myproxy-6.2.16/0000755000175100017510000000000014557145304010350 500000000000000myproxy-6.2.16/myproxy_constants.h0000644000175100017510000000461114557142036014265 00000000000000/* * myproxy_constants.h * * constant declarations */ #ifndef __MYPROXY_CONSTANTS_H #define __MYPROXY_CONSTANTS_H /* Maximum pass phrase length */ #define MAX_PASS_LEN 1024 /* Arbitrary */ /* Define default myproxy-server -- should probably be put in config file */ #define MYPROXY_SERVER_PORT 7512 /* specify maximum delegation lifetime allowed on myproxy-server */ #define MYPROXY_DEFAULT_HOURS 168 /* 1 week */ #define MYPROXY_DEFAULT_DELEG_HOURS 12 #define MYPROXY_DEFAULT_KEYBITS 2048 /* NIST SP 800-57 */ #define MYPROXY_DEFAULT_TIMEOUT 120 #define MYPROXY_DEFAULT_CLOCK_SKEW 300 /* 5 minutes */ #define MYPROXY_CREDS_MAX_NAMELEN 80 /* longer names are hashed when used in filenames */ /* myproxy client protocol information */ /* beware no string below may be a suffix of another */ #define MYPROXY_VERSION_STRING "VERSION=" #define MYPROXY_COMMAND_STRING "COMMAND=" #define MYPROXY_USERNAME_STRING "USERNAME=" #define MYPROXY_PASSPHRASE_STRING "PASSPHRASE=" #define MYPROXY_NEW_PASSPHRASE_STRING "NEW_PHRASE=" #define MYPROXY_LIFETIME_STRING "LIFETIME=" #define MYPROXY_RETRIEVER_STRING "RETRIEVER=" #define MYPROXY_TRUSTED_RETRIEVER_STRING "RETRIEVER_TRUSTED=" #define MYPROXY_KEY_RETRIEVER_STRING "KEYRETRIEVERS=" #define MYPROXY_RENEWER_STRING "RENEWER=" #define MYPROXY_CRED_NAME_STRING "NAME=" #define MYPROXY_CRED_DESC_STRING "DESC=" #define MYPROXY_AUTHORIZATION_STRING "AUTHORIZATION_DATA=" #define MYPROXY_ADDITIONAL_CREDS_STRING "ADDL_CREDS=" #define MYPROXY_LOCKMSG_STRING "LOCKMSG=" #define MYPROXY_CRED_PREFIX "CRED" #define MYPROXY_START_TIME_STRING "START_TIME=" #define MYPROXY_END_TIME_STRING "END_TIME=" #define MYPROXY_CRED_OWNER_STRING "OWNER=" #define MYPROXY_TRUSTED_CERTS_STRING "TRUSTED_CERTS=" #define MYPROXY_FILEDATA_PREFIX "FILEDATA" #define MYPROXY_VONAME_STRING "VONAME=" #define MYPROXY_VOMSES_STRING "VOMSES=" /* myproxy server protocol information */ #define MYPROXY_RESPONSE_TYPE_STRING "RESPONSE=" #define MYPROXY_RESPONSE_SIZE_STRING "RESPONSE_SIZE=" #define MYPROXY_RESPONSE_STRING "RESPONSE_STR=" #define MYPROXY_ERROR_STRING "ERROR=" #ifndef INET6_ADDRSTRLEN #define INET6_ADDRSTRLEN 46 #endif #endif /* __MYPROXY_CONSTANTS_H */ myproxy-6.2.16/myproxy-server-setup0000755000175100017510000001214314557142036014407 00000000000000#!/usr/bin/perl -w # myproxy-server-setup: interactive myproxy-server installer use File::Temp qw(tempdir); use IPC::Open3; $CONFIG = "/etc/myproxy-server.config"; $tmpdir = tempdir(CLEANUP => 1); &checksanity(); &checkcerts(); &setupconfig(); &setupboot(); &startserver(); &testserver(); exit 0; sub checksanity { die "must be run as root, stopped" if ($>); die "\$GLOBUS_LOCATION not defined, stopped" if (!defined $ENV{'GLOBUS_LOCATION'}); chomp($gpi = `which grid-proxy-init 2>/dev/null`); die "grid-proxy-init not in PATH, stopped" if (!(-x $gpi)); chomp($gpd = `which grid-proxy-destroy 2>/dev/null`); die "grid-proxy-destroy not in PATH, stopped" if (!(-x $gpd)); chomp($mps = `which myproxy-server 2>/dev/null`); die "myproxy-server not in PATH, stopped" if (!(-x $mps)); } sub checkcerts { if (defined $ENV{'X509_USER_CERT'}) { $hostcert = $ENV{'X509_USER_CERT'}; } else { $hostcert = "/etc/grid-security/hostcert.pem"; } if (defined $ENV{'X509_USER_KEY'}) { $hostkey = $ENV{'X509_USER_KEY'}; } else { $hostkey = "/etc/grid-security/hostkey.pem"; } if (!-e $hostcert && !-e $hostkey) { die "no host credentials found, stopped"; } $cmd = "$gpi -debug -verify -cert $hostcert -key $hostkey -out $tmpdir/p"; ($exitstatus, $output) = &runcmd($cmd, undef); system("$gpd $tmpdir/p >/dev/null 2>&1"); if ($exitstatus) { print STDERR "Problem with host credentials:\n$output\n"; exit 1; } } sub setupconfig { if (-e $CONFIG) { print "Existing $CONFIG not modified.\n"; } else { open(CONF, ">$CONFIG") || die "failed to open $CONFIG, stopped"; print CONF "# Default policy written by myproxy-server-setup.\n"; print CONF "accepted_credentials \"*\"\n"; print CONF "authorized_retrievers \"*\"\n"; print CONF "default_retrievers \"*\"\n"; print CONF "authorized_renewers \"*\"\n"; print CONF "default_renewers \"none\"\n"; print CONF "authorized_key_retrievers \"*\"\n"; print CONF "default_key_retrievers \"none\"\n"; print CONF "trusted_retrievers \"*\"\n"; print CONF "default_trusted_retrievers \"none\"\n"; print CONF "cert_dir /etc/grid-security/certificates\n"; close(CONF); print "Wrote a default myproxy-server configuration to $CONFIG.\n"; } } sub setupboot { if (-e "/etc/init.d/myproxy") { print "Existing /etc/init.d/myproxy not modified.\n"; } elsif (-e "/etc/rc.d/init.d/myproxy") { print "Existing /etc/rc.d/init.d/myproxy not modified.\n" } elsif (-d "/etc/init.d") { $initdir = "/etc/init.d"; } elsif (-d "/etc/rc.d/init.d") { $initdir = "/etc/rc.d/init.d"; } else { print "No init.d directory found. Manual installation of myproxy init script required.\n"; } if (defined $initdir) { $IN = "$ENV{'GLOBUS_LOCATION'}/share/myproxy/etc.init.d.myproxy"; open(IN) || die "failed to open $IN, stopped"; open(OUT, ">$initdir/myproxy") || die "failed to open $initdir/myproxy, stopped"; while () { if (/GLOBUS_LOCATION=/) { print OUT "GLOBUS_LOCATION=\"$ENV{'GLOBUS_LOCATION'}\"\n"; } else { print OUT; } } close(IN); close(OUT); chmod(0755, "$initdir/myproxy"); print "Installed $initdir/myproxy.\n"; if (-x "/sbin/chkconfig") { $chkconfig = "/sbin/chkconfig"; } elsif (-x "/usr/sbin/chkconfig") { $chkconfig = "/usr/sbin/chkconfig"; } else { chomp($chkconfig = `which chkconfig 2>/dev/null`); } if (-x "/sbin/update-rc.d") { $updatercd = "/sbin/update-rc.d"; } elsif (-x "/usr/sbin/update-rc.d") { $updatercd = "/usr/sbin/update-rc.d"; } else { chomp($updatercd = `which update-rc.d 2>/dev/null`); } if (-x $chkconfig) { system("$chkconfig --add myproxy"); } elsif (-x $updatercd) { system("update-rc.d myproxy defaults"); } else { print "Manual configuration of rc.d links may be required.\n"; } } } sub startserver { if (defined $initdir && -x "$initdir/myproxy") { system("$initdir/myproxy start") && die "failed to start myproxy-server, stopped"; } else { print "Starting myproxy-server.\n"; system("myproxy-server") && die "failed to start myproxy-server, stopped"; } } sub testserver { print "Running myproxy-server tests...\n"; delete $ENV{'$COG_INSTALL_PATH'}; $ENV{'X509_USER_PROXY'} = "$tmpdir/p"; $cmd = "$gpi -cert $hostcert -key $hostkey -out $ENV{'X509_USER_PROXY'}"; system("$cmd >/dev/null 2>&1"); ($exitstatus, $output) = &runcmd("myproxy-test", undef); system("$gpd $ENV{'X509_USER_PROXY'} >/dev/null 2>&1"); if ($exitstatus) { print STDERR "myproxy-test failed:\n$output\n"; exit 1; } else { print "Success!\n"; } } sub runcmd { local($command, $input) = @_; $pid = open3(*Writer, *Reader, '', "exec $command") || die "failed to run $command"; print Writer $input if (defined($input)); close(Writer); @output = ; close(Reader); waitpid($pid, 0); $exitstatus = $?; $output = join('', @output); return ($exitstatus, $output); } myproxy-6.2.16/myproxy_log.c0000644000175100017510000001006614557142036013026 00000000000000/* * myproxy_log.c * * See myproxy_log.h for documentation. */ #include "myproxy_common.h" /* all needed headers included here */ /********************************************************************** * * Internal Variables * */ struct myproxy_log_context { int syslog_facility; char *syslog_name; int debug_level; FILE *log_stream; }; static struct myproxy_log_context my_context = { 0, NULL, 0, NULL }; /********************************************************************** * * Internal Functions * */ /* * do_log() * * Do the actual logging of the given string. */ static void do_log(const char *string, int level) { /* * We always want to use '"%s", string' when logging in case * string itself contains a '%s'. */ if (my_context.syslog_facility != 0) { syslog(my_context.syslog_facility|level, "%s", string); } if (my_context.log_stream != NULL) { fprintf(my_context.log_stream, "%s\n", string); } return; } /* syslog() messages should be on a single line */ static void strip_newlines(char *string) { int i, len; for (i=0, len = strlen(string); i < len; i++) { if (string[i] == '\n') { string[i] = ' '; } } } /********************************************************************** * * API Functions * */ void myproxy_log_use_syslog(const int facility, const char *name) { my_context.syslog_facility = facility; if (my_context.syslog_name != NULL) { free(my_context.syslog_name); /* Mem allocated by strdup */ } my_context.syslog_name = (name == NULL) ? NULL : strdup(name); openlog(my_context.syslog_name,LOG_PID,my_context.syslog_facility); } void myproxy_log_use_stream(FILE *stream) { my_context.log_stream = stream; } void myproxy_log(const char *format, ...) { char *string = NULL; va_list ap; va_start(ap, format); string = my_vsnprintf(format, ap); va_end(ap); if (string == NULL) { /* Punt */ goto error; } strip_newlines(string); do_log(string, LOG_NOTICE); error: if (string != NULL) { free(string); } return; } void myproxy_log_verror() { char *string; string = verror_get_string(); if (string != NULL) { strip_newlines(string); do_log(string, LOG_ERR); } if (verror_get_errno() != 0) { do_log(verror_strerror(), LOG_ERR); } return; } void myproxy_log_perror(const char *format, ...) { char *string = NULL; va_list ap; va_start(ap, format); string = my_vsnprintf(format, ap); va_end(ap); if (string == NULL) { /* Punt */ goto error; } strip_newlines(string); do_log(string, LOG_ERR); do_log(strerror(errno), LOG_ERR); error: if (string != NULL) { free(string); } return; } void myproxy_log_close() { my_context.syslog_facility = 0; if (my_context.syslog_name != NULL) { free(my_context.syslog_name); my_context.syslog_name = NULL; } my_context.debug_level = 0; my_context.log_stream = NULL; } int myproxy_debug_set_level(int level) { int old_level = my_context.debug_level; int gsi_level = 0; char txt_level[12]; my_context.debug_level = level; if (getenv("GLOBUS_GSI_CRED_DEBUG_LEVEL") != NULL) gsi_level = atoi(getenv("GLOBUS_GSI_CRED_DEBUG_LEVEL")); if (gsi_level < level) { gsi_level = level; snprintf(txt_level, 12, "%d", gsi_level); setenv("GLOBUS_GSI_CRED_DEBUG_LEVEL", txt_level, 1); } return old_level; } void myproxy_debug(const char *format, ...) { char *string = NULL; va_list ap; if (my_context.debug_level == 0) { return; } va_start(ap, format); string = my_vsnprintf(format, ap); va_end(ap); if (string == NULL) { /* Punt */ goto error; } strip_newlines(string); do_log(string, LOG_NOTICE); error: if (string != NULL) { free(string); } return; } myproxy-6.2.16/etc.inetd.conf.modifications0000644000175100017510000000021514557142036015640 00000000000000myproxy-server stream tcp nowait root /usr/bin/env env GLOBUS_LOCATION=/usr/grid LD_LIBRARY_PATH=/usr/grid/lib /usr/grid/sbin/myproxy-server myproxy-6.2.16/myproxy_delegation.h0000644000175100017510000000121414557142036014360 00000000000000/* * myproxy_delegation.h * * functions for get-delegation - delegation from Myproxy server to the client */ #ifndef __MYPROXY_DELEGATION_H #define __MYPROXY_DELEGATION_H #include "myproxy.h" int myproxy_get_delegation( myproxy_socket_attrs_t *socket_attrs, myproxy_request_t *client_request, char *certfile, /* for backward compatibility. use client_request->authzcreds instead. */ myproxy_response_t *server_response, char *outfile); int myproxy_set_delegation_defaults( myproxy_socket_attrs_t *socket_attrs, myproxy_request_t *client_request); #endif myproxy-6.2.16/accept_credmap.c0000644000175100017510000001056114557142036013370 00000000000000#include "myproxy_common.h" static int consult_mapfile ( char * mapfile, char * userdn, char * username ) { int retval = 0; /* Assume success */ char * oldenv = NULL; myproxy_debug("consult_mapfile(%s,%s,%s)",mapfile,userdn,username); /* Save the current GRIDMAP environment variable so we can set it * to accepted_credentials_mapfile for a globus_gss_assist call */ oldenv = (char*)getenv("GRIDMAP"); setenv("GRIDMAP", mapfile, 1); /* Note: globus_gss_assist_userok returns 0 upon success */ if (globus_gss_assist_userok(userdn, username) != 0) { retval = 1; verror_put_string("PUT/STORE: No mapping found for " "'%s' and '%s' in '%s'", userdn,username,mapfile); } /* Now, restore the previous GRIDMAP environment variable */ setenv("GRIDMAP", oldenv, 1); return retval; } static int consult_mapapp ( char * mapapp, char * userdn, char * username) { int retval = 0; /* Assume success */ pid_t childpid; int fds[3]; int exit_status; myproxy_debug("consult_mapapp(%s,%s,%s)",mapapp,userdn,username); if ((childpid = myproxy_popen(fds,mapapp,userdn,username,NULL)) < 0) { return -1; /* myproxy_popen will set verror */ } close(fds[0]); /* Wait for child (mapapp) to exit */ if (waitpid(childpid,&exit_status,0) == -1) { verror_put_string("wait() failed for consult_mapapp child"); verror_put_errno(errno); return -1; } if (exit_status != 0) { /* mapapp returned fail; no valid mapping */ FILE *fp = NULL; char buf[100]; retval = 1; /* return failure */ verror_put_string("consult_mapapp call-out returned failure"); /* Check stdout for any error output */ fp = fdopen(fds[1],"r"); if (fp) { while (fgets(buf,100,fp) != NULL) { verror_put_string("%s", buf); } fclose(fp); } else { close(fds[1]); } /* Check stderr for any error output */ fp = fdopen(fds[2],"r"); if (fp) { while (fgets(buf,100,fp) != NULL) { verror_put_string("%s", buf); } fclose(fp); } else { close(fds[2]); } } else { /* mapapp returned success; close remaining file handles */ close(fds[1]); close(fds[2]); } return retval; } int accept_credmap( char * userdn, char * username, myproxy_server_context_t * server_context ) { int retval = 0; /* Assume success */ /* Check to see if the accepted_credentials_mapapp value has been * specified in the config file. Also do a sanity check and verify * that the mapapp is still executable. */ if (server_context->accepted_credentials_mapapp != NULL) { if (access(server_context->accepted_credentials_mapapp, X_OK) < 0) { verror_put_string("accepted_credentials_mapapp %s not executable", server_context->accepted_credentials_mapapp); verror_put_errno(errno); retval = -1; } if (consult_mapapp(server_context->accepted_credentials_mapapp, userdn,username)) { verror_put_string("Accepted credentials failure for DN/Username " "via call-out"); retval = 1; } /* If the mapapp was not specified (or not executable), check to see if * the accepted_credentials_mapfile value has been specified in the * config file. Also do a sanity check and verify that the mapfile is * still readable. */ } else if (server_context->accepted_credentials_mapfile != NULL) { if (access(server_context->accepted_credentials_mapfile, R_OK) < 0) { verror_put_string("accepted_credentials_mapfile %s not readable", server_context->accepted_credentials_mapfile); verror_put_errno(errno); retval = -1; } if (consult_mapfile(server_context->accepted_credentials_mapfile, userdn,username)) { verror_put_string("Accepted credentials failure for DN/Username " "via grid-mapfile"); retval = 1; } } return retval; } myproxy-6.2.16/myproxy_sasl_server.h0000644000175100017510000000102314557142036014573 00000000000000/* * myproxy_sasl_server.h * * Internal MyProxy SASL server interface. * */ #ifndef __MYPROXY_SASL_SERVER_H #define __MYPROXY_SASL_SERVER_H #if defined(HAVE_LIBSASL2) int auth_sasl_negotiate_server(myproxy_socket_attrs_t *attrs, myproxy_request_t *client_request); extern int myproxy_sasl_authenticated; /* set to 1 after success */ extern char *myproxy_sasl_mech; /* force a SASL mechanism */ /* for sasl_server_new(3) */ extern char *myproxy_sasl_serverFQDN; extern char *myproxy_sasl_user_realm; #endif #endif myproxy-6.2.16/gssapi.c0000644000175100017510000014423714557142036011734 00000000000000#ifdef BUILD_GSSAPI_PLUGIN /* GSSAPI SASL plugin * Leif Johansson * Rob Siemborski (SASL v2 Conversion) * $Id: gssapi.c,v 1.9 2007/09/27 15:40:54 basney Exp $ */ /* * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The name "Carnegie Mellon University" must not be used to * endorse or promote products derived from this software without * prior written permission. For permission or any other legal * details, please contact * Office of Technology Transfer * Carnegie Mellon University * 5000 Forbes Avenue * Pittsburgh, PA 15213-3890 * (412) 268-4387, fax: (412) 268-7395 * tech-transfer@andrew.cmu.edu * * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Computing Services * at Carnegie Mellon University (http://www.cmu.edu/computing/)." * * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #ifdef HAVE_GSSAPI_H #include #else #include #endif #ifdef WIN32 # include # ifndef R_OK # define R_OK 04 # endif /* we also need io.h for access() prototype */ # include #else # include # include # include # include # include #endif /* WIN32 */ #include #include #include #include #include #include #include "plugin_common.h" #ifdef HAVE_UNISTD_H #include #endif #include /***************************** Common Section *****************************/ static const char * GSSAPI_BLANK_STRING = ""; #ifndef HAVE_GSS_C_NT_HOSTBASED_SERVICE extern gss_OID gss_nt_service_name; #define GSS_C_NT_HOSTBASED_SERVICE gss_nt_service_name #endif #ifdef WANT_KERBEROS5_3DES /* Check if CyberSafe flag is defined */ #ifdef CSF_GSS_C_DES3_FLAG #define K5_MAX_SSF 112 #endif /* Heimdal and MIT use the following */ #ifdef GSS_KRB5_CONF_C_QOP_DES3_KD #define K5_MAX_SSF 112 #endif #endif #ifndef K5_MAX_SSF /* All Kerberos implementations support DES */ #define K5_MAX_SSF 56 #endif /* GSSAPI SASL Mechanism by Leif Johansson * inspired by the kerberos mechanism and the gssapi_server and * gssapi_client from the heimdal distribution by Assar Westerlund * and Johan Danielsson . * See the configure.in file for details on dependencies. * * Important contributions from Sam Hartman . * * This code was tested with the following distributions of Kerberos: * Heimdal (http://www.pdc.kth.se/heimdal), MIT (http://web.mit.edu/kerberos/www/) * CyberSafe (http://www.cybersafe.com/) and SEAM. */ typedef struct context { int state; gss_ctx_id_t gss_ctx; gss_name_t client_name; gss_name_t server_name; gss_cred_id_t server_creds; sasl_ssf_t limitssf, requiressf; /* application defined bounds, for the server */ const sasl_utils_t *utils; /* layers buffering */ decode_context_t decode_context; char *encode_buf; /* For encoding/decoding mem management */ char *decode_buf; char *decode_once_buf; unsigned encode_buf_len; unsigned decode_buf_len; unsigned decode_once_buf_len; buffer_info_t *enc_in_buf; char *out_buf; /* per-step mem management */ unsigned out_buf_len; char *authid; /* hold the authid between steps - server */ const char *user; /* hold the userid between steps - client */ } context_t; enum { SASL_GSSAPI_STATE_AUTHNEG = 1, SASL_GSSAPI_STATE_SSFCAP = 2, SASL_GSSAPI_STATE_SSFREQ = 3, SASL_GSSAPI_STATE_AUTHENTICATED = 4 }; /* sasl_gss_log: only logs status string returned from gss_display_status() */ #define sasl_gss_log(x,y,z) sasl_gss_seterror_(x,y,z,1) #define sasl_gss_seterror(x,y,z) sasl_gss_seterror_(x,y,z,0) /* Force use of Kerberos v5 GSSAPI library functions even when linked with GSI GSSAPI libraries. */ #ifndef KRB5_LIB_NAME #define KRB5_LIB_NAME "libgssapi_krb5.so" #endif /* KRB5_LIB_NAME */ static void *h_krb5lib; static OM_uint32 (*p_krb5_gss_accept_sec_context) (OM_uint32 *, gss_ctx_id_t *, gss_cred_id_t, gss_buffer_t, gss_channel_bindings_t, gss_name_t *, gss_OID *, gss_buffer_t, OM_uint32 *, OM_uint32 *, gss_cred_id_t *); static OM_uint32 (*p_krb5_gss_acquire_cred) (OM_uint32 *, gss_name_t, OM_uint32, gss_OID_set, gss_cred_usage_t, gss_cred_id_t *, gss_OID_set *, OM_uint32 *); static OM_uint32 (*p_krb5_gss_compare_name) (OM_uint32 *, gss_name_t, gss_name_t, int *); static OM_uint32 (*p_krb5_gss_delete_sec_context) (OM_uint32 *, gss_ctx_id_t *, gss_buffer_t); static OM_uint32 (*p_krb5_gss_display_name) (OM_uint32 *, gss_name_t, gss_buffer_t, gss_OID *); static OM_uint32 (*p_krb5_gss_display_status) (OM_uint32 *, OM_uint32, int, gss_OID, OM_uint32 *, gss_buffer_t); static OM_uint32 (*p_krb5_gss_import_name) (OM_uint32 *, gss_buffer_t, gss_OID, gss_name_t *); static OM_uint32 (*p_krb5_gss_init_sec_context) (OM_uint32 *, const gss_cred_id_t, gss_ctx_id_t *, const gss_name_t, const gss_OID, OM_uint32, OM_uint32, const gss_channel_bindings_t, const gss_buffer_t, gss_OID *, gss_buffer_t, OM_uint32 *, OM_uint32 *); static OM_uint32 (*p_krb5_gss_inquire_context) (OM_uint32 *, gss_ctx_id_t, gss_name_t *, gss_name_t *, OM_uint32 *, gss_OID *, OM_uint32 *, int *, int *); static OM_uint32 (*p_krb5_gss_release_buffer)(OM_uint32 *, gss_buffer_t); static OM_uint32 (*p_krb5_gss_release_cred) (OM_uint32 *, gss_cred_id_t *); static OM_uint32 (*p_krb5_gss_release_name)(OM_uint32 *, gss_name_t *); static OM_uint32 (*p_krb5_gss_unwrap) (OM_uint32 *, gss_ctx_id_t, gss_buffer_t, gss_buffer_t, int *, gss_qop_t *); static OM_uint32 (*p_krb5_gss_wrap) (OM_uint32 *, gss_ctx_id_t, int, gss_qop_t, gss_buffer_t, int *, gss_buffer_t); static OM_uint32 (*p_krb5_gss_wrap_size_limit) (OM_uint32 *, gss_ctx_id_t, int, gss_qop_t, OM_uint32, OM_uint32 *); static OM_uint32 (*p_krb5_gss_add_cred) (OM_uint32 *, gss_cred_id_t, gss_name_t, gss_OID, gss_cred_usage_t, OM_uint32, OM_uint32, gss_cred_id_t *, gss_OID_set *, OM_uint32 *, OM_uint32 *); static OM_uint32 (*p_krb5_gss_seal) (OM_uint32 *, gss_ctx_id_t, int, int, gss_buffer_t, int *, gss_buffer_t); static OM_uint32 (*p_krb5_gss_unseal) (OM_uint32 *, gss_ctx_id_t, gss_buffer_t, gss_buffer_t, int *, int *); static int sasl_gss_lib_init(const sasl_utils_t *utils) { char *errmsg=NULL, *dlerr=NULL; if (h_krb5lib) return SASL_OK; if ((h_krb5lib = dlopen(KRB5_LIB_NAME, RTLD_LAZY)) == NULL) { errmsg = "Failed to open GSSAPI library"; goto error; } #define SASL_GSS_DLSYM(x) \ p_krb5_ ## x = dlsym(h_krb5lib, #x); \ if (p_krb5_ ## x == NULL) { \ errmsg = "Failed to dlsym(" #x ")"; \ goto error; \ } SASL_GSS_DLSYM(gss_accept_sec_context); SASL_GSS_DLSYM(gss_acquire_cred); SASL_GSS_DLSYM(gss_compare_name); SASL_GSS_DLSYM(gss_delete_sec_context); SASL_GSS_DLSYM(gss_display_name); SASL_GSS_DLSYM(gss_display_status); SASL_GSS_DLSYM(gss_import_name); SASL_GSS_DLSYM(gss_init_sec_context); SASL_GSS_DLSYM(gss_inquire_context); SASL_GSS_DLSYM(gss_release_buffer); SASL_GSS_DLSYM(gss_release_cred); SASL_GSS_DLSYM(gss_release_name); SASL_GSS_DLSYM(gss_unwrap); SASL_GSS_DLSYM(gss_wrap); SASL_GSS_DLSYM(gss_wrap_size_limit); SASL_GSS_DLSYM(gss_add_cred); SASL_GSS_DLSYM(gss_seal); SASL_GSS_DLSYM(gss_unseal); return SASL_OK; error: dlerr = dlerror(); if (dlerr) { char *saslerr; saslerr = malloc(strlen(errmsg)+strlen(dlerr)+3); sprintf(saslerr, "%s: %s", errmsg, dlerr); SETERROR(utils, saslerr); free(saslerr); } else { SETERROR(utils, errmsg); } if (h_krb5lib) { dlclose(h_krb5lib); h_krb5lib = NULL; } return SASL_FAIL; } static void sasl_gss_seterror_(const sasl_utils_t *utils, OM_uint32 maj, OM_uint32 min, int logonly) { OM_uint32 maj_stat, min_stat; gss_buffer_desc msg; OM_uint32 msg_ctx; int ret; char *out = NULL; size_t len; unsigned int curlen = 0; const char prefix[] = "GSSAPI Error: "; if(!utils) return; if (sasl_gss_lib_init(utils) != SASL_OK) return; len = sizeof(prefix); ret = _plug_buf_alloc(utils, &out, &curlen, 256); if(ret != SASL_OK) return; strcpy(out, prefix); msg_ctx = 0; while (1) { maj_stat = (*p_krb5_gss_display_status)(&min_stat, maj, GSS_C_GSS_CODE, GSS_C_NULL_OID, &msg_ctx, &msg); if(GSS_ERROR(maj_stat)) { if (logonly) { utils->log(utils->conn, SASL_LOG_FAIL, "GSSAPI Failure: (could not get major error message)"); } else { utils->seterror(utils->conn, 0, "GSSAPI Failure " "(could not get major error message)"); } utils->free(out); return; } len += len + msg.length; ret = _plug_buf_alloc(utils, &out, &curlen, len); if(ret != SASL_OK) { utils->free(out); return; } strcat(out, msg.value); (*p_krb5_gss_release_buffer)(&min_stat, &msg); if (!msg_ctx) break; } /* Now get the minor status */ len += 2; ret = _plug_buf_alloc(utils, &out, &curlen, len); if(ret != SASL_OK) { utils->free(out); return; } strcat(out, " ("); msg_ctx = 0; while (1) { maj_stat = (*p_krb5_gss_display_status)(&min_stat, min, GSS_C_MECH_CODE, GSS_C_NULL_OID, &msg_ctx, &msg); if(GSS_ERROR(maj_stat)) { if (logonly) { utils->log(utils->conn, SASL_LOG_FAIL, "GSSAPI Failure: (could not get minor error message)"); } else { utils->seterror(utils->conn, 0, "GSSAPI Failure " "(could not get minor error message)"); } utils->free(out); return; } len += len + msg.length; ret = _plug_buf_alloc(utils, &out, &curlen, len); if(ret != SASL_OK) { utils->free(out); return; } strcat(out, msg.value); (*p_krb5_gss_release_buffer)(&min_stat, &msg); if (!msg_ctx) break; } len += 1; ret = _plug_buf_alloc(utils, &out, &curlen, len); if(ret != SASL_OK) { utils->free(out); return; } strcat(out, ")"); if (logonly) { utils->log(utils->conn, SASL_LOG_FAIL, "%s", out); } else { utils->seterror(utils->conn, 0, "%s", out); } utils->free(out); } static int sasl_gss_encode(void *context, const struct iovec *invec, unsigned numiov, const char **output, unsigned *outputlen, int privacy) { context_t *text = (context_t *)context; OM_uint32 maj_stat, min_stat; gss_buffer_t input_token, output_token; gss_buffer_desc real_input_token, real_output_token; int ret; struct buffer_info *inblob, bufinfo; if(!output) return SASL_BADPARAM; if (sasl_gss_lib_init(text->utils) != SASL_OK) return SASL_FAIL; if(numiov > 1) { ret = _plug_iovec_to_buf(text->utils, invec, numiov, &text->enc_in_buf); if(ret != SASL_OK) return ret; inblob = text->enc_in_buf; } else { bufinfo.data = invec[0].iov_base; bufinfo.curlen = invec[0].iov_len; inblob = &bufinfo; } if (text->state != SASL_GSSAPI_STATE_AUTHENTICATED) return SASL_NOTDONE; input_token = &real_input_token; real_input_token.value = inblob->data; real_input_token.length = inblob->curlen; output_token = &real_output_token; output_token->value = NULL; output_token->length = 0; maj_stat = (*p_krb5_gss_wrap) (&min_stat, text->gss_ctx, privacy, GSS_C_QOP_DEFAULT, input_token, NULL, output_token); if (GSS_ERROR(maj_stat)) { sasl_gss_seterror(text->utils, maj_stat, min_stat); if (output_token->value) (*p_krb5_gss_release_buffer)(&min_stat, output_token); return SASL_FAIL; } if (output_token->value && output) { int len; ret = _plug_buf_alloc(text->utils, &(text->encode_buf), &(text->encode_buf_len), output_token->length + 4); if (ret != SASL_OK) { (*p_krb5_gss_release_buffer)(&min_stat, output_token); return ret; } len = htonl(output_token->length); memcpy(text->encode_buf, &len, 4); memcpy(text->encode_buf + 4, output_token->value, output_token->length); } if (outputlen) { *outputlen = output_token->length + 4; } *output = text->encode_buf; if (output_token->value) (*p_krb5_gss_release_buffer)(&min_stat, output_token); return SASL_OK; } static int gssapi_privacy_encode(void *context, const struct iovec *invec, unsigned numiov, const char **output, unsigned *outputlen) { return sasl_gss_encode(context,invec,numiov,output,outputlen,1); } static int gssapi_integrity_encode(void *context, const struct iovec *invec, unsigned numiov, const char **output, unsigned *outputlen) { return sasl_gss_encode(context,invec,numiov,output,outputlen,0); } static int gssapi_decode_packet(void *context, const char *input, unsigned inputlen, char **output, unsigned *outputlen) { context_t *text = (context_t *) context; OM_uint32 maj_stat, min_stat; gss_buffer_t input_token, output_token; gss_buffer_desc real_input_token, real_output_token; int result; if (sasl_gss_lib_init(text->utils) != SASL_OK) return SASL_FAIL; if (text->state != SASL_GSSAPI_STATE_AUTHENTICATED) { SETERROR(text->utils, "GSSAPI Failure"); return SASL_NOTDONE; } input_token = &real_input_token; real_input_token.value = (char *) input; real_input_token.length = inputlen; output_token = &real_output_token; output_token->value = NULL; output_token->length = 0; maj_stat = (*p_krb5_gss_unwrap) (&min_stat, text->gss_ctx, input_token, output_token, NULL, NULL); if (GSS_ERROR(maj_stat)) { sasl_gss_seterror(text->utils,maj_stat,min_stat); if (output_token->value) (*p_krb5_gss_release_buffer)(&min_stat, output_token); return SASL_FAIL; } if (outputlen) *outputlen = output_token->length; if (output_token->value) { if (output) { result = _plug_buf_alloc(text->utils, &text->decode_once_buf, &text->decode_once_buf_len, *outputlen); if(result != SASL_OK) { (*p_krb5_gss_release_buffer)(&min_stat, output_token); return result; } *output = text->decode_once_buf; memcpy(*output, output_token->value, *outputlen); } (*p_krb5_gss_release_buffer)(&min_stat, output_token); } return SASL_OK; } static int gssapi_decode(void *context, const char *input, unsigned inputlen, const char **output, unsigned *outputlen) { context_t *text = (context_t *) context; int ret; ret = _plug_decode(&text->decode_context, input, inputlen, &text->decode_buf, &text->decode_buf_len, outputlen, gssapi_decode_packet, text); *output = text->decode_buf; return ret; } static context_t *gss_new_context(const sasl_utils_t *utils) { context_t *ret; ret = utils->malloc(sizeof(context_t)); if(!ret) return NULL; memset(ret,0,sizeof(context_t)); ret->utils = utils; return ret; } static void sasl_gss_free_context_contents(context_t *text) { OM_uint32 maj_stat, min_stat; if (!text) return; if (sasl_gss_lib_init(text->utils) != SASL_OK) return; if (text->gss_ctx != GSS_C_NO_CONTEXT) { maj_stat = (*p_krb5_gss_delete_sec_context)(&min_stat,&text->gss_ctx,GSS_C_NO_BUFFER); text->gss_ctx = GSS_C_NO_CONTEXT; } if (text->client_name != GSS_C_NO_NAME) { maj_stat = (*p_krb5_gss_release_name)(&min_stat,&text->client_name); text->client_name = GSS_C_NO_NAME; } if (text->server_name != GSS_C_NO_NAME) { maj_stat = (*p_krb5_gss_release_name)(&min_stat,&text->server_name); text->server_name = GSS_C_NO_NAME; } if ( text->server_creds != GSS_C_NO_CREDENTIAL) { maj_stat = (*p_krb5_gss_release_cred)(&min_stat, &text->server_creds); text->server_creds = GSS_C_NO_CREDENTIAL; } if (text->out_buf) { text->utils->free(text->out_buf); text->out_buf = NULL; } if (text->encode_buf) { text->utils->free(text->encode_buf); text->encode_buf = NULL; } if (text->decode_buf) { text->utils->free(text->decode_buf); text->decode_buf = NULL; } if (text->decode_once_buf) { text->utils->free(text->decode_once_buf); text->decode_once_buf = NULL; } if (text->enc_in_buf) { if(text->enc_in_buf->data) text->utils->free(text->enc_in_buf->data); text->utils->free(text->enc_in_buf); text->enc_in_buf = NULL; } _plug_decode_free(&text->decode_context); if (text->authid) { /* works for both client and server */ text->utils->free(text->authid); text->authid = NULL; } } static void gssapi_common_mech_dispose(void *conn_context, const sasl_utils_t *utils) { sasl_gss_free_context_contents((context_t *)(conn_context)); utils->free(conn_context); } /***************************** Server Section *****************************/ static int gssapi_server_mech_new(void *glob_context __attribute__((unused)), sasl_server_params_t *params, const char *challenge __attribute__((unused)), unsigned challen __attribute__((unused)), void **conn_context) { context_t *text; text = gss_new_context(params->utils); if (text == NULL) { MEMERROR(params->utils); return SASL_NOMEM; } text->gss_ctx = GSS_C_NO_CONTEXT; text->client_name = GSS_C_NO_NAME; text->server_name = GSS_C_NO_NAME; text->server_creds = GSS_C_NO_CREDENTIAL; text->state = SASL_GSSAPI_STATE_AUTHNEG; *conn_context = text; return SASL_OK; } static int gssapi_server_mech_step(void *conn_context, sasl_server_params_t *params, const char *clientin, unsigned clientinlen, const char **serverout, unsigned *serveroutlen, sasl_out_params_t *oparams) { context_t *text = (context_t *)conn_context; gss_buffer_t input_token, output_token; gss_buffer_desc real_input_token, real_output_token; OM_uint32 maj_stat = 0, min_stat = 0; OM_uint32 max_input; gss_buffer_desc name_token; int ret; input_token = &real_input_token; output_token = &real_output_token; output_token->value = NULL; output_token->length = 0; input_token->value = NULL; input_token->length = 0; if(!serverout) { PARAMERROR(text->utils); return SASL_BADPARAM; } *serverout = NULL; *serveroutlen = 0; if (sasl_gss_lib_init(text->utils) != SASL_OK) return SASL_FAIL; switch (text->state) { case SASL_GSSAPI_STATE_AUTHNEG: if (text->server_name == GSS_C_NO_NAME) { /* only once */ name_token.length = strlen(params->service) + 1 + strlen(params->serverFQDN); name_token.value = (char *)params->utils->malloc((name_token.length + 1) * sizeof(char)); if (name_token.value == NULL) { MEMERROR(text->utils); sasl_gss_free_context_contents(text); return SASL_NOMEM; } sprintf(name_token.value,"%s@%s", params->service, params->serverFQDN); maj_stat = (*p_krb5_gss_import_name) (&min_stat, &name_token, GSS_C_NT_HOSTBASED_SERVICE, &text->server_name); params->utils->free(name_token.value); name_token.value = NULL; if (GSS_ERROR(maj_stat)) { sasl_gss_seterror(text->utils, maj_stat, min_stat); sasl_gss_free_context_contents(text); return SASL_FAIL; } if ( text->server_creds != GSS_C_NO_CREDENTIAL) { maj_stat = (*p_krb5_gss_release_cred)(&min_stat, &text->server_creds); text->server_creds = GSS_C_NO_CREDENTIAL; } maj_stat = (*p_krb5_gss_acquire_cred)(&min_stat, text->server_name, GSS_C_INDEFINITE, GSS_C_NO_OID_SET, GSS_C_ACCEPT, &text->server_creds, NULL, NULL); if (GSS_ERROR(maj_stat)) { sasl_gss_seterror(text->utils, maj_stat, min_stat); sasl_gss_free_context_contents(text); return SASL_FAIL; } } if (clientinlen) { real_input_token.value = (void *)clientin; real_input_token.length = clientinlen; } maj_stat = (*p_krb5_gss_accept_sec_context)(&min_stat, &(text->gss_ctx), text->server_creds, input_token, GSS_C_NO_CHANNEL_BINDINGS, &text->client_name, NULL, output_token, NULL, NULL, NULL); if (GSS_ERROR(maj_stat)) { sasl_gss_log(text->utils, maj_stat, min_stat); text->utils->seterror(text->utils->conn, SASL_NOLOG, "GSSAPI Failure: gss_accept_sec_context"); if (output_token->value) { (*p_krb5_gss_release_buffer)(&min_stat, output_token); } sasl_gss_free_context_contents(text); return SASL_BADAUTH; } if (serveroutlen) *serveroutlen = output_token->length; if (output_token->value) { if (serverout) { ret = _plug_buf_alloc(text->utils, &(text->out_buf), &(text->out_buf_len), *serveroutlen); if(ret != SASL_OK) { (*p_krb5_gss_release_buffer)(&min_stat, output_token); return ret; } memcpy(text->out_buf, output_token->value, *serveroutlen); *serverout = text->out_buf; } (*p_krb5_gss_release_buffer)(&min_stat, output_token); } else { /* No output token, send an empty string */ *serverout = GSSAPI_BLANK_STRING; serveroutlen = 0; } if (maj_stat == GSS_S_COMPLETE) { /* Switch to ssf negotiation */ text->state = SASL_GSSAPI_STATE_SSFCAP; } return SASL_CONTINUE; case SASL_GSSAPI_STATE_SSFCAP: { unsigned char sasldata[4]; gss_buffer_desc name_token; gss_buffer_desc name_without_realm; gss_name_t without = NULL; int equal; name_token.value = NULL; name_without_realm.value = NULL; /* We ignore whatever the client sent us at this stage */ maj_stat = (*p_krb5_gss_display_name) (&min_stat, text->client_name, &name_token, NULL); if (GSS_ERROR(maj_stat)) { if (name_without_realm.value) params->utils->free(name_without_realm.value); if (name_token.value) (*p_krb5_gss_release_buffer)(&min_stat, &name_token); if (without) (*p_krb5_gss_release_name)(&min_stat, &without); SETERROR(text->utils, "GSSAPI Failure"); sasl_gss_free_context_contents(text); return SASL_BADAUTH; } /* If the id contains a realm get the identifier for the user without the realm and see if it's the same id (i.e. tmartin == tmartin@ANDREW.CMU.EDU. If this is the case we just want to return the id (i.e. just "tmartin" */ if (strchr((char *) name_token.value, (int) '@') != NULL) { /* NOTE: libc malloc, as it is freed below by a gssapi internal * function! */ name_without_realm.value = malloc(strlen(name_token.value)+1); if (name_without_realm.value == NULL) { MEMERROR(text->utils); return SASL_NOMEM; } strcpy(name_without_realm.value, name_token.value); /* cut off string at '@' */ (strchr(name_without_realm.value,'@'))[0] = '\0'; name_without_realm.length = strlen( (char *) name_without_realm.value ); maj_stat = (*p_krb5_gss_import_name) (&min_stat, &name_without_realm, /* Solaris 8/9 gss_import_name doesn't accept GSS_C_NULL_OID here, so use GSS_C_NT_USER_NAME instead if available. */ #ifdef HAVE_GSS_C_NT_USER_NAME GSS_C_NT_USER_NAME, #else GSS_C_NULL_OID, #endif &without); if (GSS_ERROR(maj_stat)) { params->utils->free(name_without_realm.value); if (name_token.value) (*p_krb5_gss_release_buffer)(&min_stat, &name_token); if (without) (*p_krb5_gss_release_name)(&min_stat, &without); SETERROR(text->utils, "GSSAPI Failure"); sasl_gss_free_context_contents(text); return SASL_BADAUTH; } maj_stat = (*p_krb5_gss_compare_name)(&min_stat, text->client_name, without, &equal); if (GSS_ERROR(maj_stat)) { params->utils->free(name_without_realm.value); if (name_token.value) (*p_krb5_gss_release_buffer)(&min_stat, &name_token); if (without) (*p_krb5_gss_release_name)(&min_stat, &without); SETERROR(text->utils, "GSSAPI Failure"); sasl_gss_free_context_contents(text); return SASL_BADAUTH; } (*p_krb5_gss_release_name)(&min_stat,&without); } else { equal = 0; } if (equal) { text->authid = strdup(name_without_realm.value); if (text->authid == NULL) { MEMERROR(params->utils); return SASL_NOMEM; } } else { text->authid = strdup(name_token.value); if (text->authid == NULL) { MEMERROR(params->utils); return SASL_NOMEM; } } if (name_token.value) (*p_krb5_gss_release_buffer)(&min_stat, &name_token); if (name_without_realm.value) params->utils->free(name_without_realm.value); /* we have to decide what sort of encryption/integrity/etc., we support */ if (params->props.max_ssf < params->external_ssf) { text->limitssf = 0; } else { text->limitssf = params->props.max_ssf - params->external_ssf; } if (params->props.min_ssf < params->external_ssf) { text->requiressf = 0; } else { text->requiressf = params->props.min_ssf - params->external_ssf; } /* build up our security properties token */ if (params->props.maxbufsize > 0xFFFFFF) { /* make sure maxbufsize isn't too large */ /* maxbufsize = 0xFFFFFF */ sasldata[1] = sasldata[2] = sasldata[3] = 0xFF; } else { sasldata[1] = (params->props.maxbufsize >> 16) & 0xFF; sasldata[2] = (params->props.maxbufsize >> 8) & 0xFF; sasldata[3] = (params->props.maxbufsize >> 0) & 0xFF; } sasldata[0] = 0; if(text->requiressf != 0 && !params->props.maxbufsize) { params->utils->seterror(params->utils->conn, 0, "GSSAPI needs a security layer but one is forbidden"); return SASL_TOOWEAK; } if (text->requiressf == 0) { sasldata[0] |= 1; /* authentication */ } if (text->requiressf <= 1 && text->limitssf >= 1 && params->props.maxbufsize) { sasldata[0] |= 2; } if (text->requiressf <= K5_MAX_SSF && text->limitssf >= K5_MAX_SSF && params->props.maxbufsize) { sasldata[0] |= 4; } real_input_token.value = (void *)sasldata; real_input_token.length = 4; maj_stat = (*p_krb5_gss_wrap)(&min_stat, text->gss_ctx, 0, /* Just integrity checking here */ GSS_C_QOP_DEFAULT, input_token, NULL, output_token); if (GSS_ERROR(maj_stat)) { sasl_gss_seterror(text->utils, maj_stat, min_stat); if (output_token->value) (*p_krb5_gss_release_buffer)(&min_stat, output_token); sasl_gss_free_context_contents(text); return SASL_FAIL; } if (serveroutlen) *serveroutlen = output_token->length; if (output_token->value) { if (serverout) { ret = _plug_buf_alloc(text->utils, &(text->out_buf), &(text->out_buf_len), *serveroutlen); if(ret != SASL_OK) { (*p_krb5_gss_release_buffer)(&min_stat, output_token); return ret; } memcpy(text->out_buf, output_token->value, *serveroutlen); *serverout = text->out_buf; } (*p_krb5_gss_release_buffer)(&min_stat, output_token); } /* Wait for ssf request and authid */ text->state = SASL_GSSAPI_STATE_SSFREQ; return SASL_CONTINUE; } case SASL_GSSAPI_STATE_SSFREQ: { int layerchoice; real_input_token.value = (void *)clientin; real_input_token.length = clientinlen; maj_stat = (*p_krb5_gss_unwrap)(&min_stat, text->gss_ctx, input_token, output_token, NULL, NULL); if (GSS_ERROR(maj_stat)) { sasl_gss_seterror(text->utils, maj_stat, min_stat); sasl_gss_free_context_contents(text); return SASL_FAIL; } layerchoice = (int)(((char *)(output_token->value))[0]); if (layerchoice == 1 && text->requiressf == 0) { /* no encryption */ oparams->encode = NULL; oparams->decode = NULL; oparams->mech_ssf = 0; } else if (layerchoice == 2 && text->requiressf <= 1 && text->limitssf >= 1) { /* integrity */ oparams->encode=&gssapi_integrity_encode; oparams->decode=&gssapi_decode; oparams->mech_ssf=1; } else if (layerchoice == 4 && text->requiressf <= K5_MAX_SSF && text->limitssf >= K5_MAX_SSF) { /* privacy */ oparams->encode = &gssapi_privacy_encode; oparams->decode = &gssapi_decode; /* FIX ME: Need to extract the proper value here */ oparams->mech_ssf = K5_MAX_SSF; } else { /* not a supported encryption layer */ SETERROR(text->utils, "protocol violation: client requested invalid layer"); /* Mark that we attempted negotiation */ oparams->mech_ssf = 2; if (output_token->value) (*p_krb5_gss_release_buffer)(&min_stat, output_token); sasl_gss_free_context_contents(text); return SASL_FAIL; } if (output_token->length > 4) { int ret; ret = params->canon_user(params->utils->conn, ((char *) output_token->value) + 4, (output_token->length - 4) * sizeof(char), SASL_CU_AUTHZID, oparams); if (ret != SASL_OK) { sasl_gss_free_context_contents(text); return ret; } ret = params->canon_user(params->utils->conn, text->authid, 0, /* strlen(text->authid) */ SASL_CU_AUTHID, oparams); if (ret != SASL_OK) { sasl_gss_free_context_contents(text); return ret; } } else if(output_token->length == 4) { /* null authzid */ int ret; ret = params->canon_user(params->utils->conn, text->authid, 0, /* strlen(text->authid) */ SASL_CU_AUTHZID | SASL_CU_AUTHID, oparams); if (ret != SASL_OK) { sasl_gss_free_context_contents(text); return ret; } } else { SETERROR(text->utils, "token too short"); (*p_krb5_gss_release_buffer)(&min_stat, output_token); sasl_gss_free_context_contents(text); return SASL_FAIL; } /* No matter what, set the rest of the oparams */ oparams->maxoutbuf = (((unsigned char *) output_token->value)[1] << 16) | (((unsigned char *) output_token->value)[2] << 8) | (((unsigned char *) output_token->value)[3] << 0); if (oparams->mech_ssf) { maj_stat = (*p_krb5_gss_wrap_size_limit)(&min_stat, text->gss_ctx, 1, GSS_C_QOP_DEFAULT, (OM_uint32) oparams->maxoutbuf, &max_input); if(max_input > oparams->maxoutbuf) { /* Heimdal appears to get this wrong */ oparams->maxoutbuf -= (max_input - oparams->maxoutbuf); } else { /* This code is actually correct */ oparams->maxoutbuf = max_input; } } (*p_krb5_gss_release_buffer)(&min_stat, output_token); text->state = SASL_GSSAPI_STATE_AUTHENTICATED; /* used by layers */ _plug_decode_init(&text->decode_context, text->utils, (params->props.maxbufsize > 0xFFFFFF) ? 0xFFFFFF : params->props.maxbufsize); oparams->doneflag = 1; return SASL_OK; } default: params->utils->log(NULL, SASL_LOG_ERR, "Invalid GSSAPI server step %d\n", text->state); return SASL_FAIL; } return SASL_FAIL; /* should never get here */ } static sasl_server_plug_t gssapi_server_plugins[] = { { "GSSAPI", /* mech_name */ K5_MAX_SSF, /* max_ssf */ SASL_SEC_NOPLAINTEXT | SASL_SEC_NOACTIVE | SASL_SEC_NOANONYMOUS | SASL_SEC_MUTUAL_AUTH, /* security_flags */ SASL_FEAT_WANT_CLIENT_FIRST | SASL_FEAT_ALLOWS_PROXY, /* features */ NULL, /* glob_context */ &gssapi_server_mech_new, /* mech_new */ &gssapi_server_mech_step, /* mech_step */ &gssapi_common_mech_dispose, /* mech_dispose */ NULL, /* mech_free */ NULL, /* setpass */ NULL, /* user_query */ NULL, /* idle */ NULL, /* mech_avail */ NULL /* spare */ } }; int gssapiv2_server_plug_init( #ifndef HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY const sasl_utils_t *utils __attribute__((unused)), #else const sasl_utils_t *utils, #endif int maxversion, int *out_version, sasl_server_plug_t **pluglist, int *plugcount) { #ifdef HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY const char *keytab = NULL; char keytab_path[1024]; unsigned int rl; #endif if (maxversion < SASL_SERVER_PLUG_VERSION) { return SASL_BADVERS; } #ifdef HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY /* unfortunately, we don't check for readability of keytab if it's the standard one, since we don't know where it is */ /* FIXME: This code is broken */ utils->getopt(utils->getopt_context, "GSSAPI", "keytab", &keytab, &rl); if (keytab != NULL) { if (access(keytab, R_OK) != 0) { utils->log(NULL, SASL_LOG_ERR, "Could not find keytab file: %s: %m", keytab, errno); return SASL_FAIL; } if(strlen(keytab) > 1024) { utils->log(NULL, SASL_LOG_ERR, "path to keytab is > 1024 characters"); return SASL_BUFOVER; } strncpy(keytab_path, keytab, 1024); gsskrb5_register_acceptor_identity(keytab_path); } #endif *out_version = SASL_SERVER_PLUG_VERSION; *pluglist = gssapi_server_plugins; *plugcount = 1; return SASL_OK; } /***************************** Client Section *****************************/ static int gssapi_client_mech_new(void *glob_context __attribute__((unused)), sasl_client_params_t *params, void **conn_context) { context_t *text; /* holds state are in */ text = gss_new_context(params->utils); if (text == NULL) { MEMERROR(params->utils); return SASL_NOMEM; } text->state = SASL_GSSAPI_STATE_AUTHNEG; text->gss_ctx = GSS_C_NO_CONTEXT; text->client_name = GSS_C_NO_NAME; text->server_creds = GSS_C_NO_CREDENTIAL; *conn_context = text; return SASL_OK; } static int gssapi_client_mech_step(void *conn_context, sasl_client_params_t *params, const char *serverin, unsigned serverinlen, sasl_interact_t **prompt_need, const char **clientout, unsigned *clientoutlen, sasl_out_params_t *oparams) { context_t *text = (context_t *)conn_context; gss_buffer_t input_token, output_token; gss_buffer_desc real_input_token, real_output_token; OM_uint32 maj_stat = 0, min_stat = 0; OM_uint32 max_input; gss_buffer_desc name_token; int ret; OM_uint32 req_flags = 0, out_req_flags = 0; input_token = &real_input_token; output_token = &real_output_token; output_token->value = NULL; input_token->value = NULL; input_token->length = 0; *clientout = NULL; *clientoutlen = 0; if (sasl_gss_lib_init(text->utils) != SASL_OK) return SASL_FAIL; switch (text->state) { case SASL_GSSAPI_STATE_AUTHNEG: /* try to get the userid */ if (text->user == NULL) { int user_result = SASL_OK; user_result = _plug_get_userid(params->utils, &text->user, prompt_need); if ((user_result != SASL_OK) && (user_result != SASL_INTERACT)) { sasl_gss_free_context_contents(text); return user_result; } /* free prompts we got */ if (prompt_need && *prompt_need) { params->utils->free(*prompt_need); *prompt_need = NULL; } /* if there are prompts not filled in */ if (user_result == SASL_INTERACT) { /* make the prompt list */ int result = _plug_make_prompts(params->utils, prompt_need, user_result == SASL_INTERACT ? "Please enter your authorization name" : NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL); if (result != SASL_OK) return result; return SASL_INTERACT; } } if (text->server_name == GSS_C_NO_NAME) { /* only once */ name_token.length = strlen(params->service) + 1 + strlen(params->serverFQDN); name_token.value = (char *)params->utils->malloc((name_token.length + 1) * sizeof(char)); if (name_token.value == NULL) { sasl_gss_free_context_contents(text); return SASL_NOMEM; } if (params->serverFQDN == NULL || strlen(params->serverFQDN) == 0) { SETERROR(text->utils, "GSSAPI Failure: no serverFQDN"); return SASL_FAIL; } sprintf(name_token.value,"%s@%s", params->service, params->serverFQDN); maj_stat = (*p_krb5_gss_import_name) (&min_stat, &name_token, GSS_C_NT_HOSTBASED_SERVICE, &text->server_name); params->utils->free(name_token.value); name_token.value = NULL; if (GSS_ERROR(maj_stat)) { sasl_gss_seterror(text->utils, maj_stat, min_stat); sasl_gss_free_context_contents(text); return SASL_FAIL; } } if (serverinlen == 0) input_token = GSS_C_NO_BUFFER; if (serverinlen) { real_input_token.value = (void *)serverin; real_input_token.length = serverinlen; } else if (text->gss_ctx != GSS_C_NO_CONTEXT ) { /* This can't happen under GSSAPI: we have a non-null context * and no input from the server. However, thanks to Imap, * which discards our first output, this happens all the time. * Throw away the context and try again. */ maj_stat = (*p_krb5_gss_delete_sec_context) (&min_stat,&text->gss_ctx,GSS_C_NO_BUFFER); text->gss_ctx = GSS_C_NO_CONTEXT; } /* Setup req_flags properly */ req_flags = GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG; if(params->props.max_ssf > params->external_ssf) { /* We are requesting a security layer */ req_flags |= GSS_C_INTEG_FLAG; /* Any SSF bigger than 1 is confidentiality. */ /* Let's check if the client of the API requires confidentiality, and it wasn't already provided by an external layer */ if(params->props.max_ssf - params->external_ssf > 1) { /* We want to try for privacy */ req_flags |= GSS_C_CONF_FLAG; } } maj_stat = (*p_krb5_gss_init_sec_context)(&min_stat, GSS_C_NO_CREDENTIAL, &text->gss_ctx, text->server_name, GSS_C_NO_OID, req_flags, 0, GSS_C_NO_CHANNEL_BINDINGS, input_token, NULL, output_token, &out_req_flags, NULL); if (GSS_ERROR(maj_stat)) { sasl_gss_seterror(text->utils, maj_stat, min_stat); if (output_token->value) (*p_krb5_gss_release_buffer)(&min_stat, output_token); sasl_gss_free_context_contents(text); return SASL_FAIL; } *clientoutlen = output_token->length; if (output_token->value) { if (clientout) { ret = _plug_buf_alloc(text->utils, &(text->out_buf), &(text->out_buf_len), *clientoutlen); if(ret != SASL_OK) { (*p_krb5_gss_release_buffer)(&min_stat, output_token); return ret; } memcpy(text->out_buf, output_token->value, *clientoutlen); *clientout = text->out_buf; } (*p_krb5_gss_release_buffer)(&min_stat, output_token); } if (maj_stat == GSS_S_COMPLETE) { maj_stat = (*p_krb5_gss_inquire_context)(&min_stat, text->gss_ctx, &text->client_name, NULL, /* targ_name */ NULL, /* lifetime */ NULL, /* mech */ /* FIX ME: Should check the resulting flags here */ NULL, /* flags */ NULL, /* local init */ NULL); /* open */ if (GSS_ERROR(maj_stat)) { sasl_gss_seterror(text->utils, maj_stat, min_stat); sasl_gss_free_context_contents(text); return SASL_FAIL; } name_token.length = 0; maj_stat = (*p_krb5_gss_display_name)(&min_stat, text->client_name, &name_token, NULL); if (GSS_ERROR(maj_stat)) { if (name_token.value) (*p_krb5_gss_release_buffer)(&min_stat, &name_token); SETERROR(text->utils, "GSSAPI Failure"); sasl_gss_free_context_contents(text); return SASL_FAIL; } if (text->user && text->user[0]) { ret = params->canon_user(params->utils->conn, text->user, 0, SASL_CU_AUTHZID, oparams); if (ret == SASL_OK) ret = params->canon_user(params->utils->conn, name_token.value, 0, SASL_CU_AUTHID, oparams); } else { ret = params->canon_user(params->utils->conn, name_token.value, 0, SASL_CU_AUTHID | SASL_CU_AUTHZID, oparams); } (*p_krb5_gss_release_buffer)(&min_stat, &name_token); if (ret != SASL_OK) return ret; /* Switch to ssf negotiation */ text->state = SASL_GSSAPI_STATE_SSFCAP; } return SASL_CONTINUE; case SASL_GSSAPI_STATE_SSFCAP: { sasl_security_properties_t *secprops = &(params->props); unsigned int alen, external = params->external_ssf; sasl_ssf_t need, allowed; char serverhas, mychoice; real_input_token.value = (void *) serverin; real_input_token.length = serverinlen; maj_stat = (*p_krb5_gss_unwrap)(&min_stat, text->gss_ctx, input_token, output_token, NULL, NULL); if (GSS_ERROR(maj_stat)) { sasl_gss_seterror(text->utils, maj_stat, min_stat); sasl_gss_free_context_contents(text); if (output_token->value) (*p_krb5_gss_release_buffer)(&min_stat, output_token); return SASL_FAIL; } /* taken from kerberos.c */ if (secprops->min_ssf > (K5_MAX_SSF + external)) { return SASL_TOOWEAK; } else if (secprops->min_ssf > secprops->max_ssf) { return SASL_BADPARAM; } /* need bits of layer -- sasl_ssf_t is unsigned so be careful */ if (secprops->max_ssf >= external) { allowed = secprops->max_ssf - external; } else { allowed = 0; } if (secprops->min_ssf >= external) { need = secprops->min_ssf - external; } else { /* good to go */ need = 0; } /* bit mask of server support */ serverhas = ((char *)output_token->value)[0]; /* if client didn't set use strongest layer available */ if (allowed >= K5_MAX_SSF && need <= K5_MAX_SSF && (serverhas & 4)) { /* encryption */ oparams->encode = &gssapi_privacy_encode; oparams->decode = &gssapi_decode; /* FIX ME: Need to extract the proper value here */ oparams->mech_ssf = K5_MAX_SSF; mychoice = 4; } else if (allowed >= 1 && need <= 1 && (serverhas & 2)) { /* integrity */ oparams->encode = &gssapi_integrity_encode; oparams->decode = &gssapi_decode; oparams->mech_ssf = 1; mychoice = 2; } else if (need <= 0 && (serverhas & 1)) { /* no layer */ oparams->encode = NULL; oparams->decode = NULL; oparams->mech_ssf = 0; mychoice = 1; } else { /* there's no appropriate layering for us! */ sasl_gss_free_context_contents(text); return SASL_TOOWEAK; } oparams->maxoutbuf = (((unsigned char *) output_token->value)[1] << 16) | (((unsigned char *) output_token->value)[2] << 8) | (((unsigned char *) output_token->value)[3] << 0); if(oparams->mech_ssf) { maj_stat = (*p_krb5_gss_wrap_size_limit)(&min_stat, text->gss_ctx, 1, GSS_C_QOP_DEFAULT, (OM_uint32) oparams->maxoutbuf, &max_input); if(max_input > oparams->maxoutbuf) { /* Heimdal appears to get this wrong */ oparams->maxoutbuf -= (max_input - oparams->maxoutbuf); } else { /* This code is actually correct */ oparams->maxoutbuf = max_input; } } (*p_krb5_gss_release_buffer)(&min_stat, output_token); /* oparams->user is always set, due to canon_user requirements. * Make sure the client actually requested it though, by checking * if our context was set. */ if (text->user && text->user[0]) alen = strlen(oparams->user); else alen = 0; input_token->length = 4 + alen; input_token->value = (char *)params->utils->malloc((input_token->length + 1)*sizeof(char)); if (input_token->value == NULL) { sasl_gss_free_context_contents(text); return SASL_NOMEM; } if (alen) memcpy((char *)input_token->value+4,oparams->user,alen); /* build up our security properties token */ if (params->props.maxbufsize > 0xFFFFFF) { /* make sure maxbufsize isn't too large */ /* maxbufsize = 0xFFFFFF */ ((unsigned char *)input_token->value)[1] = 0xFF; ((unsigned char *)input_token->value)[2] = 0xFF; ((unsigned char *)input_token->value)[3] = 0xFF; } else { ((unsigned char *)input_token->value)[1] = (params->props.maxbufsize >> 16) & 0xFF; ((unsigned char *)input_token->value)[2] = (params->props.maxbufsize >> 8) & 0xFF; ((unsigned char *)input_token->value)[3] = (params->props.maxbufsize >> 0) & 0xFF; } ((unsigned char *)input_token->value)[0] = mychoice; maj_stat = (*p_krb5_gss_wrap) (&min_stat, text->gss_ctx, 0, /* Just integrity checking here */ GSS_C_QOP_DEFAULT, input_token, NULL, output_token); params->utils->free(input_token->value); input_token->value = NULL; if (GSS_ERROR(maj_stat)) { sasl_gss_seterror(text->utils, maj_stat, min_stat); if (output_token->value) (*p_krb5_gss_release_buffer)(&min_stat, output_token); sasl_gss_free_context_contents(text); return SASL_FAIL; } if (clientoutlen) *clientoutlen = output_token->length; if (output_token->value) { if (clientout) { ret = _plug_buf_alloc(text->utils, &(text->out_buf), &(text->out_buf_len), *clientoutlen); if (ret != SASL_OK) { (*p_krb5_gss_release_buffer)(&min_stat, output_token); return ret; } memcpy(text->out_buf, output_token->value, *clientoutlen); *clientout = text->out_buf; } (*p_krb5_gss_release_buffer)(&min_stat, output_token); } text->state = SASL_GSSAPI_STATE_AUTHENTICATED; oparams->doneflag = 1; /* used by layers */ _plug_decode_init(&text->decode_context, text->utils, (params->props.maxbufsize > 0xFFFFFF) ? 0xFFFFFF : params->props.maxbufsize); return SASL_OK; } default: params->utils->log(NULL, SASL_LOG_ERR, "Invalid GSSAPI client step %d\n", text->state); return SASL_FAIL; } return SASL_FAIL; /* should never get here */ } static const unsigned long gssapi_required_prompts[] = { SASL_CB_LIST_END }; static sasl_client_plug_t gssapi_client_plugins[] = { { "GSSAPI", /* mech_name */ K5_MAX_SSF, /* max_ssf */ SASL_SEC_NOPLAINTEXT | SASL_SEC_NOACTIVE | SASL_SEC_NOANONYMOUS | SASL_SEC_MUTUAL_AUTH, /* security_flags */ SASL_FEAT_NEEDSERVERFQDN | SASL_FEAT_WANT_CLIENT_FIRST | SASL_FEAT_ALLOWS_PROXY, /* features */ gssapi_required_prompts, /* required_prompts */ NULL, /* glob_context */ &gssapi_client_mech_new, /* mech_new */ &gssapi_client_mech_step, /* mech_step */ &gssapi_common_mech_dispose, /* mech_dispose */ NULL, /* mech_free */ NULL, /* idle */ NULL, /* spare */ NULL /* spare */ } }; int gssapiv2_client_plug_init(const sasl_utils_t *utils __attribute__((unused)), int maxversion, int *out_version, sasl_client_plug_t **pluglist, int *plugcount) { if (maxversion < SASL_CLIENT_PLUG_VERSION) { SETERROR(utils, "Version mismatch in GSSAPI"); return SASL_BADVERS; } *out_version = SASL_CLIENT_PLUG_VERSION; *pluglist = gssapi_client_plugins; *plugcount = 1; return SASL_OK; } /***************************** Symbol Binding *****************************/ /* This is fragile. If we call a Kerberos GSSAPI function which itself calls a GSSAPI function, it will be routed to the GSI GSSAPI library. So far we've been lucky with minimal conflicts between MIT Kerberos and GSI. If we have to resort to linking against mechglue, things will get very messy. */ /* MIT Kerberos GSSAPI functions call gss_add_cred(), gss_seal(), and gss_unseal() internally, and we want to route them back to Kerberos rather than GSI. Luckly GSI does not call these functions. Our luck may not last forever. */ OM_uint32 gss_add_cred( OM_uint32 *minor_status, gss_cred_id_t input_cred_handle, gss_name_t desired_name, gss_OID desired_mech, gss_cred_usage_t cred_usage, OM_uint32 initiator_time_req, OM_uint32 acceptor_time_req, gss_cred_id_t *output_cred_handle, gss_OID_set *actual_mechs, OM_uint32 *initiator_time_rec, OM_uint32 *acceptor_time_rec) { return((*p_krb5_gss_add_cred)(minor_status, input_cred_handle, desired_name, desired_mech, cred_usage, initiator_time_req, acceptor_time_req, output_cred_handle, actual_mechs, initiator_time_rec, acceptor_time_rec)); } OM_uint32 gss_seal(OM_uint32 *minor_status, gss_ctx_id_t context_handle, int conf_req_flag, int qop_req, gss_buffer_t input_message_buffer, int *conf_state, gss_buffer_t output_message_buffer) { return((*p_krb5_gss_seal)(minor_status, context_handle, conf_req_flag, qop_req, input_message_buffer, conf_state, output_message_buffer)); } OM_uint32 gss_unseal(OM_uint32 *minor_status, gss_ctx_id_t context_handle, gss_buffer_t input_message_buffer, gss_buffer_t output_message_buffer, int *conf_state, int *qop_state) { return((*p_krb5_gss_unseal)(minor_status, context_handle, input_message_buffer, output_message_buffer, conf_state, qop_state)); } #endif myproxy-6.2.16/myproxy_init.c0000644000175100017510000004677514557142036013230 00000000000000/* * myproxy-init * * Client program to delegate a credential to a myproxy-server */ #include "myproxy_common.h" /* all needed headers included here */ #ifndef MAXPATHLEN #define MAXPATHLEN 4096 #endif /* Location of default proxy */ #define MYPROXY_DEFAULT_PROXY "/tmp/myproxy-proxy" static char usage[] = \ "\n"\ "Syntax: myproxy-init [-c #hours] [-t #hours] [-l username] [-r retrievers] [-w renewers] ...\n"\ " myproxy-init [-usage|-help] [-version]\n"\ "\n"\ " Options\n"\ " -h | --help Displays usage\n" " -u | --usage \n" " \n" " -v | --verbose Display debugging messages\n" " -V | --version Displays version\n" " -l | --username Username for the delegated proxy\n" " -c | --cred_lifetime Lifetime of delegated proxy on\n" " server (default 1 week)\n" " -t | --proxy_lifetime Lifetime of proxies delegated by\n" " server (default 12 hours)\n" " -s | --pshost Hostname of the myproxy-server\n" " Can also set MYPROXY_SERVER env. var.\n" " -p | --psport Port of the myproxy-server\n" " -C | --certfile Certificate file name\n" " -y | --keyfile Key file name\n" " -a | --allow_anonymous_retrievers Allow credentials to be retrieved\n" " with just username/passphrase\n" " -A | --allow_anonymous_renewers Allow credentials to be renewed by\n" " any client (not recommended)\n" " -x | --regex_dn_match Set regular expression matching mode\n" " for following policy options\n" " -X | --match_cn_only Set CN matching mode (default)\n" " for following policy options\n" " -r | --retrievable_by Allow specified entity to retrieve\n" " credential\n" " -R | --renewable_by Allow specified entity to renew\n" " credential\n" " -Z | --retrievable_by_cert Allow specified entity to retrieve\n" " credential w/o passphrase\n" " -S | --stdin_pass Read passphrase from stdin\n" " -n | --no_passphrase Don't prompt for passphrase\n" " -d | --dn_as_username Use the proxy certificate subject\n" " (DN) as the default username,\n" " instead of the LOGNAME env. var.\n" " -k | --credname Specifies credential name\n" " -K | --creddesc Specifies credential description\n" " -L | --local_proxy Create a local proxy credential\n" " -m | --voms Include VOMS attributes\n" "\n"; struct option long_options[] = { {"help", no_argument, NULL, 'h'}, {"pshost", required_argument, NULL, 's'}, {"psport", required_argument, NULL, 'p'}, {"certfile", required_argument, NULL, 'C'}, {"keyfile", required_argument, NULL, 'y'}, {"cred_lifetime", required_argument, NULL, 'c'}, {"proxy_lifetime", required_argument, NULL, 't'}, {"usage", no_argument, NULL, 'u'}, {"username", required_argument, NULL, 'l'}, {"verbose", no_argument, NULL, 'v'}, {"version", no_argument, NULL, 'V'}, {"no_passphrase", no_argument, NULL, 'n'}, {"dn_as_username", no_argument, NULL, 'd'}, {"allow_anonymous_retrievers", no_argument, NULL, 'a'}, {"allow_anonymous_renewers", no_argument, NULL, 'A'}, {"retrievable_by", required_argument, NULL, 'r'}, {"retrievable_by_cert", required_argument, NULL, 'Z'}, {"renewable_by", required_argument, NULL, 'R'}, {"regex_dn_match", no_argument, NULL, 'x'}, {"match_cn_only", no_argument, NULL, 'X'}, {"credname", required_argument, NULL, 'k'}, {"creddesc", required_argument, NULL, 'K'}, {"stdin_pass", no_argument, NULL, 'S'}, {"local_proxy", no_argument, NULL, 'L'}, {"voms", required_argument, NULL, 'm'}, {0, 0, 0, 0} }; /*colon following an option indicates option takes an argument */ static char short_options[] = "uhs:p:t:c:y:C:l:vVndr:R:Z:xXaAk:K:SLm:"; static char version[] = "myproxy-init version " MYPROXY_VERSION " (" MYPROXY_VERSION_DATE ") " "\n"; static char *certfile = NULL; /* certificate file name */ static char *keyfile = NULL; /* key file name */ static char **voms = NULL; static int use_empty_passwd = 0; static int dn_as_username = 0; static int read_passwd_from_stdin = 0; static int create_local_proxy = 0; static int verbose = 0; /* Function declarations */ int init_arguments(int argc, char *argv[], myproxy_socket_attrs_t *attrs, myproxy_request_t *request, int *cred_lifetime); int grid_proxy_init(int seconds, const char *cert, const char *key, const char *outfile); int grid_proxy_destroy(const char *proxyfile); #define SECONDS_PER_HOUR (60 * 60) int main(int argc, char *argv[]) { int cred_lifetime, hours; float days; char *pshost = NULL; char proxyfile[MAXPATHLEN]; char *request_buffer = NULL; int requestlen; int cleanup_user_proxy = 0; char *x509_user_proxy = NULL; int return_value = 1; myproxy_socket_attrs_t *socket_attrs; myproxy_request_t *client_request; myproxy_response_t *server_response; /* check library version */ if (myproxy_check_version()) { fprintf(stderr, "MyProxy library version mismatch.\n" "Expecting %s. Found %s.\n", MYPROXY_VERSION_DATE, myproxy_version(0,0,0)); exit(1); } myproxy_log_use_stream (stderr); socket_attrs = malloc(sizeof(*socket_attrs)); memset(socket_attrs, 0, sizeof(*socket_attrs)); client_request = malloc(sizeof(*client_request)); memset(client_request, 0, sizeof(*client_request)); server_response = malloc(sizeof(*server_response)); memset(server_response, 0, sizeof(*server_response)); /* setup defaults */ client_request->version = malloc(strlen(MYPROXY_VERSION) + 1); strcpy(client_request->version, MYPROXY_VERSION); client_request->command_type = MYPROXY_PUT_PROXY; pshost = getenv("MYPROXY_SERVER"); if (pshost != NULL) { socket_attrs->pshost = strdup(pshost); } /* client_request stores the lifetime of proxies delegated by the server */ client_request->proxy_lifetime = SECONDS_PER_HOUR * MYPROXY_DEFAULT_DELEG_HOURS; /* the lifetime of the proxy */ cred_lifetime = SECONDS_PER_HOUR * MYPROXY_DEFAULT_HOURS; if (getenv("MYPROXY_SERVER_PORT")) { socket_attrs->psport = atoi(getenv("MYPROXY_SERVER_PORT")); } else { socket_attrs->psport = MYPROXY_SERVER_PORT; } x509_user_proxy = getenv("X509_USER_PROXY"); /* for create_local_proxy */ /* Initialize client arguments and create client request object */ if (init_arguments(argc, argv, socket_attrs, client_request, &cred_lifetime) != 0) { goto cleanup; } /* Set up client socket attributes */ if (myproxy_init_client(socket_attrs) < 0) { verror_print_error(stderr); goto cleanup; } /* Create a proxy by running [grid-proxy-init] */ sprintf(proxyfile, "%s.%u.%u", MYPROXY_DEFAULT_PROXY, (unsigned)getuid(), (unsigned)getpid()); /* Run grid-proxy-init to create a proxy */ if (grid_proxy_init(cred_lifetime, certfile, keyfile, proxyfile) != 0) { if (voms) { fprintf(stderr, "voms-proxy-init failed\n"); } else { fprintf(stderr, "grid-proxy-init failed\n"); } goto cleanup; } /* Be sure to delete the user proxy on abnormal exit */ cleanup_user_proxy = 1; /* Authenticate client to server */ if (myproxy_authenticate_init(socket_attrs, proxyfile) < 0) { verror_print_error(stderr); goto cleanup; } if (client_request->username == NULL) { /* set default username */ if (dn_as_username) { if (ssl_get_base_subject_file(proxyfile, &client_request->username)) { fprintf(stderr, "Cannot get subject name from your certificate\n"); goto cleanup; } } else { char *username = NULL; if (!(username = getenv("LOGNAME"))) { fprintf(stderr, "Please specify a username.\n"); goto cleanup; } client_request->username = strdup(username); } } /* Allow user to provide a passphrase */ if (!use_empty_passwd) { int rval; if (read_passwd_from_stdin) { rval = myproxy_read_passphrase_stdin(client_request->passphrase, sizeof(client_request->passphrase), NULL); } else { rval = myproxy_read_verified_passphrase(client_request->passphrase, sizeof(client_request->passphrase), NULL); } if (rval == -1) { verror_print_error(stderr); goto cleanup; } } /* Serialize client request object */ requestlen = myproxy_serialize_request_ex(client_request, &request_buffer); if (requestlen < 0) { verror_print_error(stderr); goto cleanup; } /* Send request to the myproxy-server */ if (myproxy_send(socket_attrs, request_buffer, requestlen) < 0) { verror_print_error(stderr); goto cleanup; } free(request_buffer); request_buffer = NULL; /* Continue unless the response is not OK */ if (myproxy_recv_response_ex(socket_attrs, server_response, client_request) != 0) { verror_print_error(stderr); goto cleanup; } /* Delegate credentials to server using the default lifetime of the cert. */ if (myproxy_init_delegation(socket_attrs, proxyfile, cred_lifetime, NULL /* no passphrase */) < 0) { verror_print_error(stderr); goto cleanup; } /* Get final response from server */ if (myproxy_recv_response(socket_attrs, server_response) != 0) { verror_print_error(stderr); goto cleanup; } /* Get actual lifetime from credential. */ if (cred_lifetime == 0) { time_t cred_expiration; if (ssl_get_times(proxyfile, NULL, &cred_expiration) == 0) { cred_lifetime = cred_expiration-time(0); if (cred_lifetime <= 0) { fprintf(stderr, "Error: Credential expired!\n"); goto cleanup; } } } if (create_local_proxy) { unsetenv("X509_USER_PROXY"); /* GSI_SOCKET_use_creds() sets it */ if (voms) { /* no need to get another VOMS AC */ free_array_list(&voms); voms = NULL; } if (grid_proxy_init(client_request->proxy_lifetime, proxyfile, proxyfile, x509_user_proxy) != 0) { fprintf(stderr, "grid-proxy-init failed\n"); goto cleanup; } } /* Delete proxy file */ if (grid_proxy_destroy(proxyfile) != 0) { fprintf(stderr, "Failed to remove temporary proxy credential.\n"); goto cleanup; } cleanup_user_proxy = 0; hours = (int)(cred_lifetime/SECONDS_PER_HOUR); days = (float)(hours/24.0); printf("A proxy valid for %d hours (%.1f days) for user %s now exists on %s.\n", hours, days, client_request->username, socket_attrs->pshost); return_value = 0; cleanup: /* free memory allocated */ myproxy_free(socket_attrs, client_request, server_response); if (cleanup_user_proxy) { grid_proxy_destroy(proxyfile); } return return_value; } int init_arguments(int argc, char *argv[], myproxy_socket_attrs_t *attrs, myproxy_request_t *request, int *cred_lifetime) { extern char *optarg; int expr_type = MATCH_CN_ONLY; /*default */ int arg; while((arg = getopt_long(argc, argv, short_options, long_options, NULL)) != EOF) { switch(arg) { case 'h': /* print help and exit */ printf("%s", usage); exit(0); break; case 'c': /* Specify cred lifetime in hours */ *cred_lifetime = SECONDS_PER_HOUR * atoi(optarg); break; case 't': /* Specify proxy lifetime in hours */ request->proxy_lifetime = SECONDS_PER_HOUR * atoi(optarg); if (request->proxy_lifetime < 0) { fprintf(stderr, "Requested lifetime (-t option) out of bounds.\n"); exit(1); } break; case 's': /* pshost name */ attrs->pshost = strdup(optarg); break; case 'p': /* psport */ attrs->psport = atoi(optarg); break; case 'C': /* credential file name */ certfile = strdup(optarg); break; case 'y': /* key file name */ keyfile = strdup(optarg); break; case 'u': /* print help and exit */ printf("%s", usage); exit(0); break; case 'l': /* username */ request->username = strdup(optarg); break; case 'v': myproxy_debug_set_level(1); verbose = 1; break; case 'V': /* print version and exit */ printf("%s", version); exit(0); break; case 'n': use_empty_passwd = 1; break; case 'd': /* use the certificate subject (DN) as the default username instead of LOGNAME */ dn_as_username = 1; break; case 'r': /* retrievers list */ if (request->retrievers) { fprintf(stderr, "Only one -a or -r option may be specified.\n"); return -1; } if (expr_type == REGULAR_EXP) /*copy as is */ request->retrievers = strdup (optarg); else { request->retrievers = (char *) malloc (strlen (optarg) + 6); strcpy (request->retrievers, "*/CN="); request->retrievers = strcat (request->retrievers,optarg); myproxy_debug("authorized retriever %s", request->retrievers); } break; case 'Z': /* trusted_retrievers list */ if (request->trusted_retrievers) { fprintf(stderr, "Only one -Z option may be specified.\n"); return -1; } if (expr_type == REGULAR_EXP) /*copy as is */ request->trusted_retrievers = strdup (optarg); else { request->trusted_retrievers = (char *) malloc (strlen (optarg) + 6); strcpy (request->trusted_retrievers, "*/CN="); request->trusted_retrievers = strcat (request->trusted_retrievers,optarg); myproxy_debug("trusted retriever %s", request->trusted_retrievers); } use_empty_passwd = 1; break; case 'R': /* renewers list */ if (request->renewers) { fprintf(stderr, "Only one -A or -R option may be specified.\n"); return -1; } if (expr_type == REGULAR_EXP) /*copy as is */ request->renewers = strdup (optarg); else { request->renewers = (char *) malloc (strlen (optarg) + 6); strcpy (request->renewers, "*/CN="); request->renewers = strcat (request->renewers,optarg); myproxy_debug("authorized renewer %s", request->renewers); } use_empty_passwd = 1; break; case 'x': /*set expression type to regex*/ expr_type = REGULAR_EXP; myproxy_debug("expr-type = regex"); break; case 'X': /*set expression type to common name*/ expr_type = MATCH_CN_ONLY; myproxy_debug("expr-type = CN"); break; case 'a': /*allow anonymous retrievers*/ if (request->retrievers) { fprintf(stderr, "Only one -a or -r option may be specified.\n"); return -1; } request->retrievers = strdup ("*"); myproxy_debug("anonymous retrievers allowed"); break; case 'A': /*allow anonymous renewers*/ if (request->renewers) { fprintf(stderr, "Only one -A or -R option may be specified.\n"); return -1; } request->renewers = strdup ("*"); myproxy_debug("anonymous renewers allowed"); use_empty_passwd = 1; break; case 'k': /*credential name*/ request->credname = strdup (optarg); break; case 'K': /*credential description*/ request->creddesc = strdup (optarg); break; case 'S': read_passwd_from_stdin = 1; break; case 'L': create_local_proxy = 1; break; case 'm': voms = add_entry(voms, optarg); break; default: fprintf(stderr, "%s", usage); return -1; break; } } if (optind != argc) { fprintf(stderr, "%s: invalid option -- %s\n", argv[0], argv[optind]); fprintf(stderr, "%s", usage); exit(1); } /* Check to see if myproxy-server specified */ if (attrs->pshost == NULL) { fprintf(stderr, "%s", usage); fprintf(stderr, "Unspecified myproxy-server. Please set the MYPROXY_SERVER environment variable\nor set the myproxy-server hostname via the -s flag.\n"); return -1; } return 0; } /* grid_proxy_init() * * Run grid-proxy-init or voms-proxy-init to create a user proxy * * returns grid-proxy-init status 0 if OK, -1 on error */ int grid_proxy_init(int seconds, const char *cert, const char *key, const char *outfile) { int i, rc; char *command; char *proxy_mode; const char *argv[40]; char hours[11], bits[11], vomslife[14]; int argc = 0; pid_t childpid; char *keybitsenv = NULL; int keybits = MYPROXY_DEFAULT_KEYBITS; if (voms) { command = "voms-proxy-init"; argv[argc++] = command; for (i=0; voms[i] && i < 10; i++) { argv[argc++] = "-voms"; argv[argc++] = voms[i]; } } else { command = "grid-proxy-init"; argv[argc++] = command; } proxy_mode = getenv("GT_PROXY_MODE"); if (proxy_mode) { if (strcmp(proxy_mode, "old") == 0) { if (voms) { argv[argc++] = "-proxyver=2"; } else { argv[argc++] = "-old"; } } else if (strcmp(proxy_mode, "rfc") == 0) { argv[argc++] = "-rfc"; } } if ((keybitsenv = getenv("MYPROXY_KEYBITS")) != NULL) { keybits = atoi(keybitsenv); } argv[argc++] = "-verify"; argv[argc++] = "-hours"; snprintf(hours, sizeof(hours), "%d", seconds / SECONDS_PER_HOUR); argv[argc++] = hours; if (voms) { argv[argc++] = "-vomslife"; snprintf(vomslife, sizeof(vomslife), "%d:0", seconds / SECONDS_PER_HOUR); argv[argc++] = vomslife; } argv[argc++] = "-bits"; snprintf(bits, sizeof(bits), "%d", keybits); argv[argc++] = bits; if (cert) { argv[argc++] = "-cert"; argv[argc++] = cert; } if (key) { argv[argc++] = "-key"; argv[argc++] = key; } if (outfile) { argv[argc++] = "-out"; argv[argc++] = outfile; } if (read_passwd_from_stdin) { argv[argc++] = "-pwstdin"; } if (verbose) { argv[argc++] = "-debug"; } argv[argc++] = NULL; if ((childpid = fork()) < 0) { verror_put_string("fork() failed"); verror_put_errno(errno); return -1; } if (childpid == 0) { /* child */ execvp(command, (char *const *)argv); fprintf(stderr, "failed to run %s: %s\n", command, strerror(errno)); exit(1); } if (waitpid(childpid,&rc,0) == -1) { verror_put_string("wait() failed for proxy-init child"); verror_put_errno(errno); return -1; } return rc; } /* grid_proxy_destroy() * * Fill the proxy file with zeros and unlink. * * returns 0 if OK, -1 on error */ int grid_proxy_destroy(const char *proxyfile) { if (ssl_proxy_file_destroy(proxyfile) != SSL_SUCCESS) { verror_print_error(stderr); return -1; } return 0; } myproxy-6.2.16/Makefile.in0000644000175100017510000021351114557142526012343 00000000000000# Makefile.in generated by automake 1.13.4 from Makefile.am. # @configure_input@ # Copyright (C) 1994-2013 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ VPATH = @srcdir@ am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ *) echo "am__make_running_with_option: internal error: invalid" \ "target option '$${target_option-}' specified" >&2; \ exit 1;; \ esac; \ has_opt=no; \ sane_makeflags=$$MAKEFLAGS; \ if $(am__is_gnu_make); then \ sane_makeflags=$$MFLAGS; \ else \ case $$MAKEFLAGS in \ *\\[\ \ ]*) \ bs=\\; \ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ esac; \ fi; \ skip_next=no; \ strip_trailopt () \ { \ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ }; \ for flg in $$sane_makeflags; do \ test $$skip_next = yes && { skip_next=no; continue; }; \ case $$flg in \ *=*|--*) continue;; \ -*I) strip_trailopt 'I'; skip_next=yes;; \ -*I?*) strip_trailopt 'I';; \ -*O) strip_trailopt 'O'; skip_next=yes;; \ -*O?*) strip_trailopt 'O';; \ -*l) strip_trailopt 'l'; skip_next=yes;; \ -*l?*) strip_trailopt 'l';; \ -[dEDm]) skip_next=yes;; \ -[JT]) skip_next=yes;; \ esac; \ case $$flg in \ *$$target_option*) has_opt=yes; break;; \ esac; \ done; \ test $$has_opt = yes am__make_dryrun = (target_option=n; $(am__make_running_with_option)) am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ @HAVE_VOMS_TRUE@am__append_1 = libmyproxy_voms.la bin_PROGRAMS = myproxy-init$(EXEEXT) myproxy-info$(EXEEXT) \ myproxy-store$(EXEEXT) myproxy-destroy$(EXEEXT) \ myproxy-retrieve$(EXEEXT) myproxy-get-trustroots$(EXEEXT) \ myproxy-get-delegation$(EXEEXT) myproxy-logon$(EXEEXT) \ myproxy-change-pass-phrase$(EXEEXT) sbin_PROGRAMS = myproxy-server$(EXEEXT) \ myproxy-admin-load-credential$(EXEEXT) \ myproxy-admin-query$(EXEEXT) \ myproxy-admin-change-pass$(EXEEXT) subdir = . DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ $(top_srcdir)/configure $(am__configure_deps) \ $(srcdir)/myproxy.h.in $(srcdir)/myproxy.pc.in \ $(top_srcdir)/build-aux/depcomp $(include_HEADERS) \ $(top_srcdir)/build-aux/test-driver INSTALL README \ build-aux/config.guess build-aux/config.sub build-aux/depcomp \ build-aux/install-sh build-aux/missing build-aux/ltmain.sh \ $(top_srcdir)/build-aux/config.guess \ $(top_srcdir)/build-aux/config.sub \ $(top_srcdir)/build-aux/install-sh \ $(top_srcdir)/build-aux/ltmain.sh \ $(top_srcdir)/build-aux/missing ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ $(top_srcdir)/myproxy-date.inc $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \ configure.lineno config.status.lineno mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = myproxy.h myproxy.pc CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; am__install_max = 40 am__nobase_strip_setup = \ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` am__nobase_strip = \ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" am__nobase_list = $(am__nobase_strip_setup); \ for p in $$list; do echo "$$p $$p"; done | \ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ if (++n[$$2] == $(am__install_max)) \ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ END { for (dir in files) print dir, files[dir] }' am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__uninstall_files_from_dir = { \ test -z "$$files" \ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ $(am__cd) "$$dir" && rm -f $$files; }; \ } am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(bindir)" \ "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(sbindir)" \ "$(DESTDIR)$(pkgconfdir)" "$(DESTDIR)$(pkgdatadir)" \ "$(DESTDIR)$(includedir)" "$(DESTDIR)$(includedir)" LTLIBRARIES = $(lib_LTLIBRARIES) am__DEPENDENCIES_1 = libmyproxy_la_DEPENDENCIES = $(am__DEPENDENCIES_1) am__objects_1 = accept_credmap.lo auth_pam.lo certauth_extensions.lo \ certauth_resolveuser.lo getopt_long.lo gsi_socket.lo gssapi.lo \ myproxy.lo myproxy_authorization.lo myproxy_creds.lo \ myproxy_delegation.lo myproxy_extensions.lo \ myproxy_read_pass.lo myproxy_log.lo myproxy_ocsp.lo \ myproxy_ocsp_aia.lo myproxy_popen.lo myproxy_sasl_client.lo \ myproxy_sasl_server.lo myproxy_server_config.lo pidfile.lo \ plugin_common.lo safe_id_range_list.lo safe_is_path_trusted.lo \ ssl_utils.lo string_funcs.lo verror.lo voms_utils.lo vparse.lo am_libmyproxy_la_OBJECTS = $(am__objects_1) libmyproxy_la_OBJECTS = $(am_libmyproxy_la_OBJECTS) AM_V_lt = $(am__v_lt_@AM_V@) am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) am__v_lt_0 = --silent am__v_lt_1 = libmyproxy_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libmyproxy_la_LDFLAGS) $(LDFLAGS) -o $@ libmyproxy_voms_la_DEPENDENCIES = libmyproxy.la $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) am_libmyproxy_voms_la_OBJECTS = gsi_socket_voms.lo vomsclient.lo libmyproxy_voms_la_OBJECTS = $(am_libmyproxy_voms_la_OBJECTS) libmyproxy_voms_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ $(AM_CFLAGS) $(CFLAGS) $(libmyproxy_voms_la_LDFLAGS) \ $(LDFLAGS) -o $@ @HAVE_VOMS_FALSE@am_libmyproxy_voms_la_rpath = @HAVE_VOMS_TRUE@am_libmyproxy_voms_la_rpath = -rpath $(libdir) PROGRAMS = $(bin_PROGRAMS) $(sbin_PROGRAMS) am_myproxy_admin_change_pass_OBJECTS = myproxy_acp.$(OBJEXT) myproxy_admin_change_pass_OBJECTS = \ $(am_myproxy_admin_change_pass_OBJECTS) myproxy_admin_change_pass_DEPENDENCIES = ./libmyproxy.la am_myproxy_admin_load_credential_OBJECTS = myproxy_alcf.$(OBJEXT) myproxy_admin_load_credential_OBJECTS = \ $(am_myproxy_admin_load_credential_OBJECTS) myproxy_admin_load_credential_DEPENDENCIES = ./libmyproxy.la am_myproxy_admin_query_OBJECTS = myproxy_arq.$(OBJEXT) myproxy_admin_query_OBJECTS = $(am_myproxy_admin_query_OBJECTS) myproxy_admin_query_DEPENDENCIES = ./libmyproxy.la am_myproxy_change_pass_phrase_OBJECTS = myproxy_cp.$(OBJEXT) myproxy_change_pass_phrase_OBJECTS = \ $(am_myproxy_change_pass_phrase_OBJECTS) myproxy_change_pass_phrase_DEPENDENCIES = ./libmyproxy.la am_myproxy_destroy_OBJECTS = myproxy_destroy.$(OBJEXT) myproxy_destroy_OBJECTS = $(am_myproxy_destroy_OBJECTS) myproxy_destroy_DEPENDENCIES = ./libmyproxy.la am_myproxy_get_delegation_OBJECTS = myproxy_get_delegation.$(OBJEXT) myproxy_get_delegation_OBJECTS = $(am_myproxy_get_delegation_OBJECTS) am__DEPENDENCIES_2 = $(am__DEPENDENCIES_1) myproxy_get_delegation_DEPENDENCIES = ./libmyproxy.la \ $(am__DEPENDENCIES_2) am_myproxy_get_trustroots_OBJECTS = myproxy_get_trustroots.$(OBJEXT) myproxy_get_trustroots_OBJECTS = $(am_myproxy_get_trustroots_OBJECTS) myproxy_get_trustroots_DEPENDENCIES = ./libmyproxy.la am_myproxy_info_OBJECTS = myproxy_info.$(OBJEXT) myproxy_info_OBJECTS = $(am_myproxy_info_OBJECTS) myproxy_info_DEPENDENCIES = ./libmyproxy.la am_myproxy_init_OBJECTS = myproxy_init.$(OBJEXT) myproxy_init_OBJECTS = $(am_myproxy_init_OBJECTS) myproxy_init_DEPENDENCIES = ./libmyproxy.la am_myproxy_logon_OBJECTS = myproxy_get_delegation.$(OBJEXT) myproxy_logon_OBJECTS = $(am_myproxy_logon_OBJECTS) myproxy_logon_DEPENDENCIES = ./libmyproxy.la $(am__DEPENDENCIES_2) am_myproxy_retrieve_OBJECTS = myproxy_get_credential.$(OBJEXT) myproxy_retrieve_OBJECTS = $(am_myproxy_retrieve_OBJECTS) myproxy_retrieve_DEPENDENCIES = ./libmyproxy.la $(am__DEPENDENCIES_2) am_myproxy_server_OBJECTS = myproxy_server.$(OBJEXT) myproxy_server_OBJECTS = $(am_myproxy_server_OBJECTS) myproxy_server_DEPENDENCIES = ./libmyproxy.la $(am__DEPENDENCIES_2) am_myproxy_store_OBJECTS = myproxy_store.$(OBJEXT) myproxy_store_OBJECTS = $(am_myproxy_store_OBJECTS) myproxy_store_DEPENDENCIES = ./libmyproxy.la $(am__DEPENDENCIES_2) SCRIPTS = $(sbin_SCRIPTS) AM_V_P = $(am__v_P_@AM_V@) am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) am__v_P_0 = false am__v_P_1 = : AM_V_GEN = $(am__v_GEN_@AM_V@) am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) am__v_GEN_0 = @echo " GEN " $@; am__v_GEN_1 = AM_V_at = $(am__v_at_@AM_V@) am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) am__v_at_0 = @ am__v_at_1 = DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp am__depfiles_maybe = depfiles am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ $(AM_CFLAGS) $(CFLAGS) AM_V_CC = $(am__v_CC_@AM_V@) am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) am__v_CC_0 = @echo " CC " $@; am__v_CC_1 = CCLD = $(CC) LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(AM_LDFLAGS) $(LDFLAGS) -o $@ AM_V_CCLD = $(am__v_CCLD_@AM_V@) am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) am__v_CCLD_0 = @echo " CCLD " $@; am__v_CCLD_1 = SOURCES = $(libmyproxy_la_SOURCES) $(libmyproxy_voms_la_SOURCES) \ $(myproxy_admin_change_pass_SOURCES) \ $(myproxy_admin_load_credential_SOURCES) \ $(myproxy_admin_query_SOURCES) \ $(myproxy_change_pass_phrase_SOURCES) \ $(myproxy_destroy_SOURCES) $(myproxy_get_delegation_SOURCES) \ $(myproxy_get_trustroots_SOURCES) $(myproxy_info_SOURCES) \ $(myproxy_init_SOURCES) $(myproxy_logon_SOURCES) \ $(myproxy_retrieve_SOURCES) $(myproxy_server_SOURCES) \ $(myproxy_store_SOURCES) DIST_SOURCES = $(libmyproxy_la_SOURCES) $(libmyproxy_voms_la_SOURCES) \ $(myproxy_admin_change_pass_SOURCES) \ $(myproxy_admin_load_credential_SOURCES) \ $(myproxy_admin_query_SOURCES) \ $(myproxy_change_pass_phrase_SOURCES) \ $(myproxy_destroy_SOURCES) $(myproxy_get_delegation_SOURCES) \ $(myproxy_get_trustroots_SOURCES) $(myproxy_info_SOURCES) \ $(myproxy_init_SOURCES) $(myproxy_logon_SOURCES) \ $(myproxy_retrieve_SOURCES) $(myproxy_server_SOURCES) \ $(myproxy_store_SOURCES) RECURSIVE_TARGETS = all-recursive check-recursive cscopelist-recursive \ ctags-recursive dvi-recursive html-recursive info-recursive \ install-data-recursive install-dvi-recursive \ install-exec-recursive install-html-recursive \ install-info-recursive install-pdf-recursive \ install-ps-recursive install-recursive installcheck-recursive \ installdirs-recursive pdf-recursive ps-recursive \ tags-recursive uninstall-recursive am__can_run_installinfo = \ case $$AM_UPDATE_INFO_DIR in \ n|no|NO) false;; \ *) (install-info --version) >/dev/null 2>&1;; \ esac DATA = $(pkgconf_DATA) $(pkgdata_DATA) HEADERS = $(include_HEADERS) $(nodist_include_HEADERS) RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ distclean-recursive maintainer-clean-recursive am__recursive_targets = \ $(RECURSIVE_TARGETS) \ $(RECURSIVE_CLEAN_TARGETS) \ $(am__extra_recursive_targets) AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \ cscope check recheck distdir dist dist-all distcheck am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) # Read a list of newline-separated strings from the standard input, # and print each of them once, without duplicates. Input order is # *not* preserved. am__uniquify_input = $(AWK) '\ BEGIN { nonempty = 0; } \ { items[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in items) print i; }; } \ ' # Make sure the list of sources is unique. This is necessary because, # e.g., the same source file might be shared among _SOURCES variables # for different programs/libraries. am__define_uniq_tagged_files = \ list='$(am__tagged_files)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags CSCOPE = cscope am__tty_colors_dummy = \ mgn= red= grn= lgn= blu= brg= std=; \ am__color_tests=no am__tty_colors = { \ $(am__tty_colors_dummy); \ if test "X$(AM_COLOR_TESTS)" = Xno; then \ am__color_tests=no; \ elif test "X$(AM_COLOR_TESTS)" = Xalways; then \ am__color_tests=yes; \ elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \ am__color_tests=yes; \ fi; \ if test $$am__color_tests = yes; then \ red=''; \ grn=''; \ lgn=''; \ blu=''; \ mgn=''; \ brg=''; \ std=''; \ fi; \ } am__recheck_rx = ^[ ]*:recheck:[ ]* am__global_test_result_rx = ^[ ]*:global-test-result:[ ]* am__copy_in_global_log_rx = ^[ ]*:copy-in-global-log:[ ]* # A command that, given a newline-separated list of test names on the # standard input, print the name of the tests that are to be re-run # upon "make recheck". am__list_recheck_tests = $(AWK) '{ \ recheck = 1; \ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ { \ if (rc < 0) \ { \ if ((getline line2 < ($$0 ".log")) < 0) \ recheck = 0; \ break; \ } \ else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \ { \ recheck = 0; \ break; \ } \ else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \ { \ break; \ } \ }; \ if (recheck) \ print $$0; \ close ($$0 ".trs"); \ close ($$0 ".log"); \ }' # A command that, given a newline-separated list of test names on the # standard input, create the global log from their .trs and .log files. am__create_global_log = $(AWK) ' \ function fatal(msg) \ { \ print "fatal: making $@: " msg | "cat >&2"; \ exit 1; \ } \ function rst_section(header) \ { \ print header; \ len = length(header); \ for (i = 1; i <= len; i = i + 1) \ printf "="; \ printf "\n\n"; \ } \ { \ copy_in_global_log = 1; \ global_test_result = "RUN"; \ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ { \ if (rc < 0) \ fatal("failed to read from " $$0 ".trs"); \ if (line ~ /$(am__global_test_result_rx)/) \ { \ sub("$(am__global_test_result_rx)", "", line); \ sub("[ ]*$$", "", line); \ global_test_result = line; \ } \ else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \ copy_in_global_log = 0; \ }; \ if (copy_in_global_log) \ { \ rst_section(global_test_result ": " $$0); \ while ((rc = (getline line < ($$0 ".log"))) != 0) \ { \ if (rc < 0) \ fatal("failed to read from " $$0 ".log"); \ print line; \ }; \ printf "\n"; \ }; \ close ($$0 ".trs"); \ close ($$0 ".log"); \ }' # Restructured Text title. am__rst_title = { sed 's/.*/ & /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; } # Solaris 10 'make', and several other traditional 'make' implementations, # pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it # by disabling -e (using the XSI extension "set +e") if it's set. am__sh_e_setup = case $$- in *e*) set +e;; esac # Default flags passed to test drivers. am__common_driver_flags = \ --color-tests "$$am__color_tests" \ --enable-hard-errors "$$am__enable_hard_errors" \ --expect-failure "$$am__expect_failure" # To be inserted before the command running the test. Creates the # directory for the log if needed. Stores in $dir the directory # containing $f, in $tst the test, in $log the log. Executes the # developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and # passes TESTS_ENVIRONMENT. Set up options for the wrapper that # will run the test scripts (or their associated LOG_COMPILER, if # thy have one). am__check_pre = \ $(am__sh_e_setup); \ $(am__vpath_adj_setup) $(am__vpath_adj) \ $(am__tty_colors); \ srcdir=$(srcdir); export srcdir; \ case "$@" in \ */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;; \ *) am__odir=.;; \ esac; \ test "x$$am__odir" = x"." || test -d "$$am__odir" \ || $(MKDIR_P) "$$am__odir" || exit $$?; \ if test -f "./$$f"; then dir=./; \ elif test -f "$$f"; then dir=; \ else dir="$(srcdir)/"; fi; \ tst=$$dir$$f; log='$@'; \ if test -n '$(DISABLE_HARD_ERRORS)'; then \ am__enable_hard_errors=no; \ else \ am__enable_hard_errors=yes; \ fi; \ case " $(XFAIL_TESTS) " in \ *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \ am__expect_failure=yes;; \ *) \ am__expect_failure=no;; \ esac; \ $(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT) # A shell command to get the names of the tests scripts with any registered # extension removed (i.e., equivalently, the names of the test logs, with # the '.log' extension removed). The result is saved in the shell variable # '$bases'. This honors runtime overriding of TESTS and TEST_LOGS. Sadly, # we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)", # since that might cause problem with VPATH rewrites for suffix-less tests. # See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'. am__set_TESTS_bases = \ bases='$(TEST_LOGS)'; \ bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \ bases=`echo $$bases` RECHECK_LOGS = $(TEST_LOGS) TEST_SUITE_LOG = test-suite.log TEST_EXTENSIONS = @EXEEXT@ .test LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS) am__set_b = \ case '$@' in \ */*) \ case '$*' in \ */*) b='$*';; \ *) b=`echo '$@' | sed 's/\.log$$//'`; \ esac;; \ *) \ b='$*';; \ esac am__test_logs1 = $(TESTS:=.log) am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log) TEST_LOGS = $(am__test_logs2:.test.log=.log) TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \ $(TEST_LOG_FLAGS) DIST_SUBDIRS = $(SUBDIRS) DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) distdir = $(PACKAGE)-$(VERSION) top_distdir = $(distdir) am__remove_distdir = \ if test -d "$(distdir)"; then \ find "$(distdir)" -type d ! -perm -200 -exec chmod u+w {} ';' \ && rm -rf "$(distdir)" \ || { sleep 5 && rm -rf "$(distdir)"; }; \ else :; fi am__post_remove_distdir = $(am__remove_distdir) am__relativize = \ dir0=`pwd`; \ sed_first='s,^\([^/]*\)/.*$$,\1,'; \ sed_rest='s,^[^/]*/*,,'; \ sed_last='s,^.*/\([^/]*\)$$,\1,'; \ sed_butlast='s,/*[^/]*$$,,'; \ while test -n "$$dir1"; do \ first=`echo "$$dir1" | sed -e "$$sed_first"`; \ if test "$$first" != "."; then \ if test "$$first" = ".."; then \ dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \ dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \ else \ first2=`echo "$$dir2" | sed -e "$$sed_first"`; \ if test "$$first2" = "$$first"; then \ dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \ else \ dir2="../$$dir2"; \ fi; \ dir0="$$dir0"/"$$first"; \ fi; \ fi; \ dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \ done; \ reldir="$$dir2" DIST_ARCHIVES = $(distdir).tar.gz GZIP_ENV = --best DIST_TARGETS = dist-gzip distuninstallcheck_listfiles = find . -type f -print am__distuninstallcheck_listfiles = $(distuninstallcheck_listfiles) \ | sed 's|^\./|$(prefix)/|' | grep -v '$(infodir)/dir$$' distcleancheck_listfiles = find . -type f -print ACLOCAL = @ACLOCAL@ AGE_VERSION = @AGE_VERSION@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ AS = @AS@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DLLTOOL = @DLLTOOL@ DSYMUTIL = @DSYMUTIL@ DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GLOBUS_CFLAGS = @GLOBUS_CFLAGS@ GLOBUS_LIBS = @GLOBUS_LIBS@ GREP = @GREP@ GSI_CERT_UTILS_PATH = @GSI_CERT_UTILS_PATH@ GSI_PROXY_UTILS_PATH = @GSI_PROXY_UTILS_PATH@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ KRB5CPPFLAGS = @KRB5CPPFLAGS@ LD = @LD@ LDFLAGS = @LDFLAGS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAJOR_VERSION = @MAJOR_VERSION@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MICRO_VERSION = @MICRO_VERSION@ MINOR_VERSION = @MINOR_VERSION@ MKDIR_P = @MKDIR_P@ MYPROXY_DATE = @MYPROXY_DATE@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ OPENSSL = @OPENSSL@ OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ OPENSSL_LIBS = @OPENSSL_LIBS@ OTOOL = @OTOOL@ OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_DEPS = @PACKAGE_DEPS@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ RANLIB = @RANLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ SYSLIBS = @SYSLIBS@ VERSION = @VERSION@ VOMS_LIBS = @VOMS_LIBS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ SUBDIRS = \ web \ systemd \ man LibSources = \ accept_credmap.c \ accept_credmap.h \ auth_pam.c \ auth_pam.h \ certauth_extensions.c \ certauth_extensions.h \ certauth_resolveuser.c \ certauth_resolveuser.h \ getopt_long.c \ gsi_socket.c \ gsi_socket.h \ gsi_socket_priv.h \ gssapi.c \ myproxy.c \ myproxy_authorization.c \ myproxy_authorization.h \ myproxy_common.h \ myproxy_creds.c \ myproxy_creds.h \ myproxy_delegation.c \ myproxy_delegation.h \ myproxy_extensions.c \ myproxy_extensions.h \ myproxy_read_pass.c \ myproxy_read_pass.h \ myproxy_log.c \ myproxy_log.h \ myproxy_ocsp.c \ myproxy_ocsp.h \ myproxy_ocsp_aia.c \ myproxy_ocsp_aia.h \ myproxy_popen.c \ myproxy_popen.h \ myproxy_sasl_client.c \ myproxy_sasl_client.h \ myproxy_sasl_server.h \ myproxy_sasl_server.c \ myproxy_server.h \ myproxy_server_config.c \ pidfile.c \ plugin_common.c \ plugin_common.h \ port_getopt.h \ safe_id_range_list.c \ safe_id_range_list.h \ safe_is_path_trusted.c \ safe_is_path_trusted.h \ ssl_utils.c \ ssl_utils.h \ string_funcs.c \ string_funcs.h \ verror.c \ verror.h \ vomsclient.h \ voms_utils.c \ voms_utils.h \ vparse.c \ vparse.h Scripts = \ myproxy-test \ myproxy-replicate \ myproxy-test-replicate \ myproxy-admin-adduser \ myproxy-admin-addservice \ myproxy-server-setup sbin_SCRIPTS = $(Scripts) check_SCRIPTS = myproxy-test-wrapper nodist_include_HEADERS = \ myproxy.h include_HEADERS = \ myproxy_constants.h \ myproxy_authorization.h \ myproxy_protocol.h \ myproxy_creds.h \ myproxy_delegation.h \ myproxy_log.h \ myproxy_read_pass.h \ myproxy_sasl_client.h \ myproxy_sasl_server.h \ myproxy_server.h \ verror.h ACLOCAL_AMFLAGS = -I m4 AM_CPPFLAGS = $(GLOBUS_CFLAGS) LDADD = $(GLOBUS_LIBS) lib_LTLIBRARIES = libmyproxy.la $(am__append_1) @HAVE_VOMS_FALSE@EXTRA_LTLIBRARIES = libmyproxy_voms.la libmyproxy_la_SOURCES = $(LibSources) libmyproxy_la_LDFLAGS = \ -version-info $(MAJOR_VERSION):$(MINOR_VERSION):$(AGE_VERSION) libmyproxy_la_LIBADD = $(GLOBUS_LIBS) libmyproxy_voms_la_SOURCES = gsi_socket_voms.c vomsclient.c libmyproxy_voms_la_LDFLAGS = \ -module -avoid-version -no-undefined libmyproxy_voms_la_LIBADD = libmyproxy.la $(VOMS_LIBS) $(GLOBUS_LIBS) myproxy_init_SOURCES = myproxy_init.c myproxy_init_LDADD = ./libmyproxy.la myproxy_info_SOURCES = myproxy_info.c myproxy_info_LDADD = ./libmyproxy.la myproxy_store_SOURCES = myproxy_store.c myproxy_store_LDADD = ./libmyproxy.la $(LDADD) myproxy_retrieve_SOURCES = myproxy_get_credential.c myproxy_retrieve_LDADD = ./libmyproxy.la $(LDADD) myproxy_destroy_SOURCES = myproxy_destroy.c myproxy_destroy_LDADD = ./libmyproxy.la myproxy_server_SOURCES = myproxy_server.c myproxy_server_LDADD = ./libmyproxy.la $(LDADD) myproxy_get_trustroots_SOURCES = myproxy_get_trustroots.c myproxy_get_trustroots_LDADD = ./libmyproxy.la myproxy_get_delegation_SOURCES = myproxy_get_delegation.c myproxy_get_delegation_LDADD = ./libmyproxy.la $(LDADD) myproxy_logon_SOURCES = myproxy_get_delegation.c myproxy_logon_LDADD = ./libmyproxy.la $(LDADD) myproxy_change_pass_phrase_SOURCES = myproxy_cp.c myproxy_change_pass_phrase_LDADD = ./libmyproxy.la myproxy_admin_query_SOURCES = myproxy_arq.c myproxy_admin_query_LDADD = ./libmyproxy.la myproxy_admin_load_credential_SOURCES = myproxy_alcf.c myproxy_admin_load_credential_LDADD = ./libmyproxy.la myproxy_admin_change_pass_SOURCES = myproxy_acp.c myproxy_admin_change_pass_LDADD = ./libmyproxy.la pkgdata_DATA = \ LICENSE LICENSE.sasl LICENSE.netbsd LICENSE.pidfile \ LICENSE.safefile \ VERSION PROTOCOL README.sasl REPOSITORY \ myproxy-server.config \ etc.services.modifications etc.inetd.conf.modifications \ myproxy.cron myproxy-crl.cron myproxy-get-trustroots.cron \ etc.init.d.myproxy etc.init.d.myproxy.nonroot \ etc.xinetd.myproxy myproxy-passphrase-policy \ myproxy-certificate-mapapp myproxy-revoke \ myproxy-accepted-credentials-mapapp \ myproxy-cert-checker myproxy-certreq-checker EXTRA_DIST = $(Scripts) $(check_SCRIPTS) \ LICENSE LICENSE.sasl LICENSE.netbsd LICENSE.pidfile \ LICENSE.safefile \ VERSION PROTOCOL README.sasl REPOSITORY \ myproxy-server.config \ etc.services.modifications etc.inetd.conf.modifications \ myproxy.cron myproxy-crl.cron myproxy-get-trustroots.cron \ etc.init.d.myproxy etc.init.d.myproxy.nonroot \ etc.xinetd.myproxy myproxy-passphrase-policy \ myproxy-certificate-mapapp myproxy-revoke \ myproxy-accepted-credentials-mapapp \ myproxy-cert-checker myproxy-certreq-checker \ myproxy.init myproxy.init.sles myproxy.sysconfig \ README.Fedora pkgconfdir = ${libdir}/pkgconfig pkgconf_DATA = myproxy.pc @ENABLE_TESTS_TRUE@TESTS_ENVIRONMENT = export \ @ENABLE_TESTS_TRUE@ GSI_PROXY_UTILS_PATH=$(GSI_PROXY_UTILS_PATH) \ @ENABLE_TESTS_TRUE@ GSI_CERT_UTILS_PATH=$(GSI_CERT_UTILS_PATH) \ @ENABLE_TESTS_TRUE@ OPENSSL=$(OPENSSL); \ @ENABLE_TESTS_TRUE@ export PATH=$(abs_builddir):$(abs_srcdir)$${GSI_PROXY_UTILS_PATH:+:$$GSI_PROXY_UTILS_PATH}$${GSI_CERT_UTILS_PATH:+:$$GSI_CERT_UTILS_PATH}:$${PATH}; @ENABLE_TESTS_TRUE@TESTS = myproxy-test-wrapper all: all-recursive .SUFFIXES: .SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs am--refresh: Makefile @: $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ echo ' cd $(srcdir) && $(AUTOMAKE) --foreign'; \ $(am__cd) $(srcdir) && $(AUTOMAKE) --foreign \ && exit 0; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --foreign Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ echo ' $(SHELL) ./config.status'; \ $(SHELL) ./config.status;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) $(SHELL) ./config.status --recheck $(top_srcdir)/configure: $(am__configure_deps) $(am__cd) $(srcdir) && $(AUTOCONF) $(ACLOCAL_M4): $(am__aclocal_m4_deps) $(am__cd) $(srcdir) && $(ACLOCAL) $(ACLOCAL_AMFLAGS) $(am__aclocal_m4_deps): myproxy.h: $(top_builddir)/config.status $(srcdir)/myproxy.h.in cd $(top_builddir) && $(SHELL) ./config.status $@ myproxy.pc: $(top_builddir)/config.status $(srcdir)/myproxy.pc.in cd $(top_builddir) && $(SHELL) ./config.status $@ install-libLTLIBRARIES: $(lib_LTLIBRARIES) @$(NORMAL_INSTALL) @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ list2="$$list2 $$p"; \ else :; fi; \ done; \ test -z "$$list2" || { \ echo " $(MKDIR_P) '$(DESTDIR)$(libdir)'"; \ $(MKDIR_P) "$(DESTDIR)$(libdir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(libdir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(libdir)"; \ } uninstall-libLTLIBRARIES: @$(NORMAL_UNINSTALL) @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ for p in $$list; do \ $(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$f'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$f"; \ done clean-libLTLIBRARIES: -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES) @list='$(lib_LTLIBRARIES)'; \ locs=`for p in $$list; do echo $$p; done | \ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ sort -u`; \ test -z "$$locs" || { \ echo rm -f $${locs}; \ rm -f $${locs}; \ } libmyproxy.la: $(libmyproxy_la_OBJECTS) $(libmyproxy_la_DEPENDENCIES) $(EXTRA_libmyproxy_la_DEPENDENCIES) $(AM_V_CCLD)$(libmyproxy_la_LINK) -rpath $(libdir) $(libmyproxy_la_OBJECTS) $(libmyproxy_la_LIBADD) $(LIBS) libmyproxy_voms.la: $(libmyproxy_voms_la_OBJECTS) $(libmyproxy_voms_la_DEPENDENCIES) $(EXTRA_libmyproxy_voms_la_DEPENDENCIES) $(AM_V_CCLD)$(libmyproxy_voms_la_LINK) $(am_libmyproxy_voms_la_rpath) $(libmyproxy_voms_la_OBJECTS) $(libmyproxy_voms_la_LIBADD) $(LIBS) install-binPROGRAMS: $(bin_PROGRAMS) @$(NORMAL_INSTALL) @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \ if test -n "$$list"; then \ echo " $(MKDIR_P) '$(DESTDIR)$(bindir)'"; \ $(MKDIR_P) "$(DESTDIR)$(bindir)" || exit 1; \ fi; \ for p in $$list; do echo "$$p $$p"; done | \ sed 's/$(EXEEXT)$$//' | \ while read p p1; do if test -f $$p \ || test -f $$p1 \ ; then echo "$$p"; echo "$$p"; else :; fi; \ done | \ sed -e 'p;s,.*/,,;n;h' \ -e 's|.*|.|' \ -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ sed 'N;N;N;s,\n, ,g' | \ $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ if ($$2 == $$4) files[d] = files[d] " " $$1; \ else { print "f", $$3 "/" $$4, $$1; } } \ END { for (d in files) print "f", d, files[d] }' | \ while read type dir files; do \ if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ test -z "$$files" || { \ echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(bindir)$$dir'"; \ $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(bindir)$$dir" || exit $$?; \ } \ ; done uninstall-binPROGRAMS: @$(NORMAL_UNINSTALL) @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \ files=`for p in $$list; do echo "$$p"; done | \ sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ -e 's/$$/$(EXEEXT)/' \ `; \ test -n "$$list" || exit 0; \ echo " ( cd '$(DESTDIR)$(bindir)' && rm -f" $$files ")"; \ cd "$(DESTDIR)$(bindir)" && rm -f $$files clean-binPROGRAMS: @list='$(bin_PROGRAMS)'; test -n "$$list" || exit 0; \ echo " rm -f" $$list; \ rm -f $$list || exit $$?; \ test -n "$(EXEEXT)" || exit 0; \ list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ echo " rm -f" $$list; \ rm -f $$list install-sbinPROGRAMS: $(sbin_PROGRAMS) @$(NORMAL_INSTALL) @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \ if test -n "$$list"; then \ echo " $(MKDIR_P) '$(DESTDIR)$(sbindir)'"; \ $(MKDIR_P) "$(DESTDIR)$(sbindir)" || exit 1; \ fi; \ for p in $$list; do echo "$$p $$p"; done | \ sed 's/$(EXEEXT)$$//' | \ while read p p1; do if test -f $$p \ || test -f $$p1 \ ; then echo "$$p"; echo "$$p"; else :; fi; \ done | \ sed -e 'p;s,.*/,,;n;h' \ -e 's|.*|.|' \ -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ sed 'N;N;N;s,\n, ,g' | \ $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ if ($$2 == $$4) files[d] = files[d] " " $$1; \ else { print "f", $$3 "/" $$4, $$1; } } \ END { for (d in files) print "f", d, files[d] }' | \ while read type dir files; do \ if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ test -z "$$files" || { \ echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(sbindir)$$dir'"; \ $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(sbindir)$$dir" || exit $$?; \ } \ ; done uninstall-sbinPROGRAMS: @$(NORMAL_UNINSTALL) @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \ files=`for p in $$list; do echo "$$p"; done | \ sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ -e 's/$$/$(EXEEXT)/' \ `; \ test -n "$$list" || exit 0; \ echo " ( cd '$(DESTDIR)$(sbindir)' && rm -f" $$files ")"; \ cd "$(DESTDIR)$(sbindir)" && rm -f $$files clean-sbinPROGRAMS: @list='$(sbin_PROGRAMS)'; test -n "$$list" || exit 0; \ echo " rm -f" $$list; \ rm -f $$list || exit $$?; \ test -n "$(EXEEXT)" || exit 0; \ list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ echo " rm -f" $$list; \ rm -f $$list myproxy-admin-change-pass$(EXEEXT): $(myproxy_admin_change_pass_OBJECTS) $(myproxy_admin_change_pass_DEPENDENCIES) $(EXTRA_myproxy_admin_change_pass_DEPENDENCIES) @rm -f myproxy-admin-change-pass$(EXEEXT) $(AM_V_CCLD)$(LINK) $(myproxy_admin_change_pass_OBJECTS) $(myproxy_admin_change_pass_LDADD) $(LIBS) myproxy-admin-load-credential$(EXEEXT): $(myproxy_admin_load_credential_OBJECTS) $(myproxy_admin_load_credential_DEPENDENCIES) $(EXTRA_myproxy_admin_load_credential_DEPENDENCIES) @rm -f myproxy-admin-load-credential$(EXEEXT) $(AM_V_CCLD)$(LINK) $(myproxy_admin_load_credential_OBJECTS) $(myproxy_admin_load_credential_LDADD) $(LIBS) myproxy-admin-query$(EXEEXT): $(myproxy_admin_query_OBJECTS) $(myproxy_admin_query_DEPENDENCIES) $(EXTRA_myproxy_admin_query_DEPENDENCIES) @rm -f myproxy-admin-query$(EXEEXT) $(AM_V_CCLD)$(LINK) $(myproxy_admin_query_OBJECTS) $(myproxy_admin_query_LDADD) $(LIBS) myproxy-change-pass-phrase$(EXEEXT): $(myproxy_change_pass_phrase_OBJECTS) $(myproxy_change_pass_phrase_DEPENDENCIES) $(EXTRA_myproxy_change_pass_phrase_DEPENDENCIES) @rm -f myproxy-change-pass-phrase$(EXEEXT) $(AM_V_CCLD)$(LINK) $(myproxy_change_pass_phrase_OBJECTS) $(myproxy_change_pass_phrase_LDADD) $(LIBS) myproxy-destroy$(EXEEXT): $(myproxy_destroy_OBJECTS) $(myproxy_destroy_DEPENDENCIES) $(EXTRA_myproxy_destroy_DEPENDENCIES) @rm -f myproxy-destroy$(EXEEXT) $(AM_V_CCLD)$(LINK) $(myproxy_destroy_OBJECTS) $(myproxy_destroy_LDADD) $(LIBS) myproxy-get-delegation$(EXEEXT): $(myproxy_get_delegation_OBJECTS) $(myproxy_get_delegation_DEPENDENCIES) $(EXTRA_myproxy_get_delegation_DEPENDENCIES) @rm -f myproxy-get-delegation$(EXEEXT) $(AM_V_CCLD)$(LINK) $(myproxy_get_delegation_OBJECTS) $(myproxy_get_delegation_LDADD) $(LIBS) myproxy-get-trustroots$(EXEEXT): $(myproxy_get_trustroots_OBJECTS) $(myproxy_get_trustroots_DEPENDENCIES) $(EXTRA_myproxy_get_trustroots_DEPENDENCIES) @rm -f myproxy-get-trustroots$(EXEEXT) $(AM_V_CCLD)$(LINK) $(myproxy_get_trustroots_OBJECTS) $(myproxy_get_trustroots_LDADD) $(LIBS) myproxy-info$(EXEEXT): $(myproxy_info_OBJECTS) $(myproxy_info_DEPENDENCIES) $(EXTRA_myproxy_info_DEPENDENCIES) @rm -f myproxy-info$(EXEEXT) $(AM_V_CCLD)$(LINK) $(myproxy_info_OBJECTS) $(myproxy_info_LDADD) $(LIBS) myproxy-init$(EXEEXT): $(myproxy_init_OBJECTS) $(myproxy_init_DEPENDENCIES) $(EXTRA_myproxy_init_DEPENDENCIES) @rm -f myproxy-init$(EXEEXT) $(AM_V_CCLD)$(LINK) $(myproxy_init_OBJECTS) $(myproxy_init_LDADD) $(LIBS) myproxy-logon$(EXEEXT): $(myproxy_logon_OBJECTS) $(myproxy_logon_DEPENDENCIES) $(EXTRA_myproxy_logon_DEPENDENCIES) @rm -f myproxy-logon$(EXEEXT) $(AM_V_CCLD)$(LINK) $(myproxy_logon_OBJECTS) $(myproxy_logon_LDADD) $(LIBS) myproxy-retrieve$(EXEEXT): $(myproxy_retrieve_OBJECTS) $(myproxy_retrieve_DEPENDENCIES) $(EXTRA_myproxy_retrieve_DEPENDENCIES) @rm -f myproxy-retrieve$(EXEEXT) $(AM_V_CCLD)$(LINK) $(myproxy_retrieve_OBJECTS) $(myproxy_retrieve_LDADD) $(LIBS) myproxy-server$(EXEEXT): $(myproxy_server_OBJECTS) $(myproxy_server_DEPENDENCIES) $(EXTRA_myproxy_server_DEPENDENCIES) @rm -f myproxy-server$(EXEEXT) $(AM_V_CCLD)$(LINK) $(myproxy_server_OBJECTS) $(myproxy_server_LDADD) $(LIBS) myproxy-store$(EXEEXT): $(myproxy_store_OBJECTS) $(myproxy_store_DEPENDENCIES) $(EXTRA_myproxy_store_DEPENDENCIES) @rm -f myproxy-store$(EXEEXT) $(AM_V_CCLD)$(LINK) $(myproxy_store_OBJECTS) $(myproxy_store_LDADD) $(LIBS) install-sbinSCRIPTS: $(sbin_SCRIPTS) @$(NORMAL_INSTALL) @list='$(sbin_SCRIPTS)'; test -n "$(sbindir)" || list=; \ if test -n "$$list"; then \ echo " $(MKDIR_P) '$(DESTDIR)$(sbindir)'"; \ $(MKDIR_P) "$(DESTDIR)$(sbindir)" || exit 1; \ fi; \ for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ if test -f "$$d$$p"; then echo "$$d$$p"; echo "$$p"; else :; fi; \ done | \ sed -e 'p;s,.*/,,;n' \ -e 'h;s|.*|.|' \ -e 'p;x;s,.*/,,;$(transform)' | sed 'N;N;N;s,\n, ,g' | \ $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1; } \ { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ if ($$2 == $$4) { files[d] = files[d] " " $$1; \ if (++n[d] == $(am__install_max)) { \ print "f", d, files[d]; n[d] = 0; files[d] = "" } } \ else { print "f", d "/" $$4, $$1 } } \ END { for (d in files) print "f", d, files[d] }' | \ while read type dir files; do \ if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ test -z "$$files" || { \ echo " $(INSTALL_SCRIPT) $$files '$(DESTDIR)$(sbindir)$$dir'"; \ $(INSTALL_SCRIPT) $$files "$(DESTDIR)$(sbindir)$$dir" || exit $$?; \ } \ ; done uninstall-sbinSCRIPTS: @$(NORMAL_UNINSTALL) @list='$(sbin_SCRIPTS)'; test -n "$(sbindir)" || exit 0; \ files=`for p in $$list; do echo "$$p"; done | \ sed -e 's,.*/,,;$(transform)'`; \ dir='$(DESTDIR)$(sbindir)'; $(am__uninstall_files_from_dir) mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/accept_credmap.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/auth_pam.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/certauth_extensions.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/certauth_resolveuser.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/getopt_long.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gsi_socket.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gsi_socket_voms.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gssapi.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/myproxy.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/myproxy_acp.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/myproxy_alcf.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/myproxy_arq.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/myproxy_authorization.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/myproxy_cp.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/myproxy_creds.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/myproxy_delegation.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/myproxy_destroy.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/myproxy_extensions.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/myproxy_get_credential.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/myproxy_get_delegation.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/myproxy_get_trustroots.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/myproxy_info.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/myproxy_init.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/myproxy_log.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/myproxy_ocsp.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/myproxy_ocsp_aia.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/myproxy_popen.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/myproxy_read_pass.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/myproxy_sasl_client.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/myproxy_sasl_server.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/myproxy_server.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/myproxy_server_config.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/myproxy_store.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pidfile.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/plugin_common.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/safe_id_range_list.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/safe_is_path_trusted.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ssl_utils.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/string_funcs.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/verror.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/voms_utils.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/vomsclient.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/vparse.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs distclean-libtool: -rm -f libtool config.lt install-pkgconfDATA: $(pkgconf_DATA) @$(NORMAL_INSTALL) @list='$(pkgconf_DATA)'; test -n "$(pkgconfdir)" || list=; \ if test -n "$$list"; then \ echo " $(MKDIR_P) '$(DESTDIR)$(pkgconfdir)'"; \ $(MKDIR_P) "$(DESTDIR)$(pkgconfdir)" || exit 1; \ fi; \ for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; \ done | $(am__base_list) | \ while read files; do \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(pkgconfdir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(pkgconfdir)" || exit $$?; \ done uninstall-pkgconfDATA: @$(NORMAL_UNINSTALL) @list='$(pkgconf_DATA)'; test -n "$(pkgconfdir)" || list=; \ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ dir='$(DESTDIR)$(pkgconfdir)'; $(am__uninstall_files_from_dir) install-pkgdataDATA: $(pkgdata_DATA) @$(NORMAL_INSTALL) @list='$(pkgdata_DATA)'; test -n "$(pkgdatadir)" || list=; \ if test -n "$$list"; then \ echo " $(MKDIR_P) '$(DESTDIR)$(pkgdatadir)'"; \ $(MKDIR_P) "$(DESTDIR)$(pkgdatadir)" || exit 1; \ fi; \ for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; \ done | $(am__base_list) | \ while read files; do \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(pkgdatadir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(pkgdatadir)" || exit $$?; \ done uninstall-pkgdataDATA: @$(NORMAL_UNINSTALL) @list='$(pkgdata_DATA)'; test -n "$(pkgdatadir)" || list=; \ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ dir='$(DESTDIR)$(pkgdatadir)'; $(am__uninstall_files_from_dir) install-includeHEADERS: $(include_HEADERS) @$(NORMAL_INSTALL) @list='$(include_HEADERS)'; test -n "$(includedir)" || list=; \ if test -n "$$list"; then \ echo " $(MKDIR_P) '$(DESTDIR)$(includedir)'"; \ $(MKDIR_P) "$(DESTDIR)$(includedir)" || exit 1; \ fi; \ for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; \ done | $(am__base_list) | \ while read files; do \ echo " $(INSTALL_HEADER) $$files '$(DESTDIR)$(includedir)'"; \ $(INSTALL_HEADER) $$files "$(DESTDIR)$(includedir)" || exit $$?; \ done uninstall-includeHEADERS: @$(NORMAL_UNINSTALL) @list='$(include_HEADERS)'; test -n "$(includedir)" || list=; \ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ dir='$(DESTDIR)$(includedir)'; $(am__uninstall_files_from_dir) install-nodist_includeHEADERS: $(nodist_include_HEADERS) @$(NORMAL_INSTALL) @list='$(nodist_include_HEADERS)'; test -n "$(includedir)" || list=; \ if test -n "$$list"; then \ echo " $(MKDIR_P) '$(DESTDIR)$(includedir)'"; \ $(MKDIR_P) "$(DESTDIR)$(includedir)" || exit 1; \ fi; \ for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; \ done | $(am__base_list) | \ while read files; do \ echo " $(INSTALL_HEADER) $$files '$(DESTDIR)$(includedir)'"; \ $(INSTALL_HEADER) $$files "$(DESTDIR)$(includedir)" || exit $$?; \ done uninstall-nodist_includeHEADERS: @$(NORMAL_UNINSTALL) @list='$(nodist_include_HEADERS)'; test -n "$(includedir)" || list=; \ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ dir='$(DESTDIR)$(includedir)'; $(am__uninstall_files_from_dir) # This directory's subdirectories are mostly independent; you can cd # into them and run 'make' without going through this Makefile. # To change the values of 'make' variables: instead of editing Makefiles, # (1) if the variable is set in 'config.status', edit 'config.status' # (which will cause the Makefiles to be regenerated when you run 'make'); # (2) otherwise, pass the desired values on the 'make' command line. $(am__recursive_targets): @fail=; \ if $(am__make_keepgoing); then \ failcom='fail=yes'; \ else \ failcom='exit 1'; \ fi; \ dot_seen=no; \ target=`echo $@ | sed s/-recursive//`; \ case "$@" in \ distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ *) list='$(SUBDIRS)' ;; \ esac; \ for subdir in $$list; do \ echo "Making $$target in $$subdir"; \ if test "$$subdir" = "."; then \ dot_seen=yes; \ local_target="$$target-am"; \ else \ local_target="$$target"; \ fi; \ ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ || eval $$failcom; \ done; \ if test "$$dot_seen" = "no"; then \ $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ fi; test -z "$$fail" ID: $(am__tagged_files) $(am__define_uniq_tagged_files); mkid -fID $$unique tags: tags-recursive TAGS: tags tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) set x; \ here=`pwd`; \ if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ include_option=--etags-include; \ empty_fix=.; \ else \ include_option=--include; \ empty_fix=; \ fi; \ list='$(SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ test ! -f $$subdir/TAGS || \ set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \ fi; \ done; \ $(am__define_uniq_tagged_files); \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: ctags-recursive CTAGS: ctags ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) $(am__define_uniq_tagged_files); \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" cscope: cscope.files test ! -s cscope.files \ || $(CSCOPE) -b -q $(AM_CSCOPEFLAGS) $(CSCOPEFLAGS) -i cscope.files $(CSCOPE_ARGS) clean-cscope: -rm -f cscope.files cscope.files: clean-cscope cscopelist cscopelist: cscopelist-recursive cscopelist-am: $(am__tagged_files) list='$(am__tagged_files)'; \ case "$(srcdir)" in \ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ *) sdir=$(subdir)/$(srcdir) ;; \ esac; \ for i in $$list; do \ if test -f "$$i"; then \ echo "$(subdir)/$$i"; \ else \ echo "$$sdir/$$i"; \ fi; \ done >> $(top_builddir)/cscope.files distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags -rm -f cscope.out cscope.in.out cscope.po.out cscope.files # Recover from deleted '.trs' file; this should ensure that # "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create # both 'foo.log' and 'foo.trs'. Break the recipe in two subshells # to avoid problems with "make -n". .log.trs: rm -f $< $@ $(MAKE) $(AM_MAKEFLAGS) $< # Leading 'am--fnord' is there to ensure the list of targets does not # expand to empty, as could happen e.g. with make check TESTS=''. am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck) am--force-recheck: @: $(TEST_SUITE_LOG): $(TEST_LOGS) @$(am__set_TESTS_bases); \ am__f_ok () { test -f "$$1" && test -r "$$1"; }; \ redo_bases=`for i in $$bases; do \ am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \ done`; \ if test -n "$$redo_bases"; then \ redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \ redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \ if $(am__make_dryrun); then :; else \ rm -f $$redo_logs && rm -f $$redo_results || exit 1; \ fi; \ fi; \ if test -n "$$am__remaking_logs"; then \ echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \ "recursion detected" >&2; \ else \ am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \ fi; \ if $(am__make_dryrun); then :; else \ st=0; \ errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \ for i in $$redo_bases; do \ test -f $$i.trs && test -r $$i.trs \ || { echo "$$errmsg $$i.trs" >&2; st=1; }; \ test -f $$i.log && test -r $$i.log \ || { echo "$$errmsg $$i.log" >&2; st=1; }; \ done; \ test $$st -eq 0 || exit 1; \ fi @$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \ ws='[ ]'; \ results=`for b in $$bases; do echo $$b.trs; done`; \ test -n "$$results" || results=/dev/null; \ all=` grep "^$$ws*:test-result:" $$results | wc -l`; \ pass=` grep "^$$ws*:test-result:$$ws*PASS" $$results | wc -l`; \ fail=` grep "^$$ws*:test-result:$$ws*FAIL" $$results | wc -l`; \ skip=` grep "^$$ws*:test-result:$$ws*SKIP" $$results | wc -l`; \ xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \ xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \ error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \ if test `expr $$fail + $$xpass + $$error` -eq 0; then \ success=true; \ else \ success=false; \ fi; \ br='==================='; br=$$br$$br$$br$$br; \ result_count () \ { \ if test x"$$1" = x"--maybe-color"; then \ maybe_colorize=yes; \ elif test x"$$1" = x"--no-color"; then \ maybe_colorize=no; \ else \ echo "$@: invalid 'result_count' usage" >&2; exit 4; \ fi; \ shift; \ desc=$$1 count=$$2; \ if test $$maybe_colorize = yes && test $$count -gt 0; then \ color_start=$$3 color_end=$$std; \ else \ color_start= color_end=; \ fi; \ echo "$${color_start}# $$desc $$count$${color_end}"; \ }; \ create_testsuite_report () \ { \ result_count $$1 "TOTAL:" $$all "$$brg"; \ result_count $$1 "PASS: " $$pass "$$grn"; \ result_count $$1 "SKIP: " $$skip "$$blu"; \ result_count $$1 "XFAIL:" $$xfail "$$lgn"; \ result_count $$1 "FAIL: " $$fail "$$red"; \ result_count $$1 "XPASS:" $$xpass "$$red"; \ result_count $$1 "ERROR:" $$error "$$mgn"; \ }; \ { \ echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \ $(am__rst_title); \ create_testsuite_report --no-color; \ echo; \ echo ".. contents:: :depth: 2"; \ echo; \ for b in $$bases; do echo $$b; done \ | $(am__create_global_log); \ } >$(TEST_SUITE_LOG).tmp || exit 1; \ mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \ if $$success; then \ col="$$grn"; \ else \ col="$$red"; \ test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \ fi; \ echo "$${col}$$br$${std}"; \ echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \ echo "$${col}$$br$${std}"; \ create_testsuite_report --maybe-color; \ echo "$$col$$br$$std"; \ if $$success; then :; else \ echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \ if test -n "$(PACKAGE_BUGREPORT)"; then \ echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \ fi; \ echo "$$col$$br$$std"; \ fi; \ $$success || exit 1 check-TESTS: @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) @set +e; $(am__set_TESTS_bases); \ log_list=`for i in $$bases; do echo $$i.log; done`; \ trs_list=`for i in $$bases; do echo $$i.trs; done`; \ log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \ exit $$?; recheck: all $(check_SCRIPTS) @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) @set +e; $(am__set_TESTS_bases); \ bases=`for i in $$bases; do echo $$i; done \ | $(am__list_recheck_tests)` || exit 1; \ log_list=`for i in $$bases; do echo $$i.log; done`; \ log_list=`echo $$log_list`; \ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \ am__force_recheck=am--force-recheck \ TEST_LOGS="$$log_list"; \ exit $$? myproxy-test-wrapper.log: myproxy-test-wrapper @p='myproxy-test-wrapper'; \ b='myproxy-test-wrapper'; \ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) .test.log: @p='$<'; \ $(am__set_b); \ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) @am__EXEEXT_TRUE@.test$(EXEEXT).log: @am__EXEEXT_TRUE@ @p='$<'; \ @am__EXEEXT_TRUE@ $(am__set_b); \ @am__EXEEXT_TRUE@ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ @am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \ @am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ @am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT) distdir: $(DISTFILES) $(am__remove_distdir) test -d "$(distdir)" || mkdir "$(distdir)" @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ $(am__make_dryrun) \ || test -d "$(distdir)/$$subdir" \ || $(MKDIR_P) "$(distdir)/$$subdir" \ || exit 1; \ dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ $(am__relativize); \ new_distdir=$$reldir; \ dir1=$$subdir; dir2="$(top_distdir)"; \ $(am__relativize); \ new_top_distdir=$$reldir; \ echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \ echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \ ($(am__cd) $$subdir && \ $(MAKE) $(AM_MAKEFLAGS) \ top_distdir="$$new_top_distdir" \ distdir="$$new_distdir" \ am__remove_distdir=: \ am__skip_length_check=: \ am__skip_mode_fix=: \ distdir) \ || exit 1; \ fi; \ done -test -n "$(am__skip_mode_fix)" \ || find "$(distdir)" -type d ! -perm -755 \ -exec chmod u+rwx,go+rx {} \; -o \ ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \ ! -type d ! -perm -400 -exec chmod a+r {} \; -o \ ! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \ || chmod -R a+r "$(distdir)" dist-gzip: distdir tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz $(am__post_remove_distdir) dist-bzip2: distdir tardir=$(distdir) && $(am__tar) | BZIP2=$${BZIP2--9} bzip2 -c >$(distdir).tar.bz2 $(am__post_remove_distdir) dist-lzip: distdir tardir=$(distdir) && $(am__tar) | lzip -c $${LZIP_OPT--9} >$(distdir).tar.lz $(am__post_remove_distdir) dist-xz: distdir tardir=$(distdir) && $(am__tar) | XZ_OPT=$${XZ_OPT--e} xz -c >$(distdir).tar.xz $(am__post_remove_distdir) dist-tarZ: distdir tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z $(am__post_remove_distdir) dist-shar: distdir shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz $(am__post_remove_distdir) dist-zip: distdir -rm -f $(distdir).zip zip -rq $(distdir).zip $(distdir) $(am__post_remove_distdir) dist dist-all: $(MAKE) $(AM_MAKEFLAGS) $(DIST_TARGETS) am__post_remove_distdir='@:' $(am__post_remove_distdir) # This target untars the dist file and tries a VPATH configuration. Then # it guarantees that the distribution is self-contained by making another # tarfile. distcheck: dist case '$(DIST_ARCHIVES)' in \ *.tar.gz*) \ GZIP=$(GZIP_ENV) gzip -dc $(distdir).tar.gz | $(am__untar) ;;\ *.tar.bz2*) \ bzip2 -dc $(distdir).tar.bz2 | $(am__untar) ;;\ *.tar.lz*) \ lzip -dc $(distdir).tar.lz | $(am__untar) ;;\ *.tar.xz*) \ xz -dc $(distdir).tar.xz | $(am__untar) ;;\ *.tar.Z*) \ uncompress -c $(distdir).tar.Z | $(am__untar) ;;\ *.shar.gz*) \ GZIP=$(GZIP_ENV) gzip -dc $(distdir).shar.gz | unshar ;;\ *.zip*) \ unzip $(distdir).zip ;;\ esac chmod -R a-w $(distdir) chmod u+w $(distdir) mkdir $(distdir)/_build $(distdir)/_inst chmod a-w $(distdir) test -d $(distdir)/_build || exit 0; \ dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \ && dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \ && am__cwd=`pwd` \ && $(am__cd) $(distdir)/_build \ && ../configure --srcdir=.. --prefix="$$dc_install_base" \ $(AM_DISTCHECK_CONFIGURE_FLAGS) \ $(DISTCHECK_CONFIGURE_FLAGS) \ && $(MAKE) $(AM_MAKEFLAGS) \ && $(MAKE) $(AM_MAKEFLAGS) dvi \ && $(MAKE) $(AM_MAKEFLAGS) check \ && $(MAKE) $(AM_MAKEFLAGS) install \ && $(MAKE) $(AM_MAKEFLAGS) installcheck \ && $(MAKE) $(AM_MAKEFLAGS) uninstall \ && $(MAKE) $(AM_MAKEFLAGS) distuninstallcheck_dir="$$dc_install_base" \ distuninstallcheck \ && chmod -R a-w "$$dc_install_base" \ && ({ \ (cd ../.. && umask 077 && mkdir "$$dc_destdir") \ && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" install \ && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" uninstall \ && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" \ distuninstallcheck_dir="$$dc_destdir" distuninstallcheck; \ } || { rm -rf "$$dc_destdir"; exit 1; }) \ && rm -rf "$$dc_destdir" \ && $(MAKE) $(AM_MAKEFLAGS) dist \ && rm -rf $(DIST_ARCHIVES) \ && $(MAKE) $(AM_MAKEFLAGS) distcleancheck \ && cd "$$am__cwd" \ || exit 1 $(am__post_remove_distdir) @(echo "$(distdir) archives ready for distribution: "; \ list='$(DIST_ARCHIVES)'; for i in $$list; do echo $$i; done) | \ sed -e 1h -e 1s/./=/g -e 1p -e 1x -e '$$p' -e '$$x' distuninstallcheck: @test -n '$(distuninstallcheck_dir)' || { \ echo 'ERROR: trying to run $@ with an empty' \ '$$(distuninstallcheck_dir)' >&2; \ exit 1; \ }; \ $(am__cd) '$(distuninstallcheck_dir)' || { \ echo 'ERROR: cannot chdir into $(distuninstallcheck_dir)' >&2; \ exit 1; \ }; \ test `$(am__distuninstallcheck_listfiles) | wc -l` -eq 0 \ || { echo "ERROR: files left after uninstall:" ; \ if test -n "$(DESTDIR)"; then \ echo " (check DESTDIR support)"; \ fi ; \ $(distuninstallcheck_listfiles) ; \ exit 1; } >&2 distcleancheck: distclean @if test '$(srcdir)' = . ; then \ echo "ERROR: distcleancheck can only run from a VPATH build" ; \ exit 1 ; \ fi @test `$(distcleancheck_listfiles) | wc -l` -eq 0 \ || { echo "ERROR: files left in build directory after distclean:" ; \ $(distcleancheck_listfiles) ; \ exit 1; } >&2 check-am: all-am $(MAKE) $(AM_MAKEFLAGS) $(check_SCRIPTS) $(MAKE) $(AM_MAKEFLAGS) check-TESTS check: check-recursive all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(SCRIPTS) $(DATA) \ $(HEADERS) install-binPROGRAMS: install-libLTLIBRARIES installdirs: installdirs-recursive installdirs-am: for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(bindir)" "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(pkgconfdir)" "$(DESTDIR)$(pkgdatadir)" "$(DESTDIR)$(includedir)" "$(DESTDIR)$(includedir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-recursive install-exec: install-exec-recursive install-data: install-data-recursive uninstall: uninstall-recursive install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-recursive install-strip: if test -z '$(STRIP)'; then \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ install; \ else \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ fi mostlyclean-generic: -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS) -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs) -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-recursive clean-am: clean-binPROGRAMS clean-generic clean-libLTLIBRARIES \ clean-libtool clean-sbinPROGRAMS mostlyclean-am distclean: distclean-recursive -rm -f $(am__CONFIG_DISTCLEAN_FILES) -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-libtool distclean-tags dvi: dvi-recursive dvi-am: html: html-recursive html-am: info: info-recursive info-am: install-data-am: install-includeHEADERS install-nodist_includeHEADERS \ install-pkgconfDATA install-pkgdataDATA install-dvi: install-dvi-recursive install-dvi-am: install-exec-am: install-binPROGRAMS install-libLTLIBRARIES \ install-sbinPROGRAMS install-sbinSCRIPTS install-html: install-html-recursive install-html-am: install-info: install-info-recursive install-info-am: install-man: install-pdf: install-pdf-recursive install-pdf-am: install-ps: install-ps-recursive install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-recursive -rm -f $(am__CONFIG_DISTCLEAN_FILES) -rm -rf $(top_srcdir)/autom4te.cache -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-recursive mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-recursive pdf-am: ps: ps-recursive ps-am: uninstall-am: uninstall-binPROGRAMS uninstall-includeHEADERS \ uninstall-libLTLIBRARIES uninstall-nodist_includeHEADERS \ uninstall-pkgconfDATA uninstall-pkgdataDATA \ uninstall-sbinPROGRAMS uninstall-sbinSCRIPTS .MAKE: $(am__recursive_targets) check-am install-am install-strip .PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am \ am--refresh check check-TESTS check-am clean clean-binPROGRAMS \ clean-cscope clean-generic clean-libLTLIBRARIES clean-libtool \ clean-sbinPROGRAMS cscope cscopelist-am ctags ctags-am dist \ dist-all dist-bzip2 dist-gzip dist-lzip dist-shar dist-tarZ \ dist-xz dist-zip distcheck distclean distclean-compile \ distclean-generic distclean-libtool distclean-tags \ distcleancheck distdir distuninstallcheck dvi dvi-am html \ html-am info info-am install install-am install-binPROGRAMS \ install-data install-data-am install-dvi install-dvi-am \ install-exec install-exec-am install-html install-html-am \ install-includeHEADERS install-info install-info-am \ install-libLTLIBRARIES install-man \ install-nodist_includeHEADERS install-pdf install-pdf-am \ install-pkgconfDATA install-pkgdataDATA install-ps \ install-ps-am install-sbinPROGRAMS install-sbinSCRIPTS \ install-strip installcheck installcheck-am installdirs \ installdirs-am maintainer-clean maintainer-clean-generic \ mostlyclean mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf pdf-am ps ps-am recheck tags tags-am \ uninstall uninstall-am uninstall-binPROGRAMS \ uninstall-includeHEADERS uninstall-libLTLIBRARIES \ uninstall-nodist_includeHEADERS uninstall-pkgconfDATA \ uninstall-pkgdataDATA uninstall-sbinPROGRAMS \ uninstall-sbinSCRIPTS myproxy-admin-addservice: myproxy-admin-adduser rm -f myproxy-admin-addservice $(LN_S) $(srcdir)/myproxy-admin-adduser myproxy-admin-addservice gssapi.lo: gssapi.c plugin_common.h plugin_common.lo: plugin_common.c plugin_common.h splint: splint +posixlib \ -Dsocklen_t=int -Din_addr_t=int \ -Du_int="unsigned int" -Du_char="unsigned char" \ $(DEFS) *.c # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: myproxy-6.2.16/m4/0000755000175100017510000000000014557145304010670 500000000000000myproxy-6.2.16/m4/ltoptions.m40000644000175100017510000003007314557142524013111 00000000000000# Helper functions for option handling. -*- Autoconf -*- # # Copyright (C) 2004, 2005, 2007, 2008, 2009 Free Software Foundation, # Inc. # Written by Gary V. Vaughan, 2004 # # This file is free software; the Free Software Foundation gives # unlimited permission to copy and/or distribute it, with or without # modifications, as long as this notice is preserved. # serial 7 ltoptions.m4 # This is to help aclocal find these macros, as it can't see m4_define. AC_DEFUN([LTOPTIONS_VERSION], [m4_if([1])]) # _LT_MANGLE_OPTION(MACRO-NAME, OPTION-NAME) # ------------------------------------------ m4_define([_LT_MANGLE_OPTION], [[_LT_OPTION_]m4_bpatsubst($1__$2, [[^a-zA-Z0-9_]], [_])]) # _LT_SET_OPTION(MACRO-NAME, OPTION-NAME) # --------------------------------------- # Set option OPTION-NAME for macro MACRO-NAME, and if there is a # matching handler defined, dispatch to it. Other OPTION-NAMEs are # saved as a flag. m4_define([_LT_SET_OPTION], [m4_define(_LT_MANGLE_OPTION([$1], [$2]))dnl m4_ifdef(_LT_MANGLE_DEFUN([$1], [$2]), _LT_MANGLE_DEFUN([$1], [$2]), [m4_warning([Unknown $1 option `$2'])])[]dnl ]) # _LT_IF_OPTION(MACRO-NAME, OPTION-NAME, IF-SET, [IF-NOT-SET]) # ------------------------------------------------------------ # Execute IF-SET if OPTION is set, IF-NOT-SET otherwise. m4_define([_LT_IF_OPTION], [m4_ifdef(_LT_MANGLE_OPTION([$1], [$2]), [$3], [$4])]) # _LT_UNLESS_OPTIONS(MACRO-NAME, OPTION-LIST, IF-NOT-SET) # ------------------------------------------------------- # Execute IF-NOT-SET unless all options in OPTION-LIST for MACRO-NAME # are set. m4_define([_LT_UNLESS_OPTIONS], [m4_foreach([_LT_Option], m4_split(m4_normalize([$2])), [m4_ifdef(_LT_MANGLE_OPTION([$1], _LT_Option), [m4_define([$0_found])])])[]dnl m4_ifdef([$0_found], [m4_undefine([$0_found])], [$3 ])[]dnl ]) # _LT_SET_OPTIONS(MACRO-NAME, OPTION-LIST) # ---------------------------------------- # OPTION-LIST is a space-separated list of Libtool options associated # with MACRO-NAME. If any OPTION has a matching handler declared with # LT_OPTION_DEFINE, dispatch to that macro; otherwise complain about # the unknown option and exit. m4_defun([_LT_SET_OPTIONS], [# Set options m4_foreach([_LT_Option], m4_split(m4_normalize([$2])), [_LT_SET_OPTION([$1], _LT_Option)]) m4_if([$1],[LT_INIT],[ dnl dnl Simply set some default values (i.e off) if boolean options were not dnl specified: _LT_UNLESS_OPTIONS([LT_INIT], [dlopen], [enable_dlopen=no ]) _LT_UNLESS_OPTIONS([LT_INIT], [win32-dll], [enable_win32_dll=no ]) dnl dnl If no reference was made to various pairs of opposing options, then dnl we run the default mode handler for the pair. For example, if neither dnl `shared' nor `disable-shared' was passed, we enable building of shared dnl archives by default: _LT_UNLESS_OPTIONS([LT_INIT], [shared disable-shared], [_LT_ENABLE_SHARED]) _LT_UNLESS_OPTIONS([LT_INIT], [static disable-static], [_LT_ENABLE_STATIC]) _LT_UNLESS_OPTIONS([LT_INIT], [pic-only no-pic], [_LT_WITH_PIC]) _LT_UNLESS_OPTIONS([LT_INIT], [fast-install disable-fast-install], [_LT_ENABLE_FAST_INSTALL]) ]) ])# _LT_SET_OPTIONS ## --------------------------------- ## ## Macros to handle LT_INIT options. ## ## --------------------------------- ## # _LT_MANGLE_DEFUN(MACRO-NAME, OPTION-NAME) # ----------------------------------------- m4_define([_LT_MANGLE_DEFUN], [[_LT_OPTION_DEFUN_]m4_bpatsubst(m4_toupper([$1__$2]), [[^A-Z0-9_]], [_])]) # LT_OPTION_DEFINE(MACRO-NAME, OPTION-NAME, CODE) # ----------------------------------------------- m4_define([LT_OPTION_DEFINE], [m4_define(_LT_MANGLE_DEFUN([$1], [$2]), [$3])[]dnl ])# LT_OPTION_DEFINE # dlopen # ------ LT_OPTION_DEFINE([LT_INIT], [dlopen], [enable_dlopen=yes ]) AU_DEFUN([AC_LIBTOOL_DLOPEN], [_LT_SET_OPTION([LT_INIT], [dlopen]) AC_DIAGNOSE([obsolete], [$0: Remove this warning and the call to _LT_SET_OPTION when you put the `dlopen' option into LT_INIT's first parameter.]) ]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([AC_LIBTOOL_DLOPEN], []) # win32-dll # --------- # Declare package support for building win32 dll's. LT_OPTION_DEFINE([LT_INIT], [win32-dll], [enable_win32_dll=yes case $host in *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-cegcc*) AC_CHECK_TOOL(AS, as, false) AC_CHECK_TOOL(DLLTOOL, dlltool, false) AC_CHECK_TOOL(OBJDUMP, objdump, false) ;; esac test -z "$AS" && AS=as _LT_DECL([], [AS], [1], [Assembler program])dnl test -z "$DLLTOOL" && DLLTOOL=dlltool _LT_DECL([], [DLLTOOL], [1], [DLL creation program])dnl test -z "$OBJDUMP" && OBJDUMP=objdump _LT_DECL([], [OBJDUMP], [1], [Object dumper program])dnl ])# win32-dll AU_DEFUN([AC_LIBTOOL_WIN32_DLL], [AC_REQUIRE([AC_CANONICAL_HOST])dnl _LT_SET_OPTION([LT_INIT], [win32-dll]) AC_DIAGNOSE([obsolete], [$0: Remove this warning and the call to _LT_SET_OPTION when you put the `win32-dll' option into LT_INIT's first parameter.]) ]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([AC_LIBTOOL_WIN32_DLL], []) # _LT_ENABLE_SHARED([DEFAULT]) # ---------------------------- # implement the --enable-shared flag, and supports the `shared' and # `disable-shared' LT_INIT options. # DEFAULT is either `yes' or `no'. If omitted, it defaults to `yes'. m4_define([_LT_ENABLE_SHARED], [m4_define([_LT_ENABLE_SHARED_DEFAULT], [m4_if($1, no, no, yes)])dnl AC_ARG_ENABLE([shared], [AS_HELP_STRING([--enable-shared@<:@=PKGS@:>@], [build shared libraries @<:@default=]_LT_ENABLE_SHARED_DEFAULT[@:>@])], [p=${PACKAGE-default} case $enableval in yes) enable_shared=yes ;; no) enable_shared=no ;; *) enable_shared=no # Look at the argument we got. We use all the common list separators. lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," for pkg in $enableval; do IFS="$lt_save_ifs" if test "X$pkg" = "X$p"; then enable_shared=yes fi done IFS="$lt_save_ifs" ;; esac], [enable_shared=]_LT_ENABLE_SHARED_DEFAULT) _LT_DECL([build_libtool_libs], [enable_shared], [0], [Whether or not to build shared libraries]) ])# _LT_ENABLE_SHARED LT_OPTION_DEFINE([LT_INIT], [shared], [_LT_ENABLE_SHARED([yes])]) LT_OPTION_DEFINE([LT_INIT], [disable-shared], [_LT_ENABLE_SHARED([no])]) # Old names: AC_DEFUN([AC_ENABLE_SHARED], [_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[shared]) ]) AC_DEFUN([AC_DISABLE_SHARED], [_LT_SET_OPTION([LT_INIT], [disable-shared]) ]) AU_DEFUN([AM_ENABLE_SHARED], [AC_ENABLE_SHARED($@)]) AU_DEFUN([AM_DISABLE_SHARED], [AC_DISABLE_SHARED($@)]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([AM_ENABLE_SHARED], []) dnl AC_DEFUN([AM_DISABLE_SHARED], []) # _LT_ENABLE_STATIC([DEFAULT]) # ---------------------------- # implement the --enable-static flag, and support the `static' and # `disable-static' LT_INIT options. # DEFAULT is either `yes' or `no'. If omitted, it defaults to `yes'. m4_define([_LT_ENABLE_STATIC], [m4_define([_LT_ENABLE_STATIC_DEFAULT], [m4_if($1, no, no, yes)])dnl AC_ARG_ENABLE([static], [AS_HELP_STRING([--enable-static@<:@=PKGS@:>@], [build static libraries @<:@default=]_LT_ENABLE_STATIC_DEFAULT[@:>@])], [p=${PACKAGE-default} case $enableval in yes) enable_static=yes ;; no) enable_static=no ;; *) enable_static=no # Look at the argument we got. We use all the common list separators. lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," for pkg in $enableval; do IFS="$lt_save_ifs" if test "X$pkg" = "X$p"; then enable_static=yes fi done IFS="$lt_save_ifs" ;; esac], [enable_static=]_LT_ENABLE_STATIC_DEFAULT) _LT_DECL([build_old_libs], [enable_static], [0], [Whether or not to build static libraries]) ])# _LT_ENABLE_STATIC LT_OPTION_DEFINE([LT_INIT], [static], [_LT_ENABLE_STATIC([yes])]) LT_OPTION_DEFINE([LT_INIT], [disable-static], [_LT_ENABLE_STATIC([no])]) # Old names: AC_DEFUN([AC_ENABLE_STATIC], [_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[static]) ]) AC_DEFUN([AC_DISABLE_STATIC], [_LT_SET_OPTION([LT_INIT], [disable-static]) ]) AU_DEFUN([AM_ENABLE_STATIC], [AC_ENABLE_STATIC($@)]) AU_DEFUN([AM_DISABLE_STATIC], [AC_DISABLE_STATIC($@)]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([AM_ENABLE_STATIC], []) dnl AC_DEFUN([AM_DISABLE_STATIC], []) # _LT_ENABLE_FAST_INSTALL([DEFAULT]) # ---------------------------------- # implement the --enable-fast-install flag, and support the `fast-install' # and `disable-fast-install' LT_INIT options. # DEFAULT is either `yes' or `no'. If omitted, it defaults to `yes'. m4_define([_LT_ENABLE_FAST_INSTALL], [m4_define([_LT_ENABLE_FAST_INSTALL_DEFAULT], [m4_if($1, no, no, yes)])dnl AC_ARG_ENABLE([fast-install], [AS_HELP_STRING([--enable-fast-install@<:@=PKGS@:>@], [optimize for fast installation @<:@default=]_LT_ENABLE_FAST_INSTALL_DEFAULT[@:>@])], [p=${PACKAGE-default} case $enableval in yes) enable_fast_install=yes ;; no) enable_fast_install=no ;; *) enable_fast_install=no # Look at the argument we got. We use all the common list separators. lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," for pkg in $enableval; do IFS="$lt_save_ifs" if test "X$pkg" = "X$p"; then enable_fast_install=yes fi done IFS="$lt_save_ifs" ;; esac], [enable_fast_install=]_LT_ENABLE_FAST_INSTALL_DEFAULT) _LT_DECL([fast_install], [enable_fast_install], [0], [Whether or not to optimize for fast installation])dnl ])# _LT_ENABLE_FAST_INSTALL LT_OPTION_DEFINE([LT_INIT], [fast-install], [_LT_ENABLE_FAST_INSTALL([yes])]) LT_OPTION_DEFINE([LT_INIT], [disable-fast-install], [_LT_ENABLE_FAST_INSTALL([no])]) # Old names: AU_DEFUN([AC_ENABLE_FAST_INSTALL], [_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[fast-install]) AC_DIAGNOSE([obsolete], [$0: Remove this warning and the call to _LT_SET_OPTION when you put the `fast-install' option into LT_INIT's first parameter.]) ]) AU_DEFUN([AC_DISABLE_FAST_INSTALL], [_LT_SET_OPTION([LT_INIT], [disable-fast-install]) AC_DIAGNOSE([obsolete], [$0: Remove this warning and the call to _LT_SET_OPTION when you put the `disable-fast-install' option into LT_INIT's first parameter.]) ]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([AC_ENABLE_FAST_INSTALL], []) dnl AC_DEFUN([AM_DISABLE_FAST_INSTALL], []) # _LT_WITH_PIC([MODE]) # -------------------- # implement the --with-pic flag, and support the `pic-only' and `no-pic' # LT_INIT options. # MODE is either `yes' or `no'. If omitted, it defaults to `both'. m4_define([_LT_WITH_PIC], [AC_ARG_WITH([pic], [AS_HELP_STRING([--with-pic@<:@=PKGS@:>@], [try to use only PIC/non-PIC objects @<:@default=use both@:>@])], [lt_p=${PACKAGE-default} case $withval in yes|no) pic_mode=$withval ;; *) pic_mode=default # Look at the argument we got. We use all the common list separators. lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," for lt_pkg in $withval; do IFS="$lt_save_ifs" if test "X$lt_pkg" = "X$lt_p"; then pic_mode=yes fi done IFS="$lt_save_ifs" ;; esac], [pic_mode=default]) test -z "$pic_mode" && pic_mode=m4_default([$1], [default]) _LT_DECL([], [pic_mode], [0], [What type of objects to build])dnl ])# _LT_WITH_PIC LT_OPTION_DEFINE([LT_INIT], [pic-only], [_LT_WITH_PIC([yes])]) LT_OPTION_DEFINE([LT_INIT], [no-pic], [_LT_WITH_PIC([no])]) # Old name: AU_DEFUN([AC_LIBTOOL_PICMODE], [_LT_SET_OPTION([LT_INIT], [pic-only]) AC_DIAGNOSE([obsolete], [$0: Remove this warning and the call to _LT_SET_OPTION when you put the `pic-only' option into LT_INIT's first parameter.]) ]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([AC_LIBTOOL_PICMODE], []) ## ----------------- ## ## LTDL_INIT Options ## ## ----------------- ## m4_define([_LTDL_MODE], []) LT_OPTION_DEFINE([LTDL_INIT], [nonrecursive], [m4_define([_LTDL_MODE], [nonrecursive])]) LT_OPTION_DEFINE([LTDL_INIT], [recursive], [m4_define([_LTDL_MODE], [recursive])]) LT_OPTION_DEFINE([LTDL_INIT], [subproject], [m4_define([_LTDL_MODE], [subproject])]) m4_define([_LTDL_TYPE], []) LT_OPTION_DEFINE([LTDL_INIT], [installable], [m4_define([_LTDL_TYPE], [installable])]) LT_OPTION_DEFINE([LTDL_INIT], [convenience], [m4_define([_LTDL_TYPE], [convenience])]) myproxy-6.2.16/m4/ltsugar.m40000644000175100017510000001042414557142524012535 00000000000000# ltsugar.m4 -- libtool m4 base layer. -*-Autoconf-*- # # Copyright (C) 2004, 2005, 2007, 2008 Free Software Foundation, Inc. # Written by Gary V. Vaughan, 2004 # # This file is free software; the Free Software Foundation gives # unlimited permission to copy and/or distribute it, with or without # modifications, as long as this notice is preserved. # serial 6 ltsugar.m4 # This is to help aclocal find these macros, as it can't see m4_define. AC_DEFUN([LTSUGAR_VERSION], [m4_if([0.1])]) # lt_join(SEP, ARG1, [ARG2...]) # ----------------------------- # Produce ARG1SEPARG2...SEPARGn, omitting [] arguments and their # associated separator. # Needed until we can rely on m4_join from Autoconf 2.62, since all earlier # versions in m4sugar had bugs. m4_define([lt_join], [m4_if([$#], [1], [], [$#], [2], [[$2]], [m4_if([$2], [], [], [[$2]_])$0([$1], m4_shift(m4_shift($@)))])]) m4_define([_lt_join], [m4_if([$#$2], [2], [], [m4_if([$2], [], [], [[$1$2]])$0([$1], m4_shift(m4_shift($@)))])]) # lt_car(LIST) # lt_cdr(LIST) # ------------ # Manipulate m4 lists. # These macros are necessary as long as will still need to support # Autoconf-2.59 which quotes differently. m4_define([lt_car], [[$1]]) m4_define([lt_cdr], [m4_if([$#], 0, [m4_fatal([$0: cannot be called without arguments])], [$#], 1, [], [m4_dquote(m4_shift($@))])]) m4_define([lt_unquote], $1) # lt_append(MACRO-NAME, STRING, [SEPARATOR]) # ------------------------------------------ # Redefine MACRO-NAME to hold its former content plus `SEPARATOR'`STRING'. # Note that neither SEPARATOR nor STRING are expanded; they are appended # to MACRO-NAME as is (leaving the expansion for when MACRO-NAME is invoked). # No SEPARATOR is output if MACRO-NAME was previously undefined (different # than defined and empty). # # This macro is needed until we can rely on Autoconf 2.62, since earlier # versions of m4sugar mistakenly expanded SEPARATOR but not STRING. m4_define([lt_append], [m4_define([$1], m4_ifdef([$1], [m4_defn([$1])[$3]])[$2])]) # lt_combine(SEP, PREFIX-LIST, INFIX, SUFFIX1, [SUFFIX2...]) # ---------------------------------------------------------- # Produce a SEP delimited list of all paired combinations of elements of # PREFIX-LIST with SUFFIX1 through SUFFIXn. Each element of the list # has the form PREFIXmINFIXSUFFIXn. # Needed until we can rely on m4_combine added in Autoconf 2.62. m4_define([lt_combine], [m4_if(m4_eval([$# > 3]), [1], [m4_pushdef([_Lt_sep], [m4_define([_Lt_sep], m4_defn([lt_car]))])]]dnl [[m4_foreach([_Lt_prefix], [$2], [m4_foreach([_Lt_suffix], ]m4_dquote(m4_dquote(m4_shift(m4_shift(m4_shift($@)))))[, [_Lt_sep([$1])[]m4_defn([_Lt_prefix])[$3]m4_defn([_Lt_suffix])])])])]) # lt_if_append_uniq(MACRO-NAME, VARNAME, [SEPARATOR], [UNIQ], [NOT-UNIQ]) # ----------------------------------------------------------------------- # Iff MACRO-NAME does not yet contain VARNAME, then append it (delimited # by SEPARATOR if supplied) and expand UNIQ, else NOT-UNIQ. m4_define([lt_if_append_uniq], [m4_ifdef([$1], [m4_if(m4_index([$3]m4_defn([$1])[$3], [$3$2$3]), [-1], [lt_append([$1], [$2], [$3])$4], [$5])], [lt_append([$1], [$2], [$3])$4])]) # lt_dict_add(DICT, KEY, VALUE) # ----------------------------- m4_define([lt_dict_add], [m4_define([$1($2)], [$3])]) # lt_dict_add_subkey(DICT, KEY, SUBKEY, VALUE) # -------------------------------------------- m4_define([lt_dict_add_subkey], [m4_define([$1($2:$3)], [$4])]) # lt_dict_fetch(DICT, KEY, [SUBKEY]) # ---------------------------------- m4_define([lt_dict_fetch], [m4_ifval([$3], m4_ifdef([$1($2:$3)], [m4_defn([$1($2:$3)])]), m4_ifdef([$1($2)], [m4_defn([$1($2)])]))]) # lt_if_dict_fetch(DICT, KEY, [SUBKEY], VALUE, IF-TRUE, [IF-FALSE]) # ----------------------------------------------------------------- m4_define([lt_if_dict_fetch], [m4_if(lt_dict_fetch([$1], [$2], [$3]), [$4], [$5], [$6])]) # lt_dict_filter(DICT, [SUBKEY], VALUE, [SEPARATOR], KEY, [...]) # -------------------------------------------------------------- m4_define([lt_dict_filter], [m4_if([$5], [], [], [lt_join(m4_quote(m4_default([$4], [[, ]])), lt_unquote(m4_split(m4_normalize(m4_foreach(_Lt_key, lt_car([m4_shiftn(4, $@)]), [lt_if_dict_fetch([$1], _Lt_key, [$2], [$3], [_Lt_key ])])))))])[]dnl ]) myproxy-6.2.16/m4/ltversion.m40000644000175100017510000000126214557142524013101 00000000000000# ltversion.m4 -- version numbers -*- Autoconf -*- # # Copyright (C) 2004 Free Software Foundation, Inc. # Written by Scott James Remnant, 2004 # # This file is free software; the Free Software Foundation gives # unlimited permission to copy and/or distribute it, with or without # modifications, as long as this notice is preserved. # @configure_input@ # serial 3337 ltversion.m4 # This file is part of GNU Libtool m4_define([LT_PACKAGE_VERSION], [2.4.2]) m4_define([LT_PACKAGE_REVISION], [1.3337]) AC_DEFUN([LTVERSION_VERSION], [macro_version='2.4.2' macro_revision='1.3337' _LT_DECL(, macro_version, 0, [Which release of libtool.m4 was used?]) _LT_DECL(, macro_revision, 0) ]) myproxy-6.2.16/m4/libtool.m40000644000175100017510000105743214557142524012533 00000000000000# libtool.m4 - Configure libtool for the host system. -*-Autoconf-*- # # Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, # 2006, 2007, 2008, 2009, 2010, 2011 Free Software # Foundation, Inc. # Written by Gordon Matzigkeit, 1996 # # This file is free software; the Free Software Foundation gives # unlimited permission to copy and/or distribute it, with or without # modifications, as long as this notice is preserved. m4_define([_LT_COPYING], [dnl # Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, # 2006, 2007, 2008, 2009, 2010, 2011 Free Software # Foundation, Inc. # Written by Gordon Matzigkeit, 1996 # # This file is part of GNU Libtool. # # GNU Libtool is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License as # published by the Free Software Foundation; either version 2 of # the License, or (at your option) any later version. # # As a special exception to the GNU General Public License, # if you distribute this file as part of a program or library that # is built using GNU Libtool, you may include this file under the # same distribution terms that you use for the rest of that program. # # GNU Libtool is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with GNU Libtool; see the file COPYING. If not, a copy # can be downloaded from http://www.gnu.org/licenses/gpl.html, or # obtained by writing to the Free Software Foundation, Inc., # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. ]) # serial 57 LT_INIT # LT_PREREQ(VERSION) # ------------------ # Complain and exit if this libtool version is less that VERSION. m4_defun([LT_PREREQ], [m4_if(m4_version_compare(m4_defn([LT_PACKAGE_VERSION]), [$1]), -1, [m4_default([$3], [m4_fatal([Libtool version $1 or higher is required], 63)])], [$2])]) # _LT_CHECK_BUILDDIR # ------------------ # Complain if the absolute build directory name contains unusual characters m4_defun([_LT_CHECK_BUILDDIR], [case `pwd` in *\ * | *\ *) AC_MSG_WARN([Libtool does not cope well with whitespace in `pwd`]) ;; esac ]) # LT_INIT([OPTIONS]) # ------------------ AC_DEFUN([LT_INIT], [AC_PREREQ([2.58])dnl We use AC_INCLUDES_DEFAULT AC_REQUIRE([AC_CONFIG_AUX_DIR_DEFAULT])dnl AC_BEFORE([$0], [LT_LANG])dnl AC_BEFORE([$0], [LT_OUTPUT])dnl AC_BEFORE([$0], [LTDL_INIT])dnl m4_require([_LT_CHECK_BUILDDIR])dnl dnl Autoconf doesn't catch unexpanded LT_ macros by default: m4_pattern_forbid([^_?LT_[A-Z_]+$])dnl m4_pattern_allow([^(_LT_EOF|LT_DLGLOBAL|LT_DLLAZY_OR_NOW|LT_MULTI_MODULE)$])dnl dnl aclocal doesn't pull ltoptions.m4, ltsugar.m4, or ltversion.m4 dnl unless we require an AC_DEFUNed macro: AC_REQUIRE([LTOPTIONS_VERSION])dnl AC_REQUIRE([LTSUGAR_VERSION])dnl AC_REQUIRE([LTVERSION_VERSION])dnl AC_REQUIRE([LTOBSOLETE_VERSION])dnl m4_require([_LT_PROG_LTMAIN])dnl _LT_SHELL_INIT([SHELL=${CONFIG_SHELL-/bin/sh}]) dnl Parse OPTIONS _LT_SET_OPTIONS([$0], [$1]) # This can be used to rebuild libtool when needed LIBTOOL_DEPS="$ltmain" # Always use our own libtool. LIBTOOL='$(SHELL) $(top_builddir)/libtool' AC_SUBST(LIBTOOL)dnl _LT_SETUP # Only expand once: m4_define([LT_INIT]) ])# LT_INIT # Old names: AU_ALIAS([AC_PROG_LIBTOOL], [LT_INIT]) AU_ALIAS([AM_PROG_LIBTOOL], [LT_INIT]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([AC_PROG_LIBTOOL], []) dnl AC_DEFUN([AM_PROG_LIBTOOL], []) # _LT_CC_BASENAME(CC) # ------------------- # Calculate cc_basename. Skip known compiler wrappers and cross-prefix. m4_defun([_LT_CC_BASENAME], [for cc_temp in $1""; do case $cc_temp in compile | *[[\\/]]compile | ccache | *[[\\/]]ccache ) ;; distcc | *[[\\/]]distcc | purify | *[[\\/]]purify ) ;; \-*) ;; *) break;; esac done cc_basename=`$ECHO "$cc_temp" | $SED "s%.*/%%; s%^$host_alias-%%"` ]) # _LT_FILEUTILS_DEFAULTS # ---------------------- # It is okay to use these file commands and assume they have been set # sensibly after `m4_require([_LT_FILEUTILS_DEFAULTS])'. m4_defun([_LT_FILEUTILS_DEFAULTS], [: ${CP="cp -f"} : ${MV="mv -f"} : ${RM="rm -f"} ])# _LT_FILEUTILS_DEFAULTS # _LT_SETUP # --------- m4_defun([_LT_SETUP], [AC_REQUIRE([AC_CANONICAL_HOST])dnl AC_REQUIRE([AC_CANONICAL_BUILD])dnl AC_REQUIRE([_LT_PREPARE_SED_QUOTE_VARS])dnl AC_REQUIRE([_LT_PROG_ECHO_BACKSLASH])dnl _LT_DECL([], [PATH_SEPARATOR], [1], [The PATH separator for the build system])dnl dnl _LT_DECL([], [host_alias], [0], [The host system])dnl _LT_DECL([], [host], [0])dnl _LT_DECL([], [host_os], [0])dnl dnl _LT_DECL([], [build_alias], [0], [The build system])dnl _LT_DECL([], [build], [0])dnl _LT_DECL([], [build_os], [0])dnl dnl AC_REQUIRE([AC_PROG_CC])dnl AC_REQUIRE([LT_PATH_LD])dnl AC_REQUIRE([LT_PATH_NM])dnl dnl AC_REQUIRE([AC_PROG_LN_S])dnl test -z "$LN_S" && LN_S="ln -s" _LT_DECL([], [LN_S], [1], [Whether we need soft or hard links])dnl dnl AC_REQUIRE([LT_CMD_MAX_LEN])dnl _LT_DECL([objext], [ac_objext], [0], [Object file suffix (normally "o")])dnl _LT_DECL([], [exeext], [0], [Executable file suffix (normally "")])dnl dnl m4_require([_LT_FILEUTILS_DEFAULTS])dnl m4_require([_LT_CHECK_SHELL_FEATURES])dnl m4_require([_LT_PATH_CONVERSION_FUNCTIONS])dnl m4_require([_LT_CMD_RELOAD])dnl m4_require([_LT_CHECK_MAGIC_METHOD])dnl m4_require([_LT_CHECK_SHAREDLIB_FROM_LINKLIB])dnl m4_require([_LT_CMD_OLD_ARCHIVE])dnl m4_require([_LT_CMD_GLOBAL_SYMBOLS])dnl m4_require([_LT_WITH_SYSROOT])dnl _LT_CONFIG_LIBTOOL_INIT([ # See if we are running on zsh, and set the options which allow our # commands through without removal of \ escapes INIT. if test -n "\${ZSH_VERSION+set}" ; then setopt NO_GLOB_SUBST fi ]) if test -n "${ZSH_VERSION+set}" ; then setopt NO_GLOB_SUBST fi _LT_CHECK_OBJDIR m4_require([_LT_TAG_COMPILER])dnl case $host_os in aix3*) # AIX sometimes has problems with the GCC collect2 program. For some # reason, if we set the COLLECT_NAMES environment variable, the problems # vanish in a puff of smoke. if test "X${COLLECT_NAMES+set}" != Xset; then COLLECT_NAMES= export COLLECT_NAMES fi ;; esac # Global variables: ofile=libtool can_build_shared=yes # All known linkers require a `.a' archive for static linking (except MSVC, # which needs '.lib'). libext=a with_gnu_ld="$lt_cv_prog_gnu_ld" old_CC="$CC" old_CFLAGS="$CFLAGS" # Set sane defaults for various variables test -z "$CC" && CC=cc test -z "$LTCC" && LTCC=$CC test -z "$LTCFLAGS" && LTCFLAGS=$CFLAGS test -z "$LD" && LD=ld test -z "$ac_objext" && ac_objext=o _LT_CC_BASENAME([$compiler]) # Only perform the check for file, if the check method requires it test -z "$MAGIC_CMD" && MAGIC_CMD=file case $deplibs_check_method in file_magic*) if test "$file_magic_cmd" = '$MAGIC_CMD'; then _LT_PATH_MAGIC fi ;; esac # Use C for the default configuration in the libtool script LT_SUPPORTED_TAG([CC]) _LT_LANG_C_CONFIG _LT_LANG_DEFAULT_CONFIG _LT_CONFIG_COMMANDS ])# _LT_SETUP # _LT_PREPARE_SED_QUOTE_VARS # -------------------------- # Define a few sed substitution that help us do robust quoting. m4_defun([_LT_PREPARE_SED_QUOTE_VARS], [# Backslashify metacharacters that are still active within # double-quoted strings. sed_quote_subst='s/\([["`$\\]]\)/\\\1/g' # Same as above, but do not quote variable references. double_quote_subst='s/\([["`\\]]\)/\\\1/g' # Sed substitution to delay expansion of an escaped shell variable in a # double_quote_subst'ed string. delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g' # Sed substitution to delay expansion of an escaped single quote. delay_single_quote_subst='s/'\''/'\'\\\\\\\'\''/g' # Sed substitution to avoid accidental globbing in evaled expressions no_glob_subst='s/\*/\\\*/g' ]) # _LT_PROG_LTMAIN # --------------- # Note that this code is called both from `configure', and `config.status' # now that we use AC_CONFIG_COMMANDS to generate libtool. Notably, # `config.status' has no value for ac_aux_dir unless we are using Automake, # so we pass a copy along to make sure it has a sensible value anyway. m4_defun([_LT_PROG_LTMAIN], [m4_ifdef([AC_REQUIRE_AUX_FILE], [AC_REQUIRE_AUX_FILE([ltmain.sh])])dnl _LT_CONFIG_LIBTOOL_INIT([ac_aux_dir='$ac_aux_dir']) ltmain="$ac_aux_dir/ltmain.sh" ])# _LT_PROG_LTMAIN ## ------------------------------------- ## ## Accumulate code for creating libtool. ## ## ------------------------------------- ## # So that we can recreate a full libtool script including additional # tags, we accumulate the chunks of code to send to AC_CONFIG_COMMANDS # in macros and then make a single call at the end using the `libtool' # label. # _LT_CONFIG_LIBTOOL_INIT([INIT-COMMANDS]) # ---------------------------------------- # Register INIT-COMMANDS to be passed to AC_CONFIG_COMMANDS later. m4_define([_LT_CONFIG_LIBTOOL_INIT], [m4_ifval([$1], [m4_append([_LT_OUTPUT_LIBTOOL_INIT], [$1 ])])]) # Initialize. m4_define([_LT_OUTPUT_LIBTOOL_INIT]) # _LT_CONFIG_LIBTOOL([COMMANDS]) # ------------------------------ # Register COMMANDS to be passed to AC_CONFIG_COMMANDS later. m4_define([_LT_CONFIG_LIBTOOL], [m4_ifval([$1], [m4_append([_LT_OUTPUT_LIBTOOL_COMMANDS], [$1 ])])]) # Initialize. m4_define([_LT_OUTPUT_LIBTOOL_COMMANDS]) # _LT_CONFIG_SAVE_COMMANDS([COMMANDS], [INIT_COMMANDS]) # ----------------------------------------------------- m4_defun([_LT_CONFIG_SAVE_COMMANDS], [_LT_CONFIG_LIBTOOL([$1]) _LT_CONFIG_LIBTOOL_INIT([$2]) ]) # _LT_FORMAT_COMMENT([COMMENT]) # ----------------------------- # Add leading comment marks to the start of each line, and a trailing # full-stop to the whole comment if one is not present already. m4_define([_LT_FORMAT_COMMENT], [m4_ifval([$1], [ m4_bpatsubst([m4_bpatsubst([$1], [^ *], [# ])], [['`$\]], [\\\&])]m4_bmatch([$1], [[!?.]$], [], [.]) )]) ## ------------------------ ## ## FIXME: Eliminate VARNAME ## ## ------------------------ ## # _LT_DECL([CONFIGNAME], VARNAME, VALUE, [DESCRIPTION], [IS-TAGGED?]) # ------------------------------------------------------------------- # CONFIGNAME is the name given to the value in the libtool script. # VARNAME is the (base) name used in the configure script. # VALUE may be 0, 1 or 2 for a computed quote escaped value based on # VARNAME. Any other value will be used directly. m4_define([_LT_DECL], [lt_if_append_uniq([lt_decl_varnames], [$2], [, ], [lt_dict_add_subkey([lt_decl_dict], [$2], [libtool_name], [m4_ifval([$1], [$1], [$2])]) lt_dict_add_subkey([lt_decl_dict], [$2], [value], [$3]) m4_ifval([$4], [lt_dict_add_subkey([lt_decl_dict], [$2], [description], [$4])]) lt_dict_add_subkey([lt_decl_dict], [$2], [tagged?], [m4_ifval([$5], [yes], [no])])]) ]) # _LT_TAGDECL([CONFIGNAME], VARNAME, VALUE, [DESCRIPTION]) # -------------------------------------------------------- m4_define([_LT_TAGDECL], [_LT_DECL([$1], [$2], [$3], [$4], [yes])]) # lt_decl_tag_varnames([SEPARATOR], [VARNAME1...]) # ------------------------------------------------ m4_define([lt_decl_tag_varnames], [_lt_decl_filter([tagged?], [yes], $@)]) # _lt_decl_filter(SUBKEY, VALUE, [SEPARATOR], [VARNAME1..]) # --------------------------------------------------------- m4_define([_lt_decl_filter], [m4_case([$#], [0], [m4_fatal([$0: too few arguments: $#])], [1], [m4_fatal([$0: too few arguments: $#: $1])], [2], [lt_dict_filter([lt_decl_dict], [$1], [$2], [], lt_decl_varnames)], [3], [lt_dict_filter([lt_decl_dict], [$1], [$2], [$3], lt_decl_varnames)], [lt_dict_filter([lt_decl_dict], $@)])[]dnl ]) # lt_decl_quote_varnames([SEPARATOR], [VARNAME1...]) # -------------------------------------------------- m4_define([lt_decl_quote_varnames], [_lt_decl_filter([value], [1], $@)]) # lt_decl_dquote_varnames([SEPARATOR], [VARNAME1...]) # --------------------------------------------------- m4_define([lt_decl_dquote_varnames], [_lt_decl_filter([value], [2], $@)]) # lt_decl_varnames_tagged([SEPARATOR], [VARNAME1...]) # --------------------------------------------------- m4_define([lt_decl_varnames_tagged], [m4_assert([$# <= 2])dnl _$0(m4_quote(m4_default([$1], [[, ]])), m4_ifval([$2], [[$2]], [m4_dquote(lt_decl_tag_varnames)]), m4_split(m4_normalize(m4_quote(_LT_TAGS)), [ ]))]) m4_define([_lt_decl_varnames_tagged], [m4_ifval([$3], [lt_combine([$1], [$2], [_], $3)])]) # lt_decl_all_varnames([SEPARATOR], [VARNAME1...]) # ------------------------------------------------ m4_define([lt_decl_all_varnames], [_$0(m4_quote(m4_default([$1], [[, ]])), m4_if([$2], [], m4_quote(lt_decl_varnames), m4_quote(m4_shift($@))))[]dnl ]) m4_define([_lt_decl_all_varnames], [lt_join($@, lt_decl_varnames_tagged([$1], lt_decl_tag_varnames([[, ]], m4_shift($@))))dnl ]) # _LT_CONFIG_STATUS_DECLARE([VARNAME]) # ------------------------------------ # Quote a variable value, and forward it to `config.status' so that its # declaration there will have the same value as in `configure'. VARNAME # must have a single quote delimited value for this to work. m4_define([_LT_CONFIG_STATUS_DECLARE], [$1='`$ECHO "$][$1" | $SED "$delay_single_quote_subst"`']) # _LT_CONFIG_STATUS_DECLARATIONS # ------------------------------ # We delimit libtool config variables with single quotes, so when # we write them to config.status, we have to be sure to quote all # embedded single quotes properly. In configure, this macro expands # each variable declared with _LT_DECL (and _LT_TAGDECL) into: # # ='`$ECHO "$" | $SED "$delay_single_quote_subst"`' m4_defun([_LT_CONFIG_STATUS_DECLARATIONS], [m4_foreach([_lt_var], m4_quote(lt_decl_all_varnames), [m4_n([_LT_CONFIG_STATUS_DECLARE(_lt_var)])])]) # _LT_LIBTOOL_TAGS # ---------------- # Output comment and list of tags supported by the script m4_defun([_LT_LIBTOOL_TAGS], [_LT_FORMAT_COMMENT([The names of the tagged configurations supported by this script])dnl available_tags="_LT_TAGS"dnl ]) # _LT_LIBTOOL_DECLARE(VARNAME, [TAG]) # ----------------------------------- # Extract the dictionary values for VARNAME (optionally with TAG) and # expand to a commented shell variable setting: # # # Some comment about what VAR is for. # visible_name=$lt_internal_name m4_define([_LT_LIBTOOL_DECLARE], [_LT_FORMAT_COMMENT(m4_quote(lt_dict_fetch([lt_decl_dict], [$1], [description])))[]dnl m4_pushdef([_libtool_name], m4_quote(lt_dict_fetch([lt_decl_dict], [$1], [libtool_name])))[]dnl m4_case(m4_quote(lt_dict_fetch([lt_decl_dict], [$1], [value])), [0], [_libtool_name=[$]$1], [1], [_libtool_name=$lt_[]$1], [2], [_libtool_name=$lt_[]$1], [_libtool_name=lt_dict_fetch([lt_decl_dict], [$1], [value])])[]dnl m4_ifval([$2], [_$2])[]m4_popdef([_libtool_name])[]dnl ]) # _LT_LIBTOOL_CONFIG_VARS # ----------------------- # Produce commented declarations of non-tagged libtool config variables # suitable for insertion in the LIBTOOL CONFIG section of the `libtool' # script. Tagged libtool config variables (even for the LIBTOOL CONFIG # section) are produced by _LT_LIBTOOL_TAG_VARS. m4_defun([_LT_LIBTOOL_CONFIG_VARS], [m4_foreach([_lt_var], m4_quote(_lt_decl_filter([tagged?], [no], [], lt_decl_varnames)), [m4_n([_LT_LIBTOOL_DECLARE(_lt_var)])])]) # _LT_LIBTOOL_TAG_VARS(TAG) # ------------------------- m4_define([_LT_LIBTOOL_TAG_VARS], [m4_foreach([_lt_var], m4_quote(lt_decl_tag_varnames), [m4_n([_LT_LIBTOOL_DECLARE(_lt_var, [$1])])])]) # _LT_TAGVAR(VARNAME, [TAGNAME]) # ------------------------------ m4_define([_LT_TAGVAR], [m4_ifval([$2], [$1_$2], [$1])]) # _LT_CONFIG_COMMANDS # ------------------- # Send accumulated output to $CONFIG_STATUS. Thanks to the lists of # variables for single and double quote escaping we saved from calls # to _LT_DECL, we can put quote escaped variables declarations # into `config.status', and then the shell code to quote escape them in # for loops in `config.status'. Finally, any additional code accumulated # from calls to _LT_CONFIG_LIBTOOL_INIT is expanded. m4_defun([_LT_CONFIG_COMMANDS], [AC_PROVIDE_IFELSE([LT_OUTPUT], dnl If the libtool generation code has been placed in $CONFIG_LT, dnl instead of duplicating it all over again into config.status, dnl then we will have config.status run $CONFIG_LT later, so it dnl needs to know what name is stored there: [AC_CONFIG_COMMANDS([libtool], [$SHELL $CONFIG_LT || AS_EXIT(1)], [CONFIG_LT='$CONFIG_LT'])], dnl If the libtool generation code is destined for config.status, dnl expand the accumulated commands and init code now: [AC_CONFIG_COMMANDS([libtool], [_LT_OUTPUT_LIBTOOL_COMMANDS], [_LT_OUTPUT_LIBTOOL_COMMANDS_INIT])]) ])#_LT_CONFIG_COMMANDS # Initialize. m4_define([_LT_OUTPUT_LIBTOOL_COMMANDS_INIT], [ # The HP-UX ksh and POSIX shell print the target directory to stdout # if CDPATH is set. (unset CDPATH) >/dev/null 2>&1 && unset CDPATH sed_quote_subst='$sed_quote_subst' double_quote_subst='$double_quote_subst' delay_variable_subst='$delay_variable_subst' _LT_CONFIG_STATUS_DECLARATIONS LTCC='$LTCC' LTCFLAGS='$LTCFLAGS' compiler='$compiler_DEFAULT' # A function that is used when there is no print builtin or printf. func_fallback_echo () { eval 'cat <<_LTECHO_EOF \$[]1 _LTECHO_EOF' } # Quote evaled strings. for var in lt_decl_all_varnames([[ \ ]], lt_decl_quote_varnames); do case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in *[[\\\\\\\`\\"\\\$]]*) eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED \\"\\\$sed_quote_subst\\"\\\`\\\\\\"" ;; *) eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\"" ;; esac done # Double-quote double-evaled strings. for var in lt_decl_all_varnames([[ \ ]], lt_decl_dquote_varnames); do case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in *[[\\\\\\\`\\"\\\$]]*) eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED -e \\"\\\$double_quote_subst\\" -e \\"\\\$sed_quote_subst\\" -e \\"\\\$delay_variable_subst\\"\\\`\\\\\\"" ;; *) eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\"" ;; esac done _LT_OUTPUT_LIBTOOL_INIT ]) # _LT_GENERATED_FILE_INIT(FILE, [COMMENT]) # ------------------------------------ # Generate a child script FILE with all initialization necessary to # reuse the environment learned by the parent script, and make the # file executable. If COMMENT is supplied, it is inserted after the # `#!' sequence but before initialization text begins. After this # macro, additional text can be appended to FILE to form the body of # the child script. The macro ends with non-zero status if the # file could not be fully written (such as if the disk is full). m4_ifdef([AS_INIT_GENERATED], [m4_defun([_LT_GENERATED_FILE_INIT],[AS_INIT_GENERATED($@)])], [m4_defun([_LT_GENERATED_FILE_INIT], [m4_require([AS_PREPARE])]dnl [m4_pushdef([AS_MESSAGE_LOG_FD])]dnl [lt_write_fail=0 cat >$1 <<_ASEOF || lt_write_fail=1 #! $SHELL # Generated by $as_me. $2 SHELL=\${CONFIG_SHELL-$SHELL} export SHELL _ASEOF cat >>$1 <<\_ASEOF || lt_write_fail=1 AS_SHELL_SANITIZE _AS_PREPARE exec AS_MESSAGE_FD>&1 _ASEOF test $lt_write_fail = 0 && chmod +x $1[]dnl m4_popdef([AS_MESSAGE_LOG_FD])])])# _LT_GENERATED_FILE_INIT # LT_OUTPUT # --------- # This macro allows early generation of the libtool script (before # AC_OUTPUT is called), incase it is used in configure for compilation # tests. AC_DEFUN([LT_OUTPUT], [: ${CONFIG_LT=./config.lt} AC_MSG_NOTICE([creating $CONFIG_LT]) _LT_GENERATED_FILE_INIT(["$CONFIG_LT"], [# Run this file to recreate a libtool stub with the current configuration.]) cat >>"$CONFIG_LT" <<\_LTEOF lt_cl_silent=false exec AS_MESSAGE_LOG_FD>>config.log { echo AS_BOX([Running $as_me.]) } >&AS_MESSAGE_LOG_FD lt_cl_help="\ \`$as_me' creates a local libtool stub from the current configuration, for use in further configure time tests before the real libtool is generated. Usage: $[0] [[OPTIONS]] -h, --help print this help, then exit -V, --version print version number, then exit -q, --quiet do not print progress messages -d, --debug don't remove temporary files Report bugs to ." lt_cl_version="\ m4_ifset([AC_PACKAGE_NAME], [AC_PACKAGE_NAME ])config.lt[]dnl m4_ifset([AC_PACKAGE_VERSION], [ AC_PACKAGE_VERSION]) configured by $[0], generated by m4_PACKAGE_STRING. Copyright (C) 2011 Free Software Foundation, Inc. This config.lt script is free software; the Free Software Foundation gives unlimited permision to copy, distribute and modify it." while test $[#] != 0 do case $[1] in --version | --v* | -V ) echo "$lt_cl_version"; exit 0 ;; --help | --h* | -h ) echo "$lt_cl_help"; exit 0 ;; --debug | --d* | -d ) debug=: ;; --quiet | --q* | --silent | --s* | -q ) lt_cl_silent=: ;; -*) AC_MSG_ERROR([unrecognized option: $[1] Try \`$[0] --help' for more information.]) ;; *) AC_MSG_ERROR([unrecognized argument: $[1] Try \`$[0] --help' for more information.]) ;; esac shift done if $lt_cl_silent; then exec AS_MESSAGE_FD>/dev/null fi _LTEOF cat >>"$CONFIG_LT" <<_LTEOF _LT_OUTPUT_LIBTOOL_COMMANDS_INIT _LTEOF cat >>"$CONFIG_LT" <<\_LTEOF AC_MSG_NOTICE([creating $ofile]) _LT_OUTPUT_LIBTOOL_COMMANDS AS_EXIT(0) _LTEOF chmod +x "$CONFIG_LT" # configure is writing to config.log, but config.lt does its own redirection, # appending to config.log, which fails on DOS, as config.log is still kept # open by configure. Here we exec the FD to /dev/null, effectively closing # config.log, so it can be properly (re)opened and appended to by config.lt. lt_cl_success=: test "$silent" = yes && lt_config_lt_args="$lt_config_lt_args --quiet" exec AS_MESSAGE_LOG_FD>/dev/null $SHELL "$CONFIG_LT" $lt_config_lt_args || lt_cl_success=false exec AS_MESSAGE_LOG_FD>>config.log $lt_cl_success || AS_EXIT(1) ])# LT_OUTPUT # _LT_CONFIG(TAG) # --------------- # If TAG is the built-in tag, create an initial libtool script with a # default configuration from the untagged config vars. Otherwise add code # to config.status for appending the configuration named by TAG from the # matching tagged config vars. m4_defun([_LT_CONFIG], [m4_require([_LT_FILEUTILS_DEFAULTS])dnl _LT_CONFIG_SAVE_COMMANDS([ m4_define([_LT_TAG], m4_if([$1], [], [C], [$1]))dnl m4_if(_LT_TAG, [C], [ # See if we are running on zsh, and set the options which allow our # commands through without removal of \ escapes. if test -n "${ZSH_VERSION+set}" ; then setopt NO_GLOB_SUBST fi cfgfile="${ofile}T" trap "$RM \"$cfgfile\"; exit 1" 1 2 15 $RM "$cfgfile" cat <<_LT_EOF >> "$cfgfile" #! $SHELL # `$ECHO "$ofile" | sed 's%^.*/%%'` - Provide generalized library-building support services. # Generated automatically by $as_me ($PACKAGE$TIMESTAMP) $VERSION # Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`: # NOTE: Changes made to this file will be lost: look at ltmain.sh. # _LT_COPYING _LT_LIBTOOL_TAGS # ### BEGIN LIBTOOL CONFIG _LT_LIBTOOL_CONFIG_VARS _LT_LIBTOOL_TAG_VARS # ### END LIBTOOL CONFIG _LT_EOF case $host_os in aix3*) cat <<\_LT_EOF >> "$cfgfile" # AIX sometimes has problems with the GCC collect2 program. For some # reason, if we set the COLLECT_NAMES environment variable, the problems # vanish in a puff of smoke. if test "X${COLLECT_NAMES+set}" != Xset; then COLLECT_NAMES= export COLLECT_NAMES fi _LT_EOF ;; esac _LT_PROG_LTMAIN # We use sed instead of cat because bash on DJGPP gets confused if # if finds mixed CR/LF and LF-only lines. Since sed operates in # text mode, it properly converts lines to CR/LF. This bash problem # is reportedly fixed, but why not run on old versions too? sed '$q' "$ltmain" >> "$cfgfile" \ || (rm -f "$cfgfile"; exit 1) _LT_PROG_REPLACE_SHELLFNS mv -f "$cfgfile" "$ofile" || (rm -f "$ofile" && cp "$cfgfile" "$ofile" && rm -f "$cfgfile") chmod +x "$ofile" ], [cat <<_LT_EOF >> "$ofile" dnl Unfortunately we have to use $1 here, since _LT_TAG is not expanded dnl in a comment (ie after a #). # ### BEGIN LIBTOOL TAG CONFIG: $1 _LT_LIBTOOL_TAG_VARS(_LT_TAG) # ### END LIBTOOL TAG CONFIG: $1 _LT_EOF ])dnl /m4_if ], [m4_if([$1], [], [ PACKAGE='$PACKAGE' VERSION='$VERSION' TIMESTAMP='$TIMESTAMP' RM='$RM' ofile='$ofile'], []) ])dnl /_LT_CONFIG_SAVE_COMMANDS ])# _LT_CONFIG # LT_SUPPORTED_TAG(TAG) # --------------------- # Trace this macro to discover what tags are supported by the libtool # --tag option, using: # autoconf --trace 'LT_SUPPORTED_TAG:$1' AC_DEFUN([LT_SUPPORTED_TAG], []) # C support is built-in for now m4_define([_LT_LANG_C_enabled], []) m4_define([_LT_TAGS], []) # LT_LANG(LANG) # ------------- # Enable libtool support for the given language if not already enabled. AC_DEFUN([LT_LANG], [AC_BEFORE([$0], [LT_OUTPUT])dnl m4_case([$1], [C], [_LT_LANG(C)], [C++], [_LT_LANG(CXX)], [Go], [_LT_LANG(GO)], [Java], [_LT_LANG(GCJ)], [Fortran 77], [_LT_LANG(F77)], [Fortran], [_LT_LANG(FC)], [Windows Resource], [_LT_LANG(RC)], [m4_ifdef([_LT_LANG_]$1[_CONFIG], [_LT_LANG($1)], [m4_fatal([$0: unsupported language: "$1"])])])dnl ])# LT_LANG # _LT_LANG(LANGNAME) # ------------------ m4_defun([_LT_LANG], [m4_ifdef([_LT_LANG_]$1[_enabled], [], [LT_SUPPORTED_TAG([$1])dnl m4_append([_LT_TAGS], [$1 ])dnl m4_define([_LT_LANG_]$1[_enabled], [])dnl _LT_LANG_$1_CONFIG($1)])dnl ])# _LT_LANG m4_ifndef([AC_PROG_GO], [ ############################################################ # NOTE: This macro has been submitted for inclusion into # # GNU Autoconf as AC_PROG_GO. When it is available in # # a released version of Autoconf we should remove this # # macro and use it instead. # ############################################################ m4_defun([AC_PROG_GO], [AC_LANG_PUSH(Go)dnl AC_ARG_VAR([GOC], [Go compiler command])dnl AC_ARG_VAR([GOFLAGS], [Go compiler flags])dnl _AC_ARG_VAR_LDFLAGS()dnl AC_CHECK_TOOL(GOC, gccgo) if test -z "$GOC"; then if test -n "$ac_tool_prefix"; then AC_CHECK_PROG(GOC, [${ac_tool_prefix}gccgo], [${ac_tool_prefix}gccgo]) fi fi if test -z "$GOC"; then AC_CHECK_PROG(GOC, gccgo, gccgo, false) fi ])#m4_defun ])#m4_ifndef # _LT_LANG_DEFAULT_CONFIG # ----------------------- m4_defun([_LT_LANG_DEFAULT_CONFIG], [AC_PROVIDE_IFELSE([AC_PROG_CXX], [LT_LANG(CXX)], [m4_define([AC_PROG_CXX], defn([AC_PROG_CXX])[LT_LANG(CXX)])]) AC_PROVIDE_IFELSE([AC_PROG_F77], [LT_LANG(F77)], [m4_define([AC_PROG_F77], defn([AC_PROG_F77])[LT_LANG(F77)])]) AC_PROVIDE_IFELSE([AC_PROG_FC], [LT_LANG(FC)], [m4_define([AC_PROG_FC], defn([AC_PROG_FC])[LT_LANG(FC)])]) dnl The call to [A][M_PROG_GCJ] is quoted like that to stop aclocal dnl pulling things in needlessly. AC_PROVIDE_IFELSE([AC_PROG_GCJ], [LT_LANG(GCJ)], [AC_PROVIDE_IFELSE([A][M_PROG_GCJ], [LT_LANG(GCJ)], [AC_PROVIDE_IFELSE([LT_PROG_GCJ], [LT_LANG(GCJ)], [m4_ifdef([AC_PROG_GCJ], [m4_define([AC_PROG_GCJ], defn([AC_PROG_GCJ])[LT_LANG(GCJ)])]) m4_ifdef([A][M_PROG_GCJ], [m4_define([A][M_PROG_GCJ], defn([A][M_PROG_GCJ])[LT_LANG(GCJ)])]) m4_ifdef([LT_PROG_GCJ], [m4_define([LT_PROG_GCJ], defn([LT_PROG_GCJ])[LT_LANG(GCJ)])])])])]) AC_PROVIDE_IFELSE([AC_PROG_GO], [LT_LANG(GO)], [m4_define([AC_PROG_GO], defn([AC_PROG_GO])[LT_LANG(GO)])]) AC_PROVIDE_IFELSE([LT_PROG_RC], [LT_LANG(RC)], [m4_define([LT_PROG_RC], defn([LT_PROG_RC])[LT_LANG(RC)])]) ])# _LT_LANG_DEFAULT_CONFIG # Obsolete macros: AU_DEFUN([AC_LIBTOOL_CXX], [LT_LANG(C++)]) AU_DEFUN([AC_LIBTOOL_F77], [LT_LANG(Fortran 77)]) AU_DEFUN([AC_LIBTOOL_FC], [LT_LANG(Fortran)]) AU_DEFUN([AC_LIBTOOL_GCJ], [LT_LANG(Java)]) AU_DEFUN([AC_LIBTOOL_RC], [LT_LANG(Windows Resource)]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([AC_LIBTOOL_CXX], []) dnl AC_DEFUN([AC_LIBTOOL_F77], []) dnl AC_DEFUN([AC_LIBTOOL_FC], []) dnl AC_DEFUN([AC_LIBTOOL_GCJ], []) dnl AC_DEFUN([AC_LIBTOOL_RC], []) # _LT_TAG_COMPILER # ---------------- m4_defun([_LT_TAG_COMPILER], [AC_REQUIRE([AC_PROG_CC])dnl _LT_DECL([LTCC], [CC], [1], [A C compiler])dnl _LT_DECL([LTCFLAGS], [CFLAGS], [1], [LTCC compiler flags])dnl _LT_TAGDECL([CC], [compiler], [1], [A language specific compiler])dnl _LT_TAGDECL([with_gcc], [GCC], [0], [Is the compiler the GNU compiler?])dnl # If no C compiler was specified, use CC. LTCC=${LTCC-"$CC"} # If no C compiler flags were specified, use CFLAGS. LTCFLAGS=${LTCFLAGS-"$CFLAGS"} # Allow CC to be a program name with arguments. compiler=$CC ])# _LT_TAG_COMPILER # _LT_COMPILER_BOILERPLATE # ------------------------ # Check for compiler boilerplate output or warnings with # the simple compiler test code. m4_defun([_LT_COMPILER_BOILERPLATE], [m4_require([_LT_DECL_SED])dnl ac_outfile=conftest.$ac_objext echo "$lt_simple_compile_test_code" >conftest.$ac_ext eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err _lt_compiler_boilerplate=`cat conftest.err` $RM conftest* ])# _LT_COMPILER_BOILERPLATE # _LT_LINKER_BOILERPLATE # ---------------------- # Check for linker boilerplate output or warnings with # the simple link test code. m4_defun([_LT_LINKER_BOILERPLATE], [m4_require([_LT_DECL_SED])dnl ac_outfile=conftest.$ac_objext echo "$lt_simple_link_test_code" >conftest.$ac_ext eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err _lt_linker_boilerplate=`cat conftest.err` $RM -r conftest* ])# _LT_LINKER_BOILERPLATE # _LT_REQUIRED_DARWIN_CHECKS # ------------------------- m4_defun_once([_LT_REQUIRED_DARWIN_CHECKS],[ case $host_os in rhapsody* | darwin*) AC_CHECK_TOOL([DSYMUTIL], [dsymutil], [:]) AC_CHECK_TOOL([NMEDIT], [nmedit], [:]) AC_CHECK_TOOL([LIPO], [lipo], [:]) AC_CHECK_TOOL([OTOOL], [otool], [:]) AC_CHECK_TOOL([OTOOL64], [otool64], [:]) _LT_DECL([], [DSYMUTIL], [1], [Tool to manipulate archived DWARF debug symbol files on Mac OS X]) _LT_DECL([], [NMEDIT], [1], [Tool to change global to local symbols on Mac OS X]) _LT_DECL([], [LIPO], [1], [Tool to manipulate fat objects and archives on Mac OS X]) _LT_DECL([], [OTOOL], [1], [ldd/readelf like tool for Mach-O binaries on Mac OS X]) _LT_DECL([], [OTOOL64], [1], [ldd/readelf like tool for 64 bit Mach-O binaries on Mac OS X 10.4]) AC_CACHE_CHECK([for -single_module linker flag],[lt_cv_apple_cc_single_mod], [lt_cv_apple_cc_single_mod=no if test -z "${LT_MULTI_MODULE}"; then # By default we will add the -single_module flag. You can override # by either setting the environment variable LT_MULTI_MODULE # non-empty at configure time, or by adding -multi_module to the # link flags. rm -rf libconftest.dylib* echo "int foo(void){return 1;}" > conftest.c echo "$LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \ -dynamiclib -Wl,-single_module conftest.c" >&AS_MESSAGE_LOG_FD $LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \ -dynamiclib -Wl,-single_module conftest.c 2>conftest.err _lt_result=$? # If there is a non-empty error log, and "single_module" # appears in it, assume the flag caused a linker warning if test -s conftest.err && $GREP single_module conftest.err; then cat conftest.err >&AS_MESSAGE_LOG_FD # Otherwise, if the output was created with a 0 exit code from # the compiler, it worked. elif test -f libconftest.dylib && test $_lt_result -eq 0; then lt_cv_apple_cc_single_mod=yes else cat conftest.err >&AS_MESSAGE_LOG_FD fi rm -rf libconftest.dylib* rm -f conftest.* fi]) AC_CACHE_CHECK([for -exported_symbols_list linker flag], [lt_cv_ld_exported_symbols_list], [lt_cv_ld_exported_symbols_list=no save_LDFLAGS=$LDFLAGS echo "_main" > conftest.sym LDFLAGS="$LDFLAGS -Wl,-exported_symbols_list,conftest.sym" AC_LINK_IFELSE([AC_LANG_PROGRAM([],[])], [lt_cv_ld_exported_symbols_list=yes], [lt_cv_ld_exported_symbols_list=no]) LDFLAGS="$save_LDFLAGS" ]) AC_CACHE_CHECK([for -force_load linker flag],[lt_cv_ld_force_load], [lt_cv_ld_force_load=no cat > conftest.c << _LT_EOF int forced_loaded() { return 2;} _LT_EOF echo "$LTCC $LTCFLAGS -c -o conftest.o conftest.c" >&AS_MESSAGE_LOG_FD $LTCC $LTCFLAGS -c -o conftest.o conftest.c 2>&AS_MESSAGE_LOG_FD echo "$AR cru libconftest.a conftest.o" >&AS_MESSAGE_LOG_FD $AR cru libconftest.a conftest.o 2>&AS_MESSAGE_LOG_FD echo "$RANLIB libconftest.a" >&AS_MESSAGE_LOG_FD $RANLIB libconftest.a 2>&AS_MESSAGE_LOG_FD cat > conftest.c << _LT_EOF int main() { return 0;} _LT_EOF echo "$LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a" >&AS_MESSAGE_LOG_FD $LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a 2>conftest.err _lt_result=$? if test -s conftest.err && $GREP force_load conftest.err; then cat conftest.err >&AS_MESSAGE_LOG_FD elif test -f conftest && test $_lt_result -eq 0 && $GREP forced_load conftest >/dev/null 2>&1 ; then lt_cv_ld_force_load=yes else cat conftest.err >&AS_MESSAGE_LOG_FD fi rm -f conftest.err libconftest.a conftest conftest.c rm -rf conftest.dSYM ]) case $host_os in rhapsody* | darwin1.[[012]]) _lt_dar_allow_undefined='${wl}-undefined ${wl}suppress' ;; darwin1.*) _lt_dar_allow_undefined='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' ;; darwin*) # darwin 5.x on # if running on 10.5 or later, the deployment target defaults # to the OS version, if on x86, and 10.4, the deployment # target defaults to 10.4. Don't you love it? case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in 10.0,*86*-darwin8*|10.0,*-darwin[[91]]*) _lt_dar_allow_undefined='${wl}-undefined ${wl}dynamic_lookup' ;; 10.[[012]]*) _lt_dar_allow_undefined='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' ;; 10.*) _lt_dar_allow_undefined='${wl}-undefined ${wl}dynamic_lookup' ;; esac ;; esac if test "$lt_cv_apple_cc_single_mod" = "yes"; then _lt_dar_single_mod='$single_module' fi if test "$lt_cv_ld_exported_symbols_list" = "yes"; then _lt_dar_export_syms=' ${wl}-exported_symbols_list,$output_objdir/${libname}-symbols.expsym' else _lt_dar_export_syms='~$NMEDIT -s $output_objdir/${libname}-symbols.expsym ${lib}' fi if test "$DSYMUTIL" != ":" && test "$lt_cv_ld_force_load" = "no"; then _lt_dsymutil='~$DSYMUTIL $lib || :' else _lt_dsymutil= fi ;; esac ]) # _LT_DARWIN_LINKER_FEATURES([TAG]) # --------------------------------- # Checks for linker and compiler features on darwin m4_defun([_LT_DARWIN_LINKER_FEATURES], [ m4_require([_LT_REQUIRED_DARWIN_CHECKS]) _LT_TAGVAR(archive_cmds_need_lc, $1)=no _LT_TAGVAR(hardcode_direct, $1)=no _LT_TAGVAR(hardcode_automatic, $1)=yes _LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported if test "$lt_cv_ld_force_load" = "yes"; then _LT_TAGVAR(whole_archive_flag_spec, $1)='`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience ${wl}-force_load,$conv\"; done; func_echo_all \"$new_convenience\"`' m4_case([$1], [F77], [_LT_TAGVAR(compiler_needs_object, $1)=yes], [FC], [_LT_TAGVAR(compiler_needs_object, $1)=yes]) else _LT_TAGVAR(whole_archive_flag_spec, $1)='' fi _LT_TAGVAR(link_all_deplibs, $1)=yes _LT_TAGVAR(allow_undefined_flag, $1)="$_lt_dar_allow_undefined" case $cc_basename in ifort*) _lt_dar_can_shared=yes ;; *) _lt_dar_can_shared=$GCC ;; esac if test "$_lt_dar_can_shared" = "yes"; then output_verbose_link_cmd=func_echo_all _LT_TAGVAR(archive_cmds, $1)="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod${_lt_dsymutil}" _LT_TAGVAR(module_cmds, $1)="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dsymutil}" _LT_TAGVAR(archive_expsym_cmds, $1)="sed 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring ${_lt_dar_single_mod}${_lt_dar_export_syms}${_lt_dsymutil}" _LT_TAGVAR(module_expsym_cmds, $1)="sed -e 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dar_export_syms}${_lt_dsymutil}" m4_if([$1], [CXX], [ if test "$lt_cv_apple_cc_single_mod" != "yes"; then _LT_TAGVAR(archive_cmds, $1)="\$CC -r -keep_private_externs -nostdlib -o \${lib}-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \${lib}-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring${_lt_dsymutil}" _LT_TAGVAR(archive_expsym_cmds, $1)="sed 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC -r -keep_private_externs -nostdlib -o \${lib}-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \${lib}-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring${_lt_dar_export_syms}${_lt_dsymutil}" fi ],[]) else _LT_TAGVAR(ld_shlibs, $1)=no fi ]) # _LT_SYS_MODULE_PATH_AIX([TAGNAME]) # ---------------------------------- # Links a minimal program and checks the executable # for the system default hardcoded library path. In most cases, # this is /usr/lib:/lib, but when the MPI compilers are used # the location of the communication and MPI libs are included too. # If we don't find anything, use the default library path according # to the aix ld manual. # Store the results from the different compilers for each TAGNAME. # Allow to override them for all tags through lt_cv_aix_libpath. m4_defun([_LT_SYS_MODULE_PATH_AIX], [m4_require([_LT_DECL_SED])dnl if test "${lt_cv_aix_libpath+set}" = set; then aix_libpath=$lt_cv_aix_libpath else AC_CACHE_VAL([_LT_TAGVAR([lt_cv_aix_libpath_], [$1])], [AC_LINK_IFELSE([AC_LANG_PROGRAM],[ lt_aix_libpath_sed='[ /Import File Strings/,/^$/ { /^0/ { s/^0 *\([^ ]*\) *$/\1/ p } }]' _LT_TAGVAR([lt_cv_aix_libpath_], [$1])=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` # Check for a 64-bit object if we didn't find anything. if test -z "$_LT_TAGVAR([lt_cv_aix_libpath_], [$1])"; then _LT_TAGVAR([lt_cv_aix_libpath_], [$1])=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` fi],[]) if test -z "$_LT_TAGVAR([lt_cv_aix_libpath_], [$1])"; then _LT_TAGVAR([lt_cv_aix_libpath_], [$1])="/usr/lib:/lib" fi ]) aix_libpath=$_LT_TAGVAR([lt_cv_aix_libpath_], [$1]) fi ])# _LT_SYS_MODULE_PATH_AIX # _LT_SHELL_INIT(ARG) # ------------------- m4_define([_LT_SHELL_INIT], [m4_divert_text([M4SH-INIT], [$1 ])])# _LT_SHELL_INIT # _LT_PROG_ECHO_BACKSLASH # ----------------------- # Find how we can fake an echo command that does not interpret backslash. # In particular, with Autoconf 2.60 or later we add some code to the start # of the generated configure script which will find a shell with a builtin # printf (which we can use as an echo command). m4_defun([_LT_PROG_ECHO_BACKSLASH], [ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO$ECHO AC_MSG_CHECKING([how to print strings]) # Test print first, because it will be a builtin if present. if test "X`( print -r -- -n ) 2>/dev/null`" = X-n && \ test "X`print -r -- $ECHO 2>/dev/null`" = "X$ECHO"; then ECHO='print -r --' elif test "X`printf %s $ECHO 2>/dev/null`" = "X$ECHO"; then ECHO='printf %s\n' else # Use this function as a fallback that always works. func_fallback_echo () { eval 'cat <<_LTECHO_EOF $[]1 _LTECHO_EOF' } ECHO='func_fallback_echo' fi # func_echo_all arg... # Invoke $ECHO with all args, space-separated. func_echo_all () { $ECHO "$*" } case "$ECHO" in printf*) AC_MSG_RESULT([printf]) ;; print*) AC_MSG_RESULT([print -r]) ;; *) AC_MSG_RESULT([cat]) ;; esac m4_ifdef([_AS_DETECT_SUGGESTED], [_AS_DETECT_SUGGESTED([ test -n "${ZSH_VERSION+set}${BASH_VERSION+set}" || ( ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO$ECHO PATH=/empty FPATH=/empty; export PATH FPATH test "X`printf %s $ECHO`" = "X$ECHO" \ || test "X`print -r -- $ECHO`" = "X$ECHO" )])]) _LT_DECL([], [SHELL], [1], [Shell to use when invoking shell scripts]) _LT_DECL([], [ECHO], [1], [An echo program that protects backslashes]) ])# _LT_PROG_ECHO_BACKSLASH # _LT_WITH_SYSROOT # ---------------- AC_DEFUN([_LT_WITH_SYSROOT], [AC_MSG_CHECKING([for sysroot]) AC_ARG_WITH([sysroot], [ --with-sysroot[=DIR] Search for dependent libraries within DIR (or the compiler's sysroot if not specified).], [], [with_sysroot=no]) dnl lt_sysroot will always be passed unquoted. We quote it here dnl in case the user passed a directory name. lt_sysroot= case ${with_sysroot} in #( yes) if test "$GCC" = yes; then lt_sysroot=`$CC --print-sysroot 2>/dev/null` fi ;; #( /*) lt_sysroot=`echo "$with_sysroot" | sed -e "$sed_quote_subst"` ;; #( no|'') ;; #( *) AC_MSG_RESULT([${with_sysroot}]) AC_MSG_ERROR([The sysroot must be an absolute path.]) ;; esac AC_MSG_RESULT([${lt_sysroot:-no}]) _LT_DECL([], [lt_sysroot], [0], [The root where to search for ]dnl [dependent libraries, and in which our libraries should be installed.])]) # _LT_ENABLE_LOCK # --------------- m4_defun([_LT_ENABLE_LOCK], [AC_ARG_ENABLE([libtool-lock], [AS_HELP_STRING([--disable-libtool-lock], [avoid locking (might break parallel builds)])]) test "x$enable_libtool_lock" != xno && enable_libtool_lock=yes # Some flags need to be propagated to the compiler or linker for good # libtool support. case $host in ia64-*-hpux*) # Find out which ABI we are using. echo 'int i;' > conftest.$ac_ext if AC_TRY_EVAL(ac_compile); then case `/usr/bin/file conftest.$ac_objext` in *ELF-32*) HPUX_IA64_MODE="32" ;; *ELF-64*) HPUX_IA64_MODE="64" ;; esac fi rm -rf conftest* ;; *-*-irix6*) # Find out which ABI we are using. echo '[#]line '$LINENO' "configure"' > conftest.$ac_ext if AC_TRY_EVAL(ac_compile); then if test "$lt_cv_prog_gnu_ld" = yes; then case `/usr/bin/file conftest.$ac_objext` in *32-bit*) LD="${LD-ld} -melf32bsmip" ;; *N32*) LD="${LD-ld} -melf32bmipn32" ;; *64-bit*) LD="${LD-ld} -melf64bmip" ;; esac else case `/usr/bin/file conftest.$ac_objext` in *32-bit*) LD="${LD-ld} -32" ;; *N32*) LD="${LD-ld} -n32" ;; *64-bit*) LD="${LD-ld} -64" ;; esac fi fi rm -rf conftest* ;; x86_64-*kfreebsd*-gnu|x86_64-*linux*|ppc*-*linux*|powerpc*-*linux*| \ s390*-*linux*|s390*-*tpf*|sparc*-*linux*) # Find out which ABI we are using. echo 'int i;' > conftest.$ac_ext if AC_TRY_EVAL(ac_compile); then case `/usr/bin/file conftest.o` in *32-bit*) case $host in x86_64-*kfreebsd*-gnu) LD="${LD-ld} -m elf_i386_fbsd" ;; x86_64-*linux*) LD="${LD-ld} -m elf_i386" ;; ppc64-*linux*|powerpc64-*linux*) LD="${LD-ld} -m elf32ppclinux" ;; s390x-*linux*) LD="${LD-ld} -m elf_s390" ;; sparc64-*linux*) LD="${LD-ld} -m elf32_sparc" ;; esac ;; *64-bit*) case $host in x86_64-*kfreebsd*-gnu) LD="${LD-ld} -m elf_x86_64_fbsd" ;; x86_64-*linux*) LD="${LD-ld} -m elf_x86_64" ;; ppc*-*linux*|powerpc*-*linux*) LD="${LD-ld} -m elf64ppc" ;; s390*-*linux*|s390*-*tpf*) LD="${LD-ld} -m elf64_s390" ;; sparc*-*linux*) LD="${LD-ld} -m elf64_sparc" ;; esac ;; esac fi rm -rf conftest* ;; *-*-sco3.2v5*) # On SCO OpenServer 5, we need -belf to get full-featured binaries. SAVE_CFLAGS="$CFLAGS" CFLAGS="$CFLAGS -belf" AC_CACHE_CHECK([whether the C compiler needs -belf], lt_cv_cc_needs_belf, [AC_LANG_PUSH(C) AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],[[]])],[lt_cv_cc_needs_belf=yes],[lt_cv_cc_needs_belf=no]) AC_LANG_POP]) if test x"$lt_cv_cc_needs_belf" != x"yes"; then # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf CFLAGS="$SAVE_CFLAGS" fi ;; *-*solaris*) # Find out which ABI we are using. echo 'int i;' > conftest.$ac_ext if AC_TRY_EVAL(ac_compile); then case `/usr/bin/file conftest.o` in *64-bit*) case $lt_cv_prog_gnu_ld in yes*) case $host in i?86-*-solaris*) LD="${LD-ld} -m elf_x86_64" ;; sparc*-*-solaris*) LD="${LD-ld} -m elf64_sparc" ;; esac # GNU ld 2.21 introduced _sol2 emulations. Use them if available. if ${LD-ld} -V | grep _sol2 >/dev/null 2>&1; then LD="${LD-ld}_sol2" fi ;; *) if ${LD-ld} -64 -r -o conftest2.o conftest.o >/dev/null 2>&1; then LD="${LD-ld} -64" fi ;; esac ;; esac fi rm -rf conftest* ;; esac need_locks="$enable_libtool_lock" ])# _LT_ENABLE_LOCK # _LT_PROG_AR # ----------- m4_defun([_LT_PROG_AR], [AC_CHECK_TOOLS(AR, [ar], false) : ${AR=ar} : ${AR_FLAGS=cru} _LT_DECL([], [AR], [1], [The archiver]) _LT_DECL([], [AR_FLAGS], [1], [Flags to create an archive]) AC_CACHE_CHECK([for archiver @FILE support], [lt_cv_ar_at_file], [lt_cv_ar_at_file=no AC_COMPILE_IFELSE([AC_LANG_PROGRAM], [echo conftest.$ac_objext > conftest.lst lt_ar_try='$AR $AR_FLAGS libconftest.a @conftest.lst >&AS_MESSAGE_LOG_FD' AC_TRY_EVAL([lt_ar_try]) if test "$ac_status" -eq 0; then # Ensure the archiver fails upon bogus file names. rm -f conftest.$ac_objext libconftest.a AC_TRY_EVAL([lt_ar_try]) if test "$ac_status" -ne 0; then lt_cv_ar_at_file=@ fi fi rm -f conftest.* libconftest.a ]) ]) if test "x$lt_cv_ar_at_file" = xno; then archiver_list_spec= else archiver_list_spec=$lt_cv_ar_at_file fi _LT_DECL([], [archiver_list_spec], [1], [How to feed a file listing to the archiver]) ])# _LT_PROG_AR # _LT_CMD_OLD_ARCHIVE # ------------------- m4_defun([_LT_CMD_OLD_ARCHIVE], [_LT_PROG_AR AC_CHECK_TOOL(STRIP, strip, :) test -z "$STRIP" && STRIP=: _LT_DECL([], [STRIP], [1], [A symbol stripping program]) AC_CHECK_TOOL(RANLIB, ranlib, :) test -z "$RANLIB" && RANLIB=: _LT_DECL([], [RANLIB], [1], [Commands used to install an old-style archive]) # Determine commands to create old-style static archives. old_archive_cmds='$AR $AR_FLAGS $oldlib$oldobjs' old_postinstall_cmds='chmod 644 $oldlib' old_postuninstall_cmds= if test -n "$RANLIB"; then case $host_os in openbsd*) old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$tool_oldlib" ;; *) old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$tool_oldlib" ;; esac old_archive_cmds="$old_archive_cmds~\$RANLIB \$tool_oldlib" fi case $host_os in darwin*) lock_old_archive_extraction=yes ;; *) lock_old_archive_extraction=no ;; esac _LT_DECL([], [old_postinstall_cmds], [2]) _LT_DECL([], [old_postuninstall_cmds], [2]) _LT_TAGDECL([], [old_archive_cmds], [2], [Commands used to build an old-style archive]) _LT_DECL([], [lock_old_archive_extraction], [0], [Whether to use a lock for old archive extraction]) ])# _LT_CMD_OLD_ARCHIVE # _LT_COMPILER_OPTION(MESSAGE, VARIABLE-NAME, FLAGS, # [OUTPUT-FILE], [ACTION-SUCCESS], [ACTION-FAILURE]) # ---------------------------------------------------------------- # Check whether the given compiler option works AC_DEFUN([_LT_COMPILER_OPTION], [m4_require([_LT_FILEUTILS_DEFAULTS])dnl m4_require([_LT_DECL_SED])dnl AC_CACHE_CHECK([$1], [$2], [$2=no m4_if([$4], , [ac_outfile=conftest.$ac_objext], [ac_outfile=$4]) echo "$lt_simple_compile_test_code" > conftest.$ac_ext lt_compiler_flag="$3" # Insert the option either (1) after the last *FLAGS variable, or # (2) before a word containing "conftest.", or (3) at the end. # Note that $ac_compile itself does not contain backslashes and begins # with a dollar sign (not a hyphen), so the echo should work correctly. # The option is referenced via a variable to avoid confusing sed. lt_compile=`echo "$ac_compile" | $SED \ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [[^ ]]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&AS_MESSAGE_LOG_FD) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&AS_MESSAGE_LOG_FD echo "$as_me:$LINENO: \$? = $ac_status" >&AS_MESSAGE_LOG_FD if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' >conftest.exp $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then $2=yes fi fi $RM conftest* ]) if test x"[$]$2" = xyes; then m4_if([$5], , :, [$5]) else m4_if([$6], , :, [$6]) fi ])# _LT_COMPILER_OPTION # Old name: AU_ALIAS([AC_LIBTOOL_COMPILER_OPTION], [_LT_COMPILER_OPTION]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([AC_LIBTOOL_COMPILER_OPTION], []) # _LT_LINKER_OPTION(MESSAGE, VARIABLE-NAME, FLAGS, # [ACTION-SUCCESS], [ACTION-FAILURE]) # ---------------------------------------------------- # Check whether the given linker option works AC_DEFUN([_LT_LINKER_OPTION], [m4_require([_LT_FILEUTILS_DEFAULTS])dnl m4_require([_LT_DECL_SED])dnl AC_CACHE_CHECK([$1], [$2], [$2=no save_LDFLAGS="$LDFLAGS" LDFLAGS="$LDFLAGS $3" echo "$lt_simple_link_test_code" > conftest.$ac_ext if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then # The linker can only warn and ignore the option if not recognized # So say no if there are warnings if test -s conftest.err; then # Append any errors to the config.log. cat conftest.err 1>&AS_MESSAGE_LOG_FD $ECHO "$_lt_linker_boilerplate" | $SED '/^$/d' > conftest.exp $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 if diff conftest.exp conftest.er2 >/dev/null; then $2=yes fi else $2=yes fi fi $RM -r conftest* LDFLAGS="$save_LDFLAGS" ]) if test x"[$]$2" = xyes; then m4_if([$4], , :, [$4]) else m4_if([$5], , :, [$5]) fi ])# _LT_LINKER_OPTION # Old name: AU_ALIAS([AC_LIBTOOL_LINKER_OPTION], [_LT_LINKER_OPTION]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([AC_LIBTOOL_LINKER_OPTION], []) # LT_CMD_MAX_LEN #--------------- AC_DEFUN([LT_CMD_MAX_LEN], [AC_REQUIRE([AC_CANONICAL_HOST])dnl # find the maximum length of command line arguments AC_MSG_CHECKING([the maximum length of command line arguments]) AC_CACHE_VAL([lt_cv_sys_max_cmd_len], [dnl i=0 teststring="ABCD" case $build_os in msdosdjgpp*) # On DJGPP, this test can blow up pretty badly due to problems in libc # (any single argument exceeding 2000 bytes causes a buffer overrun # during glob expansion). Even if it were fixed, the result of this # check would be larger than it should be. lt_cv_sys_max_cmd_len=12288; # 12K is about right ;; gnu*) # Under GNU Hurd, this test is not required because there is # no limit to the length of command line arguments. # Libtool will interpret -1 as no limit whatsoever lt_cv_sys_max_cmd_len=-1; ;; cygwin* | mingw* | cegcc*) # On Win9x/ME, this test blows up -- it succeeds, but takes # about 5 minutes as the teststring grows exponentially. # Worse, since 9x/ME are not pre-emptively multitasking, # you end up with a "frozen" computer, even though with patience # the test eventually succeeds (with a max line length of 256k). # Instead, let's just punt: use the minimum linelength reported by # all of the supported platforms: 8192 (on NT/2K/XP). lt_cv_sys_max_cmd_len=8192; ;; mint*) # On MiNT this can take a long time and run out of memory. lt_cv_sys_max_cmd_len=8192; ;; amigaos*) # On AmigaOS with pdksh, this test takes hours, literally. # So we just punt and use a minimum line length of 8192. lt_cv_sys_max_cmd_len=8192; ;; netbsd* | freebsd* | openbsd* | darwin* | dragonfly*) # This has been around since 386BSD, at least. Likely further. if test -x /sbin/sysctl; then lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax` elif test -x /usr/sbin/sysctl; then lt_cv_sys_max_cmd_len=`/usr/sbin/sysctl -n kern.argmax` else lt_cv_sys_max_cmd_len=65536 # usable default for all BSDs fi # And add a safety zone lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4` lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3` ;; interix*) # We know the value 262144 and hardcode it with a safety zone (like BSD) lt_cv_sys_max_cmd_len=196608 ;; os2*) # The test takes a long time on OS/2. lt_cv_sys_max_cmd_len=8192 ;; osf*) # Dr. Hans Ekkehard Plesser reports seeing a kernel panic running configure # due to this test when exec_disable_arg_limit is 1 on Tru64. It is not # nice to cause kernel panics so lets avoid the loop below. # First set a reasonable default. lt_cv_sys_max_cmd_len=16384 # if test -x /sbin/sysconfig; then case `/sbin/sysconfig -q proc exec_disable_arg_limit` in *1*) lt_cv_sys_max_cmd_len=-1 ;; esac fi ;; sco3.2v5*) lt_cv_sys_max_cmd_len=102400 ;; sysv5* | sco5v6* | sysv4.2uw2*) kargmax=`grep ARG_MAX /etc/conf/cf.d/stune 2>/dev/null` if test -n "$kargmax"; then lt_cv_sys_max_cmd_len=`echo $kargmax | sed 's/.*[[ ]]//'` else lt_cv_sys_max_cmd_len=32768 fi ;; *) lt_cv_sys_max_cmd_len=`(getconf ARG_MAX) 2> /dev/null` if test -n "$lt_cv_sys_max_cmd_len"; then lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4` lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3` else # Make teststring a little bigger before we do anything with it. # a 1K string should be a reasonable start. for i in 1 2 3 4 5 6 7 8 ; do teststring=$teststring$teststring done SHELL=${SHELL-${CONFIG_SHELL-/bin/sh}} # If test is not a shell built-in, we'll probably end up computing a # maximum length that is only half of the actual maximum length, but # we can't tell. while { test "X"`env echo "$teststring$teststring" 2>/dev/null` \ = "X$teststring$teststring"; } >/dev/null 2>&1 && test $i != 17 # 1/2 MB should be enough do i=`expr $i + 1` teststring=$teststring$teststring done # Only check the string length outside the loop. lt_cv_sys_max_cmd_len=`expr "X$teststring" : ".*" 2>&1` teststring= # Add a significant safety factor because C++ compilers can tack on # massive amounts of additional arguments before passing them to the # linker. It appears as though 1/2 is a usable value. lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 2` fi ;; esac ]) if test -n $lt_cv_sys_max_cmd_len ; then AC_MSG_RESULT($lt_cv_sys_max_cmd_len) else AC_MSG_RESULT(none) fi max_cmd_len=$lt_cv_sys_max_cmd_len _LT_DECL([], [max_cmd_len], [0], [What is the maximum length of a command?]) ])# LT_CMD_MAX_LEN # Old name: AU_ALIAS([AC_LIBTOOL_SYS_MAX_CMD_LEN], [LT_CMD_MAX_LEN]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([AC_LIBTOOL_SYS_MAX_CMD_LEN], []) # _LT_HEADER_DLFCN # ---------------- m4_defun([_LT_HEADER_DLFCN], [AC_CHECK_HEADERS([dlfcn.h], [], [], [AC_INCLUDES_DEFAULT])dnl ])# _LT_HEADER_DLFCN # _LT_TRY_DLOPEN_SELF (ACTION-IF-TRUE, ACTION-IF-TRUE-W-USCORE, # ACTION-IF-FALSE, ACTION-IF-CROSS-COMPILING) # ---------------------------------------------------------------- m4_defun([_LT_TRY_DLOPEN_SELF], [m4_require([_LT_HEADER_DLFCN])dnl if test "$cross_compiling" = yes; then : [$4] else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<_LT_EOF [#line $LINENO "configure" #include "confdefs.h" #if HAVE_DLFCN_H #include #endif #include #ifdef RTLD_GLOBAL # define LT_DLGLOBAL RTLD_GLOBAL #else # ifdef DL_GLOBAL # define LT_DLGLOBAL DL_GLOBAL # else # define LT_DLGLOBAL 0 # endif #endif /* We may have to define LT_DLLAZY_OR_NOW in the command line if we find out it does not work in some platform. */ #ifndef LT_DLLAZY_OR_NOW # ifdef RTLD_LAZY # define LT_DLLAZY_OR_NOW RTLD_LAZY # else # ifdef DL_LAZY # define LT_DLLAZY_OR_NOW DL_LAZY # else # ifdef RTLD_NOW # define LT_DLLAZY_OR_NOW RTLD_NOW # else # ifdef DL_NOW # define LT_DLLAZY_OR_NOW DL_NOW # else # define LT_DLLAZY_OR_NOW 0 # endif # endif # endif # endif #endif /* When -fvisbility=hidden is used, assume the code has been annotated correspondingly for the symbols needed. */ #if defined(__GNUC__) && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3)) int fnord () __attribute__((visibility("default"))); #endif int fnord () { return 42; } int main () { void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW); int status = $lt_dlunknown; if (self) { if (dlsym (self,"fnord")) status = $lt_dlno_uscore; else { if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore; else puts (dlerror ()); } /* dlclose (self); */ } else puts (dlerror ()); return status; }] _LT_EOF if AC_TRY_EVAL(ac_link) && test -s conftest${ac_exeext} 2>/dev/null; then (./conftest; exit; ) >&AS_MESSAGE_LOG_FD 2>/dev/null lt_status=$? case x$lt_status in x$lt_dlno_uscore) $1 ;; x$lt_dlneed_uscore) $2 ;; x$lt_dlunknown|x*) $3 ;; esac else : # compilation failed $3 fi fi rm -fr conftest* ])# _LT_TRY_DLOPEN_SELF # LT_SYS_DLOPEN_SELF # ------------------ AC_DEFUN([LT_SYS_DLOPEN_SELF], [m4_require([_LT_HEADER_DLFCN])dnl if test "x$enable_dlopen" != xyes; then enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown else lt_cv_dlopen=no lt_cv_dlopen_libs= case $host_os in beos*) lt_cv_dlopen="load_add_on" lt_cv_dlopen_libs= lt_cv_dlopen_self=yes ;; mingw* | pw32* | cegcc*) lt_cv_dlopen="LoadLibrary" lt_cv_dlopen_libs= ;; cygwin*) lt_cv_dlopen="dlopen" lt_cv_dlopen_libs= ;; darwin*) # if libdl is installed we need to link against it AC_CHECK_LIB([dl], [dlopen], [lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"],[ lt_cv_dlopen="dyld" lt_cv_dlopen_libs= lt_cv_dlopen_self=yes ]) ;; *) AC_CHECK_FUNC([shl_load], [lt_cv_dlopen="shl_load"], [AC_CHECK_LIB([dld], [shl_load], [lt_cv_dlopen="shl_load" lt_cv_dlopen_libs="-ldld"], [AC_CHECK_FUNC([dlopen], [lt_cv_dlopen="dlopen"], [AC_CHECK_LIB([dl], [dlopen], [lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"], [AC_CHECK_LIB([svld], [dlopen], [lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-lsvld"], [AC_CHECK_LIB([dld], [dld_link], [lt_cv_dlopen="dld_link" lt_cv_dlopen_libs="-ldld"]) ]) ]) ]) ]) ]) ;; esac if test "x$lt_cv_dlopen" != xno; then enable_dlopen=yes else enable_dlopen=no fi case $lt_cv_dlopen in dlopen) save_CPPFLAGS="$CPPFLAGS" test "x$ac_cv_header_dlfcn_h" = xyes && CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H" save_LDFLAGS="$LDFLAGS" wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $export_dynamic_flag_spec\" save_LIBS="$LIBS" LIBS="$lt_cv_dlopen_libs $LIBS" AC_CACHE_CHECK([whether a program can dlopen itself], lt_cv_dlopen_self, [dnl _LT_TRY_DLOPEN_SELF( lt_cv_dlopen_self=yes, lt_cv_dlopen_self=yes, lt_cv_dlopen_self=no, lt_cv_dlopen_self=cross) ]) if test "x$lt_cv_dlopen_self" = xyes; then wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $lt_prog_compiler_static\" AC_CACHE_CHECK([whether a statically linked program can dlopen itself], lt_cv_dlopen_self_static, [dnl _LT_TRY_DLOPEN_SELF( lt_cv_dlopen_self_static=yes, lt_cv_dlopen_self_static=yes, lt_cv_dlopen_self_static=no, lt_cv_dlopen_self_static=cross) ]) fi CPPFLAGS="$save_CPPFLAGS" LDFLAGS="$save_LDFLAGS" LIBS="$save_LIBS" ;; esac case $lt_cv_dlopen_self in yes|no) enable_dlopen_self=$lt_cv_dlopen_self ;; *) enable_dlopen_self=unknown ;; esac case $lt_cv_dlopen_self_static in yes|no) enable_dlopen_self_static=$lt_cv_dlopen_self_static ;; *) enable_dlopen_self_static=unknown ;; esac fi _LT_DECL([dlopen_support], [enable_dlopen], [0], [Whether dlopen is supported]) _LT_DECL([dlopen_self], [enable_dlopen_self], [0], [Whether dlopen of programs is supported]) _LT_DECL([dlopen_self_static], [enable_dlopen_self_static], [0], [Whether dlopen of statically linked programs is supported]) ])# LT_SYS_DLOPEN_SELF # Old name: AU_ALIAS([AC_LIBTOOL_DLOPEN_SELF], [LT_SYS_DLOPEN_SELF]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([AC_LIBTOOL_DLOPEN_SELF], []) # _LT_COMPILER_C_O([TAGNAME]) # --------------------------- # Check to see if options -c and -o are simultaneously supported by compiler. # This macro does not hard code the compiler like AC_PROG_CC_C_O. m4_defun([_LT_COMPILER_C_O], [m4_require([_LT_DECL_SED])dnl m4_require([_LT_FILEUTILS_DEFAULTS])dnl m4_require([_LT_TAG_COMPILER])dnl AC_CACHE_CHECK([if $compiler supports -c -o file.$ac_objext], [_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)], [_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)=no $RM -r conftest 2>/dev/null mkdir conftest cd conftest mkdir out echo "$lt_simple_compile_test_code" > conftest.$ac_ext lt_compiler_flag="-o out/conftest2.$ac_objext" # Insert the option either (1) after the last *FLAGS variable, or # (2) before a word containing "conftest.", or (3) at the end. # Note that $ac_compile itself does not contain backslashes and begins # with a dollar sign (not a hyphen), so the echo should work correctly. lt_compile=`echo "$ac_compile" | $SED \ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [[^ ]]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&AS_MESSAGE_LOG_FD) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&AS_MESSAGE_LOG_FD echo "$as_me:$LINENO: \$? = $ac_status" >&AS_MESSAGE_LOG_FD if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' > out/conftest.exp $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2 if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then _LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)=yes fi fi chmod u+w . 2>&AS_MESSAGE_LOG_FD $RM conftest* # SGI C++ compiler will create directory out/ii_files/ for # template instantiation test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files $RM out/* && rmdir out cd .. $RM -r conftest $RM conftest* ]) _LT_TAGDECL([compiler_c_o], [lt_cv_prog_compiler_c_o], [1], [Does compiler simultaneously support -c and -o options?]) ])# _LT_COMPILER_C_O # _LT_COMPILER_FILE_LOCKS([TAGNAME]) # ---------------------------------- # Check to see if we can do hard links to lock some files if needed m4_defun([_LT_COMPILER_FILE_LOCKS], [m4_require([_LT_ENABLE_LOCK])dnl m4_require([_LT_FILEUTILS_DEFAULTS])dnl _LT_COMPILER_C_O([$1]) hard_links="nottested" if test "$_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)" = no && test "$need_locks" != no; then # do not overwrite the value of need_locks provided by the user AC_MSG_CHECKING([if we can lock with hard links]) hard_links=yes $RM conftest* ln conftest.a conftest.b 2>/dev/null && hard_links=no touch conftest.a ln conftest.a conftest.b 2>&5 || hard_links=no ln conftest.a conftest.b 2>/dev/null && hard_links=no AC_MSG_RESULT([$hard_links]) if test "$hard_links" = no; then AC_MSG_WARN([`$CC' does not support `-c -o', so `make -j' may be unsafe]) need_locks=warn fi else need_locks=no fi _LT_DECL([], [need_locks], [1], [Must we lock files when doing compilation?]) ])# _LT_COMPILER_FILE_LOCKS # _LT_CHECK_OBJDIR # ---------------- m4_defun([_LT_CHECK_OBJDIR], [AC_CACHE_CHECK([for objdir], [lt_cv_objdir], [rm -f .libs 2>/dev/null mkdir .libs 2>/dev/null if test -d .libs; then lt_cv_objdir=.libs else # MS-DOS does not allow filenames that begin with a dot. lt_cv_objdir=_libs fi rmdir .libs 2>/dev/null]) objdir=$lt_cv_objdir _LT_DECL([], [objdir], [0], [The name of the directory that contains temporary libtool files])dnl m4_pattern_allow([LT_OBJDIR])dnl AC_DEFINE_UNQUOTED(LT_OBJDIR, "$lt_cv_objdir/", [Define to the sub-directory in which libtool stores uninstalled libraries.]) ])# _LT_CHECK_OBJDIR # _LT_LINKER_HARDCODE_LIBPATH([TAGNAME]) # -------------------------------------- # Check hardcoding attributes. m4_defun([_LT_LINKER_HARDCODE_LIBPATH], [AC_MSG_CHECKING([how to hardcode library paths into programs]) _LT_TAGVAR(hardcode_action, $1)= if test -n "$_LT_TAGVAR(hardcode_libdir_flag_spec, $1)" || test -n "$_LT_TAGVAR(runpath_var, $1)" || test "X$_LT_TAGVAR(hardcode_automatic, $1)" = "Xyes" ; then # We can hardcode non-existent directories. if test "$_LT_TAGVAR(hardcode_direct, $1)" != no && # If the only mechanism to avoid hardcoding is shlibpath_var, we # have to relink, otherwise we might link with an installed library # when we should be linking with a yet-to-be-installed one ## test "$_LT_TAGVAR(hardcode_shlibpath_var, $1)" != no && test "$_LT_TAGVAR(hardcode_minus_L, $1)" != no; then # Linking always hardcodes the temporary library directory. _LT_TAGVAR(hardcode_action, $1)=relink else # We can link without hardcoding, and we can hardcode nonexisting dirs. _LT_TAGVAR(hardcode_action, $1)=immediate fi else # We cannot hardcode anything, or else we can only hardcode existing # directories. _LT_TAGVAR(hardcode_action, $1)=unsupported fi AC_MSG_RESULT([$_LT_TAGVAR(hardcode_action, $1)]) if test "$_LT_TAGVAR(hardcode_action, $1)" = relink || test "$_LT_TAGVAR(inherit_rpath, $1)" = yes; then # Fast installation is not supported enable_fast_install=no elif test "$shlibpath_overrides_runpath" = yes || test "$enable_shared" = no; then # Fast installation is not necessary enable_fast_install=needless fi _LT_TAGDECL([], [hardcode_action], [0], [How to hardcode a shared library path into an executable]) ])# _LT_LINKER_HARDCODE_LIBPATH # _LT_CMD_STRIPLIB # ---------------- m4_defun([_LT_CMD_STRIPLIB], [m4_require([_LT_DECL_EGREP]) striplib= old_striplib= AC_MSG_CHECKING([whether stripping libraries is possible]) if test -n "$STRIP" && $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then test -z "$old_striplib" && old_striplib="$STRIP --strip-debug" test -z "$striplib" && striplib="$STRIP --strip-unneeded" AC_MSG_RESULT([yes]) else # FIXME - insert some real tests, host_os isn't really good enough case $host_os in darwin*) if test -n "$STRIP" ; then striplib="$STRIP -x" old_striplib="$STRIP -S" AC_MSG_RESULT([yes]) else AC_MSG_RESULT([no]) fi ;; *) AC_MSG_RESULT([no]) ;; esac fi _LT_DECL([], [old_striplib], [1], [Commands to strip libraries]) _LT_DECL([], [striplib], [1]) ])# _LT_CMD_STRIPLIB # _LT_SYS_DYNAMIC_LINKER([TAG]) # ----------------------------- # PORTME Fill in your ld.so characteristics m4_defun([_LT_SYS_DYNAMIC_LINKER], [AC_REQUIRE([AC_CANONICAL_HOST])dnl m4_require([_LT_DECL_EGREP])dnl m4_require([_LT_FILEUTILS_DEFAULTS])dnl m4_require([_LT_DECL_OBJDUMP])dnl m4_require([_LT_DECL_SED])dnl m4_require([_LT_CHECK_SHELL_FEATURES])dnl AC_MSG_CHECKING([dynamic linker characteristics]) m4_if([$1], [], [ if test "$GCC" = yes; then case $host_os in darwin*) lt_awk_arg="/^libraries:/,/LR/" ;; *) lt_awk_arg="/^libraries:/" ;; esac case $host_os in mingw* | cegcc*) lt_sed_strip_eq="s,=\([[A-Za-z]]:\),\1,g" ;; *) lt_sed_strip_eq="s,=/,/,g" ;; esac lt_search_path_spec=`$CC -print-search-dirs | awk $lt_awk_arg | $SED -e "s/^libraries://" -e $lt_sed_strip_eq` case $lt_search_path_spec in *\;*) # if the path contains ";" then we assume it to be the separator # otherwise default to the standard path separator (i.e. ":") - it is # assumed that no part of a normal pathname contains ";" but that should # okay in the real world where ";" in dirpaths is itself problematic. lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED 's/;/ /g'` ;; *) lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED "s/$PATH_SEPARATOR/ /g"` ;; esac # Ok, now we have the path, separated by spaces, we can step through it # and add multilib dir if necessary. lt_tmp_lt_search_path_spec= lt_multi_os_dir=`$CC $CPPFLAGS $CFLAGS $LDFLAGS -print-multi-os-directory 2>/dev/null` for lt_sys_path in $lt_search_path_spec; do if test -d "$lt_sys_path/$lt_multi_os_dir"; then lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path/$lt_multi_os_dir" else test -d "$lt_sys_path" && \ lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path" fi done lt_search_path_spec=`$ECHO "$lt_tmp_lt_search_path_spec" | awk ' BEGIN {RS=" "; FS="/|\n";} { lt_foo=""; lt_count=0; for (lt_i = NF; lt_i > 0; lt_i--) { if ($lt_i != "" && $lt_i != ".") { if ($lt_i == "..") { lt_count++; } else { if (lt_count == 0) { lt_foo="/" $lt_i lt_foo; } else { lt_count--; } } } } if (lt_foo != "") { lt_freq[[lt_foo]]++; } if (lt_freq[[lt_foo]] == 1) { print lt_foo; } }'` # AWK program above erroneously prepends '/' to C:/dos/paths # for these hosts. case $host_os in mingw* | cegcc*) lt_search_path_spec=`$ECHO "$lt_search_path_spec" |\ $SED 's,/\([[A-Za-z]]:\),\1,g'` ;; esac sys_lib_search_path_spec=`$ECHO "$lt_search_path_spec" | $lt_NL2SP` else sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib" fi]) library_names_spec= libname_spec='lib$name' soname_spec= shrext_cmds=".so" postinstall_cmds= postuninstall_cmds= finish_cmds= finish_eval= shlibpath_var= shlibpath_overrides_runpath=unknown version_type=none dynamic_linker="$host_os ld.so" sys_lib_dlsearch_path_spec="/lib /usr/lib" need_lib_prefix=unknown hardcode_into_libs=no # when you set need_version to no, make sure it does not cause -set_version # flags to be left without arguments need_version=unknown case $host_os in aix3*) version_type=linux # correct to gnu/linux during the next big refactor library_names_spec='${libname}${release}${shared_ext}$versuffix $libname.a' shlibpath_var=LIBPATH # AIX 3 has no versioning support, so we append a major version to the name. soname_spec='${libname}${release}${shared_ext}$major' ;; aix[[4-9]]*) version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no hardcode_into_libs=yes if test "$host_cpu" = ia64; then # AIX 5 supports IA64 library_names_spec='${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext}$versuffix $libname${shared_ext}' shlibpath_var=LD_LIBRARY_PATH else # With GCC up to 2.95.x, collect2 would create an import file # for dependence libraries. The import file would start with # the line `#! .'. This would cause the generated library to # depend on `.', always an invalid library. This was fixed in # development snapshots of GCC prior to 3.0. case $host_os in aix4 | aix4.[[01]] | aix4.[[01]].*) if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)' echo ' yes ' echo '#endif'; } | ${CC} -E - | $GREP yes > /dev/null; then : else can_build_shared=no fi ;; esac # AIX (on Power*) has no versioning support, so currently we can not hardcode correct # soname into executable. Probably we can add versioning support to # collect2, so additional links can be useful in future. if test "$aix_use_runtimelinking" = yes; then # If using run time linking (on AIX 4.2 or later) use lib.so # instead of lib.a to let people know that these are not # typical AIX shared libraries. library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' else # We preserve .a as extension for shared libraries through AIX4.2 # and later when we are not doing run time linking. library_names_spec='${libname}${release}.a $libname.a' soname_spec='${libname}${release}${shared_ext}$major' fi shlibpath_var=LIBPATH fi ;; amigaos*) case $host_cpu in powerpc) # Since July 2007 AmigaOS4 officially supports .so libraries. # When compiling the executable, add -use-dynld -Lsobjs: to the compileline. library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' ;; m68k) library_names_spec='$libname.ixlibrary $libname.a' # Create ${libname}_ixlibrary.a entries in /sys/libs. finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`func_echo_all "$lib" | $SED '\''s%^.*/\([[^/]]*\)\.ixlibrary$%\1%'\''`; test $RM /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done' ;; esac ;; beos*) library_names_spec='${libname}${shared_ext}' dynamic_linker="$host_os ld.so" shlibpath_var=LIBRARY_PATH ;; bsdi[[45]]*) version_type=linux # correct to gnu/linux during the next big refactor need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir' shlibpath_var=LD_LIBRARY_PATH sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib" sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib" # the default ld.so.conf also contains /usr/contrib/lib and # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow # libtool to hard-code these into programs ;; cygwin* | mingw* | pw32* | cegcc*) version_type=windows shrext_cmds=".dll" need_version=no need_lib_prefix=no case $GCC,$cc_basename in yes,*) # gcc library_names_spec='$libname.dll.a' # DLL is installed to $(libdir)/../bin by postinstall_cmds postinstall_cmds='base_file=`basename \${file}`~ dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i; echo \$dlname'\''`~ dldir=$destdir/`dirname \$dlpath`~ test -d \$dldir || mkdir -p \$dldir~ $install_prog $dir/$dlname \$dldir/$dlname~ chmod a+x \$dldir/$dlname~ if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then eval '\''$striplib \$dldir/$dlname'\'' || exit \$?; fi' postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~ dlpath=$dir/\$dldll~ $RM \$dlpath' shlibpath_overrides_runpath=yes case $host_os in cygwin*) # Cygwin DLLs use 'cyg' prefix rather than 'lib' soname_spec='`echo ${libname} | sed -e 's/^lib/cyg/'``echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}' m4_if([$1], [],[ sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/lib/w32api"]) ;; mingw* | cegcc*) # MinGW DLLs use traditional 'lib' prefix soname_spec='${libname}`echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}' ;; pw32*) # pw32 DLLs use 'pw' prefix rather than 'lib' library_names_spec='`echo ${libname} | sed -e 's/^lib/pw/'``echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}' ;; esac dynamic_linker='Win32 ld.exe' ;; *,cl*) # Native MSVC libname_spec='$name' soname_spec='${libname}`echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}' library_names_spec='${libname}.dll.lib' case $build_os in mingw*) sys_lib_search_path_spec= lt_save_ifs=$IFS IFS=';' for lt_path in $LIB do IFS=$lt_save_ifs # Let DOS variable expansion print the short 8.3 style file name. lt_path=`cd "$lt_path" 2>/dev/null && cmd //C "for %i in (".") do @echo %~si"` sys_lib_search_path_spec="$sys_lib_search_path_spec $lt_path" done IFS=$lt_save_ifs # Convert to MSYS style. sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | sed -e 's|\\\\|/|g' -e 's| \\([[a-zA-Z]]\\):| /\\1|g' -e 's|^ ||'` ;; cygwin*) # Convert to unix form, then to dos form, then back to unix form # but this time dos style (no spaces!) so that the unix form looks # like /cygdrive/c/PROGRA~1:/cygdr... sys_lib_search_path_spec=`cygpath --path --unix "$LIB"` sys_lib_search_path_spec=`cygpath --path --dos "$sys_lib_search_path_spec" 2>/dev/null` sys_lib_search_path_spec=`cygpath --path --unix "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` ;; *) sys_lib_search_path_spec="$LIB" if $ECHO "$sys_lib_search_path_spec" | [$GREP ';[c-zC-Z]:/' >/dev/null]; then # It is most probably a Windows format PATH. sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'` else sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` fi # FIXME: find the short name or the path components, as spaces are # common. (e.g. "Program Files" -> "PROGRA~1") ;; esac # DLL is installed to $(libdir)/../bin by postinstall_cmds postinstall_cmds='base_file=`basename \${file}`~ dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i; echo \$dlname'\''`~ dldir=$destdir/`dirname \$dlpath`~ test -d \$dldir || mkdir -p \$dldir~ $install_prog $dir/$dlname \$dldir/$dlname' postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~ dlpath=$dir/\$dldll~ $RM \$dlpath' shlibpath_overrides_runpath=yes dynamic_linker='Win32 link.exe' ;; *) # Assume MSVC wrapper library_names_spec='${libname}`echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext} $libname.lib' dynamic_linker='Win32 ld.exe' ;; esac # FIXME: first we should search . and the directory the executable is in shlibpath_var=PATH ;; darwin* | rhapsody*) dynamic_linker="$host_os dyld" version_type=darwin need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${major}$shared_ext ${libname}$shared_ext' soname_spec='${libname}${release}${major}$shared_ext' shlibpath_overrides_runpath=yes shlibpath_var=DYLD_LIBRARY_PATH shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`' m4_if([$1], [],[ sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/local/lib"]) sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib' ;; dgux*) version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname$shared_ext' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH ;; freebsd* | dragonfly*) # DragonFly does not have aout. When/if they implement a new # versioning mechanism, adjust this. if test -x /usr/bin/objformat; then objformat=`/usr/bin/objformat` else case $host_os in freebsd[[23]].*) objformat=aout ;; *) objformat=elf ;; esac fi version_type=freebsd-$objformat case $version_type in freebsd-elf*) library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}' need_version=no need_lib_prefix=no ;; freebsd-*) library_names_spec='${libname}${release}${shared_ext}$versuffix $libname${shared_ext}$versuffix' need_version=yes ;; esac shlibpath_var=LD_LIBRARY_PATH case $host_os in freebsd2.*) shlibpath_overrides_runpath=yes ;; freebsd3.[[01]]* | freebsdelf3.[[01]]*) shlibpath_overrides_runpath=yes hardcode_into_libs=yes ;; freebsd3.[[2-9]]* | freebsdelf3.[[2-9]]* | \ freebsd4.[[0-5]] | freebsdelf4.[[0-5]] | freebsd4.1.1 | freebsdelf4.1.1) shlibpath_overrides_runpath=no hardcode_into_libs=yes ;; *) # from 4.6 on, and DragonFly shlibpath_overrides_runpath=yes hardcode_into_libs=yes ;; esac ;; gnu*) version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=no hardcode_into_libs=yes ;; haiku*) version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no dynamic_linker="$host_os runtime_loader" library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LIBRARY_PATH shlibpath_overrides_runpath=yes sys_lib_dlsearch_path_spec='/boot/home/config/lib /boot/common/lib /boot/system/lib' hardcode_into_libs=yes ;; hpux9* | hpux10* | hpux11*) # Give a soname corresponding to the major version so that dld.sl refuses to # link against other versions. version_type=sunos need_lib_prefix=no need_version=no case $host_cpu in ia64*) shrext_cmds='.so' hardcode_into_libs=yes dynamic_linker="$host_os dld.so" shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' if test "X$HPUX_IA64_MODE" = X32; then sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib" else sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64" fi sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec ;; hppa*64*) shrext_cmds='.sl' hardcode_into_libs=yes dynamic_linker="$host_os dld.sl" shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64" sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec ;; *) shrext_cmds='.sl' dynamic_linker="$host_os dld.sl" shlibpath_var=SHLIB_PATH shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' ;; esac # HP-UX runs *really* slowly unless shared libraries are mode 555, ... postinstall_cmds='chmod 555 $lib' # or fails outright, so override atomically: install_override_mode=555 ;; interix[[3-9]]*) version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=no hardcode_into_libs=yes ;; irix5* | irix6* | nonstopux*) case $host_os in nonstopux*) version_type=nonstopux ;; *) if test "$lt_cv_prog_gnu_ld" = yes; then version_type=linux # correct to gnu/linux during the next big refactor else version_type=irix fi ;; esac need_lib_prefix=no need_version=no soname_spec='${libname}${release}${shared_ext}$major' library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext} $libname${shared_ext}' case $host_os in irix5* | nonstopux*) libsuff= shlibsuff= ;; *) case $LD in # libtool.m4 will add one of these switches to LD *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ") libsuff= shlibsuff= libmagic=32-bit;; *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ") libsuff=32 shlibsuff=N32 libmagic=N32;; *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ") libsuff=64 shlibsuff=64 libmagic=64-bit;; *) libsuff= shlibsuff= libmagic=never-match;; esac ;; esac shlibpath_var=LD_LIBRARY${shlibsuff}_PATH shlibpath_overrides_runpath=no sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}" sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}" hardcode_into_libs=yes ;; # No shared lib support for Linux oldld, aout, or coff. linux*oldld* | linux*aout* | linux*coff*) dynamic_linker=no ;; # This must be glibc/ELF. linux* | k*bsd*-gnu | kopensolaris*-gnu) version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=no # Some binutils ld are patched to set DT_RUNPATH AC_CACHE_VAL([lt_cv_shlibpath_overrides_runpath], [lt_cv_shlibpath_overrides_runpath=no save_LDFLAGS=$LDFLAGS save_libdir=$libdir eval "libdir=/foo; wl=\"$_LT_TAGVAR(lt_prog_compiler_wl, $1)\"; \ LDFLAGS=\"\$LDFLAGS $_LT_TAGVAR(hardcode_libdir_flag_spec, $1)\"" AC_LINK_IFELSE([AC_LANG_PROGRAM([],[])], [AS_IF([ ($OBJDUMP -p conftest$ac_exeext) 2>/dev/null | grep "RUNPATH.*$libdir" >/dev/null], [lt_cv_shlibpath_overrides_runpath=yes])]) LDFLAGS=$save_LDFLAGS libdir=$save_libdir ]) shlibpath_overrides_runpath=$lt_cv_shlibpath_overrides_runpath # This implies no fast_install, which is unacceptable. # Some rework will be needed to allow for fast_install # before this can be enabled. hardcode_into_libs=yes # Add ABI-specific directories to the system library path. sys_lib_dlsearch_path_spec="/lib64 /usr/lib64 /lib /usr/lib" # Append ld.so.conf contents to the search path if test -f /etc/ld.so.conf; then lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \[$]2)); skip = 1; } { if (!skip) print \[$]0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '` sys_lib_dlsearch_path_spec="$sys_lib_dlsearch_path_spec $lt_ld_extra" fi # We used to test for /lib/ld.so.1 and disable shared libraries on # powerpc, because MkLinux only supported shared libraries with the # GNU dynamic linker. Since this was broken with cross compilers, # most powerpc-linux boxes support dynamic linking these days and # people can always --disable-shared, the test was removed, and we # assume the GNU/Linux dynamic linker is in use. dynamic_linker='GNU/Linux ld.so' ;; netbsd*) version_type=sunos need_lib_prefix=no need_version=no if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' dynamic_linker='NetBSD (a.out) ld.so' else library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' dynamic_linker='NetBSD ld.elf_so' fi shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes hardcode_into_libs=yes ;; newsos6) version_type=linux # correct to gnu/linux during the next big refactor library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes ;; *nto* | *qnx*) version_type=qnx need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=no hardcode_into_libs=yes dynamic_linker='ldqnx.so' ;; openbsd*) version_type=sunos sys_lib_dlsearch_path_spec="/usr/lib" need_lib_prefix=no # Some older versions of OpenBSD (3.3 at least) *do* need versioned libs. case $host_os in openbsd3.3 | openbsd3.3.*) need_version=yes ;; *) need_version=no ;; esac library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' shlibpath_var=LD_LIBRARY_PATH if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then case $host_os in openbsd2.[[89]] | openbsd2.[[89]].*) shlibpath_overrides_runpath=no ;; *) shlibpath_overrides_runpath=yes ;; esac else shlibpath_overrides_runpath=yes fi ;; os2*) libname_spec='$name' shrext_cmds=".dll" need_lib_prefix=no library_names_spec='$libname${shared_ext} $libname.a' dynamic_linker='OS/2 ld.exe' shlibpath_var=LIBPATH ;; osf3* | osf4* | osf5*) version_type=osf need_lib_prefix=no need_version=no soname_spec='${libname}${release}${shared_ext}$major' library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' shlibpath_var=LD_LIBRARY_PATH sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib" sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec" ;; rdos*) dynamic_linker=no ;; solaris*) version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes hardcode_into_libs=yes # ldd complains unless libraries are executable postinstall_cmds='chmod +x $lib' ;; sunos4*) version_type=sunos library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes if test "$with_gnu_ld" = yes; then need_lib_prefix=no fi need_version=yes ;; sysv4 | sysv4.3*) version_type=linux # correct to gnu/linux during the next big refactor library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH case $host_vendor in sni) shlibpath_overrides_runpath=no need_lib_prefix=no runpath_var=LD_RUN_PATH ;; siemens) need_lib_prefix=no ;; motorola) need_lib_prefix=no need_version=no shlibpath_overrides_runpath=no sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib' ;; esac ;; sysv4*MP*) if test -d /usr/nec ;then version_type=linux # correct to gnu/linux during the next big refactor library_names_spec='$libname${shared_ext}.$versuffix $libname${shared_ext}.$major $libname${shared_ext}' soname_spec='$libname${shared_ext}.$major' shlibpath_var=LD_LIBRARY_PATH fi ;; sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) version_type=freebsd-elf need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes hardcode_into_libs=yes if test "$with_gnu_ld" = yes; then sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib' else sys_lib_search_path_spec='/usr/ccs/lib /usr/lib' case $host_os in sco3.2v5*) sys_lib_search_path_spec="$sys_lib_search_path_spec /lib" ;; esac fi sys_lib_dlsearch_path_spec='/usr/lib' ;; tpf*) # TPF is a cross-target only. Preferred cross-host = GNU/Linux. version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=no hardcode_into_libs=yes ;; uts4*) version_type=linux # correct to gnu/linux during the next big refactor library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH ;; *) dynamic_linker=no ;; esac AC_MSG_RESULT([$dynamic_linker]) test "$dynamic_linker" = no && can_build_shared=no variables_saved_for_relink="PATH $shlibpath_var $runpath_var" if test "$GCC" = yes; then variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH" fi if test "${lt_cv_sys_lib_search_path_spec+set}" = set; then sys_lib_search_path_spec="$lt_cv_sys_lib_search_path_spec" fi if test "${lt_cv_sys_lib_dlsearch_path_spec+set}" = set; then sys_lib_dlsearch_path_spec="$lt_cv_sys_lib_dlsearch_path_spec" fi _LT_DECL([], [variables_saved_for_relink], [1], [Variables whose values should be saved in libtool wrapper scripts and restored at link time]) _LT_DECL([], [need_lib_prefix], [0], [Do we need the "lib" prefix for modules?]) _LT_DECL([], [need_version], [0], [Do we need a version for libraries?]) _LT_DECL([], [version_type], [0], [Library versioning type]) _LT_DECL([], [runpath_var], [0], [Shared library runtime path variable]) _LT_DECL([], [shlibpath_var], [0],[Shared library path variable]) _LT_DECL([], [shlibpath_overrides_runpath], [0], [Is shlibpath searched before the hard-coded library search path?]) _LT_DECL([], [libname_spec], [1], [Format of library name prefix]) _LT_DECL([], [library_names_spec], [1], [[List of archive names. First name is the real one, the rest are links. The last name is the one that the linker finds with -lNAME]]) _LT_DECL([], [soname_spec], [1], [[The coded name of the library, if different from the real name]]) _LT_DECL([], [install_override_mode], [1], [Permission mode override for installation of shared libraries]) _LT_DECL([], [postinstall_cmds], [2], [Command to use after installation of a shared archive]) _LT_DECL([], [postuninstall_cmds], [2], [Command to use after uninstallation of a shared archive]) _LT_DECL([], [finish_cmds], [2], [Commands used to finish a libtool library installation in a directory]) _LT_DECL([], [finish_eval], [1], [[As "finish_cmds", except a single script fragment to be evaled but not shown]]) _LT_DECL([], [hardcode_into_libs], [0], [Whether we should hardcode library paths into libraries]) _LT_DECL([], [sys_lib_search_path_spec], [2], [Compile-time system search path for libraries]) _LT_DECL([], [sys_lib_dlsearch_path_spec], [2], [Run-time system search path for libraries]) ])# _LT_SYS_DYNAMIC_LINKER # _LT_PATH_TOOL_PREFIX(TOOL) # -------------------------- # find a file program which can recognize shared library AC_DEFUN([_LT_PATH_TOOL_PREFIX], [m4_require([_LT_DECL_EGREP])dnl AC_MSG_CHECKING([for $1]) AC_CACHE_VAL(lt_cv_path_MAGIC_CMD, [case $MAGIC_CMD in [[\\/*] | ?:[\\/]*]) lt_cv_path_MAGIC_CMD="$MAGIC_CMD" # Let the user override the test with a path. ;; *) lt_save_MAGIC_CMD="$MAGIC_CMD" lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR dnl $ac_dummy forces splitting on constant user-supplied paths. dnl POSIX.2 word splitting is done only on the output of word expansions, dnl not every word. This closes a longstanding sh security hole. ac_dummy="m4_if([$2], , $PATH, [$2])" for ac_dir in $ac_dummy; do IFS="$lt_save_ifs" test -z "$ac_dir" && ac_dir=. if test -f $ac_dir/$1; then lt_cv_path_MAGIC_CMD="$ac_dir/$1" if test -n "$file_magic_test_file"; then case $deplibs_check_method in "file_magic "*) file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"` MAGIC_CMD="$lt_cv_path_MAGIC_CMD" if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null | $EGREP "$file_magic_regex" > /dev/null; then : else cat <<_LT_EOF 1>&2 *** Warning: the command libtool uses to detect shared libraries, *** $file_magic_cmd, produces output that libtool cannot recognize. *** The result is that libtool may fail to recognize shared libraries *** as such. This will affect the creation of libtool libraries that *** depend on shared libraries, but programs linked with such libtool *** libraries will work regardless of this problem. Nevertheless, you *** may want to report the problem to your system manager and/or to *** bug-libtool@gnu.org _LT_EOF fi ;; esac fi break fi done IFS="$lt_save_ifs" MAGIC_CMD="$lt_save_MAGIC_CMD" ;; esac]) MAGIC_CMD="$lt_cv_path_MAGIC_CMD" if test -n "$MAGIC_CMD"; then AC_MSG_RESULT($MAGIC_CMD) else AC_MSG_RESULT(no) fi _LT_DECL([], [MAGIC_CMD], [0], [Used to examine libraries when file_magic_cmd begins with "file"])dnl ])# _LT_PATH_TOOL_PREFIX # Old name: AU_ALIAS([AC_PATH_TOOL_PREFIX], [_LT_PATH_TOOL_PREFIX]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([AC_PATH_TOOL_PREFIX], []) # _LT_PATH_MAGIC # -------------- # find a file program which can recognize a shared library m4_defun([_LT_PATH_MAGIC], [_LT_PATH_TOOL_PREFIX(${ac_tool_prefix}file, /usr/bin$PATH_SEPARATOR$PATH) if test -z "$lt_cv_path_MAGIC_CMD"; then if test -n "$ac_tool_prefix"; then _LT_PATH_TOOL_PREFIX(file, /usr/bin$PATH_SEPARATOR$PATH) else MAGIC_CMD=: fi fi ])# _LT_PATH_MAGIC # LT_PATH_LD # ---------- # find the pathname to the GNU or non-GNU linker AC_DEFUN([LT_PATH_LD], [AC_REQUIRE([AC_PROG_CC])dnl AC_REQUIRE([AC_CANONICAL_HOST])dnl AC_REQUIRE([AC_CANONICAL_BUILD])dnl m4_require([_LT_DECL_SED])dnl m4_require([_LT_DECL_EGREP])dnl m4_require([_LT_PROG_ECHO_BACKSLASH])dnl AC_ARG_WITH([gnu-ld], [AS_HELP_STRING([--with-gnu-ld], [assume the C compiler uses GNU ld @<:@default=no@:>@])], [test "$withval" = no || with_gnu_ld=yes], [with_gnu_ld=no])dnl ac_prog=ld if test "$GCC" = yes; then # Check if gcc -print-prog-name=ld gives a path. AC_MSG_CHECKING([for ld used by $CC]) case $host in *-*-mingw*) # gcc leaves a trailing carriage return which upsets mingw ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;; *) ac_prog=`($CC -print-prog-name=ld) 2>&5` ;; esac case $ac_prog in # Accept absolute paths. [[\\/]]* | ?:[[\\/]]*) re_direlt='/[[^/]][[^/]]*/\.\./' # Canonicalize the pathname of ld ac_prog=`$ECHO "$ac_prog"| $SED 's%\\\\%/%g'` while $ECHO "$ac_prog" | $GREP "$re_direlt" > /dev/null 2>&1; do ac_prog=`$ECHO $ac_prog| $SED "s%$re_direlt%/%"` done test -z "$LD" && LD="$ac_prog" ;; "") # If it fails, then pretend we aren't using GCC. ac_prog=ld ;; *) # If it is relative, then search for the first ld in PATH. with_gnu_ld=unknown ;; esac elif test "$with_gnu_ld" = yes; then AC_MSG_CHECKING([for GNU ld]) else AC_MSG_CHECKING([for non-GNU ld]) fi AC_CACHE_VAL(lt_cv_path_LD, [if test -z "$LD"; then lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR for ac_dir in $PATH; do IFS="$lt_save_ifs" test -z "$ac_dir" && ac_dir=. if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then lt_cv_path_LD="$ac_dir/$ac_prog" # Check to see if the program is GNU ld. I'd rather use --version, # but apparently some variants of GNU ld only accept -v. # Break only if it was the GNU/non-GNU ld that we prefer. case `"$lt_cv_path_LD" -v 2>&1 &1 /dev/null 2>&1; then lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL' lt_cv_file_magic_cmd='func_win32_libid' else # Keep this pattern in sync with the one in func_win32_libid. lt_cv_deplibs_check_method='file_magic file format (pei*-i386(.*architecture: i386)?|pe-arm-wince|pe-x86-64)' lt_cv_file_magic_cmd='$OBJDUMP -f' fi ;; cegcc*) # use the weaker test based on 'objdump'. See mingw*. lt_cv_deplibs_check_method='file_magic file format pe-arm-.*little(.*architecture: arm)?' lt_cv_file_magic_cmd='$OBJDUMP -f' ;; darwin* | rhapsody*) lt_cv_deplibs_check_method=pass_all ;; freebsd* | dragonfly*) if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then case $host_cpu in i*86 ) # Not sure whether the presence of OpenBSD here was a mistake. # Let's accept both of them until this is cleared up. lt_cv_deplibs_check_method='file_magic (FreeBSD|OpenBSD|DragonFly)/i[[3-9]]86 (compact )?demand paged shared library' lt_cv_file_magic_cmd=/usr/bin/file lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*` ;; esac else lt_cv_deplibs_check_method=pass_all fi ;; gnu*) lt_cv_deplibs_check_method=pass_all ;; haiku*) lt_cv_deplibs_check_method=pass_all ;; hpux10.20* | hpux11*) lt_cv_file_magic_cmd=/usr/bin/file case $host_cpu in ia64*) lt_cv_deplibs_check_method='file_magic (s[[0-9]][[0-9]][[0-9]]|ELF-[[0-9]][[0-9]]) shared object file - IA64' lt_cv_file_magic_test_file=/usr/lib/hpux32/libc.so ;; hppa*64*) [lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF[ -][0-9][0-9])(-bit)?( [LM]SB)? shared object( file)?[, -]* PA-RISC [0-9]\.[0-9]'] lt_cv_file_magic_test_file=/usr/lib/pa20_64/libc.sl ;; *) lt_cv_deplibs_check_method='file_magic (s[[0-9]][[0-9]][[0-9]]|PA-RISC[[0-9]]\.