S_UNAVAILABLE; } *minor = 0; message_token->value = NULL; message_token->length = 0; GSSEAP_MUTEX_LOCK(&ctx->mutex); if (!CTX_IS_ESTABLISHED(ctx)) { major = GSS_S_NO_CONTEXT; *minor = GSSEAP_CONTEXT_INCOMPLETE; goto cleanup; } iov[0].type = GSS_IOV_BUFFER_TYPE_DATA; iov[0].buffer = *message_buffer; iov[1].type = GSS_IOV_BUFFER_TYPE_HEADER | GSS_IOV_BUFFER_FLAG_ALLOCATE; iov[1].buffer.value = NULL; iov[1].buffer.length = 0; major = gssEapWrapOrGetMIC(minor, ctx, FALSE, NULL, iov, 2, TOK_TYPE_MIC); if (GSS_ERROR(major)) goto cleanup; *message_token = iov[1].buffer; cleanup: GSSEAP_MUTEX_UNLOCK(&ctx->mutex); return major; } mech_eap-0.9.2/mech_eap/util_cred.c0000644001755200017500000005566012406014472014106 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * Utility routines for credential handles. */ #include "gssapiP_eap.h" #ifdef WIN32 # include /* may need to use ShFolder.h instead */ # include #else # include #endif OM_uint32 gssEapAllocCred(OM_uint32 *minor, gss_cred_id_t *pCred) { OM_uint32 tmpMinor; gss_cred_id_t cred; *pCred = GSS_C_NO_CREDENTIAL; cred = (gss_cred_id_t)GSSEAP_CALLOC(1, sizeof(*cred)); if (cred == NULL) { *minor = ENOMEM; return GSS_S_FAILURE; } if (GSSEAP_MUTEX_INIT(&cred->mutex) != 0) { *minor = GSSEAP_GET_LAST_ERROR(); gssEapReleaseCred(&tmpMinor, &cred); return GSS_S_FAILURE; } *pCred = cred; *minor = 0; return GSS_S_COMPLETE; } static void zeroAndReleasePassword(gss_buffer_t password) { GSSEAP_ASSERT(password != GSS_C_NO_BUFFER); if (password->value != NULL) { memset(password->value, 0, password->length); GSSEAP_FREE(password->value); } password->value = NULL; password->length = 0; } OM_uint32 gssEapReleaseCred(OM_uint32 *minor, gss_cred_id_t *pCred) { OM_uint32 tmpMinor; gss_cred_id_t cred = *pCred; krb5_context krbContext = NULL; if (cred == GSS_C_NO_CREDENTIAL) { return GSS_S_COMPLETE; } GSSEAP_KRB_INIT(&krbContext); gssEapReleaseName(&tmpMinor, &cred->name); gssEapReleaseName(&tmpMinor, &cred->target); zeroAndReleasePassword(&cred->password); gss_release_buffer(&tmpMinor, &cred->radiusConfigFile); gss_release_buffer(&tmpMinor, &cred->radiusConfigStanza); gss_release_buffer(&tmpMinor, &cred->caCertificate); gss_release_buffer(&tmpMinor, &cred->caCertificateBlob); gss_release_buffer(&tmpMinor, &cred->subjectNameConstraint); gss_release_buffer(&tmpMinor, &cred->subjectAltNameConstraint); gss_release_buffer(&tmpMinor, &cred->clientCertificate); gss_release_buffer(&tmpMinor, &cred->privateKey); #ifdef GSSEAP_ENABLE_REAUTH if (cred->krbCredCache != NULL) { if (cred->flags & CRED_FLAG_DEFAULT_CCACHE) krb5_cc_close(krbContext, cred->krbCredCache); else krb5_cc_destroy(krbContext, cred->krbCredCache); } if (cred->reauthCred != GSS_C_NO_CREDENTIAL) gssReleaseCred(&tmpMinor, &cred->reauthCred); #endif GSSEAP_MUTEX_DESTROY(&cred->mutex); memset(cred, 0, sizeof(*cred)); GSSEAP_FREE(cred); *pCred = NULL; *minor = 0; return GSS_S_COMPLETE; } static OM_uint32 readStaticIdentityFile(OM_uint32 *minor, gss_buffer_t defaultIdentity, gss_buffer_t defaultPassword) { OM_uint32 major, tmpMinor; FILE *fp = NULL; char buf[BUFSIZ]; char *ccacheName; int i = 0; #ifndef WIN32 struct passwd *pw = NULL, pwd; char pwbuf[BUFSIZ]; #endif defaultIdentity->length = 0; defaultIdentity->value = NULL; if (defaultPassword != GSS_C_NO_BUFFER) { defaultPassword->length = 0; defaultPassword->value = NULL; } ccacheName = getenv("GSSEAP_IDENTITY"); if (ccacheName == NULL) { #ifdef WIN32 TCHAR szPath[MAX_PATH]; if (!SUCCEEDED(SHGetFolderPath(NULL, CSIDL_APPDATA, /* |CSIDL_FLAG_CREATE */ NULL, /* User access token */ 0, /* SHGFP_TYPE_CURRENT */ szPath))) { major = GSS_S_CRED_UNAVAIL; *minor = GSSEAP_GET_LAST_ERROR(); /* XXX */ goto cleanup; } snprintf(buf, sizeof(buf), "%s/.gss_eap_id", szPath); #else if (getpwuid_r(getuid(), &pwd, pwbuf, sizeof(pwbuf), &pw) != 0 || pw == NULL || pw->pw_dir == NULL) { major = GSS_S_CRED_UNAVAIL; *minor = GSSEAP_GET_LAST_ERROR(); goto cleanup; } snprintf(buf, sizeof(buf), "%s/.gss_eap_id", pw->pw_dir); #endif /* WIN32 */ ccacheName = buf; } fp = fopen(ccacheName, "r"); if (fp == NULL) { major = GSS_S_CRED_UNAVAIL; *minor = GSSEAP_NO_DEFAULT_CRED; goto cleanup; } while (fgets(buf, sizeof(buf), fp) != NULL) { gss_buffer_desc src, *dst; src.length = strlen(buf); src.value = buf; if (src.length == 0) break; if (buf[src.length - 1] == '\n') { buf[src.length - 1] = '\0'; if (--src.length == 0) break; } if (i == 0) dst = defaultIdentity; else if (i == 1) dst = defaultPassword; else break; if (dst != GSS_C_NO_BUFFER) { major = duplicateBuffer(minor, &src, dst); if (GSS_ERROR(major)) goto cleanup; } i++; } if (defaultIdentity->length == 0) { major = GSS_S_CRED_UNAVAIL; *minor = GSSEAP_NO_DEFAULT_CRED; goto cleanup; } major = GSS_S_COMPLETE; *minor = 0; cleanup: if (fp != NULL) fclose(fp); if (GSS_ERROR(major)) { gss_release_buffer(&tmpMinor, defaultIdentity); zeroAndReleasePassword(defaultPassword); } memset(buf, 0, sizeof(buf)); return major; } gss_OID gssEapPrimaryMechForCred(gss_cred_id_t cred) { gss_OID credMech = GSS_C_NO_OID; if (cred != GSS_C_NO_CREDENTIAL && cred->mechanisms != GSS_C_NO_OID_SET && cred->mechanisms->count == 1) credMech = &cred->mechanisms->elements[0]; return credMech; } OM_uint32 gssEapAcquireCred(OM_uint32 *minor, const gss_name_t desiredName, OM_uint32 timeReq GSSEAP_UNUSED, const gss_OID_set desiredMechs, int credUsage, gss_cred_id_t *pCred, gss_OID_set *pActualMechs, OM_uint32 *timeRec) { OM_uint32 major, tmpMinor; gss_cred_id_t cred; /* XXX TODO validate with changed set_cred_option API */ *pCred = GSS_C_NO_CREDENTIAL; major = gssEapAllocCred(minor, &cred); if (GSS_ERROR(major)) goto cleanup; switch (credUsage) { case GSS_C_BOTH: cred->flags |= CRED_FLAG_INITIATE | CRED_FLAG_ACCEPT; break; case GSS_C_INITIATE: cred->flags |= CRED_FLAG_INITIATE; break; case GSS_C_ACCEPT: cred->flags |= CRED_FLAG_ACCEPT; break; default: major = GSS_S_FAILURE; *minor = GSSEAP_BAD_USAGE; goto cleanup; break; } major = gssEapValidateMechs(minor, desiredMechs); if (GSS_ERROR(major)) goto cleanup; major = duplicateOidSet(minor, desiredMechs, &cred->mechanisms); if (GSS_ERROR(major)) goto cleanup; if (desiredName != GSS_C_NO_NAME) { GSSEAP_MUTEX_LOCK(&desiredName->mutex); major = gssEapDuplicateName(minor, desiredName, &cred->name); if (GSS_ERROR(major)) { GSSEAP_MUTEX_UNLOCK(&desiredName->mutex); goto cleanup; } GSSEAP_MUTEX_UNLOCK(&desiredName->mutex); } #ifdef GSSEAP_ENABLE_ACCEPTOR if (cred->flags & CRED_FLAG_ACCEPT) { struct rs_context *radContext; major = gssEapCreateRadiusContext(minor, cred, &radContext); if (GSS_ERROR(major)) goto cleanup; rs_context_destroy(radContext); } #endif if (pActualMechs != NULL) { major = duplicateOidSet(minor, cred->mechanisms, pActualMechs); if (GSS_ERROR(major)) goto cleanup; } if (timeRec != NULL) *timeRec = GSS_C_INDEFINITE; *pCred = cred; major = GSS_S_COMPLETE; *minor = 0; cleanup: if (GSS_ERROR(major)) gssEapReleaseCred(&tmpMinor, &cred); return major; } /* * Return TRUE if cred available for mechanism. Caller need no acquire * lock because mechanisms list is immutable. */ int gssEapCredAvailable(gss_cred_id_t cred, gss_OID mech) { OM_uint32 minor; int present = 0; GSSEAP_ASSERT(mech != GSS_C_NO_OID); if (cred == GSS_C_NO_CREDENTIAL || cred->mechanisms == GSS_C_NO_OID_SET) return TRUE; gss_test_oid_set_member(&minor, mech, cred->mechanisms, &present); return present; } static OM_uint32 staticIdentityFileResolveDefaultIdentity(OM_uint32 *minor, const gss_cred_id_t cred, gss_name_t *pName) { OM_uint32 major, tmpMinor; gss_OID nameMech = gssEapPrimaryMechForCred(cred); gss_buffer_desc defaultIdentity = GSS_C_EMPTY_BUFFER; *pName = GSS_C_NO_NAME; major = readStaticIdentityFile(minor, &defaultIdentity, GSS_C_NO_BUFFER); if (major == GSS_S_COMPLETE) { major = gssEapImportName(minor, &defaultIdentity, GSS_C_NT_USER_NAME, nameMech, pName); } gss_release_buffer(&tmpMinor, &defaultIdentity); return major; } static OM_uint32 gssEapResolveCredIdentity(OM_uint32 *minor, gss_cred_id_t cred) { OM_uint32 major; gss_OID nameMech = gssEapPrimaryMechForCred(cred); if (cred->name != GSS_C_NO_NAME) { *minor = 0; return GSS_S_COMPLETE; } if (cred->flags & CRED_FLAG_ACCEPT) { gss_buffer_desc nameBuf = GSS_C_EMPTY_BUFFER; char serviceName[5 + MAXHOSTNAMELEN]; /* default host-based service is host@localhost */ memcpy(serviceName, "host@", 5); if (gethostname(&serviceName[5], MAXHOSTNAMELEN) != 0) { *minor = GSSEAP_NO_HOSTNAME; return GSS_S_FAILURE; } nameBuf.value = serviceName; nameBuf.length = strlen((char *)nameBuf.value); major = gssEapImportName(minor, &nameBuf, GSS_C_NT_HOSTBASED_SERVICE, nameMech, &cred->name); if (GSS_ERROR(major)) return major; } else if (cred->flags & CRED_FLAG_INITIATE) { #ifdef HAVE_MOONSHOT_GET_IDENTITY major = libMoonshotResolveDefaultIdentity(minor, cred, &cred->name); if (major == GSS_S_CRED_UNAVAIL) #endif major = staticIdentityFileResolveDefaultIdentity(minor, cred, &cred->name); if (major != GSS_S_CRED_UNAVAIL) return major; } *minor = 0; return GSS_S_COMPLETE; } OM_uint32 gssEapInquireCred(OM_uint32 *minor, gss_cred_id_t cred, gss_name_t *name, OM_uint32 *pLifetime, gss_cred_usage_t *cred_usage, gss_OID_set *mechanisms) { OM_uint32 major; time_t now, lifetime; if (name != NULL) { major = gssEapResolveCredIdentity(minor, cred); if (GSS_ERROR(major)) goto cleanup; if (cred->name != GSS_C_NO_NAME) { major = gssEapDuplicateName(minor, cred->name, name); if (GSS_ERROR(major)) goto cleanup; } else *name = GSS_C_NO_NAME; } if (cred_usage != NULL) { OM_uint32 flags = (cred->flags & (CRED_FLAG_INITIATE | CRED_FLAG_ACCEPT)); switch (flags) { case CRED_FLAG_INITIATE: *cred_usage = GSS_C_INITIATE; break; case CRED_FLAG_ACCEPT: *cred_usage = GSS_C_ACCEPT; break; default: *cred_usage = GSS_C_BOTH; break; } } if (mechanisms != NULL) { if (cred->mechanisms != GSS_C_NO_OID_SET) major = duplicateOidSet(minor, cred->mechanisms, mechanisms); else major = gssEapIndicateMechs(minor, mechanisms); if (GSS_ERROR(major)) goto cleanup; } if (cred->expiryTime == 0) { lifetime = GSS_C_INDEFINITE; } else { now = time(NULL); lifetime = now - cred->expiryTime; if (lifetime < 0) lifetime = 0; } if (pLifetime != NULL) { *pLifetime = lifetime; } if (lifetime == 0) { major = GSS_S_CREDENTIALS_EXPIRED; *minor = GSSEAP_CRED_EXPIRED; goto cleanup; } major = GSS_S_COMPLETE; *minor = 0; cleanup: return major; } OM_uint32 gssEapSetCredPassword(OM_uint32 *minor, gss_cred_id_t cred, const gss_buffer_t password) { OM_uint32 major, tmpMinor; gss_buffer_desc newPassword = GSS_C_EMPTY_BUFFER; if (cred->flags & CRED_FLAG_RESOLVED) { major = GSS_S_FAILURE; *minor = GSSEAP_CRED_RESOLVED; goto cleanup; } if (password != GSS_C_NO_BUFFER) { major = duplicateBuffer(minor, password, &newPassword); if (GSS_ERROR(major)) goto cleanup; cred->flags |= CRED_FLAG_PASSWORD; } else { cred->flags &= ~(CRED_FLAG_PASSWORD); } gss_release_buffer(&tmpMinor, &cred->password); cred->password = newPassword; major = GSS_S_COMPLETE; *minor = 0; cleanup: return major; } /* * Currently only the privateKey path is exposed to the application * (via gss_set_cred_option() or the third line in ~/.gss_eap_id). * At some point in the future we may add support for setting the * client certificate separately. */ OM_uint32 gssEapSetCredClientCertificate(OM_uint32 *minor, gss_cred_id_t cred, const gss_buffer_t clientCert, const gss_buffer_t privateKey) { OM_uint32 major, tmpMinor; gss_buffer_desc newClientCert = GSS_C_EMPTY_BUFFER; gss_buffer_desc newPrivateKey = GSS_C_EMPTY_BUFFER; if (cred->flags & CRED_FLAG_RESOLVED) { major = GSS_S_FAILURE; *minor = GSSEAP_CRED_RESOLVED; goto cleanup; } if (clientCert == GSS_C_NO_BUFFER && privateKey == GSS_C_NO_BUFFER) { cred->flags &= ~(CRED_FLAG_CERTIFICATE); major = GSS_S_COMPLETE; *minor = 0; goto cleanup; } if (clientCert != GSS_C_NO_BUFFER) { major = duplicateBuffer(minor, clientCert, &newClientCert); if (GSS_ERROR(major)) goto cleanup; } if (privateKey != GSS_C_NO_BUFFER) { major = duplicateBuffer(minor, privateKey, &newPrivateKey); if (GSS_ERROR(major)) goto cleanup; } cred->flags |= CRED_FLAG_CERTIFICATE; gss_release_buffer(&tmpMinor, &cred->clientCertificate); cred->clientCertificate = newClientCert; gss_release_buffer(&tmpMinor, &cred->privateKey); cred->privateKey = newPrivateKey; major = GSS_S_COMPLETE; *minor = 0; cleanup: if (GSS_ERROR(major)) { gss_release_buffer(&tmpMinor, &newClientCert); gss_release_buffer(&tmpMinor, &newPrivateKey); } return major; } OM_uint32 gssEapSetCredService(OM_uint32 *minor, gss_cred_id_t cred, const gss_name_t target) { OM_uint32 major, tmpMinor; gss_name_t newTarget = GSS_C_NO_NAME; if (cred->flags & CRED_FLAG_RESOLVED) { major = GSS_S_FAILURE; *minor = GSSEAP_CRED_RESOLVED; goto cleanup; } if (target != GSS_C_NO_NAME) { major = gssEapDuplicateName(minor, target, &newTarget); if (GSS_ERROR(major)) goto cleanup; cred->flags |= CRED_FLAG_TARGET; } else { cred->flags &= ~(CRED_FLAG_TARGET); } gssEapReleaseName(&tmpMinor, &cred->target); cred->target = newTarget; major = GSS_S_COMPLETE; *minor = 0; cleanup: return major; } static OM_uint32 gssEapDuplicateCred(OM_uint32 *minor, const gss_cred_id_t src, gss_cred_id_t *pDst) { OM_uint32 major, tmpMinor; gss_cred_id_t dst = GSS_C_NO_CREDENTIAL; *pDst = GSS_C_NO_CREDENTIAL; major = gssEapAllocCred(minor, &dst); if (GSS_ERROR(major)) goto cleanup; dst->flags = src->flags; if (src->name != GSS_C_NO_NAME) { major = gssEapDuplicateName(minor, src->name, &dst->name); if (GSS_ERROR(major)) goto cleanup; } if (src->target != GSS_C_NO_NAME) { major = gssEapDuplicateName(minor, src->target, &dst->target); if (GSS_ERROR(major)) goto cleanup; } if (src->password.value != NULL) { major = duplicateBuffer(minor, &src->password, &dst->password); if (GSS_ERROR(major)) goto cleanup; } major = duplicateOidSet(minor, src->mechanisms, &dst->mechanisms); if (GSS_ERROR(major)) goto cleanup; dst->expiryTime = src->expiryTime; if (src->radiusConfigFile.value != NULL) duplicateBufferOrCleanup(&src->radiusConfigFile, &dst->radiusConfigFile); if (src->radiusConfigStanza.value != NULL) duplicateBufferOrCleanup(&src->radiusConfigStanza, &dst->radiusConfigStanza); if (src->caCertificate.value != NULL) duplicateBufferOrCleanup(&src->caCertificate, &dst->caCertificate); if (src->caCertificateBlob.value != NULL) duplicateBufferOrCleanup(&src->caCertificateBlob, &dst->caCertificateBlob); if (src->subjectNameConstraint.value != NULL) duplicateBufferOrCleanup(&src->subjectNameConstraint, &dst->subjectNameConstraint); if (src->subjectAltNameConstraint.value != NULL) duplicateBufferOrCleanup(&src->subjectAltNameConstraint, &dst->subjectAltNameConstraint); if (src->clientCertificate.value != NULL) duplicateBufferOrCleanup(&src->clientCertificate, &dst->clientCertificate); if (src->privateKey.value != NULL) duplicateBufferOrCleanup(&src->privateKey, &dst->privateKey); #ifdef GSSEAP_ENABLE_REAUTH /* XXX krbCredCache, reauthCred */ #endif *pDst = dst; dst = GSS_C_NO_CREDENTIAL; major = GSS_S_COMPLETE; *minor = 0; cleanup: gssEapReleaseCred(&tmpMinor, &dst); return major; } static OM_uint32 staticIdentityFileResolveInitiatorCred(OM_uint32 *minor, gss_cred_id_t cred) { OM_uint32 major, tmpMinor; gss_buffer_desc defaultIdentity = GSS_C_EMPTY_BUFFER; gss_name_t defaultIdentityName = GSS_C_NO_NAME; gss_buffer_desc defaultPassword = GSS_C_EMPTY_BUFFER; int isDefaultIdentity = FALSE; major = readStaticIdentityFile(minor, &defaultIdentity, &defaultPassword); if (GSS_ERROR(major)) goto cleanup; major = gssEapImportName(minor, &defaultIdentity, GSS_C_NT_USER_NAME, gssEapPrimaryMechForCred(cred), &defaultIdentityName); if (GSS_ERROR(major)) goto cleanup; if (defaultIdentityName == GSS_C_NO_NAME) { if (cred->name == GSS_C_NO_NAME) { major = GSS_S_CRED_UNAVAIL; *minor = GSSEAP_NO_DEFAULT_IDENTITY; goto cleanup; } } else { if (cred->name == GSS_C_NO_NAME) { cred->name = defaultIdentityName; defaultIdentityName = GSS_C_NO_NAME; isDefaultIdentity = TRUE; } else { major = gssEapCompareName(minor, cred->name, defaultIdentityName, 0, &isDefaultIdentity); if (GSS_ERROR(major)) goto cleanup; } } if (isDefaultIdentity && (cred->flags & CRED_FLAG_PASSWORD) == 0) { major = gssEapSetCredPassword(minor, cred, &defaultPassword); if (GSS_ERROR(major)) goto cleanup; } cleanup: gssEapReleaseName(&tmpMinor, &defaultIdentityName); zeroAndReleasePassword(&defaultPassword); gss_release_buffer(&tmpMinor, &defaultIdentity); return major; } OM_uint32 gssEapResolveInitiatorCred(OM_uint32 *minor, const gss_cred_id_t cred, const gss_name_t targetName #ifndef HAVE_MOONSHOT_GET_IDENTITY GSSEAP_UNUSED #endif , gss_cred_id_t *pResolvedCred) { OM_uint32 major, tmpMinor; gss_cred_id_t resolvedCred = GSS_C_NO_CREDENTIAL; if (cred == GSS_C_NO_CREDENTIAL) { major = gssEapAcquireCred(minor, GSS_C_NO_NAME, GSS_C_INDEFINITE, GSS_C_NO_OID_SET, GSS_C_INITIATE, &resolvedCred, NULL, NULL); if (GSS_ERROR(major)) goto cleanup; } else { if ((cred->flags & CRED_FLAG_INITIATE) == 0) { major = GSS_S_NO_CRED; *minor = GSSEAP_CRED_USAGE_MISMATCH; goto cleanup; } major = gssEapDuplicateCred(minor, cred, &resolvedCred); if (GSS_ERROR(major)) goto cleanup; } if ((resolvedCred->flags & CRED_FLAG_RESOLVED) == 0) { #ifdef HAVE_MOONSHOT_GET_IDENTITY major = libMoonshotResolveInitiatorCred(minor, resolvedCred, targetName); if (major == GSS_S_CRED_UNAVAIL) #endif major = staticIdentityFileResolveInitiatorCred(minor, resolvedCred); if (GSS_ERROR(major) && major != GSS_S_CRED_UNAVAIL) goto cleanup; /* If we have a caller-supplied password, the credential is resolved. */ if ((resolvedCred->flags & (CRED_FLAG_PASSWORD | CRED_FLAG_CERTIFICATE)) == 0) { major = GSS_S_CRED_UNAVAIL; *minor = GSSEAP_NO_DEFAULT_CRED; goto cleanup; } resolvedCred->flags |= CRED_FLAG_RESOLVED; } *pResolvedCred = resolvedCred; resolvedCred = GSS_C_NO_CREDENTIAL; major = GSS_S_COMPLETE; *minor = 0; cleanup: gssEapReleaseCred(&tmpMinor, &resolvedCred); return major; } mech_eap-0.9.2/mech_eap/export_name.c0000644001755200017500000000411712406014472014444 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * Serialise a name. */ #include "gssapiP_eap.h" OM_uint32 GSSAPI_CALLCONV gss_export_name(OM_uint32 *minor, const gss_name_t input_name, gss_buffer_t exported_name) { OM_uint32 major; *minor = 0; if (input_name == GSS_C_NO_NAME) { *minor = EINVAL; return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_BAD_NAME; } GSSEAP_MUTEX_LOCK(&input_name->mutex); major = gssEapExportName(minor, input_name, exported_name); GSSEAP_MUTEX_UNLOCK(&input_name->mutex); return major; } mech_eap-0.9.2/mech_eap/util_attr.cpp0000644001755200017500000007203712406014472014500 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * Attribute provider mechanism. */ #include "gssapiP_eap.h" #include #include #include #include #include /* lazy initialisation */ static GSSEAP_THREAD_ONCE gssEapAttrProvidersInitOnce = GSSEAP_ONCE_INITIALIZER; static OM_uint32 gssEapAttrProvidersInitStatus = GSS_S_UNAVAILABLE; GSSEAP_ONCE_CALLBACK(gssEapAttrProvidersInitInternal) { OM_uint32 major, minor; GSSEAP_ASSERT(gssEapAttrProvidersInitStatus == GSS_S_UNAVAILABLE); json_set_alloc_funcs(GSSEAP_MALLOC, GSSEAP_FREE); major = gssEapRadiusAttrProviderInit(&minor); if (GSS_ERROR(major)) goto cleanup; #ifdef HAVE_SHIBRESOLVER /* Allow Shibboleth initialization failure to be non-fatal */ gssEapLocalAttrProviderInit(&minor); #endif #ifdef HAVE_OPENSAML major = gssEapSamlAttrProvidersInit(&minor); if (GSS_ERROR(major)) goto cleanup; #endif cleanup: #ifdef GSSEAP_DEBUG GSSEAP_ASSERT(major == GSS_S_COMPLETE); #endif gssEapAttrProvidersInitStatus = major; GSSEAP_ONCE_LEAVE; } static OM_uint32 gssEapAttrProvidersInit(OM_uint32 *minor) { GSSEAP_ONCE(&gssEapAttrProvidersInitOnce, gssEapAttrProvidersInitInternal); if (GSS_ERROR(gssEapAttrProvidersInitStatus)) *minor = GSSEAP_NO_ATTR_PROVIDERS; return gssEapAttrProvidersInitStatus; } OM_uint32 gssEapAttrProvidersFinalize(OM_uint32 *minor) { if (gssEapAttrProvidersInitStatus == GSS_S_COMPLETE) { #ifdef HAVE_SHIBRESOLVER gssEapLocalAttrProviderFinalize(minor); #endif #ifdef HAVE_OPENSAML gssEapSamlAttrProvidersFinalize(minor); #endif gssEapRadiusAttrProviderFinalize(minor); gssEapAttrProvidersInitStatus = GSS_S_UNAVAILABLE; } return GSS_S_COMPLETE; } static gss_eap_attr_create_provider gssEapAttrFactories[ATTR_TYPE_MAX + 1]; /* * Register a provider for a particular type and prefix */ void gss_eap_attr_ctx::registerProvider(unsigned int type, gss_eap_attr_create_provider factory) { GSSEAP_ASSERT(type <= ATTR_TYPE_MAX); GSSEAP_ASSERT(gssEapAttrFactories[type] == NULL); gssEapAttrFactories[type] = factory; } /* * Unregister a provider */ void gss_eap_attr_ctx::unregisterProvider(unsigned int type) { GSSEAP_ASSERT(type <= ATTR_TYPE_MAX); gssEapAttrFactories[type] = NULL; } /* * Create an attribute context, that manages instances of providers */ gss_eap_attr_ctx::gss_eap_attr_ctx(void) { m_flags = 0; for (unsigned int i = ATTR_TYPE_MIN; i <= ATTR_TYPE_MAX; i++) { gss_eap_attr_provider *provider; if (gssEapAttrFactories[i] != NULL) { provider = (gssEapAttrFactories[i])(); } else { provider = NULL; } m_providers[i] = provider; } } /* * Convert an attribute prefix to a type */ unsigned int gss_eap_attr_ctx::attributePrefixToType(const gss_buffer_t prefix) const { unsigned int i; for (i = ATTR_TYPE_MIN; i < ATTR_TYPE_MAX; i++) { const char *pprefix; if (!providerEnabled(i)) continue; pprefix = m_providers[i]->prefix(); if (pprefix == NULL) continue; if (strlen(pprefix) == prefix->length && memcmp(pprefix, prefix->value, prefix->length) == 0) return i; } return ATTR_TYPE_LOCAL; } /* * Convert a type to an attribute prefix */ gss_buffer_desc gss_eap_attr_ctx::attributeTypeToPrefix(unsigned int type) const { gss_buffer_desc prefix = GSS_C_EMPTY_BUFFER; if (type < ATTR_TYPE_MIN || type >= ATTR_TYPE_MAX) return prefix; if (!providerEnabled(type)) return prefix; prefix.value = (void *)m_providers[type]->prefix(); if (prefix.value != NULL) prefix.length = strlen((char *)prefix.value); return prefix; } bool gss_eap_attr_ctx::providerEnabled(unsigned int type) const { if (type == ATTR_TYPE_LOCAL && (m_flags & ATTR_FLAG_DISABLE_LOCAL)) return false; if (m_providers[type] == NULL) return false; return true; } void gss_eap_attr_ctx::releaseProvider(unsigned int type) { delete m_providers[type]; m_providers[type] = NULL; } /* * Initialize a context from an existing context. */ bool gss_eap_attr_ctx::initWithExistingContext(const gss_eap_attr_ctx *manager) { bool ret = true; m_flags = manager->m_flags; for (unsigned int i = ATTR_TYPE_MIN; i <= ATTR_TYPE_MAX; i++) { gss_eap_attr_provider *provider; if (!providerEnabled(i)) { releaseProvider(i); continue; } provider = m_providers[i]; ret = provider->initWithExistingContext(this, manager->m_providers[i]); if (ret == false) { releaseProvider(i); break; } } return ret; } /* * Initialize a context from a GSS credential and context. */ bool gss_eap_attr_ctx::initWithGssContext(const gss_cred_id_t cred, const gss_ctx_id_t ctx) { bool ret = true; if (cred != GSS_C_NO_CREDENTIAL && (cred->flags & GSS_EAP_DISABLE_LOCAL_ATTRS_FLAG)) { m_flags |= ATTR_FLAG_DISABLE_LOCAL; } for (unsigned int i = ATTR_TYPE_MIN; i <= ATTR_TYPE_MAX; i++) { gss_eap_attr_provider *provider; if (!providerEnabled(i)) { releaseProvider(i); continue; } provider = m_providers[i]; ret = provider->initWithGssContext(this, cred, ctx); if (ret == false) { releaseProvider(i); break; } } return ret; } bool gss_eap_attr_ctx::initWithJsonObject(JSONObject &obj) { bool ret = false; bool foundSource[ATTR_TYPE_MAX + 1]; unsigned int type; for (type = ATTR_TYPE_MIN; type <= ATTR_TYPE_MAX; type++) foundSource[type] = false; if (obj["version"].integer() != 1) return false; m_flags = obj["flags"].integer(); JSONObject sources = obj["sources"]; /* Initialize providers from serialized state */ for (type = ATTR_TYPE_MIN; type <= ATTR_TYPE_MAX; type++) { gss_eap_attr_provider *provider; const char *key; if (!providerEnabled(type)) { releaseProvider(type); continue; } provider = m_providers[type]; key = provider->name(); if (key == NULL) continue; JSONObject source = sources.get(key); if (!source.isNull() && !provider->initWithJsonObject(this, source)) { releaseProvider(type); return false; } foundSource[type] = true; } /* Initialize remaining providers from initialized providers */ for (type = ATTR_TYPE_MIN; type <= ATTR_TYPE_MAX; type++) { gss_eap_attr_provider *provider; if (foundSource[type] || !providerEnabled(type)) continue; provider = m_providers[type]; ret = provider->initWithGssContext(this, GSS_C_NO_CREDENTIAL, GSS_C_NO_CONTEXT); if (ret == false) { releaseProvider(type); return false; } } return true; } JSONObject gss_eap_attr_ctx::jsonRepresentation(void) const { JSONObject obj, sources; unsigned int i; obj.set("version", 1); obj.set("flags", m_flags); for (i = ATTR_TYPE_MIN; i <= ATTR_TYPE_MAX; i++) { gss_eap_attr_provider *provider; const char *key; provider = m_providers[i]; if (provider == NULL) continue; /* provider not initialised */ key = provider->name(); if (key == NULL) continue; /* provider does not have state */ JSONObject source = provider->jsonRepresentation(); sources.set(key, source); } obj.set("sources", sources); return obj; } /* * Initialize a context from an exported context or name token */ bool gss_eap_attr_ctx::initWithBuffer(const gss_buffer_t buffer) { OM_uint32 major, minor; bool ret; char *s; json_error_t error; major = bufferToString(&minor, buffer, &s); if (GSS_ERROR(major)) return false; JSONObject obj = JSONObject::load(s, 0, &error); if (!obj.isNull()) { ret = initWithJsonObject(obj); } else ret = false; GSSEAP_FREE(s); return ret; } gss_eap_attr_ctx::~gss_eap_attr_ctx(void) { for (unsigned int i = ATTR_TYPE_MIN; i <= ATTR_TYPE_MAX; i++) delete m_providers[i]; } /* * Locate provider for a given type */ gss_eap_attr_provider * gss_eap_attr_ctx::getProvider(unsigned int type) const { GSSEAP_ASSERT(type >= ATTR_TYPE_MIN && type <= ATTR_TYPE_MAX); return m_providers[type]; } /* * Get primary provider. Only the primary provider is serialised when * gss_export_sec_context() or gss_export_name_composite() is called. */ gss_eap_attr_provider * gss_eap_attr_ctx::getPrimaryProvider(void) const { return m_providers[ATTR_TYPE_MIN]; } /* * Set an attribute */ bool gss_eap_attr_ctx::setAttribute(int complete, const gss_buffer_t attr, const gss_buffer_t value) { gss_buffer_desc suffix = GSS_C_EMPTY_BUFFER; unsigned int type; gss_eap_attr_provider *provider; bool ret = false; decomposeAttributeName(attr, &type, &suffix); provider = m_providers[type]; if (provider != NULL) { ret = provider->setAttribute(complete, (type == ATTR_TYPE_LOCAL) ? attr : &suffix, value); } return ret; } /* * Delete an attrbiute */ bool gss_eap_attr_ctx::deleteAttribute(const gss_buffer_t attr) { gss_buffer_desc suffix = GSS_C_EMPTY_BUFFER; unsigned int type; gss_eap_attr_provider *provider; bool ret = false; decomposeAttributeName(attr, &type, &suffix); provider = m_providers[type]; if (provider != NULL) { ret = provider->deleteAttribute(type == ATTR_TYPE_LOCAL ? attr : &suffix); } return ret; } /* * Enumerate attribute types with callback */ bool gss_eap_attr_ctx::getAttributeTypes(gss_eap_attr_enumeration_cb cb, void *data) const { bool ret = false; size_t i; for (i = ATTR_TYPE_MIN; i <= ATTR_TYPE_MAX; i++) { gss_eap_attr_provider *provider = m_providers[i]; if (provider == NULL) continue; ret = provider->getAttributeTypes(cb, data); if (ret == false) break; } return ret; } struct eap_gss_get_attr_types_args { unsigned int type; gss_buffer_set_t attrs; }; static bool addAttribute(const gss_eap_attr_ctx *manager, const gss_eap_attr_provider *provider GSSEAP_UNUSED, const gss_buffer_t attribute, void *data) { eap_gss_get_attr_types_args *args = (eap_gss_get_attr_types_args *)data; gss_buffer_desc qualified; OM_uint32 major, minor; if (args->type != ATTR_TYPE_LOCAL) { manager->composeAttributeName(args->type, attribute, &qualified); major = gss_add_buffer_set_member(&minor, &qualified, &args->attrs); gss_release_buffer(&minor, &qualified); } else { major = gss_add_buffer_set_member(&minor, attribute, &args->attrs); } return GSS_ERROR(major) == false; } /* * Enumerate attribute types, output is buffer set */ bool gss_eap_attr_ctx::getAttributeTypes(gss_buffer_set_t *attrs) { eap_gss_get_attr_types_args args; OM_uint32 major, minor; bool ret = false; unsigned int i; major = gss_create_empty_buffer_set(&minor, attrs); if (GSS_ERROR(major)) throw std::bad_alloc(); args.attrs = *attrs; for (i = ATTR_TYPE_MIN; i <= ATTR_TYPE_MAX; i++) { gss_eap_attr_provider *provider = m_providers[i]; args.type = i; if (provider == NULL) continue; ret = provider->getAttributeTypes(addAttribute, (void *)&args); if (ret == false) break; } if (ret == false) gss_release_buffer_set(&minor, attrs); return ret; } /* * Get attribute with given name */ bool gss_eap_attr_ctx::getAttribute(const gss_buffer_t attr, int *authenticated, int *complete, gss_buffer_t value, gss_buffer_t display_value, int *more) const { gss_buffer_desc suffix = GSS_C_EMPTY_BUFFER; unsigned int type; gss_eap_attr_provider *provider; bool ret; decomposeAttributeName(attr, &type, &suffix); provider = m_providers[type]; if (provider == NULL) return false; ret = provider->getAttribute(type == ATTR_TYPE_LOCAL ? attr : &suffix, authenticated, complete, value, display_value, more); return ret; } /* * Map attribute context to C++ object */ gss_any_t gss_eap_attr_ctx::mapToAny(int authenticated, gss_buffer_t type_id) const { unsigned int type; gss_eap_attr_provider *provider; gss_buffer_desc suffix; decomposeAttributeName(type_id, &type, &suffix); provider = m_providers[type]; if (provider == NULL) return (gss_any_t)NULL; return provider->mapToAny(authenticated, &suffix); } /* * Release mapped context */ void gss_eap_attr_ctx::releaseAnyNameMapping(gss_buffer_t type_id, gss_any_t input) const { unsigned int type; gss_eap_attr_provider *provider; gss_buffer_desc suffix; decomposeAttributeName(type_id, &type, &suffix); provider = m_providers[type]; if (provider != NULL) provider->releaseAnyNameMapping(&suffix, input); } /* * Export attribute context to buffer */ void gss_eap_attr_ctx::exportToBuffer(gss_buffer_t buffer) const { OM_uint32 minor; char *s; JSONObject obj = jsonRepresentation(); #if 0 obj.dump(stdout); #endif s = obj.dump(JSON_COMPACT); if (GSS_ERROR(makeStringBuffer(&minor, s, buffer))) throw std::bad_alloc(); } /* * Return soonest expiry time of providers */ time_t gss_eap_attr_ctx::getExpiryTime(void) const { unsigned int i; time_t expiryTime = 0; for (i = ATTR_TYPE_MIN; i <= ATTR_TYPE_MAX; i++) { gss_eap_attr_provider *provider = m_providers[i]; time_t providerExpiryTime; if (provider == NULL) continue; providerExpiryTime = provider->getExpiryTime(); if (providerExpiryTime == 0) continue; if (expiryTime == 0 || providerExpiryTime < expiryTime) expiryTime = providerExpiryTime; } return expiryTime; } OM_uint32 gss_eap_attr_ctx::mapException(OM_uint32 *minor, std::exception &e) const { unsigned int i; OM_uint32 major; /* Errors we handle ourselves */ if (typeid(e) == typeid(std::bad_alloc)) { major = GSS_S_FAILURE; *minor = ENOMEM; goto cleanup; } else if (typeid(e) == typeid(JSONException)) { major = GSS_S_BAD_NAME; *minor = GSSEAP_BAD_ATTR_TOKEN; gssEapSaveStatusInfo(*minor, "%s", e.what()); goto cleanup; } /* Errors we delegate to providers */ major = GSS_S_CONTINUE_NEEDED; for (i = ATTR_TYPE_MIN; i <= ATTR_TYPE_MAX; i++) { gss_eap_attr_provider *provider = m_providers[i]; if (provider == NULL) continue; major = provider->mapException(minor, e); if (major != GSS_S_CONTINUE_NEEDED) break; } if (major == GSS_S_CONTINUE_NEEDED) { *minor = GSSEAP_ATTR_CONTEXT_FAILURE; major = GSS_S_FAILURE; } cleanup: GSSEAP_ASSERT(GSS_ERROR(major)); return major; } /* * Decompose attribute name into prefix and suffix */ void gss_eap_attr_ctx::decomposeAttributeName(const gss_buffer_t attribute, gss_buffer_t prefix, gss_buffer_t suffix) { char *p = NULL; size_t i; for (i = 0; i < attribute->length; i++) { if (((char *)attribute->value)[i] == ' ') { p = (char *)attribute->value + i + 1; break; } } prefix->value = attribute->value; prefix->length = i; if (p != NULL && *p != '\0') { suffix->length = attribute->length - 1 - prefix->length; suffix->value = p; } else { suffix->length = 0; suffix->value = NULL; } } /* * Decompose attribute name into type and suffix */ void gss_eap_attr_ctx::decomposeAttributeName(const gss_buffer_t attribute, unsigned int *type, gss_buffer_t suffix) const { gss_buffer_desc prefix = GSS_C_EMPTY_BUFFER; decomposeAttributeName(attribute, &prefix, suffix); *type = attributePrefixToType(&prefix); } /* * Compose attribute name from prefix, suffix; returns C++ string */ std::string gss_eap_attr_ctx::composeAttributeName(const gss_buffer_t prefix, const gss_buffer_t suffix) { std::string str; if (prefix == GSS_C_NO_BUFFER || prefix->length == 0) return str; str.append((const char *)prefix->value, prefix->length); if (suffix != GSS_C_NO_BUFFER) { str.append(" "); str.append((const char *)suffix->value, suffix->length); } return str; } /* * Compose attribute name from type, suffix; returns C++ string */ std::string gss_eap_attr_ctx::composeAttributeName(unsigned int type, const gss_buffer_t suffix) { gss_buffer_desc prefix = attributeTypeToPrefix(type); return composeAttributeName(&prefix, suffix); } /* * Compose attribute name from prefix, suffix; returns GSS buffer */ void gss_eap_attr_ctx::composeAttributeName(const gss_buffer_t prefix, const gss_buffer_t suffix, gss_buffer_t attribute) { std::string str = composeAttributeName(prefix, suffix); if (str.length() != 0) { return duplicateBuffer(str, attribute); } else { attribute->length = 0; attribute->value = NULL; } } /* * Compose attribute name from type, suffix; returns GSS buffer */ void gss_eap_attr_ctx::composeAttributeName(unsigned int type, const gss_buffer_t suffix, gss_buffer_t attribute) const { gss_buffer_desc prefix = attributeTypeToPrefix(type); return composeAttributeName(&prefix, suffix, attribute); } /* * C wrappers */ OM_uint32 gssEapInquireName(OM_uint32 *minor, gss_name_t name, int *name_is_MN, gss_OID *MN_mech, gss_buffer_set_t *attrs) { OM_uint32 major; if (name_is_MN != NULL) *name_is_MN = (name->mechanismUsed != GSS_C_NULL_OID); if (MN_mech != NULL) { major = gssEapCanonicalizeOid(minor, name->mechanismUsed, OID_FLAG_NULL_VALID, MN_mech); if (GSS_ERROR(major)) return major; } if (name->attrCtx == NULL) { *minor = GSSEAP_NO_ATTR_CONTEXT; return GSS_S_UNAVAILABLE; } if (GSS_ERROR(gssEapAttrProvidersInit(minor))) { return GSS_S_UNAVAILABLE; } try { if (!name->attrCtx->getAttributeTypes(attrs)) { *minor = GSSEAP_NO_ATTR_CONTEXT; return GSS_S_UNAVAILABLE; } } catch (std::exception &e) { return name->attrCtx->mapException(minor, e); } return GSS_S_COMPLETE; } OM_uint32 gssEapGetNameAttribute(OM_uint32 *minor, gss_name_t name, gss_buffer_t attr, int *authenticated, int *complete, gss_buffer_t value, gss_buffer_t display_value, int *more) { if (authenticated != NULL) *authenticated = 0; if (complete != NULL) *complete = 0; if (value != NULL) { value->length = 0; value->value = NULL; } if (display_value != NULL) { display_value->length = 0; display_value->value = NULL; } if (name->attrCtx == NULL) { *minor = GSSEAP_NO_ATTR_CONTEXT; return GSS_S_UNAVAILABLE; } if (GSS_ERROR(gssEapAttrProvidersInit(minor))) { return GSS_S_UNAVAILABLE; } try { if (!name->attrCtx->getAttribute(attr, authenticated, complete, value, display_value, more)) { *minor = GSSEAP_NO_SUCH_ATTR; gssEapSaveStatusInfo(*minor, "Unknown naming attribute %.*s", (int)attr->length, (char *)attr->value); return GSS_S_UNAVAILABLE; } } catch (std::exception &e) { return name->attrCtx->mapException(minor, e); } return GSS_S_COMPLETE; } OM_uint32 gssEapDeleteNameAttribute(OM_uint32 *minor, gss_name_t name, gss_buffer_t attr) { if (name->attrCtx == NULL) { *minor = GSSEAP_NO_ATTR_CONTEXT; return GSS_S_UNAVAILABLE; } if (GSS_ERROR(gssEapAttrProvidersInit(minor))) return GSS_S_UNAVAILABLE; try { if (!name->attrCtx->deleteAttribute(attr)) { *minor = GSSEAP_NO_SUCH_ATTR; gssEapSaveStatusInfo(*minor, "Unknown naming attribute %.*s", (int)attr->length, (char *)attr->value); return GSS_S_UNAVAILABLE; } } catch (std::exception &e) { return name->attrCtx->mapException(minor, e); } return GSS_S_COMPLETE; } OM_uint32 gssEapSetNameAttribute(OM_uint32 *minor, gss_name_t name, int complete, gss_buffer_t attr, gss_buffer_t value) { if (name->attrCtx == NULL) { *minor = GSSEAP_NO_ATTR_CONTEXT; return GSS_S_UNAVAILABLE; } if (GSS_ERROR(gssEapAttrProvidersInit(minor))) return GSS_S_UNAVAILABLE; try { if (!name->attrCtx->setAttribute(complete, attr, value)) { *minor = GSSEAP_NO_SUCH_ATTR; gssEapSaveStatusInfo(*minor, "Unknown naming attribute %.*s", (int)attr->length, (char *)attr->value); return GSS_S_UNAVAILABLE; } } catch (std::exception &e) { return name->attrCtx->mapException(minor, e); } return GSS_S_COMPLETE; } OM_uint32 gssEapExportAttrContext(OM_uint32 *minor, gss_name_t name, gss_buffer_t buffer) { if (name->attrCtx == NULL) { buffer->length = 0; buffer->value = NULL; return GSS_S_COMPLETE; } if (GSS_ERROR(gssEapAttrProvidersInit(minor))) return GSS_S_UNAVAILABLE; try { name->attrCtx->exportToBuffer(buffer); } catch (std::exception &e) { return name->attrCtx->mapException(minor, e); } return GSS_S_COMPLETE; } OM_uint32 gssEapImportAttrContext(OM_uint32 *minor, gss_buffer_t buffer, gss_name_t name) { gss_eap_attr_ctx *ctx = NULL; OM_uint32 major = GSS_S_FAILURE; GSSEAP_ASSERT(name->attrCtx == NULL); if (GSS_ERROR(gssEapAttrProvidersInit(minor))) return GSS_S_UNAVAILABLE; if (buffer->length == 0) return GSS_S_COMPLETE; try { ctx = new gss_eap_attr_ctx(); if (ctx->initWithBuffer(buffer)) { name->attrCtx = ctx; major = GSS_S_COMPLETE; *minor = 0; } else { major = GSS_S_BAD_NAME; *minor = GSSEAP_ATTR_CONTEXT_FAILURE; } } catch (std::exception &e) { if (ctx != NULL) major = ctx->mapException(minor, e); } GSSEAP_ASSERT(major == GSS_S_COMPLETE || name->attrCtx == NULL); if (GSS_ERROR(major)) delete ctx; return major; } OM_uint32 gssEapDuplicateAttrContext(OM_uint32 *minor, gss_name_t in, gss_name_t out) { gss_eap_attr_ctx *ctx = NULL; OM_uint32 major = GSS_S_FAILURE; GSSEAP_ASSERT(out->attrCtx == NULL); if (in->attrCtx == NULL) { *minor = 0; return GSS_S_COMPLETE; } if (GSS_ERROR(gssEapAttrProvidersInit(minor))) return GSS_S_UNAVAILABLE; try { ctx = new gss_eap_attr_ctx(); if (ctx->initWithExistingContext(in->attrCtx)) { out->attrCtx = ctx; major = GSS_S_COMPLETE; *minor = 0; } else { major = GSS_S_FAILURE; *minor = GSSEAP_ATTR_CONTEXT_FAILURE; } } catch (std::exception &e) { major = in->attrCtx->mapException(minor, e); } GSSEAP_ASSERT(major == GSS_S_COMPLETE || out->attrCtx == NULL); if (GSS_ERROR(major)) delete ctx; return GSS_S_COMPLETE; } OM_uint32 gssEapMapNameToAny(OM_uint32 *minor, gss_name_t name, int authenticated, gss_buffer_t type_id, gss_any_t *output) { if (name->attrCtx == NULL) { *minor = GSSEAP_NO_ATTR_CONTEXT; return GSS_S_UNAVAILABLE; } if (GSS_ERROR(gssEapAttrProvidersInit(minor))) return GSS_S_UNAVAILABLE; try { *output = name->attrCtx->mapToAny(authenticated, type_id); } catch (std::exception &e) { return name->attrCtx->mapException(minor, e); } return GSS_S_COMPLETE; } OM_uint32 gssEapReleaseAnyNameMapping(OM_uint32 *minor, gss_name_t name, gss_buffer_t type_id, gss_any_t *input) { if (name->attrCtx == NULL) { *minor = GSSEAP_NO_ATTR_CONTEXT; return GSS_S_UNAVAILABLE; } if (GSS_ERROR(gssEapAttrProvidersInit(minor))) return GSS_S_UNAVAILABLE; try { if (*input != NULL) name->attrCtx->releaseAnyNameMapping(type_id, *input); *input = NULL; } catch (std::exception &e) { return name->attrCtx->mapException(minor, e); } return GSS_S_COMPLETE; } OM_uint32 gssEapReleaseAttrContext(OM_uint32 *minor, gss_name_t name) { if (name->attrCtx != NULL) delete name->attrCtx; *minor = 0; return GSS_S_COMPLETE; } /* * Public accessor for initialisng a context from a GSS context. Also * sets expiry time on GSS context as a side-effect. */ OM_uint32 gssEapCreateAttrContext(OM_uint32 *minor, gss_cred_id_t gssCred, gss_ctx_id_t gssCtx, struct gss_eap_attr_ctx **pAttrContext, time_t *pExpiryTime) { gss_eap_attr_ctx *ctx = NULL; OM_uint32 major; GSSEAP_ASSERT(gssCtx != GSS_C_NO_CONTEXT); *pAttrContext = NULL; major = gssEapAttrProvidersInit(minor); if (GSS_ERROR(major)) return major; try { /* Set *pAttrContext here to for reentrancy */ *pAttrContext = ctx = new gss_eap_attr_ctx(); if (ctx->initWithGssContext(gssCred, gssCtx)) { *pExpiryTime = ctx->getExpiryTime(); major = GSS_S_COMPLETE; *minor = 0; } else { major = GSS_S_FAILURE; *minor = GSSEAP_ATTR_CONTEXT_FAILURE; } } catch (std::exception &e) { if (ctx != NULL) major = ctx->mapException(minor, e); } if (GSS_ERROR(major)) { delete ctx; *pAttrContext = NULL; } return major; } mech_eap-0.9.2/mech_eap/util_shib.cpp0000644001755200017500000003666612406014472014463 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * Copyright 2001-2009 Internet2 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ /* * Local attribute provider implementation. */ #include "gssapiP_eap.h" #include #ifndef HAVE_OPENSAML #include #include #endif #include #include #include #include #include #include #include using namespace shibsp; using namespace shibresolver; using namespace xmltooling; using namespace std; #ifdef HAVE_OPENSAML using namespace opensaml::saml2md; using namespace opensaml; #else using namespace xercesc; #endif gss_eap_shib_attr_provider::gss_eap_shib_attr_provider(void) { m_initialized = false; m_authenticated = false; } gss_eap_shib_attr_provider::~gss_eap_shib_attr_provider(void) { for_each(m_attributes.begin(), m_attributes.end(), xmltooling::cleanup()) ; } bool gss_eap_shib_attr_provider::initWithExistingContext(const gss_eap_attr_ctx *manager, const gss_eap_attr_provider *ctx) { const gss_eap_shib_attr_provider *shib; if (!gss_eap_attr_provider::initWithExistingContext(manager, ctx)) { return false; } m_authenticated = false; shib = static_cast(ctx); if (shib != NULL) { m_attributes = duplicateAttributes(shib->getAttributes()); m_authenticated = shib->authenticated(); } m_initialized = true; return true; } bool gss_eap_shib_attr_provider::initWithGssContext(const gss_eap_attr_ctx *manager, const gss_cred_id_t gssCred, const gss_ctx_id_t gssCtx) { if (!gss_eap_attr_provider::initWithGssContext(manager, gssCred, gssCtx)) return false; auto_ptr resolver(ShibbolethResolver::create()); /* * For now, leave ApplicationID defaulted. * Later on, we could allow this via config option to the mechanism * or rely on an SPRequest interface to pass in a URI identifying the * acceptor. */ #if 0 gss_buffer_desc nameBuf = GSS_C_EMPTY_BUFFER; if (gssCred != GSS_C_NO_CREDENTIAL && gssEapDisplayName(&minor, gssCred->name, &nameBuf, NULL) == GSS_S_COMPLETE) { resolver->setApplicationID((const char *)nameBuf.value); gss_release_buffer(&minor, &nameBuf); } #endif gss_buffer_desc mechName = GSS_C_EMPTY_BUFFER; OM_uint32 major, minor; major = gssEapExportNameInternal(&minor, gssCtx->initiatorName, &mechName, EXPORT_NAME_FLAG_OID | EXPORT_NAME_FLAG_COMPOSITE); if (major == GSS_S_COMPLETE) { resolver->addToken(&mechName); gss_release_buffer(&minor, &mechName); } #ifdef HAVE_OPENSAML const gss_eap_saml_assertion_provider *saml; saml = static_cast (m_manager->getProvider(ATTR_TYPE_SAML_ASSERTION)); if (saml != NULL && saml->getAssertion() != NULL) { resolver->addToken(saml->getAssertion()); } #else /* If no OpenSAML, parse the XML assertion explicitly */ const gss_eap_radius_attr_provider *radius; int authenticated, complete; gss_buffer_desc value = GSS_C_EMPTY_BUFFER; gss_eap_attrid attrid(VENDORPEC_UKERNA, PW_SAML_AAA_ASSERTION); radius = static_cast (m_manager->getProvider(ATTR_TYPE_RADIUS)); if (radius != NULL && radius->getFragmentedAttribute(attrid, &authenticated, &complete, &value)) { string str((char *)value.value, value.length); istringstream istream(str); DOMDocument *doc = XMLToolingConfig::getConfig().getParser().parse(istream); const XMLObjectBuilder *b = XMLObjectBuilder::getBuilder(doc->getDocumentElement()); resolver->addToken(b->buildFromDocument(doc)); gss_release_buffer(&minor, &value); } #endif /* HAVE_OPENSAML */ try { resolver->resolve(); m_attributes = resolver->getResolvedAttributes(); resolver->getResolvedAttributes().clear(); } catch (exception &e) { return false; } m_authenticated = true; m_initialized = true; return true; } ssize_t gss_eap_shib_attr_provider::getAttributeIndex(const gss_buffer_t attr) const { int i = 0; GSSEAP_ASSERT(m_initialized); for (vector::const_iterator a = m_attributes.begin(); a != m_attributes.end(); ++a) { for (vector::const_iterator s = (*a)->getAliases().begin(); s != (*a)->getAliases().end(); ++s) { if (attr->length == (*s).length() && memcmp((*s).c_str(), attr->value, attr->length) == 0) { return i; } } } return -1; } bool gss_eap_shib_attr_provider::setAttribute(int complete GSSEAP_UNUSED, const gss_buffer_t attr, const gss_buffer_t value) { string attrStr((char *)attr->value, attr->length); vector ids(1, attrStr); BinaryAttribute *a = new BinaryAttribute(ids); GSSEAP_ASSERT(m_initialized); if (value->length != 0) { string valueStr((char *)value->value, value->length); a->getValues().push_back(valueStr); } m_attributes.push_back(a); m_authenticated = false; return true; } bool gss_eap_shib_attr_provider::deleteAttribute(const gss_buffer_t attr) { int i; GSSEAP_ASSERT(m_initialized); i = getAttributeIndex(attr); if (i >= 0) m_attributes.erase(m_attributes.begin() + i); m_authenticated = false; return true; } bool gss_eap_shib_attr_provider::getAttributeTypes(gss_eap_attr_enumeration_cb addAttribute, void *data) const { GSSEAP_ASSERT(m_initialized); for (vector::const_iterator a = m_attributes.begin(); a != m_attributes.end(); ++a) { gss_buffer_desc attribute; attribute.value = (void *)((*a)->getId()); attribute.length = strlen((char *)attribute.value); if (!addAttribute(m_manager, this, &attribute, data)) return false; } return true; } const Attribute * gss_eap_shib_attr_provider::getAttribute(const gss_buffer_t attr) const { const Attribute *ret = NULL; GSSEAP_ASSERT(m_initialized); for (vector::const_iterator a = m_attributes.begin(); a != m_attributes.end(); ++a) { for (vector::const_iterator s = (*a)->getAliases().begin(); s != (*a)->getAliases().end(); ++s) { if (attr->length == (*s).length() && memcmp((*s).c_str(), attr->value, attr->length) == 0) { ret = *a; break; } } if (ret != NULL) break; } return ret; } bool gss_eap_shib_attr_provider::getAttribute(const gss_buffer_t attr, int *authenticated, int *complete, gss_buffer_t value, gss_buffer_t display_value, int *more) const { const Attribute *shibAttr = NULL; const BinaryAttribute *binaryAttr; gss_buffer_desc valueBuf = GSS_C_EMPTY_BUFFER; gss_buffer_desc displayValueBuf = GSS_C_EMPTY_BUFFER; int nvalues, i = *more; GSSEAP_ASSERT(m_initialized); *more = 0; shibAttr = getAttribute(attr); if (shibAttr == NULL) return false; nvalues = shibAttr->valueCount(); if (i == -1) i = 0; if (i >= nvalues) return false; binaryAttr = dynamic_cast(shibAttr); if (binaryAttr != NULL) { std::string str = binaryAttr->getValues()[*more]; valueBuf.value = (void *)str.data(); valueBuf.length = str.size(); } else { std::string str = shibAttr->getSerializedValues()[*more]; valueBuf.value = (void *)str.c_str(); valueBuf.length = str.length(); const SimpleAttribute *simpleAttr = dynamic_cast(shibAttr); const ScopedAttribute *scopedAttr = dynamic_cast(shibAttr); if (simpleAttr != NULL || scopedAttr != NULL) displayValueBuf = valueBuf; } if (authenticated != NULL) *authenticated = m_authenticated; if (complete != NULL) *complete = true; if (value != NULL) duplicateBuffer(valueBuf, value); if (display_value != NULL) duplicateBuffer(displayValueBuf, display_value); if (nvalues > ++i) *more = i; return true; } gss_any_t gss_eap_shib_attr_provider::mapToAny(int authenticated, gss_buffer_t type_id GSSEAP_UNUSED) const { gss_any_t output; GSSEAP_ASSERT(m_initialized); if (authenticated && !m_authenticated) return (gss_any_t)NULL; vector v = duplicateAttributes(m_attributes); output = (gss_any_t)new vector (v); return output; } void gss_eap_shib_attr_provider::releaseAnyNameMapping(gss_buffer_t type_id GSSEAP_UNUSED, gss_any_t input) const { GSSEAP_ASSERT(m_initialized); vector *v = ((vector *)input); delete v; } const char * gss_eap_shib_attr_provider::prefix(void) const { return NULL; } const char * gss_eap_shib_attr_provider::name(void) const { return "local"; } JSONObject gss_eap_shib_attr_provider::jsonRepresentation(void) const { JSONObject obj; if (m_initialized == false) return obj; /* don't export incomplete context */ JSONObject jattrs = JSONObject::array(); for (vector::const_iterator a = m_attributes.begin(); a != m_attributes.end(); ++a) { DDF attr = (*a)->marshall(); JSONObject jattr = JSONObject::ddf(attr); jattrs.append(jattr); } obj.set("attributes", jattrs); obj.set("authenticated", m_authenticated); return obj; } bool gss_eap_shib_attr_provider::initWithJsonObject(const gss_eap_attr_ctx *ctx, JSONObject &obj) { if (!gss_eap_attr_provider::initWithJsonObject(ctx, obj)) return false; GSSEAP_ASSERT(m_authenticated == false); GSSEAP_ASSERT(m_attributes.size() == 0); JSONObject jattrs = obj["attributes"]; size_t nelems = jattrs.size(); for (size_t i = 0; i < nelems; i++) { JSONObject jattr = jattrs.get(i); DDF attr = jattr.ddf(); Attribute *attribute = Attribute::unmarshall(attr); m_attributes.push_back(attribute); } m_authenticated = obj["authenticated"].integer(); m_initialized = true; return true; } bool gss_eap_shib_attr_provider::init(void) { bool ret = false; try { ret = ShibbolethResolver::init(); } catch (exception &e) { } if (ret) gss_eap_attr_ctx::registerProvider(ATTR_TYPE_LOCAL, createAttrContext); return ret; } void gss_eap_shib_attr_provider::finalize(void) { gss_eap_attr_ctx::unregisterProvider(ATTR_TYPE_LOCAL); ShibbolethResolver::term(); } OM_uint32 gss_eap_shib_attr_provider::mapException(OM_uint32 *minor, std::exception &e) const { if (typeid(e) == typeid(AttributeException)) *minor = GSSEAP_SHIB_ATTR_FAILURE; else if (typeid(e) == typeid(AttributeExtractionException)) *minor = GSSEAP_SHIB_ATTR_EXTRACT_FAILURE; else if (typeid(e) == typeid(AttributeFilteringException)) *minor = GSSEAP_SHIB_ATTR_FILTER_FAILURE; else if (typeid(e) == typeid(AttributeResolutionException)) *minor = GSSEAP_SHIB_ATTR_RESOLVE_FAILURE; else if (typeid(e) == typeid(ConfigurationException)) *minor = GSSEAP_SHIB_CONFIG_FAILURE; else if (typeid(e) == typeid(ListenerException)) *minor = GSSEAP_SHIB_LISTENER_FAILURE; else return GSS_S_CONTINUE_NEEDED; gssEapSaveStatusInfo(*minor, "%s", e.what()); return GSS_S_FAILURE; } gss_eap_attr_provider * gss_eap_shib_attr_provider::createAttrContext(void) { return new gss_eap_shib_attr_provider; } Attribute * gss_eap_shib_attr_provider::duplicateAttribute(const Attribute *src) { DDF obj = src->marshall(); Attribute *attribute = Attribute::unmarshall(obj); obj.destroy(); return attribute; } vector gss_eap_shib_attr_provider::duplicateAttributes(const vector src) { vector dst; for (vector::const_iterator a = src.begin(); a != src.end(); ++a) dst.push_back(duplicateAttribute(*a)); return dst; } OM_uint32 gssEapLocalAttrProviderInit(OM_uint32 *minor) { if (!gss_eap_shib_attr_provider::init()) { *minor = GSSEAP_SHIB_INIT_FAILURE; return GSS_S_FAILURE; } return GSS_S_COMPLETE; } OM_uint32 gssEapLocalAttrProviderFinalize(OM_uint32 *minor) { gss_eap_shib_attr_provider::finalize(); *minor = 0; return GSS_S_COMPLETE; } mech_eap-0.9.2/mech_eap/inquire_sec_context_by_oid.c0000644001755200017500000001616512406014472017530 00000000000000/* * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * Return extended properties of a context handle. */ #include "gssapiP_eap.h" static OM_uint32 addEnctypeOidToBufferSet(OM_uint32 *minor, krb5_enctype encryptionType, gss_buffer_set_t *dataSet) { OM_uint32 major; unsigned char oidBuf[16]; gss_OID_desc oid; gss_buffer_desc buf; oid.length = sizeof(oidBuf); oid.elements = oidBuf; major = composeOid(minor, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x04", 10, encryptionType, &oid); if (GSS_ERROR(major)) return major; buf.length = oid.length; buf.value = oid.elements; major = gss_add_buffer_set_member(minor, &buf, dataSet); return major; } static void zeroAndReleaseBufferSet(gss_buffer_set_t *dataSet) { OM_uint32 tmpMinor; gss_buffer_set_t set = *dataSet; size_t i; if (set == GSS_C_NO_BUFFER_SET) return; for (i = 0; i count; i++) memset(set->elements[i].value, 0, set->elements[i].length); gss_release_buffer_set(&tmpMinor, dataSet); } static OM_uint32 inquireSessionKey(OM_uint32 *minor, const gss_ctx_id_t ctx, const gss_OID desired_object GSSEAP_UNUSED, gss_buffer_set_t *dataSet) { OM_uint32 major; gss_buffer_desc buf; if (ctx->encryptionType == ENCTYPE_NULL) { major = GSS_S_UNAVAILABLE; *minor = GSSEAP_KEY_UNAVAILABLE; goto cleanup; } buf.length = KRB_KEY_LENGTH(&ctx->rfc3961Key); buf.value = KRB_KEY_DATA(&ctx->rfc3961Key); major = gss_add_buffer_set_member(minor, &buf, dataSet); if (GSS_ERROR(major)) goto cleanup; major = addEnctypeOidToBufferSet(minor, ctx->encryptionType, dataSet); if (GSS_ERROR(major)) goto cleanup; major = GSS_S_COMPLETE; *minor = 0; cleanup: if (GSS_ERROR(major)) zeroAndReleaseBufferSet(dataSet); return major; } static OM_uint32 inquireNegoExKey(OM_uint32 *minor, const gss_ctx_id_t ctx, const gss_OID desired_object, gss_buffer_set_t *dataSet) { OM_uint32 major, tmpMinor; int bInitiatorKey; gss_buffer_desc salt; gss_buffer_desc key = GSS_C_EMPTY_BUFFER; size_t keySize; bInitiatorKey = CTX_IS_INITIATOR(ctx); if (ctx->encryptionType == ENCTYPE_NULL) { major = GSS_S_UNAVAILABLE; *minor = GSSEAP_KEY_UNAVAILABLE; goto cleanup; } /* * If the caller supplied the verify key OID, then we need the acceptor * key if we are the initiator, and vice versa. */ if (desired_object->length == 11 && memcmp(desired_object->elements, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x07", 11) == 0) bInitiatorKey ^= 1; if (bInitiatorKey) { salt.length = NEGOEX_INITIATOR_SALT_LEN; salt.value = NEGOEX_INITIATOR_SALT; } else { salt.length = NEGOEX_ACCEPTOR_SALT_LEN; salt.value = NEGOEX_ACCEPTOR_SALT; } keySize = KRB_KEY_LENGTH(&ctx->rfc3961Key); key.value = GSSEAP_MALLOC(keySize); if (key.value == NULL) { major = GSS_S_FAILURE; *minor = ENOMEM; goto cleanup; } key.length = keySize; major = gssEapPseudoRandom(minor, ctx, GSS_C_PRF_KEY_FULL, &salt, &key); if (GSS_ERROR(major)) goto cleanup; major = gss_add_buffer_set_member(minor, &key, dataSet); if (GSS_ERROR(major)) goto cleanup; major = addEnctypeOidToBufferSet(minor, ctx->encryptionType, dataSet); if (GSS_ERROR(major)) goto cleanup; major = GSS_S_COMPLETE; *minor = 0; cleanup: if (key.value != NULL) { memset(key.value, 0, key.length); gss_release_buffer(&tmpMinor, &key); } if (GSS_ERROR(major)) zeroAndReleaseBufferSet(dataSet); return major; } static struct { gss_OID_desc oid; OM_uint32 (*inquire)(OM_uint32 *, const gss_ctx_id_t, const gss_OID, gss_buffer_set_t *); } inquireCtxOps[] = { { /* GSS_C_INQ_SSPI_SESSION_KEY */ { 11, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x05" }, inquireSessionKey }, { /* GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT + v1 */ { 12, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x06\x01" }, gssEapExportLucidSecContext }, { /* GSS_C_INQ_NEGOEX_KEY */ { 11, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x06" }, inquireNegoExKey }, { /* GSS_C_INQ_NEGOEX_VERIFY_KEY */ { 11, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x07" }, inquireNegoExKey }, }; OM_uint32 GSSAPI_CALLCONV gss_inquire_sec_context_by_oid(OM_uint32 *minor, const gss_ctx_id_t ctx, const gss_OID desired_object, gss_buffer_set_t *data_set) { OM_uint32 major; int i; *data_set = GSS_C_NO_BUFFER_SET; GSSEAP_MUTEX_LOCK(&ctx->mutex); #if 0 if (!CTX_IS_ESTABLISHED(ctx)) { *minor = GSSEAP_CONTEXT_INCOMPLETE; major = GSS_S_NO_CONTEXT; goto cleanup; } #endif major = GSS_S_UNAVAILABLE; *minor = GSSEAP_BAD_CONTEXT_OPTION; for (i = 0; i < sizeof(inquireCtxOps) / sizeof(inquireCtxOps[0]); i++) { if (oidEqual(&inquireCtxOps[i].oid, desired_object)) { major = (*inquireCtxOps[i].inquire)(minor, ctx, desired_object, data_set); break; } } GSSEAP_MUTEX_UNLOCK(&ctx->mutex); return major; } mech_eap-0.9.2/mech_eap/README.samba40000644001755200017500000000324212406014476014007 00000000000000Notes on using Moonshot with Samba4. Replace paths as appropriate. Samba ----- * Download Samba4 and apply patches for mechanism agnosticism which are available at http://www.padl.com/~lukeh/samba/ * Join Samba as a member server or domain controller (only tested former) * Extract local service principal key to keytab (currently there do not appear to be tools to do this, but you can get the cleartext password from /usr/local/samba/private/secrets.ldb) Shibboleth ---------- * Add a mapping from the PAC RADIUS attribute to urn:mspac: in the file /usr/local/etc/shibboleth/attribute-map.xml: FreeRADIUS ---------- Install the rlm_mspac module and configure per below. * Install dictionary.ukerna so MS-Windows-Auth-Data is defined * Create /usr/local/etc/raddb/modules/mspac with the following: mspac { keytab = /etc/krb5.keytab spn = host/host.fqdn@KERBEROS.REALM } * Add mspac to instantiate stanza in radiusd.conf * Add mspac to post-auth stanza in sites-enabled/inner-tunnel You will need to have a TGT for the host service principal before starting radiusd. It's easiest to do this with kinit -k. Testing ------- The Samba server doesn't require any specific command line arguments, although on OS X it was necessary to start it with -M single to function under gdb. For the client, the GSS EAP mechanism can be specified on the command line: smbclient --password samba --mechanism 1.3.6.1.5.5.15.1.1.18 '\\host\share'". There is no Moonshot SSPI implementation as yet, so it is not possible to test with a Windows client. mech_eap-0.9.2/libeap/0000755001755200017500000000000012406014773011533 500000000000000mech_eap-0.9.2/libeap/Makefile.in0000644001755200017500000023365012406014764013531 00000000000000# Makefile.in generated by automake 1.14.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994-2013 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ VPATH = @srcdir@ am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ *) echo "am__make_running_with_option: internal error: invalid" \ "target option '$${target_option-}' specified" >&2; \ exit 1;; \ esac; \ has_opt=no; \ sane_makeflags=$$MAKEFLAGS; \ if $(am__is_gnu_make); then \ sane_makeflags=$$MFLAGS; \ else \ case $$MAKEFLAGS in \ *\\[\ \ ]*) \ bs=\\; \ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ esac; \ fi; \ skip_next=no; \ strip_trailopt () \ { \ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ }; \ for flg in $$sane_makeflags; do \ test $$skip_next = yes && { skip_next=no; continue; }; \ case $$flg in \ *=*|--*) continue;; \ -*I) strip_trailopt 'I'; skip_next=yes;; \ -*I?*) strip_trailopt 'I';; \ -*O) strip_trailopt 'O'; skip_next=yes;; \ -*O?*) strip_trailopt 'O';; \ -*l) strip_trailopt 'l'; skip_next=yes;; \ -*l?*) strip_trailopt 'l';; \ -[dEDm]) skip_next=yes;; \ -[JT]) skip_next=yes;; \ esac; \ case $$flg in \ *$$target_option*) has_opt=yes; break;; \ esac; \ done; \ test $$has_opt = yes am__make_dryrun = (target_option=n; $(am__make_running_with_option)) am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = libeap DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ $(top_srcdir)/build-aux/depcomp $(noinst_HEADERS) COPYING \ README ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ $(top_srcdir)/m4/minuso.m4 $(top_srcdir)/acinclude.