[[0-9]]) shared library' lt_cv_file_magic_test_file=/usr/lib/libc.sl ;; esac ;; interix[[3-9]]*) # PIC code is broken on Interix 3.x, that's why |\.a not |_pic\.a here lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so|\.a)$' ;; irix5* | irix6* | nonstopux*) case $LD in *-32|*"-32 ") libmagic=32-bit;; *-n32|*"-n32 ") libmagic=N32;; *-64|*"-64 ") libmagic=64-bit;; *) libmagic=never-match;; esac lt_cv_deplibs_check_method=pass_all ;; # This must be glibc/ELF. linux* | k*bsd*-gnu | kopensolaris*-gnu) lt_cv_deplibs_check_method=pass_all ;; netbsd*) if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|_pic\.a)$' else lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so|_pic\.a)$' fi ;; newos6*) lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (executable|dynamic lib)' lt_cv_file_magic_cmd=/usr/bin/file lt_cv_file_magic_test_file=/usr/lib/libnls.so ;; *nto* | *qnx*) lt_cv_deplibs_check_method=pass_all ;; openbsd*) if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|\.so|_pic\.a)$' else lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|_pic\.a)$' fi ;; osf3* | osf4* | osf5*) lt_cv_deplibs_check_method=pass_all ;; rdos*) lt_cv_deplibs_check_method=pass_all ;; solaris*) lt_cv_deplibs_check_method=pass_all ;; sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) lt_cv_deplibs_check_method=pass_all ;; sysv4 | sysv4.3*) case $host_vendor in motorola) lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (shared object|dynamic lib) M[[0-9]][[0-9]]* Version [[0-9]]' lt_cv_file_magic_test_file=`echo /usr/lib/libc.so*` ;; ncr) lt_cv_deplibs_check_method=pass_all ;; sequent) lt_cv_file_magic_cmd='/bin/file' lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[LM]]SB (shared object|dynamic lib )' ;; sni) lt_cv_file_magic_cmd='/bin/file' lt_cv_deplibs_check_method="file_magic ELF [[0-9]][[0-9]]*-bit [[LM]]SB dynamic lib" lt_cv_file_magic_test_file=/lib/libc.so ;; siemens) lt_cv_deplibs_check_method=pass_all ;; pc) lt_cv_deplibs_check_method=pass_all ;; esac ;; tpf*) lt_cv_deplibs_check_method=pass_all ;; esac ]) file_magic_glob= want_nocaseglob=no if test "$build" = "$host"; then case $host_os in mingw* | pw32*) if ( shopt | grep nocaseglob ) >/dev/null 2>&1; then want_nocaseglob=yes else file_magic_glob=`echo aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ | $SED -e "s/\(..\)/s\/[[\1]]\/[[\1]]\/g;/g"` fi ;; esac fi file_magic_cmd=$lt_cv_file_magic_cmd deplibs_check_method=$lt_cv_deplibs_check_method test -z "$deplibs_check_method" && deplibs_check_method=unknown _LT_DECL([], [deplibs_check_method], [1], [Method to check whether dependent libraries are shared objects]) _LT_DECL([], [file_magic_cmd], [1], [Command to use when deplibs_check_method = "file_magic"]) _LT_DECL([], [file_magic_glob], [1], [How to find potential files when deplibs_check_method = "file_magic"]) _LT_DECL([], [want_nocaseglob], [1], [Find potential files using nocaseglob when deplibs_check_method = "file_magic"]) ])# _LT_CHECK_MAGIC_METHOD # LT_PATH_NM # ---------- # find the pathname to a BSD- or MS-compatible name lister AC_DEFUN([LT_PATH_NM], [AC_REQUIRE([AC_PROG_CC])dnl AC_CACHE_CHECK([for BSD- or MS-compatible name lister (nm)], lt_cv_path_NM, [if test -n "$NM"; then # Let the user override the test. lt_cv_path_NM="$NM" else lt_nm_to_check="${ac_tool_prefix}nm" if test -n "$ac_tool_prefix" && test "$build" = "$host"; then lt_nm_to_check="$lt_nm_to_check nm" fi for lt_tmp_nm in $lt_nm_to_check; do lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR for ac_dir in $PATH /usr/ccs/bin/elf /usr/ccs/bin /usr/ucb /bin; do IFS="$lt_save_ifs" test -z "$ac_dir" && ac_dir=. tmp_nm="$ac_dir/$lt_tmp_nm" if test -f "$tmp_nm" || test -f "$tmp_nm$ac_exeext" ; then # Check to see if the nm accepts a BSD-compat flag. # Adding the `sed 1q' prevents false positives on HP-UX, which says: # nm: unknown option "B" ignored # Tru64's nm complains that /dev/null is an invalid object file case `"$tmp_nm" -B /dev/null 2>&1 | sed '1q'` in */dev/null* | *'Invalid file or object type'*) lt_cv_path_NM="$tmp_nm -B" break ;; *) case `"$tmp_nm" -p /dev/null 2>&1 | sed '1q'` in */dev/null*) lt_cv_path_NM="$tmp_nm -p" break ;; *) lt_cv_path_NM=${lt_cv_path_NM="$tmp_nm"} # keep the first match, but continue # so that we can try to find one that supports BSD flags ;; esac ;; esac fi done IFS="$lt_save_ifs" done : ${lt_cv_path_NM=no} fi]) if test "$lt_cv_path_NM" != "no"; then NM="$lt_cv_path_NM" else # Didn't find any BSD compatible name lister, look for dumpbin. if test -n "$DUMPBIN"; then : # Let the user override the test. else AC_CHECK_TOOLS(DUMPBIN, [dumpbin "link -dump"], :) case `$DUMPBIN -symbols /dev/null 2>&1 | sed '1q'` in *COFF*) DUMPBIN="$DUMPBIN -symbols" ;; *) DUMPBIN=: ;; esac fi AC_SUBST([DUMPBIN]) if test "$DUMPBIN" != ":"; then NM="$DUMPBIN" fi fi test -z "$NM" && NM=nm AC_SUBST([NM]) _LT_DECL([], [NM], [1], [A BSD- or MS-compatible name lister])dnl AC_CACHE_CHECK([the name lister ($NM) interface], [lt_cv_nm_interface], [lt_cv_nm_interface="BSD nm" echo "int some_variable = 0;" > conftest.$ac_ext (eval echo "\"\$as_me:$LINENO: $ac_compile\"" >&AS_MESSAGE_LOG_FD) (eval "$ac_compile" 2>conftest.err) cat conftest.err >&AS_MESSAGE_LOG_FD (eval echo "\"\$as_me:$LINENO: $NM \\\"conftest.$ac_objext\\\"\"" >&AS_MESSAGE_LOG_FD) (eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out) cat conftest.err >&AS_MESSAGE_LOG_FD (eval echo "\"\$as_me:$LINENO: output\"" >&AS_MESSAGE_LOG_FD) cat conftest.out >&AS_MESSAGE_LOG_FD if $GREP 'External.*some_variable' conftest.out > /dev/null; then lt_cv_nm_interface="MS dumpbin" fi rm -f conftest*]) ])# LT_PATH_NM # Old names: AU_ALIAS([AM_PROG_NM], [LT_PATH_NM]) AU_ALIAS([AC_PROG_NM], [LT_PATH_NM]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([AM_PROG_NM], []) dnl AC_DEFUN([AC_PROG_NM], []) # _LT_CHECK_SHAREDLIB_FROM_LINKLIB # -------------------------------- # how to determine the name of the shared library # associated with a specific link library. # -- PORTME fill in with the dynamic library characteristics m4_defun([_LT_CHECK_SHAREDLIB_FROM_LINKLIB], [m4_require([_LT_DECL_EGREP]) m4_require([_LT_DECL_OBJDUMP]) m4_require([_LT_DECL_DLLTOOL]) AC_CACHE_CHECK([how to associate runtime and link libraries], lt_cv_sharedlib_from_linklib_cmd, [lt_cv_sharedlib_from_linklib_cmd='unknown' case $host_os in cygwin* | mingw* | pw32* | cegcc*) # two different shell functions defined in ltmain.sh # decide which to use based on capabilities of $DLLTOOL case `$DLLTOOL --help 2>&1` in *--identify-strict*) lt_cv_sharedlib_from_linklib_cmd=func_cygming_dll_for_implib ;; *) lt_cv_sharedlib_from_linklib_cmd=func_cygming_dll_for_implib_fallback ;; esac ;; *) # fallback: assume linklib IS sharedlib lt_cv_sharedlib_from_linklib_cmd="$ECHO" ;; esac ]) sharedlib_from_linklib_cmd=$lt_cv_sharedlib_from_linklib_cmd test -z "$sharedlib_from_linklib_cmd" && sharedlib_from_linklib_cmd=$ECHO _LT_DECL([], [sharedlib_from_linklib_cmd], [1], [Command to associate shared and link libraries]) ])# _LT_CHECK_SHAREDLIB_FROM_LINKLIB # _LT_PATH_MANIFEST_TOOL # ---------------------- # locate the manifest tool m4_defun([_LT_PATH_MANIFEST_TOOL], [AC_CHECK_TOOL(MANIFEST_TOOL, mt, :) test -z "$MANIFEST_TOOL" && MANIFEST_TOOL=mt AC_CACHE_CHECK([if $MANIFEST_TOOL is a manifest tool], [lt_cv_path_mainfest_tool], [lt_cv_path_mainfest_tool=no echo "$as_me:$LINENO: $MANIFEST_TOOL '-?'" >&AS_MESSAGE_LOG_FD $MANIFEST_TOOL '-?' 2>conftest.err > conftest.out cat conftest.err >&AS_MESSAGE_LOG_FD if $GREP 'Manifest Tool' conftest.out > /dev/null; then lt_cv_path_mainfest_tool=yes fi rm -f conftest*]) if test "x$lt_cv_path_mainfest_tool" != xyes; then MANIFEST_TOOL=: fi _LT_DECL([], [MANIFEST_TOOL], [1], [Manifest tool])dnl ])# _LT_PATH_MANIFEST_TOOL # LT_LIB_M # -------- # check for math library AC_DEFUN([LT_LIB_M], [AC_REQUIRE([AC_CANONICAL_HOST])dnl LIBM= case $host in *-*-beos* | *-*-cegcc* | *-*-cygwin* | *-*-haiku* | *-*-pw32* | *-*-darwin*) # These system don't have libm, or don't need it ;; *-ncr-sysv4.3*) AC_CHECK_LIB(mw, _mwvalidcheckl, LIBM="-lmw") AC_CHECK_LIB(m, cos, LIBM="$LIBM -lm") ;; *) AC_CHECK_LIB(m, cos, LIBM="-lm") ;; esac AC_SUBST([LIBM]) ])# LT_LIB_M # Old name: AU_ALIAS([AC_CHECK_LIBM], [LT_LIB_M]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([AC_CHECK_LIBM], []) # _LT_COMPILER_NO_RTTI([TAGNAME]) # ------------------------------- m4_defun([_LT_COMPILER_NO_RTTI], [m4_require([_LT_TAG_COMPILER])dnl _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)= if test "$GCC" = yes; then case $cc_basename in nvcc*) _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -Xcompiler -fno-builtin' ;; *) _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -fno-builtin' ;; esac _LT_COMPILER_OPTION([if $compiler supports -fno-rtti -fno-exceptions], lt_cv_prog_compiler_rtti_exceptions, [-fno-rtti -fno-exceptions], [], [_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)="$_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1) -fno-rtti -fno-exceptions"]) fi _LT_TAGDECL([no_builtin_flag], [lt_prog_compiler_no_builtin_flag], [1], [Compiler flag to turn off builtin functions]) ])# _LT_COMPILER_NO_RTTI # _LT_CMD_GLOBAL_SYMBOLS # ---------------------- m4_defun([_LT_CMD_GLOBAL_SYMBOLS], [AC_REQUIRE([AC_CANONICAL_HOST])dnl AC_REQUIRE([AC_PROG_CC])dnl AC_REQUIRE([AC_PROG_AWK])dnl AC_REQUIRE([LT_PATH_NM])dnl AC_REQUIRE([LT_PATH_LD])dnl m4_require([_LT_DECL_SED])dnl m4_require([_LT_DECL_EGREP])dnl m4_require([_LT_TAG_COMPILER])dnl # Check for command to grab the raw symbol name followed by C symbol from nm. AC_MSG_CHECKING([command to parse $NM output from $compiler object]) AC_CACHE_VAL([lt_cv_sys_global_symbol_pipe], [ # These are sane defaults that work on at least a few old systems. # [They come from Ultrix. What could be older than Ultrix?!! ;)] # Character class describing NM global symbol codes. symcode='[[BCDEGRST]]' # Regexp to match symbols that can be accessed directly from C. sympat='\([[_A-Za-z]][[_A-Za-z0-9]]*\)' # Define system-specific variables. case $host_os in aix*) symcode='[[BCDT]]' ;; cygwin* | mingw* | pw32* | cegcc*) symcode='[[ABCDGISTW]]' ;; hpux*) if test "$host_cpu" = ia64; then symcode='[[ABCDEGRST]]' fi ;; irix* | nonstopux*) symcode='[[BCDEGRST]]' ;; osf*) symcode='[[BCDEGQRST]]' ;; solaris*) symcode='[[BDRT]]' ;; sco3.2v5*) symcode='[[DT]]' ;; sysv4.2uw2*) symcode='[[DT]]' ;; sysv5* | sco5v6* | unixware* | OpenUNIX*) symcode='[[ABDT]]' ;; sysv4) symcode='[[DFNSTU]]' ;; esac # If we're using GNU nm, then use its standard symbol codes. case `$NM -V 2>&1` in *GNU* | *'with BFD'*) symcode='[[ABCDGIRSTW]]' ;; esac # Transform an extracted symbol line into a proper C declaration. # Some systems (esp. on ia64) link data and code symbols differently, # so use this general approach. lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^T .* \(.*\)$/extern int \1();/p' -e 's/^$symcode* .* \(.*\)$/extern char \1;/p'" # Transform an extracted symbol line into symbol name and symbol address lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([[^ ]]*\)[[ ]]*$/ {\\\"\1\\\", (void *) 0},/p' -e 's/^$symcode* \([[^ ]]*\) \([[^ ]]*\)$/ {\"\2\", (void *) \&\2},/p'" lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="sed -n -e 's/^: \([[^ ]]*\)[[ ]]*$/ {\\\"\1\\\", (void *) 0},/p' -e 's/^$symcode* \([[^ ]]*\) \(lib[[^ ]]*\)$/ {\"\2\", (void *) \&\2},/p' -e 's/^$symcode* \([[^ ]]*\) \([[^ ]]*\)$/ {\"lib\2\", (void *) \&\2},/p'" # Handle CRLF in mingw tool chain opt_cr= case $build_os in mingw*) opt_cr=`$ECHO 'x\{0,1\}' | tr x '\015'` # option cr in regexp ;; esac # Try without a prefix underscore, then with it. for ac_symprfx in "" "_"; do # Transform symcode, sympat, and symprfx into a raw symbol and a C symbol. symxfrm="\\1 $ac_symprfx\\2 \\2" # Write the raw and C identifiers. if test "$lt_cv_nm_interface" = "MS dumpbin"; then # Fake it for dumpbin and say T for any non-static function # and D for any global variable. # Also find C++ and __fastcall symbols from MSVC++, # which start with @ or ?. lt_cv_sys_global_symbol_pipe="$AWK ['"\ " {last_section=section; section=\$ 3};"\ " /^COFF SYMBOL TABLE/{for(i in hide) delete hide[i]};"\ " /Section length .*#relocs.*(pick any)/{hide[last_section]=1};"\ " \$ 0!~/External *\|/{next};"\ " / 0+ UNDEF /{next}; / UNDEF \([^|]\)*()/{next};"\ " {if(hide[section]) next};"\ " {f=0}; \$ 0~/\(\).*\|/{f=1}; {printf f ? \"T \" : \"D \"};"\ " {split(\$ 0, a, /\||\r/); split(a[2], s)};"\ " s[1]~/^[@?]/{print s[1], s[1]; next};"\ " s[1]~prfx {split(s[1],t,\"@\"); print t[1], substr(t[1],length(prfx))}"\ " ' prfx=^$ac_symprfx]" else lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[[ ]]\($symcode$symcode*\)[[ ]][[ ]]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'" fi lt_cv_sys_global_symbol_pipe="$lt_cv_sys_global_symbol_pipe | sed '/ __gnu_lto/d'" # Check to see that the pipe works correctly. pipe_works=no rm -f conftest* cat > conftest.$ac_ext <<_LT_EOF #ifdef __cplusplus extern "C" { #endif char nm_test_var; void nm_test_func(void); void nm_test_func(void){} #ifdef __cplusplus } #endif int main(){nm_test_var='a';nm_test_func();return(0);} _LT_EOF if AC_TRY_EVAL(ac_compile); then # Now try to grab the symbols. nlist=conftest.nm if AC_TRY_EVAL(NM conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist) && test -s "$nlist"; then # Try sorting and uniquifying the output. if sort "$nlist" | uniq > "$nlist"T; then mv -f "$nlist"T "$nlist" else rm -f "$nlist"T fi # Make sure that we snagged all the symbols we need. if $GREP ' nm_test_var$' "$nlist" >/dev/null; then if $GREP ' nm_test_func$' "$nlist" >/dev/null; then cat <<_LT_EOF > conftest.$ac_ext /* Keep this code in sync between libtool.m4, ltmain, lt_system.h, and tests. */ #if defined(_WIN32) || defined(__CYGWIN__) || defined(_WIN32_WCE) /* DATA imports from DLLs on WIN32 con't be const, because runtime relocations are performed -- see ld's documentation on pseudo-relocs. */ # define LT@&t@_DLSYM_CONST #elif defined(__osf__) /* This system does not cope well with relocations in const data. */ # define LT@&t@_DLSYM_CONST #else # define LT@&t@_DLSYM_CONST const #endif #ifdef __cplusplus extern "C" { #endif _LT_EOF # Now generate the symbol file. eval "$lt_cv_sys_global_symbol_to_cdecl"' < "$nlist" | $GREP -v main >> conftest.$ac_ext' cat <<_LT_EOF >> conftest.$ac_ext /* The mapping between symbol names and symbols. */ LT@&t@_DLSYM_CONST struct { const char *name; void *address; } lt__PROGRAM__LTX_preloaded_symbols[[]] = { { "@PROGRAM@", (void *) 0 }, _LT_EOF $SED "s/^$symcode$symcode* \(.*\) \(.*\)$/ {\"\2\", (void *) \&\2},/" < "$nlist" | $GREP -v main >> conftest.$ac_ext cat <<\_LT_EOF >> conftest.$ac_ext {0, (void *) 0} }; /* This works around a problem in FreeBSD linker */ #ifdef FREEBSD_WORKAROUND static const void *lt_preloaded_setup() { return lt__PROGRAM__LTX_preloaded_symbols; } #endif #ifdef __cplusplus } #endif _LT_EOF # Now try linking the two files. mv conftest.$ac_objext conftstm.$ac_objext lt_globsym_save_LIBS=$LIBS lt_globsym_save_CFLAGS=$CFLAGS LIBS="conftstm.$ac_objext" CFLAGS="$CFLAGS$_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)" if AC_TRY_EVAL(ac_link) && test -s conftest${ac_exeext}; then pipe_works=yes fi LIBS=$lt_globsym_save_LIBS CFLAGS=$lt_globsym_save_CFLAGS else echo "cannot find nm_test_func in $nlist" >&AS_MESSAGE_LOG_FD fi else echo "cannot find nm_test_var in $nlist" >&AS_MESSAGE_LOG_FD fi else echo "cannot run $lt_cv_sys_global_symbol_pipe" >&AS_MESSAGE_LOG_FD fi else echo "$progname: failed program was:" >&AS_MESSAGE_LOG_FD cat conftest.$ac_ext >&5 fi rm -rf conftest* conftst* # Do not use the global_symbol_pipe unless it works. if test "$pipe_works" = yes; then break else lt_cv_sys_global_symbol_pipe= fi done ]) if test -z "$lt_cv_sys_global_symbol_pipe"; then lt_cv_sys_global_symbol_to_cdecl= fi if test -z "$lt_cv_sys_global_symbol_pipe$lt_cv_sys_global_symbol_to_cdecl"; then AC_MSG_RESULT(failed) else AC_MSG_RESULT(ok) fi # Response file support. if test "$lt_cv_nm_interface" = "MS dumpbin"; then nm_file_list_spec='@' elif $NM --help 2>/dev/null | grep '[[@]]FILE' >/dev/null; then nm_file_list_spec='@' fi _LT_DECL([global_symbol_pipe], [lt_cv_sys_global_symbol_pipe], [1], [Take the output of nm and produce a listing of raw symbols and C names]) _LT_DECL([global_symbol_to_cdecl], [lt_cv_sys_global_symbol_to_cdecl], [1], [Transform the output of nm in a proper C declaration]) _LT_DECL([global_symbol_to_c_name_address], [lt_cv_sys_global_symbol_to_c_name_address], [1], [Transform the output of nm in a C name address pair]) _LT_DECL([global_symbol_to_c_name_address_lib_prefix], [lt_cv_sys_global_symbol_to_c_name_address_lib_prefix], [1], [Transform the output of nm in a C name address pair when lib prefix is needed]) _LT_DECL([], [nm_file_list_spec], [1], [Specify filename containing input files for $NM]) ]) # _LT_CMD_GLOBAL_SYMBOLS # _LT_COMPILER_PIC([TAGNAME]) # --------------------------- m4_defun([_LT_COMPILER_PIC], [m4_require([_LT_TAG_COMPILER])dnl _LT_TAGVAR(lt_prog_compiler_wl, $1)= _LT_TAGVAR(lt_prog_compiler_pic, $1)= _LT_TAGVAR(lt_prog_compiler_static, $1)= m4_if([$1], [CXX], [ # C++ specific cases for pic, static, wl, etc. if test "$GXX" = yes; then _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' case $host_os in aix*) # All AIX code is PIC. if test "$host_cpu" = ia64; then # AIX 5 now supports IA64 processor _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' fi ;; amigaos*) case $host_cpu in powerpc) # see comment about AmigaOS4 .so support _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' ;; m68k) # FIXME: we need at least 68020 code to build shared libraries, but # adding the `-m68020' flag to GCC prevents building anything better, # like `-m68040'. _LT_TAGVAR(lt_prog_compiler_pic, $1)='-m68020 -resident32 -malways-restore-a4' ;; esac ;; beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) # PIC is the default for these OSes. ;; mingw* | cygwin* | os2* | pw32* | cegcc*) # This hack is so that the source file can tell whether it is being # built for inclusion in a dll (and should export symbols for example). # Although the cygwin gcc ignores -fPIC, still need this for old-style # (--disable-auto-import) libraries m4_if([$1], [GCJ], [], [_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT']) ;; darwin* | rhapsody*) # PIC is the default on this platform # Common symbols not allowed in MH_DYLIB files _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common' ;; *djgpp*) # DJGPP does not support shared libraries at all _LT_TAGVAR(lt_prog_compiler_pic, $1)= ;; haiku*) # PIC is the default for Haiku. # The "-static" flag exists, but is broken. _LT_TAGVAR(lt_prog_compiler_static, $1)= ;; interix[[3-9]]*) # Interix 3.x gcc -fpic/-fPIC options generate broken code. # Instead, we relocate shared libraries at runtime. ;; sysv4*MP*) if test -d /usr/nec; then _LT_TAGVAR(lt_prog_compiler_pic, $1)=-Kconform_pic fi ;; hpux*) # PIC is the default for 64-bit PA HP-UX, but not for 32-bit # PA HP-UX. On IA64 HP-UX, PIC is the default but the pic flag # sets the default TLS model and affects inlining. case $host_cpu in hppa*64*) ;; *) _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' ;; esac ;; *qnx* | *nto*) # QNX uses GNU C++, but need to define -shared option too, otherwise # it will coredump. _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared' ;; *) _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' ;; esac else case $host_os in aix[[4-9]]*) # All AIX code is PIC. if test "$host_cpu" = ia64; then # AIX 5 now supports IA64 processor _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' else _LT_TAGVAR(lt_prog_compiler_static, $1)='-bnso -bI:/lib/syscalls.exp' fi ;; chorus*) case $cc_basename in cxch68*) # Green Hills C++ Compiler # _LT_TAGVAR(lt_prog_compiler_static, $1)="--no_auto_instantiation -u __main -u __premain -u _abort -r $COOL_DIR/lib/libOrb.a $MVME_DIR/lib/CC/libC.a $MVME_DIR/lib/classix/libcx.s.a" ;; esac ;; mingw* | cygwin* | os2* | pw32* | cegcc*) # This hack is so that the source file can tell whether it is being # built for inclusion in a dll (and should export symbols for example). m4_if([$1], [GCJ], [], [_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT']) ;; dgux*) case $cc_basename in ec++*) _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' ;; ghcx*) # Green Hills C++ Compiler _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic' ;; *) ;; esac ;; freebsd* | dragonfly*) # FreeBSD uses GNU C++ ;; hpux9* | hpux10* | hpux11*) case $cc_basename in CC*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_static, $1)='${wl}-a ${wl}archive' if test "$host_cpu" != ia64; then _LT_TAGVAR(lt_prog_compiler_pic, $1)='+Z' fi ;; aCC*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_static, $1)='${wl}-a ${wl}archive' case $host_cpu in hppa*64*|ia64*) # +Z the default ;; *) _LT_TAGVAR(lt_prog_compiler_pic, $1)='+Z' ;; esac ;; *) ;; esac ;; interix*) # This is c89, which is MS Visual C++ (no shared libs) # Anyone wants to do a port? ;; irix5* | irix6* | nonstopux*) case $cc_basename in CC*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' # CC pic flag -KPIC is the default. ;; *) ;; esac ;; linux* | k*bsd*-gnu | kopensolaris*-gnu) case $cc_basename in KCC*) # KAI C++ Compiler _LT_TAGVAR(lt_prog_compiler_wl, $1)='--backend -Wl,' _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' ;; ecpc* ) # old Intel C++ for x86_64 which still supported -KPIC. _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' ;; icpc* ) # Intel C++, used to be incompatible with GCC. # ICC 10 doesn't accept -KPIC any more. _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' ;; pgCC* | pgcpp*) # Portland Group C++ compiler _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fpic' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' ;; cxx*) # Compaq C++ # Make sure the PIC flag is empty. It appears that all Alpha # Linux and Compaq Tru64 Unix objects are PIC. _LT_TAGVAR(lt_prog_compiler_pic, $1)= _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' ;; xlc* | xlC* | bgxl[[cC]]* | mpixl[[cC]]*) # IBM XL 8.0, 9.0 on PPC and BlueGene _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_pic, $1)='-qpic' _LT_TAGVAR(lt_prog_compiler_static, $1)='-qstaticlink' ;; *) case `$CC -V 2>&1 | sed 5q` in *Sun\ C*) # Sun C++ 5.9 _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ' ;; esac ;; esac ;; lynxos*) ;; m88k*) ;; mvs*) case $cc_basename in cxx*) _LT_TAGVAR(lt_prog_compiler_pic, $1)='-W c,exportall' ;; *) ;; esac ;; netbsd*) ;; *qnx* | *nto*) # QNX uses GNU C++, but need to define -shared option too, otherwise # it will coredump. _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared' ;; osf3* | osf4* | osf5*) case $cc_basename in KCC*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='--backend -Wl,' ;; RCC*) # Rational C++ 2.4.1 _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic' ;; cxx*) # Digital/Compaq C++ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' # Make sure the PIC flag is empty. It appears that all Alpha # Linux and Compaq Tru64 Unix objects are PIC. _LT_TAGVAR(lt_prog_compiler_pic, $1)= _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' ;; *) ;; esac ;; psos*) ;; solaris*) case $cc_basename in CC* | sunCC*) # Sun C++ 4.2, 5.x and Centerline C++ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ' ;; gcx*) # Green Hills C++ Compiler _LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC' ;; *) ;; esac ;; sunos4*) case $cc_basename in CC*) # Sun C++ 4.x _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' ;; lcc*) # Lucid _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic' ;; *) ;; esac ;; sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*) case $cc_basename in CC*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' ;; esac ;; tandem*) case $cc_basename in NCC*) # NonStop-UX NCC 3.20 _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' ;; *) ;; esac ;; vxworks*) ;; *) _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no ;; esac fi ], [ if test "$GCC" = yes; then _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' case $host_os in aix*) # All AIX code is PIC. if test "$host_cpu" = ia64; then # AIX 5 now supports IA64 processor _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' fi ;; amigaos*) case $host_cpu in powerpc) # see comment about AmigaOS4 .so support _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' ;; m68k) # FIXME: we need at least 68020 code to build shared libraries, but # adding the `-m68020' flag to GCC prevents building anything better, # like `-m68040'. _LT_TAGVAR(lt_prog_compiler_pic, $1)='-m68020 -resident32 -malways-restore-a4' ;; esac ;; beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) # PIC is the default for these OSes. ;; mingw* | cygwin* | pw32* | os2* | cegcc*) # This hack is so that the source file can tell whether it is being # built for inclusion in a dll (and should export symbols for example). # Although the cygwin gcc ignores -fPIC, still need this for old-style # (--disable-auto-import) libraries m4_if([$1], [GCJ], [], [_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT']) ;; darwin* | rhapsody*) # PIC is the default on this platform # Common symbols not allowed in MH_DYLIB files _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common' ;; haiku*) # PIC is the default for Haiku. # The "-static" flag exists, but is broken. _LT_TAGVAR(lt_prog_compiler_static, $1)= ;; hpux*) # PIC is the default for 64-bit PA HP-UX, but not for 32-bit # PA HP-UX. On IA64 HP-UX, PIC is the default but the pic flag # sets the default TLS model and affects inlining. case $host_cpu in hppa*64*) # +Z the default ;; *) _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' ;; esac ;; interix[[3-9]]*) # Interix 3.x gcc -fpic/-fPIC options generate broken code. # Instead, we relocate shared libraries at runtime. ;; msdosdjgpp*) # Just because we use GCC doesn't mean we suddenly get shared libraries # on systems that don't support them. _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no enable_shared=no ;; *nto* | *qnx*) # QNX uses GNU C++, but need to define -shared option too, otherwise # it will coredump. _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared' ;; sysv4*MP*) if test -d /usr/nec; then _LT_TAGVAR(lt_prog_compiler_pic, $1)=-Kconform_pic fi ;; *) _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' ;; esac case $cc_basename in nvcc*) # Cuda Compiler Driver 2.2 _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Xlinker ' if test -n "$_LT_TAGVAR(lt_prog_compiler_pic, $1)"; then _LT_TAGVAR(lt_prog_compiler_pic, $1)="-Xcompiler $_LT_TAGVAR(lt_prog_compiler_pic, $1)" fi ;; esac else # PORTME Check for flag to pass linker flags through the system compiler. case $host_os in aix*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' if test "$host_cpu" = ia64; then # AIX 5 now supports IA64 processor _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' else _LT_TAGVAR(lt_prog_compiler_static, $1)='-bnso -bI:/lib/syscalls.exp' fi ;; mingw* | cygwin* | pw32* | os2* | cegcc*) # This hack is so that the source file can tell whether it is being # built for inclusion in a dll (and should export symbols for example). m4_if([$1], [GCJ], [], [_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT']) ;; hpux9* | hpux10* | hpux11*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but # not for PA HP-UX. case $host_cpu in hppa*64*|ia64*) # +Z the default ;; *) _LT_TAGVAR(lt_prog_compiler_pic, $1)='+Z' ;; esac # Is there a better lt_prog_compiler_static that works with the bundled CC? _LT_TAGVAR(lt_prog_compiler_static, $1)='${wl}-a ${wl}archive' ;; irix5* | irix6* | nonstopux*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' # PIC (with -KPIC) is the default. _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' ;; linux* | k*bsd*-gnu | kopensolaris*-gnu) case $cc_basename in # old Intel for x86_64 which still supported -KPIC. ecc*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' ;; # icc used to be incompatible with GCC. # ICC 10 doesn't accept -KPIC any more. icc* | ifort*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' ;; # Lahey Fortran 8.1. lf95*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_pic, $1)='--shared' _LT_TAGVAR(lt_prog_compiler_static, $1)='--static' ;; nagfor*) # NAG Fortran compiler _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,-Wl,,' _LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' ;; pgcc* | pgf77* | pgf90* | pgf95* | pgfortran*) # Portland Group compilers (*not* the Pentium gcc compiler, # which looks to be a dead project) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fpic' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' ;; ccc*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' # All Alpha code is PIC. _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' ;; xl* | bgxl* | bgf* | mpixl*) # IBM XL C 8.0/Fortran 10.1, 11.1 on PPC and BlueGene _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_pic, $1)='-qpic' _LT_TAGVAR(lt_prog_compiler_static, $1)='-qstaticlink' ;; *) case `$CC -V 2>&1 | sed 5q` in *Sun\ Ceres\ Fortran* | *Sun*Fortran*\ [[1-7]].* | *Sun*Fortran*\ 8.[[0-3]]*) # Sun Fortran 8.3 passes all unrecognized flags to the linker _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' _LT_TAGVAR(lt_prog_compiler_wl, $1)='' ;; *Sun\ F* | *Sun*Fortran*) _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ' ;; *Sun\ C*) # Sun C 5.9 _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' ;; *Intel*\ [[CF]]*Compiler*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' ;; *Portland\ Group*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fpic' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' ;; esac ;; esac ;; newsos6) _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' ;; *nto* | *qnx*) # QNX uses GNU C++, but need to define -shared option too, otherwise # it will coredump. _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared' ;; osf3* | osf4* | osf5*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' # All OSF/1 code is PIC. _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' ;; rdos*) _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' ;; solaris*) _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' case $cc_basename in f77* | f90* | f95* | sunf77* | sunf90* | sunf95*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ';; *) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,';; esac ;; sunos4*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ' _LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' ;; sysv4 | sysv4.2uw2* | sysv4.3*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' ;; sysv4*MP*) if test -d /usr/nec ;then _LT_TAGVAR(lt_prog_compiler_pic, $1)='-Kconform_pic' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' fi ;; sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' ;; unicos*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no ;; uts4*) _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' ;; *) _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no ;; esac fi ]) case $host_os in # For platforms which do not support PIC, -DPIC is meaningless: *djgpp*) _LT_TAGVAR(lt_prog_compiler_pic, $1)= ;; *) _LT_TAGVAR(lt_prog_compiler_pic, $1)="$_LT_TAGVAR(lt_prog_compiler_pic, $1)@&t@m4_if([$1],[],[ -DPIC],[m4_if([$1],[CXX],[ -DPIC],[])])" ;; esac AC_CACHE_CHECK([for $compiler option to produce PIC], [_LT_TAGVAR(lt_cv_prog_compiler_pic, $1)], [_LT_TAGVAR(lt_cv_prog_compiler_pic, $1)=$_LT_TAGVAR(lt_prog_compiler_pic, $1)]) _LT_TAGVAR(lt_prog_compiler_pic, $1)=$_LT_TAGVAR(lt_cv_prog_compiler_pic, $1) # # Check to make sure the PIC flag actually works. # if test -n "$_LT_TAGVAR(lt_prog_compiler_pic, $1)"; then _LT_COMPILER_OPTION([if $compiler PIC flag $_LT_TAGVAR(lt_prog_compiler_pic, $1) works], [_LT_TAGVAR(lt_cv_prog_compiler_pic_works, $1)], [$_LT_TAGVAR(lt_prog_compiler_pic, $1)@&t@m4_if([$1],[],[ -DPIC],[m4_if([$1],[CXX],[ -DPIC],[])])], [], [case $_LT_TAGVAR(lt_prog_compiler_pic, $1) in "" | " "*) ;; *) _LT_TAGVAR(lt_prog_compiler_pic, $1)=" $_LT_TAGVAR(lt_prog_compiler_pic, $1)" ;; esac], [_LT_TAGVAR(lt_prog_compiler_pic, $1)= _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no]) fi _LT_TAGDECL([pic_flag], [lt_prog_compiler_pic], [1], [Additional compiler flags for building library objects]) _LT_TAGDECL([wl], [lt_prog_compiler_wl], [1], [How to pass a linker flag through the compiler]) # # Check to make sure the static flag actually works. # wl=$_LT_TAGVAR(lt_prog_compiler_wl, $1) eval lt_tmp_static_flag=\"$_LT_TAGVAR(lt_prog_compiler_static, $1)\" _LT_LINKER_OPTION([if $compiler static flag $lt_tmp_static_flag works], _LT_TAGVAR(lt_cv_prog_compiler_static_works, $1), $lt_tmp_static_flag, [], [_LT_TAGVAR(lt_prog_compiler_static, $1)=]) _LT_TAGDECL([link_static_flag], [lt_prog_compiler_static], [1], [Compiler flag to prevent dynamic linking]) ])# _LT_COMPILER_PIC # _LT_LINKER_SHLIBS([TAGNAME]) # ---------------------------- # See if the linker supports building shared libraries. m4_defun([_LT_LINKER_SHLIBS], [AC_REQUIRE([LT_PATH_LD])dnl AC_REQUIRE([LT_PATH_NM])dnl m4_require([_LT_PATH_MANIFEST_TOOL])dnl m4_require([_LT_FILEUTILS_DEFAULTS])dnl m4_require([_LT_DECL_EGREP])dnl m4_require([_LT_DECL_SED])dnl m4_require([_LT_CMD_GLOBAL_SYMBOLS])dnl m4_require([_LT_TAG_COMPILER])dnl AC_MSG_CHECKING([whether the $compiler linker ($LD) supports shared libraries]) m4_if([$1], [CXX], [ _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' _LT_TAGVAR(exclude_expsyms, $1)=['_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*'] case $host_os in aix[[4-9]]*) # If we're using GNU nm, then we don't want the "-C" option. # -C means demangle to AIX nm, but means don't demangle with GNU nm # Also, AIX nm treats weak defined symbols like other global defined # symbols, whereas GNU nm marks them as "W". if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' else _LT_TAGVAR(export_symbols_cmds, $1)='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' fi ;; pw32*) _LT_TAGVAR(export_symbols_cmds, $1)="$ltdll_cmds" ;; cygwin* | mingw* | cegcc*) case $cc_basename in cl*) _LT_TAGVAR(exclude_expsyms, $1)='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*' ;; *) _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1 DATA/;s/^.*[[ ]]__nm__\([[^ ]]*\)[[ ]][[^ ]]*/\1 DATA/;/^I[[ ]]/d;/^[[AITW]][[ ]]/s/.* //'\'' | sort | uniq > $export_symbols' _LT_TAGVAR(exclude_expsyms, $1)=['[_]+GLOBAL_OFFSET_TABLE_|[_]+GLOBAL__[FID]_.*|[_]+head_[A-Za-z0-9_]+_dll|[A-Za-z0-9_]+_dll_iname'] ;; esac ;; *) _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' ;; esac ], [ runpath_var= _LT_TAGVAR(allow_undefined_flag, $1)= _LT_TAGVAR(always_export_symbols, $1)=no _LT_TAGVAR(archive_cmds, $1)= _LT_TAGVAR(archive_expsym_cmds, $1)= _LT_TAGVAR(compiler_needs_object, $1)=no _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no _LT_TAGVAR(export_dynamic_flag_spec, $1)= _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' _LT_TAGVAR(hardcode_automatic, $1)=no _LT_TAGVAR(hardcode_direct, $1)=no _LT_TAGVAR(hardcode_direct_absolute, $1)=no _LT_TAGVAR(hardcode_libdir_flag_spec, $1)= _LT_TAGVAR(hardcode_libdir_separator, $1)= _LT_TAGVAR(hardcode_minus_L, $1)=no _LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported _LT_TAGVAR(inherit_rpath, $1)=no _LT_TAGVAR(link_all_deplibs, $1)=unknown _LT_TAGVAR(module_cmds, $1)= _LT_TAGVAR(module_expsym_cmds, $1)= _LT_TAGVAR(old_archive_from_new_cmds, $1)= _LT_TAGVAR(old_archive_from_expsyms_cmds, $1)= _LT_TAGVAR(thread_safe_flag_spec, $1)= _LT_TAGVAR(whole_archive_flag_spec, $1)= # include_expsyms should be a list of space-separated symbols to be *always* # included in the symbol list _LT_TAGVAR(include_expsyms, $1)= # exclude_expsyms can be an extended regexp of symbols to exclude # it will be wrapped by ` (' and `)$', so one must not match beginning or # end of line. Example: `a|bc|.*d.*' will exclude the symbols `a' and `bc', # as well as any symbol that contains `d'. _LT_TAGVAR(exclude_expsyms, $1)=['_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*'] # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out # platforms (ab)use it in PIC code, but their linkers get confused if # the symbol is explicitly referenced. Since portable code cannot # rely on this symbol name, it's probably fine to never include it in # preloaded symbol tables. # Exclude shared library initialization/finalization symbols. dnl Note also adjust exclude_expsyms for C++ above. extract_expsyms_cmds= case $host_os in cygwin* | mingw* | pw32* | cegcc*) # FIXME: the MSVC++ port hasn't been tested in a loooong time # When not using gcc, we currently assume that we are using # Microsoft Visual C++. if test "$GCC" != yes; then with_gnu_ld=no fi ;; interix*) # we just hope/assume this is gcc and not c89 (= MSVC++) with_gnu_ld=yes ;; openbsd*) with_gnu_ld=no ;; esac _LT_TAGVAR(ld_shlibs, $1)=yes # On some targets, GNU ld is compatible enough with the native linker # that we're better off using the native interface for both. lt_use_gnu_ld_interface=no if test "$with_gnu_ld" = yes; then case $host_os in aix*) # The AIX port of GNU ld has always aspired to compatibility # with the native linker. However, as the warning in the GNU ld # block says, versions before 2.19.5* couldn't really create working # shared libraries, regardless of the interface used. case `$LD -v 2>&1` in *\ \(GNU\ Binutils\)\ 2.19.5*) ;; *\ \(GNU\ Binutils\)\ 2.[[2-9]]*) ;; *\ \(GNU\ Binutils\)\ [[3-9]]*) ;; *) lt_use_gnu_ld_interface=yes ;; esac ;; *) lt_use_gnu_ld_interface=yes ;; esac fi if test "$lt_use_gnu_ld_interface" = yes; then # If archive_cmds runs LD, not CC, wlarc should be empty wlarc='${wl}' # Set some defaults for GNU ld with shared library support. These # are reset later if shared libraries are not supported. Putting them # here allows them to be overridden if necessary. runpath_var=LD_RUN_PATH _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' # ancient GNU ld didn't support --whole-archive et. al. if $LD --help 2>&1 | $GREP 'no-whole-archive' > /dev/null; then _LT_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive' else _LT_TAGVAR(whole_archive_flag_spec, $1)= fi supports_anon_versioning=no case `$LD -v 2>&1` in *GNU\ gold*) supports_anon_versioning=yes ;; *\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.10.*) ;; # catch versions < 2.11 *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ... *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ... *\ 2.11.*) ;; # other 2.11 versions *) supports_anon_versioning=yes ;; esac # See if GNU ld supports shared libraries. case $host_os in aix[[3-9]]*) # On AIX/PPC, the GNU linker is very broken if test "$host_cpu" != ia64; then _LT_TAGVAR(ld_shlibs, $1)=no cat <<_LT_EOF 1>&2 *** Warning: the GNU linker, at least up to release 2.19, is reported *** to be unable to reliably create shared libraries on AIX. *** Therefore, libtool is disabling shared libraries support. If you *** really care for shared libraries, you may want to install binutils *** 2.20 or above, or modify your PATH so that a non-GNU linker is found. *** You will then need to restart the configuration process. _LT_EOF fi ;; amigaos*) case $host_cpu in powerpc) # see comment about AmigaOS4 .so support _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='' ;; m68k) _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' _LT_TAGVAR(hardcode_minus_L, $1)=yes ;; esac ;; beos*) if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then _LT_TAGVAR(allow_undefined_flag, $1)=unsupported # Joseph Beckenbach says some releases of gcc # support --undefined. This deserves some investigation. FIXME _LT_TAGVAR(archive_cmds, $1)='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' else _LT_TAGVAR(ld_shlibs, $1)=no fi ;; cygwin* | mingw* | pw32* | cegcc*) # _LT_TAGVAR(hardcode_libdir_flag_spec, $1) is actually meaningless, # as there is no search path for DLLs. _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-all-symbols' _LT_TAGVAR(allow_undefined_flag, $1)=unsupported _LT_TAGVAR(always_export_symbols, $1)=no _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1 DATA/;s/^.*[[ ]]__nm__\([[^ ]]*\)[[ ]][[^ ]]*/\1 DATA/;/^I[[ ]]/d;/^[[AITW]][[ ]]/s/.* //'\'' | sort | uniq > $export_symbols' _LT_TAGVAR(exclude_expsyms, $1)=['[_]+GLOBAL_OFFSET_TABLE_|[_]+GLOBAL__[FID]_.*|[_]+head_[A-Za-z0-9_]+_dll|[A-Za-z0-9_]+_dll_iname'] if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' # If the export-symbols file already is a .def file (1st line # is EXPORTS), use it as is; otherwise, prepend... _LT_TAGVAR(archive_expsym_cmds, $1)='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then cp $export_symbols $output_objdir/$soname.def; else echo EXPORTS > $output_objdir/$soname.def; cat $export_symbols >> $output_objdir/$soname.def; fi~ $CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' else _LT_TAGVAR(ld_shlibs, $1)=no fi ;; haiku*) _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' _LT_TAGVAR(link_all_deplibs, $1)=yes ;; interix[[3-9]]*) _LT_TAGVAR(hardcode_direct, $1)=no _LT_TAGVAR(hardcode_shlibpath_var, $1)=no _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc. # Instead, shared libraries are loaded at an image base (0x10000000 by # default) and relocated if they conflict, which is a slow very memory # consuming and fragmenting process. To avoid this, we pick a random, # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link # time. Moving up from 0x10000000 also allows more sbrk(2) space. _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' ;; gnu* | linux* | tpf* | k*bsd*-gnu | kopensolaris*-gnu) tmp_diet=no if test "$host_os" = linux-dietlibc; then case $cc_basename in diet\ *) tmp_diet=yes;; # linux-dietlibc with static linking (!diet-dyn) esac fi if $LD --help 2>&1 | $EGREP ': supported targets:.* elf' > /dev/null \ && test "$tmp_diet" = no then tmp_addflag=' $pic_flag' tmp_sharedflag='-shared' case $cc_basename,$host_cpu in pgcc*) # Portland Group C compiler _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive' tmp_addflag=' $pic_flag' ;; pgf77* | pgf90* | pgf95* | pgfortran*) # Portland Group f77 and f90 compilers _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive' tmp_addflag=' $pic_flag -Mnomain' ;; ecc*,ia64* | icc*,ia64*) # Intel C compiler on ia64 tmp_addflag=' -i_dynamic' ;; efc*,ia64* | ifort*,ia64*) # Intel Fortran compiler on ia64 tmp_addflag=' -i_dynamic -nofor_main' ;; ifc* | ifort*) # Intel Fortran compiler tmp_addflag=' -nofor_main' ;; lf95*) # Lahey Fortran 8.1 _LT_TAGVAR(whole_archive_flag_spec, $1)= tmp_sharedflag='--shared' ;; xl[[cC]]* | bgxl[[cC]]* | mpixl[[cC]]*) # IBM XL C 8.0 on PPC (deal with xlf below) tmp_sharedflag='-qmkshrobj' tmp_addflag= ;; nvcc*) # Cuda Compiler Driver 2.2 _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive' _LT_TAGVAR(compiler_needs_object, $1)=yes ;; esac case `$CC -V 2>&1 | sed 5q` in *Sun\ C*) # Sun C 5.9 _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive' _LT_TAGVAR(compiler_needs_object, $1)=yes tmp_sharedflag='-G' ;; *Sun\ F*) # Sun Fortran 8.3 tmp_sharedflag='-G' ;; esac _LT_TAGVAR(archive_cmds, $1)='$CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' if test "x$supports_anon_versioning" = xyes; then _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~ cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ echo "local: *; };" >> $output_objdir/$libname.ver~ $CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib' fi case $cc_basename in xlf* | bgf* | bgxlf* | mpixlf*) # IBM XL Fortran 10.1 on PPC cannot create shared libs itself _LT_TAGVAR(whole_archive_flag_spec, $1)='--whole-archive$convenience --no-whole-archive' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' _LT_TAGVAR(archive_cmds, $1)='$LD -shared $libobjs $deplibs $linker_flags -soname $soname -o $lib' if test "x$supports_anon_versioning" = xyes; then _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~ cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ echo "local: *; };" >> $output_objdir/$libname.ver~ $LD -shared $libobjs $deplibs $linker_flags -soname $soname -version-script $output_objdir/$libname.ver -o $lib' fi ;; esac else _LT_TAGVAR(ld_shlibs, $1)=no fi ;; netbsd*) if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib' wlarc= else _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' fi ;; solaris*) if $LD -v 2>&1 | $GREP 'BFD 2\.8' > /dev/null; then _LT_TAGVAR(ld_shlibs, $1)=no cat <<_LT_EOF 1>&2 *** Warning: The releases 2.8.* of the GNU linker cannot reliably *** create shared libraries on Solaris systems. Therefore, libtool *** is disabling shared libraries support. We urge you to upgrade GNU *** binutils to release 2.9.1 or newer. Another option is to modify *** your PATH or compiler configuration so that the native linker is *** used, and then restart. _LT_EOF elif $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' else _LT_TAGVAR(ld_shlibs, $1)=no fi ;; sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*) case `$LD -v 2>&1` in *\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.1[[0-5]].*) _LT_TAGVAR(ld_shlibs, $1)=no cat <<_LT_EOF 1>&2 *** Warning: Releases of the GNU linker prior to 2.16.91.0.3 can not *** reliably create shared libraries on SCO systems. Therefore, libtool *** is disabling shared libraries support. We urge you to upgrade GNU *** binutils to release 2.16.91.0.3 or newer. Another option is to modify *** your PATH or compiler configuration so that the native linker is *** used, and then restart. _LT_EOF ;; *) # For security reasons, it is highly recommended that you always # use absolute paths for naming shared libraries, and exclude the # DT_RUNPATH tag from executables and libraries. But doing so # requires that you compile everything twice, which is a pain. if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' else _LT_TAGVAR(ld_shlibs, $1)=no fi ;; esac ;; sunos4*) _LT_TAGVAR(archive_cmds, $1)='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags' wlarc= _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_shlibpath_var, $1)=no ;; *) if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' else _LT_TAGVAR(ld_shlibs, $1)=no fi ;; esac if test "$_LT_TAGVAR(ld_shlibs, $1)" = no; then runpath_var= _LT_TAGVAR(hardcode_libdir_flag_spec, $1)= _LT_TAGVAR(export_dynamic_flag_spec, $1)= _LT_TAGVAR(whole_archive_flag_spec, $1)= fi else # PORTME fill in a description of your system's linker (not GNU ld) case $host_os in aix3*) _LT_TAGVAR(allow_undefined_flag, $1)=unsupported _LT_TAGVAR(always_export_symbols, $1)=yes _LT_TAGVAR(archive_expsym_cmds, $1)='$LD -o $output_objdir/$soname $libobjs $deplibs $linker_flags -bE:$export_symbols -T512 -H512 -bM:SRE~$AR $AR_FLAGS $lib $output_objdir/$soname' # Note: this linker hardcodes the directories in LIBPATH if there # are no directories specified by -L. _LT_TAGVAR(hardcode_minus_L, $1)=yes if test "$GCC" = yes && test -z "$lt_prog_compiler_static"; then # Neither direct hardcoding nor static linking is supported with a # broken collect2. _LT_TAGVAR(hardcode_direct, $1)=unsupported fi ;; aix[[4-9]]*) if test "$host_cpu" = ia64; then # On IA64, the linker does run time linking by default, so we don't # have to do anything special. aix_use_runtimelinking=no exp_sym_flag='-Bexport' no_entry_flag="" else # If we're using GNU nm, then we don't want the "-C" option. # -C means demangle to AIX nm, but means don't demangle with GNU nm # Also, AIX nm treats weak defined symbols like other global # defined symbols, whereas GNU nm marks them as "W". if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' else _LT_TAGVAR(export_symbols_cmds, $1)='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' fi aix_use_runtimelinking=no # Test if we are trying to use run time linking or normal # AIX style linking. If -brtl is somewhere in LDFLAGS, we # need to do runtime linking. case $host_os in aix4.[[23]]|aix4.[[23]].*|aix[[5-9]]*) for ld_flag in $LDFLAGS; do if (test $ld_flag = "-brtl" || test $ld_flag = "-Wl,-brtl"); then aix_use_runtimelinking=yes break fi done ;; esac exp_sym_flag='-bexport' no_entry_flag='-bnoentry' fi # When large executables or shared objects are built, AIX ld can # have problems creating the table of contents. If linking a library # or program results in "error TOC overflow" add -mminimal-toc to # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS. _LT_TAGVAR(archive_cmds, $1)='' _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_direct_absolute, $1)=yes _LT_TAGVAR(hardcode_libdir_separator, $1)=':' _LT_TAGVAR(link_all_deplibs, $1)=yes _LT_TAGVAR(file_list_spec, $1)='${wl}-f,' if test "$GCC" = yes; then case $host_os in aix4.[[012]]|aix4.[[012]].*) # We only want to do this on AIX 4.2 and lower, the check # below for broken collect2 doesn't work under 4.3+ collect2name=`${CC} -print-prog-name=collect2` if test -f "$collect2name" && strings "$collect2name" | $GREP resolve_lib_name >/dev/null then # We have reworked collect2 : else # We have old collect2 _LT_TAGVAR(hardcode_direct, $1)=unsupported # It fails to find uninstalled libraries when the uninstalled # path is not listed in the libpath. Setting hardcode_minus_L # to unsupported forces relinking _LT_TAGVAR(hardcode_minus_L, $1)=yes _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)= fi ;; esac shared_flag='-shared' if test "$aix_use_runtimelinking" = yes; then shared_flag="$shared_flag "'${wl}-G' fi else # not using gcc if test "$host_cpu" = ia64; then # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release # chokes on -Wl,-G. The following line is correct: shared_flag='-G' else if test "$aix_use_runtimelinking" = yes; then shared_flag='${wl}-G' else shared_flag='${wl}-bM:SRE' fi fi fi _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-bexpall' # It seems that -bexpall does not export symbols beginning with # underscore (_), so it is better to generate a list of symbols to export. _LT_TAGVAR(always_export_symbols, $1)=yes if test "$aix_use_runtimelinking" = yes; then # Warning - without using the other runtime loading flags (-brtl), # -berok will link without error, but may produce a broken library. _LT_TAGVAR(allow_undefined_flag, $1)='-berok' # Determine the default libpath from the value encoded in an # empty executable. _LT_SYS_MODULE_PATH_AIX([$1]) _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath" _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then func_echo_all "${wl}${allow_undefined_flag}"; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag" else if test "$host_cpu" = ia64; then _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R $libdir:/usr/lib:/lib' _LT_TAGVAR(allow_undefined_flag, $1)="-z nodefs" _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols" else # Determine the default libpath from the value encoded in an # empty executable. _LT_SYS_MODULE_PATH_AIX([$1]) _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath" # Warning - without using the other run time loading flags, # -berok will link without error, but may produce a broken library. _LT_TAGVAR(no_undefined_flag, $1)=' ${wl}-bernotok' _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-berok' if test "$with_gnu_ld" = yes; then # We only use this code for GNU lds that support --whole-archive. _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive$convenience ${wl}--no-whole-archive' else # Exported symbols can be pulled into shared objects from archives _LT_TAGVAR(whole_archive_flag_spec, $1)='$convenience' fi _LT_TAGVAR(archive_cmds_need_lc, $1)=yes # This is similar to how AIX traditionally builds its shared libraries. _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname' fi fi ;; amigaos*) case $host_cpu in powerpc) # see comment about AmigaOS4 .so support _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='' ;; m68k) _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' _LT_TAGVAR(hardcode_minus_L, $1)=yes ;; esac ;; bsdi[[45]]*) _LT_TAGVAR(export_dynamic_flag_spec, $1)=-rdynamic ;; cygwin* | mingw* | pw32* | cegcc*) # When not using gcc, we currently assume that we are using # Microsoft Visual C++. # hardcode_libdir_flag_spec is actually meaningless, as there is # no search path for DLLs. case $cc_basename in cl*) # Native MSVC _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' ' _LT_TAGVAR(allow_undefined_flag, $1)=unsupported _LT_TAGVAR(always_export_symbols, $1)=yes _LT_TAGVAR(file_list_spec, $1)='@' # Tell ltmain to make .lib files, not .a files. libext=lib # Tell ltmain to make .dll files, not .so files. shrext_cmds=".dll" # FIXME: Setting linknames here is a bad hack. _LT_TAGVAR(archive_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-dll~linknames=' _LT_TAGVAR(archive_expsym_cmds, $1)='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then sed -n -e 's/\\\\\\\(.*\\\\\\\)/-link\\\ -EXPORT:\\\\\\\1/' -e '1\\\!p' < $export_symbols > $output_objdir/$soname.exp; else sed -e 's/\\\\\\\(.*\\\\\\\)/-link\\\ -EXPORT:\\\\\\\1/' < $export_symbols > $output_objdir/$soname.exp; fi~ $CC -o $tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~ linknames=' # The linker will not automatically build a static lib if we build a DLL. # _LT_TAGVAR(old_archive_from_new_cmds, $1)='true' _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes _LT_TAGVAR(exclude_expsyms, $1)='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*' _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1,DATA/'\'' | $SED -e '\''/^[[AITW]][[ ]]/s/.*[[ ]]//'\'' | sort | uniq > $export_symbols' # Don't use ranlib _LT_TAGVAR(old_postinstall_cmds, $1)='chmod 644 $oldlib' _LT_TAGVAR(postlink_cmds, $1)='lt_outputfile="@OUTPUT@"~ lt_tool_outputfile="@TOOL_OUTPUT@"~ case $lt_outputfile in *.exe|*.EXE) ;; *) lt_outputfile="$lt_outputfile.exe" lt_tool_outputfile="$lt_tool_outputfile.exe" ;; esac~ if test "$MANIFEST_TOOL" != ":" && test -f "$lt_outputfile.manifest"; then $MANIFEST_TOOL -manifest "$lt_tool_outputfile.manifest" -outputresource:"$lt_tool_outputfile" || exit 1; $RM "$lt_outputfile.manifest"; fi' ;; *) # Assume MSVC wrapper _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' ' _LT_TAGVAR(allow_undefined_flag, $1)=unsupported # Tell ltmain to make .lib files, not .a files. libext=lib # Tell ltmain to make .dll files, not .so files. shrext_cmds=".dll" # FIXME: Setting linknames here is a bad hack. _LT_TAGVAR(archive_cmds, $1)='$CC -o $lib $libobjs $compiler_flags `func_echo_all "$deplibs" | $SED '\''s/ -lc$//'\''` -link -dll~linknames=' # The linker will automatically build a .lib file if we build a DLL. _LT_TAGVAR(old_archive_from_new_cmds, $1)='true' # FIXME: Should let the user specify the lib program. _LT_TAGVAR(old_archive_cmds, $1)='lib -OUT:$oldlib$oldobjs$old_deplibs' _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes ;; esac ;; darwin* | rhapsody*) _LT_DARWIN_LINKER_FEATURES($1) ;; dgux*) _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' _LT_TAGVAR(hardcode_shlibpath_var, $1)=no ;; # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor # support. Future versions do this automatically, but an explicit c++rt0.o # does not break anything, and helps significantly (at the cost of a little # extra space). freebsd2.2*) _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_shlibpath_var, $1)=no ;; # Unfortunately, older versions of FreeBSD 2 do not have this feature. freebsd2.*) _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_minus_L, $1)=yes _LT_TAGVAR(hardcode_shlibpath_var, $1)=no ;; # FreeBSD 3 and greater uses gcc -shared to do shared libraries. freebsd* | dragonfly*) _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_shlibpath_var, $1)=no ;; hpux9*) if test "$GCC" = yes; then _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -shared $pic_flag ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' else _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' fi _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: _LT_TAGVAR(hardcode_direct, $1)=yes # hardcode_minus_L: Not really in the search PATH, # but as the default location of the library. _LT_TAGVAR(hardcode_minus_L, $1)=yes _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' ;; hpux10*) if test "$GCC" = yes && test "$with_gnu_ld" = no; then _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' else _LT_TAGVAR(archive_cmds, $1)='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags' fi if test "$with_gnu_ld" = no; then _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_direct_absolute, $1)=yes _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' # hardcode_minus_L: Not really in the search PATH, # but as the default location of the library. _LT_TAGVAR(hardcode_minus_L, $1)=yes fi ;; hpux11*) if test "$GCC" = yes && test "$with_gnu_ld" = no; then case $host_cpu in hppa*64*) _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' ;; ia64*) _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' ;; *) _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' ;; esac else case $host_cpu in hppa*64*) _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' ;; ia64*) _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' ;; *) m4_if($1, [], [ # Older versions of the 11.00 compiler do not understand -b yet # (HP92453-01 A.11.01.20 doesn't, HP92453-01 B.11.X.35175-35176.GP does) _LT_LINKER_OPTION([if $CC understands -b], _LT_TAGVAR(lt_cv_prog_compiler__b, $1), [-b], [_LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'], [_LT_TAGVAR(archive_cmds, $1)='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags'])], [_LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags']) ;; esac fi if test "$with_gnu_ld" = no; then _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: case $host_cpu in hppa*64*|ia64*) _LT_TAGVAR(hardcode_direct, $1)=no _LT_TAGVAR(hardcode_shlibpath_var, $1)=no ;; *) _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_direct_absolute, $1)=yes _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' # hardcode_minus_L: Not really in the search PATH, # but as the default location of the library. _LT_TAGVAR(hardcode_minus_L, $1)=yes ;; esac fi ;; irix5* | irix6* | nonstopux*) if test "$GCC" = yes; then _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' # Try to use the -exported_symbol ld option, if it does not # work, assume that -exports_file does not work either and # implicitly export all symbols. # This should be the same for all languages, so no per-tag cache variable. AC_CACHE_CHECK([whether the $host_os linker accepts -exported_symbol], [lt_cv_irix_exported_symbol], [save_LDFLAGS="$LDFLAGS" LDFLAGS="$LDFLAGS -shared ${wl}-exported_symbol ${wl}foo ${wl}-update_registry ${wl}/dev/null" AC_LINK_IFELSE( [AC_LANG_SOURCE( [AC_LANG_CASE([C], [[int foo (void) { return 0; }]], [C++], [[int foo (void) { return 0; }]], [Fortran 77], [[ subroutine foo end]], [Fortran], [[ subroutine foo end]])])], [lt_cv_irix_exported_symbol=yes], [lt_cv_irix_exported_symbol=no]) LDFLAGS="$save_LDFLAGS"]) if test "$lt_cv_irix_exported_symbol" = yes; then _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations ${wl}-exports_file ${wl}$export_symbols -o $lib' fi else _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -exports_file $export_symbols -o $lib' fi _LT_TAGVAR(archive_cmds_need_lc, $1)='no' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: _LT_TAGVAR(inherit_rpath, $1)=yes _LT_TAGVAR(link_all_deplibs, $1)=yes ;; netbsd*) if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out else _LT_TAGVAR(archive_cmds, $1)='$LD -shared -o $lib $libobjs $deplibs $linker_flags' # ELF fi _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_shlibpath_var, $1)=no ;; newsos6) _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: _LT_TAGVAR(hardcode_shlibpath_var, $1)=no ;; *nto* | *qnx*) ;; openbsd*) if test -f /usr/libexec/ld.so; then _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_shlibpath_var, $1)=no _LT_TAGVAR(hardcode_direct_absolute, $1)=yes if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-retain-symbols-file,$export_symbols' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' else case $host_os in openbsd[[01]].* | openbsd2.[[0-7]] | openbsd2.[[0-7]].*) _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' ;; *) _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' ;; esac fi else _LT_TAGVAR(ld_shlibs, $1)=no fi ;; os2*) _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' _LT_TAGVAR(hardcode_minus_L, $1)=yes _LT_TAGVAR(allow_undefined_flag, $1)=unsupported _LT_TAGVAR(archive_cmds, $1)='$ECHO "LIBRARY $libname INITINSTANCE" > $output_objdir/$libname.def~$ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~echo DATA >> $output_objdir/$libname.def~echo " SINGLE NONSHARED" >> $output_objdir/$libname.def~echo EXPORTS >> $output_objdir/$libname.def~emxexp $libobjs >> $output_objdir/$libname.def~$CC -Zdll -Zcrtdll -o $lib $libobjs $deplibs $compiler_flags $output_objdir/$libname.def' _LT_TAGVAR(old_archive_from_new_cmds, $1)='emximp -o $output_objdir/$libname.a $output_objdir/$libname.def' ;; osf3*) if test "$GCC" = yes; then _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*' _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' else _LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*' _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib' fi _LT_TAGVAR(archive_cmds_need_lc, $1)='no' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: ;; osf4* | osf5*) # as osf3* with the addition of -msym flag if test "$GCC" = yes; then _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*' _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $pic_flag $libobjs $deplibs $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' else _LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*' _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags -msym -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; printf "%s\\n" "-hidden">> $lib.exp~ $CC -shared${allow_undefined_flag} ${wl}-input ${wl}$lib.exp $compiler_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && $ECHO "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib~$RM $lib.exp' # Both c and cxx compiler support -rpath directly _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir' fi _LT_TAGVAR(archive_cmds_need_lc, $1)='no' _LT_TAGVAR(hardcode_libdir_separator, $1)=: ;; solaris*) _LT_TAGVAR(no_undefined_flag, $1)=' -z defs' if test "$GCC" = yes; then wlarc='${wl}' _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag ${wl}-z ${wl}text ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ $CC -shared $pic_flag ${wl}-z ${wl}text ${wl}-M ${wl}$lib.exp ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp' else case `$CC -V 2>&1` in *"Compilers 5.0"*) wlarc='' _LT_TAGVAR(archive_cmds, $1)='$LD -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $linker_flags' _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ $LD -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$RM $lib.exp' ;; *) wlarc='${wl}' _LT_TAGVAR(archive_cmds, $1)='$CC -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $compiler_flags' _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ $CC -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp' ;; esac fi _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' _LT_TAGVAR(hardcode_shlibpath_var, $1)=no case $host_os in solaris2.[[0-5]] | solaris2.[[0-5]].*) ;; *) # The compiler driver will combine and reorder linker options, # but understands `-z linker_flag'. GCC discards it without `$wl', # but is careful enough not to reorder. # Supported since Solaris 2.6 (maybe 2.5.1?) if test "$GCC" = yes; then _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}-z ${wl}allextract$convenience ${wl}-z ${wl}defaultextract' else _LT_TAGVAR(whole_archive_flag_spec, $1)='-z allextract$convenience -z defaultextract' fi ;; esac _LT_TAGVAR(link_all_deplibs, $1)=yes ;; sunos4*) if test "x$host_vendor" = xsequent; then # Use $CC to link under sequent, because it throws in some extra .o # files that make .init and .fini sections work. _LT_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h $soname -o $lib $libobjs $deplibs $compiler_flags' else _LT_TAGVAR(archive_cmds, $1)='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags' fi _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_minus_L, $1)=yes _LT_TAGVAR(hardcode_shlibpath_var, $1)=no ;; sysv4) case $host_vendor in sni) _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' _LT_TAGVAR(hardcode_direct, $1)=yes # is this really true??? ;; siemens) ## LD is ld it makes a PLAMLIB ## CC just makes a GrossModule. _LT_TAGVAR(archive_cmds, $1)='$LD -G -o $lib $libobjs $deplibs $linker_flags' _LT_TAGVAR(reload_cmds, $1)='$CC -r -o $output$reload_objs' _LT_TAGVAR(hardcode_direct, $1)=no ;; motorola) _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' _LT_TAGVAR(hardcode_direct, $1)=no #Motorola manual says yes, but my tests say they lie ;; esac runpath_var='LD_RUN_PATH' _LT_TAGVAR(hardcode_shlibpath_var, $1)=no ;; sysv4.3*) _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' _LT_TAGVAR(hardcode_shlibpath_var, $1)=no _LT_TAGVAR(export_dynamic_flag_spec, $1)='-Bexport' ;; sysv4*MP*) if test -d /usr/nec; then _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' _LT_TAGVAR(hardcode_shlibpath_var, $1)=no runpath_var=LD_RUN_PATH hardcode_runpath_var=yes _LT_TAGVAR(ld_shlibs, $1)=yes fi ;; sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[[01]].[[10]]* | unixware7* | sco3.2v5.0.[[024]]*) _LT_TAGVAR(no_undefined_flag, $1)='${wl}-z,text' _LT_TAGVAR(archive_cmds_need_lc, $1)=no _LT_TAGVAR(hardcode_shlibpath_var, $1)=no runpath_var='LD_RUN_PATH' if test "$GCC" = yes; then _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' else _LT_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' fi ;; sysv5* | sco3.2v5* | sco5v6*) # Note: We can NOT use -z defs as we might desire, because we do not # link with -lc, and that would cause any symbols used from libc to # always be unresolved, which means just about no library would # ever link correctly. If we're not using GNU ld we use -z text # though, which does catch some bad symbols but isn't as heavy-handed # as -z defs. _LT_TAGVAR(no_undefined_flag, $1)='${wl}-z,text' _LT_TAGVAR(allow_undefined_flag, $1)='${wl}-z,nodefs' _LT_TAGVAR(archive_cmds_need_lc, $1)=no _LT_TAGVAR(hardcode_shlibpath_var, $1)=no _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R,$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=':' _LT_TAGVAR(link_all_deplibs, $1)=yes _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-Bexport' runpath_var='LD_RUN_PATH' if test "$GCC" = yes; then _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' else _LT_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' fi ;; uts4*) _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' _LT_TAGVAR(hardcode_shlibpath_var, $1)=no ;; *) _LT_TAGVAR(ld_shlibs, $1)=no ;; esac if test x$host_vendor = xsni; then case $host in sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*) _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-Blargedynsym' ;; esac fi fi ]) AC_MSG_RESULT([$_LT_TAGVAR(ld_shlibs, $1)]) test "$_LT_TAGVAR(ld_shlibs, $1)" = no && can_build_shared=no _LT_TAGVAR(with_gnu_ld, $1)=$with_gnu_ld _LT_DECL([], [libext], [0], [Old archive suffix (normally "a")])dnl _LT_DECL([], [shrext_cmds], [1], [Shared library suffix (normally ".so")])dnl _LT_DECL([], [extract_expsyms_cmds], [2], [The commands to extract the exported symbol list from a shared archive]) # # Do we need to explicitly link libc? # case "x$_LT_TAGVAR(archive_cmds_need_lc, $1)" in x|xyes) # Assume -lc should be added _LT_TAGVAR(archive_cmds_need_lc, $1)=yes if test "$enable_shared" = yes && test "$GCC" = yes; then case $_LT_TAGVAR(archive_cmds, $1) in *'~'*) # FIXME: we may have to deal with multi-command sequences. ;; '$CC '*) # Test whether the compiler implicitly links with -lc since on some # systems, -lgcc has to come before -lc. If gcc already passes -lc # to ld, don't add -lc before -lgcc. AC_CACHE_CHECK([whether -lc should be explicitly linked in], [lt_cv_]_LT_TAGVAR(archive_cmds_need_lc, $1), [$RM conftest* echo "$lt_simple_compile_test_code" > conftest.$ac_ext if AC_TRY_EVAL(ac_compile) 2>conftest.err; then soname=conftest lib=conftest libobjs=conftest.$ac_objext deplibs= wl=$_LT_TAGVAR(lt_prog_compiler_wl, $1) pic_flag=$_LT_TAGVAR(lt_prog_compiler_pic, $1) compiler_flags=-v linker_flags=-v verstring= output_objdir=. libname=conftest lt_save_allow_undefined_flag=$_LT_TAGVAR(allow_undefined_flag, $1) _LT_TAGVAR(allow_undefined_flag, $1)= if AC_TRY_EVAL(_LT_TAGVAR(archive_cmds, $1) 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1) then lt_cv_[]_LT_TAGVAR(archive_cmds_need_lc, $1)=no else lt_cv_[]_LT_TAGVAR(archive_cmds_need_lc, $1)=yes fi _LT_TAGVAR(allow_undefined_flag, $1)=$lt_save_allow_undefined_flag else cat conftest.err 1>&5 fi $RM conftest* ]) _LT_TAGVAR(archive_cmds_need_lc, $1)=$lt_cv_[]_LT_TAGVAR(archive_cmds_need_lc, $1) ;; esac fi ;; esac _LT_TAGDECL([build_libtool_need_lc], [archive_cmds_need_lc], [0], [Whether or not to add -lc for building shared libraries]) _LT_TAGDECL([allow_libtool_libs_with_static_runtimes], [enable_shared_with_static_runtimes], [0], [Whether or not to disallow shared libs when runtime libs are static]) _LT_TAGDECL([], [export_dynamic_flag_spec], [1], [Compiler flag to allow reflexive dlopens]) _LT_TAGDECL([], [whole_archive_flag_spec], [1], [Compiler flag to generate shared objects directly from archives]) _LT_TAGDECL([], [compiler_needs_object], [1], [Whether the compiler copes with passing no objects directly]) _LT_TAGDECL([], [old_archive_from_new_cmds], [2], [Create an old-style archive from a shared archive]) _LT_TAGDECL([], [old_archive_from_expsyms_cmds], [2], [Create a temporary old-style archive to link instead of a shared archive]) _LT_TAGDECL([], [archive_cmds], [2], [Commands used to build a shared archive]) _LT_TAGDECL([], [archive_expsym_cmds], [2]) _LT_TAGDECL([], [module_cmds], [2], [Commands used to build a loadable module if different from building a shared archive.]) _LT_TAGDECL([], [module_expsym_cmds], [2]) _LT_TAGDECL([], [with_gnu_ld], [1], [Whether we are building with GNU ld or not]) _LT_TAGDECL([], [allow_undefined_flag], [1], [Flag that allows shared libraries with undefined symbols to be built]) _LT_TAGDECL([], [no_undefined_flag], [1], [Flag that enforces no undefined symbols]) _LT_TAGDECL([], [hardcode_libdir_flag_spec], [1], [Flag to hardcode $libdir into a binary during linking. This must work even if $libdir does not exist]) _LT_TAGDECL([], [hardcode_libdir_separator], [1], [Whether we need a single "-rpath" flag with a separated argument]) _LT_TAGDECL([], [hardcode_direct], [0], [Set to "yes" if using DIR/libNAME${shared_ext} during linking hardcodes DIR into the resulting binary]) _LT_TAGDECL([], [hardcode_direct_absolute], [0], [Set to "yes" if using DIR/libNAME${shared_ext} during linking hardcodes DIR into the resulting binary and the resulting library dependency is "absolute", i.e impossible to change by setting ${shlibpath_var} if the library is relocated]) _LT_TAGDECL([], [hardcode_minus_L], [0], [Set to "yes" if using the -LDIR flag during linking hardcodes DIR into the resulting binary]) _LT_TAGDECL([], [hardcode_shlibpath_var], [0], [Set to "yes" if using SHLIBPATH_VAR=DIR during linking hardcodes DIR into the resulting binary]) _LT_TAGDECL([], [hardcode_automatic], [0], [Set to "yes" if building a shared library automatically hardcodes DIR into the library and all subsequent libraries and executables linked against it]) _LT_TAGDECL([], [inherit_rpath], [0], [Set to yes if linker adds runtime paths of dependent libraries to runtime path list]) _LT_TAGDECL([], [link_all_deplibs], [0], [Whether libtool must link a program against all its dependency libraries]) _LT_TAGDECL([], [always_export_symbols], [0], [Set to "yes" if exported symbols are required]) _LT_TAGDECL([], [export_symbols_cmds], [2], [The commands to list exported symbols]) _LT_TAGDECL([], [exclude_expsyms], [1], [Symbols that should not be listed in the preloaded symbols]) _LT_TAGDECL([], [include_expsyms], [1], [Symbols that must always be exported]) _LT_TAGDECL([], [prelink_cmds], [2], [Commands necessary for linking programs (against libraries) with templates]) _LT_TAGDECL([], [postlink_cmds], [2], [Commands necessary for finishing linking programs]) _LT_TAGDECL([], [file_list_spec], [1], [Specify filename containing input files]) dnl FIXME: Not yet implemented dnl _LT_TAGDECL([], [thread_safe_flag_spec], [1], dnl [Compiler flag to generate thread safe objects]) ])# _LT_LINKER_SHLIBS # _LT_LANG_C_CONFIG([TAG]) # ------------------------ # Ensure that the configuration variables for a C compiler are suitably # defined. These variables are subsequently used by _LT_CONFIG to write # the compiler configuration to `libtool'. m4_defun([_LT_LANG_C_CONFIG], [m4_require([_LT_DECL_EGREP])dnl lt_save_CC="$CC" AC_LANG_PUSH(C) # Source file extension for C test sources. ac_ext=c # Object file extension for compiled C test sources. objext=o _LT_TAGVAR(objext, $1)=$objext # Code to be used in simple compile tests lt_simple_compile_test_code="int some_variable = 0;" # Code to be used in simple link tests lt_simple_link_test_code='int main(){return(0);}' _LT_TAG_COMPILER # Save the default compiler, since it gets overwritten when the other # tags are being tested, and _LT_TAGVAR(compiler, []) is a NOP. compiler_DEFAULT=$CC # save warnings/boilerplate of simple test code _LT_COMPILER_BOILERPLATE _LT_LINKER_BOILERPLATE ## CAVEAT EMPTOR: ## There is no encapsulation within the following macros, do not change ## the running order or otherwise move them around unless you know exactly ## what you are doing... if test -n "$compiler"; then _LT_COMPILER_NO_RTTI($1) _LT_COMPILER_PIC($1) _LT_COMPILER_C_O($1) _LT_COMPILER_FILE_LOCKS($1) _LT_LINKER_SHLIBS($1) _LT_SYS_DYNAMIC_LINKER($1) _LT_LINKER_HARDCODE_LIBPATH($1) LT_SYS_DLOPEN_SELF _LT_CMD_STRIPLIB # Report which library types will actually be built AC_MSG_CHECKING([if libtool supports shared libraries]) AC_MSG_RESULT([$can_build_shared]) AC_MSG_CHECKING([whether to build shared libraries]) test "$can_build_shared" = "no" && enable_shared=no # On AIX, shared libraries and static libraries use the same namespace, and # are all built from PIC. case $host_os in aix3*) test "$enable_shared" = yes && enable_static=no if test -n "$RANLIB"; then archive_cmds="$archive_cmds~\$RANLIB \$lib" postinstall_cmds='$RANLIB $lib' fi ;; aix[[4-9]]*) if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then test "$enable_shared" = yes && enable_static=no fi ;; esac AC_MSG_RESULT([$enable_shared]) AC_MSG_CHECKING([whether to build static libraries]) # Make sure either enable_shared or enable_static is yes. test "$enable_shared" = yes || enable_static=yes AC_MSG_RESULT([$enable_static]) _LT_CONFIG($1) fi AC_LANG_POP CC="$lt_save_CC" ])# _LT_LANG_C_CONFIG # _LT_LANG_CXX_CONFIG([TAG]) # -------------------------- # Ensure that the configuration variables for a C++ compiler are suitably # defined. These variables are subsequently used by _LT_CONFIG to write # the compiler configuration to `libtool'. m4_defun([_LT_LANG_CXX_CONFIG], [m4_require([_LT_FILEUTILS_DEFAULTS])dnl m4_require([_LT_DECL_EGREP])dnl m4_require([_LT_PATH_MANIFEST_TOOL])dnl if test -n "$CXX" && ( test "X$CXX" != "Xno" && ( (test "X$CXX" = "Xg++" && `g++ -v >/dev/null 2>&1` ) || (test "X$CXX" != "Xg++"))) ; then AC_PROG_CXXCPP else _lt_caught_CXX_error=yes fi AC_LANG_PUSH(C++) _LT_TAGVAR(archive_cmds_need_lc, $1)=no _LT_TAGVAR(allow_undefined_flag, $1)= _LT_TAGVAR(always_export_symbols, $1)=no _LT_TAGVAR(archive_expsym_cmds, $1)= _LT_TAGVAR(compiler_needs_object, $1)=no _LT_TAGVAR(export_dynamic_flag_spec, $1)= _LT_TAGVAR(hardcode_direct, $1)=no _LT_TAGVAR(hardcode_direct_absolute, $1)=no _LT_TAGVAR(hardcode_libdir_flag_spec, $1)= _LT_TAGVAR(hardcode_libdir_separator, $1)= _LT_TAGVAR(hardcode_minus_L, $1)=no _LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported _LT_TAGVAR(hardcode_automatic, $1)=no _LT_TAGVAR(inherit_rpath, $1)=no _LT_TAGVAR(module_cmds, $1)= _LT_TAGVAR(module_expsym_cmds, $1)= _LT_TAGVAR(link_all_deplibs, $1)=unknown _LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds _LT_TAGVAR(reload_flag, $1)=$reload_flag _LT_TAGVAR(reload_cmds, $1)=$reload_cmds _LT_TAGVAR(no_undefined_flag, $1)= _LT_TAGVAR(whole_archive_flag_spec, $1)= _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no # Source file extension for C++ test sources. ac_ext=cpp # Object file extension for compiled C++ test sources. objext=o _LT_TAGVAR(objext, $1)=$objext # No sense in running all these tests if we already determined that # the CXX compiler isn't working. Some variables (like enable_shared) # are currently assumed to apply to all compilers on this platform, # and will be corrupted by setting them based on a non-working compiler. if test "$_lt_caught_CXX_error" != yes; then # Code to be used in simple compile tests lt_simple_compile_test_code="int some_variable = 0;" # Code to be used in simple link tests lt_simple_link_test_code='int main(int, char *[[]]) { return(0); }' # ltmain only uses $CC for tagged configurations so make sure $CC is set. _LT_TAG_COMPILER # save warnings/boilerplate of simple test code _LT_COMPILER_BOILERPLATE _LT_LINKER_BOILERPLATE # Allow CC to be a program name with arguments. lt_save_CC=$CC lt_save_CFLAGS=$CFLAGS lt_save_LD=$LD lt_save_GCC=$GCC GCC=$GXX lt_save_with_gnu_ld=$with_gnu_ld lt_save_path_LD=$lt_cv_path_LD if test -n "${lt_cv_prog_gnu_ldcxx+set}"; then lt_cv_prog_gnu_ld=$lt_cv_prog_gnu_ldcxx else $as_unset lt_cv_prog_gnu_ld fi if test -n "${lt_cv_path_LDCXX+set}"; then lt_cv_path_LD=$lt_cv_path_LDCXX else $as_unset lt_cv_path_LD fi test -z "${LDCXX+set}" || LD=$LDCXX CC=${CXX-"c++"} CFLAGS=$CXXFLAGS compiler=$CC _LT_TAGVAR(compiler, $1)=$CC _LT_CC_BASENAME([$compiler]) if test -n "$compiler"; then # We don't want -fno-exception when compiling C++ code, so set the # no_builtin_flag separately if test "$GXX" = yes; then _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -fno-builtin' else _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)= fi if test "$GXX" = yes; then # Set up default GNU C++ configuration LT_PATH_LD # Check if GNU C++ uses GNU ld as the underlying linker, since the # archiving commands below assume that GNU ld is being used. if test "$with_gnu_ld" = yes; then _LT_TAGVAR(archive_cmds, $1)='$CC $pic_flag -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC $pic_flag -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' # If archive_cmds runs LD, not CC, wlarc should be empty # XXX I think wlarc can be eliminated in ltcf-cxx, but I need to # investigate it a little bit more. (MM) wlarc='${wl}' # ancient GNU ld didn't support --whole-archive et. al. if eval "`$CC -print-prog-name=ld` --help 2>&1" | $GREP 'no-whole-archive' > /dev/null; then _LT_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive' else _LT_TAGVAR(whole_archive_flag_spec, $1)= fi else with_gnu_ld=no wlarc= # A generic and very simple default shared library creation # command for GNU C++ for the case where it uses the native # linker, instead of GNU ld. If possible, this setting should # overridden to take advantage of the native linker features on # the platform it is being used on. _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib' fi # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"' else GXX=no with_gnu_ld=no wlarc= fi # PORTME: fill in a description of your system's C++ link characteristics AC_MSG_CHECKING([whether the $compiler linker ($LD) supports shared libraries]) _LT_TAGVAR(ld_shlibs, $1)=yes case $host_os in aix3*) # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; aix[[4-9]]*) if test "$host_cpu" = ia64; then # On IA64, the linker does run time linking by default, so we don't # have to do anything special. aix_use_runtimelinking=no exp_sym_flag='-Bexport' no_entry_flag="" else aix_use_runtimelinking=no # Test if we are trying to use run time linking or normal # AIX style linking. If -brtl is somewhere in LDFLAGS, we # need to do runtime linking. case $host_os in aix4.[[23]]|aix4.[[23]].*|aix[[5-9]]*) for ld_flag in $LDFLAGS; do case $ld_flag in *-brtl*) aix_use_runtimelinking=yes break ;; esac done ;; esac exp_sym_flag='-bexport' no_entry_flag='-bnoentry' fi # When large executables or shared objects are built, AIX ld can # have problems creating the table of contents. If linking a library # or program results in "error TOC overflow" add -mminimal-toc to # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS. _LT_TAGVAR(archive_cmds, $1)='' _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_direct_absolute, $1)=yes _LT_TAGVAR(hardcode_libdir_separator, $1)=':' _LT_TAGVAR(link_all_deplibs, $1)=yes _LT_TAGVAR(file_list_spec, $1)='${wl}-f,' if test "$GXX" = yes; then case $host_os in aix4.[[012]]|aix4.[[012]].*) # We only want to do this on AIX 4.2 and lower, the check # below for broken collect2 doesn't work under 4.3+ collect2name=`${CC} -print-prog-name=collect2` if test -f "$collect2name" && strings "$collect2name" | $GREP resolve_lib_name >/dev/null then # We have reworked collect2 : else # We have old collect2 _LT_TAGVAR(hardcode_direct, $1)=unsupported # It fails to find uninstalled libraries when the uninstalled # path is not listed in the libpath. Setting hardcode_minus_L # to unsupported forces relinking _LT_TAGVAR(hardcode_minus_L, $1)=yes _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)= fi esac shared_flag='-shared' if test "$aix_use_runtimelinking" = yes; then shared_flag="$shared_flag "'${wl}-G' fi else # not using gcc if test "$host_cpu" = ia64; then # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release # chokes on -Wl,-G. The following line is correct: shared_flag='-G' else if test "$aix_use_runtimelinking" = yes; then shared_flag='${wl}-G' else shared_flag='${wl}-bM:SRE' fi fi fi _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-bexpall' # It seems that -bexpall does not export symbols beginning with # underscore (_), so it is better to generate a list of symbols to # export. _LT_TAGVAR(always_export_symbols, $1)=yes if test "$aix_use_runtimelinking" = yes; then # Warning - without using the other runtime loading flags (-brtl), # -berok will link without error, but may produce a broken library. _LT_TAGVAR(allow_undefined_flag, $1)='-berok' # Determine the default libpath from the value encoded in an empty # executable. _LT_SYS_MODULE_PATH_AIX([$1]) _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath" _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then func_echo_all "${wl}${allow_undefined_flag}"; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag" else if test "$host_cpu" = ia64; then _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R $libdir:/usr/lib:/lib' _LT_TAGVAR(allow_undefined_flag, $1)="-z nodefs" _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols" else # Determine the default libpath from the value encoded in an # empty executable. _LT_SYS_MODULE_PATH_AIX([$1]) _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath" # Warning - without using the other run time loading flags, # -berok will link without error, but may produce a broken library. _LT_TAGVAR(no_undefined_flag, $1)=' ${wl}-bernotok' _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-berok' if test "$with_gnu_ld" = yes; then # We only use this code for GNU lds that support --whole-archive. _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive$convenience ${wl}--no-whole-archive' else # Exported symbols can be pulled into shared objects from archives _LT_TAGVAR(whole_archive_flag_spec, $1)='$convenience' fi _LT_TAGVAR(archive_cmds_need_lc, $1)=yes # This is similar to how AIX traditionally builds its shared # libraries. _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname' fi fi ;; beos*) if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then _LT_TAGVAR(allow_undefined_flag, $1)=unsupported # Joseph Beckenbach says some releases of gcc # support --undefined. This deserves some investigation. FIXME _LT_TAGVAR(archive_cmds, $1)='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' else _LT_TAGVAR(ld_shlibs, $1)=no fi ;; chorus*) case $cc_basename in *) # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; esac ;; cygwin* | mingw* | pw32* | cegcc*) case $GXX,$cc_basename in ,cl* | no,cl*) # Native MSVC # hardcode_libdir_flag_spec is actually meaningless, as there is # no search path for DLLs. _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' ' _LT_TAGVAR(allow_undefined_flag, $1)=unsupported _LT_TAGVAR(always_export_symbols, $1)=yes _LT_TAGVAR(file_list_spec, $1)='@' # Tell ltmain to make .lib files, not .a files. libext=lib # Tell ltmain to make .dll files, not .so files. shrext_cmds=".dll" # FIXME: Setting linknames here is a bad hack. _LT_TAGVAR(archive_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-dll~linknames=' _LT_TAGVAR(archive_expsym_cmds, $1)='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then $SED -n -e 's/\\\\\\\(.*\\\\\\\)/-link\\\ -EXPORT:\\\\\\\1/' -e '1\\\!p' < $export_symbols > $output_objdir/$soname.exp; else $SED -e 's/\\\\\\\(.*\\\\\\\)/-link\\\ -EXPORT:\\\\\\\1/' < $export_symbols > $output_objdir/$soname.exp; fi~ $CC -o $tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~ linknames=' # The linker will not automatically build a static lib if we build a DLL. # _LT_TAGVAR(old_archive_from_new_cmds, $1)='true' _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes # Don't use ranlib _LT_TAGVAR(old_postinstall_cmds, $1)='chmod 644 $oldlib' _LT_TAGVAR(postlink_cmds, $1)='lt_outputfile="@OUTPUT@"~ lt_tool_outputfile="@TOOL_OUTPUT@"~ case $lt_outputfile in *.exe|*.EXE) ;; *) lt_outputfile="$lt_outputfile.exe" lt_tool_outputfile="$lt_tool_outputfile.exe" ;; esac~ func_to_tool_file "$lt_outputfile"~ if test "$MANIFEST_TOOL" != ":" && test -f "$lt_outputfile.manifest"; then $MANIFEST_TOOL -manifest "$lt_tool_outputfile.manifest" -outputresource:"$lt_tool_outputfile" || exit 1; $RM "$lt_outputfile.manifest"; fi' ;; *) # g++ # _LT_TAGVAR(hardcode_libdir_flag_spec, $1) is actually meaningless, # as there is no search path for DLLs. _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-all-symbols' _LT_TAGVAR(allow_undefined_flag, $1)=unsupported _LT_TAGVAR(always_export_symbols, $1)=no _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' # If the export-symbols file already is a .def file (1st line # is EXPORTS), use it as is; otherwise, prepend... _LT_TAGVAR(archive_expsym_cmds, $1)='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then cp $export_symbols $output_objdir/$soname.def; else echo EXPORTS > $output_objdir/$soname.def; cat $export_symbols >> $output_objdir/$soname.def; fi~ $CC -shared -nostdlib $output_objdir/$soname.def $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' else _LT_TAGVAR(ld_shlibs, $1)=no fi ;; esac ;; darwin* | rhapsody*) _LT_DARWIN_LINKER_FEATURES($1) ;; dgux*) case $cc_basename in ec++*) # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; ghcx*) # Green Hills C++ Compiler # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; *) # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; esac ;; freebsd2.*) # C++ shared libraries reported to be fairly broken before # switch to ELF _LT_TAGVAR(ld_shlibs, $1)=no ;; freebsd-elf*) _LT_TAGVAR(archive_cmds_need_lc, $1)=no ;; freebsd* | dragonfly*) # FreeBSD 3 and later use GNU C++ and GNU ld with standard ELF # conventions _LT_TAGVAR(ld_shlibs, $1)=yes ;; gnu*) ;; haiku*) _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' _LT_TAGVAR(link_all_deplibs, $1)=yes ;; hpux9*) _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_minus_L, $1)=yes # Not in the search PATH, # but as the default # location of the library. case $cc_basename in CC*) # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; aCC*) _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -b ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. # # There doesn't appear to be a way to prevent this compiler from # explicitly linking system object files so we need to strip them # from the output so that they don't get included in the library # dependencies. output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $EGREP "\-L"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"' ;; *) if test "$GXX" = yes; then _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -shared -nostdlib $pic_flag ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' else # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no fi ;; esac ;; hpux10*|hpux11*) if test $with_gnu_ld = no; then _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: case $host_cpu in hppa*64*|ia64*) ;; *) _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' ;; esac fi case $host_cpu in hppa*64*|ia64*) _LT_TAGVAR(hardcode_direct, $1)=no _LT_TAGVAR(hardcode_shlibpath_var, $1)=no ;; *) _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_direct_absolute, $1)=yes _LT_TAGVAR(hardcode_minus_L, $1)=yes # Not in the search PATH, # but as the default # location of the library. ;; esac case $cc_basename in CC*) # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; aCC*) case $host_cpu in hppa*64*) _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' ;; ia64*) _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' ;; *) _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' ;; esac # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. # # There doesn't appear to be a way to prevent this compiler from # explicitly linking system object files so we need to strip them # from the output so that they don't get included in the library # dependencies. output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $GREP "\-L"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"' ;; *) if test "$GXX" = yes; then if test $with_gnu_ld = no; then case $host_cpu in hppa*64*) _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib -fPIC ${wl}+h ${wl}$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' ;; ia64*) _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $pic_flag ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' ;; *) _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $pic_flag ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' ;; esac fi else # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no fi ;; esac ;; interix[[3-9]]*) _LT_TAGVAR(hardcode_direct, $1)=no _LT_TAGVAR(hardcode_shlibpath_var, $1)=no _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc. # Instead, shared libraries are loaded at an image base (0x10000000 by # default) and relocated if they conflict, which is a slow very memory # consuming and fragmenting process. To avoid this, we pick a random, # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link # time. Moving up from 0x10000000 also allows more sbrk(2) space. _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' ;; irix5* | irix6*) case $cc_basename in CC*) # SGI C++ _LT_TAGVAR(archive_cmds, $1)='$CC -shared -all -multigot $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib' # Archives containing C++ object files must be created using # "CC -ar", where "CC" is the IRIX C++ compiler. This is # necessary to make sure instantiated templates are included # in the archive. _LT_TAGVAR(old_archive_cmds, $1)='$CC -ar -WR,-u -o $oldlib $oldobjs' ;; *) if test "$GXX" = yes; then if test "$with_gnu_ld" = no; then _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' else _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` -o $lib' fi fi _LT_TAGVAR(link_all_deplibs, $1)=yes ;; esac _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: _LT_TAGVAR(inherit_rpath, $1)=yes ;; linux* | k*bsd*-gnu | kopensolaris*-gnu) case $cc_basename in KCC*) # Kuck and Associates, Inc. (KAI) C++ Compiler # KCC will only create a shared library if the output file # ends with ".so" (or ".sl" for HP-UX), so rename the library # to its proper name (with version) after linking. _LT_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib ${wl}-retain-symbols-file,$export_symbols; mv \$templib $lib' # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. # # There doesn't appear to be a way to prevent this compiler from # explicitly linking system object files so we need to strip them # from the output so that they don't get included in the library # dependencies. output_verbose_link_cmd='templist=`$CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1 | $GREP "ld"`; rm -f libconftest$shared_ext; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' # Archives containing C++ object files must be created using # "CC -Bstatic", where "CC" is the KAI C++ compiler. _LT_TAGVAR(old_archive_cmds, $1)='$CC -Bstatic -o $oldlib $oldobjs' ;; icpc* | ecpc* ) # Intel C++ with_gnu_ld=yes # version 8.0 and above of icpc choke on multiply defined symbols # if we add $predep_objects and $postdep_objects, however 7.1 and # earlier do not add the objects themselves. case `$CC -V 2>&1` in *"Version 7."*) _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' ;; *) # Version 8.0 or newer tmp_idyn= case $host_cpu in ia64*) tmp_idyn=' -i_dynamic';; esac _LT_TAGVAR(archive_cmds, $1)='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' ;; esac _LT_TAGVAR(archive_cmds_need_lc, $1)=no _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive$convenience ${wl}--no-whole-archive' ;; pgCC* | pgcpp*) # Portland Group C++ compiler case `$CC -V` in *pgCC\ [[1-5]].* | *pgcpp\ [[1-5]].*) _LT_TAGVAR(prelink_cmds, $1)='tpldir=Template.dir~ rm -rf $tpldir~ $CC --prelink_objects --instantiation_dir $tpldir $objs $libobjs $compile_deplibs~ compile_command="$compile_command `find $tpldir -name \*.o | sort | $NL2SP`"' _LT_TAGVAR(old_archive_cmds, $1)='tpldir=Template.dir~ rm -rf $tpldir~ $CC --prelink_objects --instantiation_dir $tpldir $oldobjs$old_deplibs~ $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | sort | $NL2SP`~ $RANLIB $oldlib' _LT_TAGVAR(archive_cmds, $1)='tpldir=Template.dir~ rm -rf $tpldir~ $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~ $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='tpldir=Template.dir~ rm -rf $tpldir~ $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~ $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib' ;; *) # Version 6 and above use weak symbols _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib' ;; esac _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}--rpath ${wl}$libdir' _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive' ;; cxx*) # Compaq C++ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib ${wl}-retain-symbols-file $wl$export_symbols' runpath_var=LD_RUN_PATH _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. # # There doesn't appear to be a way to prevent this compiler from # explicitly linking system object files so we need to strip them # from the output so that they don't get included in the library # dependencies. output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld"`; templist=`func_echo_all "$templist" | $SED "s/\(^.*ld.*\)\( .*ld .*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "X$list" | $Xsed' ;; xl* | mpixl* | bgxl*) # IBM XL 8.0 on PPC, with GNU ld _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' _LT_TAGVAR(archive_cmds, $1)='$CC -qmkshrobj $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' if test "x$supports_anon_versioning" = xyes; then _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~ cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ echo "local: *; };" >> $output_objdir/$libname.ver~ $CC -qmkshrobj $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib' fi ;; *) case `$CC -V 2>&1 | sed 5q` in *Sun\ C*) # Sun C++ 5.9 _LT_TAGVAR(no_undefined_flag, $1)=' -zdefs' _LT_TAGVAR(archive_cmds, $1)='$CC -G${allow_undefined_flag} -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G${allow_undefined_flag} -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-retain-symbols-file ${wl}$export_symbols' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive' _LT_TAGVAR(compiler_needs_object, $1)=yes # Not sure whether something based on # $CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1 # would be better. output_verbose_link_cmd='func_echo_all' # Archives containing C++ object files must be created using # "CC -xar", where "CC" is the Sun C++ compiler. This is # necessary to make sure instantiated templates are included # in the archive. _LT_TAGVAR(old_archive_cmds, $1)='$CC -xar -o $oldlib $oldobjs' ;; esac ;; esac ;; lynxos*) # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; m88k*) # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; mvs*) case $cc_basename in cxx*) # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; *) # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; esac ;; netbsd*) if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $predep_objects $libobjs $deplibs $postdep_objects $linker_flags' wlarc= _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_shlibpath_var, $1)=no fi # Workaround some broken pre-1.5 toolchains output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP conftest.$objext | $SED -e "s:-lgcc -lc -lgcc::"' ;; *nto* | *qnx*) _LT_TAGVAR(ld_shlibs, $1)=yes ;; openbsd2*) # C++ shared libraries are fairly broken _LT_TAGVAR(ld_shlibs, $1)=no ;; openbsd*) if test -f /usr/libexec/ld.so; then _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_shlibpath_var, $1)=no _LT_TAGVAR(hardcode_direct_absolute, $1)=yes _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-retain-symbols-file,$export_symbols -o $lib' _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' _LT_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive' fi output_verbose_link_cmd=func_echo_all else _LT_TAGVAR(ld_shlibs, $1)=no fi ;; osf3* | osf4* | osf5*) case $cc_basename in KCC*) # Kuck and Associates, Inc. (KAI) C++ Compiler # KCC will only create a shared library if the output file # ends with ".so" (or ".sl" for HP-UX), so rename the library # to its proper name (with version) after linking. _LT_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo "$lib" | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: # Archives containing C++ object files must be created using # the KAI C++ compiler. case $host in osf3*) _LT_TAGVAR(old_archive_cmds, $1)='$CC -Bstatic -o $oldlib $oldobjs' ;; *) _LT_TAGVAR(old_archive_cmds, $1)='$CC -o $oldlib $oldobjs' ;; esac ;; RCC*) # Rational C++ 2.4.1 # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; cxx*) case $host in osf3*) _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*' _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $soname `test -n "$verstring" && func_echo_all "${wl}-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' ;; *) _LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*' _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done~ echo "-hidden">> $lib.exp~ $CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname ${wl}-input ${wl}$lib.exp `test -n "$verstring" && $ECHO "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib~ $RM $lib.exp' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir' ;; esac _LT_TAGVAR(hardcode_libdir_separator, $1)=: # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. # # There doesn't appear to be a way to prevent this compiler from # explicitly linking system object files so we need to strip them # from the output so that they don't get included in the library # dependencies. output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld" | $GREP -v "ld:"`; templist=`func_echo_all "$templist" | $SED "s/\(^.*ld.*\)\( .*ld.*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"' ;; *) if test "$GXX" = yes && test "$with_gnu_ld" = no; then _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*' case $host in osf3*) _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib ${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' ;; *) _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib ${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' ;; esac _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"' else # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no fi ;; esac ;; psos*) # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; sunos4*) case $cc_basename in CC*) # Sun C++ 4.x # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; lcc*) # Lucid # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; *) # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; esac ;; solaris*) case $cc_basename in CC* | sunCC*) # Sun C++ 4.2, 5.x and Centerline C++ _LT_TAGVAR(archive_cmds_need_lc,$1)=yes _LT_TAGVAR(no_undefined_flag, $1)=' -zdefs' _LT_TAGVAR(archive_cmds, $1)='$CC -G${allow_undefined_flag} -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ $CC -G${allow_undefined_flag} ${wl}-M ${wl}$lib.exp -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' _LT_TAGVAR(hardcode_shlibpath_var, $1)=no case $host_os in solaris2.[[0-5]] | solaris2.[[0-5]].*) ;; *) # The compiler driver will combine and reorder linker options, # but understands `-z linker_flag'. # Supported since Solaris 2.6 (maybe 2.5.1?) _LT_TAGVAR(whole_archive_flag_spec, $1)='-z allextract$convenience -z defaultextract' ;; esac _LT_TAGVAR(link_all_deplibs, $1)=yes output_verbose_link_cmd='func_echo_all' # Archives containing C++ object files must be created using # "CC -xar", where "CC" is the Sun C++ compiler. This is # necessary to make sure instantiated templates are included # in the archive. _LT_TAGVAR(old_archive_cmds, $1)='$CC -xar -o $oldlib $oldobjs' ;; gcx*) # Green Hills C++ Compiler _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib' # The C++ compiler must be used to create the archive. _LT_TAGVAR(old_archive_cmds, $1)='$CC $LDFLAGS -archive -o $oldlib $oldobjs' ;; *) # GNU C++ compiler with Solaris linker if test "$GXX" = yes && test "$with_gnu_ld" = no; then _LT_TAGVAR(no_undefined_flag, $1)=' ${wl}-z ${wl}defs' if $CC --version | $GREP -v '^2\.7' > /dev/null; then _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $LDFLAGS $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ $CC -shared $pic_flag -nostdlib ${wl}-M $wl$lib.exp -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp' # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"' else # g++ 2.7 appears to require `-G' NOT `-shared' on this # platform. _LT_TAGVAR(archive_cmds, $1)='$CC -G -nostdlib $LDFLAGS $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ $CC -G -nostdlib ${wl}-M $wl$lib.exp -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp' # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. output_verbose_link_cmd='$CC -G $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"' fi _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R $wl$libdir' case $host_os in solaris2.[[0-5]] | solaris2.[[0-5]].*) ;; *) _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}-z ${wl}allextract$convenience ${wl}-z ${wl}defaultextract' ;; esac fi ;; esac ;; sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[[01]].[[10]]* | unixware7* | sco3.2v5.0.[[024]]*) _LT_TAGVAR(no_undefined_flag, $1)='${wl}-z,text' _LT_TAGVAR(archive_cmds_need_lc, $1)=no _LT_TAGVAR(hardcode_shlibpath_var, $1)=no runpath_var='LD_RUN_PATH' case $cc_basename in CC*) _LT_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' ;; *) _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' ;; esac ;; sysv5* | sco3.2v5* | sco5v6*) # Note: We can NOT use -z defs as we might desire, because we do not # link with -lc, and that would cause any symbols used from libc to # always be unresolved, which means just about no library would # ever link correctly. If we're not using GNU ld we use -z text # though, which does catch some bad symbols but isn't as heavy-handed # as -z defs. _LT_TAGVAR(no_undefined_flag, $1)='${wl}-z,text' _LT_TAGVAR(allow_undefined_flag, $1)='${wl}-z,nodefs' _LT_TAGVAR(archive_cmds_need_lc, $1)=no _LT_TAGVAR(hardcode_shlibpath_var, $1)=no _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R,$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=':' _LT_TAGVAR(link_all_deplibs, $1)=yes _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-Bexport' runpath_var='LD_RUN_PATH' case $cc_basename in CC*) _LT_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' _LT_TAGVAR(old_archive_cmds, $1)='$CC -Tprelink_objects $oldobjs~ '"$_LT_TAGVAR(old_archive_cmds, $1)" _LT_TAGVAR(reload_cmds, $1)='$CC -Tprelink_objects $reload_objs~ '"$_LT_TAGVAR(reload_cmds, $1)" ;; *) _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' ;; esac ;; tandem*) case $cc_basename in NCC*) # NonStop-UX NCC 3.20 # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; *) # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; esac ;; vxworks*) # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; *) # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; esac AC_MSG_RESULT([$_LT_TAGVAR(ld_shlibs, $1)]) test "$_LT_TAGVAR(ld_shlibs, $1)" = no && can_build_shared=no _LT_TAGVAR(GCC, $1)="$GXX" _LT_TAGVAR(LD, $1)="$LD" ## CAVEAT EMPTOR: ## There is no encapsulation within the following macros, do not change ## the running order or otherwise move them around unless you know exactly ## what you are doing... _LT_SYS_HIDDEN_LIBDEPS($1) _LT_COMPILER_PIC($1) _LT_COMPILER_C_O($1) _LT_COMPILER_FILE_LOCKS($1) _LT_LINKER_SHLIBS($1) _LT_SYS_DYNAMIC_LINKER($1) _LT_LINKER_HARDCODE_LIBPATH($1) _LT_CONFIG($1) fi # test -n "$compiler" CC=$lt_save_CC CFLAGS=$lt_save_CFLAGS LDCXX=$LD LD=$lt_save_LD GCC=$lt_save_GCC with_gnu_ld=$lt_save_with_gnu_ld lt_cv_path_LDCXX=$lt_cv_path_LD lt_cv_path_LD=$lt_save_path_LD lt_cv_prog_gnu_ldcxx=$lt_cv_prog_gnu_ld lt_cv_prog_gnu_ld=$lt_save_with_gnu_ld fi # test "$_lt_caught_CXX_error" != yes AC_LANG_POP ])# _LT_LANG_CXX_CONFIG # _LT_FUNC_STRIPNAME_CNF # ---------------------- # func_stripname_cnf prefix suffix name # strip PREFIX and SUFFIX off of NAME. # PREFIX and SUFFIX must not contain globbing or regex special # characters, hashes, percent signs, but SUFFIX may contain a leading # dot (in which case that matches only a dot). # # This function is identical to the (non-XSI) version of func_stripname, # except this one can be used by m4 code that may be executed by configure, # rather than the libtool script. m4_defun([_LT_FUNC_STRIPNAME_CNF],[dnl AC_REQUIRE([_LT_DECL_SED]) AC_REQUIRE([_LT_PROG_ECHO_BACKSLASH]) func_stripname_cnf () { case ${2} in .*) func_stripname_result=`$ECHO "${3}" | $SED "s%^${1}%%; s%\\\\${2}\$%%"`;; *) func_stripname_result=`$ECHO "${3}" | $SED "s%^${1}%%; s%${2}\$%%"`;; esac } # func_stripname_cnf ])# _LT_FUNC_STRIPNAME_CNF # _LT_SYS_HIDDEN_LIBDEPS([TAGNAME]) # --------------------------------- # Figure out "hidden" library dependencies from verbose # compiler output when linking a shared library. # Parse the compiler output and extract the necessary # objects, libraries and library flags. m4_defun([_LT_SYS_HIDDEN_LIBDEPS], [m4_require([_LT_FILEUTILS_DEFAULTS])dnl AC_REQUIRE([_LT_FUNC_STRIPNAME_CNF])dnl # Dependencies to place before and after the object being linked: _LT_TAGVAR(predep_objects, $1)= _LT_TAGVAR(postdep_objects, $1)= _LT_TAGVAR(predeps, $1)= _LT_TAGVAR(postdeps, $1)= _LT_TAGVAR(compiler_lib_search_path, $1)= dnl we can't use the lt_simple_compile_test_code here, dnl because it contains code intended for an executable, dnl not a library. It's possible we should let each dnl tag define a new lt_????_link_test_code variable, dnl but it's only used here... m4_if([$1], [], [cat > conftest.$ac_ext <<_LT_EOF int a; void foo (void) { a = 0; } _LT_EOF ], [$1], [CXX], [cat > conftest.$ac_ext <<_LT_EOF class Foo { public: Foo (void) { a = 0; } private: int a; }; _LT_EOF ], [$1], [F77], [cat > conftest.$ac_ext <<_LT_EOF subroutine foo implicit none integer*4 a a=0 return end _LT_EOF ], [$1], [FC], [cat > conftest.$ac_ext <<_LT_EOF subroutine foo implicit none integer a a=0 return end _LT_EOF ], [$1], [GCJ], [cat > conftest.$ac_ext <<_LT_EOF public class foo { private int a; public void bar (void) { a = 0; } }; _LT_EOF ], [$1], [GO], [cat > conftest.$ac_ext <<_LT_EOF package foo func foo() { } _LT_EOF ]) _lt_libdeps_save_CFLAGS=$CFLAGS case "$CC $CFLAGS " in #( *\ -flto*\ *) CFLAGS="$CFLAGS -fno-lto" ;; *\ -fwhopr*\ *) CFLAGS="$CFLAGS -fno-whopr" ;; *\ -fuse-linker-plugin*\ *) CFLAGS="$CFLAGS -fno-use-linker-plugin" ;; esac dnl Parse the compiler output and extract the necessary dnl objects, libraries and library flags. if AC_TRY_EVAL(ac_compile); then # Parse the compiler output and extract the necessary # objects, libraries and library flags. # Sentinel used to keep track of whether or not we are before # the conftest object file. pre_test_object_deps_done=no for p in `eval "$output_verbose_link_cmd"`; do case ${prev}${p} in -L* | -R* | -l*) # Some compilers place space between "-{L,R}" and the path. # Remove the space. if test $p = "-L" || test $p = "-R"; then prev=$p continue fi # Expand the sysroot to ease extracting the directories later. if test -z "$prev"; then case $p in -L*) func_stripname_cnf '-L' '' "$p"; prev=-L; p=$func_stripname_result ;; -R*) func_stripname_cnf '-R' '' "$p"; prev=-R; p=$func_stripname_result ;; -l*) func_stripname_cnf '-l' '' "$p"; prev=-l; p=$func_stripname_result ;; esac fi case $p in =*) func_stripname_cnf '=' '' "$p"; p=$lt_sysroot$func_stripname_result ;; esac if test "$pre_test_object_deps_done" = no; then case ${prev} in -L | -R) # Internal compiler library paths should come after those # provided the user. The postdeps already come after the # user supplied libs so there is no need to process them. if test -z "$_LT_TAGVAR(compiler_lib_search_path, $1)"; then _LT_TAGVAR(compiler_lib_search_path, $1)="${prev}${p}" else _LT_TAGVAR(compiler_lib_search_path, $1)="${_LT_TAGVAR(compiler_lib_search_path, $1)} ${prev}${p}" fi ;; # The "-l" case would never come before the object being # linked, so don't bother handling this case. esac else if test -z "$_LT_TAGVAR(postdeps, $1)"; then _LT_TAGVAR(postdeps, $1)="${prev}${p}" else _LT_TAGVAR(postdeps, $1)="${_LT_TAGVAR(postdeps, $1)} ${prev}${p}" fi fi prev= ;; *.lto.$objext) ;; # Ignore GCC LTO objects *.$objext) # This assumes that the test object file only shows up # once in the compiler output. if test "$p" = "conftest.$objext"; then pre_test_object_deps_done=yes continue fi if test "$pre_test_object_deps_done" = no; then if test -z "$_LT_TAGVAR(predep_objects, $1)"; then _LT_TAGVAR(predep_objects, $1)="$p" else _LT_TAGVAR(predep_objects, $1)="$_LT_TAGVAR(predep_objects, $1) $p" fi else if test -z "$_LT_TAGVAR(postdep_objects, $1)"; then _LT_TAGVAR(postdep_objects, $1)="$p" else _LT_TAGVAR(postdep_objects, $1)="$_LT_TAGVAR(postdep_objects, $1) $p" fi fi ;; *) ;; # Ignore the rest. esac done # Clean up. rm -f a.out a.exe else echo "libtool.m4: error: problem compiling $1 test program" fi $RM -f confest.$objext CFLAGS=$_lt_libdeps_save_CFLAGS # PORTME: override above test on systems where it is broken m4_if([$1], [CXX], [case $host_os in interix[[3-9]]*) # Interix 3.5 installs completely hosed .la files for C++, so rather than # hack all around it, let's just trust "g++" to DTRT. _LT_TAGVAR(predep_objects,$1)= _LT_TAGVAR(postdep_objects,$1)= _LT_TAGVAR(postdeps,$1)= ;; linux*) case `$CC -V 2>&1 | sed 5q` in *Sun\ C*) # Sun C++ 5.9 # The more standards-conforming stlport4 library is # incompatible with the Cstd library. Avoid specifying # it if it's in CXXFLAGS. Ignore libCrun as # -library=stlport4 depends on it. case " $CXX $CXXFLAGS " in *" -library=stlport4 "*) solaris_use_stlport4=yes ;; esac if test "$solaris_use_stlport4" != yes; then _LT_TAGVAR(postdeps,$1)='-library=Cstd -library=Crun' fi ;; esac ;; solaris*) case $cc_basename in CC* | sunCC*) # The more standards-conforming stlport4 library is # incompatible with the Cstd library. Avoid specifying # it if it's in CXXFLAGS. Ignore libCrun as # -library=stlport4 depends on it. case " $CXX $CXXFLAGS " in *" -library=stlport4 "*) solaris_use_stlport4=yes ;; esac # Adding this requires a known-good setup of shared libraries for # Sun compiler versions before 5.6, else PIC objects from an old # archive will be linked into the output, leading to subtle bugs. if test "$solaris_use_stlport4" != yes; then _LT_TAGVAR(postdeps,$1)='-library=Cstd -library=Crun' fi ;; esac ;; esac ]) case " $_LT_TAGVAR(postdeps, $1) " in *" -lc "*) _LT_TAGVAR(archive_cmds_need_lc, $1)=no ;; esac _LT_TAGVAR(compiler_lib_search_dirs, $1)= if test -n "${_LT_TAGVAR(compiler_lib_search_path, $1)}"; then _LT_TAGVAR(compiler_lib_search_dirs, $1)=`echo " ${_LT_TAGVAR(compiler_lib_search_path, $1)}" | ${SED} -e 's! -L! !g' -e 's!^ !!'` fi _LT_TAGDECL([], [compiler_lib_search_dirs], [1], [The directories searched by this compiler when creating a shared library]) _LT_TAGDECL([], [predep_objects], [1], [Dependencies to place before and after the objects being linked to create a shared library]) _LT_TAGDECL([], [postdep_objects], [1]) _LT_TAGDECL([], [predeps], [1]) _LT_TAGDECL([], [postdeps], [1]) _LT_TAGDECL([], [compiler_lib_search_path], [1], [The library search path used internally by the compiler when linking a shared library]) ])# _LT_SYS_HIDDEN_LIBDEPS # _LT_LANG_F77_CONFIG([TAG]) # -------------------------- # Ensure that the configuration variables for a Fortran 77 compiler are # suitably defined. These variables are subsequently used by _LT_CONFIG # to write the compiler configuration to `libtool'. m4_defun([_LT_LANG_F77_CONFIG], [AC_LANG_PUSH(Fortran 77) if test -z "$F77" || test "X$F77" = "Xno"; then _lt_disable_F77=yes fi _LT_TAGVAR(archive_cmds_need_lc, $1)=no _LT_TAGVAR(allow_undefined_flag, $1)= _LT_TAGVAR(always_export_symbols, $1)=no _LT_TAGVAR(archive_expsym_cmds, $1)= _LT_TAGVAR(export_dynamic_flag_spec, $1)= _LT_TAGVAR(hardcode_direct, $1)=no _LT_TAGVAR(hardcode_direct_absolute, $1)=no _LT_TAGVAR(hardcode_libdir_flag_spec, $1)= _LT_TAGVAR(hardcode_libdir_separator, $1)= _LT_TAGVAR(hardcode_minus_L, $1)=no _LT_TAGVAR(hardcode_automatic, $1)=no _LT_TAGVAR(inherit_rpath, $1)=no _LT_TAGVAR(module_cmds, $1)= _LT_TAGVAR(module_expsym_cmds, $1)= _LT_TAGVAR(link_all_deplibs, $1)=unknown _LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds _LT_TAGVAR(reload_flag, $1)=$reload_flag _LT_TAGVAR(reload_cmds, $1)=$reload_cmds _LT_TAGVAR(no_undefined_flag, $1)= _LT_TAGVAR(whole_archive_flag_spec, $1)= _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no # Source file extension for f77 test sources. ac_ext=f # Object file extension for compiled f77 test sources. objext=o _LT_TAGVAR(objext, $1)=$objext # No sense in running all these tests if we already determined that # the F77 compiler isn't working. Some variables (like enable_shared) # are currently assumed to apply to all compilers on this platform, # and will be corrupted by setting them based on a non-working compiler. if test "$_lt_disable_F77" != yes; then # Code to be used in simple compile tests lt_simple_compile_test_code="\ subroutine t return end " # Code to be used in simple link tests lt_simple_link_test_code="\ program t end " # ltmain only uses $CC for tagged configurations so make sure $CC is set. _LT_TAG_COMPILER # save warnings/boilerplate of simple test code _LT_COMPILER_BOILERPLATE _LT_LINKER_BOILERPLATE # Allow CC to be a program name with arguments. lt_save_CC="$CC" lt_save_GCC=$GCC lt_save_CFLAGS=$CFLAGS CC=${F77-"f77"} CFLAGS=$FFLAGS compiler=$CC _LT_TAGVAR(compiler, $1)=$CC _LT_CC_BASENAME([$compiler]) GCC=$G77 if test -n "$compiler"; then AC_MSG_CHECKING([if libtool supports shared libraries]) AC_MSG_RESULT([$can_build_shared]) AC_MSG_CHECKING([whether to build shared libraries]) test "$can_build_shared" = "no" && enable_shared=no # On AIX, shared libraries and static libraries use the same namespace, and # are all built from PIC. case $host_os in aix3*) test "$enable_shared" = yes && enable_static=no if test -n "$RANLIB"; then archive_cmds="$archive_cmds~\$RANLIB \$lib" postinstall_cmds='$RANLIB $lib' fi ;; aix[[4-9]]*) if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then test "$enable_shared" = yes && enable_static=no fi ;; esac AC_MSG_RESULT([$enable_shared]) AC_MSG_CHECKING([whether to build static libraries]) # Make sure either enable_shared or enable_static is yes. test "$enable_shared" = yes || enable_static=yes AC_MSG_RESULT([$enable_static]) _LT_TAGVAR(GCC, $1)="$G77" _LT_TAGVAR(LD, $1)="$LD" ## CAVEAT EMPTOR: ## There is no encapsulation within the following macros, do not change ## the running order or otherwise move them around unless you know exactly ## what you are doing... _LT_COMPILER_PIC($1) _LT_COMPILER_C_O($1) _LT_COMPILER_FILE_LOCKS($1) _LT_LINKER_SHLIBS($1) _LT_SYS_DYNAMIC_LINKER($1) _LT_LINKER_HARDCODE_LIBPATH($1) _LT_CONFIG($1) fi # test -n "$compiler" GCC=$lt_save_GCC CC="$lt_save_CC" CFLAGS="$lt_save_CFLAGS" fi # test "$_lt_disable_F77" != yes AC_LANG_POP ])# _LT_LANG_F77_CONFIG # _LT_LANG_FC_CONFIG([TAG]) # ------------------------- # Ensure that the configuration variables for a Fortran compiler are # suitably defined. These variables are subsequently used by _LT_CONFIG # to write the compiler configuration to `libtool'. m4_defun([_LT_LANG_FC_CONFIG], [AC_LANG_PUSH(Fortran) if test -z "$FC" || test "X$FC" = "Xno"; then _lt_disable_FC=yes fi _LT_TAGVAR(archive_cmds_need_lc, $1)=no _LT_TAGVAR(allow_undefined_flag, $1)= _LT_TAGVAR(always_export_symbols, $1)=no _LT_TAGVAR(archive_expsym_cmds, $1)= _LT_TAGVAR(export_dynamic_flag_spec, $1)= _LT_TAGVAR(hardcode_direct, $1)=no _LT_TAGVAR(hardcode_direct_absolute, $1)=no _LT_TAGVAR(hardcode_libdir_flag_spec, $1)= _LT_TAGVAR(hardcode_libdir_separator, $1)= _LT_TAGVAR(hardcode_minus_L, $1)=no _LT_TAGVAR(hardcode_automatic, $1)=no _LT_TAGVAR(inherit_rpath, $1)=no _LT_TAGVAR(module_cmds, $1)= _LT_TAGVAR(module_expsym_cmds, $1)= _LT_TAGVAR(link_all_deplibs, $1)=unknown _LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds _LT_TAGVAR(reload_flag, $1)=$reload_flag _LT_TAGVAR(reload_cmds, $1)=$reload_cmds _LT_TAGVAR(no_undefined_flag, $1)= _LT_TAGVAR(whole_archive_flag_spec, $1)= _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no # Source file extension for fc test sources. ac_ext=${ac_fc_srcext-f} # Object file extension for compiled fc test sources. objext=o _LT_TAGVAR(objext, $1)=$objext # No sense in running all these tests if we already determined that # the FC compiler isn't working. Some variables (like enable_shared) # are currently assumed to apply to all compilers on this platform, # and will be corrupted by setting them based on a non-working compiler. if test "$_lt_disable_FC" != yes; then # Code to be used in simple compile tests lt_simple_compile_test_code="\ subroutine t return end " # Code to be used in simple link tests lt_simple_link_test_code="\ program t end " # ltmain only uses $CC for tagged configurations so make sure $CC is set. _LT_TAG_COMPILER # save warnings/boilerplate of simple test code _LT_COMPILER_BOILERPLATE _LT_LINKER_BOILERPLATE # Allow CC to be a program name with arguments. lt_save_CC="$CC" lt_save_GCC=$GCC lt_save_CFLAGS=$CFLAGS CC=${FC-"f95"} CFLAGS=$FCFLAGS compiler=$CC GCC=$ac_cv_fc_compiler_gnu _LT_TAGVAR(compiler, $1)=$CC _LT_CC_BASENAME([$compiler]) if test -n "$compiler"; then AC_MSG_CHECKING([if libtool supports shared libraries]) AC_MSG_RESULT([$can_build_shared]) AC_MSG_CHECKING([whether to build shared libraries]) test "$can_build_shared" = "no" && enable_shared=no # On AIX, shared libraries and static libraries use the same namespace, and # are all built from PIC. case $host_os in aix3*) test "$enable_shared" = yes && enable_static=no if test -n "$RANLIB"; then archive_cmds="$archive_cmds~\$RANLIB \$lib" postinstall_cmds='$RANLIB $lib' fi ;; aix[[4-9]]*) if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then test "$enable_shared" = yes && enable_static=no fi ;; esac AC_MSG_RESULT([$enable_shared]) AC_MSG_CHECKING([whether to build static libraries]) # Make sure either enable_shared or enable_static is yes. test "$enable_shared" = yes || enable_static=yes AC_MSG_RESULT([$enable_static]) _LT_TAGVAR(GCC, $1)="$ac_cv_fc_compiler_gnu" _LT_TAGVAR(LD, $1)="$LD" ## CAVEAT EMPTOR: ## There is no encapsulation within the following macros, do not change ## the running order or otherwise move them around unless you know exactly ## what you are doing... _LT_SYS_HIDDEN_LIBDEPS($1) _LT_COMPILER_PIC($1) _LT_COMPILER_C_O($1) _LT_COMPILER_FILE_LOCKS($1) _LT_LINKER_SHLIBS($1) _LT_SYS_DYNAMIC_LINKER($1) _LT_LINKER_HARDCODE_LIBPATH($1) _LT_CONFIG($1) fi # test -n "$compiler" GCC=$lt_save_GCC CC=$lt_save_CC CFLAGS=$lt_save_CFLAGS fi # test "$_lt_disable_FC" != yes AC_LANG_POP ])# _LT_LANG_FC_CONFIG # _LT_LANG_GCJ_CONFIG([TAG]) # -------------------------- # Ensure that the configuration variables for the GNU Java Compiler compiler # are suitably defined. These variables are subsequently used by _LT_CONFIG # to write the compiler configuration to `libtool'. m4_defun([_LT_LANG_GCJ_CONFIG], [AC_REQUIRE([LT_PROG_GCJ])dnl AC_LANG_SAVE # Source file extension for Java test sources. ac_ext=java # Object file extension for compiled Java test sources. objext=o _LT_TAGVAR(objext, $1)=$objext # Code to be used in simple compile tests lt_simple_compile_test_code="class foo {}" # Code to be used in simple link tests lt_simple_link_test_code='public class conftest { public static void main(String[[]] argv) {}; }' # ltmain only uses $CC for tagged configurations so make sure $CC is set. _LT_TAG_COMPILER # save warnings/boilerplate of simple test code _LT_COMPILER_BOILERPLATE _LT_LINKER_BOILERPLATE # Allow CC to be a program name with arguments. lt_save_CC=$CC lt_save_CFLAGS=$CFLAGS lt_save_GCC=$GCC GCC=yes CC=${GCJ-"gcj"} CFLAGS=$GCJFLAGS compiler=$CC _LT_TAGVAR(compiler, $1)=$CC _LT_TAGVAR(LD, $1)="$LD" _LT_CC_BASENAME([$compiler]) # GCJ did not exist at the time GCC didn't implicitly link libc in. _LT_TAGVAR(archive_cmds_need_lc, $1)=no _LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds _LT_TAGVAR(reload_flag, $1)=$reload_flag _LT_TAGVAR(reload_cmds, $1)=$reload_cmds ## CAVEAT EMPTOR: ## There is no encapsulation within the following macros, do not change ## the running order or otherwise move them around unless you know exactly ## what you are doing... if test -n "$compiler"; then _LT_COMPILER_NO_RTTI($1) _LT_COMPILER_PIC($1) _LT_COMPILER_C_O($1) _LT_COMPILER_FILE_LOCKS($1) _LT_LINKER_SHLIBS($1) _LT_LINKER_HARDCODE_LIBPATH($1) _LT_CONFIG($1) fi AC_LANG_RESTORE GCC=$lt_save_GCC CC=$lt_save_CC CFLAGS=$lt_save_CFLAGS ])# _LT_LANG_GCJ_CONFIG # _LT_LANG_GO_CONFIG([TAG]) # -------------------------- # Ensure that the configuration variables for the GNU Go compiler # are suitably defined. These variables are subsequently used by _LT_CONFIG # to write the compiler configuration to `libtool'. m4_defun([_LT_LANG_GO_CONFIG], [AC_REQUIRE([LT_PROG_GO])dnl AC_LANG_SAVE # Source file extension for Go test sources. ac_ext=go # Object file extension for compiled Go test sources. objext=o _LT_TAGVAR(objext, $1)=$objext # Code to be used in simple compile tests lt_simple_compile_test_code="package main; func main() { }" # Code to be used in simple link tests lt_simple_link_test_code='package main; func main() { }' # ltmain only uses $CC for tagged configurations so make sure $CC is set. _LT_TAG_COMPILER # save warnings/boilerplate of simple test code _LT_COMPILER_BOILERPLATE _LT_LINKER_BOILERPLATE # Allow CC to be a program name with arguments. lt_save_CC=$CC lt_save_CFLAGS=$CFLAGS lt_save_GCC=$GCC GCC=yes CC=${GOC-"gccgo"} CFLAGS=$GOFLAGS compiler=$CC _LT_TAGVAR(compiler, $1)=$CC _LT_TAGVAR(LD, $1)="$LD" _LT_CC_BASENAME([$compiler]) # Go did not exist at the time GCC didn't implicitly link libc in. _LT_TAGVAR(archive_cmds_need_lc, $1)=no _LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds _LT_TAGVAR(reload_flag, $1)=$reload_flag _LT_TAGVAR(reload_cmds, $1)=$reload_cmds ## CAVEAT EMPTOR: ## There is no encapsulation within the following macros, do not change ## the running order or otherwise move them around unless you know exactly ## what you are doing... if test -n "$compiler"; then _LT_COMPILER_NO_RTTI($1) _LT_COMPILER_PIC($1) _LT_COMPILER_C_O($1) _LT_COMPILER_FILE_LOCKS($1) _LT_LINKER_SHLIBS($1) _LT_LINKER_HARDCODE_LIBPATH($1) _LT_CONFIG($1) fi AC_LANG_RESTORE GCC=$lt_save_GCC CC=$lt_save_CC CFLAGS=$lt_save_CFLAGS ])# _LT_LANG_GO_CONFIG # _LT_LANG_RC_CONFIG([TAG]) # ------------------------- # Ensure that the configuration variables for the Windows resource compiler # are suitably defined. These variables are subsequently used by _LT_CONFIG # to write the compiler configuration to `libtool'. m4_defun([_LT_LANG_RC_CONFIG], [AC_REQUIRE([LT_PROG_RC])dnl AC_LANG_SAVE # Source file extension for RC test sources. ac_ext=rc # Object file extension for compiled RC test sources. objext=o _LT_TAGVAR(objext, $1)=$objext # Code to be used in simple compile tests lt_simple_compile_test_code='sample MENU { MENUITEM "&Soup", 100, CHECKED }' # Code to be used in simple link tests lt_simple_link_test_code="$lt_simple_compile_test_code" # ltmain only uses $CC for tagged configurations so make sure $CC is set. _LT_TAG_COMPILER # save warnings/boilerplate of simple test code _LT_COMPILER_BOILERPLATE _LT_LINKER_BOILERPLATE # Allow CC to be a program name with arguments. lt_save_CC="$CC" lt_save_CFLAGS=$CFLAGS lt_save_GCC=$GCC GCC= CC=${RC-"windres"} CFLAGS= compiler=$CC _LT_TAGVAR(compiler, $1)=$CC _LT_CC_BASENAME([$compiler]) _LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)=yes if test -n "$compiler"; then : _LT_CONFIG($1) fi GCC=$lt_save_GCC AC_LANG_RESTORE CC=$lt_save_CC CFLAGS=$lt_save_CFLAGS ])# _LT_LANG_RC_CONFIG # LT_PROG_GCJ # ----------- AC_DEFUN([LT_PROG_GCJ], [m4_ifdef([AC_PROG_GCJ], [AC_PROG_GCJ], [m4_ifdef([A][M_PROG_GCJ], [A][M_PROG_GCJ], [AC_CHECK_TOOL(GCJ, gcj,) test "x${GCJFLAGS+set}" = xset || GCJFLAGS="-g -O2" AC_SUBST(GCJFLAGS)])])[]dnl ]) # Old name: AU_ALIAS([LT_AC_PROG_GCJ], [LT_PROG_GCJ]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([LT_AC_PROG_GCJ], []) # LT_PROG_GO # ---------- AC_DEFUN([LT_PROG_GO], [AC_CHECK_TOOL(GOC, gccgo,) ]) # LT_PROG_RC # ---------- AC_DEFUN([LT_PROG_RC], [AC_CHECK_TOOL(RC, windres,) ]) # Old name: AU_ALIAS([LT_AC_PROG_RC], [LT_PROG_RC]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([LT_AC_PROG_RC], []) # _LT_DECL_EGREP # -------------- # If we don't have a new enough Autoconf to choose the best grep # available, choose the one first in the user's PATH. m4_defun([_LT_DECL_EGREP], [AC_REQUIRE([AC_PROG_EGREP])dnl AC_REQUIRE([AC_PROG_FGREP])dnl test -z "$GREP" && GREP=grep _LT_DECL([], [GREP], [1], [A grep program that handles long lines]) _LT_DECL([], [EGREP], [1], [An ERE matcher]) _LT_DECL([], [FGREP], [1], [A literal string matcher]) dnl Non-bleeding-edge autoconf doesn't subst GREP, so do it here too AC_SUBST([GREP]) ]) # _LT_DECL_OBJDUMP # -------------- # If we don't have a new enough Autoconf to choose the best objdump # available, choose the one first in the user's PATH. m4_defun([_LT_DECL_OBJDUMP], [AC_CHECK_TOOL(OBJDUMP, objdump, false) test -z "$OBJDUMP" && OBJDUMP=objdump _LT_DECL([], [OBJDUMP], [1], [An object symbol dumper]) AC_SUBST([OBJDUMP]) ]) # _LT_DECL_DLLTOOL # ---------------- # Ensure DLLTOOL variable is set. m4_defun([_LT_DECL_DLLTOOL], [AC_CHECK_TOOL(DLLTOOL, dlltool, false) test -z "$DLLTOOL" && DLLTOOL=dlltool _LT_DECL([], [DLLTOOL], [1], [DLL creation program]) AC_SUBST([DLLTOOL]) ]) # _LT_DECL_SED # ------------ # Check for a fully-functional sed program, that truncates # as few characters as possible. Prefer GNU sed if found. m4_defun([_LT_DECL_SED], [AC_PROG_SED test -z "$SED" && SED=sed Xsed="$SED -e 1s/^X//" _LT_DECL([], [SED], [1], [A sed program that does not truncate output]) _LT_DECL([], [Xsed], ["\$SED -e 1s/^X//"], [Sed that helps us avoid accidentally triggering echo(1) options like -n]) ])# _LT_DECL_SED m4_ifndef([AC_PROG_SED], [ ############################################################ # NOTE: This macro has been submitted for inclusion into # # GNU Autoconf as AC_PROG_SED. When it is available in # # a released version of Autoconf we should remove this # # macro and use it instead. # ############################################################ m4_defun([AC_PROG_SED], [AC_MSG_CHECKING([for a sed that does not truncate output]) AC_CACHE_VAL(lt_cv_path_SED, [# Loop through the user's path and test for sed and gsed. # Then use that list of sed's as ones to test for truncation. as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for lt_ac_prog in sed gsed; do for ac_exec_ext in '' $ac_executable_extensions; do if $as_executable_p "$as_dir/$lt_ac_prog$ac_exec_ext"; then lt_ac_sed_list="$lt_ac_sed_list $as_dir/$lt_ac_prog$ac_exec_ext" fi done done done IFS=$as_save_IFS lt_ac_max=0 lt_ac_count=0 # Add /usr/xpg4/bin/sed as it is typically found on Solaris # along with /bin/sed that truncates output. for lt_ac_sed in $lt_ac_sed_list /usr/xpg4/bin/sed; do test ! -f $lt_ac_sed && continue cat /dev/null > conftest.in lt_ac_count=0 echo $ECHO_N "0123456789$ECHO_C" >conftest.in # Check for GNU sed and select it if it is found. if "$lt_ac_sed" --version 2>&1 < /dev/null | grep 'GNU' > /dev/null; then lt_cv_path_SED=$lt_ac_sed break fi while true; do cat conftest.in conftest.in >conftest.tmp mv conftest.tmp conftest.in cp conftest.in conftest.nl echo >>conftest.nl $lt_ac_sed -e 's/a$//' < conftest.nl >conftest.out || break cmp -s conftest.out conftest.nl || break # 10000 chars as input seems more than enough test $lt_ac_count -gt 10 && break lt_ac_count=`expr $lt_ac_count + 1` if test $lt_ac_count -gt $lt_ac_max; then lt_ac_max=$lt_ac_count lt_cv_path_SED=$lt_ac_sed fi done done ]) SED=$lt_cv_path_SED AC_SUBST([SED]) AC_MSG_RESULT([$SED]) ])#AC_PROG_SED ])#m4_ifndef # Old name: AU_ALIAS([LT_AC_PROG_SED], [AC_PROG_SED]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([LT_AC_PROG_SED], []) # _LT_CHECK_SHELL_FEATURES # ------------------------ # Find out whether the shell is Bourne or XSI compatible, # or has some other useful features. m4_defun([_LT_CHECK_SHELL_FEATURES], [AC_MSG_CHECKING([whether the shell understands some XSI constructs]) # Try some XSI features xsi_shell=no ( _lt_dummy="a/b/c" test "${_lt_dummy##*/},${_lt_dummy%/*},${_lt_dummy#??}"${_lt_dummy%"$_lt_dummy"}, \ = c,a/b,b/c, \ && eval 'test $(( 1 + 1 )) -eq 2 \ && test "${#_lt_dummy}" -eq 5' ) >/dev/null 2>&1 \ && xsi_shell=yes AC_MSG_RESULT([$xsi_shell]) _LT_CONFIG_LIBTOOL_INIT([xsi_shell='$xsi_shell']) AC_MSG_CHECKING([whether the shell understands "+="]) lt_shell_append=no ( foo=bar; set foo baz; eval "$[1]+=\$[2]" && test "$foo" = barbaz ) \ >/dev/null 2>&1 \ && lt_shell_append=yes AC_MSG_RESULT([$lt_shell_append]) _LT_CONFIG_LIBTOOL_INIT([lt_shell_append='$lt_shell_append']) if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then lt_unset=unset else lt_unset=false fi _LT_DECL([], [lt_unset], [0], [whether the shell understands "unset"])dnl # test EBCDIC or ASCII case `echo X|tr X '\101'` in A) # ASCII based system # \n is not interpreted correctly by Solaris 8 /usr/ucb/tr lt_SP2NL='tr \040 \012' lt_NL2SP='tr \015\012 \040\040' ;; *) # EBCDIC based system lt_SP2NL='tr \100 \n' lt_NL2SP='tr \r\n \100\100' ;; esac _LT_DECL([SP2NL], [lt_SP2NL], [1], [turn spaces into newlines])dnl _LT_DECL([NL2SP], [lt_NL2SP], [1], [turn newlines into spaces])dnl ])# _LT_CHECK_SHELL_FEATURES # _LT_PROG_FUNCTION_REPLACE (FUNCNAME, REPLACEMENT-BODY) # ------------------------------------------------------ # In `$cfgfile', look for function FUNCNAME delimited by `^FUNCNAME ()$' and # '^} FUNCNAME ', and replace its body with REPLACEMENT-BODY. m4_defun([_LT_PROG_FUNCTION_REPLACE], [dnl { sed -e '/^$1 ()$/,/^} # $1 /c\ $1 ()\ {\ m4_bpatsubsts([$2], [$], [\\], [^\([ ]\)], [\\\1]) } # Extended-shell $1 implementation' "$cfgfile" > $cfgfile.tmp \ && mv -f "$cfgfile.tmp" "$cfgfile" \ || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") test 0 -eq $? || _lt_function_replace_fail=: ]) # _LT_PROG_REPLACE_SHELLFNS # ------------------------- # Replace existing portable implementations of several shell functions with # equivalent extended shell implementations where those features are available.. m4_defun([_LT_PROG_REPLACE_SHELLFNS], [if test x"$xsi_shell" = xyes; then _LT_PROG_FUNCTION_REPLACE([func_dirname], [dnl case ${1} in */*) func_dirname_result="${1%/*}${2}" ;; * ) func_dirname_result="${3}" ;; esac]) _LT_PROG_FUNCTION_REPLACE([func_basename], [dnl func_basename_result="${1##*/}"]) _LT_PROG_FUNCTION_REPLACE([func_dirname_and_basename], [dnl case ${1} in */*) func_dirname_result="${1%/*}${2}" ;; * ) func_dirname_result="${3}" ;; esac func_basename_result="${1##*/}"]) _LT_PROG_FUNCTION_REPLACE([func_stripname], [dnl # pdksh 5.2.14 does not do ${X%$Y} correctly if both X and Y are # positional parameters, so assign one to ordinary parameter first. func_stripname_result=${3} func_stripname_result=${func_stripname_result#"${1}"} func_stripname_result=${func_stripname_result%"${2}"}]) _LT_PROG_FUNCTION_REPLACE([func_split_long_opt], [dnl func_split_long_opt_name=${1%%=*} func_split_long_opt_arg=${1#*=}]) _LT_PROG_FUNCTION_REPLACE([func_split_short_opt], [dnl func_split_short_opt_arg=${1#??} func_split_short_opt_name=${1%"$func_split_short_opt_arg"}]) _LT_PROG_FUNCTION_REPLACE([func_lo2o], [dnl case ${1} in *.lo) func_lo2o_result=${1%.lo}.${objext} ;; *) func_lo2o_result=${1} ;; esac]) _LT_PROG_FUNCTION_REPLACE([func_xform], [ func_xform_result=${1%.*}.lo]) _LT_PROG_FUNCTION_REPLACE([func_arith], [ func_arith_result=$(( $[*] ))]) _LT_PROG_FUNCTION_REPLACE([func_len], [ func_len_result=${#1}]) fi if test x"$lt_shell_append" = xyes; then _LT_PROG_FUNCTION_REPLACE([func_append], [ eval "${1}+=\\${2}"]) _LT_PROG_FUNCTION_REPLACE([func_append_quoted], [dnl func_quote_for_eval "${2}" dnl m4 expansion turns \\\\ into \\, and then the shell eval turns that into \ eval "${1}+=\\\\ \\$func_quote_for_eval_result"]) # Save a `func_append' function call where possible by direct use of '+=' sed -e 's%func_append \([[a-zA-Z_]]\{1,\}\) "%\1+="%g' $cfgfile > $cfgfile.tmp \ && mv -f "$cfgfile.tmp" "$cfgfile" \ || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") test 0 -eq $? || _lt_function_replace_fail=: else # Save a `func_append' function call even when '+=' is not available sed -e 's%func_append \([[a-zA-Z_]]\{1,\}\) "%\1="$\1%g' $cfgfile > $cfgfile.tmp \ && mv -f "$cfgfile.tmp" "$cfgfile" \ || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") test 0 -eq $? || _lt_function_replace_fail=: fi if test x"$_lt_function_replace_fail" = x":"; then AC_MSG_WARN([Unable to substitute extended shell functions in $ofile]) fi ]) # _LT_PATH_CONVERSION_FUNCTIONS # ----------------------------- # Determine which file name conversion functions should be used by # func_to_host_file (and, implicitly, by func_to_host_path). These are needed # for certain cross-compile configurations and native mingw. m4_defun([_LT_PATH_CONVERSION_FUNCTIONS], [AC_REQUIRE([AC_CANONICAL_HOST])dnl AC_REQUIRE([AC_CANONICAL_BUILD])dnl AC_MSG_CHECKING([how to convert $build file names to $host format]) AC_CACHE_VAL(lt_cv_to_host_file_cmd, [case $host in *-*-mingw* ) case $build in *-*-mingw* ) # actually msys lt_cv_to_host_file_cmd=func_convert_file_msys_to_w32 ;; *-*-cygwin* ) lt_cv_to_host_file_cmd=func_convert_file_cygwin_to_w32 ;; * ) # otherwise, assume *nix lt_cv_to_host_file_cmd=func_convert_file_nix_to_w32 ;; esac ;; *-*-cygwin* ) case $build in *-*-mingw* ) # actually msys lt_cv_to_host_file_cmd=func_convert_file_msys_to_cygwin ;; *-*-cygwin* ) lt_cv_to_host_file_cmd=func_convert_file_noop ;; * ) # otherwise, assume *nix lt_cv_to_host_file_cmd=func_convert_file_nix_to_cygwin ;; esac ;; * ) # unhandled hosts (and "normal" native builds) lt_cv_to_host_file_cmd=func_convert_file_noop ;; esac ]) to_host_file_cmd=$lt_cv_to_host_file_cmd AC_MSG_RESULT([$lt_cv_to_host_file_cmd]) _LT_DECL([to_host_file_cmd], [lt_cv_to_host_file_cmd], [0], [convert $build file names to $host format])dnl AC_MSG_CHECKING([how to convert $build file names to toolchain format]) AC_CACHE_VAL(lt_cv_to_tool_file_cmd, [#assume ordinary cross tools, or native build. lt_cv_to_tool_file_cmd=func_convert_file_noop case $host in *-*-mingw* ) case $build in *-*-mingw* ) # actually msys lt_cv_to_tool_file_cmd=func_convert_file_msys_to_w32 ;; esac ;; esac ]) to_tool_file_cmd=$lt_cv_to_tool_file_cmd AC_MSG_RESULT([$lt_cv_to_tool_file_cmd]) _LT_DECL([to_tool_file_cmd], [lt_cv_to_tool_file_cmd], [0], [convert $build files to toolchain format])dnl ])# _LT_PATH_CONVERSION_FUNCTIONS myproxy-6.2.16/m4/lt~obsolete.m40000644000175100017510000001375614557142524013441 00000000000000# lt~obsolete.m4 -- aclocal satisfying obsolete definitions. -*-Autoconf-*- # # Copyright (C) 2004, 2005, 2007, 2009 Free Software Foundation, Inc. # Written by Scott James Remnant, 2004. # # This file is free software; the Free Software Foundation gives # unlimited permission to copy and/or distribute it, with or without # modifications, as long as this notice is preserved. # serial 5 lt~obsolete.m4 # These exist entirely to fool aclocal when bootstrapping libtool. # # In the past libtool.m4 has provided macros via AC_DEFUN (or AU_DEFUN) # which have later been changed to m4_define as they aren't part of the # exported API, or moved to Autoconf or Automake where they belong. # # The trouble is, aclocal is a bit thick. It'll see the old AC_DEFUN # in /usr/share/aclocal/libtool.m4 and remember it, then when it sees us # using a macro with the same name in our local m4/libtool.m4 it'll # pull the old libtool.m4 in (it doesn't see our shiny new m4_define # and doesn't know about Autoconf macros at all.) # # So we provide this file, which has a silly filename so it's always # included after everything else. This provides aclocal with the # AC_DEFUNs it wants, but when m4 processes it, it doesn't do anything # because those macros already exist, or will be overwritten later. # We use AC_DEFUN over AU_DEFUN for compatibility with aclocal-1.6. # # Anytime we withdraw an AC_DEFUN or AU_DEFUN, remember to add it here. # Yes, that means every name once taken will need to remain here until # we give up compatibility with versions before 1.7, at which point # we need to keep only those names which we still refer to. # This is to help aclocal find these macros, as it can't see m4_define. AC_DEFUN([LTOBSOLETE_VERSION], [m4_if([1])]) m4_ifndef([AC_LIBTOOL_LINKER_OPTION], [AC_DEFUN([AC_LIBTOOL_LINKER_OPTION])]) m4_ifndef([AC_PROG_EGREP], [AC_DEFUN([AC_PROG_EGREP])]) m4_ifndef([_LT_AC_PROG_ECHO_BACKSLASH], [AC_DEFUN([_LT_AC_PROG_ECHO_BACKSLASH])]) m4_ifndef([_LT_AC_SHELL_INIT], [AC_DEFUN([_LT_AC_SHELL_INIT])]) m4_ifndef([_LT_AC_SYS_LIBPATH_AIX], [AC_DEFUN([_LT_AC_SYS_LIBPATH_AIX])]) m4_ifndef([_LT_PROG_LTMAIN], [AC_DEFUN([_LT_PROG_LTMAIN])]) m4_ifndef([_LT_AC_TAGVAR], [AC_DEFUN([_LT_AC_TAGVAR])]) m4_ifndef([AC_LTDL_ENABLE_INSTALL], [AC_DEFUN([AC_LTDL_ENABLE_INSTALL])]) m4_ifndef([AC_LTDL_PREOPEN], [AC_DEFUN([AC_LTDL_PREOPEN])]) m4_ifndef([_LT_AC_SYS_COMPILER], [AC_DEFUN([_LT_AC_SYS_COMPILER])]) m4_ifndef([_LT_AC_LOCK], [AC_DEFUN([_LT_AC_LOCK])]) m4_ifndef([AC_LIBTOOL_SYS_OLD_ARCHIVE], [AC_DEFUN([AC_LIBTOOL_SYS_OLD_ARCHIVE])]) m4_ifndef([_LT_AC_TRY_DLOPEN_SELF], [AC_DEFUN([_LT_AC_TRY_DLOPEN_SELF])]) m4_ifndef([AC_LIBTOOL_PROG_CC_C_O], [AC_DEFUN([AC_LIBTOOL_PROG_CC_C_O])]) m4_ifndef([AC_LIBTOOL_SYS_HARD_LINK_LOCKS], [AC_DEFUN([AC_LIBTOOL_SYS_HARD_LINK_LOCKS])]) m4_ifndef([AC_LIBTOOL_OBJDIR], [AC_DEFUN([AC_LIBTOOL_OBJDIR])]) m4_ifndef([AC_LTDL_OBJDIR], [AC_DEFUN([AC_LTDL_OBJDIR])]) m4_ifndef([AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH], [AC_DEFUN([AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH])]) m4_ifndef([AC_LIBTOOL_SYS_LIB_STRIP], [AC_DEFUN([AC_LIBTOOL_SYS_LIB_STRIP])]) m4_ifndef([AC_PATH_MAGIC], [AC_DEFUN([AC_PATH_MAGIC])]) m4_ifndef([AC_PROG_LD_GNU], [AC_DEFUN([AC_PROG_LD_GNU])]) m4_ifndef([AC_PROG_LD_RELOAD_FLAG], [AC_DEFUN([AC_PROG_LD_RELOAD_FLAG])]) m4_ifndef([AC_DEPLIBS_CHECK_METHOD], [AC_DEFUN([AC_DEPLIBS_CHECK_METHOD])]) m4_ifndef([AC_LIBTOOL_PROG_COMPILER_NO_RTTI], [AC_DEFUN([AC_LIBTOOL_PROG_COMPILER_NO_RTTI])]) m4_ifndef([AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE], [AC_DEFUN([AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE])]) m4_ifndef([AC_LIBTOOL_PROG_COMPILER_PIC], [AC_DEFUN([AC_LIBTOOL_PROG_COMPILER_PIC])]) m4_ifndef([AC_LIBTOOL_PROG_LD_SHLIBS], [AC_DEFUN([AC_LIBTOOL_PROG_LD_SHLIBS])]) m4_ifndef([AC_LIBTOOL_POSTDEP_PREDEP], [AC_DEFUN([AC_LIBTOOL_POSTDEP_PREDEP])]) m4_ifndef([LT_AC_PROG_EGREP], [AC_DEFUN([LT_AC_PROG_EGREP])]) m4_ifndef([LT_AC_PROG_SED], [AC_DEFUN([LT_AC_PROG_SED])]) m4_ifndef([_LT_CC_BASENAME], [AC_DEFUN([_LT_CC_BASENAME])]) m4_ifndef([_LT_COMPILER_BOILERPLATE], [AC_DEFUN([_LT_COMPILER_BOILERPLATE])]) m4_ifndef([_LT_LINKER_BOILERPLATE], [AC_DEFUN([_LT_LINKER_BOILERPLATE])]) m4_ifndef([_AC_PROG_LIBTOOL], [AC_DEFUN([_AC_PROG_LIBTOOL])]) m4_ifndef([AC_LIBTOOL_SETUP], [AC_DEFUN([AC_LIBTOOL_SETUP])]) m4_ifndef([_LT_AC_CHECK_DLFCN], [AC_DEFUN([_LT_AC_CHECK_DLFCN])]) m4_ifndef([AC_LIBTOOL_SYS_DYNAMIC_LINKER], [AC_DEFUN([AC_LIBTOOL_SYS_DYNAMIC_LINKER])]) m4_ifndef([_LT_AC_TAGCONFIG], [AC_DEFUN([_LT_AC_TAGCONFIG])]) m4_ifndef([AC_DISABLE_FAST_INSTALL], [AC_DEFUN([AC_DISABLE_FAST_INSTALL])]) m4_ifndef([_LT_AC_LANG_CXX], [AC_DEFUN([_LT_AC_LANG_CXX])]) m4_ifndef([_LT_AC_LANG_F77], [AC_DEFUN([_LT_AC_LANG_F77])]) m4_ifndef([_LT_AC_LANG_GCJ], [AC_DEFUN([_LT_AC_LANG_GCJ])]) m4_ifndef([AC_LIBTOOL_LANG_C_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_C_CONFIG])]) m4_ifndef([_LT_AC_LANG_C_CONFIG], [AC_DEFUN([_LT_AC_LANG_C_CONFIG])]) m4_ifndef([AC_LIBTOOL_LANG_CXX_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_CXX_CONFIG])]) m4_ifndef([_LT_AC_LANG_CXX_CONFIG], [AC_DEFUN([_LT_AC_LANG_CXX_CONFIG])]) m4_ifndef([AC_LIBTOOL_LANG_F77_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_F77_CONFIG])]) m4_ifndef([_LT_AC_LANG_F77_CONFIG], [AC_DEFUN([_LT_AC_LANG_F77_CONFIG])]) m4_ifndef([AC_LIBTOOL_LANG_GCJ_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_GCJ_CONFIG])]) m4_ifndef([_LT_AC_LANG_GCJ_CONFIG], [AC_DEFUN([_LT_AC_LANG_GCJ_CONFIG])]) m4_ifndef([AC_LIBTOOL_LANG_RC_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_RC_CONFIG])]) m4_ifndef([_LT_AC_LANG_RC_CONFIG], [AC_DEFUN([_LT_AC_LANG_RC_CONFIG])]) m4_ifndef([AC_LIBTOOL_CONFIG], [AC_DEFUN([AC_LIBTOOL_CONFIG])]) m4_ifndef([_LT_AC_FILE_LTDLL_C], [AC_DEFUN([_LT_AC_FILE_LTDLL_C])]) m4_ifndef([_LT_REQUIRED_DARWIN_CHECKS], [AC_DEFUN([_LT_REQUIRED_DARWIN_CHECKS])]) m4_ifndef([_LT_AC_PROG_CXXCPP], [AC_DEFUN([_LT_AC_PROG_CXXCPP])]) m4_ifndef([_LT_PREPARE_SED_QUOTE_VARS], [AC_DEFUN([_LT_PREPARE_SED_QUOTE_VARS])]) m4_ifndef([_LT_PROG_ECHO_BACKSLASH], [AC_DEFUN([_LT_PROG_ECHO_BACKSLASH])]) m4_ifndef([_LT_PROG_F77], [AC_DEFUN([_LT_PROG_F77])]) m4_ifndef([_LT_PROG_FC], [AC_DEFUN([_LT_PROG_FC])]) m4_ifndef([_LT_PROG_CXX], [AC_DEFUN([_LT_PROG_CXX])]) myproxy-6.2.16/vomsclient.c0000644000175100017510000005326614557142036012632 00000000000000#include "myproxy_common.h" void get_voms_proxy(myproxy_socket_attrs_t *attrs, myproxy_creds_t *creds, myproxy_request_t *request, myproxy_response_t *response, myproxy_server_context_t *config); int voms_init_delegation(myproxy_socket_attrs_t *attrs, const char *delegfile, const int lifetime_seconds, char *passphrase, char *voname, char *vomses, char *voms_userconf); int voms_contact(SSL_CREDENTIALS *creds, int lifetime, char *voname, char *vomses, char *voms_userconf, unsigned char **aclist, int *aclist_length); static void voms_put_error_message(struct vomsdata *vd, int err) { char *error_message = NULL; error_message = VOMS_ErrorMessage(vd, err, NULL, 0); if (error_message != NULL) { myproxy_debug("%s", error_message); free(error_message); } } /* * get the user info for specified vo */ static int voms_get_user_info(struct vomsdata *vd, voms_command_t *command, char *vomses_path) { int return_code = 1; int i; int result = 0, err = 0; struct contactdata **servers = NULL; servers = VOMS_FindByAlias(vd, command->vo, NULL, vomses_path, &err); if (servers == NULL) { verror_put_string("Error finding voms server info."); voms_put_error_message(vd, err); goto done; } myproxy_debug("Retrieve %s VO", command->vo); for (i = 0; servers[i] != NULL; i++) { struct contactdata *info = servers[i]; myproxy_debug("Contact to VOMS Server: %s", info->host); result = VOMS_Contact(info->host, info->port, info->contact, command->command, vd, &err); if (result) { /* if contact succeded jumps to other VOs */ return_code = 0; break; } myproxy_debug("Failed to contact: %s", info->host); voms_put_error_message(vd, err); } if (servers != NULL) { VOMS_DeleteContacts(servers); } done: return return_code; } static int credential_write_to_temporary(SSL_CREDENTIALS *creds, char *template) { int fd = -1; int return_status = 1; unsigned char *buffer = NULL; int buffer_len; assert(creds != NULL); assert(template != NULL); fd = mkstemp(template); if (fd == -1) { verror_put_string("Error creating %s", template); verror_put_errno(errno); goto done; } if (ssl_proxy_to_pem(creds, &buffer, &buffer_len, NULL) == SSL_ERROR) { goto error; } if (write(fd, buffer, buffer_len) == -1) { verror_put_errno(errno); verror_put_string("Error writing proxy to %s", template); goto error; } return_status = SSL_SUCCESS; error: if (buffer != NULL) { free(buffer); } if (fd != -1) { if (close(fd) < 0) { verror_put_errno(errno); return_status = SSL_ERROR; } if (return_status == SSL_ERROR) { ssl_proxy_file_destroy(template); } } done: return return_status; } static int vomses_write_to_temporary(char *vomses, char *template) { int fd = -1; int return_status = 1; assert(vomses != NULL); fd = mkstemp(template); if (fd == -1) { verror_put_string("Error creating %s", template); verror_put_errno(errno); goto done; } if (write(fd, vomses, strlen(vomses)) == -1) { verror_put_errno(errno); verror_put_string("Error writing vomses to %s", template); goto error; } return_status = 0; error: if (fd != -1) { if (close(fd) < 0) { verror_put_errno(errno); return_status = 1; } if (return_status != 0) { unlink(template); } } done: return return_status; } static int decide_proxy_lifetime(myproxy_request_t *request, myproxy_creds_t *creds, myproxy_server_context_t *config) { int max_proxy_lifetime = config->max_proxy_lifetime; int lifetime = 0; if (request->proxy_lifetime > 0) { lifetime = request->proxy_lifetime; } if (creds->lifetime > 0) { if (lifetime > 0) { lifetime = MIN(lifetime, creds->lifetime); } else { lifetime = creds->lifetime; } } if (max_proxy_lifetime > 0) { if (lifetime > 0) { lifetime = MIN(lifetime, max_proxy_lifetime); } else { lifetime = max_proxy_lifetime; } } return lifetime; } static char * voms_get_role_command(const char *str) { char *buf = NULL; char *p_role = NULL; size_t buf_len, role_len;; int i = 0; if ((str == NULL) || (str[0] == '\0')) { return NULL; } p_role = strstr(str, "/Role="); if ((p_role == NULL) || (p_role != str)) { return NULL; } p_role += 6; if (p_role[0] == '\0') { return NULL; } role_len = strlen(p_role); buf_len = role_len + 2; buf = (char *)malloc(buf_len); if (buf == NULL) { return NULL; } memset(buf, '\0', buf_len); buf[i++] = 'R'; memcpy(&buf[i], p_role, role_len); return buf; } static char * voms_get_mapping_command(const char *str) { char *buf = NULL; char *p_role = NULL; size_t buf_len = 0, group_len = 0, role_len = 0; int i = 0; if ((str == NULL) || (str[0] == '\0')) { return NULL; } p_role = strstr(str, "/Role="); if (p_role == NULL) { return NULL; } group_len = p_role - str; buf_len = 0; p_role += 6; if (p_role[0] == '\0') { return NULL; } role_len = strlen(p_role); buf_len = group_len + role_len; if (str[0] == '/') { buf_len += 3; /* 'B',':','\0' */ } else { buf_len += 4; /* 'B','/',':','\0' */ } buf = (char *)malloc(buf_len); if (buf == NULL) { return NULL; } memset(buf, '\0', buf_len); buf[i++] = 'B'; if (str[0] != '/') { buf[i++] = '/'; } memcpy(&buf[i], str, group_len); i += group_len; buf[i++] = ':'; memcpy(&buf[i], p_role, role_len); return buf; } static char * voms_get_group_command(const char *str) { char *buf = NULL; size_t buf_len = 0, str_len = 0; int i = 0; if ((str == NULL) || (str[0] == '\0')) { return NULL; } str_len = strlen(str); if (str[0] == '/') { buf_len = str_len + 2; } else { buf_len = str_len + 3; } buf = (char *)malloc(buf_len); if (buf == NULL) { return NULL; } memset(buf, '\0', buf_len); buf[i++] = 'G'; if (str[0] != '/') { buf[i++] = '/'; } memcpy(&buf[i], str, str_len); buf_len = strlen(buf); if (buf[buf_len-1] == '/') { buf[buf_len-1] = '\0'; } return buf; } static char * voms_convert_command(const char *str) { char *p = NULL; char *result = NULL; if (str == NULL) { return NULL; } p = strstr(str, "/Capability="); if (p != NULL) { verror_put_string("Error capability selection not supported"); return NULL; } p = strstr(str, "/Role="); if (p != NULL) { if (p == str) { result = voms_get_role_command(str); } else { result = voms_get_mapping_command(str); } } else { result = voms_get_group_command(str); } return result; } static int voms_parse_command(const char *voms, char **vo, char **command) { int result = 1; char *p_colon = NULL; p_colon = strchr(voms, ':'); if (p_colon == NULL) { *vo = strdup(voms); if (*vo == NULL) { goto error; } *command = voms_convert_command(voms); if (*command == NULL) { goto error; } } else { size_t vo_len = p_colon - voms; *vo = (char *)malloc(vo_len+1); if (*vo == NULL) { goto error; } strncpy(*vo, voms, vo_len); (*vo)[vo_len] = '\0'; *command = voms_convert_command(p_colon+1); if (*command == NULL) { goto error; } } result = 0; error: if ((result == 1) && (*vo != NULL)) { free(*vo); } if ((result == 1) && (*command != NULL)) { free(*command); } return result; } static voms_command_t * voms_command_list_find(voms_command_t *head, const char *vo) { if (head == NULL) { return NULL; } voms_command_t *curr = head; while (curr != NULL) { if (strcmp(curr->vo, vo) == 0) { break; } curr = curr->next; } return curr; } static voms_command_t * voms_command_new(const char *vo, const char *cmd) { voms_command_t *node = NULL; node = (voms_command_t *)malloc(sizeof(voms_command_t)); if (node == NULL) { return NULL ; } node->vo = strdup(vo); node->command = strdup(cmd); node->next = NULL; return node; } static void voms_command_list_free(voms_command_t *head) { if (head == NULL) { return ; } voms_command_t *current = head; while (current != NULL) { voms_command_t *next = current->next; if (current->vo != NULL) { free(current->vo); } if (current->command != NULL) { free(current->command); } free(current); current = next; } } static int voms_command_list_add(voms_command_t **headRef, const char *vo, const char *cmd) { int result = 1; voms_command_t *node = NULL; voms_command_t *current = *headRef; if (current == NULL) { node = voms_command_new(vo, cmd); if (node != NULL) { *headRef = node; result = 0; } } else { node = voms_command_list_find(current, vo); if (node != NULL) { /* Append command to the node */ my_append(&(node->command), ",", cmd, NULL); result = 0; } else { /* Create and Add a new node to last */ node = voms_command_new(vo, cmd); if (node != NULL) { while(current->next != NULL) { current = current->next; } current->next = node; result = 0; } } } return result; } static voms_command_t * voms_command_list_new(const char *voname) { char *wk_voname = NULL; char *token = NULL; voms_command_t *head = NULL; int result = 1; wk_voname = strdup(voname); if (wk_voname == NULL) { goto done; } token = strtok(wk_voname, "\n"); while (token != NULL) { int parse_result = 1; int add_result = 1; char *vo = NULL, *cmd = NULL; parse_result = voms_parse_command(token, &vo, &cmd); if (parse_result) { verror_put_string("Error voms_parse_command"); goto error; } add_result = voms_command_list_add(&head, vo, cmd); if (vo) free(vo); if (cmd) free(cmd); if (add_result) { verror_put_string("Error voms_command_list_add"); goto error; } token = strtok(NULL, "\n"); } result = 0; error: if (wk_voname != NULL) { free(wk_voname); } if ((result == 1) && (head != NULL)) { voms_command_list_free(head); } done: return head; } static int get_AC_SEQ(struct vomsdata *vd, unsigned char **aclist, int *aclist_length) { int result = 1; int j; int len = 0; AC_SEQ *acseq = NULL; acseq = AC_SEQ_new(); if (acseq == NULL) { verror_put_string("Couldn't allocate AC_SEQ"); goto error; } for (j = 0; vd->data[j] != NULL; j++) { AC *ac = VOMS_GetAC( vd->data[j] ); if (ac == NULL) { verror_put_string("VOMS_GetAC failed."); } else { if (! sk_AC_push(acseq->acs, ac) ) { verror_put_string("sk_AC_push failed"); } } } /* convert AC_SEQ to DER-form */ len = i2d_AC_SEQ(acseq, NULL); if (len < 0) { verror_put_string("i2d_AC_SEQ return nagative value"); } else { unsigned char *p = NULL; p = (unsigned char*)malloc(len); if (p == NULL) { verror_put_string("Couldn't allocate for AC_SEQ"); } else { *aclist = p; i2d_AC_SEQ(acseq, &p); } } *aclist_length = len; if (aclist == NULL) { verror_put_string("Couldn't get User's info from voms servers"); goto error; } result = 0; error: if (acseq != NULL) { AC_SEQ_free(acseq); } return result; } /* * Get VOMS User info * * @param aclist DER-encoded AC-sequence * @param aclist_length length of aclist * Returns 0 on success or 1 on error. */ int voms_contact(SSL_CREDENTIALS *creds, int lifetime, char *voname, char *vomses, char *voms_userconf, unsigned char **aclist, int *aclist_length) { int return_code = 1; int verify_ac = 0; struct vomsdata *vd = NULL; int err; int result = 1; int is_write_temp_vomses = 0; char *old_ucert = NULL, *old_ukey = NULL; char *tmp_dir = "/tmp/"; char *cred_path = NULL; char *vomses_path = NULL; voms_command_t *vo_list = NULL; voms_command_t *current = NULL; if (voname == NULL) { verror_put_string("NULL voname passed to function"); goto done; } vd = VOMS_Init(DEFAULT_VOMS_DIR, DEFAULT_CACERT_DIR); if (vd == NULL) { verror_put_string("VOMS_Init failed."); goto done; } if ( ssl_creds_certificate_is_proxy(creds) ) { myproxy_debug("Stored Credential is Proxy. VOMS AC doesn't verify."); verify_ac = VERIFY_NONE; } else { verify_ac = VERIFY_FULL; } result = VOMS_SetVerificationType(verify_ac, vd, &err); if (! result) { verror_put_string("VOMS_SetVerificationType is failed."); voms_put_error_message(vd, err); goto error; } result = VOMS_SetLifetime(lifetime, vd, &err); if (result == 0) { verror_put_string("VOMS_SetLifeime is failed"); goto error; } /* Get contactdata */ if (vomses != NULL) { if (my_append(&vomses_path, tmp_dir, "vomses-tmp.XXXXXX", NULL) < 0) { verror_put_string("Error creating vomses_path"); goto error; } if ( vomses_write_to_temporary(vomses, vomses_path) != 0 ) { verror_put_string("Couldn't create temporary vomses"); goto error; } is_write_temp_vomses = 1; } else { if (voms_userconf == NULL) { verror_put_string("No VOMS Server Information"); goto error; } vomses_path = strdup(voms_userconf); if (vomses_path == NULL) { verror_put_string("Error duplicating voms_userconf"); goto error; } } if ( my_append(&cred_path, tmp_dir, "x509up_uXXXXXX", NULL) < 0) { verror_put_string("Error creating cred_path"); goto error; } /* Set X509_USER_CERT, X509_USER_KEY */ old_ucert = getenv("X509_USER_CERT"); old_ukey = getenv("X509_USER_KEY"); /* Save credential (cert & private key) to cred_path cred_path is modified on success. */ if ( credential_write_to_temporary(creds, cred_path) != SSL_SUCCESS ) { verror_put_string("Couldn't store proxy to %s", cred_path); goto error; } setenv("X509_USER_CERT", cred_path, 1); setenv("X509_USER_KEY", cred_path, 1); /* Contact to VOMS server */ vo_list = voms_command_list_new(voname); if (vo_list == NULL) { verror_put_string("Error voms_command_list_new"); goto error; } myproxy_debug("retrieving VOMS User Information."); for (current = vo_list; current != NULL; current = current->next) { if ( voms_get_user_info(vd, current, vomses_path) != 0) { verror_put_string("Couldn't get user information for %s VO.", current->vo); goto error; } } /* Get User's Info */ if (vd->data == NULL) { verror_put_string("Error User's info is NULL."); goto error; } if (get_AC_SEQ(vd, aclist, aclist_length) != 0) { verror_put_string("Error get_AC_SEQ"); goto error; } /* Success */ return_code = 0; error: if (vd != NULL) { VOMS_Destroy(vd); } if (vo_list != NULL) { voms_command_list_free(vo_list); } if (cred_path != NULL) { /* destroy tmporary proxy */ ssl_proxy_file_destroy(cred_path); free(cred_path); } if (vomses_path != NULL) { if (is_write_temp_vomses == 1) { unlink(vomses_path); } free(vomses_path); } if (old_ucert != NULL) { setenv("X509_USER_CERT", old_ucert, 1); } else { unsetenv("X509_USER_CERT"); } if (old_ukey != NULL) { setenv("X509_USER_KEY", old_ukey, 1); } else { unsetenv("X509_USER_KEY"); } done: return return_code; } /* Delegate requested credentials to the client */ void get_voms_proxy(myproxy_socket_attrs_t *attrs, myproxy_creds_t *creds, myproxy_request_t *request, myproxy_response_t *response, myproxy_server_context_t *config) { int lifetime = 0; lifetime = decide_proxy_lifetime(request, creds, config); if (voms_init_delegation(attrs, creds->location, lifetime, request->passphrase, request->voname, request->vomses, config->voms_userconf) < 0) { response->response_type = MYPROXY_ERROR_RESPONSE; response->error_string = strdup( verror_get_string() ); } else { myproxy_log("Delegating credentials for %s lifetime=%d", creds->owner_name, lifetime); response->response_type = MYPROXY_OK_RESPONSE; } return ; } static X509_EXTENSION * voms_create_AC_SEQ_X509_EXTENSION(unsigned char *acseq, int acseq_length) { ASN1_OCTET_STRING *ac_DER_string = NULL; X509_EXTENSION *ext = NULL; ac_DER_string = ASN1_OCTET_STRING_new(); if (ac_DER_string == NULL) { verror_put_string("Couldn't create new ASN.1 octet string for the AC"); goto error; } ac_DER_string->data = (unsigned char*)malloc(acseq_length); if (ac_DER_string->data == NULL) { verror_put_string("Couldn't allocate ASN1_OCTET"); goto error; } memcpy(ac_DER_string->data, acseq, acseq_length); ac_DER_string->length = acseq_length; ext = X509_EXTENSION_create_by_NID(NULL, OBJ_txt2nid("acseq"), 0, ac_DER_string); if (ext == NULL) { ssl_error_to_verror(); goto error; } error: if (ac_DER_string != NULL) { ASN1_OCTET_STRING_free(ac_DER_string); } return ext; } static int voms_contact_ext(const char *source_credentials, const int lifetime, char *passphrase, char *voname, char *vomses, char *voms_userconf) { int result = 1; SSL_CREDENTIALS *creds = NULL; unsigned char *acseq= NULL; int acseq_length = 0; X509_EXTENSION *ext = NULL; /* Load proxy we are going to use to contact voms server. */ creds = ssl_credentials_new(); if (creds == NULL) { goto done; } if (ssl_proxy_load_from_file(creds, source_credentials, passphrase) == SSL_ERROR) { goto done; } /* Get VOMS UserInfo */ if ( voms_contact(creds, lifetime, voname, vomses, voms_userconf, &acseq, &acseq_length) ) { goto error; } /* Cerate X509_Extension */ ext = voms_create_AC_SEQ_X509_EXTENSION(acseq, acseq_length); if (ext == NULL) { verror_put_string("Couldn't create AC_SEQ extension."); goto error; } if ( myproxy_add_extension(ext) != 0) { verror_put_string("Couldn't add AC_SEQ to myproxy_extensions."); goto error; } result = 0; error: if (acseq != NULL) { free(acseq); } if (creds != NULL) { ssl_credentials_destroy(creds); } if (ext != NULL) { X509_EXTENSION_free(ext); } done: return result; } int voms_init_delegation(myproxy_socket_attrs_t *attrs, const char *delegfile, const int lifetime, char *passphrase, char *voname, char *vomses, char *voms_userconf) { char error_string[1024]; if (attrs == NULL) return -1; if (voname == NULL) return -1; if (voms_contact_ext(delegfile, lifetime, passphrase, voname, vomses, voms_userconf)) { verror_put_string("Couldn't get VOMS User Information."); return -1; } if (GSI_SOCKET_delegation_init_ext(attrs->gsi_socket, delegfile, lifetime, passphrase) == GSI_SOCKET_ERROR) { GSI_SOCKET_get_error_string(attrs->gsi_socket, error_string, sizeof(error_string)); myproxy_log_verror(); verror_clear(); verror_put_string("Error delegating credentials: %s\n", error_string); return -1; } return 0; } myproxy-6.2.16/aclocal.m40000644000175100017510000013032014557142525012131 00000000000000# generated automatically by aclocal 1.13.4 -*- Autoconf -*- # Copyright (C) 1996-2013 Free Software Foundation, Inc. # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. m4_ifndef([AC_CONFIG_MACRO_DIRS], [m4_defun([_AM_CONFIG_MACRO_DIRS], [])m4_defun([AC_CONFIG_MACRO_DIRS], [_AM_CONFIG_MACRO_DIRS($@)])]) m4_ifndef([AC_AUTOCONF_VERSION], [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl m4_if(m4_defn([AC_AUTOCONF_VERSION]), [2.69],, [m4_warning([this file was generated for autoconf 2.69. You have another version of autoconf. It may work, but is not guaranteed to. If you have problems, you may need to regenerate the build system entirely. To do so, use the procedure documented by the package, typically 'autoreconf'.])]) # pkg.m4 - Macros to locate and utilise pkg-config. -*- Autoconf -*- # serial 1 (pkg-config-0.24) # # Copyright © 2004 Scott James Remnant . # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. # # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under # the same distribution terms that you use for the rest of that program. # PKG_PROG_PKG_CONFIG([MIN-VERSION]) # ---------------------------------- AC_DEFUN([PKG_PROG_PKG_CONFIG], [m4_pattern_forbid([^_?PKG_[A-Z_]+$]) m4_pattern_allow([^PKG_CONFIG(_(PATH|LIBDIR|SYSROOT_DIR|ALLOW_SYSTEM_(CFLAGS|LIBS)))?$]) m4_pattern_allow([^PKG_CONFIG_(DISABLE_UNINSTALLED|TOP_BUILD_DIR|DEBUG_SPEW)$]) AC_ARG_VAR([PKG_CONFIG], [path to pkg-config utility]) AC_ARG_VAR([PKG_CONFIG_PATH], [directories to add to pkg-config's search path]) AC_ARG_VAR([PKG_CONFIG_LIBDIR], [path overriding pkg-config's built-in search path]) if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then AC_PATH_TOOL([PKG_CONFIG], [pkg-config]) fi if test -n "$PKG_CONFIG"; then _pkg_min_version=m4_default([$1], [0.9.0]) AC_MSG_CHECKING([pkg-config is at least version $_pkg_min_version]) if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then AC_MSG_RESULT([yes]) else AC_MSG_RESULT([no]) PKG_CONFIG="" fi fi[]dnl ])# PKG_PROG_PKG_CONFIG # PKG_CHECK_EXISTS(MODULES, [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND]) # # Check to see whether a particular set of modules exists. Similar # to PKG_CHECK_MODULES(), but does not set variables or print errors. # # Please remember that m4 expands AC_REQUIRE([PKG_PROG_PKG_CONFIG]) # only at the first occurence in configure.ac, so if the first place # it's called might be skipped (such as if it is within an "if", you # have to call PKG_CHECK_EXISTS manually # -------------------------------------------------------------- AC_DEFUN([PKG_CHECK_EXISTS], [AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl if test -n "$PKG_CONFIG" && \ AC_RUN_LOG([$PKG_CONFIG --exists --print-errors "$1"]); then m4_default([$2], [:]) m4_ifvaln([$3], [else $3])dnl fi]) # _PKG_CONFIG([VARIABLE], [COMMAND], [MODULES]) # --------------------------------------------- m4_define([_PKG_CONFIG], [if test -n "$$1"; then pkg_cv_[]$1="$$1" elif test -n "$PKG_CONFIG"; then PKG_CHECK_EXISTS([$3], [pkg_cv_[]$1=`$PKG_CONFIG --[]$2 "$3" 2>/dev/null` test "x$?" != "x0" && pkg_failed=yes ], [pkg_failed=yes]) else pkg_failed=untried fi[]dnl ])# _PKG_CONFIG # _PKG_SHORT_ERRORS_SUPPORTED # ----------------------------- AC_DEFUN([_PKG_SHORT_ERRORS_SUPPORTED], [AC_REQUIRE([PKG_PROG_PKG_CONFIG]) if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then _pkg_short_errors_supported=yes else _pkg_short_errors_supported=no fi[]dnl ])# _PKG_SHORT_ERRORS_SUPPORTED # PKG_CHECK_MODULES(VARIABLE-PREFIX, MODULES, [ACTION-IF-FOUND], # [ACTION-IF-NOT-FOUND]) # # # Note that if there is a possibility the first call to # PKG_CHECK_MODULES might not happen, you should be sure to include an # explicit call to PKG_PROG_PKG_CONFIG in your configure.ac # # # -------------------------------------------------------------- AC_DEFUN([PKG_CHECK_MODULES], [AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl AC_ARG_VAR([$1][_CFLAGS], [C compiler flags for $1, overriding pkg-config])dnl AC_ARG_VAR([$1][_LIBS], [linker flags for $1, overriding pkg-config])dnl pkg_failed=no AC_MSG_CHECKING([for $1]) _PKG_CONFIG([$1][_CFLAGS], [cflags], [$2]) _PKG_CONFIG([$1][_LIBS], [libs], [$2]) m4_define([_PKG_TEXT], [Alternatively, you may set the environment variables $1[]_CFLAGS and $1[]_LIBS to avoid the need to call pkg-config. See the pkg-config man page for more details.]) if test $pkg_failed = yes; then AC_MSG_RESULT([no]) _PKG_SHORT_ERRORS_SUPPORTED if test $_pkg_short_errors_supported = yes; then $1[]_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "$2" 2>&1` else $1[]_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "$2" 2>&1` fi # Put the nasty error message in config.log where it belongs echo "$$1[]_PKG_ERRORS" >&AS_MESSAGE_LOG_FD m4_default([$4], [AC_MSG_ERROR( [Package requirements ($2) were not met: $$1_PKG_ERRORS Consider adjusting the PKG_CONFIG_PATH environment variable if you installed software in a non-standard prefix. _PKG_TEXT])[]dnl ]) elif test $pkg_failed = untried; then AC_MSG_RESULT([no]) m4_default([$4], [AC_MSG_FAILURE( [The pkg-config script could not be found or is too old. Make sure it is in your PATH or set the PKG_CONFIG environment variable to the full path to pkg-config. _PKG_TEXT To get pkg-config, see .])[]dnl ]) else $1[]_CFLAGS=$pkg_cv_[]$1[]_CFLAGS $1[]_LIBS=$pkg_cv_[]$1[]_LIBS AC_MSG_RESULT([yes]) $3 fi[]dnl ])# PKG_CHECK_MODULES # PKG_INSTALLDIR(DIRECTORY) # ------------------------- # Substitutes the variable pkgconfigdir as the location where a module # should install pkg-config .pc files. By default the directory is # $libdir/pkgconfig, but the default can be changed by passing # DIRECTORY. The user can override through the --with-pkgconfigdir # parameter. AC_DEFUN([PKG_INSTALLDIR], [m4_pushdef([pkg_default], [m4_default([$1], ['${libdir}/pkgconfig'])]) m4_pushdef([pkg_description], [pkg-config installation directory @<:@]pkg_default[@:>@]) AC_ARG_WITH([pkgconfigdir], [AS_HELP_STRING([--with-pkgconfigdir], pkg_description)],, [with_pkgconfigdir=]pkg_default) AC_SUBST([pkgconfigdir], [$with_pkgconfigdir]) m4_popdef([pkg_default]) m4_popdef([pkg_description]) ]) dnl PKG_INSTALLDIR # PKG_NOARCH_INSTALLDIR(DIRECTORY) # ------------------------- # Substitutes the variable noarch_pkgconfigdir as the location where a # module should install arch-independent pkg-config .pc files. By # default the directory is $datadir/pkgconfig, but the default can be # changed by passing DIRECTORY. The user can override through the # --with-noarch-pkgconfigdir parameter. AC_DEFUN([PKG_NOARCH_INSTALLDIR], [m4_pushdef([pkg_default], [m4_default([$1], ['${datadir}/pkgconfig'])]) m4_pushdef([pkg_description], [pkg-config arch-independent installation directory @<:@]pkg_default[@:>@]) AC_ARG_WITH([noarch-pkgconfigdir], [AS_HELP_STRING([--with-noarch-pkgconfigdir], pkg_description)],, [with_noarch_pkgconfigdir=]pkg_default) AC_SUBST([noarch_pkgconfigdir], [$with_noarch_pkgconfigdir]) m4_popdef([pkg_default]) m4_popdef([pkg_description]) ]) dnl PKG_NOARCH_INSTALLDIR # Copyright (C) 2002-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # AM_AUTOMAKE_VERSION(VERSION) # ---------------------------- # Automake X.Y traces this macro to ensure aclocal.m4 has been # generated from the m4 files accompanying Automake X.Y. # (This private macro should not be called outside this file.) AC_DEFUN([AM_AUTOMAKE_VERSION], [am__api_version='1.13' dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to dnl require some minimum version. Point them to the right macro. m4_if([$1], [1.13.4], [], [AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl ]) # _AM_AUTOCONF_VERSION(VERSION) # ----------------------------- # aclocal traces this macro to find the Autoconf version. # This is a private macro too. Using m4_define simplifies # the logic in aclocal, which can simply ignore this definition. m4_define([_AM_AUTOCONF_VERSION], []) # AM_SET_CURRENT_AUTOMAKE_VERSION # ------------------------------- # Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced. # This function is AC_REQUIREd by AM_INIT_AUTOMAKE. AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION], [AM_AUTOMAKE_VERSION([1.13.4])dnl m4_ifndef([AC_AUTOCONF_VERSION], [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl _AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))]) # AM_AUX_DIR_EXPAND -*- Autoconf -*- # Copyright (C) 2001-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # For projects using AC_CONFIG_AUX_DIR([foo]), Autoconf sets # $ac_aux_dir to '$srcdir/foo'. In other projects, it is set to # '$srcdir', '$srcdir/..', or '$srcdir/../..'. # # Of course, Automake must honor this variable whenever it calls a # tool from the auxiliary directory. The problem is that $srcdir (and # therefore $ac_aux_dir as well) can be either absolute or relative, # depending on how configure is run. This is pretty annoying, since # it makes $ac_aux_dir quite unusable in subdirectories: in the top # source directory, any form will work fine, but in subdirectories a # relative path needs to be adjusted first. # # $ac_aux_dir/missing # fails when called from a subdirectory if $ac_aux_dir is relative # $top_srcdir/$ac_aux_dir/missing # fails if $ac_aux_dir is absolute, # fails when called from a subdirectory in a VPATH build with # a relative $ac_aux_dir # # The reason of the latter failure is that $top_srcdir and $ac_aux_dir # are both prefixed by $srcdir. In an in-source build this is usually # harmless because $srcdir is '.', but things will broke when you # start a VPATH build or use an absolute $srcdir. # # So we could use something similar to $top_srcdir/$ac_aux_dir/missing, # iff we strip the leading $srcdir from $ac_aux_dir. That would be: # am_aux_dir='\$(top_srcdir)/'`expr "$ac_aux_dir" : "$srcdir//*\(.*\)"` # and then we would define $MISSING as # MISSING="\${SHELL} $am_aux_dir/missing" # This will work as long as MISSING is not called from configure, because # unfortunately $(top_srcdir) has no meaning in configure. # However there are other variables, like CC, which are often used in # configure, and could therefore not use this "fixed" $ac_aux_dir. # # Another solution, used here, is to always expand $ac_aux_dir to an # absolute PATH. The drawback is that using absolute paths prevent a # configured tree to be moved without reconfiguration. AC_DEFUN([AM_AUX_DIR_EXPAND], [dnl Rely on autoconf to set up CDPATH properly. AC_PREREQ([2.50])dnl # expand $ac_aux_dir to an absolute path am_aux_dir=`cd $ac_aux_dir && pwd` ]) # AM_CONDITIONAL -*- Autoconf -*- # Copyright (C) 1997-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # AM_CONDITIONAL(NAME, SHELL-CONDITION) # ------------------------------------- # Define a conditional. AC_DEFUN([AM_CONDITIONAL], [AC_PREREQ([2.52])dnl m4_if([$1], [TRUE], [AC_FATAL([$0: invalid condition: $1])], [$1], [FALSE], [AC_FATAL([$0: invalid condition: $1])])dnl AC_SUBST([$1_TRUE])dnl AC_SUBST([$1_FALSE])dnl _AM_SUBST_NOTMAKE([$1_TRUE])dnl _AM_SUBST_NOTMAKE([$1_FALSE])dnl m4_define([_AM_COND_VALUE_$1], [$2])dnl if $2; then $1_TRUE= $1_FALSE='#' else $1_TRUE='#' $1_FALSE= fi AC_CONFIG_COMMANDS_PRE( [if test -z "${$1_TRUE}" && test -z "${$1_FALSE}"; then AC_MSG_ERROR([[conditional "$1" was never defined. Usually this means the macro was only invoked conditionally.]]) fi])]) # Copyright (C) 1999-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # There are a few dirty hacks below to avoid letting 'AC_PROG_CC' be # written in clear, in which case automake, when reading aclocal.m4, # will think it sees a *use*, and therefore will trigger all it's # C support machinery. Also note that it means that autoscan, seeing # CC etc. in the Makefile, will ask for an AC_PROG_CC use... # _AM_DEPENDENCIES(NAME) # ---------------------- # See how the compiler implements dependency checking. # NAME is "CC", "CXX", "OBJC", "OBJCXX", "UPC", or "GJC". # We try a few techniques and use that to set a single cache variable. # # We don't AC_REQUIRE the corresponding AC_PROG_CC since the latter was # modified to invoke _AM_DEPENDENCIES(CC); we would have a circular # dependency, and given that the user is not expected to run this macro, # just rely on AC_PROG_CC. AC_DEFUN([_AM_DEPENDENCIES], [AC_REQUIRE([AM_SET_DEPDIR])dnl AC_REQUIRE([AM_OUTPUT_DEPENDENCY_COMMANDS])dnl AC_REQUIRE([AM_MAKE_INCLUDE])dnl AC_REQUIRE([AM_DEP_TRACK])dnl m4_if([$1], [CC], [depcc="$CC" am_compiler_list=], [$1], [CXX], [depcc="$CXX" am_compiler_list=], [$1], [OBJC], [depcc="$OBJC" am_compiler_list='gcc3 gcc'], [$1], [OBJCXX], [depcc="$OBJCXX" am_compiler_list='gcc3 gcc'], [$1], [UPC], [depcc="$UPC" am_compiler_list=], [$1], [GCJ], [depcc="$GCJ" am_compiler_list='gcc3 gcc'], [depcc="$$1" am_compiler_list=]) AC_CACHE_CHECK([dependency style of $depcc], [am_cv_$1_dependencies_compiler_type], [if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then # We make a subdir and do the tests there. Otherwise we can end up # making bogus files that we don't know about and never remove. For # instance it was reported that on HP-UX the gcc test will end up # making a dummy file named 'D' -- because '-MD' means "put the output # in D". rm -rf conftest.dir mkdir conftest.dir # Copy depcomp to subdir because otherwise we won't find it if we're # using a relative directory. cp "$am_depcomp" conftest.dir cd conftest.dir # We will build objects and dependencies in a subdirectory because # it helps to detect inapplicable dependency modes. For instance # both Tru64's cc and ICC support -MD to output dependencies as a # side effect of compilation, but ICC will put the dependencies in # the current directory while Tru64 will put them in the object # directory. mkdir sub am_cv_$1_dependencies_compiler_type=none if test "$am_compiler_list" = ""; then am_compiler_list=`sed -n ['s/^#*\([a-zA-Z0-9]*\))$/\1/p'] < ./depcomp` fi am__universal=false m4_case([$1], [CC], [case " $depcc " in #( *\ -arch\ *\ -arch\ *) am__universal=true ;; esac], [CXX], [case " $depcc " in #( *\ -arch\ *\ -arch\ *) am__universal=true ;; esac]) for depmode in $am_compiler_list; do # Setup a source with many dependencies, because some compilers # like to wrap large dependency lists on column 80 (with \), and # we should not choose a depcomp mode which is confused by this. # # We need to recreate these files for each test, as the compiler may # overwrite some of them when testing with obscure command lines. # This happens at least with the AIX C compiler. : > sub/conftest.c for i in 1 2 3 4 5 6; do echo '#include "conftst'$i'.h"' >> sub/conftest.c # Using ": > sub/conftst$i.h" creates only sub/conftst1.h with # Solaris 10 /bin/sh. echo '/* dummy */' > sub/conftst$i.h done echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf # We check with '-c' and '-o' for the sake of the "dashmstdout" # mode. It turns out that the SunPro C++ compiler does not properly # handle '-M -o', and we need to detect this. Also, some Intel # versions had trouble with output in subdirs. am__obj=sub/conftest.${OBJEXT-o} am__minus_obj="-o $am__obj" case $depmode in gcc) # This depmode causes a compiler race in universal mode. test "$am__universal" = false || continue ;; nosideeffect) # After this tag, mechanisms are not by side-effect, so they'll # only be used when explicitly requested. if test "x$enable_dependency_tracking" = xyes; then continue else break fi ;; msvc7 | msvc7msys | msvisualcpp | msvcmsys) # This compiler won't grok '-c -o', but also, the minuso test has # not run yet. These depmodes are late enough in the game, and # so weak that their functioning should not be impacted. am__obj=conftest.${OBJEXT-o} am__minus_obj= ;; none) break ;; esac if depmode=$depmode \ source=sub/conftest.c object=$am__obj \ depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \ $SHELL ./depcomp $depcc -c $am__minus_obj sub/conftest.c \ >/dev/null 2>conftest.err && grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 && grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 && grep $am__obj sub/conftest.Po > /dev/null 2>&1 && ${MAKE-make} -s -f confmf > /dev/null 2>&1; then # icc doesn't choke on unknown options, it will just issue warnings # or remarks (even with -Werror). So we grep stderr for any message # that says an option was ignored or not supported. # When given -MP, icc 7.0 and 7.1 complain thusly: # icc: Command line warning: ignoring option '-M'; no argument required # The diagnosis changed in icc 8.0: # icc: Command line remark: option '-MP' not supported if (grep 'ignoring option' conftest.err || grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else am_cv_$1_dependencies_compiler_type=$depmode break fi fi done cd .. rm -rf conftest.dir else am_cv_$1_dependencies_compiler_type=none fi ]) AC_SUBST([$1DEPMODE], [depmode=$am_cv_$1_dependencies_compiler_type]) AM_CONDITIONAL([am__fastdep$1], [ test "x$enable_dependency_tracking" != xno \ && test "$am_cv_$1_dependencies_compiler_type" = gcc3]) ]) # AM_SET_DEPDIR # ------------- # Choose a directory name for dependency files. # This macro is AC_REQUIREd in _AM_DEPENDENCIES. AC_DEFUN([AM_SET_DEPDIR], [AC_REQUIRE([AM_SET_LEADING_DOT])dnl AC_SUBST([DEPDIR], ["${am__leading_dot}deps"])dnl ]) # AM_DEP_TRACK # ------------ AC_DEFUN([AM_DEP_TRACK], [AC_ARG_ENABLE([dependency-tracking], [dnl AS_HELP_STRING( [--enable-dependency-tracking], [do not reject slow dependency extractors]) AS_HELP_STRING( [--disable-dependency-tracking], [speeds up one-time build])]) if test "x$enable_dependency_tracking" != xno; then am_depcomp="$ac_aux_dir/depcomp" AMDEPBACKSLASH='\' am__nodep='_no' fi AM_CONDITIONAL([AMDEP], [test "x$enable_dependency_tracking" != xno]) AC_SUBST([AMDEPBACKSLASH])dnl _AM_SUBST_NOTMAKE([AMDEPBACKSLASH])dnl AC_SUBST([am__nodep])dnl _AM_SUBST_NOTMAKE([am__nodep])dnl ]) # Generate code to set up dependency tracking. -*- Autoconf -*- # Copyright (C) 1999-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # _AM_OUTPUT_DEPENDENCY_COMMANDS # ------------------------------ AC_DEFUN([_AM_OUTPUT_DEPENDENCY_COMMANDS], [{ # Older Autoconf quotes --file arguments for eval, but not when files # are listed without --file. Let's play safe and only enable the eval # if we detect the quoting. case $CONFIG_FILES in *\'*) eval set x "$CONFIG_FILES" ;; *) set x $CONFIG_FILES ;; esac shift for mf do # Strip MF so we end up with the name of the file. mf=`echo "$mf" | sed -e 's/:.*$//'` # Check whether this is an Automake generated Makefile or not. # We used to match only the files named 'Makefile.in', but # some people rename them; so instead we look at the file content. # Grep'ing the first line is not enough: some people post-process # each Makefile.in and add a new line on top of each file to say so. # Grep'ing the whole file is not good either: AIX grep has a line # limit of 2048, but all sed's we know have understand at least 4000. if sed -n 's,^#.*generated by automake.*,X,p' "$mf" | grep X >/dev/null 2>&1; then dirpart=`AS_DIRNAME("$mf")` else continue fi # Extract the definition of DEPDIR, am__include, and am__quote # from the Makefile without running 'make'. DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"` test -z "$DEPDIR" && continue am__include=`sed -n 's/^am__include = //p' < "$mf"` test -z "$am__include" && continue am__quote=`sed -n 's/^am__quote = //p' < "$mf"` # Find all dependency output files, they are included files with # $(DEPDIR) in their names. We invoke sed twice because it is the # simplest approach to changing $(DEPDIR) to its actual value in the # expansion. for file in `sed -n " s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \ sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g'`; do # Make sure the directory exists. test -f "$dirpart/$file" && continue fdir=`AS_DIRNAME(["$file"])` AS_MKDIR_P([$dirpart/$fdir]) # echo "creating $dirpart/$file" echo '# dummy' > "$dirpart/$file" done done } ])# _AM_OUTPUT_DEPENDENCY_COMMANDS # AM_OUTPUT_DEPENDENCY_COMMANDS # ----------------------------- # This macro should only be invoked once -- use via AC_REQUIRE. # # This code is only required when automatic dependency tracking # is enabled. FIXME. This creates each '.P' file that we will # need in order to bootstrap the dependency handling code. AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS], [AC_CONFIG_COMMANDS([depfiles], [test x"$AMDEP_TRUE" != x"" || _AM_OUTPUT_DEPENDENCY_COMMANDS], [AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir"]) ]) # Do all the work for Automake. -*- Autoconf -*- # Copyright (C) 1996-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This macro actually does too much. Some checks are only needed if # your package does certain things. But this isn't really a big deal. # AM_INIT_AUTOMAKE(PACKAGE, VERSION, [NO-DEFINE]) # AM_INIT_AUTOMAKE([OPTIONS]) # ----------------------------------------------- # The call with PACKAGE and VERSION arguments is the old style # call (pre autoconf-2.50), which is being phased out. PACKAGE # and VERSION should now be passed to AC_INIT and removed from # the call to AM_INIT_AUTOMAKE. # We support both call styles for the transition. After # the next Automake release, Autoconf can make the AC_INIT # arguments mandatory, and then we can depend on a new Autoconf # release and drop the old call support. AC_DEFUN([AM_INIT_AUTOMAKE], [AC_PREREQ([2.65])dnl dnl Autoconf wants to disallow AM_ names. We explicitly allow dnl the ones we care about. m4_pattern_allow([^AM_[A-Z]+FLAGS$])dnl AC_REQUIRE([AM_SET_CURRENT_AUTOMAKE_VERSION])dnl AC_REQUIRE([AC_PROG_INSTALL])dnl if test "`cd $srcdir && pwd`" != "`pwd`"; then # Use -I$(srcdir) only when $(srcdir) != ., so that make's output # is not polluted with repeated "-I." AC_SUBST([am__isrc], [' -I$(srcdir)'])_AM_SUBST_NOTMAKE([am__isrc])dnl # test to see if srcdir already configured if test -f $srcdir/config.status; then AC_MSG_ERROR([source directory already configured; run "make distclean" there first]) fi fi # test whether we have cygpath if test -z "$CYGPATH_W"; then if (cygpath --version) >/dev/null 2>/dev/null; then CYGPATH_W='cygpath -w' else CYGPATH_W=echo fi fi AC_SUBST([CYGPATH_W]) # Define the identity of the package. dnl Distinguish between old-style and new-style calls. m4_ifval([$2], [AC_DIAGNOSE([obsolete], [$0: two- and three-arguments forms are deprecated.]) m4_ifval([$3], [_AM_SET_OPTION([no-define])])dnl AC_SUBST([PACKAGE], [$1])dnl AC_SUBST([VERSION], [$2])], [_AM_SET_OPTIONS([$1])dnl dnl Diagnose old-style AC_INIT with new-style AM_AUTOMAKE_INIT. m4_if( m4_ifdef([AC_PACKAGE_NAME], [ok]):m4_ifdef([AC_PACKAGE_VERSION], [ok]), [ok:ok],, [m4_fatal([AC_INIT should be called with package and version arguments])])dnl AC_SUBST([PACKAGE], ['AC_PACKAGE_TARNAME'])dnl AC_SUBST([VERSION], ['AC_PACKAGE_VERSION'])])dnl _AM_IF_OPTION([no-define],, [AC_DEFINE_UNQUOTED([PACKAGE], ["$PACKAGE"], [Name of package]) AC_DEFINE_UNQUOTED([VERSION], ["$VERSION"], [Version number of package])])dnl # Some tools Automake needs. AC_REQUIRE([AM_SANITY_CHECK])dnl AC_REQUIRE([AC_ARG_PROGRAM])dnl AM_MISSING_PROG([ACLOCAL], [aclocal-${am__api_version}]) AM_MISSING_PROG([AUTOCONF], [autoconf]) AM_MISSING_PROG([AUTOMAKE], [automake-${am__api_version}]) AM_MISSING_PROG([AUTOHEADER], [autoheader]) AM_MISSING_PROG([MAKEINFO], [makeinfo]) AC_REQUIRE([AM_PROG_INSTALL_SH])dnl AC_REQUIRE([AM_PROG_INSTALL_STRIP])dnl AC_REQUIRE([AC_PROG_MKDIR_P])dnl # For better backward compatibility. To be removed once Automake 1.9.x # dies out for good. For more background, see: # # AC_SUBST([mkdir_p], ['$(MKDIR_P)']) # We need awk for the "check" target. The system "awk" is bad on # some platforms. AC_REQUIRE([AC_PROG_AWK])dnl AC_REQUIRE([AC_PROG_MAKE_SET])dnl AC_REQUIRE([AM_SET_LEADING_DOT])dnl _AM_IF_OPTION([tar-ustar], [_AM_PROG_TAR([ustar])], [_AM_IF_OPTION([tar-pax], [_AM_PROG_TAR([pax])], [_AM_PROG_TAR([v7])])]) _AM_IF_OPTION([no-dependencies],, [AC_PROVIDE_IFELSE([AC_PROG_CC], [_AM_DEPENDENCIES([CC])], [m4_define([AC_PROG_CC], m4_defn([AC_PROG_CC])[_AM_DEPENDENCIES([CC])])])dnl AC_PROVIDE_IFELSE([AC_PROG_CXX], [_AM_DEPENDENCIES([CXX])], [m4_define([AC_PROG_CXX], m4_defn([AC_PROG_CXX])[_AM_DEPENDENCIES([CXX])])])dnl AC_PROVIDE_IFELSE([AC_PROG_OBJC], [_AM_DEPENDENCIES([OBJC])], [m4_define([AC_PROG_OBJC], m4_defn([AC_PROG_OBJC])[_AM_DEPENDENCIES([OBJC])])])dnl AC_PROVIDE_IFELSE([AC_PROG_OBJCXX], [_AM_DEPENDENCIES([OBJCXX])], [m4_define([AC_PROG_OBJCXX], m4_defn([AC_PROG_OBJCXX])[_AM_DEPENDENCIES([OBJCXX])])])dnl ]) AC_REQUIRE([AM_SILENT_RULES])dnl dnl The testsuite driver may need to know about EXEEXT, so add the dnl 'am__EXEEXT' conditional if _AM_COMPILER_EXEEXT was seen. This dnl macro is hooked onto _AC_COMPILER_EXEEXT early, see below. AC_CONFIG_COMMANDS_PRE(dnl [m4_provide_if([_AM_COMPILER_EXEEXT], [AM_CONDITIONAL([am__EXEEXT], [test -n "$EXEEXT"])])])dnl ]) dnl Hook into '_AC_COMPILER_EXEEXT' early to learn its expansion. Do not dnl add the conditional right here, as _AC_COMPILER_EXEEXT may be further dnl mangled by Autoconf and run in a shell conditional statement. m4_define([_AC_COMPILER_EXEEXT], m4_defn([_AC_COMPILER_EXEEXT])[m4_provide([_AM_COMPILER_EXEEXT])]) # When config.status generates a header, we must update the stamp-h file. # This file resides in the same directory as the config header # that is generated. The stamp files are numbered to have different names. # Autoconf calls _AC_AM_CONFIG_HEADER_HOOK (when defined) in the # loop where config.status creates the headers, so we can generate # our stamp files there. AC_DEFUN([_AC_AM_CONFIG_HEADER_HOOK], [# Compute $1's index in $config_headers. _am_arg=$1 _am_stamp_count=1 for _am_header in $config_headers :; do case $_am_header in $_am_arg | $_am_arg:* ) break ;; * ) _am_stamp_count=`expr $_am_stamp_count + 1` ;; esac done echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count]) # Copyright (C) 2001-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # AM_PROG_INSTALL_SH # ------------------ # Define $install_sh. AC_DEFUN([AM_PROG_INSTALL_SH], [AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl if test x"${install_sh}" != xset; then case $am_aux_dir in *\ * | *\ *) install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;; *) install_sh="\${SHELL} $am_aux_dir/install-sh" esac fi AC_SUBST([install_sh])]) # Copyright (C) 2003-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # Check whether the underlying file-system supports filenames # with a leading dot. For instance MS-DOS doesn't. AC_DEFUN([AM_SET_LEADING_DOT], [rm -rf .tst 2>/dev/null mkdir .tst 2>/dev/null if test -d .tst; then am__leading_dot=. else am__leading_dot=_ fi rmdir .tst 2>/dev/null AC_SUBST([am__leading_dot])]) # Check to see how 'make' treats includes. -*- Autoconf -*- # Copyright (C) 2001-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # AM_MAKE_INCLUDE() # ----------------- # Check to see how make treats includes. AC_DEFUN([AM_MAKE_INCLUDE], [am_make=${MAKE-make} cat > confinc << 'END' am__doit: @echo this is the am__doit target .PHONY: am__doit END # If we don't find an include directive, just comment out the code. AC_MSG_CHECKING([for style of include used by $am_make]) am__include="#" am__quote= _am_result=none # First try GNU make style include. echo "include confinc" > confmf # Ignore all kinds of additional output from 'make'. case `$am_make -s -f confmf 2> /dev/null` in #( *the\ am__doit\ target*) am__include=include am__quote= _am_result=GNU ;; esac # Now try BSD make style include. if test "$am__include" = "#"; then echo '.include "confinc"' > confmf case `$am_make -s -f confmf 2> /dev/null` in #( *the\ am__doit\ target*) am__include=.include am__quote="\"" _am_result=BSD ;; esac fi AC_SUBST([am__include]) AC_SUBST([am__quote]) AC_MSG_RESULT([$_am_result]) rm -f confinc confmf ]) # Fake the existence of programs that GNU maintainers use. -*- Autoconf -*- # Copyright (C) 1997-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # AM_MISSING_PROG(NAME, PROGRAM) # ------------------------------ AC_DEFUN([AM_MISSING_PROG], [AC_REQUIRE([AM_MISSING_HAS_RUN]) $1=${$1-"${am_missing_run}$2"} AC_SUBST($1)]) # AM_MISSING_HAS_RUN # ------------------ # Define MISSING if not defined so far and test if it is modern enough. # If it is, set am_missing_run to use it, otherwise, to nothing. AC_DEFUN([AM_MISSING_HAS_RUN], [AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl AC_REQUIRE_AUX_FILE([missing])dnl if test x"${MISSING+set}" != xset; then case $am_aux_dir in *\ * | *\ *) MISSING="\${SHELL} \"$am_aux_dir/missing\"" ;; *) MISSING="\${SHELL} $am_aux_dir/missing" ;; esac fi # Use eval to expand $SHELL if eval "$MISSING --is-lightweight"; then am_missing_run="$MISSING " else am_missing_run= AC_MSG_WARN(['missing' script is too old or missing]) fi ]) # Helper functions for option handling. -*- Autoconf -*- # Copyright (C) 2001-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # _AM_MANGLE_OPTION(NAME) # ----------------------- AC_DEFUN([_AM_MANGLE_OPTION], [[_AM_OPTION_]m4_bpatsubst($1, [[^a-zA-Z0-9_]], [_])]) # _AM_SET_OPTION(NAME) # -------------------- # Set option NAME. Presently that only means defining a flag for this option. AC_DEFUN([_AM_SET_OPTION], [m4_define(_AM_MANGLE_OPTION([$1]), [1])]) # _AM_SET_OPTIONS(OPTIONS) # ------------------------ # OPTIONS is a space-separated list of Automake options. AC_DEFUN([_AM_SET_OPTIONS], [m4_foreach_w([_AM_Option], [$1], [_AM_SET_OPTION(_AM_Option)])]) # _AM_IF_OPTION(OPTION, IF-SET, [IF-NOT-SET]) # ------------------------------------------- # Execute IF-SET if OPTION is set, IF-NOT-SET otherwise. AC_DEFUN([_AM_IF_OPTION], [m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])]) # Check to make sure that the build environment is sane. -*- Autoconf -*- # Copyright (C) 1996-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # AM_SANITY_CHECK # --------------- AC_DEFUN([AM_SANITY_CHECK], [AC_MSG_CHECKING([whether build environment is sane]) # Reject unsafe characters in $srcdir or the absolute working directory # name. Accept space and tab only in the latter. am_lf=' ' case `pwd` in *[[\\\"\#\$\&\'\`$am_lf]]*) AC_MSG_ERROR([unsafe absolute working directory name]);; esac case $srcdir in *[[\\\"\#\$\&\'\`$am_lf\ \ ]]*) AC_MSG_ERROR([unsafe srcdir value: '$srcdir']);; esac # Do 'set' in a subshell so we don't clobber the current shell's # arguments. Must try -L first in case configure is actually a # symlink; some systems play weird games with the mod time of symlinks # (eg FreeBSD returns the mod time of the symlink's containing # directory). if ( am_has_slept=no for am_try in 1 2; do echo "timestamp, slept: $am_has_slept" > conftest.file set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null` if test "$[*]" = "X"; then # -L didn't work. set X `ls -t "$srcdir/configure" conftest.file` fi if test "$[*]" != "X $srcdir/configure conftest.file" \ && test "$[*]" != "X conftest.file $srcdir/configure"; then # If neither matched, then we have a broken ls. This can happen # if, for instance, CONFIG_SHELL is bash and it inherits a # broken ls alias from the environment. This has actually # happened. Such a system could not be considered "sane". AC_MSG_ERROR([ls -t appears to fail. Make sure there is not a broken alias in your environment]) fi if test "$[2]" = conftest.file || test $am_try -eq 2; then break fi # Just in case. sleep 1 am_has_slept=yes done test "$[2]" = conftest.file ) then # Ok. : else AC_MSG_ERROR([newly created file is older than distributed files! Check your system clock]) fi AC_MSG_RESULT([yes]) # If we didn't sleep, we still need to ensure time stamps of config.status and # generated files are strictly newer. am_sleep_pid= if grep 'slept: no' conftest.file >/dev/null 2>&1; then ( sleep 1 ) & am_sleep_pid=$! fi AC_CONFIG_COMMANDS_PRE( [AC_MSG_CHECKING([that generated files are newer than configure]) if test -n "$am_sleep_pid"; then # Hide warnings about reused PIDs. wait $am_sleep_pid 2>/dev/null fi AC_MSG_RESULT([done])]) rm -f conftest.file ]) # Copyright (C) 2009-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # AM_SILENT_RULES([DEFAULT]) # -------------------------- # Enable less verbose build rules; with the default set to DEFAULT # ("yes" being less verbose, "no" or empty being verbose). AC_DEFUN([AM_SILENT_RULES], [AC_ARG_ENABLE([silent-rules], [dnl AS_HELP_STRING( [--enable-silent-rules], [less verbose build output (undo: "make V=1")]) AS_HELP_STRING( [--disable-silent-rules], [verbose build output (undo: "make V=0")])dnl ]) case $enable_silent_rules in @%:@ ((( yes) AM_DEFAULT_VERBOSITY=0;; no) AM_DEFAULT_VERBOSITY=1;; *) AM_DEFAULT_VERBOSITY=m4_if([$1], [yes], [0], [1]);; esac dnl dnl A few 'make' implementations (e.g., NonStop OS and NextStep) dnl do not support nested variable expansions. dnl See automake bug#9928 and bug#10237. am_make=${MAKE-make} AC_CACHE_CHECK([whether $am_make supports nested variables], [am_cv_make_support_nested_variables], [if AS_ECHO([['TRUE=$(BAR$(V)) BAR0=false BAR1=true V=1 am__doit: @$(TRUE) .PHONY: am__doit']]) | $am_make -f - >/dev/null 2>&1; then am_cv_make_support_nested_variables=yes else am_cv_make_support_nested_variables=no fi]) if test $am_cv_make_support_nested_variables = yes; then dnl Using '$V' instead of '$(V)' breaks IRIX make. AM_V='$(V)' AM_DEFAULT_V='$(AM_DEFAULT_VERBOSITY)' else AM_V=$AM_DEFAULT_VERBOSITY AM_DEFAULT_V=$AM_DEFAULT_VERBOSITY fi AC_SUBST([AM_V])dnl AM_SUBST_NOTMAKE([AM_V])dnl AC_SUBST([AM_DEFAULT_V])dnl AM_SUBST_NOTMAKE([AM_DEFAULT_V])dnl AC_SUBST([AM_DEFAULT_VERBOSITY])dnl AM_BACKSLASH='\' AC_SUBST([AM_BACKSLASH])dnl _AM_SUBST_NOTMAKE([AM_BACKSLASH])dnl ]) # Copyright (C) 2001-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # AM_PROG_INSTALL_STRIP # --------------------- # One issue with vendor 'install' (even GNU) is that you can't # specify the program used to strip binaries. This is especially # annoying in cross-compiling environments, where the build's strip # is unlikely to handle the host's binaries. # Fortunately install-sh will honor a STRIPPROG variable, so we # always use install-sh in "make install-strip", and initialize # STRIPPROG with the value of the STRIP variable (set by the user). AC_DEFUN([AM_PROG_INSTALL_STRIP], [AC_REQUIRE([AM_PROG_INSTALL_SH])dnl # Installed binaries are usually stripped using 'strip' when the user # run "make install-strip". However 'strip' might not be the right # tool to use in cross-compilation environments, therefore Automake # will honor the 'STRIP' environment variable to overrule this program. dnl Don't test for $cross_compiling = yes, because it might be 'maybe'. if test "$cross_compiling" != no; then AC_CHECK_TOOL([STRIP], [strip], :) fi INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s" AC_SUBST([INSTALL_STRIP_PROGRAM])]) # Copyright (C) 2006-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # _AM_SUBST_NOTMAKE(VARIABLE) # --------------------------- # Prevent Automake from outputting VARIABLE = @VARIABLE@ in Makefile.in. # This macro is traced by Automake. AC_DEFUN([_AM_SUBST_NOTMAKE]) # AM_SUBST_NOTMAKE(VARIABLE) # -------------------------- # Public sister of _AM_SUBST_NOTMAKE. AC_DEFUN([AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE($@)]) # Check how to create a tarball. -*- Autoconf -*- # Copyright (C) 2004-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # _AM_PROG_TAR(FORMAT) # -------------------- # Check how to create a tarball in format FORMAT. # FORMAT should be one of 'v7', 'ustar', or 'pax'. # # Substitute a variable $(am__tar) that is a command # writing to stdout a FORMAT-tarball containing the directory # $tardir. # tardir=directory && $(am__tar) > result.tar # # Substitute a variable $(am__untar) that extract such # a tarball read from stdin. # $(am__untar) < result.tar # AC_DEFUN([_AM_PROG_TAR], [# Always define AMTAR for backward compatibility. Yes, it's still used # in the wild :-( We should find a proper way to deprecate it ... AC_SUBST([AMTAR], ['$${TAR-tar}']) # We'll loop over all known methods to create a tar archive until one works. _am_tools='gnutar m4_if([$1], [ustar], [plaintar]) pax cpio none' m4_if([$1], [v7], [am__tar='$${TAR-tar} chof - "$$tardir"' am__untar='$${TAR-tar} xf -'], [m4_case([$1], [ustar], [# The POSIX 1988 'ustar' format is defined with fixed-size fields. # There is notably a 21 bits limit for the UID and the GID. In fact, # the 'pax' utility can hang on bigger UID/GID (see automake bug#8343 # and bug#13588). am_max_uid=2097151 # 2^21 - 1 am_max_gid=$am_max_uid # The $UID and $GID variables are not portable, so we need to resort # to the POSIX-mandated id(1) utility. Errors in the 'id' calls # below are definitely unexpected, so allow the users to see them # (that is, avoid stderr redirection). am_uid=`id -u || echo unknown` am_gid=`id -g || echo unknown` AC_MSG_CHECKING([whether UID '$am_uid' is supported by ustar format]) if test $am_uid -le $am_max_uid; then AC_MSG_RESULT([yes]) else AC_MSG_RESULT([no]) _am_tools=none fi AC_MSG_CHECKING([whether GID '$am_gid' is supported by ustar format]) if test $am_gid -le $am_max_gid; then AC_MSG_RESULT([yes]) else AC_MSG_RESULT([no]) _am_tools=none fi], [pax], [], [m4_fatal([Unknown tar format])]) AC_MSG_CHECKING([how to create a $1 tar archive]) # Go ahead even if we have the value already cached. We do so because we # need to set the values for the 'am__tar' and 'am__untar' variables. _am_tools=${am_cv_prog_tar_$1-$_am_tools} for _am_tool in $_am_tools; do case $_am_tool in gnutar) for _am_tar in tar gnutar gtar; do AM_RUN_LOG([$_am_tar --version]) && break done am__tar="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$$tardir"' am__tar_="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$tardir"' am__untar="$_am_tar -xf -" ;; plaintar) # Must skip GNU tar: if it does not support --format= it doesn't create # ustar tarball either. (tar --version) >/dev/null 2>&1 && continue am__tar='tar chf - "$$tardir"' am__tar_='tar chf - "$tardir"' am__untar='tar xf -' ;; pax) am__tar='pax -L -x $1 -w "$$tardir"' am__tar_='pax -L -x $1 -w "$tardir"' am__untar='pax -r' ;; cpio) am__tar='find "$$tardir" -print | cpio -o -H $1 -L' am__tar_='find "$tardir" -print | cpio -o -H $1 -L' am__untar='cpio -i -H $1 -d' ;; none) am__tar=false am__tar_=false am__untar=false ;; esac # If the value was cached, stop now. We just wanted to have am__tar # and am__untar set. test -n "${am_cv_prog_tar_$1}" && break # tar/untar a dummy directory, and stop if the command works. rm -rf conftest.dir mkdir conftest.dir echo GrepMe > conftest.dir/file AM_RUN_LOG([tardir=conftest.dir && eval $am__tar_ >conftest.tar]) rm -rf conftest.dir if test -s conftest.tar; then AM_RUN_LOG([$am__untar /dev/null 2>&1 && break fi done rm -rf conftest.dir AC_CACHE_VAL([am_cv_prog_tar_$1], [am_cv_prog_tar_$1=$_am_tool]) AC_MSG_RESULT([$am_cv_prog_tar_$1])]) AC_SUBST([am__tar]) AC_SUBST([am__untar]) ]) # _AM_PROG_TAR m4_include([m4/libtool.m4]) m4_include([m4/ltoptions.m4]) m4_include([m4/ltsugar.m4]) m4_include([m4/ltversion.m4]) m4_include([m4/lt~obsolete.m4]) myproxy-6.2.16/myproxy-test-wrapper0000755000175100017510000000006514557142036014400 00000000000000#! /bin/sh myproxy-test -startserver -generatecerts myproxy-6.2.16/myproxy_read_pass.c0000644000175100017510000001227314557142036014210 00000000000000/* * myproxy_read_pass.c * * See myproxy_read_pass.h for documentation */ #include "myproxy_common.h" /* all needed headers included here */ /********************************************************************** * * Constants * */ #define PROMPT "Enter MyProxy pass phrase:" /********************************************************************** * * Internal functions. * */ /* * read_passphrase() * * Turn off echo and read a pass phrase straight from the tty into * buffer which has a length of buffer_len. * * Prompt with prompt, if non-null. * * If verify is non-zero, verify the pass phrase by having the user * enter it twice. * * Return the number of characters read or -1 on error. */ static int read_passphrase(char *buffer, const int buffer_len, const char *prompt, int verify) { int return_code; char *verify_buffer = NULL; assert(buffer != NULL); if (verify != 0) { /* * We need to give des_read_pw() a buffer to hold the verify * passphrase in. */ verify_buffer = malloc(buffer_len); if (verify_buffer == NULL) { return -1; } } return_code = UI_UTIL_read_pw(buffer, verify_buffer, buffer_len, prompt, verify); if (return_code == 0) { /* Success */ return_code = strlen(buffer); if (return_code < MIN_PASS_PHRASE_LEN && return_code != 0) { verror_put_string("Passphrase must be at least %d characters long.", MIN_PASS_PHRASE_LEN); return_code = -1; } } else { return_code = -1; verror_put_string("Error entering passphrase."); } if (verify_buffer != NULL) { free(verify_buffer); } return return_code; } static int read_passphrase_stdin(char *buffer, const int buffer_len, const char *prompt, int verify) { int i; setvbuf(stdin, (char *)NULL, _IONBF, 0); if (!(fgets(buffer, buffer_len, stdin))) { verror_put_string("Error reading passphrase"); return -1; } i = strlen(buffer)-1; if (buffer[i] == '\n') { buffer[i] = '\0'; } if (i < MIN_PASS_PHRASE_LEN && i != 0) { verror_put_string("Passphrase must be at least %d characters long.", MIN_PASS_PHRASE_LEN); return -1; } return i; } /********************************************************************** * * API functions * */ int myproxy_read_passphrase(char *buffer, int buffer_len, const char *prompt) { return read_passphrase(buffer, buffer_len, prompt ? prompt : PROMPT, 0 /* No verify */); } int myproxy_read_verified_passphrase(char *buffer, int buffer_len, const char *prompt) { return read_passphrase(buffer, buffer_len, prompt ? prompt : PROMPT, 1 /* Verify */); } int myproxy_read_passphrase_stdin(char *buffer, int buffer_len, const char *prompt) { return read_passphrase_stdin(buffer, buffer_len, prompt ? prompt : PROMPT, 0 /* No verify */); } /* * Check for good passphrases: * 1. Make sure the passphrase is at least MIN_PASS_PHRASE_LEN long. * 2. Optionally run an external passphrase policy program. * * Returns 0 if passphrase is accepted and -1 otherwise. */ int myproxy_check_passphrase_policy(const char *passphrase, const char *passphrase_policy_pgm, const char *username, const char *credname, const char *retrievers, const char *renewers, const char *client_name) { pid_t childpid; int fds[3]; size_t passphrase_len = 0; int exit_status; if (passphrase) { passphrase_len = strlen(passphrase); } /* Zero length passphrase is allowed, for authentication methods that don't use a passphrase, like credential renewal or Kerberos. */ if (passphrase_len != 0 && passphrase_len < MIN_PASS_PHRASE_LEN) { verror_put_string("Pass phrase too short. " "Must be at least %d characters long.", MIN_PASS_PHRASE_LEN); return -1; } if (!passphrase_policy_pgm) return 0; myproxy_debug("Running passphrase policy program: %s", passphrase_policy_pgm); if ((childpid = myproxy_popen(fds, passphrase_policy_pgm, username, client_name, (credname) ? credname : "", (retrievers) ? retrievers : "", (renewers) ? renewers : "", NULL)) < 0) { return -1; /* myproxy_popen will set verror */ } /* send passphrase to child's stdin */ if (passphrase_len) { write(fds[0], passphrase, passphrase_len); } write(fds[0], "\n", 1); close(fds[0]); /* wait for child */ if (waitpid(childpid, &exit_status, 0) == -1) { verror_put_string("wait() failed for passphrase policy child"); verror_put_errno(errno); return -1; } if (exit_status != 0) { /* passphrase not allowed */ FILE *fp = NULL; char buf[100]; verror_put_string("Pass phrase violates local policy."); fp = fdopen(fds[1], "r"); if (fp) { while (fgets(buf, 100, fp) != NULL) { verror_put_string("%s", buf); } fclose(fp); } else { close(fds[1]); } fp = fdopen(fds[2], "r"); if (fp) { while (fgets(buf, 100, fp) != NULL) { verror_put_string("%s", buf); } fclose(fp); } else { close(fds[2]); } return -1; } close(fds[1]); close(fds[2]); return 0; } myproxy-6.2.16/vparse.c0000644000175100017510000001241514557142036011736 00000000000000/* * vparse.c * * See vparse.h for documentation. */ #include "myproxy_common.h" /* all needed headers included here */ /********************************************************************** * * Definitions * */ #define NUL '\0' /********************************************************************** * * Internal functions * */ /* * free_tokens() * * Free all memory held by a list of tokens. */ static void free_tokens(char **tokens) { char **ptokens = tokens; if (tokens == NULL) { return; } while(*ptokens != NULL) { free(*ptokens); ptokens++; } free(tokens); } /* * add_token() * * Add a token to a list of tokens, re-allocating as needed. */ static char ** add_token(char **tokens, const char *token) { int current_length = 0; char **new_tokens; char *my_token; int new_size; assert(token != NULL); my_token = strdup(token); if (my_token == NULL) { return NULL; } if (tokens != NULL) { while (tokens[current_length] != NULL) { current_length++; } } /* Add enough for new pointer and NULL */ new_size = sizeof(char *) * (current_length + 2); new_tokens = realloc(tokens, new_size); if (new_tokens == NULL) { free_tokens(tokens); return NULL; } new_tokens[current_length] = my_token; new_tokens[current_length + 1] = NULL; return new_tokens; } /* * tokenize_line() * * Given a line and options return an allocated list of tokens. * Currently mangles line. */ static char ** tokenize_line(char *line, const struct vparse_options *options) { char **tokens = NULL; char *pline = line; assert(line != NULL); assert(options != NULL); tokens = malloc(sizeof(char *)); if (tokens == NULL) { goto error; } tokens[0] = NULL; while (pline && (*pline != NUL)) { char *token_start; char *token_end; /* Skip over leading whitespace */ pline += strspn(pline, options->whitespace_chars); /* * Are we at the end of the line or looking at the start * of a comment? */ if ((*pline == NUL) || (strchr(options->comment_chars, *pline) != NULL)) { /* Yes, we're done */ break; } /* Is this token quoted? */ if (strchr(options->quoting_chars, *pline) != NULL) { char closing_char = *pline; /* Yes, skip over opening quote and look for closing quote */ pline++; token_start = pline; /* Find unescaped closing character */ token_end = strchr(pline, closing_char); while (token_end && strchr(options->escaping_chars, *(token_end - 1)) != NULL) { if (++token_end) { token_end = strchr(token_end, closing_char); } } } else { /* No, just find next white space */ token_start = pline; token_end = token_start + strcspn(token_start, options->whitespace_chars); } /* * At this point token_start points to the start of the token, * token_end points at the character one past the end of the * token or NULL if the token had a unclosed quote. pline == * token_start. */ /* * Set processing point to just past end of token or set to * NULL if we're done. */ if ((token_end == NULL) || (*token_end == NUL)) { pline = NULL; } else { pline = token_end + 1; } /* Terminate token and add to line */ if (token_end != NULL) { *token_end = NUL; } tokens = add_token(tokens, token_start); if (tokens == NULL) { goto error; } } error: return tokens; } /********************************************************************** * * API functions * */ int vparse_stream(FILE *stream, const struct vparse_options *user_options, int (*line_parse)(void *arg, int line_number, const char **tokens), void *line_parse_arg) { struct vparse_options options; char buffer[1024]; int line_number = 0; int return_code = -1; if ((stream == NULL) || (line_parse == NULL)) { errno = EINVAL; return -1; } /* Parse options */ options.whitespace_chars = (user_options && user_options->whitespace_chars) ? user_options->whitespace_chars : VPARSE_DEFAULT_WHITESPACE_CHARS; options.quoting_chars = (user_options && user_options->quoting_chars) ? user_options->quoting_chars : VPARSE_DEFAULT_QUOTING_CHARS; options.escaping_chars = (user_options && user_options->escaping_chars) ? user_options->escaping_chars : VPARSE_DEFAULT_ESCAPING_CHARS; options.comment_chars = (user_options && user_options->comment_chars) ? user_options->comment_chars : VPARSE_DEFAULT_COMMENT_CHARS; while (fgets(buffer, sizeof(buffer), stream) != NULL) { char **tokens; int rc; line_number++; tokens = tokenize_line(buffer, &options); if (tokens == NULL) { /* Probably a malloc() error - punt */ return -1; } rc = (*line_parse)(line_parse_arg, line_number, /* I don't understand why this typecase is needed */ (const char **) tokens); if (rc == -1) { break; } free_tokens(tokens); } if (!feof(stream)) { /* Some sort of error */ goto error; } /* Success */ return_code = 0; error: return return_code; } myproxy-6.2.16/myproxy-certificate-mapapp0000755000175100017510000000027514557142036015504 00000000000000#!/bin/sh username=$1 if [ X"$username" = X ]; then # no username given exit 1 fi # DN must match the signing policy for your CA. echo "/O=Grid/OU=MyProxy CA/CN=${username}" exit 0 myproxy-6.2.16/LICENSE.pidfile0000644000175100017510000000254614557142036012716 00000000000000/*- * Copyright (c) 2005 Pawel Jakub Dawidek * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ myproxy-6.2.16/myproxy_cp.c0000644000175100017510000002106314557142036012646 00000000000000/* * myproxy-cp * * Webserver program to change credential password stored on myproxy server */ #include "myproxy_common.h" /* all needed headers included here */ static char usage[] = \ "\n" "Syntax: myproxy-change-pass-phrase [-l username] [-k credname] ... \n" " myproxy-change-pass-phrase [-usage|-help] [-version]\n" "\n" " Options\n" " -h | --help Displays usage\n" " -u | --usage \n" " \n" " -v | --verbose Display debugging messages\n" " -V | --version Displays version\n" " -l | --username Username for the target proxy\n" " -s | --pshost Hostname of the myproxy-server\n" " -p | --psport Port of the myproxy-server\n" " -d | --dn_as_username Use the proxy certificate subject\n" " (DN) as the default username,\n" " instead of the LOGNAME env. var.\n" " -k | --credname Specify credential name\n" " -S | --stdin_pass Read pass phrase from stdin\n" "\n"; struct option long_options[] = { {"help", no_argument, NULL, 'h'}, {"pshost", required_argument, NULL, 's'}, {"psport", required_argument, NULL, 'p'}, {"usage", no_argument, NULL, 'u'}, {"username", required_argument, NULL, 'l'}, {"verbose", no_argument, NULL, 'v'}, {"version", no_argument, NULL, 'V'}, {"dn_as_username", no_argument, NULL, 'd'}, {"credname", required_argument, NULL, 'k'}, {"stdin_pass", no_argument, NULL, 'S'}, {0, 0, 0, 0} }; static char short_options[] = "hus:p:l:vVdk:S"; static char version[] = "myproxy-change-pass-phrase version " MYPROXY_VERSION " (" MYPROXY_VERSION_DATE ") " "\n"; void init_arguments(int argc, char *argv[], myproxy_socket_attrs_t *attrs, myproxy_request_t *request); /* * Use setvbuf() instead of setlinebuf() since cygwin doesn't support * setlinebuf(). */ #define my_setlinebuf(stream) setvbuf((stream), (char *) NULL, _IOLBF, 0) static int dn_as_username = 0; static int read_passwd_from_stdin = 0; int main(int argc, char *argv[]) { char *pshost; int requestlen, rval; char *request_buffer = NULL; myproxy_socket_attrs_t *socket_attrs; myproxy_request_t *client_request; myproxy_response_t *server_response; int return_value = 1; /* check library version */ if (myproxy_check_version()) { fprintf(stderr, "MyProxy library version mismatch.\n" "Expecting %s. Found %s.\n", MYPROXY_VERSION_DATE, myproxy_version(0,0,0)); exit(1); } myproxy_log_use_stream (stderr); my_setlinebuf(stdout); my_setlinebuf(stderr); socket_attrs = malloc(sizeof(*socket_attrs)); memset(socket_attrs, 0, sizeof(*socket_attrs)); client_request = malloc(sizeof(*client_request)); memset(client_request, 0, sizeof(*client_request)); server_response = malloc(sizeof(*server_response)); memset(server_response, 0, sizeof(*server_response)); client_request->version = malloc(strlen(MYPROXY_VERSION) +1); strcpy (client_request->version, MYPROXY_VERSION); client_request->command_type = MYPROXY_CHANGE_CRED_PASSPHRASE; pshost = getenv ("MYPROXY_SERVER"); if (pshost != NULL) { socket_attrs->pshost = strdup(pshost); } client_request->proxy_lifetime = 0; if (getenv("MYPROXY_SERVER_PORT")) { socket_attrs->psport = atoi(getenv("MYPROXY_SERVER_PORT")); } else { socket_attrs->psport = MYPROXY_SERVER_PORT; } /* Initialize client arguments and create client request object */ init_arguments(argc, argv, socket_attrs, client_request); /* Set up client socket attributes */ if (myproxy_init_client(socket_attrs) < 0) { verror_print_error(stderr); goto cleanup; } /*Accept credential passphrase*/ if (read_passwd_from_stdin) { rval = myproxy_read_passphrase_stdin(client_request->passphrase, sizeof(client_request->passphrase), "Enter (current) MyProxy pass phrase:"); } else { rval = myproxy_read_passphrase(client_request->passphrase, sizeof(client_request->passphrase), "Enter (current) MyProxy pass phrase:"); } if (rval == -1) { verror_print_error(stderr); goto cleanup; } /* Accept new passphrase */ if (read_passwd_from_stdin) { rval = myproxy_read_passphrase_stdin(client_request->new_passphrase, sizeof(client_request->new_passphrase), "Enter new MyProxy pass phrase:"); } else { rval = myproxy_read_verified_passphrase(client_request->new_passphrase, sizeof(client_request->new_passphrase), "Enter new MyProxy pass phrase:"); } if (rval == -1) { verror_print_error(stderr); goto cleanup; } /* Authenticate client to server */ if (myproxy_authenticate_init(socket_attrs, NULL /* Default proxy */) < 0) { verror_print_error(stderr); goto cleanup; } if (client_request->username == NULL) { /* set default username */ if (dn_as_username) { if (ssl_get_base_subject_file(NULL, &client_request->username)) { fprintf(stderr, "Cannot get subject name from your certificate\n"); goto cleanup; } } else { char *username = NULL; if (!(username = getenv("LOGNAME"))) { fprintf(stderr, "Please specify a username.\n"); goto cleanup; } client_request->username = strdup(username); } } /*Serialize client request object */ requestlen = myproxy_serialize_request_ex(client_request, &request_buffer); if (requestlen < 0) { verror_print_error(stderr); exit(1); } /* Send request to myproxy-server*/ if (myproxy_send(socket_attrs, request_buffer, requestlen) < 0) { verror_print_error(stderr); goto cleanup; } free(request_buffer); request_buffer = NULL; /* Receive response from server */ if (myproxy_recv_response_ex(socket_attrs, server_response, client_request) != 0) { verror_print_error(stderr); exit (1); } /*Check response */ switch (server_response->response_type) { case MYPROXY_ERROR_RESPONSE: fprintf (stderr, "Error: %s\nPass phrase unchanged.\n", server_response->error_string); goto cleanup; case MYPROXY_OK_RESPONSE: printf("Pass phrase changed.\n"); break; default: fprintf (stderr, "Invalid response type received.\n"); goto cleanup; } verror_clear(); return_value = 0; cleanup: /* free memory allocated */ myproxy_free(socket_attrs, client_request, server_response); return return_value; } void init_arguments(int argc, char *argv[], myproxy_socket_attrs_t *attrs, myproxy_request_t *request) { extern char *optarg; int arg; while((arg = getopt_long(argc, argv, short_options, long_options, NULL)) != EOF) { switch(arg) { case 'h': /* print help and exit */ case 'u': /* print usage and exit*/ printf("%s", usage); exit(0); break; case 'v': myproxy_debug_set_level(1); break; case 'V': /* print version and exit */ printf("%s", version); exit(0); break; case 'l': /* username */ request->username = strdup(optarg); break; case 's': /* pshost name */ attrs->pshost = strdup(optarg); break; case 'p': /* psport */ attrs->psport = atoi(optarg); break; case 'k': /* credential name */ request->credname = strdup (optarg); break; case 'd': /* use the certificate subject (DN) as the default username instead of LOGNAME */ dn_as_username = 1; break; case 'S': read_passwd_from_stdin = 1; break; default: /* print usage and exit */ fprintf(stderr, "%s", usage); exit(1); break; } } if (optind != argc) { fprintf(stderr, "%s: invalid option -- %s\n", argv[0], argv[optind]); fprintf(stderr, "%s", usage); exit(1); } /* Check to see if myproxy-server specified */ if (attrs->pshost == NULL) { fprintf(stderr, "Unspecified myproxy-server. Please set the MYPROXY_SERVER environment variable\nor set the myproxy-server hostname via the -s flag.\n"); exit(1); } return; } myproxy-6.2.16/voms_utils.c0000644000175100017510000002344414557142036012646 00000000000000 #include "voms_utils.h" #define DEFAULT_CAPACITY (10) #define LINE_BUFF_SIZE (1024) #define TOKEN_SIZE (512) #define ACSEQ_OID "1.3.6.1.4.1.8005.100.100.5" /* * Internal Structures */ /* * array of string */ typedef struct { size_t size; size_t capacity; char ** elements; } voms_string_array; /* * Internal Functions */ static voms_string_array * voms_string_array_new() { voms_string_array *array = NULL; array = malloc(sizeof(voms_string_array)); if (array == NULL) { return NULL; } array->elements = malloc(sizeof(char *) * DEFAULT_CAPACITY); if (array->elements == NULL) { free(array); return NULL; } array->capacity = DEFAULT_CAPACITY; array->size = 0; return array; } static void voms_string_array_free(voms_string_array *array) { int i; if (array == NULL) return; for (i = 0; i < array->size; i++) { free(array->elements[i]); } free(array->elements); free(array); } static int voms_string_array_ensure_capacity(voms_string_array *array, size_t expect_capacity) { size_t new_capacity; size_t current_capacity; char **new_elements = NULL; assert(array != NULL); current_capacity = array->capacity; if (expect_capacity < current_capacity) { return 0; } new_capacity = current_capacity + DEFAULT_CAPACITY; new_elements = realloc(array->elements, sizeof(char *) * new_capacity); if (new_elements == NULL) { return -1; } if (new_elements != array->elements) { array->elements = new_elements; } array->capacity = new_capacity; return 0; } static int voms_string_array_add(voms_string_array *array, const char * str) { char * element = NULL; assert(array != NULL); assert(str != NULL); if (voms_string_array_ensure_capacity(array, array->size + 1) < 0) { return -1; } element = strdup(str); if (element == NULL) { return -1; } array->elements[array->size++] = element; return 0; } static char * voms_string_array_join(voms_string_array *array, const char *delim) { int i = 0; char * result = NULL; size_t result_size = 0; size_t delim_size = 0; assert(array != NULL); assert(delim != NULL); if (array->size == 0) { return NULL; } else if (array->size == 1) { return strdup(array->elements[0]); } delim_size = strlen(delim); result_size = strlen(array->elements[0]); for (i = 1; i < array->size; i++) { result_size += delim_size; result_size += strlen(array->elements[i]); } result_size += 1; result = malloc(sizeof(char) * result_size); if (result == NULL) { return NULL; } strcpy(result, array->elements[0]); for (i = 1; i < array->size; i++) { strcat(result, delim); strcat(result, array->elements[i]); } return result; } static char ** voms_string_array_to_myproxy_array(const voms_string_array *array) { char **result = NULL; int i = 0; result = malloc(sizeof(char *) * (array->size + 1)); if (result == NULL) { return NULL; } for (i = 0; i < array->size; i++) { result[i] = strdup(array->elements[i]); if (result[i] == NULL) { goto cleanup; } } result[array->size] = NULL; return result; cleanup: for ( ; i >= 0; i--) { if (result[i] != NULL) { free(result[i]); } } free(result); return NULL; } static int is_comment_line(const char *line) { if ((line == NULL) || (*line == '\0')) { return 1; } while ( *line ) { if ( ! isspace(*line) ) { if (*line == '#') { return 1; } else { break; } } line++; } return 0; } static int is_empty_line(const char *line) { if (line == NULL) { return 1; } while ( *line ) { if ( ! isspace(*line) ) { return 0; } line++; } return 1; } static char * parse_vomses(const char *line) { int i = 0; int count = 0; int is_quoted = 0; char token[TOKEN_SIZE]; voms_string_array *array = NULL; char * result = NULL; assert(line != NULL); if ((array = voms_string_array_new()) == NULL) { goto error; } for (i = 0; line[i]; i++) { if ((line[i] == '"') && (! is_quoted)) { is_quoted = 1; if (TOKEN_SIZE <= (count+2)) { goto error; } token[count++] = line[i]; token[count] = '\0'; continue; } if (is_quoted) { if (line[i] == '"') { is_quoted = 0; if (TOKEN_SIZE <= (count+2)) { goto error; } token[count++] = line[i]; token[count] = '\0'; if (voms_string_array_add(array, token) < 0) { goto error; } count = 0; continue; } if (TOKEN_SIZE <= (count+2)) { goto error; } token[count++] = line[i]; token[count] = '\0'; } } if ((array->size == 5) || (array->size == 6)) { result = voms_string_array_join(array, " "); } error: if (array != NULL) { voms_string_array_free(array); } return result; } static char * create_filepath(const char *base, const char *name) { size_t base_len; size_t name_len; size_t buff_len; char * buffer; int delimited = 0; assert(base != NULL); assert(name != NULL); base_len = strlen(base); if (base_len == 0) { return strdup(name); } name_len = strlen(name); if ((base_len > 0) && (base[base_len-1] == '/')) { delimited = 1; buff_len = sizeof(char) * (base_len + name_len + 1); } else { buff_len = sizeof(char) * (base_len + name_len + 2); } buffer = malloc(buff_len); if (buffer == NULL) { return NULL; } if (delimited) { snprintf(buffer, buff_len, "%s%s", base, name); } else { snprintf(buffer, buff_len, "%s%s%s", base, "/", name); } return buffer; } static char ** load_vomses_file(const char *filename) { FILE *fp = NULL; char buffer[LINE_BUFF_SIZE]; voms_string_array *array = NULL; char **result = NULL; assert (filename != NULL); if ((array = voms_string_array_new()) == NULL) { goto error; } if ((fp = fopen(filename, "r")) == NULL ) { goto error; } while (fgets(buffer, LINE_BUFF_SIZE, fp) != NULL) { char *vomses = NULL; if (is_comment_line(buffer) || is_empty_line(buffer)) { continue; } if ((vomses = parse_vomses(buffer)) == NULL) { continue; } voms_string_array_add(array, vomses); free(vomses); } result = voms_string_array_to_myproxy_array(array); error: if (fp != NULL) { fclose(fp); } if (array != NULL) { voms_string_array_free(array); } return result; } static int load_vomses(const char *path, voms_string_array *array) { struct stat file_stat; assert(path != NULL); if (stat(path, &file_stat) < 0) { return -1; } if (S_ISREG(file_stat.st_mode)) { int i; char **vomses = NULL; vomses = load_vomses_file(path); if (vomses == NULL) { return -1; } for (i = 0; vomses[i] != NULL; i++) { voms_string_array_add(array, vomses[i]); free(vomses[i]); } free(vomses); } else if (S_ISDIR(file_stat.st_mode)) { DIR *dp = opendir(path); if (dp != NULL) { struct dirent *entry; while ((entry = readdir(dp)) != NULL) { char *name = entry->d_name; if (name && (strcmp(name, ".") != 0) && (strcmp(name, "..") != 0)) { char * filepath = create_filepath(path, name); if (filepath != NULL) { load_vomses(filepath, array); free(filepath); filepath = NULL; } } } closedir(dp); } } return 0; } static X509 * load_X509_from_file(const char *filepath) { FILE *certfile = NULL; X509 *cert = NULL; certfile = fopen(filepath, "r"); if (certfile == NULL) { return NULL; } cert = PEM_read_X509(certfile, NULL, NULL, NULL); fclose(certfile); return cert; } /* * External Function */ char ** get_vomses(const char *path) { voms_string_array *array = NULL; char **result = NULL; assert(path != NULL); array = voms_string_array_new(); if (array == NULL) { return NULL; } load_vomses(path, array); if (array->size > 0) { result = voms_string_array_to_myproxy_array(array); } if (array != NULL) { voms_string_array_free(array); } return result; } int has_voms_extension(const char *certfilepath) { ASN1_OBJECT *acseq_oid = NULL; X509 *cert = NULL; int position = -1; int result = -1; assert (certfilepath != NULL); acseq_oid = OBJ_txt2obj(ACSEQ_OID, 1); if (acseq_oid == NULL) { return result; } cert = load_X509_from_file(certfilepath); if (cert == NULL) { goto error; } position = X509_get_ext_by_OBJ(cert, acseq_oid, -1); if (position >= 0) { result = 1; } else { result = 0; } if (cert != NULL) { X509_free(cert); } error: if (acseq_oid != NULL) { ASN1_OBJECT_free(acseq_oid); } return result; } myproxy-6.2.16/gsi_socket_voms.c0000644000175100017510000001077714557142036013645 00000000000000/* * gsi_socket_voms.c * * See gsi_socket.h for documentation. */ #include "myproxy_common.h" #include "gsi_socket_priv.h" static int GSI_SOCKET_set_error_string(GSI_SOCKET *self, char *buffer) { if (self->error_string) { free(self->error_string); } self->error_string = strdup(buffer); return GSI_SOCKET_SUCCESS; } static int add_fqan(char ***fqans, const char *fqan) { int current_len; char **new_fqans; if (fqans==NULL) { return GSI_SOCKET_ERROR; } current_len = 0; if (*fqans != NULL) { while ((*fqans)[current_len] != NULL) current_len++; } new_fqans = realloc(*fqans, (current_len + 2) * sizeof(*new_fqans)); if (new_fqans == NULL) { return GSI_SOCKET_ERROR; } new_fqans[current_len] = strdup(fqan); new_fqans[current_len+1] = NULL; *fqans = new_fqans; return 0; } static gss_OID_desc gss_ext_x509_cert_chain_oid_desc = {11, "\x2b\x06\x01\x04\x01\x9b\x50\x01\x01\x01\x08"}; static gss_OID_desc * gss_ext_x509_cert_chain_oid = &gss_ext_x509_cert_chain_oid_desc; static int GSI_SOCKET_get_peer_cert_chain(GSI_SOCKET *self, X509 **cert, STACK_OF(X509) **cert_chain) { OM_uint32 major_status = 0; OM_uint32 minor_status = 0; gss_buffer_set_t buffer_set = NULL; int i; *cert = NULL; *cert_chain = NULL; major_status = gss_inquire_sec_context_by_oid(&minor_status, self->gss_context, gss_ext_x509_cert_chain_oid, &buffer_set); if (major_status != GSS_S_COMPLETE) { GSI_SOCKET_set_error_string(self, "gsi_inquire_sec_context_by_oid() failed in GSI_SOCKET_get_peer_cert_chain()"); return GSI_SOCKET_ERROR; } *cert_chain = sk_X509_new_null(); for (i = 0; i < buffer_set->count; i++) { const unsigned char *p; X509 *c; p = buffer_set->elements[i].value; c = d2i_X509(NULL, &p, buffer_set->elements[i].length); if (i == 0) { *cert = c; } else { if (sk_X509_insert(*cert_chain, c, sk_X509_num(*cert_chain)) == SSL_ERROR) { GSI_SOCKET_set_error_string(self, "sk_X509_insert() failed in GSI_SOCKET_get_peer_cert_chain()"); gss_release_buffer_set(&minor_status, &buffer_set); return GSI_SOCKET_ERROR; } } } gss_release_buffer_set(&minor_status, &buffer_set); return GSI_SOCKET_SUCCESS; } int GSI_SOCKET_get_peer_fqans(GSI_SOCKET *self, char ***fqans) { char **local_fqans = NULL; int ret; struct vomsdata *voms_data = NULL; struct voms **voms_cert = NULL; char **fqan = NULL; int voms_err; char *err_msg, *err_str; X509 *cert = NULL; STACK_OF(X509) *cert_chain = NULL; voms_data = VOMS_Init(NULL, NULL); if (voms_data == NULL) { GSI_SOCKET_set_error_string(self, "Failed to read VOMS attributes, VOMS_Init() failed"); return GSI_SOCKET_ERROR; } if (GSI_SOCKET_get_peer_cert_chain(self, &cert, &cert_chain) != GSI_SOCKET_SUCCESS) { GSI_SOCKET_set_error_string(self, "Failed to read VOMS attributes, GSI_SOCKET_get_peer_cert_chain( failed"); return GSI_SOCKET_ERROR; } ret = VOMS_Retrieve(cert, cert_chain, RECURSE_CHAIN, voms_data, &voms_err); if (ret == 0) { if (voms_err == VERR_NOEXT) { /* No VOMS extensions present, return silently */ ret = 0; goto end; } else { err_msg = VOMS_ErrorMessage(voms_data, voms_err, NULL, 0); err_str = (char *)malloc(strlen(err_msg)+50); snprintf(err_str, strlen(err_msg)+50, "Failed to read VOMS attributes: %s", err_msg); GSI_SOCKET_set_error_string(self, err_str); free(err_msg); free(err_str); ret = GSI_SOCKET_ERROR; goto end; } } for (voms_cert = voms_data->data; voms_cert && *voms_cert; voms_cert++) { for (fqan = (*voms_cert)->fqan; fqan && *fqan; fqan++) { add_fqan(&local_fqans, *fqan); } } *fqans = local_fqans; ret = 0; end: if (voms_data) VOMS_Destroy(voms_data); if (cert) X509_free(cert); if (cert_chain) sk_X509_pop_free(cert_chain, X509_free); return ret; } myproxy-6.2.16/etc.services.modifications0000644000175100017510000000010114557142036015426 00000000000000myproxy-server 7512/tcp # Myproxy server myproxy-6.2.16/string_funcs.c0000644000175100017510000004116514557142036013146 00000000000000/* * string_funcs.c * * String manipulation functions. * * See string_funcs.h for documentation. */ #include "myproxy_common.h" /* all needed headers included here */ /********************************************************************** * * API Functions * */ /* * strip_char() * * strips a string of a given character */ void strip_char (char *buf, char ch) { int len,i, k = 0; char *tmp; tmp = strdup (buf); /* creates a storage */ len = strlen (buf); for (i = 0; i < len; i ++) { if (buf[i] == ch) continue; tmp[k++] = buf[i]; } for (i = 0; i < k; i ++) /*copy back */ buf[i] = tmp[i]; buf[i] = '\0'; free(tmp); } int my_append(char **dest, const char *src, ...) { va_list ap; size_t len = 1; assert(dest); if (*dest) { len += strlen(*dest); } else { *dest = (char *)malloc(1); **dest = '\0'; } va_start(ap, src); while (src) { len += strlen(src); *dest = realloc(*dest, len); if (*dest == NULL) { verror_put_errno(errno); return -1; } strcat(*dest, src); src = va_arg(ap, const char *); } va_end(ap); return len-1; } int my_strncpy(char *destination, const char *source, size_t destination_length) { int len; assert(destination != NULL); assert(source != NULL); len = strlen(source); if (len >= destination_length) { strncpy(destination, source, destination_length-1); destination[destination_length-1] = '\0'; len = -1; } else { strcpy(destination, source); } return len; } char * my_snprintf(const char *format, ...) { char *string = NULL; va_list ap; va_start(ap, format); string = my_vsnprintf(format, ap); va_end(ap); return string; } char * my_vsnprintf(const char *format, va_list ap) { char *buffer = NULL; int buffer_len = 1024; int string_len = -1; buffer = malloc(buffer_len); if (buffer == NULL) { /* Punt */ return NULL; } while (1) { char *new_buffer; va_list aq; va_copy(aq, ap); string_len = vsnprintf(buffer, buffer_len, format, aq); va_end(aq); /* * Was buffer big enough? On gnu libc boxes we get -1 if it wasn't * on Solaris boxes we get > buffer_len. */ if ((/* GNU libc */ string_len != -1) && (/* Solaris */ string_len <= buffer_len)) { break; } buffer_len *= 2; new_buffer = realloc(buffer, buffer_len); if (new_buffer == NULL) { /* Punt */ if (buffer != NULL) { free(buffer); } return NULL; } buffer = new_buffer; } return buffer; } /* * copy_file() * * Copy source to destination, creating destination if needed. * Set permissions on destination to given mode. * * Returns 0 on success, -1 on error. */ int copy_file(const char *source, const char *dest, const mode_t mode) { int src_fd = -1; int dst_fd = -1; int src_flags = O_RDONLY; char buffer[2048]; int bytes_read; int return_code = -1; char *tmpfilename = NULL; int bufsiz; assert(source != NULL); assert(dest != NULL); src_fd = open(source, src_flags); if (src_fd == -1) { verror_put_errno(errno); verror_put_string("opening %s for reading", source); goto error; } bufsiz = strlen(dest)+15; tmpfilename = malloc(bufsiz); snprintf(tmpfilename, bufsiz, "%s.temp.XXXXXX", dest); dst_fd = mkstemp(tmpfilename); if (dst_fd == -1) { verror_put_errno(errno); verror_put_string("opening %s for writing", tmpfilename); goto error; } if (mode != 0600) { /* mkstemp creates file with 0600 */ fchmod(dst_fd, mode); } do { bytes_read = read(src_fd, buffer, sizeof(buffer)-1); if (bytes_read == -1) { verror_put_errno(errno); verror_put_string("reading %s", source); goto error; } buffer[bytes_read]='\0'; if (bytes_read != 0) { if (write(dst_fd, buffer, bytes_read) == -1) { verror_put_errno(errno); verror_put_string("writing %s", dest); goto error; } } } while (bytes_read > 0); close(src_fd); src_fd = -1; close(dst_fd); dst_fd = -1; if (rename(tmpfilename, dest) < 0) { verror_put_string("rename(%s,%s) failed", tmpfilename, dest); verror_put_errno(errno); goto error; } /* Success */ return_code = 0; error: if (src_fd != -1) { close(src_fd); } if (dst_fd != -1) { close(dst_fd); if (return_code == -1) { unlink(tmpfilename); } } if (tmpfilename) free(tmpfilename); return return_code; } /* * buffer_from_file() * * Read the entire contents of a file into a buffer. * * Returns 0 on success, -1 on error, setting verror. */ int buffer_from_file(const char *path, unsigned char **pbuffer, int *pbuffer_len) { int fd = -1; int open_flags; int return_status = -1; struct stat statbuf; unsigned char *buffer = NULL, *b = NULL; int buffer_len; int remaining; int rval; assert(path != NULL); assert(pbuffer != NULL); open_flags = O_RDONLY; fd = open(path, open_flags); if (fd == -1) { verror_put_string("Failure opening file \"%s\"", path); verror_put_errno(errno); goto error; } if (fstat(fd, &statbuf) == -1) { verror_put_string("Failure stating file \"%s\"", path); verror_put_errno(errno); goto error; } buffer_len = statbuf.st_size; b = buffer = malloc(buffer_len+1); if (buffer == NULL) { verror_put_string("malloc() failed"); verror_put_errno(errno); goto error; } remaining = buffer_len; while (remaining) { rval = read(fd, b, remaining); if (rval == -1) { verror_put_string("Error reading file \"%s\"", path); verror_put_errno(errno); goto error; } remaining -= rval; b += rval; } buffer[buffer_len++] = '\0'; /* Succcess */ *pbuffer = buffer; if (pbuffer_len) *pbuffer_len = buffer_len; return_status = 0; error: if (fd != -1) { close(fd); } if (return_status == -1) { if (buffer != NULL) { free(buffer); } } return return_status; } int make_path(char *path) { struct stat sb; char *p; assert (path != NULL); p = path+1; while ((p = strchr(p, '/')) != NULL) { *p = '\0'; if (stat(path, &sb) < 0) { if (errno == ENOENT) { /* doesn't exist. create it. */ myproxy_debug("Creating directory %s", path); if (mkdir(path, 0755) < 0) { verror_put_errno(errno); verror_put_string("Failed to create directory %s", strerror(errno)); *p = '/'; return -1; } } else { verror_put_errno(errno); verror_put_string("failed to stat %s", path); *p = '/'; return -1; } } else if (!(sb.st_mode & S_IFDIR)) { verror_put_string("%s exists and is not a directory", path); *p = '/'; return -1; } *p = '/'; p++; } return 0; } int b64_encode(const char *input, long inlen, char **output) { BIO *mbio, *b64bio, *bio; char *outbuf; long outlen; assert(input != NULL); if (inlen == 0) { *output = strdup(""); return 0; } mbio = BIO_new(BIO_s_mem()); b64bio = BIO_new(BIO_f_base64()); BIO_set_flags(b64bio, BIO_FLAGS_BASE64_NO_NL); bio = BIO_push(b64bio, mbio); if (BIO_write(bio, input, inlen) != inlen) { verror_put_string("error in BIO_write when base64 encoding"); return -1; } if (BIO_flush(bio) != 1) { verror_put_string("error in BIO_flush when base64 encoding"); return -1; } outlen = BIO_get_mem_data(bio, &outbuf); *output = malloc(outlen+1); memcpy(*output, outbuf, outlen); (*output)[outlen] = '\0'; BIO_free_all(bio); return 0; } int b64_decode(const char *input, char **output) { BIO *mbio, *b64bio, *bio; long inlen, outlen; assert(input != NULL); assert(output != NULL); inlen = strlen(input); if (inlen == 0) { *output = strdup(""); return 0; } mbio = BIO_new_mem_buf((void *)input, -1); b64bio = BIO_new(BIO_f_base64()); BIO_set_flags(b64bio, BIO_FLAGS_BASE64_NO_NL); bio = BIO_push(b64bio, mbio); outlen = inlen*2; *output = malloc(outlen+1); if ((outlen = BIO_read(bio, *output, outlen)) <= 0) { verror_put_string("error in BIO_read when base64 encoding"); return -1; } (*output)[outlen] = '\0'; BIO_free_all(bio); return outlen; } #define TRUSTED_CERT_PATH "/.globus/certificates/" #define USER_CERT_PATH "/.globus/usercert.pem" #define USER_KEY_PATH "/.globus/userkey.pem" #define HOST_CERT_PATH "/etc/grid-security/hostcert.pem" #define HOST_KEY_PATH "/etc/grid-security/hostkey.pem" /* ** Return the path to the user's home directory. */ char * get_home_path() { char *home = NULL; if (getenv("HOME")) { home = getenv("HOME"); } if (home == NULL) { struct passwd *pw; pw = getpwuid(getuid()); if (pw != NULL) { home = pw->pw_dir; } } if (home == NULL) { verror_put_string("Could not find user's home directory\n"); return NULL; } home = strdup(home); if (home == NULL) { verror_put_errno(errno); verror_put_string("strdup() failed"); return NULL; } return home; } /* ** Return the path to the target trusted certificates directory, ** even if it doesn't exist (i.e., different from ** GLOBUS_GSI_SYSCONFIG_GET_CERT_DIR() which returns the certificates ** directory path only if it exists). **/ char* get_trusted_certs_path() { char *path = NULL; if (getenv("X509_CERT_DIR")) { path = strdup(getenv("X509_CERT_DIR")); if (path == NULL) { verror_put_errno(errno); verror_put_string("strdup() failed."); return NULL; } if (path[strlen(path)-1] != '/') { if (my_append(&path, "/", NULL) == -1) { free(path); return NULL; } } return path; } if (getuid() == 0) { path = strdup("/etc/grid-security/certificates/"); if (path == NULL) { verror_put_errno(errno); verror_put_string("strdup() failed."); return NULL; } return path; } path = get_home_path(); if (path == NULL) { return NULL; } if (my_append(&path, TRUSTED_CERT_PATH, NULL) == -1) { free(path); return NULL; } return path; } /* ** Given a filename, return the full path of that file as it would ** exist in the trusted certificates directory. */ char* get_trusted_file_path(char *filename) { char *sterile_filename = NULL; char *file_path = NULL; sterile_filename = strdup(filename); if (sterile_filename == NULL) { goto error; } sterilize_string(sterile_filename); file_path = get_trusted_certs_path(); if (file_path == NULL) { goto error; } if (my_append(&file_path, sterile_filename, NULL) == -1) { goto error; } /* Success */ free(sterile_filename); return file_path; /* We jump here on error */ error: if (sterile_filename != NULL) { free(sterile_filename); } if (file_path != NULL) { free(file_path); } return NULL; } int get_user_credential_filenames( char **certfile, char **keyfile ) { if (certfile) { *certfile = NULL; if (getenv("X509_USER_CERT")) { *certfile = strdup(getenv("X509_USER_CERT")); } else { *certfile = get_home_path(); if (my_append(certfile, USER_CERT_PATH, NULL) == -1) { free(*certfile); *certfile = NULL; } } } if (keyfile) { if (getenv("X509_USER_KEY")) { *keyfile = strdup(getenv("X509_USER_KEY")); } else { *keyfile = get_home_path(); if (my_append(keyfile, USER_KEY_PATH, NULL) == -1) { free(*keyfile); *keyfile = NULL; } } } return 0; } int get_host_credential_filenames( char **certfile, char **keyfile ) { if (certfile) { *certfile = NULL; if (getenv("X509_USER_CERT")) { *certfile = strdup(getenv("X509_USER_CERT")); } else { *certfile = strdup(HOST_CERT_PATH); } } if (keyfile) { if (getenv("X509_USER_KEY")) { *keyfile = strdup(getenv("X509_USER_KEY")); } else { *keyfile = strdup(HOST_KEY_PATH); } } return 0; } /* * sterilize_string * * Walk through a string and make sure that is it acceptable for using * as part of a path. */ void sterilize_string(char *string) { /* Characters to be removed */ char *bad_chars = "/"; /* Character to replace any of above characters */ char replacement_char = '-'; assert(string != NULL); /* No '.' as first character */ if (*string == '.') { *string = replacement_char; } /* Replace any bad characters with replacement_char */ while (*string != '\0') { if (strchr(bad_chars, *string) != NULL) { *string = replacement_char; } string++; } return; } #ifndef HAVE_SETENV int setenv(const char *var, const char *value, int override) { char *envstr = NULL; int status; assert(var != NULL); assert(value != NULL); /* If we're not overriding and it's already set, then return */ if (!override && getenv(var)) return 0; envstr = malloc(strlen(var) + strlen(value) + 2 /* '=' and NUL */); if (envstr == NULL) { return -1; } sprintf(envstr, "%s=%s", var, value); status = putenv(envstr); /* Don't free envstr as it may still be in use */ return status; } #endif #ifndef HAVE_UNSETENV void unsetenv(const char *var) { extern char **environ; char **p1 = environ; /* New array list */ char **p2 = environ; /* Current array list */ int len = strlen(var); assert(var != NULL); /* * Walk through current environ array (p2) copying each pointer * to new environ array (p1) unless the pointer is to the item * we want to delete. Copy happens in place. */ while (*p2) { if ((strncmp(*p2, var, len) == 0) && ((*p2)[len] == '=')) { /* * *p2 points at item to be deleted, just skip over it */ p2++; } else { /* * *p2 points at item we want to save, so copy it */ *p1 = *p2; p1++; p2++; } } /* And make sure new array is NULL terminated */ *p1 = NULL; } #endif /* * add_entry() * * Add a entry to an array of string, allocating as needed. */ char ** add_entry(char **entries, const char *entry) { int current_length = 0; char **new_entries; char *my_entry; int new_size; assert(entry != NULL); my_entry = strdup(entry); if (my_entry == NULL) { return NULL; } if (entries != NULL) { while (entries[current_length] != NULL) { current_length++; } } /* Add enough for new pointer and NULL */ new_size = sizeof(char *) * (current_length + 2); new_entries = realloc(entries, new_size); if (new_entries == NULL) { return NULL; } new_entries[current_length] = my_entry; new_entries[current_length + 1] = NULL; return new_entries; } void free_array_list(char ***listp) { char **list; int i; if (!listp) return; list = *listp; if (!list) return; for (i=0; list[i]; i++) { free(list[i]); } free(list); *listp = NULL; } int join_array(char **target, char *array[], const char *sep) { int result = 1; int i; if ((target == NULL) || (array == NULL) || (sep == NULL) ) { goto error; } if (array[0] == NULL) { goto error; } if (my_append(target, array[0], NULL) < 0) { goto error; } for (i = 1; array[i] != NULL; i++) { if (my_append(target, sep, array[i], NULL) < 0) { goto error; } } result = 0; error: if ((result == 1) && (*target != NULL)) { free(*target); *target = NULL; } return result; } myproxy-6.2.16/certauth_extensions.h0000644000175100017510000000101414557142036014532 00000000000000/* * * certauth_extensions.h - CA extensions for myproxy * */ int initialise_openssl_engine(myproxy_server_context_t *server_context); int is_certificate_authority_configured(myproxy_server_context_t *server_context); void get_certificate_authority(myproxy_socket_attrs_t *server_attrs, myproxy_creds_t *creds, myproxy_request_t *request, myproxy_response_t *response, myproxy_server_context_t *server_context); myproxy-6.2.16/myproxy.cron0000755000175100017510000000056414557142036012711 00000000000000#!