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = LTLIBRARIES = $(noinst_LTLIBRARIES) libeap_la_LIBADD = am__objects_1 = eap_peap_common.lo eap_psk_common.lo eap_pax_common.lo \ eap_sake_common.lo eap_gpsk_common.lo chap.lo am__objects_2 = eap_tls.lo eap_peap.lo eap_ttls.lo eap_md5.lo \ eap_mschapv2.lo mschapv2.lo eap_otp.lo eap_gtc.lo eap_leap.lo \ eap_psk.lo eap_pax.lo eap_sake.lo eap_gpsk.lo eap.lo \ eap_common.lo eap_methods.lo eap_tls_common.lo am__objects_3 = base64.lo common.lo ip_addr.lo radiotap.lo trace.lo \ uuid.lo wpa_debug.lo wpabuf.lo os_unix.lo radius_utils.lo am__objects_4 = aes-cbc.lo aes-ctr.lo aes-eax.lo aes-encblock.lo \ aes-omac1.lo aes-unwrap.lo aes-wrap.lo md5.lo md5-non-fips.lo \ milenage.lo ms_funcs.lo sha1.lo sha1-pbkdf2.lo sha1-tlsprf.lo \ sha1-tprf.lo sha256.lo crypto_openssl.lo tls_openssl.lo am_libeap_la_OBJECTS = $(am__objects_1) $(am__objects_2) \ $(am__objects_3) $(am__objects_4) libeap_la_OBJECTS = $(am_libeap_la_OBJECTS) AM_V_lt = $(am__v_lt_@AM_V@) am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) am__v_lt_0 = --silent am__v_lt_1 = AM_V_P = $(am__v_P_@AM_V@) am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) am__v_P_0 = false am__v_P_1 = : AM_V_GEN = $(am__v_GEN_@AM_V@) am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) am__v_GEN_0 = @echo " GEN " $@; am__v_GEN_1 = AM_V_at = $(am__v_at_@AM_V@) am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) am__v_at_0 = @ am__v_at_1 = DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp am__depfiles_maybe = depfiles am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ $(AM_CFLAGS) $(CFLAGS) AM_V_CC = $(am__v_CC_@AM_V@) am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) am__v_CC_0 = @echo " CC " $@; am__v_CC_1 = CCLD = $(CC) LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(AM_LDFLAGS) $(LDFLAGS) -o $@ AM_V_CCLD = $(am__v_CCLD_@AM_V@) am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) am__v_CCLD_0 = @echo " CCLD " $@; am__v_CCLD_1 = SOURCES = $(libeap_la_SOURCES) DIST_SOURCES = $(libeap_la_SOURCES) am__can_run_installinfo = \ case $$AM_UPDATE_INFO_DIR in \ n|no|NO) false;; \ *) (install-info --version) >/dev/null 2>&1;; \ esac HEADERS = $(noinst_HEADERS) am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) # Read a list of newline-separated strings from the standard input, # and print each of them once, without duplicates. Input order is # *not* preserved. am__uniquify_input = $(AWK) '\ BEGIN { nonempty = 0; } \ { items[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in items) print i; }; } \ ' # Make sure the list of sources is unique. This is necessary because, # e.g., the same source file might be shared among _SOURCES variables # for different programs/libraries. am__define_uniq_tagged_files = \ list='$(am__tagged_files)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ AS = @AS@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ COMPILE_ET = @COMPILE_ET@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CXX = @CXX@ CXXCPP = @CXXCPP@ CXXDEPMODE = @CXXDEPMODE@ CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DLLTOOL = @DLLTOOL@ DSYMUTIL = @DSYMUTIL@ DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ JANSSON_CFLAGS = @JANSSON_CFLAGS@ JANSSON_LDFLAGS = @JANSSON_LDFLAGS@ JANSSON_LIBS = @JANSSON_LIBS@ KRB5_CFLAGS = @KRB5_CFLAGS@ KRB5_LDFLAGS = @KRB5_LDFLAGS@ KRB5_LIBS = @KRB5_LIBS@ LD = @LD@ LDFLAGS = @LDFLAGS@ LIBMOONSHOT_CFLAGS = @LIBMOONSHOT_CFLAGS@ LIBMOONSHOT_LDFLAGS = @LIBMOONSHOT_LDFLAGS@ LIBMOONSHOT_LIBS = @LIBMOONSHOT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ OPENSAML_CXXFLAGS = @OPENSAML_CXXFLAGS@ OPENSAML_LDFLAGS = @OPENSAML_LDFLAGS@ OPENSAML_LIBS = @OPENSAML_LIBS@ OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ OPENSSL_LDFLAGS = @OPENSSL_LDFLAGS@ OPENSSL_LIBS = @OPENSSL_LIBS@ OTOOL = @OTOOL@ OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ RADSEC_CFLAGS = @RADSEC_CFLAGS@ RADSEC_LDFLAGS = @RADSEC_LDFLAGS@ RADSEC_LIBS = @RADSEC_LIBS@ RANLIB = @RANLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ SHIBRESOLVER_CXXFLAGS = @SHIBRESOLVER_CXXFLAGS@ SHIBRESOLVER_LDFLAGS = @SHIBRESOLVER_LDFLAGS@ SHIBRESOLVER_LIBS = @SHIBRESOLVER_LIBS@ SHIBSP_CXXFLAGS = @SHIBSP_CXXFLAGS@ SHIBSP_LDFLAGS = @SHIBSP_LDFLAGS@ SHIBSP_LIBS = @SHIBSP_LIBS@ STRIP = @STRIP@ TARGET_CFLAGS = @TARGET_CFLAGS@ TARGET_LDFLAGS = @TARGET_LDFLAGS@ VERSION = @VERSION@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ ac_ct_CXX = @ac_ct_CXX@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ AUTOMAKE_OPTIONS = foreign AM_CPPFLAGS = -I$(srcdir)/src -I$(srcdir)/eap_example -I$(srcdir)/src/utils @OPENSSL_CFLAGS@ noinst_HEADERS = \ src/common/defs.h \ src/common/eapol_common.h \ src/common/ieee802_11_common.h \ src/common/ieee802_11_defs.h \ src/common/privsep_commands.h \ src/common/version.h \ src/common/wpa_common.h \ src/common/wpa_ctrl.h EXTRA_DIST = src/tls/libtommath.c \ wpa_supplicant/README SOURCES_BOTH = src/eap_common/eap_peap_common.c \ src/eap_common/eap_psk_common.c \ src/eap_common/eap_pax_common.c \ src/eap_common/eap_sake_common.c \ src/eap_common/eap_gpsk_common.c src/eap_common/chap.c \ src/eap_common/chap.h src/eap_common/eap_common.h \ src/eap_common/eap_defs.h src/eap_common/eap_fast_common.h \ src/eap_common/eap_gpsk_common.h \ src/eap_common/eap_ikev2_common.h \ src/eap_common/eap_pax_common.h \ src/eap_common/eap_peap_common.h \ src/eap_common/eap_psk_common.h \ src/eap_common/eap_pwd_common.h \ src/eap_common/eap_sake_common.h \ src/eap_common/eap_sim_common.h \ src/eap_common/eap_tlv_common.h src/eap_common/eap_ttls.h \ src/eap_common/eap_wsc_common.h src/eap_common/ikev2_common.h SOURCES_peer = src/eap_peer/eap_tls.c src/eap_peer/eap_peap.c \ src/eap_peer/eap_ttls.c src/eap_peer/eap_md5.c \ src/eap_peer/eap_mschapv2.c src/eap_peer/mschapv2.c \ src/eap_peer/eap_otp.c src/eap_peer/eap_gtc.c \ src/eap_peer/eap_leap.c src/eap_peer/eap_psk.c \ src/eap_peer/eap_pax.c src/eap_peer/eap_sake.c \ src/eap_peer/eap_gpsk.c src/eap_peer/eap.c \ src/eap_common/eap_common.c src/eap_peer/eap_methods.c \ src/eap_peer/eap_tls_common.c src/eap_peer/eap_config.h \ src/eap_peer/eap_fast_pac.h src/eap_peer/eap.h \ src/eap_peer/eap_i.h src/eap_peer/eap_methods.h \ src/eap_peer/eap_tls_common.h src/eap_peer/ikev2.h \ src/eap_peer/mschapv2.h src/eap_peer/tncc.h \ src/radius/radius.h AM_CFLAGS = -DEAP_TLS -DEAP_PEAP -DEAP_TTLS -DEAP_MD5 -DEAP_MSCHAPv2 \ -DEAP_GTC -DEAP_OTP -DEAP_LEAP -DEAP_PSK -DEAP_PAX -DEAP_SAKE \ -DEAP_GPSK -DEAP_GPSK_SHA256 -DEAP_SERVER_IDENTITY \ -DEAP_SERVER_TLS -DEAP_SERVER_PEAP -DEAP_SERVER_TTLS \ -DEAP_SERVER_MD5 -DEAP_SERVER_MSCHAPV2 -DEAP_SERVER_GTC \ -DEAP_SERVER_PSK -DEAP_SERVER_PAX -DEAP_SERVER_SAKE \ -DEAP_SERVER_GPSK -DEAP_SERVER_GPSK_SHA256 -DIEEE8021X_EAPOL \ -DCONFIG_IPV6 -DCONFIG_INTERNAL_LIBTOMMATH \ -DCONFIG_INTERNAL_SHA1 -DEAP_TLS_OPENSSL -DPKCS12_FUNCS \ -DCONFIG_SHA256 UTILS_SRCS = src/utils/base64.c \ src/utils/common.c \ src/utils/ip_addr.c \ src/utils/radiotap.c \ src/utils/trace.c \ src/utils/uuid.c \ src/utils/wpa_debug.c \ src/utils/wpabuf.c \ src/utils/os_unix.c \ src/utils/radius_utils.c \ src/utils/radius_utils.h \ src/utils/base64.h \ src/utils/build_config.h \ src/utils/common.h \ src/utils/eloop.h \ src/utils/includes.h \ src/utils/ip_addr.h \ src/utils/list.h \ src/utils/os.h \ src/utils/pcsc_funcs.h \ src/utils/radiotap.h \ src/utils/radiotap_iter.h \ src/utils/state_machine.h \ src/utils/trace.h \ src/utils/uuid.h \ src/utils/wpabuf.h \ src/utils/wpa_debug.h CRYPTO_SRCS = \ src/crypto/aes-cbc.c \ src/crypto/aes-ctr.c \ src/crypto/aes-eax.c \ src/crypto/aes-encblock.c \ src/crypto/aes-omac1.c \ src/crypto/aes-unwrap.c \ src/crypto/aes-wrap.c \ src/crypto/md5.c \ src/crypto/md5-non-fips.c \ src/crypto/milenage.c \ src/crypto/ms_funcs.c \ src/crypto/sha1.c \ src/crypto/sha1-pbkdf2.c \ src/crypto/sha1-tlsprf.c \ src/crypto/sha1-tprf.c \ src/crypto/sha256.c \ src/crypto/crypto_openssl.c \ src/crypto/tls_openssl.c \ src/crypto/aes.h \ src/crypto/aes_i.h \ src/crypto/aes_wrap.h \ src/crypto/crypto.h \ src/crypto/dh_group5.h \ src/crypto/dh_groups.h \ src/crypto/md5.h \ src/crypto/milenage.h \ src/crypto/ms_funcs.h \ src/crypto/sha1.h \ src/crypto/sha256.h \ src/crypto/tls.h TLS_SRCS = \ src/tls/asn1.c \ src/tls/bignum.c \ src/tls/pkcs1.c \ src/tls/pkcs5.c \ src/tls/pkcs8.c \ src/tls/rsa.c \ src/tls/tlsv1_client.c \ src/tls/tlsv1_client_read.c \ src/tls/tlsv1_client_write.c \ src/tls/tlsv1_common.c \ src/tls/tlsv1_cred.c \ src/tls/tlsv1_record.c \ src/tls/tlsv1_server.c \ src/tls/tlsv1_server_read.c \ src/tls/tlsv1_server_write.c \ src/tls/x509v3.c \ src/tls/asn1.h \ src/tls/bignum.h \ src/tls/pkcs1.h \ src/tls/pkcs5.h \ src/tls/pkcs8.h \ src/tls/rsa.h \ src/tls/tlsv1_client.h \ src/tls/tlsv1_client_i.h \ src/tls/tlsv1_common.h \ src/tls/tlsv1_cred.h \ src/tls/tlsv1_record.h \ src/tls/tlsv1_server.h \ src/tls/tlsv1_server_i.h \ src/tls/x509v3.h libeap_la_SOURCES = $(SOURCES_BOTH) $(SOURCES_peer) $(UTILS_SRCS) $(CRYPTO_SRCS) noinst_LTLIBRARIES = libeap.la all: all-am .SUFFIXES: .SUFFIXES: .c .lo .o .obj $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign libeap/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --foreign libeap/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): clean-noinstLTLIBRARIES: -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) @list='$(noinst_LTLIBRARIES)'; \ locs=`for p in $$list; do echo $$p; done | \ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ sort -u`; \ test -z "$$locs" || { \ echo rm -f $${locs}; \ rm -f $${locs}; \ } libeap.la: $(libeap_la_OBJECTS) $(libeap_la_DEPENDENCIES) $(EXTRA_libeap_la_DEPENDENCIES) $(AM_V_CCLD)$(LINK) $(libeap_la_OBJECTS) $(libeap_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/aes-cbc.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/aes-ctr.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/aes-eax.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/aes-encblock.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/aes-omac1.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/aes-unwrap.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/aes-wrap.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/base64.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/chap.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/common.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/crypto_openssl.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_common.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_gpsk.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_gpsk_common.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_gtc.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_leap.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_md5.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_methods.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_mschapv2.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_otp.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_pax.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_pax_common.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_peap.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_peap_common.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_psk.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_psk_common.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_sake.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_sake_common.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_tls.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_tls_common.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_ttls.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ip_addr.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/md5-non-fips.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/md5.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/milenage.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ms_funcs.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mschapv2.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/os_unix.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/radiotap.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/radius_utils.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sha1-pbkdf2.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sha1-tlsprf.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sha1-tprf.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sha1.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sha256.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls_openssl.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/trace.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/uuid.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/wpa_debug.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/wpabuf.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $< .c.obj: @am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< eap_peap_common.lo: src/eap_common/eap_peap_common.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT eap_peap_common.lo -MD -MP -MF $(DEPDIR)/eap_peap_common.Tpo -c -o eap_peap_common.lo `test -f 'src/eap_common/eap_peap_common.c' || echo '$(srcdir)/'`src/eap_common/eap_peap_common.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/eap_peap_common.Tpo $(DEPDIR)/eap_peap_common.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/eap_common/eap_peap_common.c' object='eap_peap_common.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o eap_peap_common.lo `test -f 'src/eap_common/eap_peap_common.c' || echo '$(srcdir)/'`src/eap_common/eap_peap_common.c eap_psk_common.lo: src/eap_common/eap_psk_common.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT eap_psk_common.lo -MD -MP -MF $(DEPDIR)/eap_psk_common.Tpo -c -o eap_psk_common.lo `test -f 'src/eap_common/eap_psk_common.c' || echo '$(srcdir)/'`src/eap_common/eap_psk_common.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/eap_psk_common.Tpo $(DEPDIR)/eap_psk_common.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/eap_common/eap_psk_common.c' object='eap_psk_common.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o eap_psk_common.lo `test -f 'src/eap_common/eap_psk_common.c' || echo '$(srcdir)/'`src/eap_common/eap_psk_common.c eap_pax_common.lo: src/eap_common/eap_pax_common.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT eap_pax_common.lo -MD -MP -MF $(DEPDIR)/eap_pax_common.Tpo -c -o eap_pax_common.lo `test -f 'src/eap_common/eap_pax_common.c' || echo '$(srcdir)/'`src/eap_common/eap_pax_common.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/eap_pax_common.Tpo $(DEPDIR)/eap_pax_common.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/eap_common/eap_pax_common.c' object='eap_pax_common.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o eap_pax_common.lo `test -f 'src/eap_common/eap_pax_common.c' || echo '$(srcdir)/'`src/eap_common/eap_pax_common.c eap_sake_common.lo: src/eap_common/eap_sake_common.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT eap_sake_common.lo -MD -MP -MF $(DEPDIR)/eap_sake_common.Tpo -c -o eap_sake_common.lo `test -f 'src/eap_common/eap_sake_common.c' || echo '$(srcdir)/'`src/eap_common/eap_sake_common.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/eap_sake_common.Tpo $(DEPDIR)/eap_sake_common.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/eap_common/eap_sake_common.c' object='eap_sake_common.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o eap_sake_common.lo `test -f 'src/eap_common/eap_sake_common.c' || echo '$(srcdir)/'`src/eap_common/eap_sake_common.c eap_gpsk_common.lo: src/eap_common/eap_gpsk_common.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT eap_gpsk_common.lo -MD -MP -MF $(DEPDIR)/eap_gpsk_common.Tpo -c -o eap_gpsk_common.lo `test -f 'src/eap_common/eap_gpsk_common.c' || echo '$(srcdir)/'`src/eap_common/eap_gpsk_common.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/eap_gpsk_common.Tpo $(DEPDIR)/eap_gpsk_common.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/eap_common/eap_gpsk_common.c' object='eap_gpsk_common.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o eap_gpsk_common.lo `test -f 'src/eap_common/eap_gpsk_common.c' || echo '$(srcdir)/'`src/eap_common/eap_gpsk_common.c chap.lo: src/eap_common/chap.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT chap.lo -MD -MP -MF $(DEPDIR)/chap.Tpo -c -o chap.lo `test -f 'src/eap_common/chap.c' || echo '$(srcdir)/'`src/eap_common/chap.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/chap.Tpo $(DEPDIR)/chap.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/eap_common/chap.c' object='chap.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o chap.lo `test -f 'src/eap_common/chap.c' || echo '$(srcdir)/'`src/eap_common/chap.c eap_tls.lo: src/eap_peer/eap_tls.