/bin/sh # This cron script deletes invalid MyProxy credentials # (expired, revoked, etc.). # Set GLOBUS_LOCATION as appropriate for your installation. GLOBUS_LOCATION="/usr/local/globus" export GLOBUS_LOCATION . ${GLOBUS_LOCATION}/libexec/globus-script-initializer ${GLOBUS_LOCATION}/sbin/myproxy-admin-query -i -r 2>&1 | logger -t myproxy.cron -p cron.info exit 0 myproxy-6.2.16/myproxy_get_trustroots.c0000644000175100017510000001767114557142036015365 00000000000000/* * myproxy-get-trustroots * * Webserver program to manage trustroots from a myproxy-server */ #include "myproxy_common.h" /* all needed headers included here */ static char usage[] = \ "\n" "Syntax: myproxy-get-trustroots [-s server] [-p port]...\n" " myproxy-get-trustroots [-usage|-help] [-version]\n" "\n" " Options\n" " -h | --help Displays usage\n" " -u | --usage \n" " \n" " -v | --verbose Display debugging messages\n" " -V | --version Displays version\n" " -s | --pshost Hostname of the myproxy-server\n" " -p | --psport Port of the myproxy-server\n" " -q | --quiet Only output on error\n" " -b | --bootstrap Bootstrap trust in myproxy-server\n" "\n"; struct option long_options[] = { {"help", no_argument, NULL, 'h'}, {"pshost", required_argument, NULL, 's'}, {"psport", required_argument, NULL, 'p'}, {"usage", no_argument, NULL, 'u'}, {"verbose", no_argument, NULL, 'v'}, {"version", no_argument, NULL, 'V'}, {"quiet", no_argument, NULL, 'q'}, {"bootstrap", no_argument, NULL, 'b'}, {0, 0, 0, 0} }; static char short_options[] = "hus:p:vVqb"; static char version[] = "myproxy-get-trustroots version " MYPROXY_VERSION " (" MYPROXY_VERSION_DATE ") " "\n"; void init_arguments(int argc, char *argv[], myproxy_socket_attrs_t *attrs, myproxy_request_t *request); /* * Use setvbuf() instead of setlinebuf() since cygwin doesn't support * setlinebuf(). */ #define my_setlinebuf(stream) setvbuf((stream), (char *) NULL, _IOLBF, 0) static int quiet = 0; static int bootstrap = 0; int myproxy_set_trustroots_defaults( myproxy_socket_attrs_t *socket_attrs, myproxy_request_t *client_request) { char *pshost; client_request->version = strdup(MYPROXY_VERSION); client_request->command_type = MYPROXY_GET_TRUSTROOTS; client_request->want_trusted_certs = 1; client_request->username = strdup(""); myproxy_debug("Requesting trusted certificates.\n"); pshost = getenv("MYPROXY_SERVER"); if (pshost != NULL) { socket_attrs->pshost = strdup(pshost); } if (getenv("MYPROXY_SERVER_PORT")) { socket_attrs->psport = atoi(getenv("MYPROXY_SERVER_PORT")); } else { socket_attrs->psport = MYPROXY_SERVER_PORT; } return 0; } int myproxy_get_trustroots( myproxy_socket_attrs_t *socket_attrs, myproxy_request_t *client_request, myproxy_response_t *server_response) { char *request_buffer = NULL; int requestlen; assert(socket_attrs != NULL); assert(client_request != NULL); assert(server_response != NULL); /* Set up client socket attributes */ if (socket_attrs->gsi_socket == NULL) { if (myproxy_init_client(socket_attrs) < 0) { return(1); } } /* Attempt anonymous-mode credential retrieval if we don't have a credential. */ GSI_SOCKET_allow_anonymous(socket_attrs->gsi_socket, 1); /* Authenticate client to server */ if (GSI_SOCKET_context_established(socket_attrs->gsi_socket) == 0) { if (myproxy_authenticate_init(socket_attrs, NULL) < 0) { return(1); } } /* Serialize client request object */ requestlen = myproxy_serialize_request_ex(client_request, &request_buffer); if (requestlen < 0) { return(1); } /* Send request to the myproxy-server */ if (myproxy_send(socket_attrs, request_buffer, requestlen) < 0) { return(1); } free(request_buffer); request_buffer = 0; /* Continue unless the response is not OK */ if (myproxy_recv_response_ex(socket_attrs, server_response, client_request) != 0) { return(1); } return(0); } int main(int argc, char *argv[]) { myproxy_socket_attrs_t *socket_attrs; myproxy_request_t *client_request; myproxy_response_t *server_response; int return_value = 1; /* check library version */ if (myproxy_check_version()) { fprintf(stderr, "MyProxy library version mismatch.\n" "Expecting %s. Found %s.\n", MYPROXY_VERSION_DATE, myproxy_version(0,0,0)); exit(1); } myproxy_log_use_stream (stderr); my_setlinebuf(stdout); my_setlinebuf(stderr); socket_attrs = malloc(sizeof(*socket_attrs)); memset(socket_attrs, 0, sizeof(*socket_attrs)); client_request = malloc(sizeof(*client_request)); memset(client_request, 0, sizeof(*client_request)); server_response = malloc(sizeof(*server_response)); memset(server_response, 0, sizeof(*server_response)); /* Setup defaults */ myproxy_set_trustroots_defaults(socket_attrs,client_request); /* Initialize client arguments and create client request object */ init_arguments(argc, argv, socket_attrs, client_request); /* Bootstrap trusted certificate directory if none exists. */ assert(client_request->want_trusted_certs); /* Connect to server and authenticate. Bootstrap trust roots as needed. */ if (myproxy_bootstrap_client(socket_attrs, client_request->want_trusted_certs, bootstrap) < 0) { verror_print_error(stderr); goto cleanup; } if (myproxy_get_trustroots(socket_attrs, client_request, server_response)!=0) { fprintf(stderr, "Failed to receive trustroots.\n"); verror_print_error(stderr); goto cleanup; } /* Store file in trusted directory if requested and returned */ assert(client_request->want_trusted_certs); if (server_response->trusted_certs != NULL) { if (myproxy_install_trusted_cert_files(server_response->trusted_certs) != 0) { verror_print_error(stderr); goto cleanup; } else { char *path; path = get_trusted_certs_path(); if (path) { if (!quiet) { printf("Trust roots have been installed in %s.\n", path); } free(path); } } } else { myproxy_debug("Requested trusted certs but didn't get any.\n"); } return_value = 0; cleanup: /* free memory allocated */ myproxy_free(socket_attrs, client_request, server_response); return return_value; } void init_arguments(int argc, char *argv[], myproxy_socket_attrs_t *attrs, myproxy_request_t *request) { extern char *optarg; int arg; request->want_trusted_certs = 1; while((arg = getopt_long(argc, argv, short_options, long_options, NULL)) != EOF) { switch(arg) { case 's': /* pshost name */ attrs->pshost = strdup(optarg); break; case 'p': /* psport */ attrs->psport = atoi(optarg); break; case 'h': /* print help and exit */ case 'u': /* print help and exit */ printf("%s", usage); exit(0); break; case 'q': quiet = 1; break; case 'b': bootstrap = 1; break; case 'v': myproxy_debug_set_level(1); break; case 'V': /* print version and exit */ printf("%s", version); exit(0); break; default: /* print usage and exit */ fprintf(stderr, "%s", usage); exit(1); break; } } if (optind != argc) { fprintf(stderr, "%s: invalid option -- %s\n", argv[0], argv[optind]); fprintf(stderr, "%s", usage); exit(1); } /* Check to see if myproxy-server specified */ if (attrs->pshost == NULL) { fprintf(stderr, "Unspecified myproxy-server. Please set the MYPROXY_SERVER environment variable\nor set the myproxy-server hostname via the -s flag.\n"); exit(1); } return; } myproxy-6.2.16/myproxy.pc.in0000644000175100017510000000044014557142036012745 00000000000000prefix=@prefix@ exec_prefix=@exec_prefix@ libdir=@libdir@ includedir=@includedir@ Name: myproxy Description: Manage X.509 Public Key Infrastructure (PKI) security credentials Version: @PACKAGE_VERSION@ Requires.private: @PACKAGE_DEPS@ Libs: -L${libdir} -lmyproxy Cflags: -I${includedir} myproxy-6.2.16/safe_id_range_list.h0000644000175100017510000000443514557142036014247 00000000000000/* safe_id_range_list.h. Generated by configure. */ #ifndef SAFE_ID_RANGE_LIST_H_ #define SAFE_ID_RANGE_LIST_H_ /* * safefile package http://www.cs.wisc.edu/~kupsch/safefile * * Copyright 2007-2008 James A. Kupsch * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #include #include #include #include /* define id_t to uid_t if not defined */ /* #undef id_t */ /* id used when an error occurs */ extern const id_t safe_err_id; /* declare implementation data structure type */ struct safe_id_range_list_elem; typedef struct safe_id_range_list { size_t count; size_t capacity; struct safe_id_range_list_elem *list; } safe_id_range_list; int safe_init_id_range_list(safe_id_range_list *list); int safe_add_id_range_to_list(safe_id_range_list *list, id_t min_id, id_t max_id); int safe_add_id_to_list(safe_id_range_list *list, id_t id); void safe_destroy_id_range_list(safe_id_range_list *list); int safe_is_id_in_list(safe_id_range_list *list, id_t id); int safe_is_id_list_empty(safe_id_range_list *list); uid_t safe_strto_uid(const char *value, const char **endptr); gid_t safe_strto_gid(const char *value, const char **endptr); id_t safe_strto_id(const char *value, const char **endptr); void safe_strto_id_list(safe_id_range_list *list, const char *value, const char **endptr); void safe_strto_uid_list(safe_id_range_list *list, const char *value, const char **endptr); void safe_strto_gid_list(safe_id_range_list *list, const char *value, const char **endptr); int safe_parse_id_list(safe_id_range_list *list, const char *value); int safe_parse_uid_list(safe_id_range_list *list, const char *value); int safe_parse_gid_list(safe_id_range_list *list, const char *value); #endif myproxy-6.2.16/myproxy_ocsp_aia.c0000644000175100017510000000744414557142036014031 00000000000000/* * Copyright (c) 2004-2006 Roumen Petrov. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * * Modified from X.509 certificates support for OpenSSH by * Roumen Petrov (http://roumenpetrov.info/openssh/). */ #include "myproxy_common.h" #include "myproxy_ocsp_aia.h" #if defined(HAVE_OCSP) #include #include #include #include #include static AUTHORITY_INFO_ACCESS * my_aia_get(X509_EXTENSION *ext) { const X509V3_EXT_METHOD *method = NULL; void *ext_str = NULL; const unsigned char *p; int len; if (ext == NULL) { verror_put_string("my_aia_get: ext is NULL"); return(NULL); } method = X509V3_EXT_get(ext); if (method == NULL) { myproxy_debug("my_aia_get: cannot get method"); return(NULL); } p = X509_EXTENSION_get_data(ext)->data; len = X509_EXTENSION_get_data(ext)->length; if (method->it) { ext_str = ASN1_item_d2i(NULL, &p, len, ASN1_ITEM_ptr(method->it)); } else { ext_str = method->d2i(NULL, &p, len); } if (ext_str == NULL) { myproxy_debug("my_aia_get: null ext_str!"); return(NULL); } return((AUTHORITY_INFO_ACCESS*)ext_str); } static void my_aia_free(X509_EXTENSION *ext, AUTHORITY_INFO_ACCESS* aia) { const X509V3_EXT_METHOD *method = NULL; if (ext == NULL) { verror_put_string("my_aia_free: ext is NULL"); return; } method = X509V3_EXT_get(ext); if (method == NULL) return; if (method->it) { ASN1_item_free((void*)aia, ASN1_ITEM_ptr(method->it)); } else { method->ext_free(aia); } } char * myproxy_get_aia_ocsp_uri(X509 *cert) { int loc = -1; char *uri = NULL; if (cert == NULL) return(0); for (loc = X509_get_ext_by_NID(cert, NID_info_access, loc); loc >= 0; loc = X509_get_ext_by_NID(cert, NID_info_access, loc)) { X509_EXTENSION *xe; AUTHORITY_INFO_ACCESS *aia; int k; xe = X509_get_ext(cert, loc); if (xe == NULL) { myproxy_debug("get_aia_ocsp_uri: cannot get x509 extension"); continue; } aia = my_aia_get(xe); if (aia == NULL) continue; for (k = 0; k < sk_ACCESS_DESCRIPTION_num(aia); k++) { ACCESS_DESCRIPTION *ad = sk_ACCESS_DESCRIPTION_value(aia, k); GENERAL_NAME *gn; ASN1_IA5STRING *asn1_uri; if (OBJ_obj2nid(ad->method) != NID_ad_OCSP) continue; gn = ad->location; if (gn->type != GEN_URI) continue; asn1_uri = gn->d.uniformResourceIdentifier; uri = strdup((const char*)asn1_uri->data); break; } my_aia_free(xe, aia); if (uri) break; } return uri; } #endif myproxy-6.2.16/web/0000755000175100017510000000000014557145304011125 500000000000000myproxy-6.2.16/web/Makefile.in0000644000175100017510000003436514557142526013130 00000000000000# Makefile.in generated by automake 1.13.4 from Makefile.am. # @configure_input@ # Copyright (C) 1994-2013 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ VPATH = @srcdir@ am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ *) echo "am__make_running_with_option: internal error: invalid" \ "target option '$${target_option-}' specified" >&2; \ exit 1;; \ esac; \ has_opt=no; \ sane_makeflags=$$MAKEFLAGS; \ if $(am__is_gnu_make); then \ sane_makeflags=$$MFLAGS; \ else \ case $$MAKEFLAGS in \ *\\[\ \ ]*) \ bs=\\; \ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ esac; \ fi; \ skip_next=no; \ strip_trailopt () \ { \ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ }; \ for flg in $$sane_makeflags; do \ test $$skip_next = yes && { skip_next=no; continue; }; \ case $$flg in \ *=*|--*) continue;; \ -*I) strip_trailopt 'I'; skip_next=yes;; \ -*I?*) strip_trailopt 'I';; \ -*O) strip_trailopt 'O'; skip_next=yes;; \ -*O?*) strip_trailopt 'O';; \ -*l) strip_trailopt 'l'; skip_next=yes;; \ -*l?*) strip_trailopt 'l';; \ -[dEDm]) skip_next=yes;; \ -[JT]) skip_next=yes;; \ esac; \ case $$flg in \ *$$target_option*) has_opt=yes; break;; \ esac; \ done; \ test $$has_opt = yes am__make_dryrun = (target_option=n; $(am__make_running_with_option)) am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = web DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ $(top_srcdir)/myproxy-date.inc $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = AM_V_P = $(am__v_P_@AM_V@) am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) am__v_P_0 = false am__v_P_1 = : AM_V_GEN = $(am__v_GEN_@AM_V@) am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) am__v_GEN_0 = @echo " GEN " $@; am__v_GEN_1 = AM_V_at = $(am__v_at_@AM_V@) am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) am__v_at_0 = @ am__v_at_1 = SOURCES = DIST_SOURCES = am__can_run_installinfo = \ case $$AM_UPDATE_INFO_DIR in \ n|no|NO) false;; \ *) (install-info --version) >/dev/null 2>&1;; \ esac am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; am__install_max = 40 am__nobase_strip_setup = \ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` am__nobase_strip = \ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" am__nobase_list = $(am__nobase_strip_setup); \ for p in $$list; do echo "$$p $$p"; done | \ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ if (++n[$$2] == $(am__install_max)) \ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ END { for (dir in files) print dir, files[dir] }' am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__uninstall_files_from_dir = { \ test -z "$$files" \ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ $(am__cd) "$$dir" && rm -f $$files; }; \ } am__installdirs = "$(DESTDIR)$(pkgdatadir)" DATA = $(pkgdata_DATA) am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AGE_VERSION = @AGE_VERSION@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ AS = @AS@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DLLTOOL = @DLLTOOL@ DSYMUTIL = @DSYMUTIL@ DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GLOBUS_CFLAGS = @GLOBUS_CFLAGS@ GLOBUS_LIBS = @GLOBUS_LIBS@ GREP = @GREP@ GSI_CERT_UTILS_PATH = @GSI_CERT_UTILS_PATH@ GSI_PROXY_UTILS_PATH = @GSI_PROXY_UTILS_PATH@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ KRB5CPPFLAGS = @KRB5CPPFLAGS@ LD = @LD@ LDFLAGS = @LDFLAGS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAJOR_VERSION = @MAJOR_VERSION@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MICRO_VERSION = @MICRO_VERSION@ MINOR_VERSION = @MINOR_VERSION@ MKDIR_P = @MKDIR_P@ MYPROXY_DATE = @MYPROXY_DATE@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ OPENSSL = @OPENSSL@ OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ OPENSSL_LIBS = @OPENSSL_LIBS@ OTOOL = @OTOOL@ OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_DEPS = @PACKAGE_DEPS@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ RANLIB = @RANLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ SYSLIBS = @SYSLIBS@ VERSION = @VERSION@ VOMS_LIBS = @VOMS_LIBS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ pkgdata_DATA = login.html myproxy-get-delegation.cgi EXTRA_DIST = login.html myproxy-get-delegation.cgi all: all-am .SUFFIXES: $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign web/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --foreign web/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs install-pkgdataDATA: $(pkgdata_DATA) @$(NORMAL_INSTALL) @list='$(pkgdata_DATA)'; test -n "$(pkgdatadir)" || list=; \ if test -n "$$list"; then \ echo " $(MKDIR_P) '$(DESTDIR)$(pkgdatadir)'"; \ $(MKDIR_P) "$(DESTDIR)$(pkgdatadir)" || exit 1; \ fi; \ for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; \ done | $(am__base_list) | \ while read files; do \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(pkgdatadir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(pkgdatadir)" || exit $$?; \ done uninstall-pkgdataDATA: @$(NORMAL_UNINSTALL) @list='$(pkgdata_DATA)'; test -n "$(pkgdatadir)" || list=; \ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ dir='$(DESTDIR)$(pkgdatadir)'; $(am__uninstall_files_from_dir) tags TAGS: ctags CTAGS: cscope cscopelist: distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile $(DATA) installdirs: for dir in "$(DESTDIR)$(pkgdatadir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: if test -z '$(STRIP)'; then \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ install; \ else \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ fi mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-am clean-am: clean-generic clean-libtool mostlyclean-am distclean: distclean-am -rm -f Makefile distclean-am: clean-am distclean-generic dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-pkgdataDATA install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-generic mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-pkgdataDATA .MAKE: install-am install-strip .PHONY: all all-am check check-am clean clean-generic clean-libtool \ cscopelist-am ctags-am distclean distclean-generic \ distclean-libtool distdir dvi dvi-am html html-am info info-am \ install install-am install-data install-data-am install-dvi \ install-dvi-am install-exec install-exec-am install-html \ install-html-am install-info install-info-am install-man \ install-pdf install-pdf-am install-pkgdataDATA install-ps \ install-ps-am install-strip installcheck installcheck-am \ installdirs maintainer-clean maintainer-clean-generic \ mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \ ps ps-am tags-am uninstall uninstall-am uninstall-pkgdataDATA # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: myproxy-6.2.16/web/login.html0000644000175100017510000000217314557142036013045 00000000000000 Authentication Page

Get Proxy Credential

Username:
Password:
Lifetime (hours):
myproxy-users@ncsa.uiuc.edu
Last modified: Tue Nov 20 2001 myproxy-6.2.16/web/Makefile.am0000644000175100017510000000015114557142036013075 00000000000000pkgdata_DATA = login.html myproxy-get-delegation.cgi EXTRA_DIST = login.html myproxy-get-delegation.cgi myproxy-6.2.16/web/myproxy-get-delegation.cgi0000755000175100017510000000504014557142036016147 00000000000000#!/usr/bin/perl -w # Thanks to Steve Mock @SDSC for expect stuff # use CGI qw/:standard/; use Expect; # Edit this line to reflect location of myproxy-get-delegation my $program = "/usr/local/myproxy/bin/myproxy-get-delegation"; my $username = param(USERNAME); my $password = param(PASSWORD); my $lifetime = param(LIFETIME); # Check length of password my $len = length ($password); if (($len < 5) || ($len > 10)) { passwordtoolong(); } # zap everything past first nonword character $username =~ s/\W.*//; if ($lifetime =~ /\D/) { invalidlifetime(); } my $outfile = "$username.cred"; my $args = "-s localhost -l $username -t $lifetime -o $outfile"; # use expect to run the command my $cmd_filehandle = Expect->spawn("$program $args"); # this looks for the string "Pass Phrase:" for 20 seconds # and failing that, does the "error" subroutine. unless ($cmd_filehandle->expect(20, "Pass Phrase:")) { printerror(); } print $cmd_filehandle "$password\n"; # gather the output into the array @output = <$cmd_filehandle>; # close the filehandle to the command $cmd_filehandle->soft_close(); # now you have an array called @outputmsg which has the rest of the output... # get rid of output[0], since it contains the password $outputmsg = join(" ", $output[1]); if ($cmd_filehandle->exitstatus() != 0) { $outputmsg =~ s/(.*):\s//; &printerror($outputmsg); } else { &printsuccess; } sub passwordtoolong { print header; print ""; print "Incorrect Password"; print "

"; print "The password must be between 5 and 10 characters."; print "

"; exit; } sub invalidlifetime { print header; print ""; print "Invalid Lifetime"; print "

"; print "The lifetime parameter must contain only digits."; print "

"; exit; } sub printerror { my $errmsg = $_[0]; print header; print ""; print "Error!"; print "

"; print "Error executing myproxy-get-delegation!\n"; print "

"; print "$errmsg"; exit; } sub printsuccess { print header; print ""; print "Error!"; print "

"; print "Received a delegated proxy for $username good for $lifetime hours."; print "

"; exit; } myproxy-6.2.16/etc.xinetd.myproxy0000644000175100017510000000037414557142036014011 00000000000000service myproxy-server { socket_type = stream protocol = tcp wait = no user = root server = /usr/grid/sbin/myproxy-server env = GLOBUS_LOCATION=/usr/grid LD_LIBRARY_PATH=/usr/grid/lib disable = no } myproxy-6.2.16/myproxy.h.in0000644000175100017510000000502614557142036012577 00000000000000/* * myproxy.h * * Main public header for MyProxy library * */ #ifndef __MYPROXY_H #define __MYPROXY_H #define MYPROXY_VERSION "MYPROXYv2" /* protocol version string */ /* compilation options */ #if defined(HAVE_LIBPAM) #define MYPROXY_VERSION_PAM " PAM" #else #define MYPROXY_VERSION_PAM "" #endif #if defined(HAVE_LIBSASL2) #define MYPROXY_VERSION_SASL " SASL" #else #define MYPROXY_VERSION_SASL "" #endif #if defined(BUILD_GSSAPI_PLUGIN) #define MYPROXY_VERSION_KRB5 " KRB5" #else #define MYPROXY_VERSION_KRB5 "" #endif #if defined(HAVE_LIBLDAP) #define MYPROXY_VERSION_LDAP " LDAP" #else #define MYPROXY_VERSION_LDAP "" #endif #if defined(HAVE_VOMS) #define MYPROXY_VERSION_VOMS " VOMS" #else #define MYPROXY_VERSION_VOMS "" #endif #if defined(HAVE_OCSP) #define MYPROXY_VERSION_OCSP " OCSP" #else #define MYPROXY_VERSION_OCSP "" #endif /* software version constants */ #define MYPROXY_VERSION_MAJOR @MAJOR_VERSION@ #define MYPROXY_VERSION_MINOR @MINOR_VERSION@ #define MYPROXY_VERSION_MICRO @MICRO_VERSION@ #define MYPROXY_DATE "@MYPROXY_DATE@" #define MYPROXY_STR2(x) #x #define MYPROXY_STR(x) MYPROXY_STR2(x) #define MYPROXY_VERSION_DATE \ "v" MYPROXY_STR(MYPROXY_VERSION_MAJOR) "." \ MYPROXY_STR(MYPROXY_VERSION_MINOR) " " MYPROXY_DATE \ MYPROXY_VERSION_PAM MYPROXY_VERSION_SASL MYPROXY_VERSION_KRB5 \ MYPROXY_VERSION_LDAP MYPROXY_VERSION_VOMS MYPROXY_VERSION_OCSP /* * myproxy_version() * * Returns a static string indicating the MyProxy library version. * Also sets major, minor, and micro version numbers if non-NULL. */ char *myproxy_version(int *major, int *minor, int *micro); /* * myproxy_check_version() * * Returns 0 if MyProxy library version matches this header. * Returns 1 if major version number differs. * Returns 2 if minor version number differs. * Returns 3 if micro version number differs. * * Note: Requiring header and library version to match is recommended, * as the MyProxy struct types sometimes change. */ int myproxy_check_version_ex(int major, int minor, int micro); #define myproxy_check_version() \ myproxy_check_version_ex(MYPROXY_VERSION_MAJOR, MYPROXY_VERSION_MINOR, \ MYPROXY_VERSION_MICRO) #include "myproxy_constants.h" #include "myproxy_authorization.h" #include "myproxy_protocol.h" #include "myproxy_creds.h" #include "myproxy_delegation.h" #include "myproxy_log.h" #include "myproxy_read_pass.h" #include "myproxy_sasl_client.h" #include "myproxy_sasl_server.h" #include "myproxy_server.h" #include "verror.h" #endif /* __MYPROXY_H */ myproxy-6.2.16/systemd/0000755000175100017510000000000014557145304012040 500000000000000myproxy-6.2.16/systemd/Makefile.in0000644000175100017510000003441314557142526014035 00000000000000# Makefile.in generated by automake 1.13.4 from Makefile.am. # @configure_input@ # Copyright (C) 1994-2013 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ VPATH = @srcdir@ am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ *) echo "am__make_running_with_option: internal error: invalid" \ "target option '$${target_option-}' specified" >&2; \ exit 1;; \ esac; \ has_opt=no; \ sane_makeflags=$$MAKEFLAGS; \ if $(am__is_gnu_make); then \ sane_makeflags=$$MFLAGS; \ else \ case $$MAKEFLAGS in \ *\\[\ \ ]*) \ bs=\\; \ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ esac; \ fi; \ skip_next=no; \ strip_trailopt () \ { \ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ }; \ for flg in $$sane_makeflags; do \ test $$skip_next = yes && { skip_next=no; continue; }; \ case $$flg in \ *=*|--*) continue;; \ -*I) strip_trailopt 'I'; skip_next=yes;; \ -*I?*) strip_trailopt 'I';; \ -*O) strip_trailopt 'O'; skip_next=yes;; \ -*O?*) strip_trailopt 'O';; \ -*l) strip_trailopt 'l'; skip_next=yes;; \ -*l?*) strip_trailopt 'l';; \ -[dEDm]) skip_next=yes;; \ -[JT]) skip_next=yes;; \ esac; \ case $$flg in \ *$$target_option*) has_opt=yes; break;; \ esac; \ done; \ test $$has_opt = yes am__make_dryrun = (target_option=n; $(am__make_running_with_option)) am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = systemd DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ $(top_srcdir)/myproxy-date.inc $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = AM_V_P = $(am__v_P_@AM_V@) am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) am__v_P_0 = false am__v_P_1 = : AM_V_GEN = $(am__v_GEN_@AM_V@) am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) am__v_GEN_0 = @echo " GEN " $@; am__v_GEN_1 = AM_V_at = $(am__v_at_@AM_V@) am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) am__v_at_0 = @ am__v_at_1 = SOURCES = DIST_SOURCES = am__can_run_installinfo = \ case $$AM_UPDATE_INFO_DIR in \ n|no|NO) false;; \ *) (install-info --version) >/dev/null 2>&1;; \ esac am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; am__install_max = 40 am__nobase_strip_setup = \ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` am__nobase_strip = \ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" am__nobase_list = $(am__nobase_strip_setup); \ for p in $$list; do echo "$$p $$p"; done | \ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ if (++n[$$2] == $(am__install_max)) \ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ END { for (dir in files) print dir, files[dir] }' am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__uninstall_files_from_dir = { \ test -z "$$files" \ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ $(am__cd) "$$dir" && rm -f $$files; }; \ } am__installdirs = "$(DESTDIR)$(pkgdatadir)" DATA = $(pkgdata_DATA) am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AGE_VERSION = @AGE_VERSION@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ AS = @AS@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DLLTOOL = @DLLTOOL@ DSYMUTIL = @DSYMUTIL@ DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GLOBUS_CFLAGS = @GLOBUS_CFLAGS@ GLOBUS_LIBS = @GLOBUS_LIBS@ GREP = @GREP@ GSI_CERT_UTILS_PATH = @GSI_CERT_UTILS_PATH@ GSI_PROXY_UTILS_PATH = @GSI_PROXY_UTILS_PATH@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ KRB5CPPFLAGS = @KRB5CPPFLAGS@ LD = @LD@ LDFLAGS = @LDFLAGS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAJOR_VERSION = @MAJOR_VERSION@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MICRO_VERSION = @MICRO_VERSION@ MINOR_VERSION = @MINOR_VERSION@ MKDIR_P = @MKDIR_P@ MYPROXY_DATE = @MYPROXY_DATE@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ OPENSSL = @OPENSSL@ OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ OPENSSL_LIBS = @OPENSSL_LIBS@ OTOOL = @OTOOL@ OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_DEPS = @PACKAGE_DEPS@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ RANLIB = @RANLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ SYSLIBS = @SYSLIBS@ VERSION = @VERSION@ VOMS_LIBS = @VOMS_LIBS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ pkgdata_DATA = myproxy-server.conf myproxy-server.service EXTRA_DIST = myproxy-server.conf myproxy-server.service all: all-am .SUFFIXES: $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign systemd/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --foreign systemd/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs install-pkgdataDATA: $(pkgdata_DATA) @$(NORMAL_INSTALL) @list='$(pkgdata_DATA)'; test -n "$(pkgdatadir)" || list=; \ if test -n "$$list"; then \ echo " $(MKDIR_P) '$(DESTDIR)$(pkgdatadir)'"; \ $(MKDIR_P) "$(DESTDIR)$(pkgdatadir)" || exit 1; \ fi; \ for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; \ done | $(am__base_list) | \ while read files; do \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(pkgdatadir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(pkgdatadir)" || exit $$?; \ done uninstall-pkgdataDATA: @$(NORMAL_UNINSTALL) @list='$(pkgdata_DATA)'; test -n "$(pkgdatadir)" || list=; \ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ dir='$(DESTDIR)$(pkgdatadir)'; $(am__uninstall_files_from_dir) tags TAGS: ctags CTAGS: cscope cscopelist: distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile $(DATA) installdirs: for dir in "$(DESTDIR)$(pkgdatadir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: if test -z '$(STRIP)'; then \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ install; \ else \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ fi mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-am clean-am: clean-generic clean-libtool mostlyclean-am distclean: distclean-am -rm -f Makefile distclean-am: clean-am distclean-generic dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-pkgdataDATA install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-generic mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-pkgdataDATA .MAKE: install-am install-strip .PHONY: all all-am check check-am clean clean-generic clean-libtool \ cscopelist-am ctags-am distclean distclean-generic \ distclean-libtool distdir dvi dvi-am html html-am info info-am \ install install-am install-data install-data-am install-dvi \ install-dvi-am install-exec install-exec-am install-html \ install-html-am install-info install-info-am install-man \ install-pdf install-pdf-am install-pkgdataDATA install-ps \ install-ps-am install-strip installcheck installcheck-am \ installdirs maintainer-clean maintainer-clean-generic \ mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \ ps ps-am tags-am uninstall uninstall-am uninstall-pkgdataDATA # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: myproxy-6.2.16/systemd/myproxy-server.conf0000644000175100017510000000005214557142036015656 00000000000000D /run/myproxy-server 0710 myproxy root - myproxy-6.2.16/systemd/Makefile.am0000644000175100017510000000016314557142036014013 00000000000000pkgdata_DATA = myproxy-server.conf myproxy-server.service EXTRA_DIST = myproxy-server.conf myproxy-server.service myproxy-6.2.16/systemd/myproxy-server.service0000644000175100017510000000120014557142036016365 00000000000000# SystemD File for myproxy-server. [Unit] Description=Server for X.509 Public Key Infrastructure (PKI) security credentials After=network.target auditd.service ConditionPathExists=/etc/grid-security/myproxy/hostcert.pem ConditionPathExists=/etc/grid-security/myproxy/hostkey.pem [Service] Type=forking User=myproxy Environment=X509_USER_CERT=/etc/grid-security/myproxy/hostcert.pem Environment=X509_USER_KEY=/etc/grid-security/myproxy/hostkey.pem ExecStart=/usr/sbin/myproxy-server --pidfile /run/myproxy-server/myproxy.pid ExecReload=/bin/kill -HUP $MAINPID PIDFile=/run/myproxy-server/myproxy.pid [Install] WantedBy=multi-user.target myproxy-6.2.16/myproxy_get_credential.c0000644000175100017510000004562614557142036015230 00000000000000/* * myproxy-get-credential * * Webserver program to retrieve a end-entity credential from a myproxy-server */ #include "myproxy_common.h" /* all needed headers included here */ #ifndef MAXPATHLEN #define MAXPATHLEN 4096 #endif static char usage[] = \ "\n" "Syntax: myproxy-retrieve [-l username] ...\n" " myproxy-retrieve [-usage|-help] [-version]\n" "\n" " Options\n" " -h | --help Displays usage\n" " -u | --usage \n" " \n" " -v | --verbose Display debugging messages\n" " -V | --version Displays version\n" " -l | --username Username for the delegated proxy\n" " -s | --pshost Hostname of the myproxy-server\n" " -p | --psport Port of the myproxy-server\n" " -a | --authorization Specify credential to renew\n" " -d | --dn_as_username Use subject of the authorization\n" " credential (or default credential\n" " if -a not used) as the default\n" " username instead of $LOGNAME\n" " -k | --credname Specify credential name\n" " -c | --certfile Certificate file name\n" " -y | --keyfile Key file name\n" " -S | --stdin_pass Read passphrase from stdin\n" " -T | --trustroots Manage trust roots\n" " -n | --no_passphrase Don't prompt for passphrase\n" "\n"; struct option long_options[] = { {"help", no_argument, NULL, 'h'}, {"pshost", required_argument, NULL, 's'}, {"psport", required_argument, NULL, 'p'}, {"usage", no_argument, NULL, 'u'}, {"username", required_argument, NULL, 'l'}, {"verbose", no_argument, NULL, 'v'}, {"version", no_argument, NULL, 'V'}, {"authorization", required_argument, NULL, 'r'}, {"dn_as_username", no_argument, NULL, 'd'}, {"credname", required_argument, NULL, 'k'}, {"stdin_pass", no_argument, NULL, 'S'}, {"no_passphrase", no_argument, NULL, 'n'}, {"certfile", required_argument, NULL, 'c'}, {"keyfile", required_argument, NULL, 'y'}, {"trustroots", no_argument, NULL, 'T'}, {0, 0, 0, 0} }; static char short_options[] = "hus:p:l:t:c:y:vVa:dk:SnT"; static char version[] = "myproxy-retrieve version " MYPROXY_VERSION " (" MYPROXY_VERSION_DATE ") " "\n"; void init_arguments(int argc, char *argv[], myproxy_socket_attrs_t *attrs, myproxy_request_t *request); int store_credential( char *delegfile, char *certfile, char *keyfile ); int buffer2file( char *buffer, int size, int fd ); int write_cert( char *path, const char *buffer ); int write_key( char *path, const char *buffer ); int mkpath( char *path ); /* * Use setvbuf() instead of setlinebuf() since cygwin doesn't support * setlinebuf(). */ #define my_setlinebuf(stream) setvbuf((stream), (char *) NULL, _IOLBF, 0) /* location of delegated proxy */ static char *certfile = NULL; /* certificate file name */ static char *keyfile = NULL; /* key file name */ static int dn_as_username = 0; static int read_passwd_from_stdin = 0; static int use_empty_passwd = 0; int main(int argc, char *argv[]) { myproxy_socket_attrs_t *socket_attrs; myproxy_request_t *client_request; myproxy_response_t *server_response; char *pshost; char delegfile[MAXPATHLEN]; char *request_buffer = NULL; int requestlen; int retval = -1; int deletefile = 0; /* check library version */ if (myproxy_check_version()) { fprintf(stderr, "MyProxy library version mismatch.\n" "Expecting %s. Found %s.\n", MYPROXY_VERSION_DATE, myproxy_version(0,0,0)); exit(1); } myproxy_log_use_stream (stderr); my_setlinebuf(stdout); my_setlinebuf(stderr); socket_attrs = malloc(sizeof(*socket_attrs)); memset(socket_attrs, 0, sizeof(*socket_attrs)); client_request = malloc(sizeof(*client_request)); memset(client_request, 0, sizeof(*client_request)); server_response = malloc(sizeof(*server_response)); memset(server_response, 0, sizeof(*server_response)); /* Setup defaults */ client_request->version = strdup(MYPROXY_VERSION); client_request->command_type = MYPROXY_RETRIEVE_CERT; pshost = getenv("MYPROXY_SERVER"); if (pshost != NULL) { socket_attrs->pshost = strdup(pshost); } client_request->proxy_lifetime = 60*60*MYPROXY_DEFAULT_DELEG_HOURS; if (getenv("MYPROXY_SERVER_PORT")) { socket_attrs->psport = atoi(getenv("MYPROXY_SERVER_PORT")); } else { socket_attrs->psport = MYPROXY_SERVER_PORT; } if (getuid() == 0) { get_host_credential_filenames( &certfile, &keyfile ); } else { get_user_credential_filenames( &certfile, &keyfile ); } /* Initialize client arguments and create client request object */ init_arguments(argc, argv, socket_attrs, client_request); if (!certfile && !keyfile) { fprintf(stderr, "Unable to determine credential output locations.\n" "Use --certfile and --keyfile options.\n"); goto error; } else if (!certfile) { fprintf(stderr, "Unable to determine certificate output location.\n" "Use --certfile option.\n"); goto error; } else if (!keyfile) { fprintf(stderr, "Unable to determine private key output location.\n" "Use --keyfile option.\n"); goto error; } if (access(certfile, F_OK) == 0) { fprintf(stderr, "%s exists.\n", certfile); goto error; } if (access(keyfile, F_OK) == 0) { fprintf(stderr, "%s exists.\n", keyfile); goto error; } /* Bootstrap trusted certificate directory if none exists. */ if (client_request->want_trusted_certs) { char *cert_dir = NULL; globus_result_t res; globus_module_activate(GLOBUS_GSI_CERT_UTILS_MODULE); res = GLOBUS_GSI_SYSCONFIG_GET_CERT_DIR(&cert_dir); if (res != GLOBUS_SUCCESS) { globus_object_free(globus_error_get(res)); myproxy_bootstrap_trust(socket_attrs); } if (cert_dir) free(cert_dir); } /* Connect to server. */ if (myproxy_init_client(socket_attrs) < 0) { verror_print_error(stderr); goto error; } /* Attempt anonymous-mode credential retrieval if we don't have a credential. */ GSI_SOCKET_allow_anonymous(socket_attrs->gsi_socket, 1); /* Authenticate client to server */ if (myproxy_authenticate_init(socket_attrs, NULL) < 0) { verror_print_error(stderr); if (client_request->want_trusted_certs && strstr(verror_get_string(), "CRL") != NULL) { verror_clear(); myproxy_log("CRL error detected. Attempting to recover."); switch (myproxy_clean_crls()) { case -1: verror_print_error(stderr); case 0: goto error; case 1: if (myproxy_init_client(socket_attrs) < 0) { verror_print_error(stderr); goto error; } if (myproxy_authenticate_init(socket_attrs, NULL) < 0) { verror_print_error(stderr); goto error; } } } else { goto error; } } if (!use_empty_passwd) { /* Allow user to provide a passphrase */ int rval; if (read_passwd_from_stdin) { rval = myproxy_read_passphrase_stdin( client_request->passphrase, sizeof(client_request->passphrase), NULL); } else { rval = myproxy_read_passphrase(client_request->passphrase, sizeof(client_request->passphrase), NULL); } if (rval == -1) { verror_print_error(stderr); goto error; } } if (client_request->username == NULL) { /* set default username */ if (dn_as_username) { if (client_request->authzcreds) { if (ssl_get_base_subject_file(client_request->authzcreds, &client_request->username)) { fprintf(stderr, "Cannot get subject name from %s\n", client_request->authzcreds); goto error; } } else { if (ssl_get_base_subject_file(NULL, &client_request->username)) { fprintf(stderr, "Cannot get subject name from your certificate\n"); goto error; } } } else { char *username = NULL; if (!(username = getenv("LOGNAME"))) { fprintf(stderr, "Please specify a username.\n"); goto error; } client_request->username = strdup(username); } } /* Serialize client request object */ requestlen = myproxy_serialize_request_ex(client_request, &request_buffer); if (requestlen < 0) { verror_print_error(stderr); goto error; } /* Send request to the myproxy-server */ if (myproxy_send(socket_attrs, request_buffer, requestlen) < 0) { verror_print_error(stderr); goto error; } free(request_buffer); request_buffer = NULL; /* Continue unless the response is not OK */ if (myproxy_recv_response_ex(socket_attrs, server_response, client_request) != 0) { verror_print_error(stderr); goto error; } /* Accept delegated credentials from server */ deletefile = 1; if (myproxy_accept_credentials(socket_attrs, delegfile, sizeof(delegfile)) < 0) { verror_print_error(stderr); goto error; } if( store_credential( delegfile, certfile, keyfile ) < 0 ) { fprintf( stderr, "Problem storing to: %s and %s\n", certfile, keyfile ); goto error; } ssl_proxy_file_destroy(delegfile); /* host credentials should not be encrypted */ if (getuid() == 0) { SSL_CREDENTIALS *creds; creds = ssl_credentials_new(); ssl_private_key_load_from_file(creds, keyfile, client_request->passphrase, NULL); ssl_private_key_store_to_file(creds, keyfile, NULL); ssl_credentials_destroy(creds); } printf("Credentials for %s have been stored in\n%s and\n%s.\n", client_request->username, certfile, keyfile); /* Store file in trusted directory if requested and returned */ if (client_request->want_trusted_certs) { if (server_response->trusted_certs != NULL) { if (myproxy_install_trusted_cert_files(server_response->trusted_certs) != 0) { verror_print_error(stderr); goto error; } else { char *path; path = get_trusted_certs_path(); if (path) { printf("Trust roots have been installed in %s.\n", path); free(path); } } } else { myproxy_debug("Requested trusted certs but didn't get any.\n"); } } retval = 0; error: if (certfile) free(certfile); if (keyfile) free(keyfile); verror_clear(); /* free memory allocated */ myproxy_free(socket_attrs, client_request, server_response); if( deletefile ) { ssl_proxy_file_destroy(delegfile); } return retval; } void init_arguments(int argc, char *argv[], myproxy_socket_attrs_t *attrs, myproxy_request_t *request) { extern char *optarg; int arg; while((arg = getopt_long(argc, argv, short_options, long_options, NULL)) != EOF) { switch(arg) { case 's': /* pshost name */ attrs->pshost = strdup(optarg); break; case 'p': /* psport */ attrs->psport = atoi(optarg); break; case 'h': /* print help and exit */ case 'u': /* print help and exit */ printf("%s", usage); exit(0); break; case 'l': /* username */ request->username = strdup(optarg); break; case 'a': /* special authorization */ request->authzcreds = strdup(optarg); use_empty_passwd = 1; break; case 'n': /* no passphrase */ use_empty_passwd = 1; break; case 'v': myproxy_debug_set_level(1); break; case 'V': /* print version and exit */ printf("%s", version); exit(0); break; case 'd': /* use the certificate subject (DN) as the default username instead of LOGNAME */ dn_as_username = 1; break; case 'k': /* credential name */ request->credname = strdup (optarg); break; case 'S': read_passwd_from_stdin = 1; break; case 'T': request->want_trusted_certs = 1; myproxy_debug("Requesting trusted certificates.\n"); break; case 'c': /* credential file name */ if (certfile) free(certfile); certfile = strdup(optarg); break; case 'y': /* key file name */ if (keyfile) free(keyfile); keyfile = strdup(optarg); break; default: /* print usage and exit */ fprintf(stderr, "%s", usage); exit(1); break; } } /* Check to see if myproxy-server specified */ if (attrs->pshost == NULL) { fprintf(stderr, "Unspecified myproxy-server. Set the MYPROXY_SERVER environment variable to\nthe hostname of the myproxy-server or run with '-s server-hostname'.\n"); exit(1); } return; } int store_credential( char *delegfile, char *certfile, char *keyfile ) { unsigned char *input_buffer = NULL; int retval = -1; assert(delegfile != NULL); assert(certfile != NULL); assert(keyfile != NULL); if (buffer_from_file(delegfile, &input_buffer, NULL) < 0) { fprintf(stderr, "open(%s) failed: %s\n", delegfile, strerror(errno)); goto error; } if (write_cert(certfile, (const char *)input_buffer) < 0) { goto error; } if (write_key(keyfile, (const char *)input_buffer) < 0) { goto error; } retval = 0; error: free(input_buffer); return(retval); } int write_cert( char *path, const char *buffer ) { int fd = 0; static char BEGINCERT[] = "-----BEGIN CERTIFICATE-----"; static char ENDCERT[] = "-----END CERTIFICATE-----"; char *certstart, *certend; int retval = -1; int size; assert(path != NULL); assert(buffer != NULL); if( make_path( path ) < 0 ) { verror_print_error(stderr); goto error; } /* Open the output file. */ if ((fd = open(path, O_CREAT | O_EXCL | O_WRONLY, S_IRUSR | S_IWUSR)) < 0) { if( errno == EEXIST ) { fprintf(stderr, "open(%s) failed: This file already exists.\nmyproxy-retrieve will not overwrite end-entity credentials.\n", path ); goto error; } fprintf(stderr, "Open(%s) failed: %s\n", path, strerror(errno)); goto error; } if ((certstart = strstr(buffer, BEGINCERT)) == NULL) { fprintf(stderr, "CRED doesn't contain '%s'.\n", BEGINCERT); goto error; } if ((certend = strstr(certstart, ENDCERT)) == NULL) { fprintf(stderr, "CRED doesn't contain '%s'.\n", ENDCERT); goto error; } certend += strlen(ENDCERT); size = certend-certstart; if( buffer2file( certstart, size, fd ) != 0 ) { fprintf(stderr, "Could not write cert to: '%s'.\n", path); goto error; } certstart += size; while ((certstart = strstr(certstart, BEGINCERT)) != NULL) { if ((certend = strstr(certstart, ENDCERT)) == NULL) { fprintf(stderr, "Can't find matching '%s' in %s.\n", ENDCERT, certfile); goto error; } certend += strlen(ENDCERT); size = certend-certstart; buffer2file( certstart, size, fd ); certstart += size; } retval = 0; error: if( fd >= 0 ) { close( fd ); } return( retval ); } int write_key( char *path, const char *buffer ) { int fd = 0; static char BEGINKEY1[] = "-----BEGIN RSA PRIVATE KEY-----"; static char BEGINKEY2[] = "-----BEGIN PRIVATE KEY-----"; static char BEGINKEY3[] = "-----BEGIN ENCRYPTED PRIVATE KEY-----"; static char ENDKEY1[] = "-----END RSA PRIVATE KEY-----"; static char ENDKEY2[] = "-----END PRIVATE KEY-----"; static char ENDKEY3[] = "-----END ENCRYPTED PRIVATE KEY-----"; char *keystart, *keyend; int retval = -1; int size; if( make_path( path ) < 0 ) { verror_print_error(stderr); goto error; } /* Open the output file. */ if ((fd = open(path, O_CREAT | O_EXCL | O_WRONLY, S_IRUSR | S_IWUSR)) < 0) { if( errno == EEXIST ) { fprintf(stderr, "open(%s) failed: This file already exists.\nmyproxy-retrieve will not overwrite end-entity credentials.\n", path ); goto error; } fprintf(stderr, "open(%s) failed: %s\n", path, strerror(errno)); goto error; } /* Write the key. */ if ((keystart = strstr(buffer, BEGINKEY1)) == NULL && (keystart = strstr(buffer, BEGINKEY2)) == NULL && (keystart = strstr(buffer, BEGINKEY3)) == NULL) { fprintf(stderr, "CREDKEY doesn't contain '%s' nor '%s' nor '%s'.\n", BEGINKEY1, BEGINKEY2, BEGINKEY3); goto error; } if ((keyend = strstr(keystart, ENDKEY1)) != NULL) keyend += strlen(ENDKEY1); else if ((keyend = strstr(keystart, ENDKEY2)) != NULL) keyend += strlen(ENDKEY2); else if ((keyend = strstr(keystart, ENDKEY3)) != NULL) keyend += strlen(ENDKEY3); else { fprintf(stderr, "CREDKEY doesn't contain '%s' nor '%s' nor '%s'.\n", ENDKEY1, ENDKEY2, ENDKEY3); goto error; } size = keyend-keystart; if( buffer2file( keystart, size, fd ) != 0 ) { fprintf(stderr, "Could not write key to: '%s'.\n", path); goto error; } retval = 0; error: if( fd >= 0) { close( fd ); } return( retval ); } int buffer2file( char *buffer, int size, int fd ) { int rval; char *certstart; certstart = buffer; while (size) { if ((rval = write(fd, certstart, size)) < 0) { perror("write"); return( -1 ); } size -= rval; certstart += rval; } if (write(fd, "\n", 1) < 0) { perror("write"); return(-1); } return( 0 ); } myproxy-6.2.16/LICENSE.safefile0000644000175100017510000000123614557142036013053 00000000000000/* * safefile package http://www.cs.wisc.edu/~kupsch/safefile * * Copyright 2007-2008 James A. Kupsch * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ myproxy-6.2.16/certauth_extensions.c0000644000175100017510000010657314557142036014545 00000000000000/* * CA extension implementation file * */ #include "myproxy_common.h" #include #include #define BUF_SIZE 16384 #ifndef MIN #define MIN(x,y) ((x) < (y) ? (x) : (y)) #endif #define SECONDS_PER_HOUR (60 * 60) #if OPENSSL_VERSION_NUMBER < 0x10100000L #define EVP_PKEY_id(k) (k)->type #define EVP_PKEY_get0_RSA(k) (k)->pkey.rsa static void RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d) { if (n != NULL) { *n = r->n; } if (e != NULL) { *e = r->e; } if (d != NULL) { *d = r->d; } } #endif static int read_cert_request(GSI_SOCKET *self, unsigned char **buffer, size_t *length) { int return_value = 1; unsigned char * input_buffer = NULL; size_t input_buffer_length; if (self == NULL) { verror_put_string("read_cert_request(): Socket is null"); goto error; } if (GSI_SOCKET_read_token(self, &input_buffer, &input_buffer_length) == GSI_SOCKET_ERROR) { verror_put_string("read_cert_request(): Read from socket failed"); goto error; } *buffer = input_buffer; *length = input_buffer_length; return_value = 0; error: if ( return_value ) { if ( input_buffer != NULL ) { myproxy_debug("freeing buffer"); free(input_buffer); input_buffer = NULL; } } return return_value; } static int send_certificate(GSI_SOCKET *self, unsigned char *buffer, size_t length) { if (GSI_SOCKET_write_buffer(self, (const char *)buffer, length) == GSI_SOCKET_ERROR) { verror_put_string("Error writing certificate to client!"); return 1; } return 0; } static void add_key_value( char * key, char * value, char buffer[] ) { strcat( buffer, key ); strcat( buffer, "=" ); if ( value == NULL ) { strcat( buffer, "NULL" ); } else { strcat( buffer, value ); } strcat( buffer, "\n" ); } static int external_callout( X509_REQ *request, X509 **cert, myproxy_request_t *client_request, myproxy_server_context_t *server_context) { int return_value = 1; char buffer[BUF_SIZE]; char intbuf[128]; pid_t pid; int fds[3]; int status; FILE * pipestream = NULL; X509 * certificate = NULL; memset(buffer, '\0', BUF_SIZE); memset(intbuf, '\0', 128); myproxy_debug("callout using: %s", server_context->certificate_issuer_program); if ((pid = myproxy_popen(fds, server_context->certificate_issuer_program, NULL)) < 0) { return -1; /* myproxy_popen will set verror */ } /* writing to program */ pipestream = fdopen( fds[0], "w" ); if ( pipestream == NULL ) { verror_put_string("File stream to stdin pipe creation problem."); return 1; } add_key_value( "username", client_request->username, buffer ); add_key_value( "passphrase", client_request->passphrase, buffer ); sprintf( intbuf, "%d", client_request->proxy_lifetime ); add_key_value( "proxy_lifetime", (char*)intbuf, buffer ); memset(intbuf, '\0', 128); add_key_value( "retrievers", client_request->retrievers, buffer ); add_key_value( "renewers", client_request->renewers, buffer ); add_key_value( "credname", client_request->credname, buffer ); add_key_value( "creddesc", client_request->creddesc, buffer ); add_key_value( "authzcreds", client_request->authzcreds, buffer ); add_key_value( "keyretrieve", client_request->keyretrieve, buffer ); add_key_value( "trusted_retrievers", client_request->trusted_retrievers, buffer ); sprintf( intbuf, "%d", server_context->max_cert_lifetime ); add_key_value( "max_cert_lifetime", (char*)intbuf, buffer ); memset(intbuf, '\0', 128); fprintf( pipestream, "%s\n", buffer ); PEM_write_X509_REQ( pipestream, request ); fflush( pipestream ); fclose( pipestream ); close(fds[0]); /* wait for program to exit */ if( waitpid(pid, &status, 0) == -1 ) { verror_put_string("waitpid() failed for external callout child"); verror_put_errno(errno); goto error; } /* check status and read appropriate content */ /* if exit != 0 - read and log message from program stderr */ if ( status != 0 ) { verror_put_string("external process exited abnormally\n"); memset(buffer, '\0', BUF_SIZE); if ( read( fds[2], buffer, BUF_SIZE ) > 0 ) { verror_put_string("%s", buffer); } else { verror_put_string("did not receive an error string from callout"); } goto error; } /* retrieve the certificate */ pipestream = fdopen( fds[1], "r" ); if ( pipestream == NULL ) { verror_put_string("File stream to stdout pipe creation problem."); verror_put_errno(errno); goto error; } certificate = PEM_read_X509( pipestream, NULL, NULL, NULL ); if (certificate == NULL) { verror_put_string("Error reading certificate from external program."); ssl_error_to_verror(); goto error; } else { myproxy_debug("Received certificate from external callout."); } fclose( pipestream ); close(fds[1]); close(fds[2]); /* good to go */ *cert = certificate; return_value = 0; error: memset(buffer, '\0', BUF_SIZE); memset(intbuf, '\0', 128); return return_value; } /* Use fcntl() for POSIX file locking. Lock is released when file is closed. */ static int lock_file(int fd) { struct flock fl; fl.l_type = F_WRLCK; fl.l_whence = SEEK_SET; fl.l_start = 0; fl.l_len = 0; while( fcntl( fd, F_SETLKW, &fl ) < 0 ) { if ( errno != EINTR ) { return -1; } } return 0; } /* * serial number handling liberally borrowed from KCA with the addition * of file locking */ static int assign_serial_number( X509 *cert, myproxy_server_context_t *server_context ) { int retval = 1; long serialset; BIGNUM * serial = NULL; ASN1_INTEGER * current = NULL, * next = NULL; char buf[1024]; char *serialfile = NULL; /* all the io variables */ BIO * serialbio = NULL; int fd; FILE * serialstream = NULL; myproxy_debug("Assigning serial number"); serial = BN_new(); current = ASN1_INTEGER_new(); if ( (serial ==NULL) || (current==NULL) ) { verror_put_string("Bignum/asn1 INT init failure\n"); ssl_error_to_verror(); goto error; } if (server_context->certificate_serialfile) { serialfile = server_context->certificate_serialfile; } else { const char *sdir; sdir = myproxy_get_storage_dir(); if (sdir == NULL) { goto error; } serialfile = malloc(strlen(sdir)+strlen("/serial")+1); sprintf(serialfile, "%s/serial", sdir); } /* open(), lock, open stream and create BIO */ fd = open( serialfile, O_RDWR|O_CREAT, 0600 ); if ( fd == -1 ) { verror_put_string("Call to open() failed on %s\n", serialfile); verror_put_errno(errno); goto error; } if ( lock_file(fd) == -1 ) { verror_put_string("Failed to get lock on file descriptor\n"); verror_put_errno(errno); goto error; } serialstream = fdopen( fd, "w+" ); if ( serialstream == NULL ) { verror_put_string("Unable to open file stream\n"); verror_put_errno(errno); goto error; } /* check if file is empty, and if so, initialize with 1 */ if (fseek(serialstream, 0L, SEEK_END) < 0) { verror_put_string("Unable to seek file stream\n"); verror_put_errno(errno); goto error; } serialset = ftell(serialstream); if (serialset) rewind(serialstream); serialbio = BIO_new_fp( serialstream, BIO_CLOSE ); if ( serialbio == NULL ) { verror_put_string("BIO_new_fp failure.\n"); ssl_error_to_verror(); goto error; } if (serialset) { if (!a2i_ASN1_INTEGER(serialbio, current, buf, sizeof(buf))) { verror_put_string("Asn1 int read/conversion error\n"); ssl_error_to_verror(); goto error; } else { myproxy_debug("Loaded serial number 0x%s from %s", buf, serialfile); } } else { ASN1_INTEGER_set(current, server_context->certificate_serial_skip); } serial = BN_bin2bn( current->data, current->length, serial ); if ( serial == NULL ) { verror_put_string("Error converting to bignum\n"); ssl_error_to_verror(); goto error; } if (!BN_add_word(serial, server_context->certificate_serial_skip)) { verror_put_string("Error incrementing serial number\n"); ssl_error_to_verror(); goto error; } if (!(next = BN_to_ASN1_INTEGER(serial, NULL))) { verror_put_string("Error converting new serial to ASN1\n"); ssl_error_to_verror(); goto error; } if (BIO_reset(serialbio) != 0) { verror_put_string("Error resetting serialbio\n"); ssl_error_to_verror(); goto error; } i2a_ASN1_INTEGER(serialbio, next); BIO_puts(serialbio, "\n"); /* the call to BIO_free with the CLOSE flags will take care of * the underlying file stream and close()ing the file descriptor, * which will release the lock. */ BIO_free(serialbio); serialbio = NULL; serialstream = NULL; if (!X509_set_serialNumber(cert, current)) { verror_put_string("Error assigning serialnumber\n"); ssl_error_to_verror(); goto error; } myproxy_debug("serial number assigned"); retval = 0; error: if (serial) BN_free(serial); if (current) ASN1_INTEGER_free(current); if(next) ASN1_INTEGER_free(next); if(serialbio) BIO_free(serialbio); if(serialstream) serialstream = NULL; return(retval); } static void add_ext(X509V3_CTX *ctxp, X509 *cert, int nid, char *value) { X509_EXTENSION *ex; ex = X509V3_EXT_conf_nid(NULL, ctxp, nid, value); X509_add_ext(cert,ex,-1); X509_EXTENSION_free(ex); } static int write_certificate(X509 *cert, const char serial[], const char dir[]) { BIO *bp=NULL; char *path; int rval = -1, fd; path = malloc(strlen(dir)+strlen(serial)+strlen("/.pem")+1); sprintf(path, "%s/%s.pem", dir, serial); if ((fd = open(path, O_RDWR|O_CREAT, S_IRUSR|S_IWUSR)) < 0) { myproxy_log("failed to create %s: %s", path, strerror(errno)); goto error; } close(fd); if ((bp=BIO_new(BIO_s_file())) == NULL) { myproxy_debug("BIO_new(BIO_s_file()) failed"); goto error; } if (BIO_write_filename(bp, path) <= 0) { myproxy_debug("BIO_write_filename(%s) failed", path); goto error; } myproxy_debug("writing certificate to %s", path); X509_print(bp, cert); PEM_write_bio_X509(bp, cert); rval = 0; error: free(path); BIO_free_all(bp); return rval; } static EVP_PKEY *e_cakey=NULL; static ENGINE *engine=NULL; static int engine_used=0; static int generate_certificate( X509_REQ *request, X509 **certificate, EVP_PKEY *pkey, myproxy_request_t *client_request, myproxy_server_context_t *server_context) { int return_value = 1; int not_after; int lockfd = -1; int i; char * userdn = NULL; char * serial = NULL; X509 * issuer_cert = NULL; X509 * cert = NULL; X509_NAME * subject = NULL; EVP_PKEY * cakey = NULL; X509V3_CTX ctx, *ctxp; FILE * inkey = NULL; FILE * issuer_cert_file = NULL; globus_result_t globus_result; myproxy_debug("Generating certificate internally."); cert = X509_new(); ctxp = &ctx; /* needed for X509V3 macros */ X509V3_set_ctx_nodb(ctxp); if (cert == NULL) { verror_put_string("Problem creating new X509."); ssl_error_to_verror(); goto error; } /* subject info */ /* this has already been called successfully, but... */ if ( user_dn_lookup( client_request->username, &userdn, server_context ) ) { verror_put_string("unknown username: %s", client_request->username); goto error; } subject = X509_get_subject_name(cert); globus_result = globus_gsi_cert_utils_get_x509_name(userdn, strlen(userdn), subject); if (globus_result != GLOBUS_SUCCESS) { verror_put_string("globus_gsi_cert_utils_get_x509_name() failed"); globus_error_to_verror(globus_result); goto error; } /* Verify that the subject has been correctly encoded and fix any problems we find.*/ for (i = 0; i < X509_NAME_entry_count(subject); i++) { X509_NAME_ENTRY *ne = NULL; ASN1_STRING *str = NULL; ASN1_OBJECT *obj = NULL; ne = X509_NAME_get_entry(subject, i); str = X509_NAME_ENTRY_get_data(ne); obj = X509_NAME_ENTRY_get_object(ne); if ((OBJ_obj2nid(obj) == NID_domainComponent) && (str->type == V_ASN1_PRINTABLESTRING)) { myproxy_debug("Setting DC type to IA5String."); str->type = V_ASN1_IA5STRING; } if ((OBJ_obj2nid(obj) == NID_pkcs9_emailAddress) && (str->type == V_ASN1_PRINTABLESTRING)) { myproxy_debug("Setting emailAddress type to IA5String."); str->type = V_ASN1_IA5STRING; } } /* issuer info */ issuer_cert_file = fopen(server_context->certificate_issuer_cert, "r"); if (issuer_cert_file == NULL) { verror_put_string("Error opening certificate file %s", server_context->certificate_issuer_cert); verror_put_errno(errno); goto error; } if ((issuer_cert = PEM_read_X509(issuer_cert_file, NULL, NULL, NULL)) == NULL) { verror_put_string("Error reading certificate %s", server_context->certificate_issuer_cert); ssl_error_to_verror(); fclose(issuer_cert_file); goto error; } fclose(issuer_cert_file); myproxy_debug("certificate_issuer_cert: %s", server_context->certificate_issuer_cert ); X509_set_issuer_name(cert, X509_get_subject_name(issuer_cert)); X509V3_set_ctx(ctxp, issuer_cert, cert, NULL, NULL, 0); /* version, ttl, etc */ X509_set_version(cert, 0x2); /* this is actually version 3 */ if (assign_serial_number(cert, server_context)) { verror_put_string("Error assigning serial number to cert"); goto error; } if (!server_context->max_cert_lifetime) { not_after = MIN(client_request->proxy_lifetime, SECONDS_PER_HOUR * MYPROXY_DEFAULT_DELEG_HOURS); } else { not_after = MIN(client_request->proxy_lifetime, server_context->max_cert_lifetime); } myproxy_debug("cert lifetime: %d", not_after ); /* allow 5m clock skew */ X509_gmtime_adj(X509_get_notBefore(cert), -(MYPROXY_DEFAULT_CLOCK_SKEW)); X509_gmtime_adj(X509_get_notAfter(cert), (long)not_after); X509_set_pubkey(cert, pkey); /* extensions */ if (server_context->certificate_extfile || server_context->certificate_extapp) { CONF *extconf = NULL; long errorline = -1; extconf = NCONF_new(NULL); if (server_context->certificate_extfile) { if (NCONF_load(extconf, server_context->certificate_extfile, &errorline) <= 0) { if (errorline <= 0) { verror_put_string("OpenSSL error loading the certificate_extfile '%s'", server_context->certificate_extfile); } else { verror_put_string("OpenSSL error on line %ld of certificate_extfile '%s'\n", errorline, server_context->certificate_extfile); } goto error; } myproxy_debug("Successfully loaded extensions file %s.", server_context->certificate_extfile); } else { pid_t childpid; int fds[3]; int exit_status; FILE *nconf_stream = NULL; myproxy_debug("calling %s", server_context->certificate_extapp); if ((childpid = myproxy_popen(fds, server_context->certificate_extapp, client_request->username, NULL)) < 0) { return -1; /* myproxy_popen will set verror */ } close(fds[0]); if (waitpid(childpid, &exit_status, 0) == -1) { verror_put_string("wait() failed for extapp child"); verror_put_errno(errno); return -1; } if (exit_status != 0) { FILE *fp = NULL; char buf[100]; verror_put_string("Certificate extension call-out returned non-zero."); fp = fdopen(fds[1], "r"); if (fp) { while (fgets(buf, 100, fp) != NULL) { verror_put_string("%s", buf); } fclose(fp); } fp = fdopen(fds[2], "r"); if (fp) { while (fgets(buf, 100, fp) != NULL) { verror_put_string("%s", buf); } fclose(fp); } goto error; } close(fds[2]); nconf_stream = fdopen(fds[1], "r"); if (NCONF_load_fp(extconf, nconf_stream, &errorline) <= 0) { if (errorline <= 0) { verror_put_string("OpenSSL error parsing output of certificate_extapp call-out."); } else { verror_put_string("OpenSSL error parsing line %ld of of certificate_extapp call-out output.", errorline); } fclose(nconf_stream); goto error; } fclose(nconf_stream); } X509V3_set_nconf(&ctx, extconf); if (!X509V3_EXT_add_nconf(extconf, &ctx, "default", cert)) { verror_put_string("OpenSSL error adding extensions."); ssl_error_to_verror(); goto error; } myproxy_debug("Successfully added extensions."); } else { /* add some defaults */ add_ext(ctxp, cert, NID_key_usage, "critical,Digital Signature, Key Encipherment, Data Encipherment"); add_ext(ctxp, cert, NID_ext_key_usage, "clientAuth"); add_ext(ctxp, cert, NID_basic_constraints, "critical,CA:FALSE"); add_ext(ctxp, cert, NID_subject_key_identifier, "hash"); } if (server_context->certificate_issuer_email_domain) { char *email; email = malloc(strlen(client_request->username)+strlen("email:@")+1+ strlen(server_context->certificate_issuer_email_domain)); sprintf(email, "email:%s@%s", client_request->username, server_context->certificate_issuer_email_domain); add_ext(ctxp, cert, NID_subject_alt_name, email); free(email); } /* load ca key */ if (engine) { if (server_context->certificate_openssl_engine_lockfile) { lockfd = open(server_context->certificate_openssl_engine_lockfile, O_RDWR|O_CREAT, 0600); if (lockfd == -1) { verror_put_string("Call to open() failed on %s", server_context->certificate_openssl_engine_lockfile); verror_put_errno(errno); goto error; } if ( lock_file(lockfd) == -1 ) { verror_put_string("Failed to get lock on %s", server_context->certificate_openssl_engine_lockfile); verror_put_errno(errno); goto error; } } if (!ENGINE_set_default(engine, ENGINE_METHOD_ALL)) { verror_put_string("ENGINE_set_default(ENGINE_METHOD_ALL) failed."); ssl_error_to_verror(); goto error; } } if(e_cakey) { cakey = e_cakey; } else { inkey = fopen( server_context->certificate_issuer_key, "r"); if (!inkey) { verror_put_string("Could not open cakey file handle: %s", server_context->certificate_issuer_key); verror_put_errno(errno); goto error; } cakey = PEM_read_PrivateKey( inkey, NULL, NULL, (char *)server_context->certificate_issuer_key_passphrase ); fclose(inkey); } if ( cakey == NULL ) { verror_put_string("Could not load cakey for certificate signing."); ssl_error_to_verror(); goto error; } else { myproxy_debug("certificate_issuer_key: %s", server_context->certificate_issuer_key ); } if (!X509_check_private_key(issuer_cert,cakey)) { verror_put_string("CA certificate and CA private key do not match."); ssl_error_to_verror(); goto error; } /* sign it */ myproxy_debug("Signing internally generated certificate."); if (!X509_sign(cert, cakey, (const EVP_MD *)server_context->certificate_hashalg ) ) { verror_put_string("Certificate/cakey sign failed."); ssl_error_to_verror(); goto error; } serial = i2s_ASN1_OCTET_STRING(NULL, X509_get_serialNumber(cert)); if (engine) { engine_used=1; if (lockfd != -1) close(lockfd); if (!ENGINE_set_default(engine, ENGINE_METHOD_NONE)) { verror_put_string("ENGINE_set_default(ENGINE_METHOD_NONE) failed."); ssl_error_to_verror(); goto error; } } return_value = 0; *certificate = cert; myproxy_log("Issued certificate for user \"%s\", with DN \"%s\", " "lifetime \"%d\", and serial number \"0x%s\"", client_request->username, userdn, not_after, serial ); if (server_context->certificate_out_dir) { write_certificate(cert, serial, server_context->certificate_out_dir); } error: if (return_value) { if ( cert != NULL ) { X509_free(cert); } } if (cakey && !e_cakey) EVP_PKEY_free( cakey ); if (userdn) { free(userdn); userdn = NULL; } if (serial) free(serial); if (lockfd != -1) close(lockfd); return return_value; } static int arraylen(char **options) { char **ptr; int c = 0; ptr = options; while(*ptr++!=NULL) c++; return c; } void shutdown_openssl_engine(void) { if (e_cakey) EVP_PKEY_free( e_cakey ); if (engine) ENGINE_finish(engine); /* there is a bug in OpenSSL 0.9.7d which causes a segmentation fault if I call ENGINE_cleanup() here * unless the key has been used. So we only call it if the key has been used. */ if (engine_used) ENGINE_cleanup(); } static int ui_read_fn(UI *ui, UI_STRING *ui_string) { switch(UI_get_string_type(ui_string)) { case UIT_PROMPT: case UIT_VERIFY: if(UI_get_input_flags(ui_string) & UI_INPUT_FLAG_ECHO) { UI_set_result(ui, ui_string, (char *) UI_get0_user_data(ui)); return 1; } else { return 0; /* not supported! */ } case UIT_BOOLEAN: default: return 0; /* not supported! */ } } static int ui_write_fn(UI *ui, UI_STRING *ui_string) { switch(UI_get_string_type(ui_string)) { case UIT_ERROR: verror_put_string("%s", UI_get0_output_string(ui_string)); break; case UIT_INFO: myproxy_log("%s", UI_get0_output_string(ui_string)); break; default: break; } return 1; } int initialise_openssl_engine(myproxy_server_context_t *server_context) { ENGINE *e; EVP_PKEY *cakey; const char *engine_id = server_context->certificate_openssl_engine_id; /* first set-up a UI that does not actually prompt.*/ UI_METHOD *ui_method = UI_create_method("MyProxy-OpenSSL Interface"); UI_method_set_reader(ui_method, ui_read_fn); UI_method_set_writer(ui_method, ui_write_fn); SSL_load_error_strings(); ENGINE_load_builtin_engines(); myproxy_log("Initialising OpenSSL signing engine '%s'....", engine_id); e = ENGINE_by_id(engine_id); if(!e) { verror_put_string("Could not find engine '%s'.", engine_id); ENGINE_cleanup(); UI_destroy_method(ui_method); return 0; } if(server_context->certificate_openssl_engine_pre) { char **pre_cmds; int pre_num; pre_cmds = server_context->certificate_openssl_engine_pre; pre_num = arraylen(pre_cmds); while(pre_num--) { char *name, *value=NULL; char *n = strchr(pre_cmds[0], ':'); if(n==NULL) { name=pre_cmds[0]; } else { n[0]=0; name=pre_cmds[0]; value=n+1; } if(!ENGINE_ctrl_cmd_string(e, name, value, 0)) { fprintf(stderr, "Failed pre command (%s - %s:%s)\n", engine_id, name, value ? value : "(NULL)"); ENGINE_free(e); ENGINE_cleanup(); UI_destroy_method(ui_method); return 0; } pre_cmds++; } } if(!ENGINE_init(e)) { verror_put_string("Could not initialise engine '%s'.", engine_id); ssl_error_to_verror(); ENGINE_free(e); ENGINE_cleanup(); UI_destroy_method(ui_method); return 0; } /* ENGINE_init() returned a functional reference, so free the structural * reference from ENGINE_by_id(). */ ENGINE_free(e); if(server_context->certificate_openssl_engine_post) { char **post_cmds; int post_num; post_cmds=server_context->certificate_openssl_engine_post; post_num = arraylen(post_cmds); while(post_num--) { char *name, *value=NULL; char *n; n = strchr(post_cmds[0], ':'); if(n==NULL) { name=post_cmds[0]; } else { n[0]=0; name=post_cmds[0]; value=n+1; } if(!ENGINE_ctrl_cmd_string(e, name, value, 0)) { fprintf(stderr, "Failed post command (%s - %s:%s)\n", engine_id, name, value ? value : "(NULL)"); ENGINE_free(e); ENGINE_cleanup(); UI_destroy_method(ui_method); return 0; } post_cmds++; } } cakey = ENGINE_load_private_key(e, server_context->certificate_issuer_key, ui_method, (char *)server_context->certificate_issuer_key_passphrase); if (cakey == NULL) { /* may not be fatal... */ verror_put_string("WARNING: Could not load ENGINE cakey at %s.", server_context->certificate_issuer_key); ssl_error_to_verror(); myproxy_log_verror(); verror_clear(); } if(atexit(&shutdown_openssl_engine)!=0) { verror_put_string("Could not register shutdown handler for engine '%s'.", engine_id); if (cakey) EVP_PKEY_free( cakey ); ENGINE_finish(e); ENGINE_cleanup(); UI_destroy_method(ui_method); return 0; } myproxy_log("Initialised engine '%s' (CAKey=%s)", engine_id, server_context->certificate_issuer_key); /* Share with the other functions in this module. */ e_cakey = cakey; engine = e; UI_destroy_method(ui_method); return 1; } static int do_check(const char *callout, const X509_REQ *req, const X509 *cert) { pid_t pid; int fds[3]; FILE * pipestream = NULL; int status; char buffer[BUF_SIZE]; if (!callout) return 0; myproxy_debug("calling %s", callout); if ((pid = myproxy_popen(fds, callout, NULL)) < 0) { return -1; /* myproxy_popen will set verror */ } /* writing to program */ pipestream = fdopen( fds[0], "w" ); if ( pipestream == NULL ) { verror_put_string("File stream to stdin pipe creation problem."); return -1; } if (req) PEM_write_X509_REQ( pipestream, (X509_REQ *)req ); if (cert) PEM_write_X509( pipestream, (X509 *)cert ); fflush( pipestream ); fclose( pipestream ); close(fds[0]); /* wait for program to exit */ if( waitpid(pid, &status, 0) == -1 ) { verror_put_string("waitpid() failed for %s", callout); verror_put_errno(errno); return -1; } /* check status and read appropriate content */ /* if exit != 0 - read and log message from program stderr */ if ( status != 0 ) { verror_put_string("%s returned failure", callout); memset(buffer, '\0', BUF_SIZE); if ( read( fds[2], buffer, BUF_SIZE ) > 0 ) { verror_put_string("%s", buffer); } else { verror_put_string("did not receive an error string from %s", callout); } return -1; } close(fds[1]); close(fds[2]); return 0; } static int check_certreq(const char *callout, const X509_REQ *req) { return do_check(callout, req, NULL); } static int check_newcert(const char *callout, const X509 *cert) { return do_check(callout, NULL, cert); } static int handle_certificate(unsigned char *input_buffer, size_t input_buffer_length, unsigned char **output_buffer, int *output_buffer_length, myproxy_request_t *client_request, myproxy_server_context_t *server_context) { int return_value = 1; int verify; long sub_hash; unsigned char md[SHA_DIGEST_LENGTH]; unsigned int md_len = 0; int keysize; BIO * request_bio = NULL; X509_REQ * req = NULL; EVP_PKEY * pkey = NULL; X509 * cert = NULL; SSL_CREDENTIALS *creds = NULL; myproxy_debug("handle_certificate()"); /* load proxy request into bio */ request_bio = BIO_new(BIO_s_mem()); if (request_bio == NULL) { verror_put_string("BIO_new() failed"); ssl_error_to_verror(); goto error; } if (BIO_write(request_bio, input_buffer, input_buffer_length) < 0) { verror_put_string("BIO_write() failed"); ssl_error_to_verror(); goto error; } /* feed bio into req structure, extract private key and verify */ req = d2i_X509_REQ_bio(request_bio, NULL); if (req == NULL) { verror_put_string("Request load failed"); ssl_error_to_verror(); goto error; } else { myproxy_debug("Cert request loaded."); } pkey = X509_REQ_get_pubkey(req); if (pkey == NULL) { verror_put_string("Could not extract public key from request."); ssl_error_to_verror(); goto error; } if (EVP_PKEY_id(pkey) != EVP_PKEY_RSA) { verror_put_string("Public key in certificate request is not of type RSA."); goto error; } const BIGNUM *e; RSA_get0_key(EVP_PKEY_get0_RSA(pkey), NULL, &e, NULL); unsigned long exp = BN_get_word(e); myproxy_debug("RSA exponent in certificate request is: %lu", exp); if (exp < 65537) { verror_put_string("RSA public key in certificate request has weak exponent (%lu).", exp); verror_put_string("RSA public key exponent must be 65537 or larger."); goto error; } keysize = RSA_size(EVP_PKEY_get0_RSA(pkey))*8; myproxy_debug("RSA key in certificate request is %d bits.", keysize); if (server_context->min_keylen && keysize < server_context->min_keylen) { verror_put_string("RSA public key in certificate request is too small (%d bits).", keysize); verror_put_string("RSA public key must be at least %d bits.", server_context->min_keylen); goto error; } verify = X509_REQ_verify(req, pkey); if ( verify != 1 ) { verror_put_string("Req/key did not verify: %d", verify ); ssl_error_to_verror(); goto error; } /* convert pkey into string for output to log */ ASN1_digest((int (*)())i2d_PUBKEY,EVP_sha1(),(char*)pkey,md,&md_len); sub_hash = md[0] + (md[1] + (md[2] + (md[3] >> 1) * 256) * 256) * 256; myproxy_log("Got a cert request for user \"%s\", " "with pubkey hash \"0x%lx\", and lifetime \"%d\"", client_request->username, sub_hash, client_request->proxy_lifetime ); if (check_certreq(server_context->certificate_request_checker, req)) { goto error; } /* check to see if the configuration is sound, and call the appropriate * cert generation method based on what has been defined. * these checks are duplicated in check_config(). */ if ( ( server_context->certificate_issuer_program != NULL ) && ( server_context->certificate_issuer_cert != NULL ) ) { verror_put_string("CA config error: both issuer and program defined"); goto error; } if ( ( server_context->certificate_issuer_program == NULL ) && ( server_context->certificate_issuer_cert == NULL ) ) { verror_put_string("CA config error: neither issuer or program defined"); goto error; } if ( ( server_context->certificate_issuer_cert != NULL ) && ( server_context->certificate_issuer_key == NULL ) ) { verror_put_string("CA config error: issuer defined but no key defined"); goto error; } if ( ( server_context->certificate_issuer_cert != NULL ) && ( server_context->certificate_issuer_key != NULL ) ) { myproxy_debug("Using internal openssl/generate_certificate() code"); if ( generate_certificate( req, &cert, pkey, client_request, server_context ) ) { verror_put_string("Internal cert generation failed"); goto error; } } else { myproxy_debug("Using external callout interface."); if( external_callout( req, &cert, client_request, server_context ) ) { verror_put_string("External callout failed."); goto error; } } if (cert == NULL) { verror_put_string("Cert pointer NULL - unknown generation failure!"); goto error; } if (check_newcert(server_context->certificate_issuer_checker, cert)) { goto error; } if ((creds = ssl_credentials_new()) == NULL) { verror_put_string("Failed to create creds!"); goto error; } /* Load any intermediate/sub-CA certs if configured */ if (server_context->certificate_issuer_subca_certfile != NULL) { if (ssl_certificate_load_from_file(creds, server_context->certificate_issuer_subca_certfile) != SSL_SUCCESS) { verror_put_string("Failed to load sub-CA certs from file (%s)!", server_context->certificate_issuer_subca_certfile); goto error; } myproxy_log("Also sending sub-CA certificates from file (%s)", server_context->certificate_issuer_subca_certfile); } /* Place our cert on top of any other certs in creds */ if (ssl_certificate_push(creds, cert) != SSL_SUCCESS) { verror_put_string("Error pushing cert onto creds"); goto error; } /* Now convert the creds to return buffer */ if (ssl_creds_to_buffer(creds, output_buffer, output_buffer_length) == SSL_ERROR) { verror_put_string("Falied to write creds to buffer"); goto error; } /* We're good to go */ return_value = 0; error: if ( request_bio != NULL ) { BIO_free(request_bio); } if ( req != NULL ) { X509_REQ_free( req ); } if ( pkey != NULL ) { EVP_PKEY_free( pkey ); } if ( creds != NULL ) { ssl_credentials_destroy( creds ); } else if ( cert != NULL ) { X509_free( cert ); } return return_value; } int is_certificate_authority_configured(myproxy_server_context_t *context) { return (context->certificate_issuer_program || context->certificate_issuer_cert); } void get_certificate_authority(myproxy_socket_attrs_t *server_attrs, myproxy_creds_t *creds, myproxy_request_t *client_request, myproxy_response_t *response, myproxy_server_context_t *server_context) { unsigned char * input_buffer = NULL; size_t input_buffer_length; unsigned char * output_buffer = NULL; int output_buffer_length; myproxy_debug("Calling CA Extensions"); response->response_type = MYPROXY_ERROR_RESPONSE; verror_clear(); if ( read_cert_request( server_attrs->gsi_socket, &input_buffer, &input_buffer_length) ) { verror_put_string("Unable to read request from client"); myproxy_log_verror(); response->error_string = \ strdup("Unable to read cert request from client.\n"); goto error; } if ( handle_certificate( input_buffer, input_buffer_length, &output_buffer, &output_buffer_length, client_request, server_context ) ) { verror_put_string("CA failed to generate certificate"); response->error_string = strdup("Certificate generation failure.\n"); myproxy_log_verror(); goto error; } if ( send_certificate( server_attrs->gsi_socket, output_buffer, output_buffer_length ) ) { myproxy_log_verror(); myproxy_debug("Failure to send response to client!"); goto error; } response->response_type = MYPROXY_OK_RESPONSE; error: if ( input_buffer != NULL ) { GSI_SOCKET_free_token( input_buffer ); } if ( output_buffer != NULL ) { ssl_free_buffer( output_buffer ); } } myproxy-6.2.16/string_funcs.h0000644000175100017510000001006414557142036013145 00000000000000/* * string_funcs.h * * String manipulation functions. */ #ifndef _STRING_FUNCS_H #define _STRING_FUNCS_H #include #include /* * strip_char() * * Strips a given string of a given character */ void strip_char (char *buf, char ch); /* * my_append() * * Append source string(s) to target, reallocating the buffer of the * target string to size. BE SURE TO SEND NULL AS LAST ARGUMENT! * If *target is NULL, a new string will be allocated. * Uses realloc() - so target string may be relocated and pointer * changed. Returns new string length or -1 on error. */ int my_append(char **target, const char *source_1, ... /* More source strings with terminating NULL */); /* * my_strncpy() * * Copy string from source to destination, which is destination_length * characters long. Maximum number of characters copies will be * destination_length - 1. Return number of characters copied or -1 if source * was truncated. Result will always be NULL terminated. */ int my_strncpy(char *destination, const char *source, size_t destination_length); /* * my_snprintf() * * A wrapper around my_vnsprintf() for a variable number of arguments. */ char * my_snprintf(const char *format, ...); /* * my_vsnprintf() * * A wrapper around vsnprintf(). For systems without vsnprintf() we just * do a vsprintf() and pray to the gods of memory management. */ char * my_vsnprintf(const char *format, va_list ap); /* * copy_file() * * Copy source to destination, creating destination if needed. * Set permissions on destination to given mode. * * Returns 0 on success, -1 on error. */ int copy_file(const char *source, const char *dest, const mode_t mode); /* * buffer_from_file() * * Read the entire contents of a file into a buffer. * * Returns 0 on success, -1 on error, setting verror. */ int buffer_from_file(const char *path, unsigned char **pbuffer, int *pbuffer_len); /* * make_path() * * Given a path, create any missing directory conponents. * * Returns 0 on success, -1 on error, setting verror. */ int make_path(char *path); /* * b64_encode() * * Base64 encode a string. Returns an allocated string. * * Returns 0 on success, -1 on error, setting verror. */ int b64_encode(const char *input, long inlen, char **output); /* * b64_decode() * * Base64 decode a string. Returns an allocated string. * * Returns string length on success, -1 on error, setting verror. */ int b64_decode(const char *input, char **output); /* ** Return the path to the user's home directory. */ char * get_home_path(); /* ** Return the path to the target trusted certificates directory, ** even if it doesn't exist (i.e., different from ** GLOBUS_GSI_SYSCONFIG_GET_CERT_DIR() which returns the certificates ** directory path only if it exists). **/ char* get_trusted_certs_path(); /* ** Given a filename, return the full path of that file as it would ** exist in the trusted certificates directory. */ char* get_trusted_file_path(char *filename); /* ** Return the paths to the user's certificate and key files. */ int get_user_credential_filenames( char **certfile, char **keyfile ); /* ** Return the paths to the host certificate and key files. */ int get_host_credential_filenames( char **certfile, char **keyfile ); /* * sterilize_string * * Walk through a string and make sure that is it acceptable for using * as part of a path. */ void sterilize_string(char *string); #ifndef HAVE_SETENV /* * setenv (for platforms that don't have it) */ int setenv(const char *var, const char *value, int override); #endif #ifndef HAVE_UNSETENV /* * unsetenv (for platforms that don't have it) */ void unsetenv(const char *var); #endif /* * add_entry() * * Add a entry to an array of string, allocating as needed. */ char ** add_entry(char **entries, const char *entry); void free_array_list(char ***listp); int join_array(char **target, char *array[], const char *sep); #endif /* _STRING_FUNCS_H */ myproxy-6.2.16/myproxy_store.c0000644000175100017510000004627114557142036013410 00000000000000/* * myproxy-store * * Client program to store a end-entity credential to a myproxy-server */ #include "myproxy_common.h" /* all needed headers included here */ /* Location of default proxy */ #define MYPROXY_DEFAULT_USERCERT "usercert.pem" #define MYPROXY_DEFAULT_USERKEY "userkey.pem" #define MYPROXY_DEFAULT_DIRECTORY ".globus" static char usage[] = "\n" "Syntax: myproxy-store [-c #hours] [-t #hours] [-l username] [-r retrievers] [-w renewers] ...\n" " myproxy-store [-usage|-help] [-version]\n" "\n" " Options\n" " -h | --help Displays usage\n" " -u | --usage \n" " \n" " -v | --verbose Display debugging messages\n" " -V | --version Displays version\n" " -s | --pshost Hostname of the myproxy-server\n" " Can also set MYPROXY_SERVER env. var.\n" " -p | --psport Port of the myproxy-server\n" " -c | --certfile Certificate file name\n" " -y | --keyfile Key file name\n" " -l | --username Username for the delegated proxy\n" " -t | --proxy_lifetime Lifetime of proxies delegated by\n" " server (default 12 hours).\n" " -a | --allow_anonymous_retrievers Allow credentials to be retrieved\n" " with just username/passphrase\n" " -A | --allow_anonymous_renewers Allow credentials to be renewed by\n" " any client (not recommended)\n" " -x | --regex_dn_match Set regular expression matching mode\n" " for following policy options\n" " -X | --match_cn_only Set CN matching mode (default)\n" " for following policy options\n" " -r | --retrievable_by Allow specified entity to retrieve\n" " credential\n" " -R | --renewable_by Allow specified entity to renew\n" " credential\n" " -Z | --retrievable_by_cert Allow specified entity to retrieve\n" " credential w/o passphrase\n" " -E | --retrieve_key Allow specified entity to retrieve\n" " credential key\n" " -d | --dn_as_username Use the proxy certificate subject\n" " (DN) as the default username,\n" " instead of the LOGNAME env. var.\n" " -k | --credname Specifies credential name\n" " -K | --creddesc Specifies credential description\n" "\n"; struct option long_options[] = { {"help", no_argument, NULL, 'h'}, {"usage", no_argument, NULL, 'u'}, {"certfile", required_argument, NULL, 'c'}, {"keyfile", required_argument, NULL, 'y'}, {"proxy_lifetime", required_argument, NULL, 't'}, {"pshost", required_argument, NULL, 's'}, {"psport", required_argument, NULL, 'p'}, {"username", required_argument, NULL, 'l'}, {"verbose", no_argument, NULL, 'v'}, {"version", no_argument, NULL, 'V'}, {"dn_as_username", no_argument, NULL, 'd'}, {"allow_anonymous_retrievers", no_argument, NULL, 'a'}, {"allow_anonymous_renewers", no_argument, NULL, 'A'}, {"retrievable_by", required_argument, NULL, 'r'}, {"retrievable_by_cert", required_argument, NULL, 'Z'}, {"renewable_by", required_argument, NULL, 'R'}, {"retrieve_key", required_argument, NULL, 'E'}, {"regex_dn_match", no_argument, NULL, 'x'}, {"match_cn_only", no_argument, NULL, 'X'}, {"credname", required_argument, NULL, 'k'}, {"creddesc", required_argument, NULL, 'K'}, {0, 0, 0, 0} }; /*colon following an option indicates option takes an argument */ static char short_options[] = "uhl:vVdr:R:Z:xXaAk:K:t:c:y:s:p:E:"; static char version[] = "myproxy-store version " MYPROXY_VERSION " (" MYPROXY_VERSION_DATE ") " "\n"; static char *certfile = NULL; /* certificate file name */ static char *keyfile = NULL; /* key file name */ static int dn_as_username = 0; static int verbose = 0; /* Function declarations */ int init_arguments( int argc, char *argv[], myproxy_socket_attrs_t *attrs, myproxy_request_t *request); int makecertfile( const char certfile[], const char keyfile[], char **credbuf); #define SECONDS_PER_HOUR (60 * 60) int main(int argc, char *argv[]) { char *pshost = NULL; char *request_buffer = NULL; char *credkeybuf = NULL; int requestlen; int return_value = 1; myproxy_socket_attrs_t *socket_attrs; myproxy_request_t *client_request; myproxy_response_t *server_response; /* check library version */ if (myproxy_check_version()) { fprintf(stderr, "MyProxy library version mismatch.\n" "Expecting %s. Found %s.\n", MYPROXY_VERSION_DATE, myproxy_version(0,0,0)); exit(1); } myproxy_log_use_stream(stderr); socket_attrs = malloc(sizeof(*socket_attrs)); memset(socket_attrs, 0, sizeof(*socket_attrs)); client_request = malloc(sizeof(*client_request)); memset(client_request, 0, sizeof(*client_request)); server_response = malloc(sizeof(*server_response)); memset(server_response, 0, sizeof(*server_response)); /* setup defaults */ client_request->version = malloc(strlen(MYPROXY_VERSION) + 1); strcpy(client_request->version, MYPROXY_VERSION); client_request->command_type = MYPROXY_STORE_CERT; pshost = getenv("MYPROXY_SERVER"); if (pshost != NULL) { socket_attrs->pshost = strdup(pshost); } if (getenv("MYPROXY_SERVER_PORT")) { socket_attrs->psport = atoi(getenv("MYPROXY_SERVER_PORT")); } else { socket_attrs->psport = MYPROXY_SERVER_PORT; } globus_module_activate(GLOBUS_GSI_SYSCONFIG_MODULE); GLOBUS_GSI_SYSCONFIG_GET_USER_CERT_FILENAME( &certfile, &keyfile ); client_request->proxy_lifetime = SECONDS_PER_HOUR * MYPROXY_DEFAULT_DELEG_HOURS; /* Initialize client arguments and create client request object */ if (init_arguments(argc, argv, socket_attrs, client_request) != 0) { goto cleanup; } if (!certfile && !keyfile) { fprintf(stderr, "Credentials not found in default location.\n" "Use --certfile and --keyfile options.\n"); goto cleanup; } else if (!certfile) { fprintf(stderr, "Certificate not found in default location.\n" "Use --certfile option.\n"); goto cleanup; } else if (!keyfile) { fprintf(stderr, "Private key not found in default location.\n" "Use --keyfile option.\n"); goto cleanup; } /* ** Read Credential and Key files */ if( makecertfile(certfile, keyfile, &credkeybuf) < 0 ) { fprintf( stderr, "makecertfile failed\n" ); goto cleanup; } /* Set up client socket attributes */ if (myproxy_init_client(socket_attrs) < 0) { verror_print_error(stderr); goto cleanup; } if (client_request->username == NULL) { /* set default username */ if (dn_as_username) { if (ssl_get_base_subject_file(certfile, &client_request->username)) { fprintf(stderr, "Cannot get subject name from your certificate\n"); goto cleanup; } } else { char *username = NULL; if (!(username = getenv("LOGNAME"))) { fprintf(stderr, "Please specify a username.\n"); goto cleanup; } client_request->username = strdup(username); } } /* Authenticate client to server */ if (myproxy_authenticate_init(socket_attrs, NULL) < 0) { verror_print_error(stderr); goto cleanup; } /* Serialize client request object */ requestlen = myproxy_serialize_request_ex(client_request, &request_buffer); if (requestlen < 0) { verror_print_error(stderr); goto cleanup; } /* Send request to the myproxy-server */ if (myproxy_send(socket_attrs, request_buffer, requestlen) < 0) { verror_print_error(stderr); goto cleanup; } free(request_buffer); request_buffer = NULL; /* Continue unless the response is not OK */ if (myproxy_recv_response_ex(socket_attrs, server_response, client_request) != 0) { verror_print_error(stderr); goto cleanup; } /* Send end-entity credentials to server. */ if (myproxy_init_credentials(socket_attrs, credkeybuf) < 0) { verror_print_error(stderr); goto cleanup; } /* Get final response from server */ if (myproxy_recv_response(socket_attrs, server_response) != 0) { verror_print_error(stderr); goto cleanup; } printf( "Credentials saved to myproxy server.\n" ); return_value = 0; cleanup: /* free memory allocated */ myproxy_free(socket_attrs, client_request, server_response); if (credkeybuf) free(credkeybuf); if (certfile) free(certfile); if (keyfile) free(keyfile); return return_value; } int init_arguments(int argc, char *argv[], myproxy_socket_attrs_t *attrs, myproxy_request_t * request) { extern char *optarg; int expr_type = MATCH_CN_ONLY; /*default */ int arg; while ((arg = getopt_long(argc, argv, short_options, long_options, NULL)) != EOF) { switch (arg) { case 's': /* pshost name */ attrs->pshost = strdup(optarg); break; case 'p': /* psport */ attrs->psport = atoi(optarg); break; case 'c': /* credential file name */ if (certfile) free(certfile); certfile = strdup(optarg); break; case 'y': /* key file name */ if (keyfile) free(keyfile); keyfile = strdup(optarg); break; case 'u': /* print help and exit */ printf("%s", usage); exit(0); break; case 't': /* Specify proxy lifetime in hours */ request->proxy_lifetime = SECONDS_PER_HOUR * atoi(optarg); if (request->proxy_lifetime < 0) { fprintf(stderr, "Requested lifetime (-t option) out of bounds.\n"); exit(1); } break; case 'h': /* print help and exit */ printf("%s", usage); exit(0); break; case 'l': /* username */ request->username = strdup(optarg); break; case 'v': /* verbose */ myproxy_debug_set_level(1); verbose = 1; break; case 'V': /* print version and exit */ printf("%s", version); exit(0); break; case 'r': /* retrievers list */ if (request->retrievers) { fprintf(stderr, "Only one -a or -r option may be specified.\n"); exit(1); } if (expr_type == REGULAR_EXP) { /* Copy as is */ request->retrievers = strdup(optarg); } else { request->retrievers = (char *) malloc(strlen(optarg) + 6); strcpy(request->retrievers, "*/CN="); myproxy_debug("authorized retriever %s", request->retrievers); request->retrievers = strcat(request->retrievers, optarg); } break; case 'R': /* renewers list */ /* ** This needs to be readdressed. Right now, the private key is ** being stored encrypted. This is a problem if the user calls ** /myproxy-get-delegation with the -a option. The call will ** fail because an unencrypted password is being looked for. ** So, do we want to add code to unencrypt the private key if ** this option is used? */ if (request->renewers) { fprintf(stderr, "Only one -A or -R option may be specified.\n"); exit(1); } if (expr_type == REGULAR_EXP) { /* Copy as is */ request->renewers = strdup(optarg); } else { request->renewers = (char *) malloc(strlen(optarg) + 6); strcpy(request->renewers, "*/CN="); myproxy_debug("authorized renewer %s", request->renewers); request->renewers = strcat(request->renewers, optarg); } break; case 'Z': /* retrievers list */ if (request->trusted_retrievers) { fprintf(stderr, "Only one -Z option may be specified.\n"); exit(1); } if (expr_type == REGULAR_EXP) { /* Copy as is */ request->trusted_retrievers = strdup(optarg); } else { request->trusted_retrievers = (char *) malloc(strlen(optarg) + 6); strcpy(request->trusted_retrievers, "*/CN="); myproxy_debug("trusted retriever %s", request->trusted_retrievers); request->trusted_retrievers = strcat(request->trusted_retrievers, optarg); } break; case 'E' : /* key retriever list */ if (expr_type == REGULAR_EXP) { /* Copy as is */ request->keyretrieve = strdup(optarg); } else { request->keyretrieve = (char *) malloc(strlen(optarg) + 6); strcpy(request->keyretrieve, "*/CN="); myproxy_debug("authorized key retriever %s", request->keyretrieve); request->keyretrieve = strcat(request->keyretrieve, optarg); } break; case 'd': /* ** use the certificate subject (DN) as the ** default username instead of LOGNAME */ dn_as_username = 1; break; case 'x': /*set expression type to regex */ expr_type = REGULAR_EXP; myproxy_debug("expr-type = regex"); break; case 'X': /*set expression type to common name */ expr_type = MATCH_CN_ONLY; myproxy_debug("expr-type = CN"); break; case 'a': /*allow anonymous retrievers */ if (request->retrievers) { fprintf(stderr, "Only one -a or -r option may be specified.\n"); exit(1); } request->retrievers = strdup("*"); myproxy_debug("anonymous retrievers allowed"); break; case 'A': /*allow anonymous renewers */ if (request->renewers) { fprintf(stderr, "Only one -A or -R option may be specified.\n"); exit(1); } request->renewers = strdup("*"); myproxy_debug("anonymous renewers allowed"); break; case 'k': /*credential name */ request->credname = strdup(optarg); break; case 'K': /*credential description */ request->creddesc = strdup(optarg); break; default: /* print usage and exit */ fprintf(stderr, "%s", usage); exit(1); break; } } /* Check to see if myproxy-server specified */ if (attrs->pshost == NULL) { fprintf(stderr, "%s", usage); fprintf(stderr, "Unspecified myproxy-server! Either set the MYPROXY_SERVER environment variable or explicitly set the myproxy-server via the -s flag\n"); return -1; } return 0; } int makecertfile(const char certfile[], const char keyfile[], char **credbuf) { unsigned char *certbuf = NULL; unsigned char *keybuf = NULL; int retval = -1; struct stat s; int bytes; static char BEGINCERT[] = "-----BEGIN CERTIFICATE-----"; static char ENDCERT[] = "-----END CERTIFICATE-----"; static char BEGINKEY1[] = "-----BEGIN RSA PRIVATE KEY-----"; static char BEGINKEY2[] = "-----BEGIN PRIVATE KEY-----"; static char BEGINKEY3[] = "-----BEGIN ENCRYPTED PRIVATE KEY-----"; static char ENDKEY1[] = "-----END RSA PRIVATE KEY-----"; static char ENDKEY2[] = "-----END PRIVATE KEY-----"; static char ENDKEY3[] = "-----END ENCRYPTED PRIVATE KEY-----"; char *certstart; char *certend; int size; char *keystart; char *keyend; /* Figure out how much memory we are going to need */ if (stat( certfile, &s ) < 0) { fprintf(stderr, "Failed to stat %s: %s\n", certfile, strerror(errno)); goto cleanup; } bytes = s.st_size; if (stat( keyfile, &s ) < 0) { fprintf(stderr, "Failed to stat %s: %s\n", keyfile, strerror(errno)); goto cleanup; } bytes += s.st_size; *credbuf = malloc( bytes + 1 ); memset(*credbuf, 0, (bytes + 1)); /* Read the certificate(s) into a buffer. */ if (buffer_from_file(certfile, &certbuf, NULL) < 0) { fprintf(stderr, "Failed to read %s\n", certfile); goto cleanup; } /* Read the key into a buffer. */ if (buffer_from_file(keyfile, &keybuf, NULL) < 0) { fprintf(stderr, "Failed to read %s\n", keyfile); goto cleanup; } if ((certstart = strstr((const char *)certbuf, BEGINCERT)) == NULL) { fprintf(stderr, "%s doesn't contain '%s'.\n", certfile, BEGINCERT); goto cleanup; } if ((certend = strstr(certstart, ENDCERT)) == NULL) { fprintf(stderr, "%s doesn't contain '%s'.\n", certfile, ENDCERT); goto cleanup; } certend += strlen(ENDCERT); size = certend-certstart; strncat( *credbuf, certstart, size ); strcat( *credbuf, "\n" ); certstart += size; /* Write the key. */ if ((keystart = strstr((const char *)keybuf, BEGINKEY1)) == NULL && (keystart = strstr((const char *)keybuf, BEGINKEY2)) == NULL && (keystart = strstr((const char *)keybuf, BEGINKEY3)) == NULL) { fprintf(stderr, "%s doesn't contain '%s' nor '%s' nor %s.\n", keyfile, BEGINKEY1, BEGINKEY2, BEGINKEY3); goto cleanup; } if ((keyend = strstr(keystart, ENDKEY1)) != NULL) keyend += strlen(ENDKEY1); else if ((keyend = strstr(keystart, ENDKEY2)) != NULL) keyend += strlen(ENDKEY2); else if ((keyend = strstr(keystart, ENDKEY3)) != NULL) keyend += strlen(ENDKEY3); else { fprintf(stderr, "%s doesn't contain '%s' nor '%s' nor %s.\n", keyfile, ENDKEY1, ENDKEY2, ENDKEY3); goto cleanup; } size = keyend-keystart; strncat( *credbuf, keystart, size ); strcat( *credbuf, "\n" ); /* Write any remaining certificates. */ while ((certstart = strstr(certstart, BEGINCERT)) != NULL) { if ((certend = strstr(certstart, ENDCERT)) == NULL) { fprintf(stderr, "Can't find matching '%s' in %s.\n", ENDCERT, certfile); goto cleanup; } certend += strlen(ENDCERT); size = certend-certstart; strncat( *credbuf, certstart, size ); strcat( *credbuf, "\n" ); certstart += size; } retval = 0; cleanup: if (certbuf) free(certbuf); if (keybuf) free(keybuf); return (retval); } myproxy-6.2.16/vomsclient.h0000644000175100017510000000251714557142036012630 00000000000000 #ifndef __VOMSCLIENT_H_ #define __VOMSCLIENT_H_ #include #include #define DEFAULT_VOMS_DIR "/etc/grid-security/vomsdir" #define DEFAULT_CACERT_DIR "/etc/grid-security/certificates" typedef struct voms_command_s { char *vo; /* VO name */ char *command; /* Command to send VOMS Server */ /* example "G/voname[,Rrole-name[,...]]" */ struct voms_command_s *next; } voms_command_t; void get_voms_proxy(myproxy_socket_attrs_t *attrs, myproxy_creds_t *creds, myproxy_request_t *request, myproxy_response_t *response, myproxy_server_context_t *config); /* * voms_init_delegation() * * Delegates a voms proxy based on the credentials found in file * location delegfile good for lifetime_seconds * * returns 0 on success, -1 on error */ int voms_init_delegation(myproxy_socket_attrs_t *attrs, const char *delegfile, const int lifetime_seconds, char *passphrase, char *voname, char *vomses, char *voms_userconf); int voms_contact(SSL_CREDENTIALS *creds, int lifetime, char *voname, char *vomses, char *voms_userconf, unsigned char **aclist, int *aclist_length); #endif myproxy-6.2.16/gsi_socket_priv.h0000644000175100017510000000126214557142036013633 00000000000000#ifndef GSI_SOCKET_PRIV_H #define GSI_SOCKET_PRIV_H 1 /* * gsi_socket_priv.h * * See gsi_socket.h for documentation. */ struct _gsi_socket { int sock; int allow_anonymous; /* Boolean */ /* All these variables together indicate the last error we saw */ char *error_string; int error_number; gss_ctx_id_t gss_context; OM_uint32 major_status; OM_uint32 minor_status; char *peer_name; int limited_proxy; /* 1 if peer used a limited proxy */ int max_token_len; char *certreq; /* path to a PEM encoded cert req */ }; #define DEFAULT_SERVICE_NAME "host" #endif /* GSI_SOCKET_PRIV_H */ myproxy-6.2.16/myproxy_log.h0000644000175100017510000000322614557142036013033 00000000000000/* * myproxy_log.h * * Logging routines for myproxy server. */ #ifndef __MYPROXY_LOG_H #define __MYPROXY_LOG_H #include /* Include this for convenience */ #include /* * myproxy_log_use_syslog() * * Use syslog with given name and facility for logging (as used for * the syslog call. If facility == 0 then no logging to syslog will * be done. name may be NULL indicate no name be used. */ void myproxy_log_use_syslog(int facility, const char *name); /* * myproxy_log_use_stream() * * Send log messages to the given stream. stream may be NULL which * turns this off. */ void myproxy_log_use_stream(FILE *stream); /* * myproxy_log() * * Log something. Takes arguments like sprintf(). */ void myproxy_log(const char *format, ...); /* * mproxy_log_verror() * * Log the error condition as indicated in the verror context. */ void myproxy_log_verror(); /* * myproxy_log_perror() * * Log the error message followed by a description of the current * errror in errno. */ void myproxy_log_perror(const char *format, ...); /* * myproxy_log_close() * * Shutdown logging and deallocate any memory associated with it. * All further logging will be ignoe unless another myproxy_log_use_*() * call is made. */ void myproxy_log_close(); /* * myproxy_debug_set_level() * * Turns debugging on or off, depending on wether value is non-zero * or zero respectively. Returns previous value for debugging. */ int myproxy_debug_set_level(int value); /* * myproxy_debug() * * Log a debugging message. Will only be displayed if debugging is * enabled. */ void myproxy_debug(const char *format, ...); #endif /* __MYPROXY_LOG_H */ myproxy-6.2.16/myproxy_creds.h0000644000175100017510000002153414557142036013354 00000000000000/* * myproxy_creds.h * * Interface for storing and retrieving proxies. */ #ifndef __MYPROXY_CREDS_H #define __MYPROXY_CREDS_H #include #include #define REGULAR_EXP 1 #define MATCH_CN_ONLY 0 struct myproxy_creds { char *username; char *location; /* the following items are stored in the credential data file */ char *passphrase; /* stored crypt()'ed */ char *owner_name; int lifetime; char *credname; char *creddesc; char *retrievers; char *renewers; char *keyretrieve; char *trusted_retrievers; /* start_time and end_time are set from the certificates in the cred */ time_t start_time; time_t end_time; /* non-NULL lockmsg indicates credential is administratively locked and should not be accessible. lockmsg should be returned on any attempted access. */ char *lockmsg; struct myproxy_creds *next; }; typedef struct myproxy_creds myproxy_creds_t; /* trusted certificate files */ struct myproxy_certs { char *filename; char *contents; size_t size; struct myproxy_certs *next; }; typedef struct myproxy_certs myproxy_certs_t; /* * myproxy_creds_store() * * Store the given credentials. The caller should allocate and fill in * the myproxy_creds structure. The passphrase in the myproxy_creds * structure will be crypt()'ed before it is written. * * On success, the credentials will be moved from creds->location to * the repository, so they will no longer exist at creds->location. * * Returns -1 on error, 0 on success. */ int myproxy_creds_store(const struct myproxy_creds *creds); /* * myproxy_creds_retrieve() * * Retrieve the credentials associated with the username and * credential name in the given myproxy_creds structure. * Note: No checking on the passphrase or owner name is done. * Note: The passphrase returned in the myproxy_creds structure is crypt()'ed. * * Returns -1 on error, 0 on success. */ int myproxy_creds_retrieve(struct myproxy_creds *creds); /* * myproxy_creds_retrieve_all() * * Retrieve all credentials associated with the username, owner * name, and credname (if given) in the given myproxy_creds structure. * If multiple credentials are stored under the given username, * they'll be chained together in a linked-list using the next field * in the given myproxy_creds structure. * The default credential (i.e., with no credname) will be first in * the list, if one exists. * Note: The passphrase returned in the myproxy_creds structure is crypt()'ed. * * Returns -1 on error, 0 on success. */ int myproxy_creds_retrieve_all(struct myproxy_creds *creds); /* myproxy_admin_retrieve_all() * * Used by the repository query tool on the server side for admin purposes. * * Retrieve all credentials stored in the credential storage directory * in the given myproxy_creds structure. Credentials are chained together in * a linked-list using the next field in the given myproxy_creds structure * If creds->username is non-NULL, only retrieve credentials for that * username. * If creds->credname is non-NULL, only retrieve credentials for that * credential name. A credname of "" indicates the "default" credential. * If creds->start_time is non-zero, only retrieve credentials with * end_time >= specified time. * If creds->end_time is non-zero, only retrieve credentials with * end_time < specified time. * Note: The passphrase returned in the myproxy_creds structure is crypt()'ed. * * Returns -1 on error, number of credentials on success. */ int myproxy_admin_retrieve_all(struct myproxy_creds *creds); /* * myproxy_creds_delete() * * Delete any stored credentials held for the given user as indiciated * by the username and credname fields in the given myproxy_creds structure. * * Returns -1 on error, 0 on success. */ int myproxy_creds_delete(const struct myproxy_creds *creds); /* * myproxy_creds_lock() * * Lock credentials indicated by the username and credname fields in * the given myproxy_creds structure, for the specified reason. * Locked credentials can not be retrieved or renewed. * * Returns -1 on error, 0 on success. */ int myproxy_creds_lock(const struct myproxy_creds *creds, const char *reason); /* * myproxy_creds_unlock() * * Unlock credentials indicated by the username and credname fields in * the given myproxy_creds structure. * * Returns -1 on error, 0 on success. */ int myproxy_creds_unlock(const struct myproxy_creds *creds); /* * myproxy_creds_change_passphrase() * * Change the passphrase of the credential specified by the username * and credential name to new_passphrase. * The current passphrase must be present in the myproxy_creds struct. * * Returns -1 on error, 0 on success */ int myproxy_creds_change_passphrase(const struct myproxy_creds *creds, const char *new_passphrase); /* * myproxy_creds_encrypted() * * Returns 1 if credentials are encrypted, 0 if unencrypted, and -1 on * error. */ int myproxy_creds_encrypted(const struct myproxy_creds *creds); /* * myproxy_creds_verify_passphrase() * * Verify the given passphrase against the myproxy_creds structure. * * Returns 1 on verify, 0 on failure, and -1 on error. */ int myproxy_creds_verify_passphrase(const struct myproxy_creds *creds, const char *new_passphrase); /* * myproxy_creds_exist() * * Check to see if the given user already has credentials stored. * * Returns 1 if the user does, 0 if they do not, -1 on error. */ int myproxy_creds_exist(const char *username, const char *credname); /* * myproxy_creds_is_owner() * * Check to see if the given client is the owner of the credentials * referenced by username. * * Returns 1 if the client owns the credentials, 0 if they do not, -1 on error. */ int myproxy_creds_is_owner(const char *username, const char *credname, const char *client_name); /* * myproxy_creds_free() * * Free a list of myproxy_creds structures. */ void myproxy_creds_free(struct myproxy_creds *certs); /* * myproxy_creds_free_contents() * * Free all the contents of the myproxy_creds structure, but not the * structure itself. */ void myproxy_creds_free_contents(struct myproxy_creds *creds); /* * myproxy_certs_free() * * Free a list of myproxy_certs structures. */ void myproxy_certs_free(struct myproxy_certs *certs); /* * myproxy_set_storage_dir() * * Change default storage directory. * Returns -1 on error, 0 on success. */ int myproxy_set_storage_dir(const char *dir); /* * myproxy_check_storage_dir() * * Make sure the storage directory is OK. * Returns 0 if OK, -1 if not. */ int myproxy_check_storage_dir(); /* * myproxy_get_storage_dir() * * Returns path to storage directory. * Returns NULL on error. */ const char *myproxy_get_storage_dir(); /* * myproxy_print_cred_info() * * Print info about creds to out. * Returns 0 if OK, -1 if not. */ int myproxy_print_cred_info(myproxy_creds_t *creds, FILE *out); /* * myproxy_check_cert_dir() * * Checks to see if the files in the given trustroots * directory are sane (such as world-readable, etc.). * Returns 1 if sane, 0 otherwise. */ int myproxy_check_cert_dir(const char cert_dir[]); /* * myproxy_get_certs() * * Return linked list of trusted CA certificate and related files. * Returns NULL on error. */ myproxy_certs_t *myproxy_get_certs(const char cert_dir[]); /* ** Check trusted certificates directory, create if needed. */ int myproxy_check_trusted_certs_dir(); /* * myproxy_install_trusted_cert_files() * * Install a linked list of files in trusted cert dir. * Returns 0 on success, -1 otherwise. */ int myproxy_install_trusted_cert_files(myproxy_certs_t *); /* * myproxy_clean_crls() * * Remove any bad CRLs in the trusted cert dir. * Returns 1 if bad CRL(s) removed, 0 of none found, -1 on error. */ int myproxy_clean_crls(); /* * myproxy_creds_verify() * * Check the validity of the credentials in the myproxy_creds structure: * - check Not Before and Not After fields against current time * - check signature by trusted CA * - check revocation status (CRL, OCSP) * * The myproxy_creds structure should be filled in by a previous call to * myproxy_creds_retrieve(). * * Returns 0 on success, -1 on error (setting verror). */ int myproxy_creds_verify(const struct myproxy_creds *); /* * myproxy_creds_path_template() * * Returns a malloc'ed buffer containing a file name template suitable * for passing to mkstemp() for storing credentials. * If a credential storage directory is available for use * (see the myproxy_*_storage_dir methods), * the file will be located in that directory. * Otherwise, it will be in /tmp. * The caller should free() the string. */ char *myproxy_creds_path_template(); #endif myproxy-6.2.16/myproxy_extensions.c0000644000175100017510000000722614557142036014450 00000000000000#include "myproxy_common.h" static STACK_OF(X509_EXTENSION) *extensions = NULL; int myproxy_set_extensions_from_file(const char filename[]) { CONF *extconf = NULL; long errorline = -1; myproxy_free_extensions(); extensions = sk_X509_EXTENSION_new_null(); extconf = NCONF_new(NULL); if (NCONF_load(extconf, filename, &errorline) <= 0) { if (errorline <= 0) { verror_put_string("OpenSSL error loading the proxy_extfile '%s'", filename); } else { verror_put_string("OpenSSL error on line %ld of proxy_extfile '%s'\n", errorline, filename); } return -1; } myproxy_debug("Successfully loaded extensions file %s.", filename); if (X509V3_EXT_add_nconf_sk(extconf, NULL, "default", &extensions) != 1) { verror_put_string("X509V3_EXT_add_nconf_sk() failed"); return -1; } myproxy_debug("Successfully set extensions."); return 0; } int myproxy_set_extensions_from_callout(const char path[], const char username[], const char location[]) { pid_t childpid; int fds[3]; int exit_status; CONF *extconf = NULL; long errorline = -1; FILE *nconf_stream = NULL; myproxy_debug("calling %s", path); childpid = myproxy_popen(fds, path, username, location, NULL); if (childpid < 0) { return -1; /* myproxy_popen will set verror */ } close(fds[0]); if (waitpid(childpid, &exit_status, 0) == -1) { verror_put_string("wait() failed for proxy_extapp child"); verror_put_errno(errno); return -1; } if (exit_status != 0) { FILE *fp = NULL; char buf[100]; verror_put_string("proxy_extapp call-out returned non-zero."); fp = fdopen(fds[1], "r"); if (fp) { while (fgets(buf, 100, fp) != NULL) { verror_put_string("%s", buf); } fclose(fp); } fp = fdopen(fds[2], "r"); if (fp) { while (fgets(buf, 100, fp) != NULL) { verror_put_string("%s", buf); } fclose(fp); } return -1; } close(fds[2]); myproxy_free_extensions(); extensions = sk_X509_EXTENSION_new_null(); extconf = NCONF_new(NULL); nconf_stream = fdopen(fds[1], "r"); if (NCONF_load_fp(extconf, nconf_stream, &errorline) <= 0) { if (errorline <= 0) { verror_put_string("OpenSSL error parsing output of proxy_extapp call-out."); } else { verror_put_string("OpenSSL error parsing line %ld of of proxy_extapp call-out output.", errorline); } fclose(nconf_stream); return -1; } fclose(nconf_stream); myproxy_debug("Successfully loaded extensions."); if (X509V3_EXT_add_nconf_sk(extconf, NULL, "default", &extensions) != 1) { verror_put_string("X509V3_EXT_add_nconf_sk() failed"); return -1; } myproxy_debug("Successfully set extensions."); return 0; } int myproxy_get_extensions(STACK_OF(X509_EXTENSION) **e) { if (extensions) { *e = sk_X509_EXTENSION_dup(extensions); } return 0; } int myproxy_free_extensions() { if (extensions) { sk_X509_EXTENSION_free(extensions); extensions = NULL; } return 0; } int myproxy_add_extension(X509_EXTENSION *extension) { if (extension == NULL) { verror_put_string("NULL extension is passed"); return -1; } if (X509v3_add_ext(&extensions, extension, -1) == NULL) { verror_put_string("Couldn't add extension."); return -1; } return 0; } myproxy-6.2.16/myproxy.sysconfig0000644000175100017510000000056214557142036013747 00000000000000# Any environment for MyProxy Startup. # Override these defaults here. ## MYPROXY_USER=myproxy ## MYPROXY_OPTIONS="-s /var/lib/myproxy" ## X509_USER_CERT=/etc/grid-security/myproxy/hostcert.pem ## X509_USER_KEY=/etc/grid-security/myproxy/hostkey.pem for myproxy_conf in "/etc/myproxy.d"/*; do if [ -r "$myproxy_conf" ]; then . "$myproxy_conf" fi done myproxy-6.2.16/README0000644000175100017510000000155514557142036011155 00000000000000Please see for the latest information about MyProxy. MyProxy is Copyright 2000-2014 The Board of Trustees of the University of Illinois. See the LICENSE file for detailed license information. This product includes software developed by Computing Services at Carnegie Mellon University (http://www.cmu.edu/computing/). See LICENSE.sasl for the cyrus-sasl copyright notice. This product includes software developed by the NetBSD Foundation, Inc. and its contributors. See LICENSE.netbsd for the copyright notice. This product includes software developed by James A. Kupsch. See LICENSE.safefile for the copyright notice. This product includes software developed by Pawel Jakub Dawidek. See LICENSE.pidfile for the copyright notice. Please see the VERSION file for information about this and other versions of the MyProxy software. myproxy-6.2.16/configure0000755000175100017510000156543214557142525012221 00000000000000#! /bin/sh # Guess values for system-dependent variables and create Makefiles. # Generated by GNU Autoconf 2.69 for myproxy 6.2.16. # # # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. # # # This configure script is free software; the Free Software Foundation # gives unlimited permission to copy, distribute and modify it. ## -------------------- ## ## M4sh Initialization. ## ## -------------------- ## # Be more Bourne compatible DUALCASE=1; export DUALCASE # for MKS sh if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : emulate sh NULLCMD=: # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which # is contrary to our usage. Disable this feature. alias -g '${1+"$@"}'='"$@"' setopt NO_GLOB_SUBST else case `(set -o) 2>/dev/null` in #( *posix*) : set -o posix ;; #( *) : ;; esac fi as_nl=' ' export as_nl # Printing a long string crashes Solaris 7 /usr/bin/printf. as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo # Prefer a ksh shell builtin over an external printf program on Solaris, # but without wasting forks for bash or zsh. if test -z "$BASH_VERSION$ZSH_VERSION" \ && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then as_echo='print -r --' as_echo_n='print -rn --' elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then as_echo='printf %s\n' as_echo_n='printf %s' else if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' as_echo_n='/usr/ucb/echo -n' else as_echo_body='eval expr "X$1" : "X\\(.*\\)"' as_echo_n_body='eval arg=$1; case $arg in #( *"$as_nl"*) expr "X$arg" : "X\\(.*\\)$as_nl"; arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; esac; expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" ' export as_echo_n_body as_echo_n='sh -c $as_echo_n_body as_echo' fi export as_echo_body as_echo='sh -c $as_echo_body as_echo' fi # The user is always right. if test "${PATH_SEPARATOR+set}" != set; then PATH_SEPARATOR=: (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || PATH_SEPARATOR=';' } fi # IFS # We need space, tab and new line, in precisely that order. Quoting is # there to prevent editors from complaining about space-tab. # (If _AS_PATH_WALK were called with IFS unset, it would disable word # splitting by setting IFS to empty value.) IFS=" "" $as_nl" # Find who we are. Look in the path if we contain no directory separator. as_myself= case $0 in #(( *[\\/]* ) as_myself=$0 ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break done IFS=$as_save_IFS ;; esac # We did not find ourselves, most probably we were run as `sh COMMAND' # in which case we are not to be found in the path. if test "x$as_myself" = x; then as_myself=$0 fi if test ! -f "$as_myself"; then $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 exit 1 fi # Unset variables that we do not need and which cause bugs (e.g. in # pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1" # suppresses any "Segmentation fault" message there. '((' could # trigger a bug in pdksh 5.2.14. for as_var in BASH_ENV ENV MAIL MAILPATH do eval test x\${$as_var+set} = xset \ && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : done PS1='$ ' PS2='> ' PS4='+ ' # NLS nuisances. LC_ALL=C export LC_ALL LANGUAGE=C export LANGUAGE # CDPATH. (unset CDPATH) >/dev/null 2>&1 && unset CDPATH # Use a proper internal environment variable to ensure we don't fall # into an infinite loop, continuously re-executing ourselves. if test x"${_as_can_reexec}" != xno && test "x$CONFIG_SHELL" != x; then _as_can_reexec=no; export _as_can_reexec; # We cannot yet assume a decent shell, so we have to provide a # neutralization value for shells without unset; and this also # works around shells that cannot unset nonexistent variables. # Preserve -v and -x to the replacement shell. BASH_ENV=/dev/null ENV=/dev/null (unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV case $- in # (((( *v*x* | *x*v* ) as_opts=-vx ;; *v* ) as_opts=-v ;; *x* ) as_opts=-x ;; * ) as_opts= ;; esac exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} # Admittedly, this is quite paranoid, since all the known shells bail # out after a failed `exec'. $as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2 as_fn_exit 255 fi # We don't want this to propagate to other subprocesses. { _as_can_reexec=; unset _as_can_reexec;} if test "x$CONFIG_SHELL" = x; then as_bourne_compatible="if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then : emulate sh NULLCMD=: # Pre-4.2 versions of Zsh do word splitting on \${1+\"\$@\"}, which # is contrary to our usage. Disable this feature. alias -g '\${1+\"\$@\"}'='\"\$@\"' setopt NO_GLOB_SUBST else case \`(set -o) 2>/dev/null\` in #( *posix*) : set -o posix ;; #( *) : ;; esac fi " as_required="as_fn_return () { (exit \$1); } as_fn_success () { as_fn_return 0; } as_fn_failure () { as_fn_return 1; } as_fn_ret_success () { return 0; } as_fn_ret_failure () { return 1; } exitcode=0 as_fn_success || { exitcode=1; echo as_fn_success failed.; } as_fn_failure && { exitcode=1; echo as_fn_failure succeeded.; } as_fn_ret_success || { exitcode=1; echo as_fn_ret_success failed.; } as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; } if ( set x; as_fn_ret_success y && test x = \"\$1\" ); then : else exitcode=1; echo positional parameters were not saved. fi test x\$exitcode = x0 || exit 1 test -x / || exit 1" as_suggested=" as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" && test \"x\`expr \$as_lineno_1'\$as_run' + 1\`\" = \"x\$as_lineno_2'\$as_run'\"' || exit 1 test -n \"\${ZSH_VERSION+set}\${BASH_VERSION+set}\" || ( ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' ECHO=\$ECHO\$ECHO\$ECHO\$ECHO\$ECHO ECHO=\$ECHO\$ECHO\$ECHO\$ECHO\$ECHO\$ECHO PATH=/empty FPATH=/empty; export PATH FPATH test \"X\`printf %s \$ECHO\`\" = \"X\$ECHO\" \\ || test \"X\`print -r -- \$ECHO\`\" = \"X\$ECHO\" ) || exit 1 test \$(( 1 + 1 )) = 2 || exit 1" if (eval "$as_required") 2>/dev/null; then : as_have_required=yes else as_have_required=no fi if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null; then : else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR as_found=false for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. as_found=: case $as_dir in #( /*) for as_base in sh bash ksh sh5; do # Try only shells that exist, to save several forks. as_shell=$as_dir/$as_base if { test -f "$as_shell" || test -f "$as_shell.exe"; } && { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$as_shell"; } 2>/dev/null; then : CONFIG_SHELL=$as_shell as_have_required=yes if { $as_echo "$as_bourne_compatible""$as_suggested" | as_run=a "$as_shell"; } 2>/dev/null; then : break 2 fi fi done;; esac as_found=false done $as_found || { if { test -f "$SHELL" || test -f "$SHELL.exe"; } && { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$SHELL"; } 2>/dev/null; then : CONFIG_SHELL=$SHELL as_have_required=yes fi; } IFS=$as_save_IFS if test "x$CONFIG_SHELL" != x; then : export CONFIG_SHELL # We cannot yet assume a decent shell, so we have to provide a # neutralization value for shells without unset; and this also # works around shells that cannot unset nonexistent variables. # Preserve -v and -x to the replacement shell. BASH_ENV=/dev/null ENV=/dev/null (unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV case $- in # (((( *v*x* | *x*v* ) as_opts=-vx ;; *v* ) as_opts=-v ;; *x* ) as_opts=-x ;; * ) as_opts= ;; esac exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} # Admittedly, this is quite paranoid, since all the known shells bail # out after a failed `exec'. $as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2 exit 255 fi if test x$as_have_required = xno; then : $as_echo "$0: This script requires a shell more modern than all" $as_echo "$0: the shells that I found on your system." if test x${ZSH_VERSION+set} = xset ; then $as_echo "$0: In particular, zsh $ZSH_VERSION has bugs and should" $as_echo "$0: be upgraded to zsh 4.3.4 or later." else $as_echo "$0: Please tell bug-autoconf@gnu.org about your system, $0: including any error possibly output before this $0: message. Then install a modern shell, or manually run $0: the script under such a shell if you do have one." fi exit 1 fi fi fi SHELL=${CONFIG_SHELL-/bin/sh} export SHELL # Unset more variables known to interfere with behavior of common tools. CLICOLOR_FORCE= GREP_OPTIONS= unset CLICOLOR_FORCE GREP_OPTIONS ## --------------------- ## ## M4sh Shell Functions. ## ## --------------------- ## # as_fn_unset VAR # --------------- # Portably unset VAR. as_fn_unset () { { eval $1=; unset $1;} } as_unset=as_fn_unset # as_fn_set_status STATUS # ----------------------- # Set $? to STATUS, without forking. as_fn_set_status () { return $1 } # as_fn_set_status # as_fn_exit STATUS # ----------------- # Exit the shell with STATUS, even in a "trap 0" or "set -e" context. as_fn_exit () { set +e as_fn_set_status $1 exit $1 } # as_fn_exit # as_fn_mkdir_p # ------------- # Create "$as_dir" as a directory, including parents if necessary. as_fn_mkdir_p () { case $as_dir in #( -*) as_dir=./$as_dir;; esac test -d "$as_dir" || eval $as_mkdir_p || { as_dirs= while :; do case $as_dir in #( *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( *) as_qdir=$as_dir;; esac as_dirs="'$as_qdir' $as_dirs" as_dir=`$as_dirname -- "$as_dir" || $as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$as_dir" : 'X\(//\)[^/]' \| \ X"$as_dir" : 'X\(//\)$' \| \ X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || $as_echo X"$as_dir" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` test -d "$as_dir" && break done test -z "$as_dirs" || eval "mkdir $as_dirs" } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir" } # as_fn_mkdir_p # as_fn_executable_p FILE # ----------------------- # Test if FILE is an executable regular file. as_fn_executable_p () { test -f "$1" && test -x "$1" } # as_fn_executable_p # as_fn_append VAR VALUE # ---------------------- # Append the text in VALUE to the end of the definition contained in VAR. Take # advantage of any shell optimizations that allow amortized linear growth over # repeated appends, instead of the typical quadratic growth present in naive # implementations. if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then : eval 'as_fn_append () { eval $1+=\$2 }' else as_fn_append () { eval $1=\$$1\$2 } fi # as_fn_append # as_fn_arith ARG... # ------------------ # Perform arithmetic evaluation on the ARGs, and store the result in the # global $as_val. Take advantage of shells that can avoid forks. The arguments # must be portable across $(()) and expr. if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then : eval 'as_fn_arith () { as_val=$(( $* )) }' else as_fn_arith () { as_val=`expr "$@" || test $? -eq 1` } fi # as_fn_arith # as_fn_error STATUS ERROR [LINENO LOG_FD] # ---------------------------------------- # Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are # provided, also output the error to LOG_FD, referencing LINENO. Then exit the # script with STATUS, using 1 if that was 0. as_fn_error () { as_status=$1; test $as_status -eq 0 && as_status=1 if test "$4"; then as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 fi $as_echo "$as_me: error: $2" >&2 as_fn_exit $as_status } # as_fn_error if expr a : '\(a\)' >/dev/null 2>&1 && test "X`expr 00001 : '.*\(...\)'`" = X001; then as_expr=expr else as_expr=false fi if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then as_basename=basename else as_basename=false fi if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then as_dirname=dirname else as_dirname=false fi as_me=`$as_basename -- "$0" || $as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ X"$0" : 'X\(//\)$' \| \ X"$0" : 'X\(/\)' \| . 2>/dev/null || $as_echo X/"$0" | sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/ q } /^X\/\(\/\/\)$/{ s//\1/ q } /^X\/\(\/\).*/{ s//\1/ q } s/.*/./; q'` # Avoid depending upon Character Ranges. as_cr_letters='abcdefghijklmnopqrstuvwxyz' as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' as_cr_Letters=$as_cr_letters$as_cr_LETTERS as_cr_digits='0123456789' as_cr_alnum=$as_cr_Letters$as_cr_digits as_lineno_1=$LINENO as_lineno_1a=$LINENO as_lineno_2=$LINENO as_lineno_2a=$LINENO eval 'test "x$as_lineno_1'$as_run'" != "x$as_lineno_2'$as_run'" && test "x`expr $as_lineno_1'$as_run' + 1`" = "x$as_lineno_2'$as_run'"' || { # Blame Lee E. McMahon (1931-1989) for sed's syntax. :-) sed -n ' p /[$]LINENO/= ' <$as_myself | sed ' s/[$]LINENO.*/&-/ t lineno b :lineno N :loop s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/ t loop s/-\n.*// ' >$as_me.lineno && chmod +x "$as_me.lineno" || { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; } # If we had to re-execute with $CONFIG_SHELL, we're ensured to have # already done that, so ensure we don't try to do so again and fall # in an infinite loop. This has already happened in practice. _as_can_reexec=no; export _as_can_reexec # Don't try to exec as it changes $[0], causing all sort of problems # (the dirname of $[0] is not the place where we might find the # original and so on. Autoconf is especially sensitive to this). . "./$as_me.lineno" # Exit status is that of the last command. exit } ECHO_C= ECHO_N= ECHO_T= case `echo -n x` in #((((( -n*) case `echo 'xy\c'` in *c*) ECHO_T=' ';; # ECHO_T is single tab character. xy) ECHO_C='\c';; *) echo `echo ksh88 bug on AIX 6.1` > /dev/null ECHO_T=' ';; esac;; *) ECHO_N='-n';; esac rm -f conf$$ conf$$.exe conf$$.file if test -d conf$$.dir; then rm -f conf$$.dir/conf$$.file else rm -f conf$$.dir mkdir conf$$.dir 2>/dev/null fi if (echo >conf$$.file) 2>/dev/null; then if ln -s conf$$.file conf$$ 2>/dev/null; then as_ln_s='ln -s' # ... but there are two gotchas: # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. # In both cases, we have to default to `cp -pR'. ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || as_ln_s='cp -pR' elif ln conf$$.file conf$$ 2>/dev/null; then as_ln_s=ln else as_ln_s='cp -pR' fi else as_ln_s='cp -pR' fi rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file rmdir conf$$.dir 2>/dev/null if mkdir -p . 2>/dev/null; then as_mkdir_p='mkdir -p "$as_dir"' else test -d ./-p && rmdir ./-p as_mkdir_p=false fi as_test_x='test -x' as_executable_p=as_fn_executable_p # Sed expression to map a string onto a valid CPP name. as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" # Sed expression to map a string onto a valid variable name. as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" SHELL=${CONFIG_SHELL-/bin/sh} test -n "$DJDIR" || exec 7<&0 &1 # Name of the host. # hostname on some systems (SVR3.2, old GNU/Linux) returns a bogus exit status, # so uname gets run too. ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q` # # Initializations. # ac_default_prefix=/usr/local ac_clean_files= ac_config_libobj_dir=. LIBOBJS= cross_compiling=no subdirs= MFLAGS= MAKEFLAGS= # Identity of this package. PACKAGE_NAME='myproxy' PACKAGE_TARNAME='myproxy' PACKAGE_VERSION='6.2.16' PACKAGE_STRING='myproxy 6.2.16' PACKAGE_BUGREPORT='' PACKAGE_URL='' # Factoring default headers for most tests. ac_includes_default="\ #include #ifdef HAVE_SYS_TYPES_H # include #endif #ifdef HAVE_SYS_STAT_H # include #endif #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif #ifdef HAVE_STRING_H # if !defined STDC_HEADERS && defined HAVE_MEMORY_H # include # endif # include #endif #ifdef HAVE_STRINGS_H # include #endif #ifdef HAVE_INTTYPES_H # include #endif #ifdef HAVE_STDINT_H # include #endif #ifdef HAVE_UNISTD_H # include #endif" ac_subst_vars='am__EXEEXT_FALSE am__EXEEXT_TRUE LTLIBOBJS LIBOBJS HAVE_VOMS_FALSE HAVE_VOMS_TRUE VOMS_LIBS KRB5CPPFLAGS ENABLE_TESTS_FALSE ENABLE_TESTS_TRUE OPENSSL OPENSSL_LIBS OPENSSL_CFLAGS GLOBUS_LIBS GLOBUS_CFLAGS SYSLIBS GSI_CERT_UTILS_PATH GSI_PROXY_UTILS_PATH PKG_CONFIG_LIBDIR PKG_CONFIG_PATH PKG_CONFIG MYPROXY_DATE PACKAGE_DEPS AGE_VERSION MICRO_VERSION MINOR_VERSION MAJOR_VERSION CPP OTOOL64 OTOOL LIPO NMEDIT DSYMUTIL MANIFEST_TOOL RANLIB ac_ct_AR AR LN_S NM ac_ct_DUMPBIN DUMPBIN LD FGREP EGREP GREP SED am__fastdepCC_FALSE am__fastdepCC_TRUE CCDEPMODE am__nodep AMDEPBACKSLASH AMDEP_FALSE AMDEP_TRUE am__quote am__include DEPDIR OBJEXT EXEEXT ac_ct_CC CPPFLAGS LDFLAGS CFLAGS CC host_os host_vendor host_cpu host build_os build_vendor build_cpu build LIBTOOL OBJDUMP DLLTOOL AS AM_BACKSLASH AM_DEFAULT_VERBOSITY AM_DEFAULT_V AM_V am__untar am__tar AMTAR am__leading_dot SET_MAKE AWK mkdir_p MKDIR_P INSTALL_STRIP_PROGRAM STRIP install_sh MAKEINFO AUTOHEADER AUTOMAKE AUTOCONF ACLOCAL VERSION PACKAGE CYGPATH_W am__isrc INSTALL_DATA INSTALL_SCRIPT INSTALL_PROGRAM target_alias host_alias build_alias LIBS ECHO_T ECHO_N ECHO_C DEFS mandir localedir libdir psdir pdfdir dvidir htmldir infodir docdir oldincludedir includedir localstatedir sharedstatedir sysconfdir datadir datarootdir libexecdir sbindir bindir program_transform_name prefix exec_prefix PACKAGE_URL PACKAGE_BUGREPORT PACKAGE_STRING PACKAGE_VERSION PACKAGE_TARNAME PACKAGE_NAME PATH_SEPARATOR SHELL' ac_subst_files='' ac_user_opts=' enable_option_checking enable_silent_rules enable_shared enable_static with_pic enable_fast_install enable_dependency_tracking with_gnu_ld with_sysroot enable_libtool_lock with_sasl2 with_kerberos5 with_openldap with_voms ' ac_precious_vars='build_alias host_alias target_alias CC CFLAGS LDFLAGS LIBS CPPFLAGS CPP PKG_CONFIG PKG_CONFIG_PATH PKG_CONFIG_LIBDIR GLOBUS_CFLAGS GLOBUS_LIBS OPENSSL_CFLAGS OPENSSL_LIBS' # Initialize some variables set by options. ac_init_help= ac_init_version=false ac_unrecognized_opts= ac_unrecognized_sep= # The variables have the same names as the options, with # dashes changed to underlines. cache_file=/dev/null exec_prefix=NONE no_create= no_recursion= prefix=NONE program_prefix=NONE program_suffix=NONE program_transform_name=s,x,x, silent= site= srcdir= verbose= x_includes=NONE x_libraries=NONE # Installation directory options. # These are left unexpanded so users can "make install exec_prefix=/foo" # and all the variables that are supposed to be based on exec_prefix # by default will actually change. # Use braces instead of parens because sh, perl, etc. also accept them. # (The list follows the same order as the GNU Coding Standards.) bindir='${exec_prefix}/bin' sbindir='${exec_prefix}/sbin' libexecdir='${exec_prefix}/libexec' datarootdir='${prefix}/share' datadir='${datarootdir}' sysconfdir='${prefix}/etc' sharedstatedir='${prefix}/com' localstatedir='${prefix}/var' includedir='${prefix}/include' oldincludedir='/usr/include' docdir='${datarootdir}/doc/${PACKAGE_TARNAME}' infodir='${datarootdir}/info' htmldir='${docdir}' dvidir='${docdir}' pdfdir='${docdir}' psdir='${docdir}' libdir='${exec_prefix}/lib' localedir='${datarootdir}/locale' mandir='${datarootdir}/man' ac_prev= ac_dashdash= for ac_option do # If the previous option needs an argument, assign it. if test -n "$ac_prev"; then eval $ac_prev=\$ac_option ac_prev= continue fi case $ac_option in *=?*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;; *=) ac_optarg= ;; *) ac_optarg=yes ;; esac # Accept the important Cygnus configure options, so we can diagnose typos. case $ac_dashdash$ac_option in --) ac_dashdash=yes ;; -bindir | --bindir | --bindi | --bind | --bin | --bi) ac_prev=bindir ;; -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*) bindir=$ac_optarg ;; -build | --build | --buil | --bui | --bu) ac_prev=build_alias ;; -build=* | --build=* | --buil=* | --bui=* | --bu=*) build_alias=$ac_optarg ;; -cache-file | --cache-file | --cache-fil | --cache-fi \ | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c) ac_prev=cache_file ;; -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \ | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*) cache_file=$ac_optarg ;; --config-cache | -C) cache_file=config.cache ;; -datadir | --datadir | --datadi | --datad) ac_prev=datadir ;; -datadir=* | --datadir=* | --datadi=* | --datad=*) datadir=$ac_optarg ;; -datarootdir | --datarootdir | --datarootdi | --datarootd | --dataroot \ | --dataroo | --dataro | --datar) ac_prev=datarootdir ;; -datarootdir=* | --datarootdir=* | --datarootdi=* | --datarootd=* \ | --dataroot=* | --dataroo=* | --dataro=* | --datar=*) datarootdir=$ac_optarg ;; -disable-* | --disable-*) ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && as_fn_error $? "invalid feature name: $ac_useropt" ac_useropt_orig=$ac_useropt ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in *" "enable_$ac_useropt" "*) ;; *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--disable-$ac_useropt_orig" ac_unrecognized_sep=', ';; esac eval enable_$ac_useropt=no ;; -docdir | --docdir | --docdi | --doc | --do) ac_prev=docdir ;; -docdir=* | --docdir=* | --docdi=* | --doc=* | --do=*) docdir=$ac_optarg ;; -dvidir | --dvidir | --dvidi | --dvid | --dvi | --dv) ac_prev=dvidir ;; -dvidir=* | --dvidir=* | --dvidi=* | --dvid=* | --dvi=* | --dv=*) dvidir=$ac_optarg ;; -enable-* | --enable-*) ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && as_fn_error $? "invalid feature name: $ac_useropt" ac_useropt_orig=$ac_useropt ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in *" "enable_$ac_useropt" "*) ;; *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--enable-$ac_useropt_orig" ac_unrecognized_sep=', ';; esac eval enable_$ac_useropt=\$ac_optarg ;; -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \ | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \ | --exec | --exe | --ex) ac_prev=exec_prefix ;; -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \ | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \ | --exec=* | --exe=* | --ex=*) exec_prefix=$ac_optarg ;; -gas | --gas | --ga | --g) # Obsolete; use --with-gas. with_gas=yes ;; -help | --help | --hel | --he | -h) ac_init_help=long ;; -help=r* | --help=r* | --hel=r* | --he=r* | -hr*) ac_init_help=recursive ;; -help=s* | --help=s* | --hel=s* | --he=s* | -hs*) ac_init_help=short ;; -host | --host | --hos | --ho) ac_prev=host_alias ;; -host=* | --host=* | --hos=* | --ho=*) host_alias=$ac_optarg ;; -htmldir | --htmldir | --htmldi | --htmld | --html | --htm | --ht) ac_prev=htmldir ;; -htmldir=* | --htmldir=* | --htmldi=* | --htmld=* | --html=* | --htm=* \ | --ht=*) htmldir=$ac_optarg ;; -includedir | --includedir | --includedi | --included | --include \ | --includ | --inclu | --incl | --inc) ac_prev=includedir ;; -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \ | --includ=* | --inclu=* | --incl=* | --inc=*) includedir=$ac_optarg ;; -infodir | --infodir | --infodi | --infod | --info | --inf) ac_prev=infodir ;; -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*) infodir=$ac_optarg ;; -libdir | --libdir | --libdi | --libd) ac_prev=libdir ;; -libdir=* | --libdir=* | --libdi=* | --libd=*) libdir=$ac_optarg ;; -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \ | --libexe | --libex | --libe) ac_prev=libexecdir ;; -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \ | --libexe=* | --libex=* | --libe=*) libexecdir=$ac_optarg ;; -localedir | --localedir | --localedi | --localed | --locale) ac_prev=localedir ;; -localedir=* | --localedir=* | --localedi=* | --localed=* | --locale=*) localedir=$ac_optarg ;; -localstatedir | --localstatedir | --localstatedi | --localstated \ | --localstate | --localstat | --localsta | --localst | --locals) ac_prev=localstatedir ;; -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \ | --localstate=* | --localstat=* | --localsta=* | --localst=* | --locals=*) localstatedir=$ac_optarg ;; -mandir | --mandir | --mandi | --mand | --man | --ma | --m) ac_prev=mandir ;; -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*) mandir=$ac_optarg ;; -nfp | --nfp | --nf) # Obsolete; use --without-fp. with_fp=no ;; -no-create | --no-create | --no-creat | --no-crea | --no-cre \ | --no-cr | --no-c | -n) no_create=yes ;; -no-recursion | --no-recursion | --no-recursio | --no-recursi \ | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) no_recursion=yes ;; -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \ | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \ | --oldin | --oldi | --old | --ol | --o) ac_prev=oldincludedir ;; -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \ | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \ | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*) oldincludedir=$ac_optarg ;; -prefix | --prefix | --prefi | --pref | --pre | --pr | --p) ac_prev=prefix ;; -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*) prefix=$ac_optarg ;; -program-prefix | --program-prefix | --program-prefi | --program-pref \ | --program-pre | --program-pr | --program-p) ac_prev=program_prefix ;; -program-prefix=* | --program-prefix=* | --program-prefi=* \ | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*) program_prefix=$ac_optarg ;; -program-suffix | --program-suffix | --program-suffi | --program-suff \ | --program-suf | --program-su | --program-s) ac_prev=program_suffix ;; -program-suffix=* | --program-suffix=* | --program-suffi=* \ | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*) program_suffix=$ac_optarg ;; -program-transform-name | --program-transform-name \ | --program-transform-nam | --program-transform-na \ | --program-transform-n | --program-transform- \ | --program-transform | --program-transfor \ | --program-transfo | --program-transf \ | --program-trans | --program-tran \ | --progr-tra | --program-tr | --program-t) ac_prev=program_transform_name ;; -program-transform-name=* | --program-transform-name=* \ | --program-transform-nam=* | --program-transform-na=* \ | --program-transform-n=* | --program-transform-=* \ | --program-transform=* | --program-transfor=* \ | --program-transfo=* | --program-transf=* \ | --program-trans=* | --program-tran=* \ | --progr-tra=* | --program-tr=* | --program-t=*) program_transform_name=$ac_optarg ;; -pdfdir | --pdfdir | --pdfdi | --pdfd | --pdf | --pd) ac_prev=pdfdir ;; -pdfdir=* | --pdfdir=* | --pdfdi=* | --pdfd=* | --pdf=* | --pd=*) pdfdir=$ac_optarg ;; -psdir | --psdir | --psdi | --psd | --ps) ac_prev=psdir ;; -psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*) psdir=$ac_optarg ;; -q | -quiet | --quiet | --quie | --qui | --qu | --q \ | -silent | --silent | --silen | --sile | --sil) silent=yes ;; -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) ac_prev=sbindir ;; -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ | --sbi=* | --sb=*) sbindir=$ac_optarg ;; -sharedstatedir | --sharedstatedir | --sharedstatedi \ | --sharedstated | --sharedstate | --sharedstat | --sharedsta \ | --sharedst | --shareds | --shared | --share | --shar \ | --sha | --sh) ac_prev=sharedstatedir ;; -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \ | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \ | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \ | --sha=* | --sh=*) sharedstatedir=$ac_optarg ;; -site | --site | --sit) ac_prev=site ;; -site=* | --site=* | --sit=*) site=$ac_optarg ;; -srcdir | --srcdir | --srcdi | --srcd | --src | --sr) ac_prev=srcdir ;; -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*) srcdir=$ac_optarg ;; -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \ | --syscon | --sysco | --sysc | --sys | --sy) ac_prev=sysconfdir ;; -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \ | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*) sysconfdir=$ac_optarg ;; -target | --target | --targe | --targ | --tar | --ta | --t) ac_prev=target_alias ;; -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*) target_alias=$ac_optarg ;; -v | -verbose | --verbose | --verbos | --verbo | --verb) verbose=yes ;; -version | --version | --versio | --versi | --vers | -V) ac_init_version=: ;; -with-* | --with-*) ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && as_fn_error $? "invalid package name: $ac_useropt" ac_useropt_orig=$ac_useropt ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in *" "with_$ac_useropt" "*) ;; *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--with-$ac_useropt_orig" ac_unrecognized_sep=', ';; esac eval with_$ac_useropt=\$ac_optarg ;; -without-* | --without-*) ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && as_fn_error $? "invalid package name: $ac_useropt" ac_useropt_orig=$ac_useropt ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in *" "with_$ac_useropt" "*) ;; *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--without-$ac_useropt_orig" ac_unrecognized_sep=', ';; esac eval with_$ac_useropt=no ;; --x) # Obsolete; use --with-x. with_x=yes ;; -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \ | --x-incl | --x-inc | --x-in | --x-i) ac_prev=x_includes ;; -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \ | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*) x_includes=$ac_optarg ;; -x-libraries | --x-libraries | --x-librarie | --x-librari \ | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l) ac_prev=x_libraries ;; -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \ | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*) x_libraries=$ac_optarg ;; -*) as_fn_error $? "unrecognized option: \`$ac_option' Try \`$0 --help' for more information" ;; *=*) ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='` # Reject names that are not valid shell variable names. case $ac_envvar in #( '' | [0-9]* | *[!_$as_cr_alnum]* ) as_fn_error $? "invalid variable name: \`$ac_envvar'" ;; esac eval $ac_envvar=\$ac_optarg export $ac_envvar ;; *) # FIXME: should be removed in autoconf 3.0. $as_echo "$as_me: WARNING: you should use --build, --host, --target" >&2 expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null && $as_echo "$as_me: WARNING: invalid host type: $ac_option" >&2 : "${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}" ;; esac done if test -n "$ac_prev"; then ac_option=--`echo $ac_prev | sed 's/_/-/g'` as_fn_error $? "missing argument to $ac_option" fi if test -n "$ac_unrecognized_opts"; then case $enable_option_checking in no) ;; fatal) as_fn_error $? "unrecognized options: $ac_unrecognized_opts" ;; *) $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;; esac fi # Check all directory arguments for consistency. for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \ datadir sysconfdir sharedstatedir localstatedir includedir \ oldincludedir docdir infodir htmldir dvidir pdfdir psdir \ libdir localedir mandir do eval ac_val=\$$ac_var # Remove trailing slashes. case $ac_val in */ ) ac_val=`expr "X$ac_val" : 'X\(.*[^/]\)' \| "X$ac_val" : 'X\(.*\)'` eval $ac_var=\$ac_val;; esac # Be sure to have absolute directory names. case $ac_val in [\\/$]* | ?:[\\/]* ) continue;; NONE | '' ) case $ac_var in *prefix ) continue;; esac;; esac as_fn_error $? "expected an absolute directory name for --$ac_var: $ac_val" done # There might be people who depend on the old broken behavior: `$host' # used to hold the argument of --host etc. # FIXME: To remove some day. build=$build_alias host=$host_alias target=$target_alias # FIXME: To remove some day. if test "x$host_alias" != x; then if test "x$build_alias" = x; then cross_compiling=maybe elif test "x$build_alias" != "x$host_alias"; then cross_compiling=yes fi fi ac_tool_prefix= test -n "$host_alias" && ac_tool_prefix=$host_alias- test "$silent" = yes && exec 6>/dev/null ac_pwd=`pwd` && test -n "$ac_pwd" && ac_ls_di=`ls -di .` && ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` || as_fn_error $? "working directory cannot be determined" test "X$ac_ls_di" = "X$ac_pwd_ls_di" || as_fn_error $? "pwd does not report name of working directory" # Find the source files, if location was not specified. if test -z "$srcdir"; then ac_srcdir_defaulted=yes # Try the directory containing this script, then the parent directory. ac_confdir=`$as_dirname -- "$as_myself" || $as_expr X"$as_myself" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$as_myself" : 'X\(//\)[^/]' \| \ X"$as_myself" : 'X\(//\)$' \| \ X"$as_myself" : 'X\(/\)' \| . 2>/dev/null || $as_echo X"$as_myself" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` srcdir=$ac_confdir if test ! -r "$srcdir/$ac_unique_file"; then srcdir=.. fi else ac_srcdir_defaulted=no fi if test ! -r "$srcdir/$ac_unique_file"; then test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .." as_fn_error $? "cannot find sources ($ac_unique_file) in $srcdir" fi ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work" ac_abs_confdir=`( cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error $? "$ac_msg" pwd)` # When building in place, set srcdir=. if test "$ac_abs_confdir" = "$ac_pwd"; then srcdir=. fi # Remove unnecessary trailing slashes from srcdir. # Double slashes in file names in object file debugging info # mess up M-x gdb in Emacs. case $srcdir in */) srcdir=`expr "X$srcdir" : 'X\(.*[^/]\)' \| "X$srcdir" : 'X\(.*\)'`;; esac for ac_var in $ac_precious_vars; do eval ac_env_${ac_var}_set=\${${ac_var}+set} eval ac_env_${ac_var}_value=\$${ac_var} eval ac_cv_env_${ac_var}_set=\${${ac_var}+set} eval ac_cv_env_${ac_var}_value=\$${ac_var} done # # Report the --help message. # if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF \`configure' configures myproxy 6.2.16 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... To assign environment variables (e.g., CC, CFLAGS...), specify them as VAR=VALUE. See below for descriptions of some of the useful variables. Defaults for the options are specified in brackets. Configuration: -h, --help display this help and exit --help=short display options specific to this package --help=recursive display the short help of all the included packages -V, --version display version information and exit -q, --quiet, --silent do not print \`checking ...' messages --cache-file=FILE cache test results in FILE [disabled] -C, --config-cache alias for \`--cache-file=config.cache' -n, --no-create do not create output files --srcdir=DIR find the sources in DIR [configure dir or \`..'] Installation directories: --prefix=PREFIX install architecture-independent files in PREFIX [$ac_default_prefix] --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX [PREFIX] By default, \`make install' will install all the files in \`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify an installation prefix other than \`$ac_default_prefix' using \`--prefix', for instance \`--prefix=\$HOME'. For better control, use the options below. Fine tuning of the installation directories: --bindir=DIR user executables [EPREFIX/bin] --sbindir=DIR system admin executables [EPREFIX/sbin] --libexecdir=DIR program executables [EPREFIX/libexec] --sysconfdir=DIR read-only single-machine data [PREFIX/etc] --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] --localstatedir=DIR modifiable single-machine data [PREFIX/var] --libdir=DIR object code libraries [EPREFIX/lib] --includedir=DIR C header files [PREFIX/include] --oldincludedir=DIR C header files for non-gcc [/usr/include] --datarootdir=DIR read-only arch.-independent data root [PREFIX/share] --datadir=DIR read-only architecture-independent data [DATAROOTDIR] --infodir=DIR info documentation [DATAROOTDIR/info] --localedir=DIR locale-dependent data [DATAROOTDIR/locale] --mandir=DIR man documentation [DATAROOTDIR/man] --docdir=DIR documentation root [DATAROOTDIR/doc/myproxy] --htmldir=DIR html documentation [DOCDIR] --dvidir=DIR dvi documentation [DOCDIR] --pdfdir=DIR pdf documentation [DOCDIR] --psdir=DIR ps documentation [DOCDIR] _ACEOF cat <<\_ACEOF Program names: --program-prefix=PREFIX prepend PREFIX to installed program names --program-suffix=SUFFIX append SUFFIX to installed program names --program-transform-name=PROGRAM run sed PROGRAM on installed program names System types: --build=BUILD configure for building on BUILD [guessed] --host=HOST cross-compile to build programs to run on HOST [BUILD] _ACEOF fi if test -n "$ac_init_help"; then case $ac_init_help in short | recursive ) echo "Configuration of myproxy 6.2.16:";; esac cat <<\_ACEOF Optional Features: --disable-option-checking ignore unrecognized --enable/--with options --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) --enable-FEATURE[=ARG] include FEATURE [ARG=yes] --enable-silent-rules less verbose build output (undo: "make V=1") --disable-silent-rules verbose build output (undo: "make V=0") --enable-shared[=PKGS] build shared libraries [default=yes] --enable-static[=PKGS] build static libraries [default=yes] --enable-fast-install[=PKGS] optimize for fast installation [default=yes] --enable-dependency-tracking do not reject slow dependency extractors --disable-dependency-tracking speeds up one-time build --disable-libtool-lock avoid locking (might break parallel builds) Optional Packages: --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) --with-pic[=PKGS] try to use only PIC/non-PIC objects [default=use both] --with-gnu-ld assume the C compiler uses GNU ld [default=no] --with-sysroot=DIR Search for dependent libraries within DIR (or the compiler's sysroot if not specified). --with-sasl2=PATH Build with SASL V2 support --with-kerberos5=PATH Build with Kerberos V5 support --with-openldap=PATH Build with OpenLDAP CA support --with-voms=PATH Build with VOMS support Some influential environment variables: CC C compiler command CFLAGS C compiler flags LDFLAGS linker flags, e.g. -L if you have libraries in a nonstandard directory LIBS libraries to pass to the linker, e.g. -l CPPFLAGS (Objective) C/C++ preprocessor flags, e.g. -I if you have headers in a nonstandard directory CPP C preprocessor PKG_CONFIG path to pkg-config utility PKG_CONFIG_PATH directories to add to pkg-config's search path PKG_CONFIG_LIBDIR path overriding pkg-config's built-in search path GLOBUS_CFLAGS C compiler flags for GLOBUS, overriding pkg-config GLOBUS_LIBS linker flags for GLOBUS, overriding pkg-config OPENSSL_CFLAGS C compiler flags for OPENSSL, overriding pkg-config OPENSSL_LIBS linker flags for OPENSSL, overriding pkg-config Use these variables to override the choices made by `configure' or to help it to find libraries and programs with nonstandard names/locations. Report bugs to the package provider. _ACEOF ac_status=$? fi if test "$ac_init_help" = "recursive"; then # If there are subdirs, report their specific --help. for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue test -d "$ac_dir" || { cd "$srcdir" && ac_pwd=`pwd` && srcdir=. && test -d "$ac_dir"; } || continue ac_builddir=. case "$ac_dir" in .) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; *) ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` # A ".." for each directory in $ac_dir_suffix. ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` case $ac_top_builddir_sub in "") ac_top_builddir_sub=. ac_top_build_prefix= ;; *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; esac ;; esac ac_abs_top_builddir=$ac_pwd ac_abs_builddir=$ac_pwd$ac_dir_suffix # for backward compatibility: ac_top_builddir=$ac_top_build_prefix case $srcdir in .) # We are building in place. ac_srcdir=. ac_top_srcdir=$ac_top_builddir_sub ac_abs_top_srcdir=$ac_pwd ;; [\\/]* | ?:[\\/]* ) # Absolute name. ac_srcdir=$srcdir$ac_dir_suffix; ac_top_srcdir=$srcdir ac_abs_top_srcdir=$srcdir ;; *) # Relative name. ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix ac_top_srcdir=$ac_top_build_prefix$srcdir ac_abs_top_srcdir=$ac_pwd/$srcdir ;; esac ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix cd "$ac_dir" || { ac_status=$?; continue; } # Check for guested configure. if test -f "$ac_srcdir/configure.gnu"; then echo && $SHELL "$ac_srcdir/configure.gnu" --help=recursive elif test -f "$ac_srcdir/configure"; then echo && $SHELL "$ac_srcdir/configure" --help=recursive else $as_echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2 fi || ac_status=$? cd "$ac_pwd" || { ac_status=$?; break; } done fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF myproxy configure 6.2.16 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. This configure script is free software; the Free Software Foundation gives unlimited permission to copy, distribute and modify it. _ACEOF exit fi ## ------------------------ ## ## Autoconf initialization. ## ## ------------------------ ## # ac_fn_c_try_compile LINENO # -------------------------- # Try to compile conftest.$ac_ext, and return whether this succeeded. ac_fn_c_try_compile () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack rm -f conftest.$ac_objext if { { ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_compile") 2>conftest.err ac_status=$? if test -s conftest.err; then grep -v '^ *+' conftest.err >conftest.er1 cat conftest.er1 >&5 mv -f conftest.er1 conftest.err fi $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then : ac_retval=0 else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_retval=1 fi eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno as_fn_set_status $ac_retval } # ac_fn_c_try_compile # ac_fn_c_try_link LINENO # ----------------------- # Try to link conftest.$ac_ext, and return whether this succeeded. ac_fn_c_try_link () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack rm -f conftest.$ac_objext conftest$ac_exeext if { { ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_link") 2>conftest.err ac_status=$? if test -s conftest.err; then grep -v '^ *+' conftest.err >conftest.er1 cat conftest.er1 >&5 mv -f conftest.er1 conftest.err fi $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || test -x conftest$ac_exeext }; then : ac_retval=0 else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_retval=1 fi # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would # interfere with the next link command; also delete a directory that is # left behind by Apple's compiler. We do this before executing the actions. rm -rf conftest.dSYM conftest_ipa8_conftest.oo eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno as_fn_set_status $ac_retval } # ac_fn_c_try_link # ac_fn_c_check_header_compile LINENO HEADER VAR INCLUDES # ------------------------------------------------------- # Tests whether HEADER exists and can be compiled using the include files in # INCLUDES, setting the cache variable VAR accordingly. ac_fn_c_check_header_compile () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 $as_echo_n "checking for $2... " >&6; } if eval \${$3+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 #include <$2> _ACEOF if ac_fn_c_try_compile "$LINENO"; then : eval "$3=yes" else eval "$3=no" fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi eval ac_res=\$$3 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno } # ac_fn_c_check_header_compile # ac_fn_c_try_cpp LINENO # ---------------------- # Try to preprocess conftest.$ac_ext, and return whether this succeeded. ac_fn_c_try_cpp () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack if { { ac_try="$ac_cpp conftest.$ac_ext" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err ac_status=$? if test -s conftest.err; then grep -v '^ *+' conftest.err >conftest.er1 cat conftest.er1 >&5 mv -f conftest.er1 conftest.err fi $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } > conftest.i && { test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || test ! -s conftest.err }; then : ac_retval=0 else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_retval=1 fi eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno as_fn_set_status $ac_retval } # ac_fn_c_try_cpp # ac_fn_c_try_run LINENO # ---------------------- # Try to link conftest.$ac_ext, and return whether this succeeded. Assumes # that executables *can* be run. ac_fn_c_try_run () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack if { { ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_link") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } && { ac_try='./conftest$ac_exeext' { { case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_try") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; }; then : ac_retval=0 else $as_echo "$as_me: program exited with status $ac_status" >&5 $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_retval=$ac_status fi rm -rf conftest.dSYM conftest_ipa8_conftest.oo eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno as_fn_set_status $ac_retval } # ac_fn_c_try_run # ac_fn_c_check_func LINENO FUNC VAR # ---------------------------------- # Tests whether FUNC exists, setting the cache variable VAR accordingly ac_fn_c_check_func () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 $as_echo_n "checking for $2... " >&6; } if eval \${$3+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Define $2 to an innocuous variant, in case declares $2. For example, HP-UX 11i declares gettimeofday. */ #define $2 innocuous_$2 /* System header to define __stub macros and hopefully few prototypes, which can conflict with char $2 (); below. Prefer to if __STDC__ is defined, since exists even on freestanding compilers. */ #ifdef __STDC__ # include #else # include #endif #undef $2 /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char $2 (); /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ #if defined __stub_$2 || defined __stub___$2 choke me #endif int main () { return $2 (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : eval "$3=yes" else eval "$3=no" fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext fi eval ac_res=\$$3 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno } # ac_fn_c_check_func # ac_fn_c_check_header_mongrel LINENO HEADER VAR INCLUDES # ------------------------------------------------------- # Tests whether HEADER exists, giving a warning if it cannot be compiled using # the include files in INCLUDES and setting the cache variable VAR # accordingly. ac_fn_c_check_header_mongrel () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack if eval \${$3+:} false; then : { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 $as_echo_n "checking for $2... " >&6; } if eval \${$3+:} false; then : $as_echo_n "(cached) " >&6 fi eval ac_res=\$$3 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } else # Is the header compilable? { $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 usability" >&5 $as_echo_n "checking $2 usability... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 #include <$2> _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_header_compiler=yes else ac_header_compiler=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_compiler" >&5 $as_echo "$ac_header_compiler" >&6; } # Is the header present? { $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 presence" >&5 $as_echo_n "checking $2 presence... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include <$2> _ACEOF if ac_fn_c_try_cpp "$LINENO"; then : ac_header_preproc=yes else ac_header_preproc=no fi rm -f conftest.err conftest.i conftest.$ac_ext { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_preproc" >&5 $as_echo "$ac_header_preproc" >&6; } # So? What about this header? case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in #(( yes:no: ) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&5 $as_echo "$as_me: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5 $as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;} ;; no:yes:* ) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: present but cannot be compiled" >&5 $as_echo "$as_me: WARNING: $2: present but cannot be compiled" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: check for missing prerequisite headers?" >&5 $as_echo "$as_me: WARNING: $2: check for missing prerequisite headers?" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: see the Autoconf documentation" >&5 $as_echo "$as_me: WARNING: $2: see the Autoconf documentation" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&5 $as_echo "$as_me: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5 $as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;} ;; esac { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 $as_echo_n "checking for $2... " >&6; } if eval \${$3+:} false; then : $as_echo_n "(cached) " >&6 else eval "$3=\$ac_header_compiler" fi eval ac_res=\$$3 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } fi eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno } # ac_fn_c_check_header_mongrel # ac_fn_c_check_type LINENO TYPE VAR INCLUDES # ------------------------------------------- # Tests whether TYPE exists after having included INCLUDES, setting cache # variable VAR accordingly. ac_fn_c_check_type () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 $as_echo_n "checking for $2... " >&6; } if eval \${$3+:} false; then : $as_echo_n "(cached) " >&6 else eval "$3=no" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 int main () { if (sizeof ($2)) return 0; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 int main () { if (sizeof (($2))) return 0; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : else eval "$3=yes" fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi eval ac_res=\$$3 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno } # ac_fn_c_check_type # ac_fn_c_check_decl LINENO SYMBOL VAR INCLUDES # --------------------------------------------- # Tests whether SYMBOL is declared in INCLUDES, setting cache variable VAR # accordingly. ac_fn_c_check_decl () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack as_decl_name=`echo $2|sed 's/ *(.*//'` as_decl_use=`echo $2|sed -e 's/(/((/' -e 's/)/) 0&/' -e 's/,/) 0& (/g'` { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $as_decl_name is declared" >&5 $as_echo_n "checking whether $as_decl_name is declared... " >&6; } if eval \${$3+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 int main () { #ifndef $as_decl_name #ifdef __cplusplus (void) $as_decl_use; #else (void) $as_decl_name; #endif #endif ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : eval "$3=yes" else eval "$3=no" fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi eval ac_res=\$$3 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno } # ac_fn_c_check_decl cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. It was created by myproxy $as_me 6.2.16, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ _ACEOF exec 5>>config.log { cat <<_ASUNAME ## --------- ## ## Platform. ## ## --------- ## hostname = `(hostname || uname -n) 2>/dev/null | sed 1q` uname -m = `(uname -m) 2>/dev/null || echo unknown` uname -r = `(uname -r) 2>/dev/null || echo unknown` uname -s = `(uname -s) 2>/dev/null || echo unknown` uname -v = `(uname -v) 2>/dev/null || echo unknown` /usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown` /bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown` /bin/arch = `(/bin/arch) 2>/dev/null || echo unknown` /usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown` /usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown` /usr/bin/hostinfo = `(/usr/bin/hostinfo) 2>/dev/null || echo unknown` /bin/machine = `(/bin/machine) 2>/dev/null || echo unknown` /usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown` /bin/universe = `(/bin/universe) 2>/dev/null || echo unknown` _ASUNAME as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. $as_echo "PATH: $as_dir" done IFS=$as_save_IFS } >&5 cat >&5 <<_ACEOF ## ----------- ## ## Core tests. ## ## ----------- ## _ACEOF # Keep a trace of the command line. # Strip out --no-create and --no-recursion so they do not pile up. # Strip out --silent because we don't want to record it for future runs. # Also quote any args containing shell meta-characters. # Make two passes to allow for proper duplicate-argument suppression. ac_configure_args= ac_configure_args0= ac_configure_args1= ac_must_keep_next=false for ac_pass in 1 2 do for ac_arg do case $ac_arg in -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;; -q | -quiet | --quiet | --quie | --qui | --qu | --q \ | -silent | --silent | --silen | --sile | --sil) continue ;; *\'*) ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;; esac case $ac_pass in 1) as_fn_append ac_configure_args0 " '$ac_arg'" ;; 2) as_fn_append ac_configure_args1 " '$ac_arg'" if test $ac_must_keep_next = true; then ac_must_keep_next=false # Got value, back to normal. else case $ac_arg in *=* | --config-cache | -C | -disable-* | --disable-* \ | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \ | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \ | -with-* | --with-* | -without-* | --without-* | --x) case "$ac_configure_args0 " in "$ac_configure_args1"*" '$ac_arg' "* ) continue ;; esac ;; -* ) ac_must_keep_next=true ;; esac fi as_fn_append ac_configure_args " '$ac_arg'" ;; esac done done { ac_configure_args0=; unset ac_configure_args0;} { ac_configure_args1=; unset ac_configure_args1;} # When interrupted or exit'd, cleanup temporary files, and complete # config.log. We remove comments because anyway the quotes in there # would cause problems or look ugly. # WARNING: Use '\'' to represent an apostrophe within the trap. # WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug. trap 'exit_status=$? # Save into config.log some information that might help in debugging. { echo $as_echo "## ---------------- ## ## Cache variables. ## ## ---------------- ##" echo # The following way of writing the cache mishandles newlines in values, ( for ac_var in `(set) 2>&1 | sed -n '\''s/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'\''`; do eval ac_val=\$$ac_var case $ac_val in #( *${as_nl}*) case $ac_var in #( *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 $as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; esac case $ac_var in #( _ | IFS | as_nl) ;; #( BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #( *) { eval $ac_var=; unset $ac_var;} ;; esac ;; esac done (set) 2>&1 | case $as_nl`(ac_space='\'' '\''; set) 2>&1` in #( *${as_nl}ac_space=\ *) sed -n \ "s/'\''/'\''\\\\'\'''\''/g; s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\''\\2'\''/p" ;; #( *) sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" ;; esac | sort ) echo $as_echo "## ----------------- ## ## Output variables. ## ## ----------------- ##" echo for ac_var in $ac_subst_vars do eval ac_val=\$$ac_var case $ac_val in *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; esac $as_echo "$ac_var='\''$ac_val'\''" done | sort echo if test -n "$ac_subst_files"; then $as_echo "## ------------------- ## ## File substitutions. ## ## ------------------- ##" echo for ac_var in $ac_subst_files do eval ac_val=\$$ac_var case $ac_val in *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; esac $as_echo "$ac_var='\''$ac_val'\''" done | sort echo fi if test -s confdefs.h; then $as_echo "## ----------- ## ## confdefs.h. ## ## ----------- ##" echo cat confdefs.h echo fi test "$ac_signal" != 0 && $as_echo "$as_me: caught signal $ac_signal" $as_echo "$as_me: exit $exit_status" } >&5 rm -f core *.core core.conftest.* && rm -f -r conftest* confdefs* conf$$* $ac_clean_files && exit $exit_status ' 0 for ac_signal in 1 2 13 15; do trap 'ac_signal='$ac_signal'; as_fn_exit 1' $ac_signal done ac_signal=0 # confdefs.h avoids OS command line length limits that DEFS can exceed. rm -f -r conftest* confdefs.h $as_echo "/* confdefs.h */" > confdefs.h # Predefined preprocessor variables. cat >>confdefs.h <<_ACEOF #define PACKAGE_NAME "$PACKAGE_NAME" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_TARNAME "$PACKAGE_TARNAME" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_VERSION "$PACKAGE_VERSION" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_STRING "$PACKAGE_STRING" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_URL "$PACKAGE_URL" _ACEOF # Let the site file select an alternate cache file if it wants to. # Prefer an explicitly selected file to automatically selected ones. ac_site_file1=NONE ac_site_file2=NONE if test -n "$CONFIG_SITE"; then # We do not want a PATH search for config.site. case $CONFIG_SITE in #(( -*) ac_site_file1=./$CONFIG_SITE;; */*) ac_site_file1=$CONFIG_SITE;; *) ac_site_file1=./$CONFIG_SITE;; esac elif test "x$prefix" != xNONE; then ac_site_file1=$prefix/share/config.site ac_site_file2=$prefix/etc/config.site else ac_site_file1=$ac_default_prefix/share/config.site ac_site_file2=$ac_default_prefix/etc/config.site fi for ac_site_file in "$ac_site_file1" "$ac_site_file2" do test "x$ac_site_file" = xNONE && continue if test /dev/null != "$ac_site_file" && test -r "$ac_site_file"; then { $as_echo "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5 $as_echo "$as_me: loading site script $ac_site_file" >&6;} sed 's/^/| /' "$ac_site_file" >&5 . "$ac_site_file" \ || { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "failed to load site script $ac_site_file See \`config.log' for more details" "$LINENO" 5; } fi done if test -r "$cache_file"; then # Some versions of bash will fail to source /dev/null (special files # actually), so we avoid doing that. DJGPP emulates it as a regular file. if test /dev/null != "$cache_file" && test -f "$cache_file"; then { $as_echo "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5 $as_echo "$as_me: loading cache $cache_file" >&6;} case $cache_file in [\\/]* | ?:[\\/]* ) . "$cache_file";; *) . "./$cache_file";; esac fi else { $as_echo "$as_me:${as_lineno-$LINENO}: creating cache $cache_file" >&5 $as_echo "$as_me: creating cache $cache_file" >&6;} >$cache_file fi # Check that the precious variables saved in the cache have kept the same # value. ac_cache_corrupted=false for ac_var in $ac_precious_vars; do eval ac_old_set=\$ac_cv_env_${ac_var}_set eval ac_new_set=\$ac_env_${ac_var}_set eval ac_old_val=\$ac_cv_env_${ac_var}_value eval ac_new_val=\$ac_env_${ac_var}_value case $ac_old_set,$ac_new_set in set,) { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5 $as_echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;} ac_cache_corrupted=: ;; ,set) { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5 $as_echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;} ac_cache_corrupted=: ;; ,);; *) if test "x$ac_old_val" != "x$ac_new_val"; then # differences in whitespace do not lead to failure. ac_old_val_w=`echo x $ac_old_val` ac_new_val_w=`echo x $ac_new_val` if test "$ac_old_val_w" != "$ac_new_val_w"; then { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5 $as_echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;} ac_cache_corrupted=: else { $as_echo "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5 $as_echo "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;} eval $ac_var=\$ac_old_val fi { $as_echo "$as_me:${as_lineno-$LINENO}: former value: \`$ac_old_val'" >&5 $as_echo "$as_me: former value: \`$ac_old_val'" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: current value: \`$ac_new_val'" >&5 $as_echo "$as_me: current value: \`$ac_new_val'" >&2;} fi;; esac # Pass precious variables to config.status. if test "$ac_new_set" = set; then case $ac_new_val in *\'*) ac_arg=$ac_var=`$as_echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;; *) ac_arg=$ac_var=$ac_new_val ;; esac case " $ac_configure_args " in *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy. *) as_fn_append ac_configure_args " '$ac_arg'" ;; esac fi done if $ac_cache_corrupted; then { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5 $as_echo "$as_me: error: changes in the environment can compromise the build" >&2;} as_fn_error $? "run \`make distclean' and/or \`rm $cache_file' and start over" "$LINENO" 5 fi ## -------------------- ## ## Main body of script. ## ## -------------------- ## ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu ac_aux_dir= for ac_dir in build-aux "$srcdir"/build-aux; do if test -f "$ac_dir/install-sh"; then ac_aux_dir=$ac_dir ac_install_sh="$ac_aux_dir/install-sh -c" break elif test -f "$ac_dir/install.sh"; then ac_aux_dir=$ac_dir ac_install_sh="$ac_aux_dir/install.sh -c" break elif test -f "$ac_dir/shtool"; then ac_aux_dir=$ac_dir ac_install_sh="$ac_aux_dir/shtool install -c" break fi done if test -z "$ac_aux_dir"; then as_fn_error $? "cannot find install-sh, install.sh, or shtool in build-aux \"$srcdir\"/build-aux" "$LINENO" 5 fi # These three variables are undocumented and unsupported, # and are intended to be withdrawn in a future Autoconf release. # They can cause serious problems if a builder's source tree is in a directory # whose full name contains unusual characters. ac_config_guess="$SHELL $ac_aux_dir/config.guess" # Please don't use this var. ac_config_sub="$SHELL $ac_aux_dir/config.sub" # Please don't use this var. ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var. am__api_version='1.13' # Find a good install program. We prefer a C program (faster), # so one script is as good as another. But avoid the broken or # incompatible versions: # SysV /etc/install, /usr/sbin/install # SunOS /usr/etc/install # IRIX /sbin/install # AIX /bin/install # AmigaOS /C/install, which installs bootblocks on floppy discs # AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag # AFS /usr/afsws/bin/install, which mishandles nonexistent args # SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff" # OS/2's system install, which has a completely different semantic # ./install, which can be erroneously created by make from ./install.sh. # Reject install programs that cannot install multiple files. { $as_echo "$as_me:${as_lineno-$LINENO}: checking for a BSD-compatible install" >&5 $as_echo_n "checking for a BSD-compatible install... " >&6; } if test -z "$INSTALL"; then if ${ac_cv_path_install+:} false; then : $as_echo_n "(cached) " >&6 else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. # Account for people who put trailing slashes in PATH elements. case $as_dir/ in #(( ./ | .// | /[cC]/* | \ /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \ ?:[\\/]os2[\\/]install[\\/]* | ?:[\\/]OS2[\\/]INSTALL[\\/]* | \ /usr/ucb/* ) ;; *) # OSF1 and SCO ODT 3.0 have their own names for install. # Don't use installbsd from OSF since it installs stuff as root # by default. for ac_prog in ginstall scoinst install; do for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_prog$ac_exec_ext"; then if test $ac_prog = install && grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then # AIX install. It has an incompatible calling convention. : elif test $ac_prog = install && grep pwplus "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then # program-specific install script used by HP pwplus--don't use. : else rm -rf conftest.one conftest.two conftest.dir echo one > conftest.one echo two > conftest.two mkdir conftest.dir if "$as_dir/$ac_prog$ac_exec_ext" -c conftest.one conftest.two "`pwd`/conftest.dir" && test -s conftest.one && test -s conftest.two && test -s conftest.dir/conftest.one && test -s conftest.dir/conftest.two then ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c" break 3 fi fi fi done done ;; esac done IFS=$as_save_IFS rm -rf conftest.one conftest.two conftest.dir fi if test "${ac_cv_path_install+set}" = set; then INSTALL=$ac_cv_path_install else # As a last resort, use the slow shell script. Don't cache a # value for INSTALL within a source directory, because that will # break other packages using the cache if that directory is # removed, or if the value is a relative name. INSTALL=$ac_install_sh fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $INSTALL" >&5 $as_echo "$INSTALL" >&6; } # Use test -z because SunOS4 sh mishandles braces in ${var-val}. # It thinks the first close brace ends the variable substitution. test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}' test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}' test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644' { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether build environment is sane" >&5 $as_echo_n "checking whether build environment is sane... " >&6; } # Reject unsafe characters in $srcdir or the absolute working directory # name. Accept space and tab only in the latter. am_lf=' ' case `pwd` in *[\\\"\#\$\&\'\`$am_lf]*) as_fn_error $? "unsafe absolute working directory name" "$LINENO" 5;; esac case $srcdir in *[\\\"\#\$\&\'\`$am_lf\ \ ]*) as_fn_error $? "unsafe srcdir value: '$srcdir'" "$LINENO" 5;; esac # Do 'set' in a subshell so we don't clobber the current shell's # arguments. Must try -L first in case configure is actually a # symlink; some systems play weird games with the mod time of symlinks # (eg FreeBSD returns the mod time of the symlink's containing # directory). if ( am_has_slept=no for am_try in 1 2; do echo "timestamp, slept: $am_has_slept" > conftest.file set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null` if test "$*" = "X"; then # -L didn't work. set X `ls -t "$srcdir/configure" conftest.file` fi if test "$*" != "X $srcdir/configure conftest.file" \ && test "$*" != "X conftest.file $srcdir/configure"; then # If neither matched, then we have a broken ls. This can happen # if, for instance, CONFIG_SHELL is bash and it inherits a # broken ls alias from the environment. This has actually # happened. Such a system could not be considered "sane". as_fn_error $? "ls -t appears to fail. Make sure there is not a broken alias in your environment" "$LINENO" 5 fi if test "$2" = conftest.file || test $am_try -eq 2; then break fi # Just in case. sleep 1 am_has_slept=yes done test "$2" = conftest.file ) then # Ok. : else as_fn_error $? "newly created file is older than distributed files! Check your system clock" "$LINENO" 5 fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } # If we didn't sleep, we still need to ensure time stamps of config.status and # generated files are strictly newer. am_sleep_pid= if grep 'slept: no' conftest.file >/dev/null 2>&1; then ( sleep 1 ) & am_sleep_pid=$! fi rm -f conftest.file test "$program_prefix" != NONE && program_transform_name="s&^&$program_prefix&;$program_transform_name" # Use a double $ so make ignores it. test "$program_suffix" != NONE && program_transform_name="s&\$&$program_suffix&;$program_transform_name" # Double any \ or $. # By default was `s,x,x', remove it if useless. ac_script='s/[\\$]/&&/g;s/;s,x,x,$//' program_transform_name=`$as_echo "$program_transform_name" | sed "$ac_script"` # expand $ac_aux_dir to an absolute path am_aux_dir=`cd $ac_aux_dir && pwd` if test x"${MISSING+set}" != xset; then case $am_aux_dir in *\ * | *\ *) MISSING="\${SHELL} \"$am_aux_dir/missing\"" ;; *) MISSING="\${SHELL} $am_aux_dir/missing" ;; esac fi # Use eval to expand $SHELL if eval "$MISSING --is-lightweight"; then am_missing_run="$MISSING " else am_missing_run= { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: 'missing' script is too old or missing" >&5 $as_echo "$as_me: WARNING: 'missing' script is too old or missing" >&2;} fi if test x"${install_sh}" != xset; then case $am_aux_dir in *\ * | *\ *) install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;; *) install_sh="\${SHELL} $am_aux_dir/install-sh" esac fi # Installed binaries are usually stripped using 'strip' when the user # run "make install-strip". However 'strip' might not be the right # tool to use in cross-compilation environments, therefore Automake # will honor the 'STRIP' environment variable to overrule this program. if test "$cross_compiling" != no; then if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args. set dummy ${ac_tool_prefix}strip; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_STRIP+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$STRIP"; then ac_cv_prog_STRIP="$STRIP" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_STRIP="${ac_tool_prefix}strip" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi STRIP=$ac_cv_prog_STRIP if test -n "$STRIP"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5 $as_echo "$STRIP" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_prog_STRIP"; then ac_ct_STRIP=$STRIP # Extract the first word of "strip", so it can be a program name with args. set dummy strip; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ac_ct_STRIP+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_STRIP"; then ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_STRIP="strip" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP if test -n "$ac_ct_STRIP"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5 $as_echo "$ac_ct_STRIP" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_ct_STRIP" = x; then STRIP=":" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac STRIP=$ac_ct_STRIP fi else STRIP="$ac_cv_prog_STRIP" fi fi INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s" { $as_echo "$as_me:${as_lineno-$LINENO}: checking for a thread-safe mkdir -p" >&5 $as_echo_n "checking for a thread-safe mkdir -p... " >&6; } if test -z "$MKDIR_P"; then if ${ac_cv_path_mkdir+:} false; then : $as_echo_n "(cached) " >&6 else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH$PATH_SEPARATOR/opt/sfw/bin do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_prog in mkdir gmkdir; do for ac_exec_ext in '' $ac_executable_extensions; do as_fn_executable_p "$as_dir/$ac_prog$ac_exec_ext" || continue case `"$as_dir/$ac_prog$ac_exec_ext" --version 2>&1` in #( 'mkdir (GNU coreutils) '* | \ 'mkdir (coreutils) '* | \ 'mkdir (fileutils) '4.1*) ac_cv_path_mkdir=$as_dir/$ac_prog$ac_exec_ext break 3;; esac done done done IFS=$as_save_IFS fi test -d ./--version && rmdir ./--version if test "${ac_cv_path_mkdir+set}" = set; then MKDIR_P="$ac_cv_path_mkdir -p" else # As a last resort, use the slow shell script. Don't cache a # value for MKDIR_P within a source directory, because that will # break other packages using the cache if that directory is # removed, or if the value is a relative name. MKDIR_P="$ac_install_sh -d" fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MKDIR_P" >&5 $as_echo "$MKDIR_P" >&6; } for ac_prog in gawk mawk nawk awk do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_AWK+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$AWK"; then ac_cv_prog_AWK="$AWK" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_AWK="$ac_prog" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi AWK=$ac_cv_prog_AWK if test -n "$AWK"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AWK" >&5 $as_echo "$AWK" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi test -n "$AWK" && break done { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${MAKE-make} sets \$(MAKE)" >&5 $as_echo_n "checking whether ${MAKE-make} sets \$(MAKE)... " >&6; } set x ${MAKE-make} ac_make=`$as_echo "$2" | sed 's/+/p/g; s/[^a-zA-Z0-9_]/_/g'` if eval \${ac_cv_prog_make_${ac_make}_set+:} false; then : $as_echo_n "(cached) " >&6 else cat >conftest.make <<\_ACEOF SHELL = /bin/sh all: @echo '@@@%%%=$(MAKE)=@@@%%%' _ACEOF # GNU make sometimes prints "make[1]: Entering ...", which would confuse us. case `${MAKE-make} -f conftest.make 2>/dev/null` in *@@@%%%=?*=@@@%%%*) eval ac_cv_prog_make_${ac_make}_set=yes;; *) eval ac_cv_prog_make_${ac_make}_set=no;; esac rm -f conftest.make fi if eval test \$ac_cv_prog_make_${ac_make}_set = yes; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } SET_MAKE= else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } SET_MAKE="MAKE=${MAKE-make}" fi rm -rf .tst 2>/dev/null mkdir .tst 2>/dev/null if test -d .tst; then am__leading_dot=. else am__leading_dot=_ fi rmdir .tst 2>/dev/null # Check whether --enable-silent-rules was given. if test "${enable_silent_rules+set}" = set; then : enableval=$enable_silent_rules; fi case $enable_silent_rules in # ((( yes) AM_DEFAULT_VERBOSITY=0;; no) AM_DEFAULT_VERBOSITY=1;; *) AM_DEFAULT_VERBOSITY=1;; esac am_make=${MAKE-make} { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $am_make supports nested variables" >&5 $as_echo_n "checking whether $am_make supports nested variables... " >&6; } if ${am_cv_make_support_nested_variables+:} false; then : $as_echo_n "(cached) " >&6 else if $as_echo 'TRUE=$(BAR$(V)) BAR0=false BAR1=true V=1 am__doit: @$(TRUE) .PHONY: am__doit' | $am_make -f - >/dev/null 2>&1; then am_cv_make_support_nested_variables=yes else am_cv_make_support_nested_variables=no fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_make_support_nested_variables" >&5 $as_echo "$am_cv_make_support_nested_variables" >&6; } if test $am_cv_make_support_nested_variables = yes; then AM_V='$(V)' AM_DEFAULT_V='$(AM_DEFAULT_VERBOSITY)' else AM_V=$AM_DEFAULT_VERBOSITY AM_DEFAULT_V=$AM_DEFAULT_VERBOSITY fi AM_BACKSLASH='\' if test "`cd $srcdir && pwd`" != "`pwd`"; then # Use -I$(srcdir) only when $(srcdir) != ., so that make's output # is not polluted with repeated "-I." am__isrc=' -I$(srcdir)' # test to see if srcdir already configured if test -f $srcdir/config.status; then as_fn_error $? "source directory already configured; run \"make distclean\" there first" "$LINENO" 5 fi fi # test whether we have cygpath if test -z "$CYGPATH_W"; then if (cygpath --version) >/dev/null 2>/dev/null; then CYGPATH_W='cygpath -w' else CYGPATH_W=echo fi fi # Define the identity of the package. PACKAGE='myproxy' VERSION='6.2.16' cat >>confdefs.h <<_ACEOF #define PACKAGE "$PACKAGE" _ACEOF cat >>confdefs.h <<_ACEOF #define VERSION "$VERSION" _ACEOF # Some tools Automake needs. ACLOCAL=${ACLOCAL-"${am_missing_run}aclocal-${am__api_version}"} AUTOCONF=${AUTOCONF-"${am_missing_run}autoconf"} AUTOMAKE=${AUTOMAKE-"${am_missing_run}automake-${am__api_version}"} AUTOHEADER=${AUTOHEADER-"${am_missing_run}autoheader"} MAKEINFO=${MAKEINFO-"${am_missing_run}makeinfo"} # For better backward compatibility. To be removed once Automake 1.9.x # dies out for good. For more background, see: # # mkdir_p='$(MKDIR_P)' # We need awk for the "check" target. The system "awk" is bad on # some platforms. # Always define AMTAR for backward compatibility. Yes, it's still used # in the wild :-( We should find a proper way to deprecate it ... AMTAR='$${TAR-tar}' # We'll loop over all known methods to create a tar archive until one works. _am_tools='gnutar pax cpio none' am__tar='$${TAR-tar} chof - "$$tardir"' am__untar='$${TAR-tar} xf -' case `pwd` in *\ * | *\ *) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Libtool does not cope well with whitespace in \`pwd\`" >&5 $as_echo "$as_me: WARNING: Libtool does not cope well with whitespace in \`pwd\`" >&2;} ;; esac macro_version='2.4.2' macro_revision='1.3337' ltmain="$ac_aux_dir/ltmain.sh" # Make sure we can run config.sub. $SHELL "$ac_aux_dir/config.sub" sun4 >/dev/null 2>&1 || as_fn_error $? "cannot run $SHELL $ac_aux_dir/config.sub" "$LINENO" 5 { $as_echo "$as_me:${as_lineno-$LINENO}: checking build system type" >&5 $as_echo_n "checking build system type... " >&6; } if ${ac_cv_build+:} false; then : $as_echo_n "(cached) " >&6 else ac_build_alias=$build_alias test "x$ac_build_alias" = x && ac_build_alias=`$SHELL "$ac_aux_dir/config.guess"` test "x$ac_build_alias" = x && as_fn_error $? "cannot guess build type; you must specify one" "$LINENO" 5 ac_cv_build=`$SHELL "$ac_aux_dir/config.sub" $ac_build_alias` || as_fn_error $? "$SHELL $ac_aux_dir/config.sub $ac_build_alias failed" "$LINENO" 5 fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build" >&5 $as_echo "$ac_cv_build" >&6; } case $ac_cv_build in *-*-*) ;; *) as_fn_error $? "invalid value of canonical build" "$LINENO" 5;; esac build=$ac_cv_build ac_save_IFS=$IFS; IFS='-' set x $ac_cv_build shift build_cpu=$1 build_vendor=$2 shift; shift # Remember, the first character of IFS is used to create $*, # except with old shells: build_os=$* IFS=$ac_save_IFS case $build_os in *\ *) build_os=`echo "$build_os" | sed 's/ /-/g'`;; esac { $as_echo "$as_me:${as_lineno-$LINENO}: checking host system type" >&5 $as_echo_n "checking host system type... " >&6; } if ${ac_cv_host+:} false; then : $as_echo_n "(cached) " >&6 else if test "x$host_alias" = x; then ac_cv_host=$ac_cv_build else ac_cv_host=`$SHELL "$ac_aux_dir/config.sub" $host_alias` || as_fn_error $? "$SHELL $ac_aux_dir/config.sub $host_alias failed" "$LINENO" 5 fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_host" >&5 $as_echo "$ac_cv_host" >&6; } case $ac_cv_host in *-*-*) ;; *) as_fn_error $? "invalid value of canonical host" "$LINENO" 5;; esac host=$ac_cv_host ac_save_IFS=$IFS; IFS='-' set x $ac_cv_host shift host_cpu=$1 host_vendor=$2 shift; shift # Remember, the first character of IFS is used to create $*, # except with old shells: host_os=$* IFS=$ac_save_IFS case $host_os in *\ *) host_os=`echo "$host_os" | sed 's/ /-/g'`;; esac # Backslashify metacharacters that are still active within # double-quoted strings. sed_quote_subst='s/\(["`$\\]\)/\\\1/g' # Same as above, but do not quote variable references. double_quote_subst='s/\(["`\\]\)/\\\1/g' # Sed substitution to delay expansion of an escaped shell variable in a # double_quote_subst'ed string. delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g' # Sed substitution to delay expansion of an escaped single quote. delay_single_quote_subst='s/'\''/'\'\\\\\\\'\''/g' # Sed substitution to avoid accidental globbing in evaled expressions no_glob_subst='s/\*/\\\*/g' ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO$ECHO { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to print strings" >&5 $as_echo_n "checking how to print strings... " >&6; } # Test print first, because it will be a builtin if present. if test "X`( print -r -- -n ) 2>/dev/null`" = X-n && \ test "X`print -r -- $ECHO 2>/dev/null`" = "X$ECHO"; then ECHO='print -r --' elif test "X`printf %s $ECHO 2>/dev/null`" = "X$ECHO"; then ECHO='printf %s\n' else # Use this function as a fallback that always works. func_fallback_echo () { eval 'cat <<_LTECHO_EOF $1 _LTECHO_EOF' } ECHO='func_fallback_echo' fi # func_echo_all arg... # Invoke $ECHO with all args, space-separated. func_echo_all () { $ECHO "" } case "$ECHO" in printf*) { $as_echo "$as_me:${as_lineno-$LINENO}: result: printf" >&5 $as_echo "printf" >&6; } ;; print*) { $as_echo "$as_me:${as_lineno-$LINENO}: result: print -r" >&5 $as_echo "print -r" >&6; } ;; *) { $as_echo "$as_me:${as_lineno-$LINENO}: result: cat" >&5 $as_echo "cat" >&6; } ;; esac DEPDIR="${am__leading_dot}deps" ac_config_commands="$ac_config_commands depfiles" am_make=${MAKE-make} cat > confinc << 'END' am__doit: @echo this is the am__doit target .PHONY: am__doit END # If we don't find an include directive, just comment out the code. { $as_echo "$as_me:${as_lineno-$LINENO}: checking for style of include used by $am_make" >&5 $as_echo_n "checking for style of include used by $am_make... " >&6; } am__include="#" am__quote= _am_result=none # First try GNU make style include. echo "include confinc" > confmf # Ignore all kinds of additional output from 'make'. case `$am_make -s -f confmf 2> /dev/null` in #( *the\ am__doit\ target*) am__include=include am__quote= _am_result=GNU ;; esac # Now try BSD make style include. if test "$am__include" = "#"; then echo '.include "confinc"' > confmf case `$am_make -s -f confmf 2> /dev/null` in #( *the\ am__doit\ target*) am__include=.include am__quote="\"" _am_result=BSD ;; esac fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $_am_result" >&5 $as_echo "$_am_result" >&6; } rm -f confinc confmf # Check whether --enable-dependency-tracking was given. if test "${enable_dependency_tracking+set}" = set; then : enableval=$enable_dependency_tracking; fi if test "x$enable_dependency_tracking" != xno; then am_depcomp="$ac_aux_dir/depcomp" AMDEPBACKSLASH='\' am__nodep='_no' fi if test "x$enable_dependency_tracking" != xno; then AMDEP_TRUE= AMDEP_FALSE='#' else AMDEP_TRUE='#' AMDEP_FALSE= fi ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args. set dummy ${ac_tool_prefix}gcc; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_CC+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_CC="${ac_tool_prefix}gcc" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 $as_echo "$CC" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_prog_CC"; then ac_ct_CC=$CC # Extract the first word of "gcc", so it can be a program name with args. set dummy gcc; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ac_ct_CC+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_CC"; then ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_CC="gcc" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_CC=$ac_cv_prog_ac_ct_CC if test -n "$ac_ct_CC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 $as_echo "$ac_ct_CC" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_ct_CC" = x; then CC="" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac CC=$ac_ct_CC fi else CC="$ac_cv_prog_CC" fi if test -z "$CC"; then if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args. set dummy ${ac_tool_prefix}cc; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_CC+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_CC="${ac_tool_prefix}cc" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 $as_echo "$CC" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi fi if test -z "$CC"; then # Extract the first word of "cc", so it can be a program name with args. set dummy cc; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_CC+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else ac_prog_rejected=no as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then ac_prog_rejected=yes continue fi ac_cv_prog_CC="cc" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS if test $ac_prog_rejected = yes; then # We found a bogon in the path, so make sure we never use it. set dummy $ac_cv_prog_CC shift if test $# != 0; then # We chose a different compiler from the bogus one. # However, it has the same basename, so the bogon will be chosen # first if we set CC to just the basename; use the full file name. shift ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@" fi fi fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 $as_echo "$CC" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$CC"; then if test -n "$ac_tool_prefix"; then for ac_prog in cl.exe do # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. set dummy $ac_tool_prefix$ac_prog; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_CC+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_CC="$ac_tool_prefix$ac_prog" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 $as_echo "$CC" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi test -n "$CC" && break done fi if test -z "$CC"; then ac_ct_CC=$CC for ac_prog in cl.exe do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ac_ct_CC+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_CC"; then ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_CC="$ac_prog" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_CC=$ac_cv_prog_ac_ct_CC if test -n "$ac_ct_CC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 $as_echo "$ac_ct_CC" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi test -n "$ac_ct_CC" && break done if test "x$ac_ct_CC" = x; then CC="" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac CC=$ac_ct_CC fi fi fi test -z "$CC" && { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "no acceptable C compiler found in \$PATH See \`config.log' for more details" "$LINENO" 5; } # Provide some information about the compiler. $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5 set X $ac_compile ac_compiler=$2 for ac_option in --version -v -V -qversion; do { { ac_try="$ac_compiler $ac_option >&5" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_compiler $ac_option >&5") 2>conftest.err ac_status=$? if test -s conftest.err; then sed '10a\ ... rest of stderr output deleted ... 10q' conftest.err >conftest.er1 cat conftest.er1 >&5 fi rm -f conftest.er1 conftest.err $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } done cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF ac_clean_files_save=$ac_clean_files ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out" # Try to create an executable without -o first, disregard a.out. # It will help us diagnose broken compilers, and finding out an intuition # of exeext. { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5 $as_echo_n "checking whether the C compiler works... " >&6; } ac_link_default=`$as_echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'` # The possible output files: ac_files="a.out conftest.exe conftest a.exe a_out.exe b.out conftest.*" ac_rmfiles= for ac_file in $ac_files do case $ac_file in *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; * ) ac_rmfiles="$ac_rmfiles $ac_file";; esac done rm -f $ac_rmfiles if { { ac_try="$ac_link_default" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_link_default") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then : # Autoconf-2.13 could set the ac_cv_exeext variable to `no'. # So ignore a value of `no', otherwise this would lead to `EXEEXT = no' # in a Makefile. We should not override ac_cv_exeext if it was cached, # so that the user can short-circuit this test for compilers unknown to # Autoconf. for ac_file in $ac_files '' do test -f "$ac_file" || continue case $ac_file in *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; [ab].out ) # We found the default executable, but exeext='' is most # certainly right. break;; *.* ) if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no; then :; else ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` fi # We set ac_cv_exeext here because the later test for it is not # safe: cross compilers may not add the suffix if given an `-o' # argument, so we may need to know it at that point already. # Even if this section looks crufty: it has the advantage of # actually working. break;; * ) break;; esac done test "$ac_cv_exeext" = no && ac_cv_exeext= else ac_file='' fi if test -z "$ac_file"; then : { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error 77 "C compiler cannot create executables See \`config.log' for more details" "$LINENO" 5; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5 $as_echo_n "checking for C compiler default output file name... " >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5 $as_echo "$ac_file" >&6; } ac_exeext=$ac_cv_exeext rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out ac_clean_files=$ac_clean_files_save { $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5 $as_echo_n "checking for suffix of executables... " >&6; } if { { ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_link") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then : # If both `conftest.exe' and `conftest' are `present' (well, observable) # catch `conftest.exe'. For instance with Cygwin, `ls conftest' will # work properly (i.e., refer to `conftest.exe'), while it won't with # `rm'. for ac_file in conftest.exe conftest conftest.*; do test -f "$ac_file" || continue case $ac_file in *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` break;; * ) break;; esac done else { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "cannot compute suffix of executables: cannot compile and link See \`config.log' for more details" "$LINENO" 5; } fi rm -f conftest conftest$ac_cv_exeext { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5 $as_echo "$ac_cv_exeext" >&6; } rm -f conftest.$ac_ext EXEEXT=$ac_cv_exeext ac_exeext=$EXEEXT cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main () { FILE *f = fopen ("conftest.out", "w"); return ferror (f) || fclose (f) != 0; ; return 0; } _ACEOF ac_clean_files="$ac_clean_files conftest.out" # Check that the compiler produces executables we can run. If not, either # the compiler is broken, or we cross compile. { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5 $as_echo_n "checking whether we are cross compiling... " >&6; } if test "$cross_compiling" != yes; then { { ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_link") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } if { ac_try='./conftest$ac_cv_exeext' { { case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_try") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; }; then cross_compiling=no else if test "$cross_compiling" = maybe; then cross_compiling=yes else { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "cannot run C compiled programs. If you meant to cross compile, use \`--host'. See \`config.log' for more details" "$LINENO" 5; } fi fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5 $as_echo "$cross_compiling" >&6; } rm -f conftest.$ac_ext conftest$ac_cv_exeext conftest.out ac_clean_files=$ac_clean_files_save { $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5 $as_echo_n "checking for suffix of object files... " >&6; } if ${ac_cv_objext+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF rm -f conftest.o conftest.obj if { { ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_compile") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then : for ac_file in conftest.o conftest.obj conftest.*; do test -f "$ac_file" || continue; case $ac_file in *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;; *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'` break;; esac done else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "cannot compute suffix of object files: cannot compile See \`config.log' for more details" "$LINENO" 5; } fi rm -f conftest.$ac_cv_objext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5 $as_echo "$ac_cv_objext" >&6; } OBJEXT=$ac_cv_objext ac_objext=$OBJEXT { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C compiler" >&5 $as_echo_n "checking whether we are using the GNU C compiler... " >&6; } if ${ac_cv_c_compiler_gnu+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { #ifndef __GNUC__ choke me #endif ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_compiler_gnu=yes else ac_compiler_gnu=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ac_cv_c_compiler_gnu=$ac_compiler_gnu fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5 $as_echo "$ac_cv_c_compiler_gnu" >&6; } if test $ac_compiler_gnu = yes; then GCC=yes else GCC= fi ac_test_CFLAGS=${CFLAGS+set} ac_save_CFLAGS=$CFLAGS { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5 $as_echo_n "checking whether $CC accepts -g... " >&6; } if ${ac_cv_prog_cc_g+:} false; then : $as_echo_n "(cached) " >&6 else ac_save_c_werror_flag=$ac_c_werror_flag ac_c_werror_flag=yes ac_cv_prog_cc_g=no CFLAGS="-g" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_prog_cc_g=yes else CFLAGS="" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : else ac_c_werror_flag=$ac_save_c_werror_flag CFLAGS="-g" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_prog_cc_g=yes fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ac_c_werror_flag=$ac_save_c_werror_flag fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5 $as_echo "$ac_cv_prog_cc_g" >&6; } if test "$ac_test_CFLAGS" = set; then CFLAGS=$ac_save_CFLAGS elif test $ac_cv_prog_cc_g = yes; then if test "$GCC" = yes; then CFLAGS="-g -O2" else CFLAGS="-g" fi else if test "$GCC" = yes; then CFLAGS="-O2" else CFLAGS= fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C89" >&5 $as_echo_n "checking for $CC option to accept ISO C89... " >&6; } if ${ac_cv_prog_cc_c89+:} false; then : $as_echo_n "(cached) " >&6 else ac_cv_prog_cc_c89=no ac_save_CC=$CC cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include struct stat; /* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */ struct buf { int x; }; FILE * (*rcsopen) (struct buf *, struct stat *, int); static char *e (p, i) char **p; int i; { return p[i]; } static char *f (char * (*g) (char **, int), char **p, ...) { char *s; va_list v; va_start (v,p); s = g (p, va_arg (v,int)); va_end (v); return s; } /* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has function prototypes and stuff, but not '\xHH' hex character constants. These don't provoke an error unfortunately, instead are silently treated as 'x'. The following induces an error, until -std is added to get proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an array size at least. It's necessary to write '\x00'==0 to get something that's true only with -std. */ int osf4_cc_array ['\x00' == 0 ? 1 : -1]; /* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters inside strings and character constants. */ #define FOO(x) 'x' int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1]; int test (int i, double x); struct s1 {int (*f) (int a);}; struct s2 {int (*f) (double a);}; int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int); int argc; char **argv; int main () { return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]; ; return 0; } _ACEOF for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \ -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__" do CC="$ac_save_CC $ac_arg" if ac_fn_c_try_compile "$LINENO"; then : ac_cv_prog_cc_c89=$ac_arg fi rm -f core conftest.err conftest.$ac_objext test "x$ac_cv_prog_cc_c89" != "xno" && break done rm -f conftest.$ac_ext CC=$ac_save_CC fi # AC_CACHE_VAL case "x$ac_cv_prog_cc_c89" in x) { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 $as_echo "none needed" >&6; } ;; xno) { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 $as_echo "unsupported" >&6; } ;; *) CC="$CC $ac_cv_prog_cc_c89" { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5 $as_echo "$ac_cv_prog_cc_c89" >&6; } ;; esac if test "x$ac_cv_prog_cc_c89" != xno; then : fi ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu depcc="$CC" am_compiler_list= { $as_echo "$as_me:${as_lineno-$LINENO}: checking dependency style of $depcc" >&5 $as_echo_n "checking dependency style of $depcc... " >&6; } if ${am_cv_CC_dependencies_compiler_type+:} false; then : $as_echo_n "(cached) " >&6 else if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then # We make a subdir and do the tests there. Otherwise we can end up # making bogus files that we don't know about and never remove. For # instance it was reported that on HP-UX the gcc test will end up # making a dummy file named 'D' -- because '-MD' means "put the output # in D". rm -rf conftest.dir mkdir conftest.dir # Copy depcomp to subdir because otherwise we won't find it if we're # using a relative directory. cp "$am_depcomp" conftest.dir cd conftest.dir # We will build objects and dependencies in a subdirectory because # it helps to detect inapplicable dependency modes. For instance # both Tru64's cc and ICC support -MD to output dependencies as a # side effect of compilation, but ICC will put the dependencies in # the current directory while Tru64 will put them in the object # directory. mkdir sub am_cv_CC_dependencies_compiler_type=none if test "$am_compiler_list" = ""; then am_compiler_list=`sed -n 's/^#*\([a-zA-Z0-9]*\))$/\1/p' < ./depcomp` fi am__universal=false case " $depcc " in #( *\ -arch\ *\ -arch\ *) am__universal=true ;; esac for depmode in $am_compiler_list; do # Setup a source with many dependencies, because some compilers # like to wrap large dependency lists on column 80 (with \), and # we should not choose a depcomp mode which is confused by this. # # We need to recreate these files for each test, as the compiler may # overwrite some of them when testing with obscure command lines. # This happens at least with the AIX C compiler. : > sub/conftest.c for i in 1 2 3 4 5 6; do echo '#include "conftst'$i'.h"' >> sub/conftest.c # Using ": > sub/conftst$i.h" creates only sub/conftst1.h with # Solaris 10 /bin/sh. echo '/* dummy */' > sub/conftst$i.h done echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf # We check with '-c' and '-o' for the sake of the "dashmstdout" # mode. It turns out that the SunPro C++ compiler does not properly # handle '-M -o', and we need to detect this. Also, some Intel # versions had trouble with output in subdirs. am__obj=sub/conftest.${OBJEXT-o} am__minus_obj="-o $am__obj" case $depmode in gcc) # This depmode causes a compiler race in universal mode. test "$am__universal" = false || continue ;; nosideeffect) # After this tag, mechanisms are not by side-effect, so they'll # only be used when explicitly requested. if test "x$enable_dependency_tracking" = xyes; then continue else break fi ;; msvc7 | msvc7msys | msvisualcpp | msvcmsys) # This compiler won't grok '-c -o', but also, the minuso test has # not run yet. These depmodes are late enough in the game, and # so weak that their functioning should not be impacted. am__obj=conftest.${OBJEXT-o} am__minus_obj= ;; none) break ;; esac if depmode=$depmode \ source=sub/conftest.c object=$am__obj \ depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \ $SHELL ./depcomp $depcc -c $am__minus_obj sub/conftest.c \ >/dev/null 2>conftest.err && grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 && grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 && grep $am__obj sub/conftest.Po > /dev/null 2>&1 && ${MAKE-make} -s -f confmf > /dev/null 2>&1; then # icc doesn't choke on unknown options, it will just issue warnings # or remarks (even with -Werror). So we grep stderr for any message # that says an option was ignored or not supported. # When given -MP, icc 7.0 and 7.1 complain thusly: # icc: Command line warning: ignoring option '-M'; no argument required # The diagnosis changed in icc 8.0: # icc: Command line remark: option '-MP' not supported if (grep 'ignoring option' conftest.err || grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else am_cv_CC_dependencies_compiler_type=$depmode break fi fi done cd .. rm -rf conftest.dir else am_cv_CC_dependencies_compiler_type=none fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_CC_dependencies_compiler_type" >&5 $as_echo "$am_cv_CC_dependencies_compiler_type" >&6; } CCDEPMODE=depmode=$am_cv_CC_dependencies_compiler_type if test "x$enable_dependency_tracking" != xno \ && test "$am_cv_CC_dependencies_compiler_type" = gcc3; then am__fastdepCC_TRUE= am__fastdepCC_FALSE='#' else am__fastdepCC_TRUE='#' am__fastdepCC_FALSE= fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for a sed that does not truncate output" >&5 $as_echo_n "checking for a sed that does not truncate output... " >&6; } if ${ac_cv_path_SED+:} false; then : $as_echo_n "(cached) " >&6 else ac_script=s/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/ for ac_i in 1 2 3 4 5 6 7; do ac_script="$ac_script$as_nl$ac_script" done echo "$ac_script" 2>/dev/null | sed 99q >conftest.sed { ac_script=; unset ac_script;} if test -z "$SED"; then ac_path_SED_found=false # Loop through the user's path and test for each of PROGNAME-LIST as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_prog in sed gsed; do for ac_exec_ext in '' $ac_executable_extensions; do ac_path_SED="$as_dir/$ac_prog$ac_exec_ext" as_fn_executable_p "$ac_path_SED" || continue # Check for GNU ac_path_SED and select it if it is found. # Check for GNU $ac_path_SED case `"$ac_path_SED" --version 2>&1` in *GNU*) ac_cv_path_SED="$ac_path_SED" ac_path_SED_found=:;; *) ac_count=0 $as_echo_n 0123456789 >"conftest.in" while : do cat "conftest.in" "conftest.in" >"conftest.tmp" mv "conftest.tmp" "conftest.in" cp "conftest.in" "conftest.nl" $as_echo '' >> "conftest.nl" "$ac_path_SED" -f conftest.sed < "conftest.nl" >"conftest.out" 2>/dev/null || break diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break as_fn_arith $ac_count + 1 && ac_count=$as_val if test $ac_count -gt ${ac_path_SED_max-0}; then # Best one so far, save it but keep looking for a better one ac_cv_path_SED="$ac_path_SED" ac_path_SED_max=$ac_count fi # 10*(2^10) chars as input seems more than enough test $ac_count -gt 10 && break done rm -f conftest.in conftest.tmp conftest.nl conftest.out;; esac $ac_path_SED_found && break 3 done done done IFS=$as_save_IFS if test -z "$ac_cv_path_SED"; then as_fn_error $? "no acceptable sed could be found in \$PATH" "$LINENO" 5 fi else ac_cv_path_SED=$SED fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_SED" >&5 $as_echo "$ac_cv_path_SED" >&6; } SED="$ac_cv_path_SED" rm -f conftest.sed test -z "$SED" && SED=sed Xsed="$SED -e 1s/^X//" { $as_echo "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5 $as_echo_n "checking for grep that handles long lines and -e... " >&6; } if ${ac_cv_path_GREP+:} false; then : $as_echo_n "(cached) " >&6 else if test -z "$GREP"; then ac_path_GREP_found=false # Loop through the user's path and test for each of PROGNAME-LIST as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_prog in grep ggrep; do for ac_exec_ext in '' $ac_executable_extensions; do ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext" as_fn_executable_p "$ac_path_GREP" || continue # Check for GNU ac_path_GREP and select it if it is found. # Check for GNU $ac_path_GREP case `"$ac_path_GREP" --version 2>&1` in *GNU*) ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;; *) ac_count=0 $as_echo_n 0123456789 >"conftest.in" while : do cat "conftest.in" "conftest.in" >"conftest.tmp" mv "conftest.tmp" "conftest.in" cp "conftest.in" "conftest.nl" $as_echo 'GREP' >> "conftest.nl" "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break as_fn_arith $ac_count + 1 && ac_count=$as_val if test $ac_count -gt ${ac_path_GREP_max-0}; then # Best one so far, save it but keep looking for a better one ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_max=$ac_count fi # 10*(2^10) chars as input seems more than enough test $ac_count -gt 10 && break done rm -f conftest.in conftest.tmp conftest.nl conftest.out;; esac $ac_path_GREP_found && break 3 done done done IFS=$as_save_IFS if test -z "$ac_cv_path_GREP"; then as_fn_error $? "no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 fi else ac_cv_path_GREP=$GREP fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5 $as_echo "$ac_cv_path_GREP" >&6; } GREP="$ac_cv_path_GREP" { $as_echo "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5 $as_echo_n "checking for egrep... " >&6; } if ${ac_cv_path_EGREP+:} false; then : $as_echo_n "(cached) " >&6 else if echo a | $GREP -E '(a|b)' >/dev/null 2>&1 then ac_cv_path_EGREP="$GREP -E" else if test -z "$EGREP"; then ac_path_EGREP_found=false # Loop through the user's path and test for each of PROGNAME-LIST as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_prog in egrep; do for ac_exec_ext in '' $ac_executable_extensions; do ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext" as_fn_executable_p "$ac_path_EGREP" || continue # Check for GNU ac_path_EGREP and select it if it is found. # Check for GNU $ac_path_EGREP case `"$ac_path_EGREP" --version 2>&1` in *GNU*) ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;; *) ac_count=0 $as_echo_n 0123456789 >"conftest.in" while : do cat "conftest.in" "conftest.in" >"conftest.tmp" mv "conftest.tmp" "conftest.in" cp "conftest.in" "conftest.nl" $as_echo 'EGREP' >> "conftest.nl" "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break as_fn_arith $ac_count + 1 && ac_count=$as_val if test $ac_count -gt ${ac_path_EGREP_max-0}; then # Best one so far, save it but keep looking for a better one ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_max=$ac_count fi # 10*(2^10) chars as input seems more than enough test $ac_count -gt 10 && break done rm -f conftest.in conftest.tmp conftest.nl conftest.out;; esac $ac_path_EGREP_found && break 3 done done done IFS=$as_save_IFS if test -z "$ac_cv_path_EGREP"; then as_fn_error $? "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 fi else ac_cv_path_EGREP=$EGREP fi fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5 $as_echo "$ac_cv_path_EGREP" >&6; } EGREP="$ac_cv_path_EGREP" { $as_echo "$as_me:${as_lineno-$LINENO}: checking for fgrep" >&5 $as_echo_n "checking for fgrep... " >&6; } if ${ac_cv_path_FGREP+:} false; then : $as_echo_n "(cached) " >&6 else if echo 'ab*c' | $GREP -F 'ab*c' >/dev/null 2>&1 then ac_cv_path_FGREP="$GREP -F" else if test -z "$FGREP"; then ac_path_FGREP_found=false # Loop through the user's path and test for each of PROGNAME-LIST as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_prog in fgrep; do for ac_exec_ext in '' $ac_executable_extensions; do ac_path_FGREP="$as_dir/$ac_prog$ac_exec_ext" as_fn_executable_p "$ac_path_FGREP" || continue # Check for GNU ac_path_FGREP and select it if it is found. # Check for GNU $ac_path_FGREP case `"$ac_path_FGREP" --version 2>&1` in *GNU*) ac_cv_path_FGREP="$ac_path_FGREP" ac_path_FGREP_found=:;; *) ac_count=0 $as_echo_n 0123456789 >"conftest.in" while : do cat "conftest.in" "conftest.in" >"conftest.tmp" mv "conftest.tmp" "conftest.in" cp "conftest.in" "conftest.nl" $as_echo 'FGREP' >> "conftest.nl" "$ac_path_FGREP" FGREP < "conftest.nl" >"conftest.out" 2>/dev/null || break diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break as_fn_arith $ac_count + 1 && ac_count=$as_val if test $ac_count -gt ${ac_path_FGREP_max-0}; then # Best one so far, save it but keep looking for a better one ac_cv_path_FGREP="$ac_path_FGREP" ac_path_FGREP_max=$ac_count fi # 10*(2^10) chars as input seems more than enough test $ac_count -gt 10 && break done rm -f conftest.in conftest.tmp conftest.nl conftest.out;; esac $ac_path_FGREP_found && break 3 done done done IFS=$as_save_IFS if test -z "$ac_cv_path_FGREP"; then as_fn_error $? "no acceptable fgrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 fi else ac_cv_path_FGREP=$FGREP fi fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_FGREP" >&5 $as_echo "$ac_cv_path_FGREP" >&6; } FGREP="$ac_cv_path_FGREP" test -z "$GREP" && GREP=grep # Check whether --with-gnu-ld was given. if test "${with_gnu_ld+set}" = set; then : withval=$with_gnu_ld; test "$withval" = no || with_gnu_ld=yes else with_gnu_ld=no fi ac_prog=ld if test "$GCC" = yes; then # Check if gcc -print-prog-name=ld gives a path. { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ld used by $CC" >&5 $as_echo_n "checking for ld used by $CC... " >&6; } case $host in *-*-mingw*) # gcc leaves a trailing carriage return which upsets mingw ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;; *) ac_prog=`($CC -print-prog-name=ld) 2>&5` ;; esac case $ac_prog in # Accept absolute paths. [\\/]* | ?:[\\/]*) re_direlt='/[^/][^/]*/\.\./' # Canonicalize the pathname of ld ac_prog=`$ECHO "$ac_prog"| $SED 's%\\\\%/%g'` while $ECHO "$ac_prog" | $GREP "$re_direlt" > /dev/null 2>&1; do ac_prog=`$ECHO $ac_prog| $SED "s%$re_direlt%/%"` done test -z "$LD" && LD="$ac_prog" ;; "") # If it fails, then pretend we aren't using GCC. ac_prog=ld ;; *) # If it is relative, then search for the first ld in PATH. with_gnu_ld=unknown ;; esac elif test "$with_gnu_ld" = yes; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU ld" >&5 $as_echo_n "checking for GNU ld... " >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: checking for non-GNU ld" >&5 $as_echo_n "checking for non-GNU ld... " >&6; } fi if ${lt_cv_path_LD+:} false; then : $as_echo_n "(cached) " >&6 else if test -z "$LD"; then lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR for ac_dir in $PATH; do IFS="$lt_save_ifs" test -z "$ac_dir" && ac_dir=. if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then lt_cv_path_LD="$ac_dir/$ac_prog" # Check to see if the program is GNU ld. I'd rather use --version, # but apparently some variants of GNU ld only accept -v. # Break only if it was the GNU/non-GNU ld that we prefer. case `"$lt_cv_path_LD" -v 2>&1 &5 $as_echo "$LD" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi test -z "$LD" && as_fn_error $? "no acceptable ld found in \$PATH" "$LINENO" 5 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if the linker ($LD) is GNU ld" >&5 $as_echo_n "checking if the linker ($LD) is GNU ld... " >&6; } if ${lt_cv_prog_gnu_ld+:} false; then : $as_echo_n "(cached) " >&6 else # I'd rather use --version here, but apparently some GNU lds only accept -v. case `$LD -v 2>&1 &5 $as_echo "$lt_cv_prog_gnu_ld" >&6; } with_gnu_ld=$lt_cv_prog_gnu_ld { $as_echo "$as_me:${as_lineno-$LINENO}: checking for BSD- or MS-compatible name lister (nm)" >&5 $as_echo_n "checking for BSD- or MS-compatible name lister (nm)... " >&6; } if ${lt_cv_path_NM+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$NM"; then # Let the user override the test. lt_cv_path_NM="$NM" else lt_nm_to_check="${ac_tool_prefix}nm" if test -n "$ac_tool_prefix" && test "$build" = "$host"; then lt_nm_to_check="$lt_nm_to_check nm" fi for lt_tmp_nm in $lt_nm_to_check; do lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR for ac_dir in $PATH /usr/ccs/bin/elf /usr/ccs/bin /usr/ucb /bin; do IFS="$lt_save_ifs" test -z "$ac_dir" && ac_dir=. tmp_nm="$ac_dir/$lt_tmp_nm" if test -f "$tmp_nm" || test -f "$tmp_nm$ac_exeext" ; then # Check to see if the nm accepts a BSD-compat flag. # Adding the `sed 1q' prevents false positives on HP-UX, which says: # nm: unknown option "B" ignored # Tru64's nm complains that /dev/null is an invalid object file case `"$tmp_nm" -B /dev/null 2>&1 | sed '1q'` in */dev/null* | *'Invalid file or object type'*) lt_cv_path_NM="$tmp_nm -B" break ;; *) case `"$tmp_nm" -p /dev/null 2>&1 | sed '1q'` in */dev/null*) lt_cv_path_NM="$tmp_nm -p" break ;; *) lt_cv_path_NM=${lt_cv_path_NM="$tmp_nm"} # keep the first match, but continue # so that we can try to find one that supports BSD flags ;; esac ;; esac fi done IFS="$lt_save_ifs" done : ${lt_cv_path_NM=no} fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_NM" >&5 $as_echo "$lt_cv_path_NM" >&6; } if test "$lt_cv_path_NM" != "no"; then NM="$lt_cv_path_NM" else # Didn't find any BSD compatible name lister, look for dumpbin. if test -n "$DUMPBIN"; then : # Let the user override the test. else if test -n "$ac_tool_prefix"; then for ac_prog in dumpbin "link -dump" do # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. set dummy $ac_tool_prefix$ac_prog; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_DUMPBIN+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$DUMPBIN"; then ac_cv_prog_DUMPBIN="$DUMPBIN" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_DUMPBIN="$ac_tool_prefix$ac_prog" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi DUMPBIN=$ac_cv_prog_DUMPBIN if test -n "$DUMPBIN"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $DUMPBIN" >&5 $as_echo "$DUMPBIN" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi test -n "$DUMPBIN" && break done fi if test -z "$DUMPBIN"; then ac_ct_DUMPBIN=$DUMPBIN for ac_prog in dumpbin "link -dump" do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ac_ct_DUMPBIN+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_DUMPBIN"; then ac_cv_prog_ac_ct_DUMPBIN="$ac_ct_DUMPBIN" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_DUMPBIN="$ac_prog" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_DUMPBIN=$ac_cv_prog_ac_ct_DUMPBIN if test -n "$ac_ct_DUMPBIN"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DUMPBIN" >&5 $as_echo "$ac_ct_DUMPBIN" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi test -n "$ac_ct_DUMPBIN" && break done if test "x$ac_ct_DUMPBIN" = x; then DUMPBIN=":" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac DUMPBIN=$ac_ct_DUMPBIN fi fi case `$DUMPBIN -symbols /dev/null 2>&1 | sed '1q'` in *COFF*) DUMPBIN="$DUMPBIN -symbols" ;; *) DUMPBIN=: ;; esac fi if test "$DUMPBIN" != ":"; then NM="$DUMPBIN" fi fi test -z "$NM" && NM=nm { $as_echo "$as_me:${as_lineno-$LINENO}: checking the name lister ($NM) interface" >&5 $as_echo_n "checking the name lister ($NM) interface... " >&6; } if ${lt_cv_nm_interface+:} false; then : $as_echo_n "(cached) " >&6 else lt_cv_nm_interface="BSD nm" echo "int some_variable = 0;" > conftest.$ac_ext (eval echo "\"\$as_me:$LINENO: $ac_compile\"" >&5) (eval "$ac_compile" 2>conftest.err) cat conftest.err >&5 (eval echo "\"\$as_me:$LINENO: $NM \\\"conftest.$ac_objext\\\"\"" >&5) (eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out) cat conftest.err >&5 (eval echo "\"\$as_me:$LINENO: output\"" >&5) cat conftest.out >&5 if $GREP 'External.*some_variable' conftest.out > /dev/null; then lt_cv_nm_interface="MS dumpbin" fi rm -f conftest* fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_nm_interface" >&5 $as_echo "$lt_cv_nm_interface" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ln -s works" >&5 $as_echo_n "checking whether ln -s works... " >&6; } LN_S=$as_ln_s if test "$LN_S" = "ln -s"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no, using $LN_S" >&5 $as_echo "no, using $LN_S" >&6; } fi # find the maximum length of command line arguments { $as_echo "$as_me:${as_lineno-$LINENO}: checking the maximum length of command line arguments" >&5 $as_echo_n "checking the maximum length of command line arguments... " >&6; } if ${lt_cv_sys_max_cmd_len+:} false; then : $as_echo_n "(cached) " >&6 else i=0 teststring="ABCD" case $build_os in msdosdjgpp*) # On DJGPP, this test can blow up pretty badly due to problems in libc # (any single argument exceeding 2000 bytes causes a buffer overrun # during glob expansion). Even if it were fixed, the result of this # check would be larger than it should be. lt_cv_sys_max_cmd_len=12288; # 12K is about right ;; gnu*) # Under GNU Hurd, this test is not required because there is # no limit to the length of command line arguments. # Libtool will interpret -1 as no limit whatsoever lt_cv_sys_max_cmd_len=-1; ;; cygwin* | mingw* | cegcc*) # On Win9x/ME, this test blows up -- it succeeds, but takes # about 5 minutes as the teststring grows exponentially. # Worse, since 9x/ME are not pre-emptively multitasking, # you end up with a "frozen" computer, even though with patience # the test eventually succeeds (with a max line length of 256k). # Instead, let's just punt: use the minimum linelength reported by # all of the supported platforms: 8192 (on NT/2K/XP). lt_cv_sys_max_cmd_len=8192; ;; mint*) # On MiNT this can take a long time and run out of memory. lt_cv_sys_max_cmd_len=8192; ;; amigaos*) # On AmigaOS with pdksh, this test takes hours, literally. # So we just punt and use a minimum line length of 8192. lt_cv_sys_max_cmd_len=8192; ;; netbsd* | freebsd* | openbsd* | darwin* | dragonfly*) # This has been around since 386BSD, at least. Likely further. if test -x /sbin/sysctl; then lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax` elif test -x /usr/sbin/sysctl; then lt_cv_sys_max_cmd_len=`/usr/sbin/sysctl -n kern.argmax` else lt_cv_sys_max_cmd_len=65536 # usable default for all BSDs fi # And add a safety zone lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4` lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3` ;; interix*) # We know the value 262144 and hardcode it with a safety zone (like BSD) lt_cv_sys_max_cmd_len=196608 ;; os2*) # The test takes a long time on OS/2. lt_cv_sys_max_cmd_len=8192 ;; osf*) # Dr. Hans Ekkehard Plesser reports seeing a kernel panic running configure # due to this test when exec_disable_arg_limit is 1 on Tru64. It is not # nice to cause kernel panics so lets avoid the loop below. # First set a reasonable default. lt_cv_sys_max_cmd_len=16384 # if test -x /sbin/sysconfig; then case `/sbin/sysconfig -q proc exec_disable_arg_limit` in *1*) lt_cv_sys_max_cmd_len=-1 ;; esac fi ;; sco3.2v5*) lt_cv_sys_max_cmd_len=102400 ;; sysv5* | sco5v6* | sysv4.2uw2*) kargmax=`grep ARG_MAX /etc/conf/cf.d/stune 2>/dev/null` if test -n "$kargmax"; then lt_cv_sys_max_cmd_len=`echo $kargmax | sed 's/.*[ ]//'` else lt_cv_sys_max_cmd_len=32768 fi ;; *) lt_cv_sys_max_cmd_len=`(getconf ARG_MAX) 2> /dev/null` if test -n "$lt_cv_sys_max_cmd_len"; then lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4` lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3` else # Make teststring a little bigger before we do anything with it. # a 1K string should be a reasonable start. for i in 1 2 3 4 5 6 7 8 ; do teststring=$teststring$teststring done SHELL=${SHELL-${CONFIG_SHELL-/bin/sh}} # If test is not a shell built-in, we'll probably end up computing a # maximum length that is only half of the actual maximum length, but # we can't tell. while { test "X"`env echo "$teststring$teststring" 2>/dev/null` \ = "X$teststring$teststring"; } >/dev/null 2>&1 && test $i != 17 # 1/2 MB should be enough do i=`expr $i + 1` teststring=$teststring$teststring done # Only check the string length outside the loop. lt_cv_sys_max_cmd_len=`expr "X$teststring" : ".*" 2>&1` teststring= # Add a significant safety factor because C++ compilers can tack on # massive amounts of additional arguments before passing them to the # linker. It appears as though 1/2 is a usable value. lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 2` fi ;; esac fi if test -n $lt_cv_sys_max_cmd_len ; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_sys_max_cmd_len" >&5 $as_echo "$lt_cv_sys_max_cmd_len" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: none" >&5 $as_echo "none" >&6; } fi max_cmd_len=$lt_cv_sys_max_cmd_len : ${CP="cp -f"} : ${MV="mv -f"} : ${RM="rm -f"} { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the shell understands some XSI constructs" >&5 $as_echo_n "checking whether the shell understands some XSI constructs... " >&6; } # Try some XSI features xsi_shell=no ( _lt_dummy="a/b/c" test "${_lt_dummy##*/},${_lt_dummy%/*},${_lt_dummy#??}"${_lt_dummy%"$_lt_dummy"}, \ = c,a/b,b/c, \ && eval 'test $(( 1 + 1 )) -eq 2 \ && test "${#_lt_dummy}" -eq 5' ) >/dev/null 2>&1 \ && xsi_shell=yes { $as_echo "$as_me:${as_lineno-$LINENO}: result: $xsi_shell" >&5 $as_echo "$xsi_shell" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the shell understands \"+=\"" >&5 $as_echo_n "checking whether the shell understands \"+=\"... " >&6; } lt_shell_append=no ( foo=bar; set foo baz; eval "$1+=\$2" && test "$foo" = barbaz ) \ >/dev/null 2>&1 \ && lt_shell_append=yes { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_shell_append" >&5 $as_echo "$lt_shell_append" >&6; } if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then lt_unset=unset else lt_unset=false fi # test EBCDIC or ASCII case `echo X|tr X '\101'` in A) # ASCII based system # \n is not interpreted correctly by Solaris 8 /usr/ucb/tr lt_SP2NL='tr \040 \012' lt_NL2SP='tr \015\012 \040\040' ;; *) # EBCDIC based system lt_SP2NL='tr \100 \n' lt_NL2SP='tr \r\n \100\100' ;; esac { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to convert $build file names to $host format" >&5 $as_echo_n "checking how to convert $build file names to $host format... " >&6; } if ${lt_cv_to_host_file_cmd+:} false; then : $as_echo_n "(cached) " >&6 else case $host in *-*-mingw* ) case $build in *-*-mingw* ) # actually msys lt_cv_to_host_file_cmd=func_convert_file_msys_to_w32 ;; *-*-cygwin* ) lt_cv_to_host_file_cmd=func_convert_file_cygwin_to_w32 ;; * ) # otherwise, assume *nix lt_cv_to_host_file_cmd=func_convert_file_nix_to_w32 ;; esac ;; *-*-cygwin* ) case $build in *-*-mingw* ) # actually msys lt_cv_to_host_file_cmd=func_convert_file_msys_to_cygwin ;; *-*-cygwin* ) lt_cv_to_host_file_cmd=func_convert_file_noop ;; * ) # otherwise, assume *nix lt_cv_to_host_file_cmd=func_convert_file_nix_to_cygwin ;; esac ;; * ) # unhandled hosts (and "normal" native builds) lt_cv_to_host_file_cmd=func_convert_file_noop ;; esac fi to_host_file_cmd=$lt_cv_to_host_file_cmd { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_to_host_file_cmd" >&5 $as_echo "$lt_cv_to_host_file_cmd" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to convert $build file names to toolchain format" >&5 $as_echo_n "checking how to convert $build file names to toolchain format... " >&6; } if ${lt_cv_to_tool_file_cmd+:} false; then : $as_echo_n "(cached) " >&6 else #assume ordinary cross tools, or native build. lt_cv_to_tool_file_cmd=func_convert_file_noop case $host in *-*-mingw* ) case $build in *-*-mingw* ) # actually msys lt_cv_to_tool_file_cmd=func_convert_file_msys_to_w32 ;; esac ;; esac fi to_tool_file_cmd=$lt_cv_to_tool_file_cmd { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_to_tool_file_cmd" >&5 $as_echo "$lt_cv_to_tool_file_cmd" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $LD option to reload object files" >&5 $as_echo_n "checking for $LD option to reload object files... " >&6; } if ${lt_cv_ld_reload_flag+:} false; then : $as_echo_n "(cached) " >&6 else lt_cv_ld_reload_flag='-r' fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_reload_flag" >&5 $as_echo "$lt_cv_ld_reload_flag" >&6; } reload_flag=$lt_cv_ld_reload_flag case $reload_flag in "" | " "*) ;; *) reload_flag=" $reload_flag" ;; esac reload_cmds='$LD$reload_flag -o $output$reload_objs' case $host_os in cygwin* | mingw* | pw32* | cegcc*) if test "$GCC" != yes; then reload_cmds=false fi ;; darwin*) if test "$GCC" = yes; then reload_cmds='$LTCC $LTCFLAGS -nostdlib ${wl}-r -o $output$reload_objs' else reload_cmds='$LD$reload_flag -o $output$reload_objs' fi ;; esac if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}objdump", so it can be a program name with args. set dummy ${ac_tool_prefix}objdump; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_OBJDUMP+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$OBJDUMP"; then ac_cv_prog_OBJDUMP="$OBJDUMP" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_OBJDUMP="${ac_tool_prefix}objdump" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi OBJDUMP=$ac_cv_prog_OBJDUMP if test -n "$OBJDUMP"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OBJDUMP" >&5 $as_echo "$OBJDUMP" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_prog_OBJDUMP"; then ac_ct_OBJDUMP=$OBJDUMP # Extract the first word of "objdump", so it can be a program name with args. set dummy objdump; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ac_ct_OBJDUMP+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_OBJDUMP"; then ac_cv_prog_ac_ct_OBJDUMP="$ac_ct_OBJDUMP" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_OBJDUMP="objdump" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_OBJDUMP=$ac_cv_prog_ac_ct_OBJDUMP if test -n "$ac_ct_OBJDUMP"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OBJDUMP" >&5 $as_echo "$ac_ct_OBJDUMP" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_ct_OBJDUMP" = x; then OBJDUMP="false" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac OBJDUMP=$ac_ct_OBJDUMP fi else OBJDUMP="$ac_cv_prog_OBJDUMP" fi test -z "$OBJDUMP" && OBJDUMP=objdump { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to recognize dependent libraries" >&5 $as_echo_n "checking how to recognize dependent libraries... " >&6; } if ${lt_cv_deplibs_check_method+:} false; then : $as_echo_n "(cached) " >&6 else lt_cv_file_magic_cmd='$MAGIC_CMD' lt_cv_file_magic_test_file= lt_cv_deplibs_check_method='unknown' # Need to set the preceding variable on all platforms that support # interlibrary dependencies. # 'none' -- dependencies not supported. # `unknown' -- same as none, but documents that we really don't know. # 'pass_all' -- all dependencies passed with no checks. # 'test_compile' -- check by making test program. # 'file_magic [[regex]]' -- check by looking for files in library path # which responds to the $file_magic_cmd with a given extended regex. # If you have `file' or equivalent on your system and you're not sure # whether `pass_all' will *always* work, you probably want this one. case $host_os in aix[4-9]*) lt_cv_deplibs_check_method=pass_all ;; beos*) lt_cv_deplibs_check_method=pass_all ;; bsdi[45]*) lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (shared object|dynamic lib)' lt_cv_file_magic_cmd='/usr/bin/file -L' lt_cv_file_magic_test_file=/shlib/libc.so ;; cygwin*) # func_win32_libid is a shell function defined in ltmain.sh lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL' lt_cv_file_magic_cmd='func_win32_libid' ;; mingw* | pw32*) # Base MSYS/MinGW do not provide the 'file' command needed by # func_win32_libid shell function, so use a weaker test based on 'objdump', # unless we find 'file', for example because we are cross-compiling. # func_win32_libid assumes BSD nm, so disallow it if using MS dumpbin. if ( test "$lt_cv_nm_interface" = "BSD nm" && file / ) >/dev/null 2>&1; then lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL' lt_cv_file_magic_cmd='func_win32_libid' else # Keep this pattern in sync with the one in func_win32_libid. lt_cv_deplibs_check_method='file_magic file format (pei*-i386(.*architecture: i386)?|pe-arm-wince|pe-x86-64)' lt_cv_file_magic_cmd='$OBJDUMP -f' fi ;; cegcc*) # use the weaker test based on 'objdump'. See mingw*. lt_cv_deplibs_check_method='file_magic file format pe-arm-.*little(.*architecture: arm)?' lt_cv_file_magic_cmd='$OBJDUMP -f' ;; darwin* | rhapsody*) lt_cv_deplibs_check_method=pass_all ;; freebsd* | dragonfly*) if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then case $host_cpu in i*86 ) # Not sure whether the presence of OpenBSD here was a mistake. # Let's accept both of them until this is cleared up. lt_cv_deplibs_check_method='file_magic (FreeBSD|OpenBSD|DragonFly)/i[3-9]86 (compact )?demand paged shared library' lt_cv_file_magic_cmd=/usr/bin/file lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*` ;; esac else lt_cv_deplibs_check_method=pass_all fi ;; gnu*) lt_cv_deplibs_check_method=pass_all ;; haiku*) lt_cv_deplibs_check_method=pass_all ;; hpux10.20* | hpux11*) lt_cv_file_magic_cmd=/usr/bin/file case $host_cpu in ia64*) lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF-[0-9][0-9]) shared object file - IA64' lt_cv_file_magic_test_file=/usr/lib/hpux32/libc.so ;; hppa*64*) lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF[ -][0-9][0-9])(-bit)?( [LM]SB)? shared object( file)?[, -]* PA-RISC [0-9]\.[0-9]' lt_cv_file_magic_test_file=/usr/lib/pa20_64/libc.sl ;; *) lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|PA-RISC[0-9]\.[0-9]) shared library' lt_cv_file_magic_test_file=/usr/lib/libc.sl ;; esac ;; interix[3-9]*) # PIC code is broken on Interix 3.x, that's why |\.a not |_pic\.a here lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so|\.a)$' ;; irix5* | irix6* | nonstopux*) case $LD in *-32|*"-32 ") libmagic=32-bit;; *-n32|*"-n32 ") libmagic=N32;; *-64|*"-64 ") libmagic=64-bit;; *) libmagic=never-match;; esac lt_cv_deplibs_check_method=pass_all ;; # This must be glibc/ELF. linux* | k*bsd*-gnu | kopensolaris*-gnu) lt_cv_deplibs_check_method=pass_all ;; netbsd*) if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|_pic\.a)$' else lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so|_pic\.a)$' fi ;; newos6*) lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (executable|dynamic lib)' lt_cv_file_magic_cmd=/usr/bin/file lt_cv_file_magic_test_file=/usr/lib/libnls.so ;; *nto* | *qnx*) lt_cv_deplibs_check_method=pass_all ;; openbsd*) if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|\.so|_pic\.a)$' else lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|_pic\.a)$' fi ;; osf3* | osf4* | osf5*) lt_cv_deplibs_check_method=pass_all ;; rdos*) lt_cv_deplibs_check_method=pass_all ;; solaris*) lt_cv_deplibs_check_method=pass_all ;; sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) lt_cv_deplibs_check_method=pass_all ;; sysv4 | sysv4.3*) case $host_vendor in motorola) lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (shared object|dynamic lib) M[0-9][0-9]* Version [0-9]' lt_cv_file_magic_test_file=`echo /usr/lib/libc.so*` ;; ncr) lt_cv_deplibs_check_method=pass_all ;; sequent) lt_cv_file_magic_cmd='/bin/file' lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [LM]SB (shared object|dynamic lib )' ;; sni) lt_cv_file_magic_cmd='/bin/file' lt_cv_deplibs_check_method="file_magic ELF [0-9][0-9]*-bit [LM]SB dynamic lib" lt_cv_file_magic_test_file=/lib/libc.so ;; siemens) lt_cv_deplibs_check_method=pass_all ;; pc) lt_cv_deplibs_check_method=pass_all ;; esac ;; tpf*) lt_cv_deplibs_check_method=pass_all ;; esac fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_deplibs_check_method" >&5 $as_echo "$lt_cv_deplibs_check_method" >&6; } file_magic_glob= want_nocaseglob=no if test "$build" = "$host"; then case $host_os in mingw* | pw32*) if ( shopt | grep nocaseglob ) >/dev/null 2>&1; then want_nocaseglob=yes else file_magic_glob=`echo aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ | $SED -e "s/\(..