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT eap_tls.lo -MD -MP -MF $(DEPDIR)/eap_tls.Tpo -c -o eap_tls.lo `test -f 'src/eap_peer/eap_tls.c' || echo '$(srcdir)/'`src/eap_peer/eap_tls.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/eap_tls.Tpo $(DEPDIR)/eap_tls.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/eap_peer/eap_tls.c' object='eap_tls.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o eap_tls.lo `test -f 'src/eap_peer/eap_tls.c' || echo '$(srcdir)/'`src/eap_peer/eap_tls.c eap_peap.lo: src/eap_peer/eap_peap.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT eap_peap.lo -MD -MP -MF $(DEPDIR)/eap_peap.Tpo -c -o eap_peap.lo `test -f 'src/eap_peer/eap_peap.c' || echo '$(srcdir)/'`src/eap_peer/eap_peap.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/eap_peap.Tpo $(DEPDIR)/eap_peap.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/eap_peer/eap_peap.c' object='eap_peap.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o eap_peap.lo `test -f 'src/eap_peer/eap_peap.c' || echo '$(srcdir)/'`src/eap_peer/eap_peap.c eap_ttls.lo: src/eap_peer/eap_ttls.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT eap_ttls.lo -MD -MP -MF $(DEPDIR)/eap_ttls.Tpo -c -o eap_ttls.lo `test -f 'src/eap_peer/eap_ttls.c' || echo '$(srcdir)/'`src/eap_peer/eap_ttls.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/eap_ttls.Tpo $(DEPDIR)/eap_ttls.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/eap_peer/eap_ttls.c' object='eap_ttls.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o eap_ttls.lo `test -f 'src/eap_peer/eap_ttls.c' || echo '$(srcdir)/'`src/eap_peer/eap_ttls.c eap_md5.lo: src/eap_peer/eap_md5.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT eap_md5.lo -MD -MP -MF $(DEPDIR)/eap_md5.Tpo -c -o eap_md5.lo `test -f 'src/eap_peer/eap_md5.c' || echo '$(srcdir)/'`src/eap_peer/eap_md5.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/eap_md5.Tpo $(DEPDIR)/eap_md5.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/eap_peer/eap_md5.c' object='eap_md5.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o eap_md5.lo `test -f 'src/eap_peer/eap_md5.c' || echo '$(srcdir)/'`src/eap_peer/eap_md5.c eap_mschapv2.lo: src/eap_peer/eap_mschapv2.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT eap_mschapv2.lo -MD -MP -MF $(DEPDIR)/eap_mschapv2.Tpo -c -o eap_mschapv2.lo `test -f 'src/eap_peer/eap_mschapv2.c' || echo '$(srcdir)/'`src/eap_peer/eap_mschapv2.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/eap_mschapv2.Tpo $(DEPDIR)/eap_mschapv2.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/eap_peer/eap_mschapv2.c' object='eap_mschapv2.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o eap_mschapv2.lo `test -f 'src/eap_peer/eap_mschapv2.c' || echo '$(srcdir)/'`src/eap_peer/eap_mschapv2.c mschapv2.lo: src/eap_peer/mschapv2.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT mschapv2.lo -MD -MP -MF $(DEPDIR)/mschapv2.Tpo -c -o mschapv2.lo `test -f 'src/eap_peer/mschapv2.c' || echo '$(srcdir)/'`src/eap_peer/mschapv2.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mschapv2.Tpo $(DEPDIR)/mschapv2.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/eap_peer/mschapv2.c' object='mschapv2.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o mschapv2.lo `test -f 'src/eap_peer/mschapv2.c' || echo '$(srcdir)/'`src/eap_peer/mschapv2.c eap_otp.lo: src/eap_peer/eap_otp.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT eap_otp.lo -MD -MP -MF $(DEPDIR)/eap_otp.Tpo -c -o eap_otp.lo `test -f 'src/eap_peer/eap_otp.c' || echo '$(srcdir)/'`src/eap_peer/eap_otp.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/eap_otp.Tpo $(DEPDIR)/eap_otp.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/eap_peer/eap_otp.c' object='eap_otp.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o eap_otp.lo `test -f 'src/eap_peer/eap_otp.c' || echo '$(srcdir)/'`src/eap_peer/eap_otp.c eap_gtc.lo: src/eap_peer/eap_gtc.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT eap_gtc.lo -MD -MP -MF $(DEPDIR)/eap_gtc.Tpo -c -o eap_gtc.lo `test -f 'src/eap_peer/eap_gtc.c' || echo '$(srcdir)/'`src/eap_peer/eap_gtc.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/eap_gtc.Tpo $(DEPDIR)/eap_gtc.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/eap_peer/eap_gtc.c' object='eap_gtc.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o eap_gtc.lo `test -f 'src/eap_peer/eap_gtc.c' || echo '$(srcdir)/'`src/eap_peer/eap_gtc.c eap_leap.lo: src/eap_peer/eap_leap.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT eap_leap.lo -MD -MP -MF $(DEPDIR)/eap_leap.Tpo -c -o eap_leap.lo `test -f 'src/eap_peer/eap_leap.c' || echo '$(srcdir)/'`src/eap_peer/eap_leap.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/eap_leap.Tpo $(DEPDIR)/eap_leap.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/eap_peer/eap_leap.c' object='eap_leap.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o eap_leap.lo `test -f 'src/eap_peer/eap_leap.c' || echo '$(srcdir)/'`src/eap_peer/eap_leap.c eap_psk.lo: src/eap_peer/eap_psk.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT eap_psk.lo -MD -MP -MF $(DEPDIR)/eap_psk.Tpo -c -o eap_psk.lo `test -f 'src/eap_peer/eap_psk.c' || echo '$(srcdir)/'`src/eap_peer/eap_psk.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/eap_psk.Tpo $(DEPDIR)/eap_psk.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/eap_peer/eap_psk.c' object='eap_psk.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o eap_psk.lo `test -f 'src/eap_peer/eap_psk.c' || echo '$(srcdir)/'`src/eap_peer/eap_psk.c eap_pax.lo: src/eap_peer/eap_pax.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT eap_pax.lo -MD -MP -MF $(DEPDIR)/eap_pax.Tpo -c -o eap_pax.lo `test -f 'src/eap_peer/eap_pax.c' || echo '$(srcdir)/'`src/eap_peer/eap_pax.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/eap_pax.Tpo $(DEPDIR)/eap_pax.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/eap_peer/eap_pax.c' object='eap_pax.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o eap_pax.lo `test -f 'src/eap_peer/eap_pax.c' || echo '$(srcdir)/'`src/eap_peer/eap_pax.c eap_sake.lo: src/eap_peer/eap_sake.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT eap_sake.lo -MD -MP -MF $(DEPDIR)/eap_sake.Tpo -c -o eap_sake.lo `test -f 'src/eap_peer/eap_sake.c' || echo '$(srcdir)/'`src/eap_peer/eap_sake.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/eap_sake.Tpo $(DEPDIR)/eap_sake.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/eap_peer/eap_sake.c' object='eap_sake.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o eap_sake.lo `test -f 'src/eap_peer/eap_sake.c' || echo '$(srcdir)/'`src/eap_peer/eap_sake.c eap_gpsk.lo: src/eap_peer/eap_gpsk.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT eap_gpsk.lo -MD -MP -MF $(DEPDIR)/eap_gpsk.Tpo -c -o eap_gpsk.lo `test -f 'src/eap_peer/eap_gpsk.c' || echo '$(srcdir)/'`src/eap_peer/eap_gpsk.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/eap_gpsk.Tpo $(DEPDIR)/eap_gpsk.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/eap_peer/eap_gpsk.c' object='eap_gpsk.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o eap_gpsk.lo `test -f 'src/eap_peer/eap_gpsk.c' || echo '$(srcdir)/'`src/eap_peer/eap_gpsk.c eap.lo: src/eap_peer/eap.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT eap.lo -MD -MP -MF $(DEPDIR)/eap.Tpo -c -o eap.lo `test -f 'src/eap_peer/eap.c' || echo '$(srcdir)/'`src/eap_peer/eap.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/eap.Tpo $(DEPDIR)/eap.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/eap_peer/eap.c' object='eap.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o eap.lo `test -f 'src/eap_peer/eap.c' || echo '$(srcdir)/'`src/eap_peer/eap.c eap_common.lo: src/eap_common/eap_common.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT eap_common.lo -MD -MP -MF $(DEPDIR)/eap_common.Tpo -c -o eap_common.lo `test -f 'src/eap_common/eap_common.c' || echo '$(srcdir)/'`src/eap_common/eap_common.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/eap_common.Tpo $(DEPDIR)/eap_common.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/eap_common/eap_common.c' object='eap_common.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o eap_common.lo `test -f 'src/eap_common/eap_common.c' || echo '$(srcdir)/'`src/eap_common/eap_common.c eap_methods.lo: src/eap_peer/eap_methods.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT eap_methods.lo -MD -MP -MF $(DEPDIR)/eap_methods.Tpo -c -o eap_methods.lo `test -f 'src/eap_peer/eap_methods.c' || echo '$(srcdir)/'`src/eap_peer/eap_methods.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/eap_methods.Tpo $(DEPDIR)/eap_methods.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/eap_peer/eap_methods.c' object='eap_methods.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o eap_methods.lo `test -f 'src/eap_peer/eap_methods.c' || echo '$(srcdir)/'`src/eap_peer/eap_methods.c eap_tls_common.lo: src/eap_peer/eap_tls_common.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT eap_tls_common.lo -MD -MP -MF $(DEPDIR)/eap_tls_common.Tpo -c -o eap_tls_common.lo `test -f 'src/eap_peer/eap_tls_common.c' || echo '$(srcdir)/'`src/eap_peer/eap_tls_common.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/eap_tls_common.Tpo $(DEPDIR)/eap_tls_common.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/eap_peer/eap_tls_common.c' object='eap_tls_common.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o eap_tls_common.lo `test -f 'src/eap_peer/eap_tls_common.c' || echo '$(srcdir)/'`src/eap_peer/eap_tls_common.c base64.lo: src/utils/base64.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT base64.lo -MD -MP -MF $(DEPDIR)/base64.Tpo -c -o base64.lo `test -f 'src/utils/base64.c' || echo '$(srcdir)/'`src/utils/base64.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/base64.Tpo $(DEPDIR)/base64.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/utils/base64.c' object='base64.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o base64.lo `test -f 'src/utils/base64.c' || echo '$(srcdir)/'`src/utils/base64.c common.lo: src/utils/common.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT common.lo -MD -MP -MF $(DEPDIR)/common.Tpo -c -o common.lo `test -f 'src/utils/common.c' || echo '$(srcdir)/'`src/utils/common.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/common.Tpo $(DEPDIR)/common.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/utils/common.c' object='common.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o common.lo `test -f 'src/utils/common.c' || echo '$(srcdir)/'`src/utils/common.c ip_addr.lo: src/utils/ip_addr.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ip_addr.lo -MD -MP -MF $(DEPDIR)/ip_addr.Tpo -c -o ip_addr.lo `test -f 'src/utils/ip_addr.c' || echo '$(srcdir)/'`src/utils/ip_addr.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/ip_addr.Tpo $(DEPDIR)/ip_addr.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/utils/ip_addr.c' object='ip_addr.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ip_addr.lo `test -f 'src/utils/ip_addr.c' || echo '$(srcdir)/'`src/utils/ip_addr.c radiotap.lo: src/utils/radiotap.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT radiotap.lo -MD -MP -MF $(DEPDIR)/radiotap.Tpo -c -o radiotap.lo `test -f 'src/utils/radiotap.c' || echo '$(srcdir)/'`src/utils/radiotap.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/radiotap.Tpo $(DEPDIR)/radiotap.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/utils/radiotap.c' object='radiotap.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o radiotap.lo `test -f 'src/utils/radiotap.c' || echo '$(srcdir)/'`src/utils/radiotap.c trace.lo: src/utils/trace.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT trace.lo -MD -MP -MF $(DEPDIR)/trace.Tpo -c -o trace.lo `test -f 'src/utils/trace.c' || echo '$(srcdir)/'`src/utils/trace.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/trace.Tpo $(DEPDIR)/trace.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/utils/trace.c' object='trace.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o trace.lo `test -f 'src/utils/trace.c' || echo '$(srcdir)/'`src/utils/trace.c uuid.lo: src/utils/uuid.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT uuid.lo -MD -MP -MF $(DEPDIR)/uuid.Tpo -c -o uuid.lo `test -f 'src/utils/uuid.c' || echo '$(srcdir)/'`src/utils/uuid.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/uuid.Tpo $(DEPDIR)/uuid.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/utils/uuid.c' object='uuid.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o uuid.lo `test -f 'src/utils/uuid.c' || echo '$(srcdir)/'`src/utils/uuid.c wpa_debug.lo: src/utils/wpa_debug.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT wpa_debug.lo -MD -MP -MF $(DEPDIR)/wpa_debug.Tpo -c -o wpa_debug.lo `test -f 'src/utils/wpa_debug.c' || echo '$(srcdir)/'`src/utils/wpa_debug.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/wpa_debug.Tpo $(DEPDIR)/wpa_debug.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/utils/wpa_debug.c' object='wpa_debug.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o wpa_debug.lo `test -f 'src/utils/wpa_debug.c' || echo '$(srcdir)/'`src/utils/wpa_debug.c wpabuf.lo: src/utils/wpabuf.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT wpabuf.lo -MD -MP -MF $(DEPDIR)/wpabuf.Tpo -c -o wpabuf.lo `test -f 'src/utils/wpabuf.c' || echo '$(srcdir)/'`src/utils/wpabuf.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/wpabuf.Tpo $(DEPDIR)/wpabuf.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/utils/wpabuf.c' object='wpabuf.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o wpabuf.lo `test -f 'src/utils/wpabuf.c' || echo '$(srcdir)/'`src/utils/wpabuf.c os_unix.lo: src/utils/os_unix.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT os_unix.lo -MD -MP -MF $(DEPDIR)/os_unix.Tpo -c -o os_unix.lo `test -f 'src/utils/os_unix.c' || echo '$(srcdir)/'`src/utils/os_unix.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/os_unix.Tpo $(DEPDIR)/os_unix.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/utils/os_unix.c' object='os_unix.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o os_unix.lo `test -f 'src/utils/os_unix.c' || echo '$(srcdir)/'`src/utils/os_unix.c radius_utils.lo: src/utils/radius_utils.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT radius_utils.lo -MD -MP -MF $(DEPDIR)/radius_utils.Tpo -c -o radius_utils.lo `test -f 'src/utils/radius_utils.c' || echo '$(srcdir)/'`src/utils/radius_utils.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/radius_utils.Tpo $(DEPDIR)/radius_utils.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/utils/radius_utils.c' object='radius_utils.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o radius_utils.lo `test -f 'src/utils/radius_utils.c' || echo '$(srcdir)/'`src/utils/radius_utils.c aes-cbc.lo: src/crypto/aes-cbc.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT aes-cbc.lo -MD -MP -MF $(DEPDIR)/aes-cbc.Tpo -c -o aes-cbc.lo `test -f 'src/crypto/aes-cbc.c' || echo '$(srcdir)/'`src/crypto/aes-cbc.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/aes-cbc.Tpo $(DEPDIR)/aes-cbc.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/crypto/aes-cbc.c' object='aes-cbc.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o aes-cbc.lo `test -f 'src/crypto/aes-cbc.c' || echo '$(srcdir)/'`src/crypto/aes-cbc.c aes-ctr.lo: src/crypto/aes-ctr.