\)/s\/[\1]\/[\1]\/g;/g"` fi ;; esac fi file_magic_cmd=$lt_cv_file_magic_cmd deplibs_check_method=$lt_cv_deplibs_check_method test -z "$deplibs_check_method" && deplibs_check_method=unknown if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}dlltool", so it can be a program name with args. set dummy ${ac_tool_prefix}dlltool; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_DLLTOOL+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$DLLTOOL"; then ac_cv_prog_DLLTOOL="$DLLTOOL" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_DLLTOOL="${ac_tool_prefix}dlltool" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi DLLTOOL=$ac_cv_prog_DLLTOOL if test -n "$DLLTOOL"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $DLLTOOL" >&5 $as_echo "$DLLTOOL" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_prog_DLLTOOL"; then ac_ct_DLLTOOL=$DLLTOOL # Extract the first word of "dlltool", so it can be a program name with args. set dummy dlltool; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ac_ct_DLLTOOL+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_DLLTOOL"; then ac_cv_prog_ac_ct_DLLTOOL="$ac_ct_DLLTOOL" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_DLLTOOL="dlltool" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_DLLTOOL=$ac_cv_prog_ac_ct_DLLTOOL if test -n "$ac_ct_DLLTOOL"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DLLTOOL" >&5 $as_echo "$ac_ct_DLLTOOL" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_ct_DLLTOOL" = x; then DLLTOOL="false" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac DLLTOOL=$ac_ct_DLLTOOL fi else DLLTOOL="$ac_cv_prog_DLLTOOL" fi test -z "$DLLTOOL" && DLLTOOL=dlltool { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to associate runtime and link libraries" >&5 $as_echo_n "checking how to associate runtime and link libraries... " >&6; } if ${lt_cv_sharedlib_from_linklib_cmd+:} false; then : $as_echo_n "(cached) " >&6 else lt_cv_sharedlib_from_linklib_cmd='unknown' case $host_os in cygwin* | mingw* | pw32* | cegcc*) # two different shell functions defined in ltmain.sh # decide which to use based on capabilities of $DLLTOOL case `$DLLTOOL --help 2>&1` in *--identify-strict*) lt_cv_sharedlib_from_linklib_cmd=func_cygming_dll_for_implib ;; *) lt_cv_sharedlib_from_linklib_cmd=func_cygming_dll_for_implib_fallback ;; esac ;; *) # fallback: assume linklib IS sharedlib lt_cv_sharedlib_from_linklib_cmd="$ECHO" ;; esac fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_sharedlib_from_linklib_cmd" >&5 $as_echo "$lt_cv_sharedlib_from_linklib_cmd" >&6; } sharedlib_from_linklib_cmd=$lt_cv_sharedlib_from_linklib_cmd test -z "$sharedlib_from_linklib_cmd" && sharedlib_from_linklib_cmd=$ECHO if test -n "$ac_tool_prefix"; then for ac_prog in ar do # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. set dummy $ac_tool_prefix$ac_prog; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_AR+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$AR"; then ac_cv_prog_AR="$AR" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_AR="$ac_tool_prefix$ac_prog" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi AR=$ac_cv_prog_AR if test -n "$AR"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AR" >&5 $as_echo "$AR" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi test -n "$AR" && break done fi if test -z "$AR"; then ac_ct_AR=$AR for ac_prog in ar do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ac_ct_AR+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_AR"; then ac_cv_prog_ac_ct_AR="$ac_ct_AR" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_AR="$ac_prog" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_AR=$ac_cv_prog_ac_ct_AR if test -n "$ac_ct_AR"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_AR" >&5 $as_echo "$ac_ct_AR" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi test -n "$ac_ct_AR" && break done if test "x$ac_ct_AR" = x; then AR="false" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac AR=$ac_ct_AR fi fi : ${AR=ar} : ${AR_FLAGS=cru} { $as_echo "$as_me:${as_lineno-$LINENO}: checking for archiver @FILE support" >&5 $as_echo_n "checking for archiver @FILE support... " >&6; } if ${lt_cv_ar_at_file+:} false; then : $as_echo_n "(cached) " >&6 else lt_cv_ar_at_file=no cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : echo conftest.$ac_objext > conftest.lst lt_ar_try='$AR $AR_FLAGS libconftest.a @conftest.lst >&5' { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$lt_ar_try\""; } >&5 (eval $lt_ar_try) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } if test "$ac_status" -eq 0; then # Ensure the archiver fails upon bogus file names. rm -f conftest.$ac_objext libconftest.a { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$lt_ar_try\""; } >&5 (eval $lt_ar_try) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } if test "$ac_status" -ne 0; then lt_cv_ar_at_file=@ fi fi rm -f conftest.* libconftest.a fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ar_at_file" >&5 $as_echo "$lt_cv_ar_at_file" >&6; } if test "x$lt_cv_ar_at_file" = xno; then archiver_list_spec= else archiver_list_spec=$lt_cv_ar_at_file fi if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args. set dummy ${ac_tool_prefix}strip; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_STRIP+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$STRIP"; then ac_cv_prog_STRIP="$STRIP" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_STRIP="${ac_tool_prefix}strip" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi STRIP=$ac_cv_prog_STRIP if test -n "$STRIP"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5 $as_echo "$STRIP" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_prog_STRIP"; then ac_ct_STRIP=$STRIP # Extract the first word of "strip", so it can be a program name with args. set dummy strip; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ac_ct_STRIP+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_STRIP"; then ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_STRIP="strip" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP if test -n "$ac_ct_STRIP"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5 $as_echo "$ac_ct_STRIP" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_ct_STRIP" = x; then STRIP=":" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac STRIP=$ac_ct_STRIP fi else STRIP="$ac_cv_prog_STRIP" fi test -z "$STRIP" && STRIP=: if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args. set dummy ${ac_tool_prefix}ranlib; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_RANLIB+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$RANLIB"; then ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi RANLIB=$ac_cv_prog_RANLIB if test -n "$RANLIB"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $RANLIB" >&5 $as_echo "$RANLIB" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_prog_RANLIB"; then ac_ct_RANLIB=$RANLIB # Extract the first word of "ranlib", so it can be a program name with args. set dummy ranlib; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ac_ct_RANLIB+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_RANLIB"; then ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_RANLIB="ranlib" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB if test -n "$ac_ct_RANLIB"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_RANLIB" >&5 $as_echo "$ac_ct_RANLIB" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_ct_RANLIB" = x; then RANLIB=":" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac RANLIB=$ac_ct_RANLIB fi else RANLIB="$ac_cv_prog_RANLIB" fi test -z "$RANLIB" && RANLIB=: # Determine commands to create old-style static archives. old_archive_cmds='$AR $AR_FLAGS $oldlib$oldobjs' old_postinstall_cmds='chmod 644 $oldlib' old_postuninstall_cmds= if test -n "$RANLIB"; then case $host_os in openbsd*) old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$tool_oldlib" ;; *) old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$tool_oldlib" ;; esac old_archive_cmds="$old_archive_cmds~\$RANLIB \$tool_oldlib" fi case $host_os in darwin*) lock_old_archive_extraction=yes ;; *) lock_old_archive_extraction=no ;; esac # If no C compiler was specified, use CC. LTCC=${LTCC-"$CC"} # If no C compiler flags were specified, use CFLAGS. LTCFLAGS=${LTCFLAGS-"$CFLAGS"} # Allow CC to be a program name with arguments. compiler=$CC # Check for command to grab the raw symbol name followed by C symbol from nm. { $as_echo "$as_me:${as_lineno-$LINENO}: checking command to parse $NM output from $compiler object" >&5 $as_echo_n "checking command to parse $NM output from $compiler object... " >&6; } if ${lt_cv_sys_global_symbol_pipe+:} false; then : $as_echo_n "(cached) " >&6 else # These are sane defaults that work on at least a few old systems. # [They come from Ultrix. What could be older than Ultrix?!! ;)] # Character class describing NM global symbol codes. symcode='[BCDEGRST]' # Regexp to match symbols that can be accessed directly from C. sympat='\([_A-Za-z][_A-Za-z0-9]*\)' # Define system-specific variables. case $host_os in aix*) symcode='[BCDT]' ;; cygwin* | mingw* | pw32* | cegcc*) symcode='[ABCDGISTW]' ;; hpux*) if test "$host_cpu" = ia64; then symcode='[ABCDEGRST]' fi ;; irix* | nonstopux*) symcode='[BCDEGRST]' ;; osf*) symcode='[BCDEGQRST]' ;; solaris*) symcode='[BDRT]' ;; sco3.2v5*) symcode='[DT]' ;; sysv4.2uw2*) symcode='[DT]' ;; sysv5* | sco5v6* | unixware* | OpenUNIX*) symcode='[ABDT]' ;; sysv4) symcode='[DFNSTU]' ;; esac # If we're using GNU nm, then use its standard symbol codes. case `$NM -V 2>&1` in *GNU* | *'with BFD'*) symcode='[ABCDGIRSTW]' ;; esac # Transform an extracted symbol line into a proper C declaration. # Some systems (esp. on ia64) link data and code symbols differently, # so use this general approach. lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^T .* \(.*\)$/extern int \1();/p' -e 's/^$symcode* .* \(.*\)$/extern char \1;/p'" # Transform an extracted symbol line into symbol name and symbol address lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([^ ]*\)[ ]*$/ {\\\"\1\\\", (void *) 0},/p' -e 's/^$symcode* \([^ ]*\) \([^ ]*\)$/ {\"\2\", (void *) \&\2},/p'" lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="sed -n -e 's/^: \([^ ]*\)[ ]*$/ {\\\"\1\\\", (void *) 0},/p' -e 's/^$symcode* \([^ ]*\) \(lib[^ ]*\)$/ {\"\2\", (void *) \&\2},/p' -e 's/^$symcode* \([^ ]*\) \([^ ]*\)$/ {\"lib\2\", (void *) \&\2},/p'" # Handle CRLF in mingw tool chain opt_cr= case $build_os in mingw*) opt_cr=`$ECHO 'x\{0,1\}' | tr x '\015'` # option cr in regexp ;; esac # Try without a prefix underscore, then with it. for ac_symprfx in "" "_"; do # Transform symcode, sympat, and symprfx into a raw symbol and a C symbol. symxfrm="\\1 $ac_symprfx\\2 \\2" # Write the raw and C identifiers. if test "$lt_cv_nm_interface" = "MS dumpbin"; then # Fake it for dumpbin and say T for any non-static function # and D for any global variable. # Also find C++ and __fastcall symbols from MSVC++, # which start with @ or ?. lt_cv_sys_global_symbol_pipe="$AWK '"\ " {last_section=section; section=\$ 3};"\ " /^COFF SYMBOL TABLE/{for(i in hide) delete hide[i]};"\ " /Section length .*#relocs.*(pick any)/{hide[last_section]=1};"\ " \$ 0!~/External *\|/{next};"\ " / 0+ UNDEF /{next}; / UNDEF \([^|]\)*()/{next};"\ " {if(hide[section]) next};"\ " {f=0}; \$ 0~/\(\).*\|/{f=1}; {printf f ? \"T \" : \"D \"};"\ " {split(\$ 0, a, /\||\r/); split(a[2], s)};"\ " s[1]~/^[@?]/{print s[1], s[1]; next};"\ " s[1]~prfx {split(s[1],t,\"@\"); print t[1], substr(t[1],length(prfx))}"\ " ' prfx=^$ac_symprfx" else lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[ ]\($symcode$symcode*\)[ ][ ]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'" fi lt_cv_sys_global_symbol_pipe="$lt_cv_sys_global_symbol_pipe | sed '/ __gnu_lto/d'" # Check to see that the pipe works correctly. pipe_works=no rm -f conftest* cat > conftest.$ac_ext <<_LT_EOF #ifdef __cplusplus extern "C" { #endif char nm_test_var; void nm_test_func(void); void nm_test_func(void){} #ifdef __cplusplus } #endif int main(){nm_test_var='a';nm_test_func();return(0);} _LT_EOF if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 (eval $ac_compile) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then # Now try to grab the symbols. nlist=conftest.nm if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$NM conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist\""; } >&5 (eval $NM conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } && test -s "$nlist"; then # Try sorting and uniquifying the output. if sort "$nlist" | uniq > "$nlist"T; then mv -f "$nlist"T "$nlist" else rm -f "$nlist"T fi # Make sure that we snagged all the symbols we need. if $GREP ' nm_test_var$' "$nlist" >/dev/null; then if $GREP ' nm_test_func$' "$nlist" >/dev/null; then cat <<_LT_EOF > conftest.$ac_ext /* Keep this code in sync between libtool.m4, ltmain, lt_system.h, and tests. */ #if defined(_WIN32) || defined(__CYGWIN__) || defined(_WIN32_WCE) /* DATA imports from DLLs on WIN32 con't be const, because runtime relocations are performed -- see ld's documentation on pseudo-relocs. */ # define LT_DLSYM_CONST #elif defined(__osf__) /* This system does not cope well with relocations in const data. */ # define LT_DLSYM_CONST #else # define LT_DLSYM_CONST const #endif #ifdef __cplusplus extern "C" { #endif _LT_EOF # Now generate the symbol file. eval "$lt_cv_sys_global_symbol_to_cdecl"' < "$nlist" | $GREP -v main >> conftest.$ac_ext' cat <<_LT_EOF >> conftest.$ac_ext /* The mapping between symbol names and symbols. */ LT_DLSYM_CONST struct { const char *name; void *address; } lt__PROGRAM__LTX_preloaded_symbols[] = { { "@PROGRAM@", (void *) 0 }, _LT_EOF $SED "s/^$symcode$symcode* \(.*\) \(.*\)$/ {\"\2\", (void *) \&\2},/" < "$nlist" | $GREP -v main >> conftest.$ac_ext cat <<\_LT_EOF >> conftest.$ac_ext {0, (void *) 0} }; /* This works around a problem in FreeBSD linker */ #ifdef FREEBSD_WORKAROUND static const void *lt_preloaded_setup() { return lt__PROGRAM__LTX_preloaded_symbols; } #endif #ifdef __cplusplus } #endif _LT_EOF # Now try linking the two files. mv conftest.$ac_objext conftstm.$ac_objext lt_globsym_save_LIBS=$LIBS lt_globsym_save_CFLAGS=$CFLAGS LIBS="conftstm.$ac_objext" CFLAGS="$CFLAGS$lt_prog_compiler_no_builtin_flag" if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5 (eval $ac_link) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } && test -s conftest${ac_exeext}; then pipe_works=yes fi LIBS=$lt_globsym_save_LIBS CFLAGS=$lt_globsym_save_CFLAGS else echo "cannot find nm_test_func in $nlist" >&5 fi else echo "cannot find nm_test_var in $nlist" >&5 fi else echo "cannot run $lt_cv_sys_global_symbol_pipe" >&5 fi else echo "$progname: failed program was:" >&5 cat conftest.$ac_ext >&5 fi rm -rf conftest* conftst* # Do not use the global_symbol_pipe unless it works. if test "$pipe_works" = yes; then break else lt_cv_sys_global_symbol_pipe= fi done fi if test -z "$lt_cv_sys_global_symbol_pipe"; then lt_cv_sys_global_symbol_to_cdecl= fi if test -z "$lt_cv_sys_global_symbol_pipe$lt_cv_sys_global_symbol_to_cdecl"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: failed" >&5 $as_echo "failed" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: ok" >&5 $as_echo "ok" >&6; } fi # Response file support. if test "$lt_cv_nm_interface" = "MS dumpbin"; then nm_file_list_spec='@' elif $NM --help 2>/dev/null | grep '[@]FILE' >/dev/null; then nm_file_list_spec='@' fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for sysroot" >&5 $as_echo_n "checking for sysroot... " >&6; } # Check whether --with-sysroot was given. if test "${with_sysroot+set}" = set; then : withval=$with_sysroot; else with_sysroot=no fi lt_sysroot= case ${with_sysroot} in #( yes) if test "$GCC" = yes; then lt_sysroot=`$CC --print-sysroot 2>/dev/null` fi ;; #( /*) lt_sysroot=`echo "$with_sysroot" | sed -e "$sed_quote_subst"` ;; #( no|'') ;; #( *) { $as_echo "$as_me:${as_lineno-$LINENO}: result: ${with_sysroot}" >&5 $as_echo "${with_sysroot}" >&6; } as_fn_error $? "The sysroot must be an absolute path." "$LINENO" 5 ;; esac { $as_echo "$as_me:${as_lineno-$LINENO}: result: ${lt_sysroot:-no}" >&5 $as_echo "${lt_sysroot:-no}" >&6; } # Check whether --enable-libtool-lock was given. if test "${enable_libtool_lock+set}" = set; then : enableval=$enable_libtool_lock; fi test "x$enable_libtool_lock" != xno && enable_libtool_lock=yes # Some flags need to be propagated to the compiler or linker for good # libtool support. case $host in ia64-*-hpux*) # Find out which ABI we are using. echo 'int i;' > conftest.$ac_ext if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 (eval $ac_compile) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then case `/usr/bin/file conftest.$ac_objext` in *ELF-32*) HPUX_IA64_MODE="32" ;; *ELF-64*) HPUX_IA64_MODE="64" ;; esac fi rm -rf conftest* ;; *-*-irix6*) # Find out which ABI we are using. echo '#line '$LINENO' "configure"' > conftest.$ac_ext if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 (eval $ac_compile) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then if test "$lt_cv_prog_gnu_ld" = yes; then case `/usr/bin/file conftest.$ac_objext` in *32-bit*) LD="${LD-ld} -melf32bsmip" ;; *N32*) LD="${LD-ld} -melf32bmipn32" ;; *64-bit*) LD="${LD-ld} -melf64bmip" ;; esac else case `/usr/bin/file conftest.$ac_objext` in *32-bit*) LD="${LD-ld} -32" ;; *N32*) LD="${LD-ld} -n32" ;; *64-bit*) LD="${LD-ld} -64" ;; esac fi fi rm -rf conftest* ;; x86_64-*kfreebsd*-gnu|x86_64-*linux*|ppc*-*linux*|powerpc*-*linux*| \ s390*-*linux*|s390*-*tpf*|sparc*-*linux*) # Find out which ABI we are using. echo 'int i;' > conftest.$ac_ext if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 (eval $ac_compile) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then case `/usr/bin/file conftest.o` in *32-bit*) case $host in x86_64-*kfreebsd*-gnu) LD="${LD-ld} -m elf_i386_fbsd" ;; x86_64-*linux*) LD="${LD-ld} -m elf_i386" ;; ppc64-*linux*|powerpc64-*linux*) LD="${LD-ld} -m elf32ppclinux" ;; s390x-*linux*) LD="${LD-ld} -m elf_s390" ;; sparc64-*linux*) LD="${LD-ld} -m elf32_sparc" ;; esac ;; *64-bit*) case $host in x86_64-*kfreebsd*-gnu) LD="${LD-ld} -m elf_x86_64_fbsd" ;; x86_64-*linux*) LD="${LD-ld} -m elf_x86_64" ;; ppc*-*linux*|powerpc*-*linux*) LD="${LD-ld} -m elf64ppc" ;; s390*-*linux*|s390*-*tpf*) LD="${LD-ld} -m elf64_s390" ;; sparc*-*linux*) LD="${LD-ld} -m elf64_sparc" ;; esac ;; esac fi rm -rf conftest* ;; *-*-sco3.2v5*) # On SCO OpenServer 5, we need -belf to get full-featured binaries. SAVE_CFLAGS="$CFLAGS" CFLAGS="$CFLAGS -belf" { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler needs -belf" >&5 $as_echo_n "checking whether the C compiler needs -belf... " >&6; } if ${lt_cv_cc_needs_belf+:} false; then : $as_echo_n "(cached) " >&6 else ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : lt_cv_cc_needs_belf=yes else lt_cv_cc_needs_belf=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_cc_needs_belf" >&5 $as_echo "$lt_cv_cc_needs_belf" >&6; } if test x"$lt_cv_cc_needs_belf" != x"yes"; then # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf CFLAGS="$SAVE_CFLAGS" fi ;; *-*solaris*) # Find out which ABI we are using. echo 'int i;' > conftest.$ac_ext if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 (eval $ac_compile) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then case `/usr/bin/file conftest.o` in *64-bit*) case $lt_cv_prog_gnu_ld in yes*) case $host in i?86-*-solaris*) LD="${LD-ld} -m elf_x86_64" ;; sparc*-*-solaris*) LD="${LD-ld} -m elf64_sparc" ;; esac # GNU ld 2.21 introduced _sol2 emulations. Use them if available. if ${LD-ld} -V | grep _sol2 >/dev/null 2>&1; then LD="${LD-ld}_sol2" fi ;; *) if ${LD-ld} -64 -r -o conftest2.o conftest.o >/dev/null 2>&1; then LD="${LD-ld} -64" fi ;; esac ;; esac fi rm -rf conftest* ;; esac need_locks="$enable_libtool_lock" if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}mt", so it can be a program name with args. set dummy ${ac_tool_prefix}mt; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_MANIFEST_TOOL+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$MANIFEST_TOOL"; then ac_cv_prog_MANIFEST_TOOL="$MANIFEST_TOOL" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_MANIFEST_TOOL="${ac_tool_prefix}mt" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi MANIFEST_TOOL=$ac_cv_prog_MANIFEST_TOOL if test -n "$MANIFEST_TOOL"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MANIFEST_TOOL" >&5 $as_echo "$MANIFEST_TOOL" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_prog_MANIFEST_TOOL"; then ac_ct_MANIFEST_TOOL=$MANIFEST_TOOL # Extract the first word of "mt", so it can be a program name with args. set dummy mt; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ac_ct_MANIFEST_TOOL+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_MANIFEST_TOOL"; then ac_cv_prog_ac_ct_MANIFEST_TOOL="$ac_ct_MANIFEST_TOOL" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_MANIFEST_TOOL="mt" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_MANIFEST_TOOL=$ac_cv_prog_ac_ct_MANIFEST_TOOL if test -n "$ac_ct_MANIFEST_TOOL"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_MANIFEST_TOOL" >&5 $as_echo "$ac_ct_MANIFEST_TOOL" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_ct_MANIFEST_TOOL" = x; then MANIFEST_TOOL=":" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac MANIFEST_TOOL=$ac_ct_MANIFEST_TOOL fi else MANIFEST_TOOL="$ac_cv_prog_MANIFEST_TOOL" fi test -z "$MANIFEST_TOOL" && MANIFEST_TOOL=mt { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $MANIFEST_TOOL is a manifest tool" >&5 $as_echo_n "checking if $MANIFEST_TOOL is a manifest tool... " >&6; } if ${lt_cv_path_mainfest_tool+:} false; then : $as_echo_n "(cached) " >&6 else lt_cv_path_mainfest_tool=no echo "$as_me:$LINENO: $MANIFEST_TOOL '-?'" >&5 $MANIFEST_TOOL '-?' 2>conftest.err > conftest.out cat conftest.err >&5 if $GREP 'Manifest Tool' conftest.out > /dev/null; then lt_cv_path_mainfest_tool=yes fi rm -f conftest* fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_mainfest_tool" >&5 $as_echo "$lt_cv_path_mainfest_tool" >&6; } if test "x$lt_cv_path_mainfest_tool" != xyes; then MANIFEST_TOOL=: fi case $host_os in rhapsody* | darwin*) if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}dsymutil", so it can be a program name with args. set dummy ${ac_tool_prefix}dsymutil; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_DSYMUTIL+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$DSYMUTIL"; then ac_cv_prog_DSYMUTIL="$DSYMUTIL" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_DSYMUTIL="${ac_tool_prefix}dsymutil" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi DSYMUTIL=$ac_cv_prog_DSYMUTIL if test -n "$DSYMUTIL"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $DSYMUTIL" >&5 $as_echo "$DSYMUTIL" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_prog_DSYMUTIL"; then ac_ct_DSYMUTIL=$DSYMUTIL # Extract the first word of "dsymutil", so it can be a program name with args. set dummy dsymutil; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ac_ct_DSYMUTIL+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_DSYMUTIL"; then ac_cv_prog_ac_ct_DSYMUTIL="$ac_ct_DSYMUTIL" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_DSYMUTIL="dsymutil" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_DSYMUTIL=$ac_cv_prog_ac_ct_DSYMUTIL if test -n "$ac_ct_DSYMUTIL"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DSYMUTIL" >&5 $as_echo "$ac_ct_DSYMUTIL" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_ct_DSYMUTIL" = x; then DSYMUTIL=":" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac DSYMUTIL=$ac_ct_DSYMUTIL fi else DSYMUTIL="$ac_cv_prog_DSYMUTIL" fi if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}nmedit", so it can be a program name with args. set dummy ${ac_tool_prefix}nmedit; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_NMEDIT+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$NMEDIT"; then ac_cv_prog_NMEDIT="$NMEDIT" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_NMEDIT="${ac_tool_prefix}nmedit" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi NMEDIT=$ac_cv_prog_NMEDIT if test -n "$NMEDIT"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $NMEDIT" >&5 $as_echo "$NMEDIT" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_prog_NMEDIT"; then ac_ct_NMEDIT=$NMEDIT # Extract the first word of "nmedit", so it can be a program name with args. set dummy nmedit; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ac_ct_NMEDIT+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_NMEDIT"; then ac_cv_prog_ac_ct_NMEDIT="$ac_ct_NMEDIT" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_NMEDIT="nmedit" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_NMEDIT=$ac_cv_prog_ac_ct_NMEDIT if test -n "$ac_ct_NMEDIT"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_NMEDIT" >&5 $as_echo "$ac_ct_NMEDIT" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_ct_NMEDIT" = x; then NMEDIT=":" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac NMEDIT=$ac_ct_NMEDIT fi else NMEDIT="$ac_cv_prog_NMEDIT" fi if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}lipo", so it can be a program name with args. set dummy ${ac_tool_prefix}lipo; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_LIPO+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$LIPO"; then ac_cv_prog_LIPO="$LIPO" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_LIPO="${ac_tool_prefix}lipo" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi LIPO=$ac_cv_prog_LIPO if test -n "$LIPO"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIPO" >&5 $as_echo "$LIPO" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_prog_LIPO"; then ac_ct_LIPO=$LIPO # Extract the first word of "lipo", so it can be a program name with args. set dummy lipo; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ac_ct_LIPO+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_LIPO"; then ac_cv_prog_ac_ct_LIPO="$ac_ct_LIPO" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_LIPO="lipo" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_LIPO=$ac_cv_prog_ac_ct_LIPO if test -n "$ac_ct_LIPO"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_LIPO" >&5 $as_echo "$ac_ct_LIPO" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_ct_LIPO" = x; then LIPO=":" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac LIPO=$ac_ct_LIPO fi else LIPO="$ac_cv_prog_LIPO" fi if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}otool", so it can be a program name with args. set dummy ${ac_tool_prefix}otool; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_OTOOL+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$OTOOL"; then ac_cv_prog_OTOOL="$OTOOL" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_OTOOL="${ac_tool_prefix}otool" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi OTOOL=$ac_cv_prog_OTOOL if test -n "$OTOOL"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OTOOL" >&5 $as_echo "$OTOOL" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_prog_OTOOL"; then ac_ct_OTOOL=$OTOOL # Extract the first word of "otool", so it can be a program name with args. set dummy otool; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ac_ct_OTOOL+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_OTOOL"; then ac_cv_prog_ac_ct_OTOOL="$ac_ct_OTOOL" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_OTOOL="otool" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_OTOOL=$ac_cv_prog_ac_ct_OTOOL if test -n "$ac_ct_OTOOL"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OTOOL" >&5 $as_echo "$ac_ct_OTOOL" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_ct_OTOOL" = x; then OTOOL=":" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac OTOOL=$ac_ct_OTOOL fi else OTOOL="$ac_cv_prog_OTOOL" fi if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}otool64", so it can be a program name with args. set dummy ${ac_tool_prefix}otool64; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_OTOOL64+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$OTOOL64"; then ac_cv_prog_OTOOL64="$OTOOL64" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_OTOOL64="${ac_tool_prefix}otool64" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi OTOOL64=$ac_cv_prog_OTOOL64 if test -n "$OTOOL64"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OTOOL64" >&5 $as_echo "$OTOOL64" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_prog_OTOOL64"; then ac_ct_OTOOL64=$OTOOL64 # Extract the first word of "otool64", so it can be a program name with args. set dummy otool64; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ac_ct_OTOOL64+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_OTOOL64"; then ac_cv_prog_ac_ct_OTOOL64="$ac_ct_OTOOL64" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_OTOOL64="otool64" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_OTOOL64=$ac_cv_prog_ac_ct_OTOOL64 if test -n "$ac_ct_OTOOL64"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OTOOL64" >&5 $as_echo "$ac_ct_OTOOL64" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_ct_OTOOL64" = x; then OTOOL64=":" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac OTOOL64=$ac_ct_OTOOL64 fi else OTOOL64="$ac_cv_prog_OTOOL64" fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -single_module linker flag" >&5 $as_echo_n "checking for -single_module linker flag... " >&6; } if ${lt_cv_apple_cc_single_mod+:} false; then : $as_echo_n "(cached) " >&6 else lt_cv_apple_cc_single_mod=no if test -z "${LT_MULTI_MODULE}"; then # By default we will add the -single_module flag. You can override # by either setting the environment variable LT_MULTI_MODULE # non-empty at configure time, or by adding -multi_module to the # link flags. rm -rf libconftest.dylib* echo "int foo(void){return 1;}" > conftest.c echo "$LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \ -dynamiclib -Wl,-single_module conftest.c" >&5 $LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \ -dynamiclib -Wl,-single_module conftest.c 2>conftest.err _lt_result=$? # If there is a non-empty error log, and "single_module" # appears in it, assume the flag caused a linker warning if test -s conftest.err && $GREP single_module conftest.err; then cat conftest.err >&5 # Otherwise, if the output was created with a 0 exit code from # the compiler, it worked. elif test -f libconftest.dylib && test $_lt_result -eq 0; then lt_cv_apple_cc_single_mod=yes else cat conftest.err >&5 fi rm -rf libconftest.dylib* rm -f conftest.* fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_apple_cc_single_mod" >&5 $as_echo "$lt_cv_apple_cc_single_mod" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -exported_symbols_list linker flag" >&5 $as_echo_n "checking for -exported_symbols_list linker flag... " >&6; } if ${lt_cv_ld_exported_symbols_list+:} false; then : $as_echo_n "(cached) " >&6 else lt_cv_ld_exported_symbols_list=no save_LDFLAGS=$LDFLAGS echo "_main" > conftest.sym LDFLAGS="$LDFLAGS -Wl,-exported_symbols_list,conftest.sym" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : lt_cv_ld_exported_symbols_list=yes else lt_cv_ld_exported_symbols_list=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LDFLAGS="$save_LDFLAGS" fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_exported_symbols_list" >&5 $as_echo "$lt_cv_ld_exported_symbols_list" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -force_load linker flag" >&5 $as_echo_n "checking for -force_load linker flag... " >&6; } if ${lt_cv_ld_force_load+:} false; then : $as_echo_n "(cached) " >&6 else lt_cv_ld_force_load=no cat > conftest.c << _LT_EOF int forced_loaded() { return 2;} _LT_EOF echo "$LTCC $LTCFLAGS -c -o conftest.o conftest.c" >&5 $LTCC $LTCFLAGS -c -o conftest.o conftest.c 2>&5 echo "$AR cru libconftest.a conftest.o" >&5 $AR cru libconftest.a conftest.o 2>&5 echo "$RANLIB libconftest.a" >&5 $RANLIB libconftest.a 2>&5 cat > conftest.c << _LT_EOF int main() { return 0;} _LT_EOF echo "$LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a" >&5 $LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a 2>conftest.err _lt_result=$? if test -s conftest.err && $GREP force_load conftest.err; then cat conftest.err >&5 elif test -f conftest && test $_lt_result -eq 0 && $GREP forced_load conftest >/dev/null 2>&1 ; then lt_cv_ld_force_load=yes else cat conftest.err >&5 fi rm -f conftest.err libconftest.a conftest conftest.c rm -rf conftest.dSYM fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_force_load" >&5 $as_echo "$lt_cv_ld_force_load" >&6; } case $host_os in rhapsody* | darwin1.[012]) _lt_dar_allow_undefined='${wl}-undefined ${wl}suppress' ;; darwin1.*) _lt_dar_allow_undefined='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' ;; darwin*) # darwin 5.x on # if running on 10.5 or later, the deployment target defaults # to the OS version, if on x86, and 10.4, the deployment # target defaults to 10.4. Don't you love it? case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in 10.0,*86*-darwin8*|10.0,*-darwin[91]*) _lt_dar_allow_undefined='${wl}-undefined ${wl}dynamic_lookup' ;; 10.[012]*) _lt_dar_allow_undefined='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' ;; 10.*) _lt_dar_allow_undefined='${wl}-undefined ${wl}dynamic_lookup' ;; esac ;; esac if test "$lt_cv_apple_cc_single_mod" = "yes"; then _lt_dar_single_mod='$single_module' fi if test "$lt_cv_ld_exported_symbols_list" = "yes"; then _lt_dar_export_syms=' ${wl}-exported_symbols_list,$output_objdir/${libname}-symbols.expsym' else _lt_dar_export_syms='~$NMEDIT -s $output_objdir/${libname}-symbols.expsym ${lib}' fi if test "$DSYMUTIL" != ":" && test "$lt_cv_ld_force_load" = "no"; then _lt_dsymutil='~$DSYMUTIL $lib || :' else _lt_dsymutil= fi ;; esac ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5 $as_echo_n "checking how to run the C preprocessor... " >&6; } # On Suns, sometimes $CPP names a directory. if test -n "$CPP" && test -d "$CPP"; then CPP= fi if test -z "$CPP"; then if ${ac_cv_prog_CPP+:} false; then : $as_echo_n "(cached) " >&6 else # Double quotes because CPP needs to be expanded for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp" do ac_preproc_ok=false for ac_c_preproc_warn_flag in '' yes do # Use a header file that comes with gcc, so configuring glibc # with a fresh cross-compiler works. # Prefer to if __STDC__ is defined, since # exists even on freestanding compilers. # On the NeXT, cc -E runs the code through the compiler's parser, # not just through cpp. "Syntax error" is here to catch this case. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifdef __STDC__ # include #else # include #endif Syntax error _ACEOF if ac_fn_c_try_cpp "$LINENO"; then : else # Broken: fails on valid input. continue fi rm -f conftest.err conftest.i conftest.$ac_ext # OK, works on sane cases. Now check whether nonexistent headers # can be detected and how. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if ac_fn_c_try_cpp "$LINENO"; then : # Broken: success on invalid input. continue else # Passes both tests. ac_preproc_ok=: break fi rm -f conftest.err conftest.i conftest.$ac_ext done # Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. rm -f conftest.i conftest.err conftest.$ac_ext if $ac_preproc_ok; then : break fi done ac_cv_prog_CPP=$CPP fi CPP=$ac_cv_prog_CPP else ac_cv_prog_CPP=$CPP fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5 $as_echo "$CPP" >&6; } ac_preproc_ok=false for ac_c_preproc_warn_flag in '' yes do # Use a header file that comes with gcc, so configuring glibc # with a fresh cross-compiler works. # Prefer to if __STDC__ is defined, since # exists even on freestanding compilers. # On the NeXT, cc -E runs the code through the compiler's parser, # not just through cpp. "Syntax error" is here to catch this case. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifdef __STDC__ # include #else # include #endif Syntax error _ACEOF if ac_fn_c_try_cpp "$LINENO"; then : else # Broken: fails on valid input. continue fi rm -f conftest.err conftest.i conftest.$ac_ext # OK, works on sane cases. Now check whether nonexistent headers # can be detected and how. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if ac_fn_c_try_cpp "$LINENO"; then : # Broken: success on invalid input. continue else # Passes both tests. ac_preproc_ok=: break fi rm -f conftest.err conftest.i conftest.$ac_ext done # Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. rm -f conftest.i conftest.err conftest.$ac_ext if $ac_preproc_ok; then : else { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "C preprocessor \"$CPP\" fails sanity check See \`config.log' for more details" "$LINENO" 5; } fi ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5 $as_echo_n "checking for ANSI C header files... " >&6; } if ${ac_cv_header_stdc+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include #include #include int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_header_stdc=yes else ac_cv_header_stdc=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext if test $ac_cv_header_stdc = yes; then # SunOS 4.x string.h does not declare mem*, contrary to ANSI. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "memchr" >/dev/null 2>&1; then : else ac_cv_header_stdc=no fi rm -f conftest* fi if test $ac_cv_header_stdc = yes; then # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "free" >/dev/null 2>&1; then : else ac_cv_header_stdc=no fi rm -f conftest* fi if test $ac_cv_header_stdc = yes; then # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. if test "$cross_compiling" = yes; then : : else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include #if ((' ' & 0x0FF) == 0x020) # define ISLOWER(c) ('a' <= (c) && (c) <= 'z') # define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) #else # define ISLOWER(c) \ (('a' <= (c) && (c) <= 'i') \ || ('j' <= (c) && (c) <= 'r') \ || ('s' <= (c) && (c) <= 'z')) # define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c)) #endif #define XOR(e, f) (((e) && !(f)) || (!(e) && (f))) int main () { int i; for (i = 0; i < 256; i++) if (XOR (islower (i), ISLOWER (i)) || toupper (i) != TOUPPER (i)) return 2; return 0; } _ACEOF if ac_fn_c_try_run "$LINENO"; then : else ac_cv_header_stdc=no fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext fi fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5 $as_echo "$ac_cv_header_stdc" >&6; } if test $ac_cv_header_stdc = yes; then $as_echo "#define STDC_HEADERS 1" >>confdefs.h fi # On IRIX 5.3, sys/types and inttypes.h are conflicting. for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \ inttypes.h stdint.h unistd.h do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default " if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF fi done for ac_header in dlfcn.h do : ac_fn_c_check_header_compile "$LINENO" "dlfcn.h" "ac_cv_header_dlfcn_h" "$ac_includes_default " if test "x$ac_cv_header_dlfcn_h" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_DLFCN_H 1 _ACEOF fi done # Set options enable_dlopen=yes enable_win32_dll=yes case $host in *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-cegcc*) if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}as", so it can be a program name with args. set dummy ${ac_tool_prefix}as; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_AS+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$AS"; then ac_cv_prog_AS="$AS" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_AS="${ac_tool_prefix}as" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi AS=$ac_cv_prog_AS if test -n "$AS"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AS" >&5 $as_echo "$AS" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_prog_AS"; then ac_ct_AS=$AS # Extract the first word of "as", so it can be a program name with args. set dummy as; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ac_ct_AS+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_AS"; then ac_cv_prog_ac_ct_AS="$ac_ct_AS" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_AS="as" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_AS=$ac_cv_prog_ac_ct_AS if test -n "$ac_ct_AS"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_AS" >&5 $as_echo "$ac_ct_AS" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_ct_AS" = x; then AS="false" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac AS=$ac_ct_AS fi else AS="$ac_cv_prog_AS" fi if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}dlltool", so it can be a program name with args. set dummy ${ac_tool_prefix}dlltool; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_DLLTOOL+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$DLLTOOL"; then ac_cv_prog_DLLTOOL="$DLLTOOL" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_DLLTOOL="${ac_tool_prefix}dlltool" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi DLLTOOL=$ac_cv_prog_DLLTOOL if test -n "$DLLTOOL"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $DLLTOOL" >&5 $as_echo "$DLLTOOL" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_prog_DLLTOOL"; then ac_ct_DLLTOOL=$DLLTOOL # Extract the first word of "dlltool", so it can be a program name with args. set dummy dlltool; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ac_ct_DLLTOOL+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_DLLTOOL"; then ac_cv_prog_ac_ct_DLLTOOL="$ac_ct_DLLTOOL" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_DLLTOOL="dlltool" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_DLLTOOL=$ac_cv_prog_ac_ct_DLLTOOL if test -n "$ac_ct_DLLTOOL"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DLLTOOL" >&5 $as_echo "$ac_ct_DLLTOOL" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_ct_DLLTOOL" = x; then DLLTOOL="false" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac DLLTOOL=$ac_ct_DLLTOOL fi else DLLTOOL="$ac_cv_prog_DLLTOOL" fi if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}objdump", so it can be a program name with args. set dummy ${ac_tool_prefix}objdump; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_OBJDUMP+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$OBJDUMP"; then ac_cv_prog_OBJDUMP="$OBJDUMP" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_OBJDUMP="${ac_tool_prefix}objdump" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi OBJDUMP=$ac_cv_prog_OBJDUMP if test -n "$OBJDUMP"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OBJDUMP" >&5 $as_echo "$OBJDUMP" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_prog_OBJDUMP"; then ac_ct_OBJDUMP=$OBJDUMP # Extract the first word of "objdump", so it can be a program name with args. set dummy objdump; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ac_ct_OBJDUMP+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_OBJDUMP"; then ac_cv_prog_ac_ct_OBJDUMP="$ac_ct_OBJDUMP" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_OBJDUMP="objdump" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_OBJDUMP=$ac_cv_prog_ac_ct_OBJDUMP if test -n "$ac_ct_OBJDUMP"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OBJDUMP" >&5 $as_echo "$ac_ct_OBJDUMP" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_ct_OBJDUMP" = x; then OBJDUMP="false" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac OBJDUMP=$ac_ct_OBJDUMP fi else OBJDUMP="$ac_cv_prog_OBJDUMP" fi ;; esac test -z "$AS" && AS=as test -z "$DLLTOOL" && DLLTOOL=dlltool test -z "$OBJDUMP" && OBJDUMP=objdump # Check whether --enable-shared was given. if test "${enable_shared+set}" = set; then : enableval=$enable_shared; p=${PACKAGE-default} case $enableval in yes) enable_shared=yes ;; no) enable_shared=no ;; *) enable_shared=no # Look at the argument we got. We use all the common list separators. lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," for pkg in $enableval; do IFS="$lt_save_ifs" if test "X$pkg" = "X$p"; then enable_shared=yes fi done IFS="$lt_save_ifs" ;; esac else enable_shared=yes fi # Check whether --enable-static was given. if test "${enable_static+set}" = set; then : enableval=$enable_static; p=${PACKAGE-default} case $enableval in yes) enable_static=yes ;; no) enable_static=no ;; *) enable_static=no # Look at the argument we got. We use all the common list separators. lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," for pkg in $enableval; do IFS="$lt_save_ifs" if test "X$pkg" = "X$p"; then enable_static=yes fi done IFS="$lt_save_ifs" ;; esac else enable_static=yes fi # Check whether --with-pic was given. if test "${with_pic+set}" = set; then : withval=$with_pic; lt_p=${PACKAGE-default} case $withval in yes|no) pic_mode=$withval ;; *) pic_mode=default # Look at the argument we got. We use all the common list separators. lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," for lt_pkg in $withval; do IFS="$lt_save_ifs" if test "X$lt_pkg" = "X$lt_p"; then pic_mode=yes fi done IFS="$lt_save_ifs" ;; esac else pic_mode=default fi test -z "$pic_mode" && pic_mode=default # Check whether --enable-fast-install was given. if test "${enable_fast_install+set}" = set; then : enableval=$enable_fast_install; p=${PACKAGE-default} case $enableval in yes) enable_fast_install=yes ;; no) enable_fast_install=no ;; *) enable_fast_install=no # Look at the argument we got. We use all the common list separators. lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," for pkg in $enableval; do IFS="$lt_save_ifs" if test "X$pkg" = "X$p"; then enable_fast_install=yes fi done IFS="$lt_save_ifs" ;; esac else enable_fast_install=yes fi # This can be used to rebuild libtool when needed LIBTOOL_DEPS="$ltmain" # Always use our own libtool. LIBTOOL='$(SHELL) $(top_builddir)/libtool' test -z "$LN_S" && LN_S="ln -s" if test -n "${ZSH_VERSION+set}" ; then setopt NO_GLOB_SUBST fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for objdir" >&5 $as_echo_n "checking for objdir... " >&6; } if ${lt_cv_objdir+:} false; then : $as_echo_n "(cached) " >&6 else rm -f .libs 2>/dev/null mkdir .libs 2>/dev/null if test -d .libs; then lt_cv_objdir=.libs else # MS-DOS does not allow filenames that begin with a dot. lt_cv_objdir=_libs fi rmdir .libs 2>/dev/null fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_objdir" >&5 $as_echo "$lt_cv_objdir" >&6; } objdir=$lt_cv_objdir cat >>confdefs.h <<_ACEOF #define LT_OBJDIR "$lt_cv_objdir/" _ACEOF case $host_os in aix3*) # AIX sometimes has problems with the GCC collect2 program. For some # reason, if we set the COLLECT_NAMES environment variable, the problems # vanish in a puff of smoke. if test "X${COLLECT_NAMES+set}" != Xset; then COLLECT_NAMES= export COLLECT_NAMES fi ;; esac # Global variables: ofile=libtool can_build_shared=yes # All known linkers require a `.a' archive for static linking (except MSVC, # which needs '.lib'). libext=a with_gnu_ld="$lt_cv_prog_gnu_ld" old_CC="$CC" old_CFLAGS="$CFLAGS" # Set sane defaults for various variables test -z "$CC" && CC=cc test -z "$LTCC" && LTCC=$CC test -z "$LTCFLAGS" && LTCFLAGS=$CFLAGS test -z "$LD" && LD=ld test -z "$ac_objext" && ac_objext=o for cc_temp in $compiler""; do case $cc_temp in compile | *[\\/]compile | ccache | *[\\/]ccache ) ;; distcc | *[\\/]distcc | purify | *[\\/]purify ) ;; \-*) ;; *) break;; esac done cc_basename=`$ECHO "$cc_temp" | $SED "s%.*/%%; s%^$host_alias-%%"` # Only perform the check for file, if the check method requires it test -z "$MAGIC_CMD" && MAGIC_CMD=file case $deplibs_check_method in file_magic*) if test "$file_magic_cmd" = '$MAGIC_CMD'; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ${ac_tool_prefix}file" >&5 $as_echo_n "checking for ${ac_tool_prefix}file... " >&6; } if ${lt_cv_path_MAGIC_CMD+:} false; then : $as_echo_n "(cached) " >&6 else case $MAGIC_CMD in [\\/*] | ?:[\\/]*) lt_cv_path_MAGIC_CMD="$MAGIC_CMD" # Let the user override the test with a path. ;; *) lt_save_MAGIC_CMD="$MAGIC_CMD" lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR ac_dummy="/usr/bin$PATH_SEPARATOR$PATH" for ac_dir in $ac_dummy; do IFS="$lt_save_ifs" test -z "$ac_dir" && ac_dir=. if test -f $ac_dir/${ac_tool_prefix}file; then lt_cv_path_MAGIC_CMD="$ac_dir/${ac_tool_prefix}file" if test -n "$file_magic_test_file"; then case $deplibs_check_method in "file_magic "*) file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"` MAGIC_CMD="$lt_cv_path_MAGIC_CMD" if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null | $EGREP "$file_magic_regex" > /dev/null; then : else cat <<_LT_EOF 1>&2 *** Warning: the command libtool uses to detect shared libraries, *** $file_magic_cmd, produces output that libtool cannot recognize. *** The result is that libtool may fail to recognize shared libraries *** as such. This will affect the creation of libtool libraries that *** depend on shared libraries, but programs linked with such libtool *** libraries will work regardless of this problem. Nevertheless, you *** may want to report the problem to your system manager and/or to *** bug-libtool@gnu.org _LT_EOF fi ;; esac fi break fi done IFS="$lt_save_ifs" MAGIC_CMD="$lt_save_MAGIC_CMD" ;; esac fi MAGIC_CMD="$lt_cv_path_MAGIC_CMD" if test -n "$MAGIC_CMD"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5 $as_echo "$MAGIC_CMD" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test -z "$lt_cv_path_MAGIC_CMD"; then if test -n "$ac_tool_prefix"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for file" >&5 $as_echo_n "checking for file... " >&6; } if ${lt_cv_path_MAGIC_CMD+:} false; then : $as_echo_n "(cached) " >&6 else case $MAGIC_CMD in [\\/*] | ?:[\\/]*) lt_cv_path_MAGIC_CMD="$MAGIC_CMD" # Let the user override the test with a path. ;; *) lt_save_MAGIC_CMD="$MAGIC_CMD" lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR ac_dummy="/usr/bin$PATH_SEPARATOR$PATH" for ac_dir in $ac_dummy; do IFS="$lt_save_ifs" test -z "$ac_dir" && ac_dir=. if test -f $ac_dir/file; then lt_cv_path_MAGIC_CMD="$ac_dir/file" if test -n "$file_magic_test_file"; then case $deplibs_check_method in "file_magic "*) file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"` MAGIC_CMD="$lt_cv_path_MAGIC_CMD" if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null | $EGREP "$file_magic_regex" > /dev/null; then : else cat <<_LT_EOF 1>&2 *** Warning: the command libtool uses to detect shared libraries, *** $file_magic_cmd, produces output that libtool cannot recognize. *** The result is that libtool may fail to recognize shared libraries *** as such. This will affect the creation of libtool libraries that *** depend on shared libraries, but programs linked with such libtool *** libraries will work regardless of this problem. Nevertheless, you *** may want to report the problem to your system manager and/or to *** bug-libtool@gnu.org _LT_EOF fi ;; esac fi break fi done IFS="$lt_save_ifs" MAGIC_CMD="$lt_save_MAGIC_CMD" ;; esac fi MAGIC_CMD="$lt_cv_path_MAGIC_CMD" if test -n "$MAGIC_CMD"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5 $as_echo "$MAGIC_CMD" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi else MAGIC_CMD=: fi fi fi ;; esac # Use C for the default configuration in the libtool script lt_save_CC="$CC" ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu # Source file extension for C test sources. ac_ext=c # Object file extension for compiled C test sources. objext=o objext=$objext # Code to be used in simple compile tests lt_simple_compile_test_code="int some_variable = 0;" # Code to be used in simple link tests lt_simple_link_test_code='int main(){return(0);}' # If no C compiler was specified, use CC. LTCC=${LTCC-"$CC"} # If no C compiler flags were specified, use CFLAGS. LTCFLAGS=${LTCFLAGS-"$CFLAGS"} # Allow CC to be a program name with arguments. compiler=$CC # Save the default compiler, since it gets overwritten when the other # tags are being tested, and _LT_TAGVAR(compiler, []) is a NOP. compiler_DEFAULT=$CC # save warnings/boilerplate of simple test code ac_outfile=conftest.$ac_objext echo "$lt_simple_compile_test_code" >conftest.$ac_ext eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err _lt_compiler_boilerplate=`cat conftest.err` $RM conftest* ac_outfile=conftest.$ac_objext echo "$lt_simple_link_test_code" >conftest.$ac_ext eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err _lt_linker_boilerplate=`cat conftest.err` $RM -r conftest* ## CAVEAT EMPTOR: ## There is no encapsulation within the following macros, do not change ## the running order or otherwise move them around unless you know exactly ## what you are doing... if test -n "$compiler"; then lt_prog_compiler_no_builtin_flag= if test "$GCC" = yes; then case $cc_basename in nvcc*) lt_prog_compiler_no_builtin_flag=' -Xcompiler -fno-builtin' ;; *) lt_prog_compiler_no_builtin_flag=' -fno-builtin' ;; esac { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -fno-rtti -fno-exceptions" >&5 $as_echo_n "checking if $compiler supports -fno-rtti -fno-exceptions... " >&6; } if ${lt_cv_prog_compiler_rtti_exceptions+:} false; then : $as_echo_n "(cached) " >&6 else lt_cv_prog_compiler_rtti_exceptions=no ac_outfile=conftest.$ac_objext echo "$lt_simple_compile_test_code" > conftest.$ac_ext lt_compiler_flag="-fno-rtti -fno-exceptions" # Insert the option either (1) after the last *FLAGS variable, or # (2) before a word containing "conftest.", or (3) at the end. # Note that $ac_compile itself does not contain backslashes and begins # with a dollar sign (not a hyphen), so the echo should work correctly. # The option is referenced via a variable to avoid confusing sed. lt_compile=`echo "$ac_compile" | $SED \ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' >conftest.exp $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then lt_cv_prog_compiler_rtti_exceptions=yes fi fi $RM conftest* fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_rtti_exceptions" >&5 $as_echo "$lt_cv_prog_compiler_rtti_exceptions" >&6; } if test x"$lt_cv_prog_compiler_rtti_exceptions" = xyes; then lt_prog_compiler_no_builtin_flag="$lt_prog_compiler_no_builtin_flag -fno-rtti -fno-exceptions" else : fi fi lt_prog_compiler_wl= lt_prog_compiler_pic= lt_prog_compiler_static= if test "$GCC" = yes; then lt_prog_compiler_wl='-Wl,' lt_prog_compiler_static='-static' case $host_os in aix*) # All AIX code is PIC. if test "$host_cpu" = ia64; then # AIX 5 now supports IA64 processor lt_prog_compiler_static='-Bstatic' fi ;; amigaos*) case $host_cpu in powerpc) # see comment about AmigaOS4 .so support lt_prog_compiler_pic='-fPIC' ;; m68k) # FIXME: we need at least 68020 code to build shared libraries, but # adding the `-m68020' flag to GCC prevents building anything better, # like `-m68040'. lt_prog_compiler_pic='-m68020 -resident32 -malways-restore-a4' ;; esac ;; beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) # PIC is the default for these OSes. ;; mingw* | cygwin* | pw32* | os2* | cegcc*) # This hack is so that the source file can tell whether it is being # built for inclusion in a dll (and should export symbols for example). # Although the cygwin gcc ignores -fPIC, still need this for old-style # (--disable-auto-import) libraries lt_prog_compiler_pic='-DDLL_EXPORT' ;; darwin* | rhapsody*) # PIC is the default on this platform # Common symbols not allowed in MH_DYLIB files lt_prog_compiler_pic='-fno-common' ;; haiku*) # PIC is the default for Haiku. # The "-static" flag exists, but is broken. lt_prog_compiler_static= ;; hpux*) # PIC is the default for 64-bit PA HP-UX, but not for 32-bit # PA HP-UX. On IA64 HP-UX, PIC is the default but the pic flag # sets the default TLS model and affects inlining. case $host_cpu in hppa*64*) # +Z the default ;; *) lt_prog_compiler_pic='-fPIC' ;; esac ;; interix[3-9]*) # Interix 3.x gcc -fpic/-fPIC options generate broken code. # Instead, we relocate shared libraries at runtime. ;; msdosdjgpp*) # Just because we use GCC doesn't mean we suddenly get shared libraries # on systems that don't support them. lt_prog_compiler_can_build_shared=no enable_shared=no ;; *nto* | *qnx*) # QNX uses GNU C++, but need to define -shared option too, otherwise # it will coredump. lt_prog_compiler_pic='-fPIC -shared' ;; sysv4*MP*) if test -d /usr/nec; then lt_prog_compiler_pic=-Kconform_pic fi ;; *) lt_prog_compiler_pic='-fPIC' ;; esac case $cc_basename in nvcc*) # Cuda Compiler Driver 2.2 lt_prog_compiler_wl='-Xlinker ' if test -n "$lt_prog_compiler_pic"; then lt_prog_compiler_pic="-Xcompiler $lt_prog_compiler_pic" fi ;; esac else # PORTME Check for flag to pass linker flags through the system compiler. case $host_os in aix*) lt_prog_compiler_wl='-Wl,' if test "$host_cpu" = ia64; then # AIX 5 now supports IA64 processor lt_prog_compiler_static='-Bstatic' else lt_prog_compiler_static='-bnso -bI:/lib/syscalls.exp' fi ;; mingw* | cygwin* | pw32* | os2* | cegcc*) # This hack is so that the source file can tell whether it is being # built for inclusion in a dll (and should export symbols for example). lt_prog_compiler_pic='-DDLL_EXPORT' ;; hpux9* | hpux10* | hpux11*) lt_prog_compiler_wl='-Wl,' # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but # not for PA HP-UX. case $host_cpu in hppa*64*|ia64*) # +Z the default ;; *) lt_prog_compiler_pic='+Z' ;; esac # Is there a better lt_prog_compiler_static that works with the bundled CC? lt_prog_compiler_static='${wl}-a ${wl}archive' ;; irix5* | irix6* | nonstopux*) lt_prog_compiler_wl='-Wl,' # PIC (with -KPIC) is the default. lt_prog_compiler_static='-non_shared' ;; linux* | k*bsd*-gnu | kopensolaris*-gnu) case $cc_basename in # old Intel for x86_64 which still supported -KPIC. ecc*) lt_prog_compiler_wl='-Wl,' lt_prog_compiler_pic='-KPIC' lt_prog_compiler_static='-static' ;; # icc used to be incompatible with GCC. # ICC 10 doesn't accept -KPIC any more. icc* | ifort*) lt_prog_compiler_wl='-Wl,' lt_prog_compiler_pic='-fPIC' lt_prog_compiler_static='-static' ;; # Lahey Fortran 8.1. lf95*) lt_prog_compiler_wl='-Wl,' lt_prog_compiler_pic='--shared' lt_prog_compiler_static='--static' ;; nagfor*) # NAG Fortran compiler lt_prog_compiler_wl='-Wl,-Wl,,' lt_prog_compiler_pic='-PIC' lt_prog_compiler_static='-Bstatic' ;; pgcc* | pgf77* | pgf90* | pgf95* | pgfortran*) # Portland Group compilers (*not* the Pentium gcc compiler, # which looks to be a dead project) lt_prog_compiler_wl='-Wl,' lt_prog_compiler_pic='-fpic' lt_prog_compiler_static='-Bstatic' ;; ccc*) lt_prog_compiler_wl='-Wl,' # All Alpha code is PIC. lt_prog_compiler_static='-non_shared' ;; xl* | bgxl* | bgf* | mpixl*) # IBM XL C 8.0/Fortran 10.1, 11.1 on PPC and BlueGene lt_prog_compiler_wl='-Wl,' lt_prog_compiler_pic='-qpic' lt_prog_compiler_static='-qstaticlink' ;; *) case `$CC -V 2>&1 | sed 5q` in *Sun\ Ceres\ Fortran* | *Sun*Fortran*\ [1-7].* | *Sun*Fortran*\ 8.[0-3]*) # Sun Fortran 8.3 passes all unrecognized flags to the linker lt_prog_compiler_pic='-KPIC' lt_prog_compiler_static='-Bstatic' lt_prog_compiler_wl='' ;; *Sun\ F* | *Sun*Fortran*) lt_prog_compiler_pic='-KPIC' lt_prog_compiler_static='-Bstatic' lt_prog_compiler_wl='-Qoption ld ' ;; *Sun\ C*) # Sun C 5.9 lt_prog_compiler_pic='-KPIC' lt_prog_compiler_static='-Bstatic' lt_prog_compiler_wl='-Wl,' ;; *Intel*\ [CF]*Compiler*) lt_prog_compiler_wl='-Wl,' lt_prog_compiler_pic='-fPIC' lt_prog_compiler_static='-static' ;; *Portland\ Group*) lt_prog_compiler_wl='-Wl,' lt_prog_compiler_pic='-fpic' lt_prog_compiler_static='-Bstatic' ;; esac ;; esac ;; newsos6) lt_prog_compiler_pic='-KPIC' lt_prog_compiler_static='-Bstatic' ;; *nto* | *qnx*) # QNX uses GNU C++, but need to define -shared option too, otherwise # it will coredump. lt_prog_compiler_pic='-fPIC -shared' ;; osf3* | osf4* | osf5*) lt_prog_compiler_wl='-Wl,' # All OSF/1 code is PIC. lt_prog_compiler_static='-non_shared' ;; rdos*) lt_prog_compiler_static='-non_shared' ;; solaris*) lt_prog_compiler_pic='-KPIC' lt_prog_compiler_static='-Bstatic' case $cc_basename in f77* | f90* | f95* | sunf77* | sunf90* | sunf95*) lt_prog_compiler_wl='-Qoption ld ';; *) lt_prog_compiler_wl='-Wl,';; esac ;; sunos4*) lt_prog_compiler_wl='-Qoption ld ' lt_prog_compiler_pic='-PIC' lt_prog_compiler_static='-Bstatic' ;; sysv4 | sysv4.2uw2* | sysv4.3*) lt_prog_compiler_wl='-Wl,' lt_prog_compiler_pic='-KPIC' lt_prog_compiler_static='-Bstatic' ;; sysv4*MP*) if test -d /usr/nec ;then lt_prog_compiler_pic='-Kconform_pic' lt_prog_compiler_static='-Bstatic' fi ;; sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*) lt_prog_compiler_wl='-Wl,' lt_prog_compiler_pic='-KPIC' lt_prog_compiler_static='-Bstatic' ;; unicos*) lt_prog_compiler_wl='-Wl,' lt_prog_compiler_can_build_shared=no ;; uts4*) lt_prog_compiler_pic='-pic' lt_prog_compiler_static='-Bstatic' ;; *) lt_prog_compiler_can_build_shared=no ;; esac fi case $host_os in # For platforms which do not support PIC, -DPIC is meaningless: *djgpp*) lt_prog_compiler_pic= ;; *) lt_prog_compiler_pic="$lt_prog_compiler_pic -DPIC" ;; esac { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $compiler option to produce PIC" >&5 $as_echo_n "checking for $compiler option to produce PIC... " >&6; } if ${lt_cv_prog_compiler_pic+:} false; then : $as_echo_n "(cached) " >&6 else lt_cv_prog_compiler_pic=$lt_prog_compiler_pic fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic" >&5 $as_echo "$lt_cv_prog_compiler_pic" >&6; } lt_prog_compiler_pic=$lt_cv_prog_compiler_pic # # Check to make sure the PIC flag actually works. # if test -n "$lt_prog_compiler_pic"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler PIC flag $lt_prog_compiler_pic works" >&5 $as_echo_n "checking if $compiler PIC flag $lt_prog_compiler_pic works... " >&6; } if ${lt_cv_prog_compiler_pic_works+:} false; then : $as_echo_n "(cached) " >&6 else lt_cv_prog_compiler_pic_works=no ac_outfile=conftest.$ac_objext echo "$lt_simple_compile_test_code" > conftest.$ac_ext lt_compiler_flag="$lt_prog_compiler_pic -DPIC" # Insert the option either (1) after the last *FLAGS variable, or # (2) before a word containing "conftest.", or (3) at the end. # Note that $ac_compile itself does not contain backslashes and begins # with a dollar sign (not a hyphen), so the echo should work correctly. # The option is referenced via a variable to avoid confusing sed. lt_compile=`echo "$ac_compile" | $SED \ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' >conftest.exp $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then lt_cv_prog_compiler_pic_works=yes fi fi $RM conftest* fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic_works" >&5 $as_echo "$lt_cv_prog_compiler_pic_works" >&6; } if test x"$lt_cv_prog_compiler_pic_works" = xyes; then case $lt_prog_compiler_pic in "" | " "*) ;; *) lt_prog_compiler_pic=" $lt_prog_compiler_pic" ;; esac else lt_prog_compiler_pic= lt_prog_compiler_can_build_shared=no fi fi # # Check to make sure the static flag actually works. # wl=$lt_prog_compiler_wl eval lt_tmp_static_flag=\"$lt_prog_compiler_static\" { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler static flag $lt_tmp_static_flag works" >&5 $as_echo_n "checking if $compiler static flag $lt_tmp_static_flag works... " >&6; } if ${lt_cv_prog_compiler_static_works+:} false; then : $as_echo_n "(cached) " >&6 else lt_cv_prog_compiler_static_works=no save_LDFLAGS="$LDFLAGS" LDFLAGS="$LDFLAGS $lt_tmp_static_flag" echo "$lt_simple_link_test_code" > conftest.$ac_ext if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then # The linker can only warn and ignore the option if not recognized # So say no if there are warnings if test -s conftest.err; then # Append any errors to the config.log. cat conftest.err 1>&5 $ECHO "$_lt_linker_boilerplate" | $SED '/^$/d' > conftest.exp $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 if diff conftest.exp conftest.er2 >/dev/null; then lt_cv_prog_compiler_static_works=yes fi else lt_cv_prog_compiler_static_works=yes fi fi $RM -r conftest* LDFLAGS="$save_LDFLAGS" fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_static_works" >&5 $as_echo "$lt_cv_prog_compiler_static_works" >&6; } if test x"$lt_cv_prog_compiler_static_works" = xyes; then : else lt_prog_compiler_static= fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5 $as_echo_n "checking if $compiler supports -c -o file.$ac_objext... " >&6; } if ${lt_cv_prog_compiler_c_o+:} false; then : $as_echo_n "(cached) " >&6 else lt_cv_prog_compiler_c_o=no $RM -r conftest 2>/dev/null mkdir conftest cd conftest mkdir out echo "$lt_simple_compile_test_code" > conftest.$ac_ext lt_compiler_flag="-o out/conftest2.$ac_objext" # Insert the option either (1) after the last *FLAGS variable, or # (2) before a word containing "conftest.", or (3) at the end. # Note that $ac_compile itself does not contain backslashes and begins # with a dollar sign (not a hyphen), so the echo should work correctly. lt_compile=`echo "$ac_compile" | $SED \ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' > out/conftest.exp $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2 if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then lt_cv_prog_compiler_c_o=yes fi fi chmod u+w . 2>&5 $RM conftest* # SGI C++ compiler will create directory out/ii_files/ for # template instantiation test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files $RM out/* && rmdir out cd .. $RM -r conftest $RM conftest* fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5 $as_echo "$lt_cv_prog_compiler_c_o" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5 $as_echo_n "checking if $compiler supports -c -o file.$ac_objext... " >&6; } if ${lt_cv_prog_compiler_c_o+:} false; then : $as_echo_n "(cached) " >&6 else lt_cv_prog_compiler_c_o=no $RM -r conftest 2>/dev/null mkdir conftest cd conftest mkdir out echo "$lt_simple_compile_test_code" > conftest.$ac_ext lt_compiler_flag="-o out/conftest2.$ac_objext" # Insert the option either (1) after the last *FLAGS variable, or # (2) before a word containing "conftest.", or (3) at the end. # Note that $ac_compile itself does not contain backslashes and begins # with a dollar sign (not a hyphen), so the echo should work correctly. lt_compile=`echo "$ac_compile" | $SED \ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' > out/conftest.exp $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2 if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then lt_cv_prog_compiler_c_o=yes fi fi chmod u+w . 2>&5 $RM conftest* # SGI C++ compiler will create directory out/ii_files/ for # template instantiation test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files $RM out/* && rmdir out cd .. $RM -r conftest $RM conftest* fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5 $as_echo "$lt_cv_prog_compiler_c_o" >&6; } hard_links="nottested" if test "$lt_cv_prog_compiler_c_o" = no && test "$need_locks" != no; then # do not overwrite the value of need_locks provided by the user { $as_echo "$as_me:${as_lineno-$LINENO}: checking if we can lock with hard links" >&5 $as_echo_n "checking if we can lock with hard links... " >&6; } hard_links=yes $RM conftest* ln conftest.a conftest.b 2>/dev/null && hard_links=no touch conftest.a ln conftest.a conftest.b 2>&5 || hard_links=no ln conftest.a conftest.b 2>/dev/null && hard_links=no { $as_echo "$as_me:${as_lineno-$LINENO}: result: $hard_links" >&5 $as_echo "$hard_links" >&6; } if test "$hard_links" = no; then { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&5 $as_echo "$as_me: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&2;} need_locks=warn fi else need_locks=no fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the $compiler linker ($LD) supports shared libraries" >&5 $as_echo_n "checking whether the $compiler linker ($LD) supports shared libraries... " >&6; } runpath_var= allow_undefined_flag= always_export_symbols=no archive_cmds= archive_expsym_cmds= compiler_needs_object=no enable_shared_with_static_runtimes=no export_dynamic_flag_spec= export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' hardcode_automatic=no hardcode_direct=no hardcode_direct_absolute=no hardcode_libdir_flag_spec= hardcode_libdir_separator= hardcode_minus_L=no hardcode_shlibpath_var=unsupported inherit_rpath=no link_all_deplibs=unknown module_cmds= module_expsym_cmds= old_archive_from_new_cmds= old_archive_from_expsyms_cmds= thread_safe_flag_spec= whole_archive_flag_spec= # include_expsyms should be a list of space-separated symbols to be *always* # included in the symbol list include_expsyms= # exclude_expsyms can be an extended regexp of symbols to exclude # it will be wrapped by ` (' and `)$', so one must not match beginning or # end of line. Example: `a|bc|.*d.*' will exclude the symbols `a' and `bc', # as well as any symbol that contains `d'. exclude_expsyms='_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*' # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out # platforms (ab)use it in PIC code, but their linkers get confused if # the symbol is explicitly referenced. Since portable code cannot # rely on this symbol name, it's probably fine to never include it in # preloaded symbol tables. # Exclude shared library initialization/finalization symbols. extract_expsyms_cmds= case $host_os in cygwin* | mingw* | pw32* | cegcc*) # FIXME: the MSVC++ port hasn't been tested in a loooong time # When not using gcc, we currently assume that we are using # Microsoft Visual C++. if test "$GCC" != yes; then with_gnu_ld=no fi ;; interix*) # we just hope/assume this is gcc and not c89 (= MSVC++) with_gnu_ld=yes ;; openbsd*) with_gnu_ld=no ;; esac ld_shlibs=yes # On some targets, GNU ld is compatible enough with the native linker # that we're better off using the native interface for both. lt_use_gnu_ld_interface=no if test "$with_gnu_ld" = yes; then case $host_os in aix*) # The AIX port of GNU ld has always aspired to compatibility # with the native linker. However, as the warning in the GNU ld # block says, versions before 2.19.5* couldn't really create working # shared libraries, regardless of the interface used. case `$LD -v 2>&1` in *\ \(GNU\ Binutils\)\ 2.19.5*) ;; *\ \(GNU\ Binutils\)\ 2.[2-9]*) ;; *\ \(GNU\ Binutils\)\ [3-9]*) ;; *) lt_use_gnu_ld_interface=yes ;; esac ;; *) lt_use_gnu_ld_interface=yes ;; esac fi if test "$lt_use_gnu_ld_interface" = yes; then # If archive_cmds runs LD, not CC, wlarc should be empty wlarc='${wl}' # Set some defaults for GNU ld with shared library support. These # are reset later if shared libraries are not supported. Putting them # here allows them to be overridden if necessary. runpath_var=LD_RUN_PATH hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' export_dynamic_flag_spec='${wl}--export-dynamic' # ancient GNU ld didn't support --whole-archive et. al. if $LD --help 2>&1 | $GREP 'no-whole-archive' > /dev/null; then whole_archive_flag_spec="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive' else whole_archive_flag_spec= fi supports_anon_versioning=no case `$LD -v 2>&1` in *GNU\ gold*) supports_anon_versioning=yes ;; *\ [01].* | *\ 2.[0-9].* | *\ 2.10.*) ;; # catch versions < 2.11 *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ... *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ... *\ 2.11.*) ;; # other 2.11 versions *) supports_anon_versioning=yes ;; esac # See if GNU ld supports shared libraries. case $host_os in aix[3-9]*) # On AIX/PPC, the GNU linker is very broken if test "$host_cpu" != ia64; then ld_shlibs=no cat <<_LT_EOF 1>&2 *** Warning: the GNU linker, at least up to release 2.19, is reported *** to be unable to reliably create shared libraries on AIX. *** Therefore, libtool is disabling shared libraries support. If you *** really care for shared libraries, you may want to install binutils *** 2.20 or above, or modify your PATH so that a non-GNU linker is found. *** You will then need to restart the configuration process. _LT_EOF fi ;; amigaos*) case $host_cpu in powerpc) # see comment about AmigaOS4 .so support archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' archive_expsym_cmds='' ;; m68k) archive_cmds='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)' hardcode_libdir_flag_spec='-L$libdir' hardcode_minus_L=yes ;; esac ;; beos*) if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then allow_undefined_flag=unsupported # Joseph Beckenbach says some releases of gcc # support --undefined. This deserves some investigation. FIXME archive_cmds='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' else ld_shlibs=no fi ;; cygwin* | mingw* | pw32* | cegcc*) # _LT_TAGVAR(hardcode_libdir_flag_spec, ) is actually meaningless, # as there is no search path for DLLs. hardcode_libdir_flag_spec='-L$libdir' export_dynamic_flag_spec='${wl}--export-all-symbols' allow_undefined_flag=unsupported always_export_symbols=no enable_shared_with_static_runtimes=yes export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS][ ]/s/.*[ ]\([^ ]*\)/\1 DATA/;s/^.*[ ]__nm__\([^ ]*\)[ ][^ ]*/\1 DATA/;/^I[ ]/d;/^[AITW][ ]/s/.* //'\'' | sort | uniq > $export_symbols' exclude_expsyms='[_]+GLOBAL_OFFSET_TABLE_|[_]+GLOBAL__[FID]_.*|[_]+head_[A-Za-z0-9_]+_dll|[A-Za-z0-9_]+_dll_iname' if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' # If the export-symbols file already is a .def file (1st line # is EXPORTS), use it as is; otherwise, prepend... archive_expsym_cmds='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then cp $export_symbols $output_objdir/$soname.def; else echo EXPORTS > $output_objdir/$soname.def; cat $export_symbols >> $output_objdir/$soname.def; fi~ $CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' else ld_shlibs=no fi ;; haiku*) archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' link_all_deplibs=yes ;; interix[3-9]*) hardcode_direct=no hardcode_shlibpath_var=no hardcode_libdir_flag_spec='${wl}-rpath,$libdir' export_dynamic_flag_spec='${wl}-E' # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc. # Instead, shared libraries are loaded at an image base (0x10000000 by # default) and relocated if they conflict, which is a slow very memory # consuming and fragmenting process. To avoid this, we pick a random, # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link # time. Moving up from 0x10000000 also allows more sbrk(2) space. archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' archive_expsym_cmds='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' ;; gnu* | linux* | tpf* | k*bsd*-gnu | kopensolaris*-gnu) tmp_diet=no if test "$host_os" = linux-dietlibc; then case $cc_basename in diet\ *) tmp_diet=yes;; # linux-dietlibc with static linking (!diet-dyn) esac fi if $LD --help 2>&1 | $EGREP ': supported targets:.* elf' > /dev/null \ && test "$tmp_diet" = no then tmp_addflag=' $pic_flag' tmp_sharedflag='-shared' case $cc_basename,$host_cpu in pgcc*) # Portland Group C compiler whole_archive_flag_spec='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive' tmp_addflag=' $pic_flag' ;; pgf77* | pgf90* | pgf95* | pgfortran*) # Portland Group f77 and f90 compilers whole_archive_flag_spec='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive' tmp_addflag=' $pic_flag -Mnomain' ;; ecc*,ia64* | icc*,ia64*) # Intel C compiler on ia64 tmp_addflag=' -i_dynamic' ;; efc*,ia64* | ifort*,ia64*) # Intel Fortran compiler on ia64 tmp_addflag=' -i_dynamic -nofor_main' ;; ifc* | ifort*) # Intel Fortran compiler tmp_addflag=' -nofor_main' ;; lf95*) # Lahey Fortran 8.1 whole_archive_flag_spec= tmp_sharedflag='--shared' ;; xl[cC]* | bgxl[cC]* | mpixl[cC]*) # IBM XL C 8.0 on PPC (deal with xlf below) tmp_sharedflag='-qmkshrobj' tmp_addflag= ;; nvcc*) # Cuda Compiler Driver 2.2 whole_archive_flag_spec='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive' compiler_needs_object=yes ;; esac case `$CC -V 2>&1 | sed 5q` in *Sun\ C*) # Sun C 5.9 whole_archive_flag_spec='${wl}--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive' compiler_needs_object=yes tmp_sharedflag='-G' ;; *Sun\ F*) # Sun Fortran 8.3 tmp_sharedflag='-G' ;; esac archive_cmds='$CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' if test "x$supports_anon_versioning" = xyes; then archive_expsym_cmds='echo "{ global:" > $output_objdir/$libname.ver~ cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ echo "local: *; };" >> $output_objdir/$libname.ver~ $CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib' fi case $cc_basename in xlf* | bgf* | bgxlf* | mpixlf*) # IBM XL Fortran 10.1 on PPC cannot create shared libs itself whole_archive_flag_spec='--whole-archive$convenience --no-whole-archive' hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' archive_cmds='$LD -shared $libobjs $deplibs $linker_flags -soname $soname -o $lib' if test "x$supports_anon_versioning" = xyes; then archive_expsym_cmds='echo "{ global:" > $output_objdir/$libname.ver~ cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ echo "local: *; };" >> $output_objdir/$libname.ver~ $LD -shared $libobjs $deplibs $linker_flags -soname $soname -version-script $output_objdir/$libname.ver -o $lib' fi ;; esac else ld_shlibs=no fi ;; netbsd*) if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then archive_cmds='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib' wlarc= else archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' fi ;; solaris*) if $LD -v 2>&1 | $GREP 'BFD 2\.8' > /dev/null; then ld_shlibs=no cat <<_LT_EOF 1>&2 *** Warning: The releases 2.8.* of the GNU linker cannot reliably *** create shared libraries on Solaris systems. Therefore, libtool *** is disabling shared libraries support. We urge you to upgrade GNU *** binutils to release 2.9.1 or newer. Another option is to modify *** your PATH or compiler configuration so that the native linker is *** used, and then restart. _LT_EOF elif $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' else ld_shlibs=no fi ;; sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*) case `$LD -v 2>&1` in *\ [01].* | *\ 2.[0-9].* | *\ 2.1[0-5].*) ld_shlibs=no cat <<_LT_EOF 1>&2 *** Warning: Releases of the GNU linker prior to 2.16.91.0.3 can not *** reliably create shared libraries on SCO systems. Therefore, libtool *** is disabling shared libraries support. We urge you to upgrade GNU *** binutils to release 2.16.91.0.3 or newer. Another option is to modify *** your PATH or compiler configuration so that the native linker is *** used, and then restart. _LT_EOF ;; *) # For security reasons, it is highly recommended that you always # use absolute paths for naming shared libraries, and exclude the # DT_RUNPATH tag from executables and libraries. But doing so # requires that you compile everything twice, which is a pain. if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' else ld_shlibs=no fi ;; esac ;; sunos4*) archive_cmds='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags' wlarc= hardcode_direct=yes hardcode_shlibpath_var=no ;; *) if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' else ld_shlibs=no fi ;; esac if test "$ld_shlibs" = no; then runpath_var= hardcode_libdir_flag_spec= export_dynamic_flag_spec= whole_archive_flag_spec= fi else # PORTME fill in a description of your system's linker (not GNU ld) case $host_os in aix3*) allow_undefined_flag=unsupported always_export_symbols=yes archive_expsym_cmds='$LD -o $output_objdir/$soname $libobjs $deplibs $linker_flags -bE:$export_symbols -T512 -H512 -bM:SRE~$AR $AR_FLAGS $lib $output_objdir/$soname' # Note: this linker hardcodes the directories in LIBPATH if there # are no directories specified by -L. hardcode_minus_L=yes if test "$GCC" = yes && test -z "$lt_prog_compiler_static"; then # Neither direct hardcoding nor static linking is supported with a # broken collect2. hardcode_direct=unsupported fi ;; aix[4-9]*) if test "$host_cpu" = ia64; then # On IA64, the linker does run time linking by default, so we don't # have to do anything special. aix_use_runtimelinking=no exp_sym_flag='-Bexport' no_entry_flag="" else # If we're using GNU nm, then we don't want the "-C" option. # -C means demangle to AIX nm, but means don't demangle with GNU nm # Also, AIX nm treats weak defined symbols like other global # defined symbols, whereas GNU nm marks them as "W". if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then export_symbols_cmds='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && (substr(\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' else export_symbols_cmds='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && (substr(\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' fi aix_use_runtimelinking=no # Test if we are trying to use run time linking or normal # AIX style linking. If -brtl is somewhere in LDFLAGS, we # need to do runtime linking. case $host_os in aix4.[23]|aix4.[23].*|aix[5-9]*) for ld_flag in $LDFLAGS; do if (test $ld_flag = "-brtl" || test $ld_flag = "-Wl,-brtl"); then aix_use_runtimelinking=yes break fi done ;; esac exp_sym_flag='-bexport' no_entry_flag='-bnoentry' fi # When large executables or shared objects are built, AIX ld can # have problems creating the table of contents. If linking a library # or program results in "error TOC overflow" add -mminimal-toc to # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS. archive_cmds='' hardcode_direct=yes hardcode_direct_absolute=yes hardcode_libdir_separator=':' link_all_deplibs=yes file_list_spec='${wl}-f,' if test "$GCC" = yes; then case $host_os in aix4.[012]|aix4.[012].*) # We only want to do this on AIX 4.2 and lower, the check # below for broken collect2 doesn't work under 4.3+ collect2name=`${CC} -print-prog-name=collect2` if test -f "$collect2name" && strings "$collect2name" | $GREP resolve_lib_name >/dev/null then # We have reworked collect2 : else # We have old collect2 hardcode_direct=unsupported # It fails to find uninstalled libraries when the uninstalled # path is not listed in the libpath. Setting hardcode_minus_L # to unsupported forces relinking hardcode_minus_L=yes hardcode_libdir_flag_spec='-L$libdir' hardcode_libdir_separator= fi ;; esac shared_flag='-shared' if test "$aix_use_runtimelinking" = yes; then shared_flag="$shared_flag "'${wl}-G' fi else # not using gcc if test "$host_cpu" = ia64; then # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release # chokes on -Wl,-G. The following line is correct: shared_flag='-G' else if test "$aix_use_runtimelinking" = yes; then shared_flag='${wl}-G' else shared_flag='${wl}-bM:SRE' fi fi fi export_dynamic_flag_spec='${wl}-bexpall' # It seems that -bexpall does not export symbols beginning with # underscore (_), so it is better to generate a list of symbols to export. always_export_symbols=yes if test "$aix_use_runtimelinking" = yes; then # Warning - without using the other runtime loading flags (-brtl), # -berok will link without error, but may produce a broken library. allow_undefined_flag='-berok' # Determine the default libpath from the value encoded in an # empty executable. if test "${lt_cv_aix_libpath+set}" = set; then aix_libpath=$lt_cv_aix_libpath else if ${lt_cv_aix_libpath_+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : lt_aix_libpath_sed=' /Import File Strings/,/^$/ { /^0/ { s/^0 *\([^ ]*\) *$/\1/ p } }' lt_cv_aix_libpath_=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` # Check for a 64-bit object if we didn't find anything. if test -z "$lt_cv_aix_libpath_"; then lt_cv_aix_libpath_=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` fi fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext if test -z "$lt_cv_aix_libpath_"; then lt_cv_aix_libpath_="/usr/lib:/lib" fi fi aix_libpath=$lt_cv_aix_libpath_ fi hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:'"$aix_libpath" archive_expsym_cmds='$CC -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then func_echo_all "${wl}${allow_undefined_flag}"; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag" else if test "$host_cpu" = ia64; then hardcode_libdir_flag_spec='${wl}-R $libdir:/usr/lib:/lib' allow_undefined_flag="-z nodefs" archive_expsym_cmds="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols" else # Determine the default libpath from the value encoded in an # empty executable. if test "${lt_cv_aix_libpath+set}" = set; then aix_libpath=$lt_cv_aix_libpath else if ${lt_cv_aix_libpath_+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : lt_aix_libpath_sed=' /Import File Strings/,/^$/ { /^0/ { s/^0 *\([^ ]*\) *$/\1/ p } }' lt_cv_aix_libpath_=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` # Check for a 64-bit object if we didn't find anything. if test -z "$lt_cv_aix_libpath_"; then lt_cv_aix_libpath_=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` fi fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext if test -z "$lt_cv_aix_libpath_"; then lt_cv_aix_libpath_="/usr/lib:/lib" fi fi aix_libpath=$lt_cv_aix_libpath_ fi hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:'"$aix_libpath" # Warning - without using the other run time loading flags, # -berok will link without error, but may produce a broken library. no_undefined_flag=' ${wl}-bernotok' allow_undefined_flag=' ${wl}-berok' if test "$with_gnu_ld" = yes; then # We only use this code for GNU lds that support --whole-archive. whole_archive_flag_spec='${wl}--whole-archive$convenience ${wl}--no-whole-archive' else # Exported symbols can be pulled into shared objects from archives whole_archive_flag_spec='$convenience' fi archive_cmds_need_lc=yes # This is similar to how AIX traditionally builds its shared libraries. archive_expsym_cmds="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname' fi fi ;; amigaos*) case $host_cpu in powerpc) # see comment about AmigaOS4 .so support archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' archive_expsym_cmds='' ;; m68k) archive_cmds='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)' hardcode_libdir_flag_spec='-L$libdir' hardcode_minus_L=yes ;; esac ;; bsdi[45]*) export_dynamic_flag_spec=-rdynamic ;; cygwin* | mingw* | pw32* | cegcc*) # When not using gcc, we currently assume that we are using # Microsoft Visual C++. # hardcode_libdir_flag_spec is actually meaningless, as there is # no search path for DLLs. case $cc_basename in cl*) # Native MSVC hardcode_libdir_flag_spec=' ' allow_undefined_flag=unsupported always_export_symbols=yes file_list_spec='@' # Tell ltmain to make .lib files, not .a files. libext=lib # Tell ltmain to make .dll files, not .so files. shrext_cmds=".dll" # FIXME: Setting linknames here is a bad hack. archive_cmds='$CC -o $output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-dll~linknames=' archive_expsym_cmds='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then sed -n -e 's/\\\\\\\(.*\\\\\\\)/-link\\\ -EXPORT:\\\\\\\1/' -e '1\\\!p' < $export_symbols > $output_objdir/$soname.exp; else sed -e 's/\\\\\\\(.*\\\\\\\)/-link\\\ -EXPORT:\\\\\\\1/' < $export_symbols > $output_objdir/$soname.exp; fi~ $CC -o $tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~ linknames=' # The linker will not automatically build a static lib if we build a DLL. # _LT_TAGVAR(old_archive_from_new_cmds, )='true' enable_shared_with_static_runtimes=yes exclude_expsyms='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*' export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS][ ]/s/.*[ ]\([^ ]*\)/\1,DATA/'\'' | $SED -e '\''/^[AITW][ ]/s/.*[ ]//'\'' | sort | uniq > $export_symbols' # Don't use ranlib old_postinstall_cmds='chmod 644 $oldlib' postlink_cmds='lt_outputfile="@OUTPUT@"~ lt_tool_outputfile="@TOOL_OUTPUT@"~ case $lt_outputfile in *.exe|*.EXE) ;; *) lt_outputfile="$lt_outputfile.exe" lt_tool_outputfile="$lt_tool_outputfile.exe" ;; esac~ if test "$MANIFEST_TOOL" != ":" && test -f "$lt_outputfile.manifest"; then $MANIFEST_TOOL -manifest "$lt_tool_outputfile.manifest" -outputresource:"$lt_tool_outputfile" || exit 1; $RM "$lt_outputfile.manifest"; fi' ;; *) # Assume MSVC wrapper hardcode_libdir_flag_spec=' ' allow_undefined_flag=unsupported # Tell ltmain to make .lib files, not .a files. libext=lib # Tell ltmain to make .dll files, not .so files. shrext_cmds=".dll" # FIXME: Setting linknames here is a bad hack. archive_cmds='$CC -o $lib $libobjs $compiler_flags `func_echo_all "$deplibs" | $SED '\''s/ -lc$//'\''` -link -dll~linknames=' # The linker will automatically build a .lib file if we build a DLL. old_archive_from_new_cmds='true' # FIXME: Should let the user specify the lib program. old_archive_cmds='lib -OUT:$oldlib$oldobjs$old_deplibs' enable_shared_with_static_runtimes=yes ;; esac ;; darwin* | rhapsody*) archive_cmds_need_lc=no hardcode_direct=no hardcode_automatic=yes hardcode_shlibpath_var=unsupported if test "$lt_cv_ld_force_load" = "yes"; then whole_archive_flag_spec='`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience ${wl}-force_load,$conv\"; done; func_echo_all \"$new_convenience\"`' else whole_archive_flag_spec='' fi link_all_deplibs=yes allow_undefined_flag="$_lt_dar_allow_undefined" case $cc_basename in ifort*) _lt_dar_can_shared=yes ;; *) _lt_dar_can_shared=$GCC ;; esac if test "$_lt_dar_can_shared" = "yes"; then output_verbose_link_cmd=func_echo_all archive_cmds="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod${_lt_dsymutil}" module_cmds="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dsymutil}" archive_expsym_cmds="sed 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring ${_lt_dar_single_mod}${_lt_dar_export_syms}${_lt_dsymutil}" module_expsym_cmds="sed -e 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dar_export_syms}${_lt_dsymutil}" else ld_shlibs=no fi ;; dgux*) archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' hardcode_libdir_flag_spec='-L$libdir' hardcode_shlibpath_var=no ;; # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor # support. Future versions do this automatically, but an explicit c++rt0.o # does not break anything, and helps significantly (at the cost of a little # extra space). freebsd2.2*) archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o' hardcode_libdir_flag_spec='-R$libdir' hardcode_direct=yes hardcode_shlibpath_var=no ;; # Unfortunately, older versions of FreeBSD 2 do not have this feature. freebsd2.*) archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' hardcode_direct=yes hardcode_minus_L=yes hardcode_shlibpath_var=no ;; # FreeBSD 3 and greater uses gcc -shared to do shared libraries. freebsd* | dragonfly*) archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' hardcode_libdir_flag_spec='-R$libdir' hardcode_direct=yes hardcode_shlibpath_var=no ;; hpux9*) if test "$GCC" = yes; then archive_cmds='$RM $output_objdir/$soname~$CC -shared $pic_flag ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' else archive_cmds='$RM $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' fi hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir' hardcode_libdir_separator=: hardcode_direct=yes # hardcode_minus_L: Not really in the search PATH, # but as the default location of the library. hardcode_minus_L=yes export_dynamic_flag_spec='${wl}-E' ;; hpux10*) if test "$GCC" = yes && test "$with_gnu_ld" = no; then archive_cmds='$CC -shared $pic_flag ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' else archive_cmds='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags' fi if test "$with_gnu_ld" = no; then hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir' hardcode_libdir_separator=: hardcode_direct=yes hardcode_direct_absolute=yes export_dynamic_flag_spec='${wl}-E' # hardcode_minus_L: Not really in the search PATH, # but as the default location of the library. hardcode_minus_L=yes fi ;; hpux11*) if test "$GCC" = yes && test "$with_gnu_ld" = no; then case $host_cpu in hppa*64*) archive_cmds='$CC -shared ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' ;; ia64*) archive_cmds='$CC -shared $pic_flag ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' ;; *) archive_cmds='$CC -shared $pic_flag ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' ;; esac else case $host_cpu in hppa*64*) archive_cmds='$CC -b ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' ;; ia64*) archive_cmds='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' ;; *) # Older versions of the 11.00 compiler do not understand -b yet # (HP92453-01 A.11.01.20 doesn't, HP92453-01 B.11.X.35175-35176.GP does) { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC understands -b" >&5 $as_echo_n "checking if $CC understands -b... " >&6; } if ${lt_cv_prog_compiler__b+:} false; then : $as_echo_n "(cached) " >&6 else lt_cv_prog_compiler__b=no save_LDFLAGS="$LDFLAGS" LDFLAGS="$LDFLAGS -b" echo "$lt_simple_link_test_code" > conftest.$ac_ext if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then # The linker can only warn and ignore the option if not recognized # So say no if there are warnings if test -s conftest.err; then # Append any errors to the config.log. cat conftest.err 1>&5 $ECHO "$_lt_linker_boilerplate" | $SED '/^$/d' > conftest.exp $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 if diff conftest.exp conftest.er2 >/dev/null; then lt_cv_prog_compiler__b=yes fi else lt_cv_prog_compiler__b=yes fi fi $RM -r conftest* LDFLAGS="$save_LDFLAGS" fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler__b" >&5 $as_echo "$lt_cv_prog_compiler__b" >&6; } if test x"$lt_cv_prog_compiler__b" = xyes; then archive_cmds='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' else archive_cmds='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags' fi ;; esac fi if test "$with_gnu_ld" = no; then hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir' hardcode_libdir_separator=: case $host_cpu in hppa*64*|ia64*) hardcode_direct=no hardcode_shlibpath_var=no ;; *) hardcode_direct=yes hardcode_direct_absolute=yes export_dynamic_flag_spec='${wl}-E' # hardcode_minus_L: Not really in the search PATH, # but as the default location of the library. hardcode_minus_L=yes ;; esac fi ;; irix5* | irix6* | nonstopux*) if test "$GCC" = yes; then archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' # Try to use the -exported_symbol ld option, if it does not # work, assume that -exports_file does not work either and # implicitly export all symbols. # This should be the same for all languages, so no per-tag cache variable. { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the $host_os linker accepts -exported_symbol" >&5 $as_echo_n "checking whether the $host_os linker accepts -exported_symbol... " >&6; } if ${lt_cv_irix_exported_symbol+:} false; then : $as_echo_n "(cached) " >&6 else save_LDFLAGS="$LDFLAGS" LDFLAGS="$LDFLAGS -shared ${wl}-exported_symbol ${wl}foo ${wl}-update_registry ${wl}/dev/null" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int foo (void) { return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : lt_cv_irix_exported_symbol=yes else lt_cv_irix_exported_symbol=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LDFLAGS="$save_LDFLAGS" fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_irix_exported_symbol" >&5 $as_echo "$lt_cv_irix_exported_symbol" >&6; } if test "$lt_cv_irix_exported_symbol" = yes; then archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations ${wl}-exports_file ${wl}$export_symbols -o $lib' fi else archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib' archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -exports_file $export_symbols -o $lib' fi archive_cmds_need_lc='no' hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' hardcode_libdir_separator=: inherit_rpath=yes link_all_deplibs=yes ;; netbsd*) if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out else archive_cmds='$LD -shared -o $lib $libobjs $deplibs $linker_flags' # ELF fi hardcode_libdir_flag_spec='-R$libdir' hardcode_direct=yes hardcode_shlibpath_var=no ;; newsos6) archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' hardcode_direct=yes hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' hardcode_libdir_separator=: hardcode_shlibpath_var=no ;; *nto* | *qnx*) ;; openbsd*) if test -f /usr/libexec/ld.so; then hardcode_direct=yes hardcode_shlibpath_var=no hardcode_direct_absolute=yes if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' archive_expsym_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-retain-symbols-file,$export_symbols' hardcode_libdir_flag_spec='${wl}-rpath,$libdir' export_dynamic_flag_spec='${wl}-E' else case $host_os in openbsd[01].* | openbsd2.[0-7] | openbsd2.[0-7].*) archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' hardcode_libdir_flag_spec='-R$libdir' ;; *) archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' hardcode_libdir_flag_spec='${wl}-rpath,$libdir' ;; esac fi else ld_shlibs=no fi ;; os2*) hardcode_libdir_flag_spec='-L$libdir' hardcode_minus_L=yes allow_undefined_flag=unsupported archive_cmds='$ECHO "LIBRARY $libname INITINSTANCE" > $output_objdir/$libname.def~$ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~echo DATA >> $output_objdir/$libname.def~echo " SINGLE NONSHARED" >> $output_objdir/$libname.def~echo EXPORTS >> $output_objdir/$libname.def~emxexp $libobjs >> $output_objdir/$libname.def~$CC -Zdll -Zcrtdll -o $lib $libobjs $deplibs $compiler_flags $output_objdir/$libname.def' old_archive_from_new_cmds='emximp -o $output_objdir/$libname.a $output_objdir/$libname.def' ;; osf3*) if test "$GCC" = yes; then allow_undefined_flag=' ${wl}-expect_unresolved ${wl}\*' archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' else allow_undefined_flag=' -expect_unresolved \*' archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib' fi archive_cmds_need_lc='no' hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' hardcode_libdir_separator=: ;; osf4* | osf5*) # as osf3* with the addition of -msym flag if test "$GCC" = yes; then allow_undefined_flag=' ${wl}-expect_unresolved ${wl}\*' archive_cmds='$CC -shared${allow_undefined_flag} $pic_flag $libobjs $deplibs $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' else allow_undefined_flag=' -expect_unresolved \*' archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags -msym -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib' archive_expsym_cmds='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; printf "%s\\n" "-hidden">> $lib.exp~ $CC -shared${allow_undefined_flag} ${wl}-input ${wl}$lib.exp $compiler_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && $ECHO "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib~$RM $lib.exp' # Both c and cxx compiler support -rpath directly hardcode_libdir_flag_spec='-rpath $libdir' fi archive_cmds_need_lc='no' hardcode_libdir_separator=: ;; solaris*) no_undefined_flag=' -z defs' if test "$GCC" = yes; then wlarc='${wl}' archive_cmds='$CC -shared $pic_flag ${wl}-z ${wl}text ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ $CC -shared $pic_flag ${wl}-z ${wl}text ${wl}-M ${wl}$lib.exp ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp' else case `$CC -V 2>&1` in *"Compilers 5.0"*) wlarc='' archive_cmds='$LD -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $linker_flags' archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ $LD -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$RM $lib.exp' ;; *) wlarc='${wl}' archive_cmds='$CC -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $compiler_flags' archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ $CC -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp' ;; esac fi hardcode_libdir_flag_spec='-R$libdir' hardcode_shlibpath_var=no case $host_os in solaris2.[0-5] | solaris2.[0-5].*) ;; *) # The compiler driver will combine and reorder linker options, # but understands `-z linker_flag'. GCC discards it without `$wl', # but is careful enough not to reorder. # Supported since Solaris 2.6 (maybe 2.5.1?) if test "$GCC" = yes; then whole_archive_flag_spec='${wl}-z ${wl}allextract$convenience ${wl}-z ${wl}defaultextract' else whole_archive_flag_spec='-z allextract$convenience -z defaultextract' fi ;; esac link_all_deplibs=yes ;; sunos4*) if test "x$host_vendor" = xsequent; then # Use $CC to link under sequent, because it throws in some extra .o # files that make .init and .fini sections work. archive_cmds='$CC -G ${wl}-h $soname -o $lib $libobjs $deplibs $compiler_flags' else archive_cmds='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags' fi hardcode_libdir_flag_spec='-L$libdir' hardcode_direct=yes hardcode_minus_L=yes hardcode_shlibpath_var=no ;; sysv4) case $host_vendor in sni) archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' hardcode_direct=yes # is this really true??? ;; siemens) ## LD is ld it makes a PLAMLIB ## CC just makes a GrossModule. archive_cmds='$LD -G -o $lib $libobjs $deplibs $linker_flags' reload_cmds='$CC -r -o $output$reload_objs' hardcode_direct=no ;; motorola) archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' hardcode_direct=no #Motorola manual says yes, but my tests say they lie ;; esac runpath_var='LD_RUN_PATH' hardcode_shlibpath_var=no ;; sysv4.3*) archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' hardcode_shlibpath_var=no export_dynamic_flag_spec='-Bexport' ;; sysv4*MP*) if test -d /usr/nec; then archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' hardcode_shlibpath_var=no runpath_var=LD_RUN_PATH hardcode_runpath_var=yes ld_shlibs=yes fi ;; sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7* | sco3.2v5.0.[024]*) no_undefined_flag='${wl}-z,text' archive_cmds_need_lc=no hardcode_shlibpath_var=no runpath_var='LD_RUN_PATH' if test "$GCC" = yes; then archive_cmds='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' archive_expsym_cmds='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' else archive_cmds='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' archive_expsym_cmds='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' fi ;; sysv5* | sco3.2v5* | sco5v6*) # Note: We can NOT use -z defs as we might desire, because we do not # link with -lc, and that would cause any symbols used from libc to # always be unresolved, which means just about no library would # ever link correctly. If we're not using GNU ld we use -z text # though, which does catch some bad symbols but isn't as heavy-handed # as -z defs. no_undefined_flag='${wl}-z,text' allow_undefined_flag='${wl}-z,nodefs' archive_cmds_need_lc=no hardcode_shlibpath_var=no hardcode_libdir_flag_spec='${wl}-R,$libdir' hardcode_libdir_separator=':' link_all_deplibs=yes export_dynamic_flag_spec='${wl}-Bexport' runpath_var='LD_RUN_PATH' if test "$GCC" = yes; then archive_cmds='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' archive_expsym_cmds='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' else archive_cmds='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' archive_expsym_cmds='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' fi ;; uts4*) archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' hardcode_libdir_flag_spec='-L$libdir' hardcode_shlibpath_var=no ;; *) ld_shlibs=no ;; esac if test x$host_vendor = xsni; then case $host in sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*) export_dynamic_flag_spec='${wl}-Blargedynsym' ;; esac fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ld_shlibs" >&5 $as_echo "$ld_shlibs" >&6; } test "$ld_shlibs" = no && can_build_shared=no with_gnu_ld=$with_gnu_ld # # Do we need to explicitly link libc? # case "x$archive_cmds_need_lc" in x|xyes) # Assume -lc should be added archive_cmds_need_lc=yes if test "$enable_shared" = yes && test "$GCC" = yes; then case $archive_cmds in *'~'*) # FIXME: we may have to deal with multi-command sequences. ;; '$CC '*) # Test whether the compiler implicitly links with -lc since on some # systems, -lgcc has to come before -lc. If gcc already passes -lc # to ld, don't add -lc before -lgcc. { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether -lc should be explicitly linked in" >&5 $as_echo_n "checking whether -lc should be explicitly linked in... " >&6; } if ${lt_cv_archive_cmds_need_lc+:} false; then : $as_echo_n "(cached) " >&6 else $RM conftest* echo "$lt_simple_compile_test_code" > conftest.$ac_ext if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 (eval $ac_compile) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } 2>conftest.err; then soname=conftest lib=conftest libobjs=conftest.$ac_objext deplibs= wl=$lt_prog_compiler_wl pic_flag=$lt_prog_compiler_pic compiler_flags=-v linker_flags=-v verstring= output_objdir=. libname=conftest lt_save_allow_undefined_flag=$allow_undefined_flag allow_undefined_flag= if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$archive_cmds 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1\""; } >&5 (eval $archive_cmds 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } then lt_cv_archive_cmds_need_lc=no else lt_cv_archive_cmds_need_lc=yes fi allow_undefined_flag=$lt_save_allow_undefined_flag else cat conftest.err 1>&5 fi $RM conftest* fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_archive_cmds_need_lc" >&5 $as_echo "$lt_cv_archive_cmds_need_lc" >&6; } archive_cmds_need_lc=$lt_cv_archive_cmds_need_lc ;; esac fi ;; esac { $as_echo "$as_me:${as_lineno-$LINENO}: checking dynamic linker characteristics" >&5 $as_echo_n "checking dynamic linker characteristics... " >&6; } if test "$GCC" = yes; then case $host_os in darwin*) lt_awk_arg="/^libraries:/,/LR/" ;; *) lt_awk_arg="/^libraries:/" ;; esac case $host_os in mingw* | cegcc*) lt_sed_strip_eq="s,=\([A-Za-z]:\),\1,g" ;; *) lt_sed_strip_eq="s,=/,/,g" ;; esac lt_search_path_spec=`$CC -print-search-dirs | awk $lt_awk_arg | $SED -e "s/^libraries://" -e $lt_sed_strip_eq` case $lt_search_path_spec in *\;*) # if the path contains ";" then we assume it to be the separator # otherwise default to the standard path separator (i.e. ":") - it is # assumed that no part of a normal pathname contains ";" but that should # okay in the real world where ";" in dirpaths is itself problematic. lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED 's/;/ /g'` ;; *) lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED "s/$PATH_SEPARATOR/ /g"` ;; esac # Ok, now we have the path, separated by spaces, we can step through it # and add multilib dir if necessary. lt_tmp_lt_search_path_spec= lt_multi_os_dir=`$CC $CPPFLAGS $CFLAGS $LDFLAGS -print-multi-os-directory 2>/dev/null` for lt_sys_path in $lt_search_path_spec; do if test -d "$lt_sys_path/$lt_multi_os_dir"; then lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path/$lt_multi_os_dir" else test -d "$lt_sys_path" && \ lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path" fi done lt_search_path_spec=`$ECHO "$lt_tmp_lt_search_path_spec" | awk ' BEGIN {RS=" "; FS="/|\n";} { lt_foo=""; lt_count=0; for (lt_i = NF; lt_i > 0; lt_i--) { if ($lt_i != "" && $lt_i != ".") { if ($lt_i == "..") { lt_count++; } else { if (lt_count == 0) { lt_foo="/" $lt_i lt_foo; } else { lt_count--; } } } } if (lt_foo != "") { lt_freq[lt_foo]++; } if (lt_freq[lt_foo] == 1) { print lt_foo; } }'` # AWK program above erroneously prepends '/' to C:/dos/paths # for these hosts. case $host_os in mingw* | cegcc*) lt_search_path_spec=`$ECHO "$lt_search_path_spec" |\ $SED 's,/\([A-Za-z]:\),\1,g'` ;; esac sys_lib_search_path_spec=`$ECHO "$lt_search_path_spec" | $lt_NL2SP` else sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib" fi library_names_spec= libname_spec='lib$name' soname_spec= shrext_cmds=".so" postinstall_cmds= postuninstall_cmds= finish_cmds= finish_eval= shlibpath_var= shlibpath_overrides_runpath=unknown version_type=none dynamic_linker="$host_os ld.so" sys_lib_dlsearch_path_spec="/lib /usr/lib" need_lib_prefix=unknown hardcode_into_libs=no # when you set need_version to no, make sure it does not cause -set_version # flags to be left without arguments need_version=unknown case $host_os in aix3*) version_type=linux # correct to gnu/linux during the next big refactor library_names_spec='${libname}${release}${shared_ext}$versuffix $libname.a' shlibpath_var=LIBPATH # AIX 3 has no versioning support, so we append a major version to the name. soname_spec='${libname}${release}${shared_ext}$major' ;; aix[4-9]*) version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no hardcode_into_libs=yes if test "$host_cpu" = ia64; then # AIX 5 supports IA64 library_names_spec='${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext}$versuffix $libname${shared_ext}' shlibpath_var=LD_LIBRARY_PATH else # With GCC up to 2.95.x, collect2 would create an import file # for dependence libraries. The import file would start with # the line `#! .'. This would cause the generated library to # depend on `.', always an invalid library. This was fixed in # development snapshots of GCC prior to 3.0. case $host_os in aix4 | aix4.[01] | aix4.[01].*) if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)' echo ' yes ' echo '#endif'; } | ${CC} -E - | $GREP yes > /dev/null; then : else can_build_shared=no fi ;; esac # AIX (on Power*) has no versioning support, so currently we can not hardcode correct # soname into executable. Probably we can add versioning support to # collect2, so additional links can be useful in future. if test "$aix_use_runtimelinking" = yes; then # If using run time linking (on AIX 4.2 or later) use lib.so # instead of lib.a to let people know that these are not # typical AIX shared libraries. library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' else # We preserve .a as extension for shared libraries through AIX4.2 # and later when we are not doing run time linking. library_names_spec='${libname}${release}.a $libname.a' soname_spec='${libname}${release}${shared_ext}$major' fi shlibpath_var=LIBPATH fi ;; amigaos*) case $host_cpu in powerpc) # Since July 2007 AmigaOS4 officially supports .so libraries. # When compiling the executable, add -use-dynld -Lsobjs: to the compileline. library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' ;; m68k) library_names_spec='$libname.ixlibrary $libname.a' # Create ${libname}_ixlibrary.a entries in /sys/libs. finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`func_echo_all "$lib" | $SED '\''s%^.*/\([^/]*\)\.ixlibrary$%\1%'\''`; test $RM /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done' ;; esac ;; beos*) library_names_spec='${libname}${shared_ext}' dynamic_linker="$host_os ld.so" shlibpath_var=LIBRARY_PATH ;; bsdi[45]*) version_type=linux # correct to gnu/linux during the next big refactor need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir' shlibpath_var=LD_LIBRARY_PATH sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib" sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib" # the default ld.so.conf also contains /usr/contrib/lib and # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow # libtool to hard-code these into programs ;; cygwin* | mingw* | pw32* | cegcc*) version_type=windows shrext_cmds=".dll" need_version=no need_lib_prefix=no case $GCC,$cc_basename in yes,*) # gcc library_names_spec='$libname.dll.a' # DLL is installed to $(libdir)/../bin by postinstall_cmds postinstall_cmds='base_file=`basename \${file}`~ dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i; echo \$dlname'\''`~ dldir=$destdir/`dirname \$dlpath`~ test -d \$dldir || mkdir -p \$dldir~ $install_prog $dir/$dlname \$dldir/$dlname~ chmod a+x \$dldir/$dlname~ if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then eval '\''$striplib \$dldir/$dlname'\'' || exit \$?; fi' postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~ dlpath=$dir/\$dldll~ $RM \$dlpath' shlibpath_overrides_runpath=yes case $host_os in cygwin*) # Cygwin DLLs use 'cyg' prefix rather than 'lib' soname_spec='`echo ${libname} | sed -e 's/^lib/cyg/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}' sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/lib/w32api" ;; mingw* | cegcc*) # MinGW DLLs use traditional 'lib' prefix soname_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}' ;; pw32*) # pw32 DLLs use 'pw' prefix rather than 'lib' library_names_spec='`echo ${libname} | sed -e 's/^lib/pw/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}' ;; esac dynamic_linker='Win32 ld.exe' ;; *,cl*) # Native MSVC libname_spec='$name' soname_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}' library_names_spec='${libname}.dll.lib' case $build_os in mingw*) sys_lib_search_path_spec= lt_save_ifs=$IFS IFS=';' for lt_path in $LIB do IFS=$lt_save_ifs # Let DOS variable expansion print the short 8.3 style file name. lt_path=`cd "$lt_path" 2>/dev/null && cmd //C "for %i in (".") do @echo %~si"` sys_lib_search_path_spec="$sys_lib_search_path_spec $lt_path" done IFS=$lt_save_ifs # Convert to MSYS style. sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | sed -e 's|\\\\|/|g' -e 's| \\([a-zA-Z]\\):| /\\1|g' -e 's|^ ||'` ;; cygwin*) # Convert to unix form, then to dos form, then back to unix form # but this time dos style (no spaces!) so that the unix form looks # like /cygdrive/c/PROGRA~1:/cygdr... sys_lib_search_path_spec=`cygpath --path --unix "$LIB"` sys_lib_search_path_spec=`cygpath --path --dos "$sys_lib_search_path_spec" 2>/dev/null` sys_lib_search_path_spec=`cygpath --path --unix "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` ;; *) sys_lib_search_path_spec="$LIB" if $ECHO "$sys_lib_search_path_spec" | $GREP ';[c-zC-Z]:/' >/dev/null; then # It is most probably a Windows format PATH. sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'` else sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` fi # FIXME: find the short name or the path components, as spaces are # common. (e.g. "Program Files" -> "PROGRA~1") ;; esac # DLL is installed to $(libdir)/../bin by postinstall_cmds postinstall_cmds='base_file=`basename \${file}`~ dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i; echo \$dlname'\''`~ dldir=$destdir/`dirname \$dlpath`~ test -d \$dldir || mkdir -p \$dldir~ $install_prog $dir/$dlname \$dldir/$dlname' postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~ dlpath=$dir/\$dldll~ $RM \$dlpath' shlibpath_overrides_runpath=yes dynamic_linker='Win32 link.exe' ;; *) # Assume MSVC wrapper library_names_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext} $libname.lib' dynamic_linker='Win32 ld.exe' ;; esac # FIXME: first we should search . and the directory the executable is in shlibpath_var=PATH ;; darwin* | rhapsody*) dynamic_linker="$host_os dyld" version_type=darwin need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${major}$shared_ext ${libname}$shared_ext' soname_spec='${libname}${release}${major}$shared_ext' shlibpath_overrides_runpath=yes shlibpath_var=DYLD_LIBRARY_PATH shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`' sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/local/lib" sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib' ;; dgux*) version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname$shared_ext' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH ;; freebsd* | dragonfly*) # DragonFly does not have aout. When/if they implement a new # versioning mechanism, adjust this. if test -x /usr/bin/objformat; then objformat=`/usr/bin/objformat` else case $host_os in freebsd[23].*) objformat=aout ;; *) objformat=elf ;; esac fi version_type=freebsd-$objformat case $version_type in freebsd-elf*) library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}' need_version=no need_lib_prefix=no ;; freebsd-*) library_names_spec='${libname}${release}${shared_ext}$versuffix $libname${shared_ext}$versuffix' need_version=yes ;; esac shlibpath_var=LD_LIBRARY_PATH case $host_os in freebsd2.*) shlibpath_overrides_runpath=yes ;; freebsd3.[01]* | freebsdelf3.[01]*) shlibpath_overrides_runpath=yes hardcode_into_libs=yes ;; freebsd3.[2-9]* | freebsdelf3.[2-9]* | \ freebsd4.[0-5] | freebsdelf4.[0-5] | freebsd4.1.1 | freebsdelf4.1.1) shlibpath_overrides_runpath=no hardcode_into_libs=yes ;; *) # from 4.6 on, and DragonFly shlibpath_overrides_runpath=yes hardcode_into_libs=yes ;; esac ;; gnu*) version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=no hardcode_into_libs=yes ;; haiku*) version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no dynamic_linker="$host_os runtime_loader" library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LIBRARY_PATH shlibpath_overrides_runpath=yes sys_lib_dlsearch_path_spec='/boot/home/config/lib /boot/common/lib /boot/system/lib' hardcode_into_libs=yes ;; hpux9* | hpux10* | hpux11*) # Give a soname corresponding to the major version so that dld.sl refuses to # link against other versions. version_type=sunos need_lib_prefix=no need_version=no case $host_cpu in ia64*) shrext_cmds='.so' hardcode_into_libs=yes dynamic_linker="$host_os dld.so" shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' if test "X$HPUX_IA64_MODE" = X32; then sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib" else sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64" fi sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec ;; hppa*64*) shrext_cmds='.sl' hardcode_into_libs=yes dynamic_linker="$host_os dld.sl" shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64" sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec ;; *) shrext_cmds='.sl' dynamic_linker="$host_os dld.sl" shlibpath_var=SHLIB_PATH shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' ;; esac # HP-UX runs *really* slowly unless shared libraries are mode 555, ... postinstall_cmds='chmod 555 $lib' # or fails outright, so override atomically: install_override_mode=555 ;; interix[3-9]*) version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=no hardcode_into_libs=yes ;; irix5* | irix6* | nonstopux*) case $host_os in nonstopux*) version_type=nonstopux ;; *) if test "$lt_cv_prog_gnu_ld" = yes; then version_type=linux # correct to gnu/linux during the next big refactor else version_type=irix fi ;; esac need_lib_prefix=no need_version=no soname_spec='${libname}${release}${shared_ext}$major' library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext} $libname${shared_ext}' case $host_os in irix5* | nonstopux*) libsuff= shlibsuff= ;; *) case $LD in # libtool.m4 will add one of these switches to LD *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ") libsuff= shlibsuff= libmagic=32-bit;; *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ") libsuff=32 shlibsuff=N32 libmagic=N32;; *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ") libsuff=64 shlibsuff=64 libmagic=64-bit;; *) libsuff= shlibsuff= libmagic=never-match;; esac ;; esac shlibpath_var=LD_LIBRARY${shlibsuff}_PATH shlibpath_overrides_runpath=no sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}" sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}" hardcode_into_libs=yes ;; # No shared lib support for Linux oldld, aout, or coff. linux*oldld* | linux*aout* | linux*coff*) dynamic_linker=no ;; # This must be glibc/ELF. linux* | k*bsd*-gnu | kopensolaris*-gnu) version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=no # Some binutils ld are patched to set DT_RUNPATH if ${lt_cv_shlibpath_overrides_runpath+:} false; then : $as_echo_n "(cached) " >&6 else lt_cv_shlibpath_overrides_runpath=no save_LDFLAGS=$LDFLAGS save_libdir=$libdir eval "libdir=/foo; wl=\"$lt_prog_compiler_wl\"; \ LDFLAGS=\"\$LDFLAGS $hardcode_libdir_flag_spec\"" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : if ($OBJDUMP -p conftest$ac_exeext) 2>/dev/null | grep "RUNPATH.*$libdir" >/dev/null; then : lt_cv_shlibpath_overrides_runpath=yes fi fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LDFLAGS=$save_LDFLAGS libdir=$save_libdir fi shlibpath_overrides_runpath=$lt_cv_shlibpath_overrides_runpath # This implies no fast_install, which is unacceptable. # Some rework will be needed to allow for fast_install # before this can be enabled. hardcode_into_libs=yes # Add ABI-specific directories to the system library path. sys_lib_dlsearch_path_spec="/lib64 /usr/lib64 /lib /usr/lib" # Append ld.so.conf contents to the search path if test -f /etc/ld.so.conf; then lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '` sys_lib_dlsearch_path_spec="$sys_lib_dlsearch_path_spec $lt_ld_extra" fi # We used to test for /lib/ld.so.1 and disable shared libraries on # powerpc, because MkLinux only supported shared libraries with the # GNU dynamic linker. Since this was broken with cross compilers, # most powerpc-linux boxes support dynamic linking these days and # people can always --disable-shared, the test was removed, and we # assume the GNU/Linux dynamic linker is in use. dynamic_linker='GNU/Linux ld.so' ;; netbsd*) version_type=sunos need_lib_prefix=no need_version=no if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' dynamic_linker='NetBSD (a.out) ld.so' else library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' dynamic_linker='NetBSD ld.elf_so' fi shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes hardcode_into_libs=yes ;; newsos6) version_type=linux # correct to gnu/linux during the next big refactor library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes ;; *nto* | *qnx*) version_type=qnx need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=no hardcode_into_libs=yes dynamic_linker='ldqnx.so' ;; openbsd*) version_type=sunos sys_lib_dlsearch_path_spec="/usr/lib" need_lib_prefix=no # Some older versions of OpenBSD (3.3 at least) *do* need versioned libs. case $host_os in openbsd3.3 | openbsd3.3.*) need_version=yes ;; *) need_version=no ;; esac library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' shlibpath_var=LD_LIBRARY_PATH if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then case $host_os in openbsd2.[89] | openbsd2.