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT aes-ctr.lo -MD -MP -MF $(DEPDIR)/aes-ctr.Tpo -c -o aes-ctr.lo `test -f 'src/crypto/aes-ctr.c' || echo '$(srcdir)/'`src/crypto/aes-ctr.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/aes-ctr.Tpo $(DEPDIR)/aes-ctr.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/crypto/aes-ctr.c' object='aes-ctr.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o aes-ctr.lo `test -f 'src/crypto/aes-ctr.c' || echo '$(srcdir)/'`src/crypto/aes-ctr.c aes-eax.lo: src/crypto/aes-eax.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT aes-eax.lo -MD -MP -MF $(DEPDIR)/aes-eax.Tpo -c -o aes-eax.lo `test -f 'src/crypto/aes-eax.c' || echo '$(srcdir)/'`src/crypto/aes-eax.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/aes-eax.Tpo $(DEPDIR)/aes-eax.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/crypto/aes-eax.c' object='aes-eax.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o aes-eax.lo `test -f 'src/crypto/aes-eax.c' || echo '$(srcdir)/'`src/crypto/aes-eax.c aes-encblock.lo: src/crypto/aes-encblock.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT aes-encblock.lo -MD -MP -MF $(DEPDIR)/aes-encblock.Tpo -c -o aes-encblock.lo `test -f 'src/crypto/aes-encblock.c' || echo '$(srcdir)/'`src/crypto/aes-encblock.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/aes-encblock.Tpo $(DEPDIR)/aes-encblock.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/crypto/aes-encblock.c' object='aes-encblock.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o aes-encblock.lo `test -f 'src/crypto/aes-encblock.c' || echo '$(srcdir)/'`src/crypto/aes-encblock.c aes-omac1.lo: src/crypto/aes-omac1.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT aes-omac1.lo -MD -MP -MF $(DEPDIR)/aes-omac1.Tpo -c -o aes-omac1.lo `test -f 'src/crypto/aes-omac1.c' || echo '$(srcdir)/'`src/crypto/aes-omac1.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/aes-omac1.Tpo $(DEPDIR)/aes-omac1.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/crypto/aes-omac1.c' object='aes-omac1.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o aes-omac1.lo `test -f 'src/crypto/aes-omac1.c' || echo '$(srcdir)/'`src/crypto/aes-omac1.c aes-unwrap.lo: src/crypto/aes-unwrap.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT aes-unwrap.lo -MD -MP -MF $(DEPDIR)/aes-unwrap.Tpo -c -o aes-unwrap.lo `test -f 'src/crypto/aes-unwrap.c' || echo '$(srcdir)/'`src/crypto/aes-unwrap.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/aes-unwrap.Tpo $(DEPDIR)/aes-unwrap.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/crypto/aes-unwrap.c' object='aes-unwrap.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o aes-unwrap.lo `test -f 'src/crypto/aes-unwrap.c' || echo '$(srcdir)/'`src/crypto/aes-unwrap.c aes-wrap.lo: src/crypto/aes-wrap.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT aes-wrap.lo -MD -MP -MF $(DEPDIR)/aes-wrap.Tpo -c -o aes-wrap.lo `test -f 'src/crypto/aes-wrap.c' || echo '$(srcdir)/'`src/crypto/aes-wrap.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/aes-wrap.Tpo $(DEPDIR)/aes-wrap.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/crypto/aes-wrap.c' object='aes-wrap.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o aes-wrap.lo `test -f 'src/crypto/aes-wrap.c' || echo '$(srcdir)/'`src/crypto/aes-wrap.c md5.lo: src/crypto/md5.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT md5.lo -MD -MP -MF $(DEPDIR)/md5.Tpo -c -o md5.lo `test -f 'src/crypto/md5.c' || echo '$(srcdir)/'`src/crypto/md5.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/md5.Tpo $(DEPDIR)/md5.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/crypto/md5.c' object='md5.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o md5.lo `test -f 'src/crypto/md5.c' || echo '$(srcdir)/'`src/crypto/md5.c md5-non-fips.lo: src/crypto/md5-non-fips.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT md5-non-fips.lo -MD -MP -MF $(DEPDIR)/md5-non-fips.Tpo -c -o md5-non-fips.lo `test -f 'src/crypto/md5-non-fips.c' || echo '$(srcdir)/'`src/crypto/md5-non-fips.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/md5-non-fips.Tpo $(DEPDIR)/md5-non-fips.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/crypto/md5-non-fips.c' object='md5-non-fips.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o md5-non-fips.lo `test -f 'src/crypto/md5-non-fips.c' || echo '$(srcdir)/'`src/crypto/md5-non-fips.c milenage.lo: src/crypto/milenage.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT milenage.lo -MD -MP -MF $(DEPDIR)/milenage.Tpo -c -o milenage.lo `test -f 'src/crypto/milenage.c' || echo '$(srcdir)/'`src/crypto/milenage.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/milenage.Tpo $(DEPDIR)/milenage.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/crypto/milenage.c' object='milenage.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o milenage.lo `test -f 'src/crypto/milenage.c' || echo '$(srcdir)/'`src/crypto/milenage.c ms_funcs.lo: src/crypto/ms_funcs.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ms_funcs.lo -MD -MP -MF $(DEPDIR)/ms_funcs.Tpo -c -o ms_funcs.lo `test -f 'src/crypto/ms_funcs.c' || echo '$(srcdir)/'`src/crypto/ms_funcs.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/ms_funcs.Tpo $(DEPDIR)/ms_funcs.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/crypto/ms_funcs.c' object='ms_funcs.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ms_funcs.lo `test -f 'src/crypto/ms_funcs.c' || echo '$(srcdir)/'`src/crypto/ms_funcs.c sha1.lo: src/crypto/sha1.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sha1.lo -MD -MP -MF $(DEPDIR)/sha1.Tpo -c -o sha1.lo `test -f 'src/crypto/sha1.c' || echo '$(srcdir)/'`src/crypto/sha1.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/sha1.Tpo $(DEPDIR)/sha1.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/crypto/sha1.c' object='sha1.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sha1.lo `test -f 'src/crypto/sha1.c' || echo '$(srcdir)/'`src/crypto/sha1.c sha1-pbkdf2.lo: src/crypto/sha1-pbkdf2.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sha1-pbkdf2.lo -MD -MP -MF $(DEPDIR)/sha1-pbkdf2.Tpo -c -o sha1-pbkdf2.lo `test -f 'src/crypto/sha1-pbkdf2.c' || echo '$(srcdir)/'`src/crypto/sha1-pbkdf2.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/sha1-pbkdf2.Tpo $(DEPDIR)/sha1-pbkdf2.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/crypto/sha1-pbkdf2.c' object='sha1-pbkdf2.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sha1-pbkdf2.lo `test -f 'src/crypto/sha1-pbkdf2.c' || echo '$(srcdir)/'`src/crypto/sha1-pbkdf2.c sha1-tlsprf.lo: src/crypto/sha1-tlsprf.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sha1-tlsprf.lo -MD -MP -MF $(DEPDIR)/sha1-tlsprf.Tpo -c -o sha1-tlsprf.lo `test -f 'src/crypto/sha1-tlsprf.c' || echo '$(srcdir)/'`src/crypto/sha1-tlsprf.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/sha1-tlsprf.Tpo $(DEPDIR)/sha1-tlsprf.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/crypto/sha1-tlsprf.c' object='sha1-tlsprf.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sha1-tlsprf.lo `test -f 'src/crypto/sha1-tlsprf.c' || echo '$(srcdir)/'`src/crypto/sha1-tlsprf.c sha1-tprf.lo: src/crypto/sha1-tprf.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sha1-tprf.lo -MD -MP -MF $(DEPDIR)/sha1-tprf.Tpo -c -o sha1-tprf.lo `test -f 'src/crypto/sha1-tprf.c' || echo '$(srcdir)/'`src/crypto/sha1-tprf.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/sha1-tprf.Tpo $(DEPDIR)/sha1-tprf.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/crypto/sha1-tprf.c' object='sha1-tprf.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sha1-tprf.lo `test -f 'src/crypto/sha1-tprf.c' || echo '$(srcdir)/'`src/crypto/sha1-tprf.c sha256.lo: src/crypto/sha256.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sha256.lo -MD -MP -MF $(DEPDIR)/sha256.Tpo -c -o sha256.lo `test -f 'src/crypto/sha256.c' || echo '$(srcdir)/'`src/crypto/sha256.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/sha256.Tpo $(DEPDIR)/sha256.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/crypto/sha256.c' object='sha256.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sha256.lo `test -f 'src/crypto/sha256.c' || echo '$(srcdir)/'`src/crypto/sha256.c crypto_openssl.lo: src/crypto/crypto_openssl.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT crypto_openssl.lo -MD -MP -MF $(DEPDIR)/crypto_openssl.Tpo -c -o crypto_openssl.lo `test -f 'src/crypto/crypto_openssl.c' || echo '$(srcdir)/'`src/crypto/crypto_openssl.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/crypto_openssl.Tpo $(DEPDIR)/crypto_openssl.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/crypto/crypto_openssl.c' object='crypto_openssl.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o crypto_openssl.lo `test -f 'src/crypto/crypto_openssl.c' || echo '$(srcdir)/'`src/crypto/crypto_openssl.c tls_openssl.lo: src/crypto/tls_openssl.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT tls_openssl.lo -MD -MP -MF $(DEPDIR)/tls_openssl.Tpo -c -o tls_openssl.lo `test -f 'src/crypto/tls_openssl.c' || echo '$(srcdir)/'`src/crypto/tls_openssl.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/tls_openssl.Tpo $(DEPDIR)/tls_openssl.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/crypto/tls_openssl.c' object='tls_openssl.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o tls_openssl.lo `test -f 'src/crypto/tls_openssl.c' || echo '$(srcdir)/'`src/crypto/tls_openssl.c mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs ID: $(am__tagged_files) $(am__define_uniq_tagged_files); mkid -fID $$unique tags: tags-am TAGS: tags tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) set x; \ here=`pwd`; \ $(am__define_uniq_tagged_files); \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: ctags-am CTAGS: ctags ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) $(am__define_uniq_tagged_files); \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" cscopelist: cscopelist-am cscopelist-am: $(am__tagged_files) list='$(am__tagged_files)'; \ case "$(srcdir)" in \ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ *) sdir=$(subdir)/$(srcdir) ;; \ esac; \ for i in $$list; do \ if test -f "$$i"; then \ echo "$(subdir)/$$i"; \ else \ echo "$$sdir/$$i"; \ fi; \ done >> $(top_builddir)/cscope.files distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile $(LTLIBRARIES) $(HEADERS) installdirs: install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: if test -z '$(STRIP)'; then \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ install; \ else \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ fi mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-am clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: .MAKE: install-am install-strip .PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \ clean-libtool clean-noinstLTLIBRARIES cscopelist-am ctags \ ctags-am distclean distclean-compile distclean-generic \ distclean-libtool distclean-tags distdir dvi dvi-am html \ html-am info info-am install install-am install-data \ install-data-am install-dvi install-dvi-am install-exec \ install-exec-am install-html install-html-am install-info \ install-info-am install-man install-pdf install-pdf-am \ install-ps install-ps-am install-strip installcheck \ installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags tags-am uninstall uninstall-am # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: mech_eap-0.9.2/libeap/Makefile.am0000644001755200017500000001257012406014472013510 00000000000000AUTOMAKE_OPTIONS = foreign AM_CPPFLAGS = -I$(srcdir)/src -I$(srcdir)/eap_example -I$(srcdir)/src/utils @OPENSSL_CFLAGS@ noinst_HEADERS = \ src/common/defs.h \ src/common/eapol_common.h \ src/common/ieee802_11_common.h \ src/common/ieee802_11_defs.h \ src/common/privsep_commands.h \ src/common/version.h \ src/common/wpa_common.h \ src/common/wpa_ctrl.h EXTRA_DIST = src/tls/libtommath.c \ wpa_supplicant/README SOURCES_BOTH = src/eap_common/eap_peap_common.c SOURCES_BOTH += src/eap_common/eap_psk_common.c SOURCES_BOTH += src/eap_common/eap_pax_common.c SOURCES_BOTH += src/eap_common/eap_sake_common.c SOURCES_BOTH += src/eap_common/eap_gpsk_common.c SOURCES_BOTH += src/eap_common/chap.c \ src/eap_common/chap.h \ src/eap_common/eap_common.h \ src/eap_common/eap_defs.h \ src/eap_common/eap_fast_common.h \ src/eap_common/eap_gpsk_common.h \ src/eap_common/eap_ikev2_common.h \ src/eap_common/eap_pax_common.h \ src/eap_common/eap_peap_common.h \ src/eap_common/eap_psk_common.h \ src/eap_common/eap_pwd_common.h \ src/eap_common/eap_sake_common.h \ src/eap_common/eap_sim_common.h \ src/eap_common/eap_tlv_common.h \ src/eap_common/eap_ttls.h \ src/eap_common/eap_wsc_common.h \ src/eap_common/ikev2_common.h SOURCES_peer = src/eap_peer/eap_tls.c SOURCES_peer += src/eap_peer/eap_peap.c SOURCES_peer += src/eap_peer/eap_ttls.c SOURCES_peer += src/eap_peer/eap_md5.c SOURCES_peer += src/eap_peer/eap_mschapv2.c SOURCES_peer += src/eap_peer/mschapv2.c SOURCES_peer += src/eap_peer/eap_otp.c SOURCES_peer += src/eap_peer/eap_gtc.c SOURCES_peer += src/eap_peer/eap_leap.c SOURCES_peer += src/eap_peer/eap_psk.c SOURCES_peer += src/eap_peer/eap_pax.c SOURCES_peer += src/eap_peer/eap_sake.c SOURCES_peer += src/eap_peer/eap_gpsk.c SOURCES_peer += src/eap_peer/eap.c SOURCES_peer += src/eap_common/eap_common.c SOURCES_peer += src/eap_peer/eap_methods.c SOURCES_peer += src/eap_peer/eap_tls_common.c \ src/eap_peer/eap_config.h \ src/eap_peer/eap_fast_pac.h \ src/eap_peer/eap.h \ src/eap_peer/eap_i.h \ src/eap_peer/eap_methods.h \ src/eap_peer/eap_tls_common.h \ src/eap_peer/ikev2.h \ src/eap_peer/mschapv2.h \ src/eap_peer/tncc.h \ src/radius/radius.h AM_CFLAGS = -DEAP_TLS AM_CFLAGS += -DEAP_PEAP AM_CFLAGS += -DEAP_TTLS AM_CFLAGS += -DEAP_MD5 AM_CFLAGS += -DEAP_MSCHAPv2 AM_CFLAGS += -DEAP_GTC AM_CFLAGS += -DEAP_OTP AM_CFLAGS += -DEAP_LEAP AM_CFLAGS += -DEAP_PSK AM_CFLAGS += -DEAP_PAX AM_CFLAGS += -DEAP_SAKE AM_CFLAGS += -DEAP_GPSK -DEAP_GPSK_SHA256 AM_CFLAGS += -DEAP_SERVER_IDENTITY AM_CFLAGS += -DEAP_SERVER_TLS AM_CFLAGS += -DEAP_SERVER_PEAP AM_CFLAGS += -DEAP_SERVER_TTLS AM_CFLAGS += -DEAP_SERVER_MD5 AM_CFLAGS += -DEAP_SERVER_MSCHAPV2 AM_CFLAGS += -DEAP_SERVER_GTC AM_CFLAGS += -DEAP_SERVER_PSK AM_CFLAGS += -DEAP_SERVER_PAX AM_CFLAGS += -DEAP_SERVER_SAKE AM_CFLAGS += -DEAP_SERVER_GPSK -DEAP_SERVER_GPSK_SHA256 AM_CFLAGS += -DIEEE8021X_EAPOL AM_CFLAGS += -DCONFIG_IPV6 AM_CFLAGS += -DCONFIG_INTERNAL_LIBTOMMATH AM_CFLAGS += -DCONFIG_INTERNAL_SHA1 AM_CFLAGS += -DEAP_TLS_OPENSSL AM_CFLAGS += -DPKCS12_FUNCS AM_CFLAGS += -DCONFIG_SHA256 UTILS_SRCS = src/utils/base64.c \ src/utils/common.c \ src/utils/ip_addr.c \ src/utils/radiotap.c \ src/utils/trace.c \ src/utils/uuid.c \ src/utils/wpa_debug.c \ src/utils/wpabuf.c \ src/utils/os_unix.c \ src/utils/radius_utils.c \ src/utils/radius_utils.h \ src/utils/base64.h \ src/utils/build_config.h \ src/utils/common.h \ src/utils/eloop.h \ src/utils/includes.h \ src/utils/ip_addr.h \ src/utils/list.h \ src/utils/os.h \ src/utils/pcsc_funcs.h \ src/utils/radiotap.h \ src/utils/radiotap_iter.h \ src/utils/state_machine.h \ src/utils/trace.h \ src/utils/uuid.h \ src/utils/wpabuf.h \ src/utils/wpa_debug.h CRYPTO_SRCS = \ src/crypto/aes-cbc.c \ src/crypto/aes-ctr.c \ src/crypto/aes-eax.c \ src/crypto/aes-encblock.c \ src/crypto/aes-omac1.c \ src/crypto/aes-unwrap.c \ src/crypto/aes-wrap.c \ src/crypto/md5.c \ src/crypto/md5-non-fips.c \ src/crypto/milenage.c \ src/crypto/ms_funcs.c \ src/crypto/sha1.c \ src/crypto/sha1-pbkdf2.c \ src/crypto/sha1-tlsprf.c \ src/crypto/sha1-tprf.c \ src/crypto/sha256.c \ src/crypto/crypto_openssl.c \ src/crypto/tls_openssl.c \ src/crypto/aes.h \ src/crypto/aes_i.h \ src/crypto/aes_wrap.h \ src/crypto/crypto.h \ src/crypto/dh_group5.h \ src/crypto/dh_groups.h \ src/crypto/md5.h \ src/crypto/milenage.h \ src/crypto/ms_funcs.h \ src/crypto/sha1.h \ src/crypto/sha256.h \ src/crypto/tls.h TLS_SRCS = \ src/tls/asn1.c \ src/tls/bignum.c \ src/tls/pkcs1.c \ src/tls/pkcs5.c \ src/tls/pkcs8.c \ src/tls/rsa.c \ src/tls/tlsv1_client.c \ src/tls/tlsv1_client_read.c \ src/tls/tlsv1_client_write.c \ src/tls/tlsv1_common.c \ src/tls/tlsv1_cred.c \ src/tls/tlsv1_record.c \ src/tls/tlsv1_server.c \ src/tls/tlsv1_server_read.c \ src/tls/tlsv1_server_write.c \ src/tls/x509v3.c \ src/tls/asn1.h \ src/tls/bignum.h \ src/tls/pkcs1.h \ src/tls/pkcs5.h \ src/tls/pkcs8.h \ src/tls/rsa.h \ src/tls/tlsv1_client.h \ src/tls/tlsv1_client_i.h \ src/tls/tlsv1_common.h \ src/tls/tlsv1_cred.h \ src/tls/tlsv1_record.h \ src/tls/tlsv1_server.h \ src/tls/tlsv1_server_i.h \ src/tls/x509v3.h libeap_la_SOURCES = $(SOURCES_BOTH) $(SOURCES_peer) $(UTILS_SRCS) $(CRYPTO_SRCS) noinst_LTLIBRARIES = libeap.la mech_eap-0.9.2/libeap/README0000644001755200017500000000133112406014472012325 00000000000000wpa_supplicant and hostapd v0.6.x --------------------------------- Copyright (c) 2002-2007, Jouni Malinen and contributors All Rights Reserved. These program is dual-licensed under both the GPL version 2 and BSD license. Either license may be used at your option. This package may include either wpa_supplicant, hostapd, or both. See README file respective subdirectories (wpa_supplicant/README or hostapd/README) for more details. Source code files have been moved around in v0.6.x releases and compared to earlier releases, the programs are now build by first going to a subdirectory (wpa_supplicant or hostapd) and creating build configuration (.config) and running 'make' there (for Linux/BSD/cygwin builds). mech_eap-0.9.2/libeap/wpa_supplicant/0000755001755200017500000000000012406014773014564 500000000000000mech_eap-0.9.2/libeap/wpa_supplicant/README0000644001755200017500000011355512406014472015372 00000000000000WPA Supplicant ============== Copyright (c) 2003-2010, Jouni Malinen and contributors All Rights Reserved. This program is dual-licensed under both the GPL version 2 and BSD license. Either license may be used at your option. License ------- GPL v2: This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License version 2 as published by the Free Software Foundation. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA (this copy of the license is in COPYING file) Alternatively, this software may be distributed, used, and modified under the terms of BSD license: Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. Neither the name(s) of the above-listed copyright holder(s) nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. Features -------- Supported WPA/IEEE 802.11i features: - WPA-PSK ("WPA-Personal") - WPA with EAP (e.g., with RADIUS authentication server) ("WPA-Enterprise") Following authentication methods are supported with an integrate IEEE 802.1X Supplicant: * EAP-TLS * EAP-PEAP/MSCHAPv2 (both PEAPv0 and PEAPv1) * EAP-PEAP/TLS (both PEAPv0 and PEAPv1) * EAP-PEAP/GTC (both PEAPv0 and PEAPv1) * EAP-PEAP/OTP (both PEAPv0 and PEAPv1) * EAP-PEAP/MD5-Challenge (both PEAPv0 and PEAPv1) * EAP-TTLS/EAP-MD5-Challenge * EAP-TTLS/EAP-GTC * EAP-TTLS/EAP-OTP * EAP-TTLS/EAP-MSCHAPv2 * EAP-TTLS/EAP-TLS * EAP-TTLS/MSCHAPv2 * EAP-TTLS/MSCHAP * EAP-TTLS/PAP * EAP-TTLS/CHAP * EAP-SIM * EAP-AKA * EAP-PSK * EAP-PAX * EAP-SAKE * EAP-IKEv2 * EAP-GPSK * LEAP (note: requires special support from the driver for IEEE 802.11 authentication) (following methods are supported, but since they do not generate keying material, they cannot be used with WPA or IEEE 802.1X WEP keying) * EAP-MD5-Challenge * EAP-MSCHAPv2 * EAP-GTC * EAP-OTP - key management for CCMP, TKIP, WEP104, WEP40 - RSN/WPA2 (IEEE 802.11i) * pre-authentication * PMKSA caching Supported TLS/crypto libraries: - OpenSSL (default) - GnuTLS Internal TLS/crypto implementation (optional): - can be used in place of an external TLS/crypto library - TLSv1 - X.509 certificate processing - PKCS #1 - ASN.1 - RSA - bignum - minimal size (ca. 50 kB binary, parts of which are already needed for WPA; TLSv1/X.509/ASN.1/RSA/bignum parts are about 25 kB on x86) Requirements ------------ Current hardware/software requirements: - Linux kernel 2.4.x or 2.6.x with Linux Wireless Extensions v15 or newer - FreeBSD 6-CURRENT - NetBSD-current - Microsoft Windows with WinPcap (at least WinXP, may work with other versions) - drivers: Linux drivers that support WPA/WPA2 configuration with the generic Linux wireless extensions (WE-18 or newer). Even though there are number of driver specific interface included in wpa_supplicant, please note that Linux drivers are moving to use generic wireless extensions and driver_wext (-Dwext on wpa_supplicant command line) should be the default option to start with before falling back to driver specific interface. Host AP driver for Prism2/2.5/3 (development snapshot/v0.2.x) (http://hostap.epitest.fi/) Driver need to be set in Managed mode ('iwconfig wlan0 mode managed'). Please note that station firmware version needs to be 1.7.0 or newer to work in WPA mode. Linuxant DriverLoader (http://www.linuxant.com/driverloader/) with Windows NDIS driver for your wlan card supporting WPA. Agere Systems Inc. Linux Driver (http://www.agere.com/support/drivers/) Please note that the driver interface file (driver_hermes.c) and hardware specific include files are not included in the wpa_supplicant distribution. You will need to copy these from the source package of the Agere driver. madwifi driver for cards based on Atheros chip set (ar521x) (http://sourceforge.net/projects/madwifi/) Please note that you will need to modify the wpa_supplicant .config file to use the correct path for the madwifi driver root directory (CFLAGS += -I../madwifi/wpa line in example defconfig). ATMEL AT76C5XXx driver for USB and PCMCIA cards (http://atmelwlandriver.sourceforge.net/). Linux ndiswrapper (http://ndiswrapper.sourceforge.net/) with Windows NDIS driver. Broadcom wl.o driver (old version only) This is a generic Linux driver for Broadcom IEEE 802.11a/g cards. However, it is proprietary driver that is not publicly available except for couple of exceptions, mainly Broadcom-based APs/wireless routers that use Linux. The driver binary can be downloaded, e.g., from Linksys support site (http://www.linksys.com/support/gpl.asp) for Linksys WRT54G. The GPL tarball includes cross-compiler and the needed header file, wlioctl.h, for compiling wpa_supplicant. This driver support in wpa_supplicant is expected to work also with other devices based on Broadcom driver (assuming the driver includes client mode support). Please note that the newer Broadcom driver ("hybrid Linux driver") supports Linux wireless extensions and does not need (or even work) with the specific driver wrapper. Use -Dwext with that driver. Intel ipw2100 driver (http://sourceforge.net/projects/ipw2100/) Intel ipw2200 driver (http://sourceforge.net/projects/ipw2200/) In theory, any driver that supports Linux wireless extensions can be used with IEEE 802.1X (i.e., not WPA) when using ap_scan=0 option in configuration file. Wired Ethernet drivers (with ap_scan=0) BSD net80211 layer (e.g., Atheros driver) At the moment, this is for FreeBSD 6-CURRENT branch and NetBSD-current. Windows NDIS The current Windows port requires WinPcap (http://winpcap.polito.it/). See README-Windows.txt for more information. wpa_supplicant was designed to be portable for different drivers and operating systems. Hopefully, support for more wlan cards and OSes will be added in the future. See developer's documentation (http://hostap.epitest.fi/wpa_supplicant/devel/) for more information about the design of wpa_supplicant and porting to other drivers. One main goal is to add full WPA/WPA2 support to Linux wireless extensions to allow new drivers to be supported without having to implement new driver-specific interface code in wpa_supplicant. Optional libraries for layer2 packet processing: - libpcap (tested with 0.7.2, most relatively recent versions assumed to work, this is likely to be available with most distributions, http://tcpdump.org/) - libdnet (tested with v1.4, most versions assumed to work, http://libdnet.sourceforge.net/) These libraries are _not_ used in the default Linux build. Instead, internal Linux specific implementation is used. libpcap/libdnet are more portable and they can be used by adding CONFIG_L2_PACKET=pcap into .config. They may also be selected automatically for other operating systems. In case of Windows builds, WinPcap is used by default (CONFIG_L2_PACKET=winpcap). Optional libraries for EAP-TLS, EAP-PEAP, and EAP-TTLS: - OpenSSL (tested with 0.9.7c and 0.9.7d, and 0.9.8 versions; assumed to work with most relatively recent versions; this is likely to be available with most distributions, http://www.openssl.org/) - GnuTLS - internal TLSv1 implementation TLS options for EAP-FAST: - OpenSSL 0.9.8d _with_ openssl-0.9.8d-tls-extensions.patch applied (i.e., the default OpenSSL package does not include support for extensions needed for EAP-FAST) - internal TLSv1 implementation One of these libraries is needed when EAP-TLS, EAP-PEAP, EAP-TTLS, or EAP-FAST support is enabled. WPA-PSK mode does not require this or EAPOL/EAP implementation. A configuration file, .config, for compilation is needed to enable IEEE 802.1X/EAPOL and EAP methods. Note that EAP-MD5, EAP-GTC, EAP-OTP, and EAP-MSCHAPV2 cannot be used alone with WPA, so they should only be enabled if testing the EAPOL/EAP state machines. However, there can be used as inner authentication algorithms with EAP-PEAP and EAP-TTLS. See Building and installing section below for more detailed information about the wpa_supplicant build time configuration. WPA --- The original security mechanism of IEEE 802.11 standard was not designed to be strong and has proven to be insufficient for most networks that require some kind of security. Task group I (Security) of IEEE 802.11 working group (http://www.ieee802.org/11/) has worked to address the flaws of the base standard and has in practice completed its work in May 2004. The IEEE 802.11i amendment to the IEEE 802.11 standard was approved in June 2004 and published in July 2004. Wi-Fi Alliance (http://www.wi-fi.org/) used a draft version of the IEEE 802.11i work (draft 3.0) to define a subset of the security enhancements that can be implemented with existing wlan hardware. This is called Wi-Fi Protected Access (WPA). This has now become a mandatory component of interoperability testing and certification done by Wi-Fi Alliance. Wi-Fi provides information about WPA at its web site (http://www.wi-fi.org/OpenSection/protected_access.asp). IEEE 802.11 standard defined wired equivalent privacy (WEP) algorithm for protecting wireless networks. WEP uses RC4 with 40-bit keys, 24-bit initialization vector (IV), and CRC32 to protect against packet forgery. All these choices have proven to be insufficient: key space is too small against current attacks, RC4 key scheduling is insufficient (beginning of the pseudorandom stream should be skipped), IV space is too small and IV reuse makes attacks easier, there is no replay protection, and non-keyed authentication does not protect against bit flipping packet data. WPA is an intermediate solution for the security issues. It uses Temporal Key Integrity Protocol (TKIP) to replace WEP. TKIP is a compromise on strong security and possibility to use existing hardware. It still uses RC4 for the encryption like WEP, but with per-packet RC4 keys. In addition, it implements replay protection, keyed packet authentication mechanism (Michael MIC). Keys can be managed using two different mechanisms. WPA can either use an external authentication server (e.g., RADIUS) and EAP just like IEEE 802.1X is using or pre-shared keys without need for additional servers. Wi-Fi calls these "WPA-Enterprise" and "WPA-Personal", respectively. Both mechanisms will generate a master session key for the Authenticator (AP) and Supplicant (client station). WPA implements a new key handshake (4-Way Handshake and Group Key Handshake) for generating and exchanging data encryption keys between the Authenticator and Supplicant. This handshake is also used to verify that both Authenticator and Supplicant know the master session key. These handshakes are identical regardless of the selected key management mechanism (only the method for generating master session key changes). IEEE 802.11i / WPA2 ------------------- The design for parts of IEEE 802.11i that were not included in WPA has finished (May 2004) and this amendment to IEEE 802.11 was approved in June 2004. Wi-Fi Alliance is using the final IEEE 802.11i as a new version of WPA called WPA2. This includes, e.g., support for more robust encryption algorithm (CCMP: AES in Counter mode with CBC-MAC) to replace TKIP and optimizations for handoff (reduced number of messages in initial key handshake, pre-authentication, and PMKSA caching). wpa_supplicant -------------- wpa_supplicant is an implementation of the WPA Supplicant component, i.e., the part that runs in the client stations. It implements WPA key negotiation with a WPA Authenticator and EAP authentication with Authentication Server. In addition, it controls the roaming and IEEE 802.11 authentication/association of the wlan driver. wpa_supplicant is designed to be a "daemon" program that runs in the background and acts as the backend component controlling the wireless connection. wpa_supplicant supports separate frontend programs and an example text-based frontend, wpa_cli, is included with wpa_supplicant. Following steps are used when associating with an AP using WPA: - wpa_supplicant requests the kernel driver to scan neighboring BSSes - wpa_supplicant selects a BSS based on its configuration - wpa_supplicant requests the kernel driver to associate with the chosen BSS - If WPA-EAP: integrated IEEE 802.1X Supplicant completes EAP authentication with the authentication server (proxied by the Authenticator in the AP) - If WPA-EAP: master key is received from the IEEE 802.1X Supplicant - If WPA-PSK: wpa_supplicant uses PSK as the master session key - wpa_supplicant completes WPA 4-Way Handshake and Group Key Handshake with the Authenticator (AP) - wpa_supplicant configures encryption keys for unicast and broadcast - normal data packets can be transmitted and received Building and installing ----------------------- In order to be able to build wpa_supplicant, you will first need to select which parts of it will be included. This is done by creating a build time configuration file, .config, in the wpa_supplicant root directory. Configuration options are text lines using following format: CONFIG_