[89].*) shlibpath_overrides_runpath=no ;; *) shlibpath_overrides_runpath=yes ;; esac else shlibpath_overrides_runpath=yes fi ;; os2*) libname_spec='$name' shrext_cmds=".dll" need_lib_prefix=no library_names_spec='$libname${shared_ext} $libname.a' dynamic_linker='OS/2 ld.exe' shlibpath_var=LIBPATH ;; osf3* | osf4* | osf5*) version_type=osf need_lib_prefix=no need_version=no soname_spec='${libname}${release}${shared_ext}$major' library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' shlibpath_var=LD_LIBRARY_PATH sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib" sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec" ;; rdos*) dynamic_linker=no ;; solaris*) version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes hardcode_into_libs=yes # ldd complains unless libraries are executable postinstall_cmds='chmod +x $lib' ;; sunos4*) version_type=sunos library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes if test "$with_gnu_ld" = yes; then need_lib_prefix=no fi need_version=yes ;; sysv4 | sysv4.3*) version_type=linux # correct to gnu/linux during the next big refactor library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH case $host_vendor in sni) shlibpath_overrides_runpath=no need_lib_prefix=no runpath_var=LD_RUN_PATH ;; siemens) need_lib_prefix=no ;; motorola) need_lib_prefix=no need_version=no shlibpath_overrides_runpath=no sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib' ;; esac ;; sysv4*MP*) if test -d /usr/nec ;then version_type=linux # correct to gnu/linux during the next big refactor library_names_spec='$libname${shared_ext}.$versuffix $libname${shared_ext}.$major $libname${shared_ext}' soname_spec='$libname${shared_ext}.$major' shlibpath_var=LD_LIBRARY_PATH fi ;; sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) version_type=freebsd-elf need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes hardcode_into_libs=yes if test "$with_gnu_ld" = yes; then sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib' else sys_lib_search_path_spec='/usr/ccs/lib /usr/lib' case $host_os in sco3.2v5*) sys_lib_search_path_spec="$sys_lib_search_path_spec /lib" ;; esac fi sys_lib_dlsearch_path_spec='/usr/lib' ;; tpf*) # TPF is a cross-target only. Preferred cross-host = GNU/Linux. version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=no hardcode_into_libs=yes ;; uts4*) version_type=linux # correct to gnu/linux during the next big refactor library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH ;; *) dynamic_linker=no ;; esac { $as_echo "$as_me:${as_lineno-$LINENO}: result: $dynamic_linker" >&5 $as_echo "$dynamic_linker" >&6; } test "$dynamic_linker" = no && can_build_shared=no variables_saved_for_relink="PATH $shlibpath_var $runpath_var" if test "$GCC" = yes; then variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH" fi if test "${lt_cv_sys_lib_search_path_spec+set}" = set; then sys_lib_search_path_spec="$lt_cv_sys_lib_search_path_spec" fi if test "${lt_cv_sys_lib_dlsearch_path_spec+set}" = set; then sys_lib_dlsearch_path_spec="$lt_cv_sys_lib_dlsearch_path_spec" fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to hardcode library paths into programs" >&5 $as_echo_n "checking how to hardcode library paths into programs... " >&6; } hardcode_action= if test -n "$hardcode_libdir_flag_spec" || test -n "$runpath_var" || test "X$hardcode_automatic" = "Xyes" ; then # We can hardcode non-existent directories. if test "$hardcode_direct" != no && # If the only mechanism to avoid hardcoding is shlibpath_var, we # have to relink, otherwise we might link with an installed library # when we should be linking with a yet-to-be-installed one ## test "$_LT_TAGVAR(hardcode_shlibpath_var, )" != no && test "$hardcode_minus_L" != no; then # Linking always hardcodes the temporary library directory. hardcode_action=relink else # We can link without hardcoding, and we can hardcode nonexisting dirs. hardcode_action=immediate fi else # We cannot hardcode anything, or else we can only hardcode existing # directories. hardcode_action=unsupported fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $hardcode_action" >&5 $as_echo "$hardcode_action" >&6; } if test "$hardcode_action" = relink || test "$inherit_rpath" = yes; then # Fast installation is not supported enable_fast_install=no elif test "$shlibpath_overrides_runpath" = yes || test "$enable_shared" = no; then # Fast installation is not necessary enable_fast_install=needless fi if test "x$enable_dlopen" != xyes; then enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown else lt_cv_dlopen=no lt_cv_dlopen_libs= case $host_os in beos*) lt_cv_dlopen="load_add_on" lt_cv_dlopen_libs= lt_cv_dlopen_self=yes ;; mingw* | pw32* | cegcc*) lt_cv_dlopen="LoadLibrary" lt_cv_dlopen_libs= ;; cygwin*) lt_cv_dlopen="dlopen" lt_cv_dlopen_libs= ;; darwin*) # if libdl is installed we need to link against it { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5 $as_echo_n "checking for dlopen in -ldl... " >&6; } if ${ac_cv_lib_dl_dlopen+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-ldl $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char dlopen (); int main () { return dlopen (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_dl_dlopen=yes else ac_cv_lib_dl_dlopen=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5 $as_echo "$ac_cv_lib_dl_dlopen" >&6; } if test "x$ac_cv_lib_dl_dlopen" = xyes; then : lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl" else lt_cv_dlopen="dyld" lt_cv_dlopen_libs= lt_cv_dlopen_self=yes fi ;; *) ac_fn_c_check_func "$LINENO" "shl_load" "ac_cv_func_shl_load" if test "x$ac_cv_func_shl_load" = xyes; then : lt_cv_dlopen="shl_load" else { $as_echo "$as_me:${as_lineno-$LINENO}: checking for shl_load in -ldld" >&5 $as_echo_n "checking for shl_load in -ldld... " >&6; } if ${ac_cv_lib_dld_shl_load+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-ldld $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char shl_load (); int main () { return shl_load (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_dld_shl_load=yes else ac_cv_lib_dld_shl_load=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_shl_load" >&5 $as_echo "$ac_cv_lib_dld_shl_load" >&6; } if test "x$ac_cv_lib_dld_shl_load" = xyes; then : lt_cv_dlopen="shl_load" lt_cv_dlopen_libs="-ldld" else ac_fn_c_check_func "$LINENO" "dlopen" "ac_cv_func_dlopen" if test "x$ac_cv_func_dlopen" = xyes; then : lt_cv_dlopen="dlopen" else { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5 $as_echo_n "checking for dlopen in -ldl... " >&6; } if ${ac_cv_lib_dl_dlopen+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-ldl $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char dlopen (); int main () { return dlopen (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_dl_dlopen=yes else ac_cv_lib_dl_dlopen=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5 $as_echo "$ac_cv_lib_dl_dlopen" >&6; } if test "x$ac_cv_lib_dl_dlopen" = xyes; then : lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl" else { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -lsvld" >&5 $as_echo_n "checking for dlopen in -lsvld... " >&6; } if ${ac_cv_lib_svld_dlopen+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lsvld $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char dlopen (); int main () { return dlopen (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_svld_dlopen=yes else ac_cv_lib_svld_dlopen=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_svld_dlopen" >&5 $as_echo "$ac_cv_lib_svld_dlopen" >&6; } if test "x$ac_cv_lib_svld_dlopen" = xyes; then : lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-lsvld" else { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dld_link in -ldld" >&5 $as_echo_n "checking for dld_link in -ldld... " >&6; } if ${ac_cv_lib_dld_dld_link+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-ldld $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char dld_link (); int main () { return dld_link (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_dld_dld_link=yes else ac_cv_lib_dld_dld_link=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_dld_link" >&5 $as_echo "$ac_cv_lib_dld_dld_link" >&6; } if test "x$ac_cv_lib_dld_dld_link" = xyes; then : lt_cv_dlopen="dld_link" lt_cv_dlopen_libs="-ldld" fi fi fi fi fi fi ;; esac if test "x$lt_cv_dlopen" != xno; then enable_dlopen=yes else enable_dlopen=no fi case $lt_cv_dlopen in dlopen) save_CPPFLAGS="$CPPFLAGS" test "x$ac_cv_header_dlfcn_h" = xyes && CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H" save_LDFLAGS="$LDFLAGS" wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $export_dynamic_flag_spec\" save_LIBS="$LIBS" LIBS="$lt_cv_dlopen_libs $LIBS" { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether a program can dlopen itself" >&5 $as_echo_n "checking whether a program can dlopen itself... " >&6; } if ${lt_cv_dlopen_self+:} false; then : $as_echo_n "(cached) " >&6 else if test "$cross_compiling" = yes; then : lt_cv_dlopen_self=cross else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<_LT_EOF #line $LINENO "configure" #include "confdefs.h" #if HAVE_DLFCN_H #include #endif #include #ifdef RTLD_GLOBAL # define LT_DLGLOBAL RTLD_GLOBAL #else # ifdef DL_GLOBAL # define LT_DLGLOBAL DL_GLOBAL # else # define LT_DLGLOBAL 0 # endif #endif /* We may have to define LT_DLLAZY_OR_NOW in the command line if we find out it does not work in some platform. */ #ifndef LT_DLLAZY_OR_NOW # ifdef RTLD_LAZY # define LT_DLLAZY_OR_NOW RTLD_LAZY # else # ifdef DL_LAZY # define LT_DLLAZY_OR_NOW DL_LAZY # else # ifdef RTLD_NOW # define LT_DLLAZY_OR_NOW RTLD_NOW # else # ifdef DL_NOW # define LT_DLLAZY_OR_NOW DL_NOW # else # define LT_DLLAZY_OR_NOW 0 # endif # endif # endif # endif #endif /* When -fvisbility=hidden is used, assume the code has been annotated correspondingly for the symbols needed. */ #if defined(__GNUC__) && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3)) int fnord () __attribute__((visibility("default"))); #endif int fnord () { return 42; } int main () { void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW); int status = $lt_dlunknown; if (self) { if (dlsym (self,"fnord")) status = $lt_dlno_uscore; else { if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore; else puts (dlerror ()); } /* dlclose (self); */ } else puts (dlerror ()); return status; } _LT_EOF if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5 (eval $ac_link) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } && test -s conftest${ac_exeext} 2>/dev/null; then (./conftest; exit; ) >&5 2>/dev/null lt_status=$? case x$lt_status in x$lt_dlno_uscore) lt_cv_dlopen_self=yes ;; x$lt_dlneed_uscore) lt_cv_dlopen_self=yes ;; x$lt_dlunknown|x*) lt_cv_dlopen_self=no ;; esac else : # compilation failed lt_cv_dlopen_self=no fi fi rm -fr conftest* fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self" >&5 $as_echo "$lt_cv_dlopen_self" >&6; } if test "x$lt_cv_dlopen_self" = xyes; then wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $lt_prog_compiler_static\" { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether a statically linked program can dlopen itself" >&5 $as_echo_n "checking whether a statically linked program can dlopen itself... " >&6; } if ${lt_cv_dlopen_self_static+:} false; then : $as_echo_n "(cached) " >&6 else if test "$cross_compiling" = yes; then : lt_cv_dlopen_self_static=cross else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<_LT_EOF #line $LINENO "configure" #include "confdefs.h" #if HAVE_DLFCN_H #include #endif #include #ifdef RTLD_GLOBAL # define LT_DLGLOBAL RTLD_GLOBAL #else # ifdef DL_GLOBAL # define LT_DLGLOBAL DL_GLOBAL # else # define LT_DLGLOBAL 0 # endif #endif /* We may have to define LT_DLLAZY_OR_NOW in the command line if we find out it does not work in some platform. */ #ifndef LT_DLLAZY_OR_NOW # ifdef RTLD_LAZY # define LT_DLLAZY_OR_NOW RTLD_LAZY # else # ifdef DL_LAZY # define LT_DLLAZY_OR_NOW DL_LAZY # else # ifdef RTLD_NOW # define LT_DLLAZY_OR_NOW RTLD_NOW # else # ifdef DL_NOW # define LT_DLLAZY_OR_NOW DL_NOW # else # define LT_DLLAZY_OR_NOW 0 # endif # endif # endif # endif #endif /* When -fvisbility=hidden is used, assume the code has been annotated correspondingly for the symbols needed. */ #if defined(__GNUC__) && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3)) int fnord () __attribute__((visibility("default"))); #endif int fnord () { return 42; } int main () { void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW); int status = $lt_dlunknown; if (self) { if (dlsym (self,"fnord")) status = $lt_dlno_uscore; else { if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore; else puts (dlerror ()); } /* dlclose (self); */ } else puts (dlerror ()); return status; } _LT_EOF if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5 (eval $ac_link) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } && test -s conftest${ac_exeext} 2>/dev/null; then (./conftest; exit; ) >&5 2>/dev/null lt_status=$? case x$lt_status in x$lt_dlno_uscore) lt_cv_dlopen_self_static=yes ;; x$lt_dlneed_uscore) lt_cv_dlopen_self_static=yes ;; x$lt_dlunknown|x*) lt_cv_dlopen_self_static=no ;; esac else : # compilation failed lt_cv_dlopen_self_static=no fi fi rm -fr conftest* fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self_static" >&5 $as_echo "$lt_cv_dlopen_self_static" >&6; } fi CPPFLAGS="$save_CPPFLAGS" LDFLAGS="$save_LDFLAGS" LIBS="$save_LIBS" ;; esac case $lt_cv_dlopen_self in yes|no) enable_dlopen_self=$lt_cv_dlopen_self ;; *) enable_dlopen_self=unknown ;; esac case $lt_cv_dlopen_self_static in yes|no) enable_dlopen_self_static=$lt_cv_dlopen_self_static ;; *) enable_dlopen_self_static=unknown ;; esac fi striplib= old_striplib= { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether stripping libraries is possible" >&5 $as_echo_n "checking whether stripping libraries is possible... " >&6; } if test -n "$STRIP" && $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then test -z "$old_striplib" && old_striplib="$STRIP --strip-debug" test -z "$striplib" && striplib="$STRIP --strip-unneeded" { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else # FIXME - insert some real tests, host_os isn't really good enough case $host_os in darwin*) if test -n "$STRIP" ; then striplib="$STRIP -x" old_striplib="$STRIP -S" { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi ;; *) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } ;; esac fi # Report which library types will actually be built { $as_echo "$as_me:${as_lineno-$LINENO}: checking if libtool supports shared libraries" >&5 $as_echo_n "checking if libtool supports shared libraries... " >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: result: $can_build_shared" >&5 $as_echo "$can_build_shared" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build shared libraries" >&5 $as_echo_n "checking whether to build shared libraries... " >&6; } test "$can_build_shared" = "no" && enable_shared=no # On AIX, shared libraries and static libraries use the same namespace, and # are all built from PIC. case $host_os in aix3*) test "$enable_shared" = yes && enable_static=no if test -n "$RANLIB"; then archive_cmds="$archive_cmds~\$RANLIB \$lib" postinstall_cmds='$RANLIB $lib' fi ;; aix[4-9]*) if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then test "$enable_shared" = yes && enable_static=no fi ;; esac { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_shared" >&5 $as_echo "$enable_shared" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build static libraries" >&5 $as_echo_n "checking whether to build static libraries... " >&6; } # Make sure either enable_shared or enable_static is yes. test "$enable_shared" = yes || enable_static=yes { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_static" >&5 $as_echo "$enable_static" >&6; } fi ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu CC="$lt_save_CC" ac_config_commands="$ac_config_commands libtool" # Only expand once: PACKAGE_VERSION2=${PACKAGE_VERSION%.*} MAJOR_VERSION=${PACKAGE_VERSION2%%.*} MINOR_VERSION=${PACKAGE_VERSION2##*.} MICRO_VERSION=${PACKAGE_VERSION##*.} AGE_VERSION=0 PACKAGE_DEPS="globus-gssapi-gsi >= 9, globus-gss-assist >= 8, globus-gsi-sysconfig >= 5, globus-gsi-cert-utils >= 8, globus-gsi-proxy-core >= 6, globus-gsi-credential >= 5, globus-gsi-callback >= 4, globus-common >= 14" MYPROXY_DATE="Jan 2024" if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args. set dummy ${ac_tool_prefix}pkg-config; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_PKG_CONFIG+:} false; then : $as_echo_n "(cached) " >&6 else case $PKG_CONFIG in [\\/]* | ?:[\\/]*) ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi PKG_CONFIG=$ac_cv_path_PKG_CONFIG if test -n "$PKG_CONFIG"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PKG_CONFIG" >&5 $as_echo "$PKG_CONFIG" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_path_PKG_CONFIG"; then ac_pt_PKG_CONFIG=$PKG_CONFIG # Extract the first word of "pkg-config", so it can be a program name with args. set dummy pkg-config; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_ac_pt_PKG_CONFIG+:} false; then : $as_echo_n "(cached) " >&6 else case $ac_pt_PKG_CONFIG in [\\/]* | ?:[\\/]*) ac_cv_path_ac_pt_PKG_CONFIG="$ac_pt_PKG_CONFIG" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_ac_pt_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi ac_pt_PKG_CONFIG=$ac_cv_path_ac_pt_PKG_CONFIG if test -n "$ac_pt_PKG_CONFIG"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKG_CONFIG" >&5 $as_echo "$ac_pt_PKG_CONFIG" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_pt_PKG_CONFIG" = x; then PKG_CONFIG="" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac PKG_CONFIG=$ac_pt_PKG_CONFIG fi else PKG_CONFIG="$ac_cv_path_PKG_CONFIG" fi fi if test -n "$PKG_CONFIG"; then _pkg_min_version=0.9.0 { $as_echo "$as_me:${as_lineno-$LINENO}: checking pkg-config is at least version $_pkg_min_version" >&5 $as_echo_n "checking pkg-config is at least version $_pkg_min_version... " >&6; } if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } PKG_CONFIG="" fi fi if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"globus-proxy-utils\""; } >&5 ($PKG_CONFIG --exists --print-errors "globus-proxy-utils") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then GSI_PROXY_UTILS_PATH="$($PKG_CONFIG --variable=path globus-proxy-utils)" fi if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"globus-gsi-cert-utils\""; } >&5 ($PKG_CONFIG --exists --print-errors "globus-gsi-cert-utils") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then GSI_CERT_UTILS_PATH="$($PKG_CONFIG --variable=path globus-gsi-cert-utils)" fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ln -s works" >&5 $as_echo_n "checking whether ln -s works... " >&6; } LN_S=$as_ln_s if test "$LN_S" = "ln -s"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no, using $LN_S" >&5 $as_echo "no, using $LN_S" >&6; } fi for ac_header in regex.h regexpr.h do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF fi done { $as_echo "$as_me:${as_lineno-$LINENO}: checking for working regcomp" >&5 $as_echo_n "checking for working regcomp... " >&6; } if ${ac_cv_func_regcomp+:} false; then : $as_echo_n "(cached) " >&6 else if test "$cross_compiling" = yes; then : ac_cv_func_regcomp=no else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include regex_t x; regmatch_t m; int main() { return regcomp(&x,"pat.*",0) || regexec(&x,"pattern",1,&m,0); } _ACEOF if ac_fn_c_try_run "$LINENO"; then : ac_cv_func_regcomp=yes else ac_cv_func_regcomp=no fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_regcomp" >&5 $as_echo "$ac_cv_func_regcomp" >&6; } save_LIBS=$LIBS LIBS=-lgen for ac_func in compile step do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" if eval test \"x\$"$as_ac_var"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF have_func_compile=yes fi done LIBS=$save_LIBS if test "$ac_cv_func_regcomp" = yes ; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: Using re_comp for regular expression matching" >&5 $as_echo "Using re_comp for regular expression matching" >&6; } $as_echo "#define HAVE_REGCOMP 1" >>confdefs.h elif test "$have_func_compile" = yes ; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: Using compile/step for regular expression matching" >&5 $as_echo "Using compile/step for regular expression matching" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: checking for compile in -lgen" >&5 $as_echo_n "checking for compile in -lgen... " >&6; } if ${ac_cv_lib_gen_compile+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lgen $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char compile (); int main () { return compile (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_gen_compile=yes else ac_cv_lib_gen_compile=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gen_compile" >&5 $as_echo "$ac_cv_lib_gen_compile" >&6; } if test "x$ac_cv_lib_gen_compile" = xyes; then : SERVERLIBS="$SERVERLIBS -lgen" fi else as_fn_error $? "No support for regular expression matching" "$LINENO" 5 fi for ac_func in setenv do : ac_fn_c_check_func "$LINENO" "setenv" "ac_cv_func_setenv" if test "x$ac_cv_func_setenv" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_SETENV 1 _ACEOF fi done for ac_func in unsetenv do : ac_fn_c_check_func "$LINENO" "unsetenv" "ac_cv_func_unsetenv" if test "x$ac_cv_func_unsetenv" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_UNSETENV 1 _ACEOF fi done for ac_header in getopt.h do : ac_fn_c_check_header_mongrel "$LINENO" "getopt.h" "ac_cv_header_getopt_h" "$ac_includes_default" if test "x$ac_cv_header_getopt_h" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_GETOPT_H 1 _ACEOF fi done for ac_func in getopt_long do : ac_fn_c_check_func "$LINENO" "getopt_long" "ac_cv_func_getopt_long" if test "x$ac_cv_func_getopt_long" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_GETOPT_LONG 1 _ACEOF fi done for ac_header in sys/socket.h do : ac_fn_c_check_header_mongrel "$LINENO" "sys/socket.h" "ac_cv_header_sys_socket_h" "$ac_includes_default" if test "x$ac_cv_header_sys_socket_h" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_SYS_SOCKET_H 1 _ACEOF fi done ac_fn_c_check_type "$LINENO" "socklen_t" "ac_cv_type_socklen_t" "$ac_includes_default #if HAVE_SYS_SOCKET_H #include #endif " if test "x$ac_cv_type_socklen_t" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_SOCKLEN_T 1 _ACEOF fi ac_fn_c_check_decl "$LINENO" "facilitynames" "ac_cv_have_decl_facilitynames" " #define SYSLOG_NAMES #include #include " if test "x$ac_cv_have_decl_facilitynames" = xyes; then : ac_have_decl=1 else ac_have_decl=0 fi cat >>confdefs.h <<_ACEOF #define HAVE_DECL_FACILITYNAMES $ac_have_decl _ACEOF uname=`(uname) 2>/dev/null` if test "$uname" != IRIX -a "$uname" != IRIX64 ; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for socket in -lsocket" >&5 $as_echo_n "checking for socket in -lsocket... " >&6; } if ${ac_cv_lib_socket_socket+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lsocket -lnsl $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char socket (); int main () { return socket (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_socket_socket=yes else ac_cv_lib_socket_socket=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_socket_socket" >&5 $as_echo "$ac_cv_lib_socket_socket" >&6; } if test "x$ac_cv_lib_socket_socket" = xyes; then : SYSLIBS="$SYSLIBS -lsocket" fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for t_bind in -lnsl" >&5 $as_echo_n "checking for t_bind in -lnsl... " >&6; } if ${ac_cv_lib_nsl_t_bind+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lnsl $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char t_bind (); int main () { return t_bind (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_nsl_t_bind=yes else ac_cv_lib_nsl_t_bind=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nsl_t_bind" >&5 $as_echo "$ac_cv_lib_nsl_t_bind" >&6; } if test "x$ac_cv_lib_nsl_t_bind" = xyes; then : SYSLIBS="$SYSLIBS -lnsl" fi fi if test "x$PKG_CONFIG_PATH" = "x" -a "x$GLOBUS_LOCATION" != "x" ; then PKG_CONFIG_PATH=$GLOBUS_LOCATION/lib/pkgconfig export PKG_CONFIG_PATH fi pkg_failed=no { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GLOBUS" >&5 $as_echo_n "checking for GLOBUS... " >&6; } if test -n "$GLOBUS_CFLAGS"; then pkg_cv_GLOBUS_CFLAGS="$GLOBUS_CFLAGS" elif test -n "$PKG_CONFIG"; then if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"\$PACKAGE_DEPS\""; } >&5 ($PKG_CONFIG --exists --print-errors "$PACKAGE_DEPS") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then pkg_cv_GLOBUS_CFLAGS=`$PKG_CONFIG --cflags "$PACKAGE_DEPS" 2>/dev/null` test "x$?" != "x0" && pkg_failed=yes else pkg_failed=yes fi else pkg_failed=untried fi if test -n "$GLOBUS_LIBS"; then pkg_cv_GLOBUS_LIBS="$GLOBUS_LIBS" elif test -n "$PKG_CONFIG"; then if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"\$PACKAGE_DEPS\""; } >&5 ($PKG_CONFIG --exists --print-errors "$PACKAGE_DEPS") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then pkg_cv_GLOBUS_LIBS=`$PKG_CONFIG --libs "$PACKAGE_DEPS" 2>/dev/null` test "x$?" != "x0" && pkg_failed=yes else pkg_failed=yes fi else pkg_failed=untried fi if test $pkg_failed = yes; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then _pkg_short_errors_supported=yes else _pkg_short_errors_supported=no fi if test $_pkg_short_errors_supported = yes; then GLOBUS_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "$PACKAGE_DEPS" 2>&1` else GLOBUS_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "$PACKAGE_DEPS" 2>&1` fi # Put the nasty error message in config.log where it belongs echo "$GLOBUS_PKG_ERRORS" >&5 as_fn_error $? "GLOBUS_PKG_ERRORS" "$LINENO" 5 elif test $pkg_failed = untried; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } as_fn_error $? "GLOBUS_PKG_ERRORS" "$LINENO" 5 else GLOBUS_CFLAGS=$pkg_cv_GLOBUS_CFLAGS GLOBUS_LIBS=$pkg_cv_GLOBUS_LIBS { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } fi pkg_failed=no { $as_echo "$as_me:${as_lineno-$LINENO}: checking for OPENSSL" >&5 $as_echo_n "checking for OPENSSL... " >&6; } if test -n "$OPENSSL_CFLAGS"; then pkg_cv_OPENSSL_CFLAGS="$OPENSSL_CFLAGS" elif test -n "$PKG_CONFIG"; then if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"openssl >= 1.0\""; } >&5 ($PKG_CONFIG --exists --print-errors "openssl >= 1.0") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then pkg_cv_OPENSSL_CFLAGS=`$PKG_CONFIG --cflags "openssl >= 1.0" 2>/dev/null` test "x$?" != "x0" && pkg_failed=yes else pkg_failed=yes fi else pkg_failed=untried fi if test -n "$OPENSSL_LIBS"; then pkg_cv_OPENSSL_LIBS="$OPENSSL_LIBS" elif test -n "$PKG_CONFIG"; then if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"openssl >= 1.0\""; } >&5 ($PKG_CONFIG --exists --print-errors "openssl >= 1.0") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then pkg_cv_OPENSSL_LIBS=`$PKG_CONFIG --libs "openssl >= 1.0" 2>/dev/null` test "x$?" != "x0" && pkg_failed=yes else pkg_failed=yes fi else pkg_failed=untried fi if test $pkg_failed = yes; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then _pkg_short_errors_supported=yes else _pkg_short_errors_supported=no fi if test $_pkg_short_errors_supported = yes; then OPENSSL_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "openssl >= 1.0" 2>&1` else OPENSSL_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "openssl >= 1.0" 2>&1` fi # Put the nasty error message in config.log where it belongs echo "$OPENSSL_PKG_ERRORS" >&5 as_fn_error $? "Package requirements (openssl >= 1.0) were not met: $OPENSSL_PKG_ERRORS Consider adjusting the PKG_CONFIG_PATH environment variable if you installed software in a non-standard prefix. Alternatively, you may set the environment variables OPENSSL_CFLAGS and OPENSSL_LIBS to avoid the need to call pkg-config. See the pkg-config man page for more details." "$LINENO" 5 elif test $pkg_failed = untried; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "The pkg-config script could not be found or is too old. Make sure it is in your PATH or set the PKG_CONFIG environment variable to the full path to pkg-config. Alternatively, you may set the environment variables OPENSSL_CFLAGS and OPENSSL_LIBS to avoid the need to call pkg-config. See the pkg-config man page for more details. To get pkg-config, see . See \`config.log' for more details" "$LINENO" 5; } else OPENSSL_CFLAGS=$pkg_cv_OPENSSL_CFLAGS OPENSSL_LIBS=$pkg_cv_OPENSSL_LIBS { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } OPENSSL_PKGCONFIG="openssl >= 1.0" fi CPPFLAGS="$OPENSSL_CFLAGS $CPPFLAGS" LIBS="$OPENSSL_LIBS $LIBS" for ac_prog in openssl do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_OPENSSL+:} false; then : $as_echo_n "(cached) " >&6 else case $OPENSSL in [\\/]* | ?:[\\/]*) ac_cv_path_OPENSSL="$OPENSSL" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_OPENSSL="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi OPENSSL=$ac_cv_path_OPENSSL if test -n "$OPENSSL"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OPENSSL" >&5 $as_echo "$OPENSSL" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi test -n "$OPENSSL" && break done if test "x$OPENSSL" != x; then ENABLE_TESTS_TRUE= ENABLE_TESTS_FALSE='#' else ENABLE_TESTS_TRUE='#' ENABLE_TESTS_FALSE= fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for globus_gsi_proxy_handle_set_extensions in -lglobus_gsi_proxy_core" >&5 $as_echo_n "checking for globus_gsi_proxy_handle_set_extensions in -lglobus_gsi_proxy_core... " >&6; } if ${ac_cv_lib_globus_gsi_proxy_core_globus_gsi_proxy_handle_set_extensions+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lglobus_gsi_proxy_core $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char globus_gsi_proxy_handle_set_extensions (); int main () { return globus_gsi_proxy_handle_set_extensions (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_globus_gsi_proxy_core_globus_gsi_proxy_handle_set_extensions=yes else ac_cv_lib_globus_gsi_proxy_core_globus_gsi_proxy_handle_set_extensions=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_globus_gsi_proxy_core_globus_gsi_proxy_handle_set_extensions" >&5 $as_echo "$ac_cv_lib_globus_gsi_proxy_core_globus_gsi_proxy_handle_set_extensions" >&6; } if test "x$ac_cv_lib_globus_gsi_proxy_core_globus_gsi_proxy_handle_set_extensions" = xyes; then : $as_echo "#define HAVE_GLOBUS_GSI_PROXY_HANDLE_SET_EXTENSIONS 1" >>confdefs.h fi ac_fn_c_check_func "$LINENO" "OCSP_basic_verify" "ac_cv_func_OCSP_basic_verify" if test "x$ac_cv_func_OCSP_basic_verify" = xyes; then : $as_echo "#define HAVE_OCSP 1" >>confdefs.h fi # Check whether --with-sasl2 was given. if test "${with_sasl2+set}" = set; then : withval=$with_sasl2; if test "x$withval" = "xyes" ; then as_fn_error $? "--with-sasl2 requires PATH argument" "$LINENO" 5 fi if test "x$withval" != "xno" ; then CPPFLAGS="-I${withval}/include/sasl $CPPFLAGS" LDFLAGS="-L${withval}/lib $LDFLAGS" ac_fn_c_check_header_mongrel "$LINENO" "sasl.h" "ac_cv_header_sasl_h" "$ac_includes_default" if test "x$ac_cv_header_sasl_h" = xyes; then : fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for sasl_client_init in -lsasl2" >&5 $as_echo_n "checking for sasl_client_init in -lsasl2... " >&6; } if ${ac_cv_lib_sasl2_sasl_client_init+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lsasl2 $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char sasl_client_init (); int main () { return sasl_client_init (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_sasl2_sasl_client_init=yes else ac_cv_lib_sasl2_sasl_client_init=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_sasl2_sasl_client_init" >&5 $as_echo "$ac_cv_lib_sasl2_sasl_client_init" >&6; } if test "x$ac_cv_lib_sasl2_sasl_client_init" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_LIBSASL2 1 _ACEOF LIBS="-lsasl2 $LIBS" else as_fn_error $? "libsasl2 not found" "$LINENO" 5 fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking that sasl.h matches libsasl2" >&5 $as_echo_n "checking that sasl.h matches libsasl2... " >&6; } if test "$cross_compiling" = yes; then : { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main(void) { if (SASL_VERSION_MAJOR != 2) return 1; else return 0; } _ACEOF if ac_fn_c_try_run "$LINENO"; then : { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } as_fn_error $? "sasl.h does not match libsasl2" "$LINENO" 5 fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext fi SASL="yes" fi fi # Check whether --with-kerberos5 was given. if test "${with_kerberos5+set}" = set; then : withval=$with_kerberos5; if test "x$withval" = "xyes" ; then as_fn_error $? "--with-kerberos5 requires PATH argument" "$LINENO" 5 fi if test "x$withval" != "xno" ; then if test "$SASL" != "yes"; then as_fn_error $? "--with-kerberos5 requires --with-sasl2" "$LINENO" 5 fi KRB5CPPFLAGS="-I${withval}/include $CPPFLAGS" $as_echo "#define BUILD_GSSAPI_PLUGIN 1" >>confdefs.h for ac_header in gssapi.h do : ac_fn_c_check_header_mongrel "$LINENO" "gssapi.h" "ac_cv_header_gssapi_h" "$ac_includes_default" if test "x$ac_cv_header_gssapi_h" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_GSSAPI_H 1 _ACEOF fi done fi fi for ac_header in security/pam_appl.h pam/pam_appl.h do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF fi done if test "x$ac_cv_header_security_pam_appl_h" = "xyes" || \ test "x$ac_cv_header_pam_pam_appl_h" = "xyes" ; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5 $as_echo_n "checking for dlopen in -ldl... " >&6; } if ${ac_cv_lib_dl_dlopen+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-ldl $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char dlopen (); int main () { return dlopen (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_dl_dlopen=yes else ac_cv_lib_dl_dlopen=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5 $as_echo "$ac_cv_lib_dl_dlopen" >&6; } if test "x$ac_cv_lib_dl_dlopen" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_LIBDL 1 _ACEOF LIBS="-ldl $LIBS" fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pam_set_item in -lpam" >&5 $as_echo_n "checking for pam_set_item in -lpam... " >&6; } if ${ac_cv_lib_pam_pam_set_item+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lpam $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char pam_set_item (); int main () { return pam_set_item (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_pam_pam_set_item=yes else ac_cv_lib_pam_pam_set_item=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_pam_pam_set_item" >&5 $as_echo "$ac_cv_lib_pam_pam_set_item" >&6; } if test "x$ac_cv_lib_pam_pam_set_item" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_LIBPAM 1 _ACEOF LIBS="-lpam $LIBS" fi fi ac_fn_c_check_func "$LINENO" "pthread_sigmask" "ac_cv_func_pthread_sigmask" if test "x$ac_cv_func_pthread_sigmask" = xyes; then : $as_echo "#define HAVE_PTHREAD_SIGMASK 1" >>confdefs.h fi ac_fn_c_check_decl "$LINENO" "pidfile_open" "ac_cv_have_decl_pidfile_open" "#include " if test "x$ac_cv_have_decl_pidfile_open" = xyes; then : $as_echo "#define HAVE_PIDFILE_DECL 1" >>confdefs.h fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing pidfile_open" >&5 $as_echo_n "checking for library containing pidfile_open... " >&6; } if ${ac_cv_search_pidfile_open+:} false; then : $as_echo_n "(cached) " >&6 else ac_func_search_save_LIBS=$LIBS cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char pidfile_open (); int main () { return pidfile_open (); ; return 0; } _ACEOF for ac_lib in '' util bsd; do if test -z "$ac_lib"; then ac_res="none required" else ac_res=-l$ac_lib LIBS="-l$ac_lib $ac_func_search_save_LIBS" fi if ac_fn_c_try_link "$LINENO"; then : ac_cv_search_pidfile_open=$ac_res fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext if ${ac_cv_search_pidfile_open+:} false; then : break fi done if ${ac_cv_search_pidfile_open+:} false; then : else ac_cv_search_pidfile_open=no fi rm conftest.$ac_ext LIBS=$ac_func_search_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_pidfile_open" >&5 $as_echo "$ac_cv_search_pidfile_open" >&6; } ac_res=$ac_cv_search_pidfile_open if test "$ac_res" != no; then : test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" $as_echo "#define HAVE_PIDFILE 1" >>confdefs.h fi # Check whether --with-openldap was given. if test "${with_openldap+set}" = set; then : withval=$with_openldap; if test "x$withval" = "xyes" ; then as_fn_error $? "--with-openldap requires PATH argument" "$LINENO" 5 fi if test "x$withval" != "xno" ; then CPPFLAGS="-I${withval}/include $CPPFLAGS" { $as_echo "$as_me:${as_lineno-$LINENO}: checking for OpenLDAP v2.3 or later" >&5 $as_echo_n "checking for OpenLDAP v2.3 or later... " >&6; } if test "$cross_compiling" = yes; then : { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main(void) { if (LDAP_VENDOR_VERSION < 20300) return 1; else return 0; } _ACEOF if ac_fn_c_try_run "$LINENO"; then : { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } as_fn_error $? "OpenLDAP is not v2.3 or later" "$LINENO" 5 fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext fi # warning: if ${withval}/lib isn't in the shared library # search path, then adding -lldap may cause AC_TRY_RUN tests # below to fail LDFLAGS="-L${withval}/lib $LDFLAGS" for ac_header in ldap.h do : ac_fn_c_check_header_mongrel "$LINENO" "ldap.h" "ac_cv_header_ldap_h" "$ac_includes_default" if test "x$ac_cv_header_ldap_h" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_LDAP_H 1 _ACEOF fi done { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ber_free in -llber" >&5 $as_echo_n "checking for ber_free in -llber... " >&6; } if ${ac_cv_lib_lber_ber_free+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-llber $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char ber_free (); int main () { return ber_free (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_lber_ber_free=yes else ac_cv_lib_lber_ber_free=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_lber_ber_free" >&5 $as_echo "$ac_cv_lib_lber_ber_free" >&6; } if test "x$ac_cv_lib_lber_ber_free" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_LIBLBER 1 _ACEOF LIBS="-llber $LIBS" else as_fn_error $? "ber_free not found in liblber" "$LINENO" 5 fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ldap_sasl_bind_s in -lldap" >&5 $as_echo_n "checking for ldap_sasl_bind_s in -lldap... " >&6; } if ${ac_cv_lib_ldap_ldap_sasl_bind_s+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lldap $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char ldap_sasl_bind_s (); int main () { return ldap_sasl_bind_s (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_ldap_ldap_sasl_bind_s=yes else ac_cv_lib_ldap_ldap_sasl_bind_s=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ldap_ldap_sasl_bind_s" >&5 $as_echo "$ac_cv_lib_ldap_ldap_sasl_bind_s" >&6; } if test "x$ac_cv_lib_ldap_ldap_sasl_bind_s" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_LIBLDAP 1 _ACEOF LIBS="-lldap $LIBS" else as_fn_error $? "ldap_sasl_bind_s not found in libldap" "$LINENO" 5 fi ac_fn_c_check_func "$LINENO" "ldap_search_ext_s" "ac_cv_func_ldap_search_ext_s" if test "x$ac_cv_func_ldap_search_ext_s" = xyes; then : else as_fn_error $? "ldap_search_ext_s not found in libldap" "$LINENO" 5 fi ac_fn_c_check_func "$LINENO" "ldap_str2dn" "ac_cv_func_ldap_str2dn" if test "x$ac_cv_func_ldap_str2dn" = xyes; then : else as_fn_error $? "ldap_str2dn not found in libldap" "$LINENO" 5 fi ac_fn_c_check_func "$LINENO" "ldap_start_tls_s" "ac_cv_func_ldap_start_tls_s" if test "x$ac_cv_func_ldap_start_tls_s" = xyes; then : else as_fn_error $? "ldap_start_tls_s not found in libldap" "$LINENO" 5 fi fi fi # Check whether --with-voms was given. if test "${with_voms+set}" = set; then : withval=$with_voms; if test "x$withval" = "xyes" ; then as_fn_error $? "--with-voms requires PATH argument" "$LINENO" 5 fi if test "x$withval" != "xno" ; then CPPFLAGS="-I${withval}/include -I${withval}/include/voms -I${withval}/include/glite/security/voms $CPPFLAGS" LDFLAGS="-L${withval}/lib -L${withval}/lib64 $LDFLAGS" SAVE_LIBS="$LIBS" ac_fn_c_check_header_mongrel "$LINENO" "voms_apic.h" "ac_cv_header_voms_apic_h" "$ac_includes_default" if test "x$ac_cv_header_voms_apic_h" = xyes; then : fi ac_fn_c_check_header_mongrel "$LINENO" "newformat.h" "ac_cv_header_newformat_h" "$ac_includes_default" if test "x$ac_cv_header_newformat_h" = xyes; then : fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing VOMS_Init" >&5 $as_echo_n "checking for library containing VOMS_Init... " >&6; } if ${ac_cv_search_VOMS_Init+:} false; then : $as_echo_n "(cached) " >&6 else ac_func_search_save_LIBS=$LIBS cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char VOMS_Init (); int main () { return VOMS_Init (); ; return 0; } _ACEOF for ac_lib in '' vomsapi vomsc; do if test -z "$ac_lib"; then ac_res="none required" else ac_res=-l$ac_lib LIBS="-l$ac_lib $ac_func_search_save_LIBS" fi if ac_fn_c_try_link "$LINENO"; then : ac_cv_search_VOMS_Init=$ac_res fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext if ${ac_cv_search_VOMS_Init+:} false; then : break fi done if ${ac_cv_search_VOMS_Init+:} false; then : else ac_cv_search_VOMS_Init=no fi rm conftest.$ac_ext LIBS=$ac_func_search_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_VOMS_Init" >&5 $as_echo "$ac_cv_search_VOMS_Init" >&6; } ac_res=$ac_cv_search_VOMS_Init if test "$ac_res" != no; then : test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" else as_fn_error $? "VOMS_Init not found in libvomsapi/libvomsc" "$LINENO" 5 fi VOMS_LIBS="$LIBS" LIBS="$SAVE_LIBS" HAVE_VOMS=1 $as_echo "#define HAVE_VOMS 1" >>confdefs.h fi fi if test x"$HAVE_VOMS" = x1; then HAVE_VOMS_TRUE= HAVE_VOMS_FALSE='#' else HAVE_VOMS_TRUE='#' HAVE_VOMS_FALSE= fi ac_config_files="$ac_config_files Makefile web/Makefile systemd/Makefile man/Makefile myproxy.h myproxy.pc" cat >confcache <<\_ACEOF # This file is a shell script that caches the results of configure # tests run on this system so they can be shared between configure # scripts and configure runs, see configure's option --config-cache. # It is not useful on other systems. If it contains results you don't # want to keep, you may remove or edit it. # # config.status only pays attention to the cache file if you give it # the --recheck option to rerun configure. # # `ac_cv_env_foo' variables (set or unset) will be overridden when # loading this file, other *unset* `ac_cv_foo' will be assigned the # following values. _ACEOF # The following way of writing the cache mishandles newlines in values, # but we know of no workaround that is simple, portable, and efficient. # So, we kill variables containing newlines. # Ultrix sh set writes to stderr and can't be redirected directly, # and sets the high bit in the cache file unless we assign to the vars. ( for ac_var in `(set) 2>&1 | sed -n 's/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'`; do eval ac_val=\$$ac_var case $ac_val in #( *${as_nl}*) case $ac_var in #( *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 $as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; esac case $ac_var in #( _ | IFS | as_nl) ;; #( BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #( *) { eval $ac_var=; unset $ac_var;} ;; esac ;; esac done (set) 2>&1 | case $as_nl`(ac_space=' '; set) 2>&1` in #( *${as_nl}ac_space=\ *) # `set' does not quote correctly, so add quotes: double-quote # substitution turns \\\\ into \\, and sed turns \\ into \. sed -n \ "s/'/'\\\\''/g; s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p" ;; #( *) # `set' quotes correctly as required by POSIX, so do not add quotes. sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" ;; esac | sort ) | sed ' /^ac_cv_env_/b end t clear :clear s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/ t end s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/ :end' >>confcache if diff "$cache_file" confcache >/dev/null 2>&1; then :; else if test -w "$cache_file"; then if test "x$cache_file" != "x/dev/null"; then { $as_echo "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5 $as_echo "$as_me: updating cache $cache_file" >&6;} if test ! -f "$cache_file" || test -h "$cache_file"; then cat confcache >"$cache_file" else case $cache_file in #( */* | ?:*) mv -f confcache "$cache_file"$$ && mv -f "$cache_file"$$ "$cache_file" ;; #( *) mv -f confcache "$cache_file" ;; esac fi fi else { $as_echo "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5 $as_echo "$as_me: not updating unwritable cache $cache_file" >&6;} fi fi rm -f confcache test "x$prefix" = xNONE && prefix=$ac_default_prefix # Let make expand exec_prefix. test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' # Transform confdefs.h into DEFS. # Protect against shell expansion while executing Makefile rules. # Protect against Makefile macro expansion. # # If the first sed substitution is executed (which looks for macros that # take arguments), then branch to the quote section. Otherwise, # look for a macro that doesn't take arguments. ac_script=' :mline /\\$/{ N s,\\\n,, b mline } t clear :clear s/^[ ]*#[ ]*define[ ][ ]*\([^ (][^ (]*([^)]*)\)[ ]*\(.*\)/-D\1=\2/g t quote s/^[ ]*#[ ]*define[ ][ ]*\([^ ][^ ]*\)[ ]*\(.*\)/-D\1=\2/g t quote b any :quote s/[ `~#$^&*(){}\\|;'\''"<>?]/\\&/g s/\[/\\&/g s/\]/\\&/g s/\$/$$/g H :any ${ g s/^\n// s/\n/ /g p } ' DEFS=`sed -n "$ac_script" confdefs.h` ac_libobjs= ac_ltlibobjs= U= for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue # 1. Remove the extension, and $U if already installed. ac_script='s/\$U\././;s/\.o$//;s/\.obj$//' ac_i=`$as_echo "$ac_i" | sed "$ac_script"` # 2. Prepend LIBOBJDIR. When used with automake>=1.10 LIBOBJDIR # will be set to the directory where LIBOBJS objects are built. as_fn_append ac_libobjs " \${LIBOBJDIR}$ac_i\$U.$ac_objext" as_fn_append ac_ltlibobjs " \${LIBOBJDIR}$ac_i"'$U.lo' done LIBOBJS=$ac_libobjs LTLIBOBJS=$ac_ltlibobjs { $as_echo "$as_me:${as_lineno-$LINENO}: checking that generated files are newer than configure" >&5 $as_echo_n "checking that generated files are newer than configure... " >&6; } if test -n "$am_sleep_pid"; then # Hide warnings about reused PIDs. wait $am_sleep_pid 2>/dev/null fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: done" >&5 $as_echo "done" >&6; } if test -n "$EXEEXT"; then am__EXEEXT_TRUE= am__EXEEXT_FALSE='#' else am__EXEEXT_TRUE='#' am__EXEEXT_FALSE= fi if test -z "${AMDEP_TRUE}" && test -z "${AMDEP_FALSE}"; then as_fn_error $? "conditional \"AMDEP\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${am__fastdepCC_TRUE}" && test -z "${am__fastdepCC_FALSE}"; then as_fn_error $? "conditional \"am__fastdepCC\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${ENABLE_TESTS_TRUE}" && test -z "${ENABLE_TESTS_FALSE}"; then as_fn_error $? "conditional \"ENABLE_TESTS\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${HAVE_VOMS_TRUE}" && test -z "${HAVE_VOMS_FALSE}"; then as_fn_error $? "conditional \"HAVE_VOMS\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi : "${CONFIG_STATUS=./config.status}" ac_write_fail=0 ac_clean_files_save=$ac_clean_files ac_clean_files="$ac_clean_files $CONFIG_STATUS" { $as_echo "$as_me:${as_lineno-$LINENO}: creating $CONFIG_STATUS" >&5 $as_echo "$as_me: creating $CONFIG_STATUS" >&6;} as_write_fail=0 cat >$CONFIG_STATUS <<_ASEOF || as_write_fail=1 #! $SHELL # Generated by $as_me. # Run this file to recreate the current configuration. # Compiler output produced by configure, useful for debugging # configure, is in config.log if it exists. debug=false ac_cs_recheck=false ac_cs_silent=false SHELL=\${CONFIG_SHELL-$SHELL} export SHELL _ASEOF cat >>$CONFIG_STATUS <<\_ASEOF || as_write_fail=1 ## -------------------- ## ## M4sh Initialization. ## ## -------------------- ## # Be more Bourne compatible DUALCASE=1; export DUALCASE # for MKS sh if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : emulate sh NULLCMD=: # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which # is contrary to our usage. Disable this feature. alias -g '${1+"$@"}'='"$@"' setopt NO_GLOB_SUBST else case `(set -o) 2>/dev/null` in #( *posix*) : set -o posix ;; #( *) : ;; esac fi as_nl=' ' export as_nl # Printing a long string crashes Solaris 7 /usr/bin/printf. as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo # Prefer a ksh shell builtin over an external printf program on Solaris, # but without wasting forks for bash or zsh. if test -z "$BASH_VERSION$ZSH_VERSION" \ && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then as_echo='print -r --' as_echo_n='print -rn --' elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then as_echo='printf %s\n' as_echo_n='printf %s' else if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' as_echo_n='/usr/ucb/echo -n' else as_echo_body='eval expr "X$1" : "X\\(.*\\)"' as_echo_n_body='eval arg=$1; case $arg in #( *"$as_nl"*) expr "X$arg" : "X\\(.*\\)$as_nl"; arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; esac; expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" ' export as_echo_n_body as_echo_n='sh -c $as_echo_n_body as_echo' fi export as_echo_body as_echo='sh -c $as_echo_body as_echo' fi # The user is always right. if test "${PATH_SEPARATOR+set}" != set; then PATH_SEPARATOR=: (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || PATH_SEPARATOR=';' } fi # IFS # We need space, tab and new line, in precisely that order. Quoting is # there to prevent editors from complaining about space-tab. # (If _AS_PATH_WALK were called with IFS unset, it would disable word # splitting by setting IFS to empty value.) IFS=" "" $as_nl" # Find who we are. Look in the path if we contain no directory separator. as_myself= case $0 in #(( *[\\/]* ) as_myself=$0 ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break done IFS=$as_save_IFS ;; esac # We did not find ourselves, most probably we were run as `sh COMMAND' # in which case we are not to be found in the path. if test "x$as_myself" = x; then as_myself=$0 fi if test ! -f "$as_myself"; then $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 exit 1 fi # Unset variables that we do not need and which cause bugs (e.g. in # pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1" # suppresses any "Segmentation fault" message there. '((' could # trigger a bug in pdksh 5.2.14. for as_var in BASH_ENV ENV MAIL MAILPATH do eval test x\${$as_var+set} = xset \ && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : done PS1='$ ' PS2='> ' PS4='+ ' # NLS nuisances. LC_ALL=C export LC_ALL LANGUAGE=C export LANGUAGE # CDPATH. (unset CDPATH) >/dev/null 2>&1 && unset CDPATH # as_fn_error STATUS ERROR [LINENO LOG_FD] # ---------------------------------------- # Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are # provided, also output the error to LOG_FD, referencing LINENO. Then exit the # script with STATUS, using 1 if that was 0. as_fn_error () { as_status=$1; test $as_status -eq 0 && as_status=1 if test "$4"; then as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 fi $as_echo "$as_me: error: $2" >&2 as_fn_exit $as_status } # as_fn_error # as_fn_set_status STATUS # ----------------------- # Set $? to STATUS, without forking. as_fn_set_status () { return $1 } # as_fn_set_status # as_fn_exit STATUS # ----------------- # Exit the shell with STATUS, even in a "trap 0" or "set -e" context. as_fn_exit () { set +e as_fn_set_status $1 exit $1 } # as_fn_exit # as_fn_unset VAR # --------------- # Portably unset VAR. as_fn_unset () { { eval $1=; unset $1;} } as_unset=as_fn_unset # as_fn_append VAR VALUE # ---------------------- # Append the text in VALUE to the end of the definition contained in VAR. Take # advantage of any shell optimizations that allow amortized linear growth over # repeated appends, instead of the typical quadratic growth present in naive # implementations. if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then : eval 'as_fn_append () { eval $1+=\$2 }' else as_fn_append () { eval $1=\$$1\$2 } fi # as_fn_append # as_fn_arith ARG... # ------------------ # Perform arithmetic evaluation on the ARGs, and store the result in the # global $as_val. Take advantage of shells that can avoid forks. The arguments # must be portable across $(()) and expr. if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then : eval 'as_fn_arith () { as_val=$(( $* )) }' else as_fn_arith () { as_val=`expr "$@" || test $? -eq 1` } fi # as_fn_arith if expr a : '\(a\)' >/dev/null 2>&1 && test "X`expr 00001 : '.*\(...\)'`" = X001; then as_expr=expr else as_expr=false fi if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then as_basename=basename else as_basename=false fi if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then as_dirname=dirname else as_dirname=false fi as_me=`$as_basename -- "$0" || $as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ X"$0" : 'X\(//\)$' \| \ X"$0" : 'X\(/\)' \| . 2>/dev/null || $as_echo X/"$0" | sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/ q } /^X\/\(\/\/\)$/{ s//\1/ q } /^X\/\(\/\).*/{ s//\1/ q } s/.*/./; q'` # Avoid depending upon Character Ranges. as_cr_letters='abcdefghijklmnopqrstuvwxyz' as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' as_cr_Letters=$as_cr_letters$as_cr_LETTERS as_cr_digits='0123456789' as_cr_alnum=$as_cr_Letters$as_cr_digits ECHO_C= ECHO_N= ECHO_T= case `echo -n x` in #((((( -n*) case `echo 'xy\c'` in *c*) ECHO_T=' ';; # ECHO_T is single tab character. xy) ECHO_C='\c';; *) echo `echo ksh88 bug on AIX 6.1` > /dev/null ECHO_T=' ';; esac;; *) ECHO_N='-n';; esac rm -f conf$$ conf$$.exe conf$$.file if test -d conf$$.dir; then rm -f conf$$.dir/conf$$.file else rm -f conf$$.dir mkdir conf$$.dir 2>/dev/null fi if (echo >conf$$.file) 2>/dev/null; then if ln -s conf$$.file conf$$ 2>/dev/null; then as_ln_s='ln -s' # ... but there are two gotchas: # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. # In both cases, we have to default to `cp -pR'. ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || as_ln_s='cp -pR' elif ln conf$$.file conf$$ 2>/dev/null; then as_ln_s=ln else as_ln_s='cp -pR' fi else as_ln_s='cp -pR' fi rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file rmdir conf$$.dir 2>/dev/null # as_fn_mkdir_p # ------------- # Create "$as_dir" as a directory, including parents if necessary. as_fn_mkdir_p () { case $as_dir in #( -*) as_dir=./$as_dir;; esac test -d "$as_dir" || eval $as_mkdir_p || { as_dirs= while :; do case $as_dir in #( *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( *) as_qdir=$as_dir;; esac as_dirs="'$as_qdir' $as_dirs" as_dir=`$as_dirname -- "$as_dir" || $as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$as_dir" : 'X\(//\)[^/]' \| \ X"$as_dir" : 'X\(//\)$' \| \ X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || $as_echo X"$as_dir" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` test -d "$as_dir" && break done test -z "$as_dirs" || eval "mkdir $as_dirs" } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir" } # as_fn_mkdir_p if mkdir -p . 2>/dev/null; then as_mkdir_p='mkdir -p "$as_dir"' else test -d ./-p && rmdir ./-p as_mkdir_p=false fi # as_fn_executable_p FILE # ----------------------- # Test if FILE is an executable regular file. as_fn_executable_p () { test -f "$1" && test -x "$1" } # as_fn_executable_p as_test_x='test -x' as_executable_p=as_fn_executable_p # Sed expression to map a string onto a valid CPP name. as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" # Sed expression to map a string onto a valid variable name. as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" exec 6>&1 ## ----------------------------------- ## ## Main body of $CONFIG_STATUS script. ## ## ----------------------------------- ## _ASEOF test $as_write_fail = 0 && chmod +x $CONFIG_STATUS || ac_write_fail=1 cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # Save the log message, to keep $0 and so on meaningful, and to # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" This file was extended by myproxy $as_me 6.2.16, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES CONFIG_HEADERS = $CONFIG_HEADERS CONFIG_LINKS = $CONFIG_LINKS CONFIG_COMMANDS = $CONFIG_COMMANDS $ $0 $@ on `(hostname || uname -n) 2>/dev/null | sed 1q` " _ACEOF case $ac_config_files in *" "*) set x $ac_config_files; shift; ac_config_files=$*;; esac cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 # Files that config.status was made for. config_files="$ac_config_files" config_commands="$ac_config_commands" _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 ac_cs_usage="\ \`$as_me' instantiates files and other configuration actions from templates according to the current configuration. Unless the files and actions are specified as TAGs, all are instantiated by default. Usage: $0 [OPTION]... [TAG]... -h, --help print this help, then exit -V, --version print version number and configuration settings, then exit --config print configuration, then exit -q, --quiet, --silent do not print progress messages -d, --debug don't remove temporary files --recheck update $as_me by reconfiguring in the same conditions --file=FILE[:TEMPLATE] instantiate the configuration file FILE Configuration files: $config_files Configuration commands: $config_commands Report bugs to the package provider." _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ myproxy config.status 6.2.16 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" Copyright (C) 2012 Free Software Foundation, Inc. This config.status script is free software; the Free Software Foundation gives unlimited permission to copy, distribute and modify it." ac_pwd='$ac_pwd' srcdir='$srcdir' INSTALL='$INSTALL' MKDIR_P='$MKDIR_P' AWK='$AWK' test -n "\$AWK" || AWK=awk _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # The default lists apply if the user does not specify any file. ac_need_defaults=: while test $# != 0 do case $1 in --*=?*) ac_option=`expr "X$1" : 'X\([^=]*\)='` ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'` ac_shift=: ;; --*=) ac_option=`expr "X$1" : 'X\([^=]*\)='` ac_optarg= ac_shift=: ;; *) ac_option=$1 ac_optarg=$2 ac_shift=shift ;; esac case $ac_option in # Handling of the options. -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r) ac_cs_recheck=: ;; --version | --versio | --versi | --vers | --ver | --ve | --v | -V ) $as_echo "$ac_cs_version"; exit ;; --config | --confi | --conf | --con | --co | --c ) $as_echo "$ac_cs_config"; exit ;; --debug | --debu | --deb | --de | --d | -d ) debug=: ;; --file | --fil | --fi | --f ) $ac_shift case $ac_optarg in *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; '') as_fn_error $? "missing file argument" ;; esac as_fn_append CONFIG_FILES " '$ac_optarg'" ac_need_defaults=false;; --he | --h | --help | --hel | -h ) $as_echo "$ac_cs_usage"; exit ;; -q | -quiet | --quiet | --quie | --qui | --qu | --q \ | -silent | --silent | --silen | --sile | --sil | --si | --s) ac_cs_silent=: ;; # This is an error. -*) as_fn_error $? "unrecognized option: \`$1' Try \`$0 --help' for more information." ;; *) as_fn_append ac_config_targets " $1" ac_need_defaults=false ;; esac shift done ac_configure_extra_args= if $ac_cs_silent; then exec 6>/dev/null ac_configure_extra_args="$ac_configure_extra_args --silent" fi _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 if \$ac_cs_recheck; then set X $SHELL '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion shift \$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6 CONFIG_SHELL='$SHELL' export CONFIG_SHELL exec "\$@" fi _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 exec 5>>config.log { echo sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX ## Running $as_me. ## _ASBOX $as_echo "$ac_log" } >&5 _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 # # INIT-COMMANDS # AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir" # The HP-UX ksh and POSIX shell print the target directory to stdout # if CDPATH is set. (unset CDPATH) >/dev/null 2>&1 && unset CDPATH sed_quote_subst='$sed_quote_subst' double_quote_subst='$double_quote_subst' delay_variable_subst='$delay_variable_subst' macro_version='`$ECHO "$macro_version" | $SED "$delay_single_quote_subst"`' macro_revision='`$ECHO "$macro_revision" | $SED "$delay_single_quote_subst"`' AS='`$ECHO "$AS" | $SED "$delay_single_quote_subst"`' DLLTOOL='`$ECHO "$DLLTOOL" | $SED "$delay_single_quote_subst"`' OBJDUMP='`$ECHO "$OBJDUMP" | $SED "$delay_single_quote_subst"`' enable_shared='`$ECHO "$enable_shared" | $SED "$delay_single_quote_subst"`' enable_static='`$ECHO "$enable_static" | $SED "$delay_single_quote_subst"`' pic_mode='`$ECHO "$pic_mode" | $SED "$delay_single_quote_subst"`' enable_fast_install='`$ECHO "$enable_fast_install" | $SED "$delay_single_quote_subst"`' SHELL='`$ECHO "$SHELL" | $SED "$delay_single_quote_subst"`' ECHO='`$ECHO "$ECHO" | $SED "$delay_single_quote_subst"`' PATH_SEPARATOR='`$ECHO "$PATH_SEPARATOR" | $SED "$delay_single_quote_subst"`' host_alias='`$ECHO "$host_alias" | $SED "$delay_single_quote_subst"`' host='`$ECHO "$host" | $SED "$delay_single_quote_subst"`' host_os='`$ECHO "$host_os" | $SED "$delay_single_quote_subst"`' build_alias='`$ECHO "$build_alias" | $SED "$delay_single_quote_subst"`' build='`$ECHO "$build" | $SED "$delay_single_quote_subst"`' build_os='`$ECHO "$build_os" | $SED "$delay_single_quote_subst"`' SED='`$ECHO "$SED" | $SED "$delay_single_quote_subst"`' Xsed='`$ECHO "$Xsed" | $SED "$delay_single_quote_subst"`' GREP='`$ECHO "$GREP" | $SED "$delay_single_quote_subst"`' EGREP='`$ECHO "$EGREP" | $SED "$delay_single_quote_subst"`' FGREP='`$ECHO "$FGREP" | $SED "$delay_single_quote_subst"`' LD='`$ECHO "$LD" | $SED "$delay_single_quote_subst"`' NM='`$ECHO "$NM" | $SED "$delay_single_quote_subst"`' LN_S='`$ECHO "$LN_S" | $SED "$delay_single_quote_subst"`' max_cmd_len='`$ECHO "$max_cmd_len" | $SED "$delay_single_quote_subst"`' ac_objext='`$ECHO "$ac_objext" | $SED "$delay_single_quote_subst"`' exeext='`$ECHO "$exeext" | $SED "$delay_single_quote_subst"`' lt_unset='`$ECHO "$lt_unset" | $SED "$delay_single_quote_subst"`' lt_SP2NL='`$ECHO "$lt_SP2NL" | $SED "$delay_single_quote_subst"`' lt_NL2SP='`$ECHO "$lt_NL2SP" | $SED "$delay_single_quote_subst"`' lt_cv_to_host_file_cmd='`$ECHO "$lt_cv_to_host_file_cmd" | $SED "$delay_single_quote_subst"`' lt_cv_to_tool_file_cmd='`$ECHO "$lt_cv_to_tool_file_cmd" | $SED "$delay_single_quote_subst"`' reload_flag='`$ECHO "$reload_flag" | $SED "$delay_single_quote_subst"`' reload_cmds='`$ECHO "$reload_cmds" | $SED "$delay_single_quote_subst"`' deplibs_check_method='`$ECHO "$deplibs_check_method" | $SED "$delay_single_quote_subst"`' file_magic_cmd='`$ECHO "$file_magic_cmd" | $SED "$delay_single_quote_subst"`' file_magic_glob='`$ECHO "$file_magic_glob" | $SED "$delay_single_quote_subst"`' want_nocaseglob='`$ECHO "$want_nocaseglob" | $SED "$delay_single_quote_subst"`' sharedlib_from_linklib_cmd='`$ECHO "$sharedlib_from_linklib_cmd" | $SED "$delay_single_quote_subst"`' AR='`$ECHO "$AR" | $SED "$delay_single_quote_subst"`' AR_FLAGS='`$ECHO "$AR_FLAGS" | $SED "$delay_single_quote_subst"`' archiver_list_spec='`$ECHO "$archiver_list_spec" | $SED "$delay_single_quote_subst"`' STRIP='`$ECHO "$STRIP" | $SED "$delay_single_quote_subst"`' RANLIB='`$ECHO "$RANLIB" | $SED "$delay_single_quote_subst"`' old_postinstall_cmds='`$ECHO "$old_postinstall_cmds" | $SED "$delay_single_quote_subst"`' old_postuninstall_cmds='`$ECHO "$old_postuninstall_cmds" | $SED "$delay_single_quote_subst"`' old_archive_cmds='`$ECHO "$old_archive_cmds" | $SED "$delay_single_quote_subst"`' lock_old_archive_extraction='`$ECHO "$lock_old_archive_extraction" | $SED "$delay_single_quote_subst"`' CC='`$ECHO "$CC" | $SED "$delay_single_quote_subst"`' CFLAGS='`$ECHO "$CFLAGS" | $SED "$delay_single_quote_subst"`' compiler='`$ECHO "$compiler" | $SED "$delay_single_quote_subst"`' GCC='`$ECHO "$GCC" | $SED "$delay_single_quote_subst"`' lt_cv_sys_global_symbol_pipe='`$ECHO "$lt_cv_sys_global_symbol_pipe" | $SED "$delay_single_quote_subst"`' lt_cv_sys_global_symbol_to_cdecl='`$ECHO "$lt_cv_sys_global_symbol_to_cdecl" | $SED "$delay_single_quote_subst"`' lt_cv_sys_global_symbol_to_c_name_address='`$ECHO "$lt_cv_sys_global_symbol_to_c_name_address" | $SED "$delay_single_quote_subst"`' lt_cv_sys_global_symbol_to_c_name_address_lib_prefix='`$ECHO "$lt_cv_sys_global_symbol_to_c_name_address_lib_prefix" | $SED "$delay_single_quote_subst"`' nm_file_list_spec='`$ECHO "$nm_file_list_spec" | $SED "$delay_single_quote_subst"`' lt_sysroot='`$ECHO "$lt_sysroot" | $SED "$delay_single_quote_subst"`' objdir='`$ECHO "$objdir" | $SED "$delay_single_quote_subst"`' MAGIC_CMD='`$ECHO "$MAGIC_CMD" | $SED "$delay_single_quote_subst"`' lt_prog_compiler_no_builtin_flag='`$ECHO "$lt_prog_compiler_no_builtin_flag" | $SED "$delay_single_quote_subst"`' lt_prog_compiler_pic='`$ECHO "$lt_prog_compiler_pic" | $SED "$delay_single_quote_subst"`' lt_prog_compiler_wl='`$ECHO "$lt_prog_compiler_wl" | $SED "$delay_single_quote_subst"`' lt_prog_compiler_static='`$ECHO "$lt_prog_compiler_static" | $SED "$delay_single_quote_subst"`' lt_cv_prog_compiler_c_o='`$ECHO "$lt_cv_prog_compiler_c_o" | $SED "$delay_single_quote_subst"`' need_locks='`$ECHO "$need_locks" | $SED "$delay_single_quote_subst"`' MANIFEST_TOOL='`$ECHO "$MANIFEST_TOOL" | $SED "$delay_single_quote_subst"`' DSYMUTIL='`$ECHO "$DSYMUTIL" | $SED "$delay_single_quote_subst"`' NMEDIT='`$ECHO "$NMEDIT" | $SED "$delay_single_quote_subst"`' LIPO='`$ECHO "$LIPO" | $SED "$delay_single_quote_subst"`' OTOOL='`$ECHO "$OTOOL" | $SED "$delay_single_quote_subst"`' OTOOL64='`$ECHO "$OTOOL64" | $SED "$delay_single_quote_subst"`' libext='`$ECHO "$libext" | $SED "$delay_single_quote_subst"`' shrext_cmds='`$ECHO "$shrext_cmds" | $SED "$delay_single_quote_subst"`' extract_expsyms_cmds='`$ECHO "$extract_expsyms_cmds" | $SED "$delay_single_quote_subst"`' archive_cmds_need_lc='`$ECHO "$archive_cmds_need_lc" | $SED "$delay_single_quote_subst"`' enable_shared_with_static_runtimes='`$ECHO "$enable_shared_with_static_runtimes" | $SED "$delay_single_quote_subst"`' export_dynamic_flag_spec='`$ECHO "$export_dynamic_flag_spec" | $SED "$delay_single_quote_subst"`' whole_archive_flag_spec='`$ECHO "$whole_archive_flag_spec" | $SED "$delay_single_quote_subst"`' compiler_needs_object='`$ECHO "$compiler_needs_object" | $SED "$delay_single_quote_subst"`' old_archive_from_new_cmds='`$ECHO "$old_archive_from_new_cmds" | $SED "$delay_single_quote_subst"`' old_archive_from_expsyms_cmds='`$ECHO "$old_archive_from_expsyms_cmds" | $SED "$delay_single_quote_subst"`' archive_cmds='`$ECHO "$archive_cmds" | $SED "$delay_single_quote_subst"`' archive_expsym_cmds='`$ECHO "$archive_expsym_cmds" | $SED "$delay_single_quote_subst"`' module_cmds='`$ECHO "$module_cmds" | $SED "$delay_single_quote_subst"`' module_expsym_cmds='`$ECHO "$module_expsym_cmds" | $SED "$delay_single_quote_subst"`' with_gnu_ld='`$ECHO "$with_gnu_ld" | $SED "$delay_single_quote_subst"`' allow_undefined_flag='`$ECHO "$allow_undefined_flag" | $SED "$delay_single_quote_subst"`' no_undefined_flag='`$ECHO "$no_undefined_flag" | $SED "$delay_single_quote_subst"`' hardcode_libdir_flag_spec='`$ECHO "$hardcode_libdir_flag_spec" | $SED "$delay_single_quote_subst"`' hardcode_libdir_separator='`$ECHO "$hardcode_libdir_separator" | $SED "$delay_single_quote_subst"`' hardcode_direct='`$ECHO "$hardcode_direct" | $SED "$delay_single_quote_subst"`' hardcode_direct_absolute='`$ECHO "$hardcode_direct_absolute" | $SED "$delay_single_quote_subst"`' hardcode_minus_L='`$ECHO "$hardcode_minus_L" | $SED "$delay_single_quote_subst"`' hardcode_shlibpath_var='`$ECHO "$hardcode_shlibpath_var" | $SED "$delay_single_quote_subst"`' hardcode_automatic='`$ECHO "$hardcode_automatic" | $SED "$delay_single_quote_subst"`' inherit_rpath='`$ECHO "$inherit_rpath" | $SED "$delay_single_quote_subst"`' link_all_deplibs='`$ECHO "$link_all_deplibs" | $SED "$delay_single_quote_subst"`' always_export_symbols='`$ECHO "$always_export_symbols" | $SED "$delay_single_quote_subst"`' export_symbols_cmds='`$ECHO "$export_symbols_cmds" | $SED "$delay_single_quote_subst"`' exclude_expsyms='`$ECHO "$exclude_expsyms" | $SED "$delay_single_quote_subst"`' include_expsyms='`$ECHO "$include_expsyms" | $SED "$delay_single_quote_subst"`' prelink_cmds='`$ECHO "$prelink_cmds" | $SED "$delay_single_quote_subst"`' postlink_cmds='`$ECHO "$postlink_cmds" | $SED "$delay_single_quote_subst"`' file_list_spec='`$ECHO "$file_list_spec" | $SED "$delay_single_quote_subst"`' variables_saved_for_relink='`$ECHO "$variables_saved_for_relink" | $SED "$delay_single_quote_subst"`' need_lib_prefix='`$ECHO "$need_lib_prefix" | $SED "$delay_single_quote_subst"`' need_version='`$ECHO "$need_version" | $SED "$delay_single_quote_subst"`' version_type='`$ECHO "$version_type" | $SED "$delay_single_quote_subst"`' runpath_var='`$ECHO "$runpath_var" | $SED "$delay_single_quote_subst"`' shlibpath_var='`$ECHO "$shlibpath_var" | $SED "$delay_single_quote_subst"`' shlibpath_overrides_runpath='`$ECHO "$shlibpath_overrides_runpath" | $SED "$delay_single_quote_subst"`' libname_spec='`$ECHO "$libname_spec" | $SED "$delay_single_quote_subst"`' library_names_spec='`$ECHO "$library_names_spec" | $SED "$delay_single_quote_subst"`' soname_spec='`$ECHO "$soname_spec" | $SED "$delay_single_quote_subst"`' install_override_mode='`$ECHO "$install_override_mode" | $SED "$delay_single_quote_subst"`' postinstall_cmds='`$ECHO "$postinstall_cmds" | $SED "$delay_single_quote_subst"`' postuninstall_cmds='`$ECHO "$postuninstall_cmds" | $SED "$delay_single_quote_subst"`' finish_cmds='`$ECHO "$finish_cmds" | $SED "$delay_single_quote_subst"`' finish_eval='`$ECHO "$finish_eval" | $SED "$delay_single_quote_subst"`' hardcode_into_libs='`$ECHO "$hardcode_into_libs" | $SED "$delay_single_quote_subst"`' sys_lib_search_path_spec='`$ECHO "$sys_lib_search_path_spec" | $SED "$delay_single_quote_subst"`' sys_lib_dlsearch_path_spec='`$ECHO "$sys_lib_dlsearch_path_spec" | $SED "$delay_single_quote_subst"`' hardcode_action='`$ECHO "$hardcode_action" | $SED "$delay_single_quote_subst"`' enable_dlopen='`$ECHO "$enable_dlopen" | $SED "$delay_single_quote_subst"`' enable_dlopen_self='`$ECHO "$enable_dlopen_self" | $SED "$delay_single_quote_subst"`' enable_dlopen_self_static='`$ECHO "$enable_dlopen_self_static" | $SED "$delay_single_quote_subst"`' old_striplib='`$ECHO "$old_striplib" | $SED "$delay_single_quote_subst"`' striplib='`$ECHO "$striplib" | $SED "$delay_single_quote_subst"`' LTCC='$LTCC' LTCFLAGS='$LTCFLAGS' compiler='$compiler_DEFAULT' # A function that is used when there is no print builtin or printf. func_fallback_echo () { eval 'cat <<_LTECHO_EOF \$1 _LTECHO_EOF' } # Quote evaled strings. for var in AS \ DLLTOOL \ OBJDUMP \ SHELL \ ECHO \ PATH_SEPARATOR \ SED \ GREP \ EGREP \ FGREP \ LD \ NM \ LN_S \ lt_SP2NL \ lt_NL2SP \ reload_flag \ deplibs_check_method \ file_magic_cmd \ file_magic_glob \ want_nocaseglob \ sharedlib_from_linklib_cmd \ AR \ AR_FLAGS \ archiver_list_spec \ STRIP \ RANLIB \ CC \ CFLAGS \ compiler \ lt_cv_sys_global_symbol_pipe \ lt_cv_sys_global_symbol_to_cdecl \ lt_cv_sys_global_symbol_to_c_name_address \ lt_cv_sys_global_symbol_to_c_name_address_lib_prefix \ nm_file_list_spec \ lt_prog_compiler_no_builtin_flag \ lt_prog_compiler_pic \ lt_prog_compiler_wl \ lt_prog_compiler_static \ lt_cv_prog_compiler_c_o \ need_locks \ MANIFEST_TOOL \ DSYMUTIL \ NMEDIT \ LIPO \ OTOOL \ OTOOL64 \ shrext_cmds \ export_dynamic_flag_spec \ whole_archive_flag_spec \ compiler_needs_object \ with_gnu_ld \ allow_undefined_flag \ no_undefined_flag \ hardcode_libdir_flag_spec \ hardcode_libdir_separator \ exclude_expsyms \ include_expsyms \ file_list_spec \ variables_saved_for_relink \ libname_spec \ library_names_spec \ soname_spec \ install_override_mode \ finish_eval \ old_striplib \ striplib; do case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in *[\\\\\\\`\\"\\\$]*) eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED \\"\\\$sed_quote_subst\\"\\\`\\\\\\"" ;; *) eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\"" ;; esac done # Double-quote double-evaled strings. for var in reload_cmds \ old_postinstall_cmds \ old_postuninstall_cmds \ old_archive_cmds \ extract_expsyms_cmds \ old_archive_from_new_cmds \ old_archive_from_expsyms_cmds \ archive_cmds \ archive_expsym_cmds \ module_cmds \ module_expsym_cmds \ export_symbols_cmds \ prelink_cmds \ postlink_cmds \ postinstall_cmds \ postuninstall_cmds \ finish_cmds \ sys_lib_search_path_spec \ sys_lib_dlsearch_path_spec; do case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in *[\\\\\\\`\\"\\\$]*) eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED -e \\"\\\$double_quote_subst\\" -e \\"\\\$sed_quote_subst\\" -e \\"\\\$delay_variable_subst\\"\\\`\\\\\\"" ;; *) eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\"" ;; esac done ac_aux_dir='$ac_aux_dir' xsi_shell='$xsi_shell' lt_shell_append='$lt_shell_append' # See if we are running on zsh, and set the options which allow our # commands through without removal of \ escapes INIT. if test -n "\${ZSH_VERSION+set}" ; then setopt NO_GLOB_SUBST fi PACKAGE='$PACKAGE' VERSION='$VERSION' TIMESTAMP='$TIMESTAMP' RM='$RM' ofile='$ofile' _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # Handling of arguments. for ac_config_target in $ac_config_targets do case $ac_config_target in "depfiles") CONFIG_COMMANDS="$CONFIG_COMMANDS depfiles" ;; "libtool") CONFIG_COMMANDS="$CONFIG_COMMANDS libtool" ;; "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;; "web/Makefile") CONFIG_FILES="$CONFIG_FILES web/Makefile" ;; "systemd/Makefile") CONFIG_FILES="$CONFIG_FILES systemd/Makefile" ;; "man/Makefile") CONFIG_FILES="$CONFIG_FILES man/Makefile" ;; "myproxy.h") CONFIG_FILES="$CONFIG_FILES myproxy.h" ;; "myproxy.pc") CONFIG_FILES="$CONFIG_FILES myproxy.pc" ;; *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;; esac done # If the user did not use the arguments to specify the items to instantiate, # then the envvar interface is used. Set only those that are not. # We use the long form for the default assignment because of an extremely # bizarre bug on SunOS 4.1.3. if $ac_need_defaults; then test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files test "${CONFIG_COMMANDS+set}" = set || CONFIG_COMMANDS=$config_commands fi # Have a temporary directory for convenience. Make it in the build tree # simply because there is no reason against having it here, and in addition, # creating and moving files from /tmp can sometimes cause problems. # Hook for its removal unless debugging. # Note that there is a small window in which the directory will not be cleaned: # after its creation but before its name has been assigned to `$tmp'. $debug || { tmp= ac_tmp= trap 'exit_status=$? : "${ac_tmp:=$tmp}" { test ! -d "$ac_tmp" || rm -fr "$ac_tmp"; } && exit $exit_status ' 0 trap 'as_fn_exit 1' 1 2 13 15 } # Create a (secure) tmp directory for tmp files. { tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` && test -d "$tmp" } || { tmp=./conf$$-$RANDOM (umask 077 && mkdir "$tmp") } || as_fn_error $? "cannot create a temporary directory in ." "$LINENO" 5 ac_tmp=$tmp # Set up the scripts for CONFIG_FILES section. # No need to generate them if there are no CONFIG_FILES. # This happens for instance with `./config.status config.h'. if test -n "$CONFIG_FILES"; then ac_cr=`echo X | tr X '\015'` # On cygwin, bash can eat \r inside `` if the user requested igncr. # But we know of no other shell where ac_cr would be empty at this # point, so we can use a bashism as a fallback. if test "x$ac_cr" = x; then eval ac_cr=\$\'\\r\' fi ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' /dev/null` if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then ac_cs_awk_cr='\\r' else ac_cs_awk_cr=$ac_cr fi echo 'BEGIN {' >"$ac_tmp/subs1.awk" && _ACEOF { echo "cat >conf$$subs.awk <<_ACEOF" && echo "$ac_subst_vars" | sed 's/.*/&!$&$ac_delim/' && echo "_ACEOF" } >conf$$subs.sh || as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 ac_delim_num=`echo "$ac_subst_vars" | grep -c '^'` ac_delim='%!_!# ' for ac_last_try in false false false false false :; do . ./conf$$subs.sh || as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 ac_delim_n=`sed -n "s/.*$ac_delim\$/X/p" conf$$subs.awk | grep -c X` if test $ac_delim_n = $ac_delim_num; then break elif $ac_last_try; then as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 else ac_delim="$ac_delim!$ac_delim _$ac_delim!! " fi done rm -f conf$$subs.sh cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 cat >>"\$ac_tmp/subs1.awk" <<\\_ACAWK && _ACEOF sed -n ' h s/^/S["/; s/!.*/"]=/ p g s/^[^!]*!// :repl t repl s/'"$ac_delim"'$// t delim :nl h s/\(.\{148\}\)..*/\1/ t more1 s/["\\]/\\&/g; s/^/"/; s/$/\\n"\\/ p n b repl :more1 s/["\\]/\\&/g; s/^/"/; s/$/"\\/ p g s/.\{148\}// t nl :delim h s/\(.\{148\}\)..*/\1/ t more2 s/["\\]/\\&/g; s/^/"/; s/$/"/ p b :more2 s/["\\]/\\&/g; s/^/"/; s/$/"\\/ p g s/.\{148\}// t delim ' >$CONFIG_STATUS || ac_write_fail=1 rm -f conf$$subs.awk cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 _ACAWK cat >>"\$ac_tmp/subs1.awk" <<_ACAWK && for (key in S) S_is_set[key] = 1 FS = "" } { line = $ 0 nfields = split(line, field, "@") substed = 0 len = length(field[1]) for (i = 2; i < nfields; i++) { key = field[i] keylen = length(key) if (S_is_set[key]) { value = S[key] line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3) len += length(value) + length(field[++i]) substed = 1 } else len += 1 + keylen } print line } _ACAWK _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g" else cat fi < "$ac_tmp/subs1.awk" > "$ac_tmp/subs.awk" \ || as_fn_error $? "could not setup config files machinery" "$LINENO" 5 _ACEOF # VPATH may cause trouble with some makes, so we remove sole $(srcdir), # ${srcdir} and @srcdir@ entries from VPATH if srcdir is ".", strip leading and # trailing colons and then remove the whole line if VPATH becomes empty # (actually we leave an empty line to preserve line numbers). if test "x$srcdir" = x.; then ac_vpsub='/^[ ]*VPATH[ ]*=[ ]*/{ h s/// s/^/:/ s/[ ]*$/:/ s/:\$(srcdir):/:/g s/:\${srcdir}:/:/g s/:@srcdir@:/:/g s/^:*// s/:*$// x s/\(=[ ]*\).*/\1/ G s/\n// s/^[^=]*=[ ]*$// }' fi cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 fi # test -n "$CONFIG_FILES" eval set X " :F $CONFIG_FILES :C $CONFIG_COMMANDS" shift for ac_tag do case $ac_tag in :[FHLC]) ac_mode=$ac_tag; continue;; esac case $ac_mode$ac_tag in :[FHL]*:*);; :L* | :C*:*) as_fn_error $? "invalid tag \`$ac_tag'" "$LINENO" 5;; :[FH]-) ac_tag=-:-;; :[FH]*) ac_tag=$ac_tag:$ac_tag.in;; esac ac_save_IFS=$IFS IFS=: set x $ac_tag IFS=$ac_save_IFS shift ac_file=$1 shift case $ac_mode in :L) ac_source=$1;; :[FH]) ac_file_inputs= for ac_f do case $ac_f in -) ac_f="$ac_tmp/stdin";; *) # Look for the file first in the build tree, then in the source tree # (if the path is not absolute). The absolute path cannot be DOS-style, # because $ac_f cannot contain `:'. test -f "$ac_f" || case $ac_f in [\\/$]*) false;; *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";; esac || as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5;; esac case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac as_fn_append ac_file_inputs " '$ac_f'" done # Let's still pretend it is `configure' which instantiates (i.e., don't # use $as_me), people would be surprised to read: # /* config.h. Generated by config.status. */ configure_input='Generated from '` $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g' `' by configure.' if test x"$ac_file" != x-; then configure_input="$ac_file. $configure_input" { $as_echo "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5 $as_echo "$as_me: creating $ac_file" >&6;} fi # Neutralize special characters interpreted by sed in replacement strings. case $configure_input in #( *\&* | *\|* | *\\* ) ac_sed_conf_input=`$as_echo "$configure_input" | sed 's/[\\\\&|]/\\\\&/g'`;; #( *) ac_sed_conf_input=$configure_input;; esac case $ac_tag in *:-:* | *:-) cat >"$ac_tmp/stdin" \ || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;; esac ;; esac ac_dir=`$as_dirname -- "$ac_file" || $as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$ac_file" : 'X\(//\)[^/]' \| \ X"$ac_file" : 'X\(//\)$' \| \ X"$ac_file" : 'X\(/\)' \| . 2>/dev/null || $as_echo X"$ac_file" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` as_dir="$ac_dir"; as_fn_mkdir_p ac_builddir=. case "$ac_dir" in .) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; *) ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` # A ".." for each directory in $ac_dir_suffix. ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` case $ac_top_builddir_sub in "") ac_top_builddir_sub=. ac_top_build_prefix= ;; *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; esac ;; esac ac_abs_top_builddir=$ac_pwd ac_abs_builddir=$ac_pwd$ac_dir_suffix # for backward compatibility: ac_top_builddir=$ac_top_build_prefix case $srcdir in .) # We are building in place. ac_srcdir=. ac_top_srcdir=$ac_top_builddir_sub ac_abs_top_srcdir=$ac_pwd ;; [\\/]* | ?:[\\/]* ) # Absolute name. ac_srcdir=$srcdir$ac_dir_suffix; ac_top_srcdir=$srcdir ac_abs_top_srcdir=$srcdir ;; *) # Relative name. ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix ac_top_srcdir=$ac_top_build_prefix$srcdir ac_abs_top_srcdir=$ac_pwd/$srcdir ;; esac ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix case $ac_mode in :F) # # CONFIG_FILE # case $INSTALL in [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;; *) ac_INSTALL=$ac_top_build_prefix$INSTALL ;; esac ac_MKDIR_P=$MKDIR_P case $MKDIR_P in [\\/$]* | ?:[\\/]* ) ;; */*) ac_MKDIR_P=$ac_top_build_prefix$MKDIR_P ;; esac _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # If the template does not know about datarootdir, expand it. # FIXME: This hack should be removed a few years after 2.60. ac_datarootdir_hack=; ac_datarootdir_seen= ac_sed_dataroot=' /datarootdir/ { p q } /@datadir@/p /@docdir@/p /@infodir@/p /@localedir@/p /@mandir@/p' case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in *datarootdir*) ac_datarootdir_seen=yes;; *@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5 $as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;} _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_datarootdir_hack=' s&@datadir@&$datadir&g s&@docdir@&$docdir&g s&@infodir@&$infodir&g s&@localedir@&$localedir&g s&@mandir@&$mandir&g s&\\\${datarootdir}&$datarootdir&g' ;; esac _ACEOF # Neutralize VPATH when `$srcdir' = `.'. # Shell code in configure.ac might set extrasub. # FIXME: do we really want to maintain this feature? cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_sed_extra="$ac_vpsub $extrasub _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 :t /@[a-zA-Z_][a-zA-Z_0-9]*@/!b s|@configure_input@|$ac_sed_conf_input|;t t s&@top_builddir@&$ac_top_builddir_sub&;t t s&@top_build_prefix@&$ac_top_build_prefix&;t t s&@srcdir@&$ac_srcdir&;t t s&@abs_srcdir@&$ac_abs_srcdir&;t t s&@top_srcdir@&$ac_top_srcdir&;t t s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t s&@builddir@&$ac_builddir&;t t s&@abs_builddir@&$ac_abs_builddir&;t t s&@abs_top_builddir@&$ac_abs_top_builddir&;t t s&@INSTALL@&$ac_INSTALL&;t t s&@MKDIR_P@&$ac_MKDIR_P&;t t $ac_datarootdir_hack " eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$ac_tmp/subs.awk" \ >$ac_tmp/out || as_fn_error $? "could not create $ac_file" "$LINENO" 5 test -z "$ac_datarootdir_hack$ac_datarootdir_seen" && { ac_out=`sed -n '/\${datarootdir}/p' "$ac_tmp/out"`; test -n "$ac_out"; } && { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' \ "$ac_tmp/out"`; test -z "$ac_out"; } && { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir' which seems to be undefined. Please make sure it is defined" >&5 $as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir' which seems to be undefined. Please make sure it is defined" >&2;} rm -f "$ac_tmp/stdin" case $ac_file in -) cat "$ac_tmp/out" && rm -f "$ac_tmp/out";; *) rm -f "$ac_file" && mv "$ac_tmp/out" "$ac_file";; esac \ || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;; :C) { $as_echo "$as_me:${as_lineno-$LINENO}: executing $ac_file commands" >&5 $as_echo "$as_me: executing $ac_file commands" >&6;} ;; esac case $ac_file$ac_mode in "depfiles":C) test x"$AMDEP_TRUE" != x"" || { # Older Autoconf quotes --file arguments for eval, but not when files # are listed without --file. Let's play safe and only enable the eval # if we detect the quoting. case $CONFIG_FILES in *\'*) eval set x "$CONFIG_FILES" ;; *) set x $CONFIG_FILES ;; esac shift for mf do # Strip MF so we end up with the name of the file. mf=`echo "$mf" | sed -e 's/:.*$//'` # Check whether this is an Automake generated Makefile or not. # We used to match only the files named 'Makefile.in', but # some people rename them; so instead we look at the file content. # Grep'ing the first line is not enough: some people post-process # each Makefile.in and add a new line on top of each file to say so. # Grep'ing the whole file is not good either: AIX grep has a line # limit of 2048, but all sed's we know have understand at least 4000. if sed -n 's,^#.*generated by automake.*,X,p' "$mf" | grep X >/dev/null 2>&1; then dirpart=`$as_dirname -- "$mf" || $as_expr X"$mf" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$mf" : 'X\(//\)[^/]' \| \ X"$mf" : 'X\(//\)$' \| \ X"$mf" : 'X\(/\)' \| . 2>/dev/null || $as_echo X"$mf" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` else continue fi # Extract the definition of DEPDIR, am__include, and am__quote # from the Makefile without running 'make'. DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"` test -z "$DEPDIR" && continue am__include=`sed -n 's/^am__include = //p' < "$mf"` test -z "$am__include" && continue am__quote=`sed -n 's/^am__quote = //p' < "$mf"` # Find all dependency output files, they are included files with # $(DEPDIR) in their names. We invoke sed twice because it is the # simplest approach to changing $(DEPDIR) to its actual value in the # expansion. for file in `sed -n " s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \ sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g'`; do # Make sure the directory exists. test -f "$dirpart/$file" && continue fdir=`$as_dirname -- "$file" || $as_expr X"$file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$file" : 'X\(//\)[^/]' \| \ X"$file" : 'X\(//\)$' \| \ X"$file" : 'X\(/\)' \| . 2>/dev/null || $as_echo X"$file" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` as_dir=$dirpart/$fdir; as_fn_mkdir_p # echo "creating $dirpart/$file" echo '# dummy' > "$dirpart/$file" done done } ;; "libtool":C) # See if we are running on zsh, and set the options which allow our # commands through without removal of \ escapes. if test -n "${ZSH_VERSION+set}" ; then setopt NO_GLOB_SUBST fi cfgfile="${ofile}T" trap "$RM \"$cfgfile\"; exit 1" 1 2 15 $RM "$cfgfile" cat <<_LT_EOF >> "$cfgfile" #! $SHELL # `$ECHO "$ofile" | sed 's%^.*/%%'` - Provide generalized library-building support services. # Generated automatically by $as_me ($PACKAGE$TIMESTAMP) $VERSION # Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`: # NOTE: Changes made to this file will be lost: look at ltmain.sh. # # Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, # 2006, 2007, 2008, 2009, 2010, 2011 Free Software # Foundation, Inc. # Written by Gordon Matzigkeit, 1996 # # This file is part of GNU Libtool. # # GNU Libtool is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License as # published by the Free Software Foundation; either version 2 of # the License, or (at your option) any later version. # # As a special exception to the GNU General Public License, # if you distribute this file as part of a program or library that # is built using GNU Libtool, you may include this file under the # same distribution terms that you use for the rest of that program. # # GNU Libtool is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with GNU Libtool; see the file COPYING. If not, a copy # can be downloaded from http://www.gnu.org/licenses/gpl.html, or # obtained by writing to the Free Software Foundation, Inc., # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. # The names of the tagged configurations supported by this script. available_tags="" # ### BEGIN LIBTOOL CONFIG # Which release of libtool.m4 was used? macro_version=$macro_version macro_revision=$macro_revision # Assembler program. AS=$lt_AS # DLL creation program. DLLTOOL=$lt_DLLTOOL # Object dumper program. OBJDUMP=$lt_OBJDUMP # Whether or not to build shared libraries. build_libtool_libs=$enable_shared # Whether or not to build static libraries. build_old_libs=$enable_static # What type of objects to build. pic_mode=$pic_mode # Whether or not to optimize for fast installation. fast_install=$enable_fast_install # Shell to use when invoking shell scripts. SHELL=$lt_SHELL # An echo program that protects backslashes. ECHO=$lt_ECHO # The PATH separator for the build system. PATH_SEPARATOR=$lt_PATH_SEPARATOR # The host system. host_alias=$host_alias host=$host host_os=$host_os # The build system. build_alias=$build_alias build=$build build_os=$build_os # A sed program that does not truncate output. SED=$lt_SED # Sed that helps us avoid accidentally triggering echo(1) options like -n. Xsed="\$SED -e 1s/^X//" # A grep program that handles long lines. GREP=$lt_GREP # An ERE matcher. EGREP=$lt_EGREP # A literal string matcher. FGREP=$lt_FGREP # A BSD- or MS-compatible name lister. NM=$lt_NM # Whether we need soft or hard links. LN_S=$lt_LN_S # What is the maximum length of a command? max_cmd_len=$max_cmd_len # Object file suffix (normally "o"). objext=$ac_objext # Executable file suffix (normally ""). exeext=$exeext # whether the shell understands "unset". lt_unset=$lt_unset # turn spaces into newlines. SP2NL=$lt_lt_SP2NL # turn newlines into spaces. NL2SP=$lt_lt_NL2SP # convert \$build file names to \$host format. to_host_file_cmd=$lt_cv_to_host_file_cmd # convert \$build files to toolchain format. to_tool_file_cmd=$lt_cv_to_tool_file_cmd # Method to check whether dependent libraries are shared objects. deplibs_check_method=$lt_deplibs_check_method # Command to use when deplibs_check_method = "file_magic". file_magic_cmd=$lt_file_magic_cmd # How to find potential files when deplibs_check_method = "file_magic". file_magic_glob=$lt_file_magic_glob # Find potential files using nocaseglob when deplibs_check_method = "file_magic". want_nocaseglob=$lt_want_nocaseglob # Command to associate shared and link libraries. sharedlib_from_linklib_cmd=$lt_sharedlib_from_linklib_cmd # The archiver. AR=$lt_AR # Flags to create an archive. AR_FLAGS=$lt_AR_FLAGS # How to feed a file listing to the archiver. archiver_list_spec=$lt_archiver_list_spec # A symbol stripping program. STRIP=$lt_STRIP # Commands used to install an old-style archive. RANLIB=$lt_RANLIB old_postinstall_cmds=$lt_old_postinstall_cmds old_postuninstall_cmds=$lt_old_postuninstall_cmds # Whether to use a lock for old archive extraction. lock_old_archive_extraction=$lock_old_archive_extraction # A C compiler. LTCC=$lt_CC # LTCC compiler flags. LTCFLAGS=$lt_CFLAGS # Take the output of nm and produce a listing of raw symbols and C names. global_symbol_pipe=$lt_lt_cv_sys_global_symbol_pipe # Transform the output of nm in a proper C declaration. global_symbol_to_cdecl=$lt_lt_cv_sys_global_symbol_to_cdecl # Transform the output of nm in a C name address pair. global_symbol_to_c_name_address=$lt_lt_cv_sys_global_symbol_to_c_name_address # Transform the output of nm in a C name address pair when lib prefix is needed. global_symbol_to_c_name_address_lib_prefix=$lt_lt_cv_sys_global_symbol_to_c_name_address_lib_prefix # Specify filename containing input files for \$NM. nm_file_list_spec=$lt_nm_file_list_spec # The root where to search for dependent libraries,and in which our libraries should be installed. lt_sysroot=$lt_sysroot # The name of the directory that contains temporary libtool files. objdir=$objdir # Used to examine libraries when file_magic_cmd begins with "file". MAGIC_CMD=$MAGIC_CMD # Must we lock files when doing compilation? need_locks=$lt_need_locks # Manifest tool. MANIFEST_TOOL=$lt_MANIFEST_TOOL # Tool to manipulate archived DWARF debug symbol files on Mac OS X. DSYMUTIL=$lt_DSYMUTIL # Tool to change global to local symbols on Mac OS X. NMEDIT=$lt_NMEDIT # Tool to manipulate fat objects and archives on Mac OS X. LIPO=$lt_LIPO # ldd/readelf like tool for Mach-O binaries on Mac OS X. OTOOL=$lt_OTOOL # ldd/readelf like tool for 64 bit Mach-O binaries on Mac OS X 10.4. OTOOL64=$lt_OTOOL64 # Old archive suffix (normally "a"). libext=$libext # Shared library suffix (normally ".so"). shrext_cmds=$lt_shrext_cmds # The commands to extract the exported symbol list from a shared archive. extract_expsyms_cmds=$lt_extract_expsyms_cmds # Variables whose values should be saved in libtool wrapper scripts and # restored at link time. variables_saved_for_relink=$lt_variables_saved_for_relink # Do we need the "lib" prefix for modules? need_lib_prefix=$need_lib_prefix # Do we need a version for libraries? need_version=$need_version # Library versioning type. version_type=$version_type # Shared library runtime path variable. runpath_var=$runpath_var # Shared library path variable. shlibpath_var=$shlibpath_var # Is shlibpath searched before the hard-coded library search path? shlibpath_overrides_runpath=$shlibpath_overrides_runpath # Format of library name prefix. libname_spec=$lt_libname_spec # List of archive names. First name is the real one, the rest are links. # The last name is the one that the linker finds with -lNAME library_names_spec=$lt_library_names_spec # The coded name of the library, if different from the real name. soname_spec=$lt_soname_spec # Permission mode override for installation of shared libraries. install_override_mode=$lt_install_override_mode # Command to use after installation of a shared archive. postinstall_cmds=$lt_postinstall_cmds # Command to use after uninstallation of a shared archive. postuninstall_cmds=$lt_postuninstall_cmds # Commands used to finish a libtool library installation in a directory. finish_cmds=$lt_finish_cmds # As "finish_cmds", except a single script fragment to be evaled but # not shown. finish_eval=$lt_finish_eval # Whether we should hardcode library paths into libraries. hardcode_into_libs=$hardcode_into_libs # Compile-time system search path for libraries. sys_lib_search_path_spec=$lt_sys_lib_search_path_spec # Run-time system search path for libraries. sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec # Whether dlopen is supported. dlopen_support=$enable_dlopen # Whether dlopen of programs is supported. dlopen_self=$enable_dlopen_self # Whether dlopen of statically linked programs is supported. dlopen_self_static=$enable_dlopen_self_static # Commands to strip libraries. old_striplib=$lt_old_striplib striplib=$lt_striplib # The linker used to build libraries. LD=$lt_LD # How to create reloadable object files. reload_flag=$lt_reload_flag reload_cmds=$lt_reload_cmds # Commands used to build an old-style archive. old_archive_cmds=$lt_old_archive_cmds # A language specific compiler. CC=$lt_compiler # Is the compiler the GNU compiler? with_gcc=$GCC # Compiler flag to turn off builtin functions. no_builtin_flag=$lt_lt_prog_compiler_no_builtin_flag # Additional compiler flags for building library objects. pic_flag=$lt_lt_prog_compiler_pic # How to pass a linker flag through the compiler. wl=$lt_lt_prog_compiler_wl # Compiler flag to prevent dynamic linking. link_static_flag=$lt_lt_prog_compiler_static # Does compiler simultaneously support -c and -o options? compiler_c_o=$lt_lt_cv_prog_compiler_c_o # Whether or not to add -lc for building shared libraries. build_libtool_need_lc=$archive_cmds_need_lc # Whether or not to disallow shared libs when runtime libs are static. allow_libtool_libs_with_static_runtimes=$enable_shared_with_static_runtimes # Compiler flag to allow reflexive dlopens. export_dynamic_flag_spec=$lt_export_dynamic_flag_spec # Compiler flag to generate shared objects directly from archives. whole_archive_flag_spec=$lt_whole_archive_flag_spec # Whether the compiler copes with passing no objects directly. compiler_needs_object=$lt_compiler_needs_object # Create an old-style archive from a shared archive. old_archive_from_new_cmds=$lt_old_archive_from_new_cmds # Create a temporary old-style archive to link instead of a shared archive. old_archive_from_expsyms_cmds=$lt_old_archive_from_expsyms_cmds # Commands used to build a shared archive. archive_cmds=$lt_archive_cmds archive_expsym_cmds=$lt_archive_expsym_cmds # Commands used to build a loadable module if different from building # a shared archive. module_cmds=$lt_module_cmds module_expsym_cmds=$lt_module_expsym_cmds # Whether we are building with GNU ld or not. with_gnu_ld=$lt_with_gnu_ld # Flag that allows shared libraries with undefined symbols to be built. allow_undefined_flag=$lt_allow_undefined_flag # Flag that enforces no undefined symbols. no_undefined_flag=$lt_no_undefined_flag # Flag to hardcode \$libdir into a binary during linking. # This must work even if \$libdir does not exist hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec # Whether we need a single "-rpath" flag with a separated argument. hardcode_libdir_separator=$lt_hardcode_libdir_separator # Set to "yes" if using DIR/libNAME\${shared_ext} during linking hardcodes # DIR into the resulting binary. hardcode_direct=$hardcode_direct # Set to "yes" if using DIR/libNAME\${shared_ext} during linking hardcodes # DIR into the resulting binary and the resulting library dependency is # "absolute",i.e impossible to change by setting \${shlibpath_var} if the # library is relocated. hardcode_direct_absolute=$hardcode_direct_absolute # Set to "yes" if using the -LDIR flag during linking hardcodes DIR # into the resulting binary. hardcode_minus_L=$hardcode_minus_L # Set to "yes" if using SHLIBPATH_VAR=DIR during linking hardcodes DIR # into the resulting binary. hardcode_shlibpath_var=$hardcode_shlibpath_var # Set to "yes" if building a shared library automatically hardcodes DIR # into the library and all subsequent libraries and executables linked # against it. hardcode_automatic=$hardcode_automatic # Set to yes if linker adds runtime paths of dependent libraries # to runtime path list. inherit_rpath=$inherit_rpath # Whether libtool must link a program against all its dependency libraries. link_all_deplibs=$link_all_deplibs # Set to "yes" if exported symbols are required. always_export_symbols=$always_export_symbols # The commands to list exported symbols. export_symbols_cmds=$lt_export_symbols_cmds # Symbols that should not be listed in the preloaded symbols. exclude_expsyms=$lt_exclude_expsyms # Symbols that must always be exported. include_expsyms=$lt_include_expsyms # Commands necessary for linking programs (against libraries) with templates. prelink_cmds=$lt_prelink_cmds # Commands necessary for finishing linking programs. postlink_cmds=$lt_postlink_cmds # Specify filename containing input files. file_list_spec=$lt_file_list_spec # How to hardcode a shared library path into an executable. hardcode_action=$hardcode_action # ### END LIBTOOL CONFIG _LT_EOF case $host_os in aix3*) cat <<\_LT_EOF >> "$cfgfile" # AIX sometimes has problems with the GCC collect2 program. For some # reason, if we set the COLLECT_NAMES environment variable, the problems # vanish in a puff of smoke. if test "X${COLLECT_NAMES+set}" != Xset; then COLLECT_NAMES= export COLLECT_NAMES fi _LT_EOF ;; esac ltmain="$ac_aux_dir/ltmain.sh" # We use sed instead of cat because bash on DJGPP gets confused if # if finds mixed CR/LF and LF-only lines. Since sed operates in # text mode, it properly converts lines to CR/LF. This bash problem # is reportedly fixed, but why not run on old versions too? sed '$q' "$ltmain" >> "$cfgfile" \ || (rm -f "$cfgfile"; exit 1) if test x"$xsi_shell" = xyes; then sed -e '/^func_dirname ()$/,/^} # func_dirname /c\ func_dirname ()\ {\ \ case ${1} in\ \ */*) func_dirname_result="${1%/*}${2}" ;;\ \ * ) func_dirname_result="${3}" ;;\ \ esac\ } # Extended-shell func_dirname implementation' "$cfgfile" > $cfgfile.tmp \ && mv -f "$cfgfile.tmp" "$cfgfile" \ || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") test 0 -eq $? || _lt_function_replace_fail=: sed -e '/^func_basename ()$/,/^} # func_basename /c\ func_basename ()\ {\ \ func_basename_result="${1##*/}"\ } # Extended-shell func_basename implementation' "$cfgfile" > $cfgfile.tmp \ && mv -f "$cfgfile.tmp" "$cfgfile" \ || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") test 0 -eq $? || _lt_function_replace_fail=: sed -e '/^func_dirname_and_basename ()$/,/^} # func_dirname_and_basename /c\ func_dirname_and_basename ()\ {\ \ case ${1} in\ \ */*) func_dirname_result="${1%/*}${2}" ;;\ \ * ) func_dirname_result="${3}" ;;\ \ esac\ \ func_basename_result="${1##*/}"\ } # Extended-shell func_dirname_and_basename implementation' "$cfgfile" > $cfgfile.tmp \ && mv -f "$cfgfile.tmp" "$cfgfile" \ || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") test 0 -eq $? || _lt_function_replace_fail=: sed -e '/^func_stripname ()$/,/^} # func_stripname /c\ func_stripname ()\ {\ \ # pdksh 5.2.14 does not do ${X%$Y} correctly if both X and Y are\ \ # positional parameters, so assign one to ordinary parameter first.\ \ func_stripname_result=${3}\ \ func_stripname_result=${func_stripname_result#"${1}"}\ \ func_stripname_result=${func_stripname_result%"${2}"}\ } # Extended-shell func_stripname implementation' "$cfgfile" > $cfgfile.tmp \ && mv -f "$cfgfile.tmp" "$cfgfile" \ || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") test 0 -eq $? || _lt_function_replace_fail=: sed -e '/^func_split_long_opt ()$/,/^} # func_split_long_opt /c\ func_split_long_opt ()\ {\ \ func_split_long_opt_name=${1%%=*}\ \ func_split_long_opt_arg=${1#*=}\ } # Extended-shell func_split_long_opt implementation' "$cfgfile" > $cfgfile.tmp \ && mv -f "$cfgfile.tmp" "$cfgfile" \ || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") test 0 -eq $? || _lt_function_replace_fail=: sed -e '/^func_split_short_opt ()$/,/^} # func_split_short_opt /c\ func_split_short_opt ()\ {\ \ func_split_short_opt_arg=${1#??}\ \ func_split_short_opt_name=${1%"$func_split_short_opt_arg"}\ } # Extended-shell func_split_short_opt implementation' "$cfgfile" > $cfgfile.tmp \ && mv -f "$cfgfile.tmp" "$cfgfile" \ || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") test 0 -eq $? || _lt_function_replace_fail=: sed -e '/^func_lo2o ()$/,/^} # func_lo2o /c\ func_lo2o ()\ {\ \ case ${1} in\ \ *.lo) func_lo2o_result=${1%.lo}.${objext} ;;\ \ *) func_lo2o_result=${1} ;;\ \ esac\ } # Extended-shell func_lo2o implementation' "$cfgfile" > $cfgfile.tmp \ && mv -f "$cfgfile.tmp" "$cfgfile" \ || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") test 0 -eq $? || _lt_function_replace_fail=: sed -e '/^func_xform ()$/,/^} # func_xform /c\ func_xform ()\ {\ func_xform_result=${1%.*}.lo\ } # Extended-shell func_xform implementation' "$cfgfile" > $cfgfile.tmp \ && mv -f "$cfgfile.tmp" "$cfgfile" \ || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") test 0 -eq $? || _lt_function_replace_fail=: sed -e '/^func_arith ()$/,/^} # func_arith /c\ func_arith ()\ {\ func_arith_result=$(( $* ))\ } # Extended-shell func_arith implementation' "$cfgfile" > $cfgfile.tmp \ && mv -f "$cfgfile.tmp" "$cfgfile" \ || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") test 0 -eq $? || _lt_function_replace_fail=: sed -e '/^func_len ()$/,/^} # func_len /c\ func_len ()\ {\ func_len_result=${#1}\ } # Extended-shell func_len implementation' "$cfgfile" > $cfgfile.tmp \ && mv -f "$cfgfile.tmp" "$cfgfile" \ || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") test 0 -eq $? || _lt_function_replace_fail=: fi if test x"$lt_shell_append" = xyes; then sed -e '/^func_append ()$/,/^} # func_append /c\ func_append ()\ {\ eval "${1}+=\\${2}"\ } # Extended-shell func_append implementation' "$cfgfile" > $cfgfile.tmp \ && mv -f "$cfgfile.tmp" "$cfgfile" \ || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") test 0 -eq $? || _lt_function_replace_fail=: sed -e '/^func_append_quoted ()$/,/^} # func_append_quoted /c\ func_append_quoted ()\ {\ \ func_quote_for_eval "${2}"\ \ eval "${1}+=\\\\ \\$func_quote_for_eval_result"\ } # Extended-shell func_append_quoted implementation' "$cfgfile" > $cfgfile.tmp \ && mv -f "$cfgfile.tmp" "$cfgfile" \ || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") test 0 -eq $? || _lt_function_replace_fail=: # Save a `func_append' function call where possible by direct use of '+=' sed -e 's%func_append \([a-zA-Z_]\{1,\}\) "%\1+="%g' $cfgfile > $cfgfile.tmp \ && mv -f "$cfgfile.tmp" "$cfgfile" \ || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") test 0 -eq $? || _lt_function_replace_fail=: else # Save a `func_append' function call even when '+=' is not available sed -e 's%func_append \([a-zA-Z_]\{1,\}\) "%\1="$\1%g' $cfgfile > $cfgfile.tmp \ && mv -f "$cfgfile.tmp" "$cfgfile" \ || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") test 0 -eq $? || _lt_function_replace_fail=: fi if test x"$_lt_function_replace_fail" = x":"; then { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Unable to substitute extended shell functions in $ofile" >&5 $as_echo "$as_me: WARNING: Unable to substitute extended shell functions in $ofile" >&2;} fi mv -f "$cfgfile" "$ofile" || (rm -f "$ofile" && cp "$cfgfile" "$ofile" && rm -f "$cfgfile") chmod +x "$ofile" ;; esac done # for ac_tag as_fn_exit 0 _ACEOF ac_clean_files=$ac_clean_files_save test $ac_write_fail = 0 || as_fn_error $? "write failure creating $CONFIG_STATUS" "$LINENO" 5 # configure is writing to config.log, and then calls config.status. # config.status does its own redirection, appending to config.log. # Unfortunately, on DOS this fails, as config.log is still kept open # by configure, so config.status won't be able to write to it; its # output is simply discarded. So we exec the FD to /dev/null, # effectively closing config.log, so it can be properly (re)opened and # appended to by config.status. When coming back to configure, we # need to make the FD available again. if test "$no_create" != yes; then ac_cs_success=: ac_config_status_args= test "$silent" = yes && ac_config_status_args="$ac_config_status_args --quiet" exec 5>/dev/null $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false exec 5>>config.log # Use ||, not &&, to avoid exiting from the if with $? = 1, which # would make configure fail if this is the last instruction. $ac_cs_success || as_fn_exit 1 fi if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5 $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;} fi myproxy-6.2.16/voms_utils.h0000644000175100017510000000130614557142036012644 00000000000000 #ifndef __VOMS_UTILS_H_ #define __VOMS_UTILS_H_ #include #include #include #include #include #include #include #include #include #include #include /* * get_vomses() * * Returns the vomses line for specified path. * Returns the pointer to vomses line if succeeded, NULL otherwise. */ char **get_vomses(const char *path); /* * has_voms_extension() * * Returns 1 if specified file has VOMS extension. * Returns 0 if specified file has no VOMS extension. * Returns -1 if error occurred. */ int has_voms_extension(const char *certfilepath); #endif myproxy-6.2.16/etc.init.d.myproxy.nonroot0000755000175100017510000000034614557142036015402 00000000000000#!/bin/sh # # SysV-style boot script for MyProxy server non-root installation # # chkconfig: 345 99 06 # description: MyProxy online credential repository ACCOUNT=myproxy INIT=/usr/local/etc/myproxy.init su $ACCOUNT -c "$INIT $*" myproxy-6.2.16/plugin_common.c0000644000175100017510000006115014557142036013304 00000000000000#ifdef BUILD_GSSAPI_PLUGIN /* Generic SASL plugin utility functions * Rob Siemborski * $Id: plugin_common.c,v 1.20 2004/06/23 18:43:37 rjs3 Exp $ */ /* * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The name "Carnegie Mellon University" must not be used to * endorse or promote products derived from this software without * prior written permission. For permission or any other legal * details, please contact * Office of Technology Transfer * Carnegie Mellon University * 5000 Forbes Avenue * Pittsburgh, PA 15213-3890 * (412) 268-4387, fax: (412) 268-7395 * tech-transfer@andrew.cmu.edu * * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Computing Services * at Carnegie Mellon University (http://www.cmu.edu/computing/)." * * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #ifndef macintosh #ifdef WIN32 # include #else # include # include # include # include # include # include # include #endif /* WIN32 */ #endif /* macintosh */ #ifdef HAVE_UNISTD_H #include #endif #include #include #include #include #include #include #include #include #ifdef HAVE_INTTYPES_H #include #endif #include "plugin_common.h" /* translate IPv4 mapped IPv6 address to IPv4 address */ static void sockaddr_unmapped( #ifdef IN6_IS_ADDR_V4MAPPED struct sockaddr *sa, socklen_t *len #else struct sockaddr *sa __attribute__((unused)), socklen_t *len __attribute__((unused)) #endif ) { #ifdef IN6_IS_ADDR_V4MAPPED struct sockaddr_in6 *sin6; struct sockaddr_in *sin4; uint32_t addr; int port; if (sa->sa_family != AF_INET6) return; sin6 = (struct sockaddr_in6 *)sa; if (!IN6_IS_ADDR_V4MAPPED((&sin6->sin6_addr))) return; sin4 = (struct sockaddr_in *)sa; addr = *(uint32_t *)&sin6->sin6_addr.s6_addr[12]; port = sin6->sin6_port; memset(sin4, 0, sizeof(struct sockaddr_in)); sin4->sin_addr.s_addr = addr; sin4->sin_port = port; sin4->sin_family = AF_INET; #ifdef HAVE_SOCKADDR_SA_LEN sin4->sin_len = sizeof(struct sockaddr_in); #endif *len = sizeof(struct sockaddr_in); #else return; #endif } int _plug_ipfromstring(const sasl_utils_t *utils, const char *addr, struct sockaddr *out, socklen_t outlen) { int i, j; socklen_t len; struct sockaddr_storage ss; struct addrinfo hints, *ai = NULL; char hbuf[NI_MAXHOST]; if(!utils || !addr || !out) { if(utils) PARAMERROR( utils ); return SASL_BADPARAM; } /* Parse the address */ for (i = 0; addr[i] != '\0' && addr[i] != ';'; i++) { if (i >= NI_MAXHOST) { if(utils) PARAMERROR( utils ); return SASL_BADPARAM; } hbuf[i] = addr[i]; } hbuf[i] = '\0'; if (addr[i] == ';') i++; /* XXX/FIXME: Do we need this check? */ for (j = i; addr[j] != '\0'; j++) if (!isdigit((int)(addr[j]))) { PARAMERROR( utils ); return SASL_BADPARAM; } memset(&hints, 0, sizeof(hints)); hints.ai_family = PF_UNSPEC; hints.ai_socktype = SOCK_STREAM; hints.ai_flags = AI_PASSIVE | AI_NUMERICHOST; if (getaddrinfo(hbuf, &addr[i], &hints, &ai) != 0) { PARAMERROR( utils ); return SASL_BADPARAM; } len = ai->ai_addrlen; memcpy(&ss, ai->ai_addr, len); freeaddrinfo(ai); sockaddr_unmapped((struct sockaddr *)&ss, &len); if (outlen < len) { PARAMERROR( utils ); return SASL_BUFOVER; } memcpy(out, &ss, len); return SASL_OK; } int _plug_iovec_to_buf(const sasl_utils_t *utils, const struct iovec *vec, unsigned numiov, buffer_info_t **output) { unsigned i; int ret; buffer_info_t *out; char *pos; if(!utils || !vec || !output) { if(utils) PARAMERROR( utils ); return SASL_BADPARAM; } if(!(*output)) { *output = utils->malloc(sizeof(buffer_info_t)); if(!*output) { MEMERROR(utils); return SASL_NOMEM; } memset(*output,0,sizeof(buffer_info_t)); } out = *output; out->curlen = 0; for(i=0; icurlen += vec[i].iov_len; ret = _plug_buf_alloc(utils, &out->data, &out->reallen, out->curlen); if(ret != SASL_OK) { MEMERROR(utils); return SASL_NOMEM; } memset(out->data, 0, out->reallen); pos = out->data; for(i=0; imalloc(newlen); if (*rwbuf == NULL) { *curlen = 0; MEMERROR(utils); return SASL_NOMEM; } *curlen = newlen; } else if(*rwbuf && *curlen < newlen) { size_t needed = 2*(*curlen); while(needed < newlen) needed *= 2; *rwbuf = utils->realloc(*rwbuf, needed); if (*rwbuf == NULL) { *curlen = 0; MEMERROR(utils); return SASL_NOMEM; } *curlen = needed; } return SASL_OK; } /* copy a string */ int _plug_strdup(const sasl_utils_t * utils, const char *in, char **out, int *outlen) { size_t len = strlen(in); if(!utils || !in || !out) { if(utils) PARAMERROR(utils); return SASL_BADPARAM; } *out = utils->malloc(len + 1); if (!*out) { MEMERROR(utils); return SASL_NOMEM; } strcpy((char *) *out, in); if (outlen) *outlen = len; return SASL_OK; } void _plug_free_string(const sasl_utils_t *utils, char **str) { size_t len; if (!utils || !str || !(*str)) return; len = strlen(*str); utils->erasebuffer(*str, len); utils->free(*str); *str=NULL; } void _plug_free_secret(const sasl_utils_t *utils, sasl_secret_t **secret) { if(!utils || !secret || !(*secret)) return; utils->erasebuffer((char *)(*secret)->data, (*secret)->len); utils->free(*secret); *secret = NULL; } /* * Trys to find the prompt with the lookingfor id in the prompt list * Returns it if found. NULL otherwise */ sasl_interact_t *_plug_find_prompt(sasl_interact_t **promptlist, unsigned int lookingfor) { sasl_interact_t *prompt; if (promptlist && *promptlist) { for (prompt = *promptlist; prompt->id != SASL_CB_LIST_END; ++prompt) { if (prompt->id==lookingfor) return prompt; } } return NULL; } /* * Retrieve the simple string given by the callback id. */ int _plug_get_simple(const sasl_utils_t *utils, unsigned int id, int required, const char **result, sasl_interact_t **prompt_need) { int ret = SASL_FAIL; sasl_getsimple_t *simple_cb; void *simple_context; sasl_interact_t *prompt; *result = NULL; /* see if we were given the result in the prompt */ prompt = _plug_find_prompt(prompt_need, id); if (prompt != NULL) { /* We prompted, and got.*/ if (required && !prompt->result) { SETERROR(utils, "Unexpectedly missing a prompt result"); return SASL_BADPARAM; } *result = prompt->result; return SASL_OK; } /* Try to get the callback... */ ret = utils->getcallback(utils->conn, id, (int (**)(void)) (&simple_cb), &simple_context); if (ret == SASL_FAIL && !required) return SASL_OK; if (ret == SASL_OK && simple_cb) { ret = simple_cb(simple_context, id, result, NULL); if (ret != SASL_OK) return ret; if (required && !*result) { PARAMERROR(utils); return SASL_BADPARAM; } } return ret; } /* * Retrieve the user password. */ int _plug_get_password(const sasl_utils_t *utils, sasl_secret_t **password, unsigned int *iscopy, sasl_interact_t **prompt_need) { int ret = SASL_FAIL; sasl_getsecret_t *pass_cb; void *pass_context; sasl_interact_t *prompt; *password = NULL; *iscopy = 0; /* see if we were given the password in the prompt */ prompt = _plug_find_prompt(prompt_need, SASL_CB_PASS); if (prompt != NULL) { /* We prompted, and got.*/ if (!prompt->result) { SETERROR(utils, "Unexpectedly missing a prompt result"); return SASL_BADPARAM; } /* copy what we got into a secret_t */ *password = (sasl_secret_t *) utils->malloc(sizeof(sasl_secret_t) + prompt->len + 1); if (!*password) { MEMERROR(utils); return SASL_NOMEM; } (*password)->len=prompt->len; memcpy((*password)->data, prompt->result, prompt->len); (*password)->data[(*password)->len]=0; *iscopy = 1; return SASL_OK; } /* Try to get the callback... */ ret = utils->getcallback(utils->conn, SASL_CB_PASS, (int (**)(void)) (&pass_cb), &pass_context); if (ret == SASL_OK && pass_cb) { ret = pass_cb(utils->conn, pass_context, SASL_CB_PASS, password); if (ret != SASL_OK) return ret; if (!*password) { PARAMERROR(utils); return SASL_BADPARAM; } } return ret; } /* * Retrieve the string given by the challenge prompt id. */ int _plug_challenge_prompt(const sasl_utils_t *utils, unsigned int id, const char *challenge, const char *promptstr, const char **result, sasl_interact_t **prompt_need) { int ret = SASL_FAIL; sasl_chalprompt_t *chalprompt_cb; void *chalprompt_context; sasl_interact_t *prompt; *result = NULL; /* see if we were given the password in the prompt */ prompt = _plug_find_prompt(prompt_need, id); if (prompt != NULL) { /* We prompted, and got.*/ if (!prompt->result) { SETERROR(utils, "Unexpectedly missing a prompt result"); return SASL_BADPARAM; } *result = prompt->result; return SASL_OK; } /* Try to get the callback... */ ret = utils->getcallback(utils->conn, id, (int (**)(void)) (&chalprompt_cb), &chalprompt_context); if (ret == SASL_OK && chalprompt_cb) { ret = chalprompt_cb(chalprompt_context, id, challenge, promptstr, NULL, result, NULL); if (ret != SASL_OK) return ret; if (!*result) { PARAMERROR(utils); return SASL_BADPARAM; } } return ret; } /* * Retrieve the client realm. */ int _plug_get_realm(const sasl_utils_t *utils, const char **availrealms, const char **realm, sasl_interact_t **prompt_need) { int ret = SASL_FAIL; sasl_getrealm_t *realm_cb; void *realm_context; sasl_interact_t *prompt; *realm = NULL; /* see if we were given the result in the prompt */ prompt = _plug_find_prompt(prompt_need, SASL_CB_GETREALM); if (prompt != NULL) { /* We prompted, and got.*/ if (!prompt->result) { SETERROR(utils, "Unexpectedly missing a prompt result"); return SASL_BADPARAM; } *realm = prompt->result; return SASL_OK; } /* Try to get the callback... */ ret = utils->getcallback(utils->conn, SASL_CB_GETREALM, (int (**)(void)) (&realm_cb), &realm_context); if (ret == SASL_OK && realm_cb) { ret = realm_cb(realm_context, SASL_CB_GETREALM, availrealms, realm); if (ret != SASL_OK) return ret; if (!*realm) { PARAMERROR(utils); return SASL_BADPARAM; } } return ret; } /* * Make the requested prompts. (prompt==NULL means we don't want it) */ int _plug_make_prompts(const sasl_utils_t *utils, sasl_interact_t **prompts_res, const char *user_prompt, const char *user_def, const char *auth_prompt, const char *auth_def, const char *pass_prompt, const char *pass_def, const char *echo_chal, const char *echo_prompt, const char *echo_def, const char *realm_chal, const char *realm_prompt, const char *realm_def) { int num = 1; int alloc_size; sasl_interact_t *prompts; if (user_prompt) num++; if (auth_prompt) num++; if (pass_prompt) num++; if (echo_prompt) num++; if (realm_prompt) num++; if (num == 1) { SETERROR( utils, "make_prompts() called with no actual prompts" ); return SASL_FAIL; } alloc_size = sizeof(sasl_interact_t)*num; prompts = utils->malloc(alloc_size); if (!prompts) { MEMERROR( utils ); return SASL_NOMEM; } memset(prompts, 0, alloc_size); *prompts_res = prompts; if (user_prompt) { (prompts)->id = SASL_CB_USER; (prompts)->challenge = "Authorization Name"; (prompts)->prompt = user_prompt; (prompts)->defresult = user_def; prompts++; } if (auth_prompt) { (prompts)->id = SASL_CB_AUTHNAME; (prompts)->challenge = "Authentication Name"; (prompts)->prompt = auth_prompt; (prompts)->defresult = auth_def; prompts++; } if (pass_prompt) { (prompts)->id = SASL_CB_PASS; (prompts)->challenge = "Password"; (prompts)->prompt = pass_prompt; (prompts)->defresult = pass_def; prompts++; } if (echo_prompt) { (prompts)->id = SASL_CB_ECHOPROMPT; (prompts)->challenge = echo_chal; (prompts)->prompt = echo_prompt; (prompts)->defresult = echo_def; prompts++; } if (realm_prompt) { (prompts)->id = SASL_CB_GETREALM; (prompts)->challenge = realm_chal; (prompts)->prompt = realm_prompt; (prompts)->defresult = realm_def; prompts++; } /* add the ending one */ (prompts)->id = SASL_CB_LIST_END; (prompts)->challenge = NULL; (prompts)->prompt = NULL; (prompts)->defresult = NULL; return SASL_OK; } void _plug_decode_init(decode_context_t *text, const sasl_utils_t *utils, unsigned int in_maxbuf) { memset(text, 0, sizeof(decode_context_t)); text->utils = utils; text->needsize = 4; text->in_maxbuf = in_maxbuf; } /* * Decode as much of the input as possible (possibly none), * using decode_pkt() to decode individual packets. */ int _plug_decode(decode_context_t *text, const char *input, unsigned inputlen, char **output, /* output buffer */ unsigned *outputsize, /* current size of output buffer */ unsigned *outputlen, /* length of data in output buffer */ int (*decode_pkt)(void *rock, const char *input, unsigned inputlen, char **output, unsigned *outputlen), void *rock) { unsigned int tocopy; unsigned diff; char *tmp; unsigned tmplen; int ret; *outputlen = 0; while (inputlen) { /* more input */ if (text->needsize) { /* need to get the rest of the 4-byte size */ /* copy as many bytes (up to 4) as we have into size buffer */ tocopy = (inputlen > text->needsize) ? text->needsize : inputlen; memcpy(text->sizebuf + 4 - text->needsize, input, tocopy); text->needsize -= tocopy; input += tocopy; inputlen -= tocopy; if (!text->needsize) { /* we have the entire 4-byte size */ memcpy(&(text->size), text->sizebuf, 4); text->size = ntohl(text->size); if (!text->size) /* should never happen */ return SASL_FAIL; if (text->size > text->in_maxbuf) { text->utils->log(NULL, SASL_LOG_ERR, "encoded packet size too big (%d > %d)", text->size, text->in_maxbuf); return SASL_FAIL; } if (!text->buffer) text->buffer = text->utils->malloc(text->in_maxbuf); if (text->buffer == NULL) return SASL_NOMEM; text->cursize = 0; } else { /* We do NOT have the entire 4-byte size... * wait for more data */ return SASL_OK; } } diff = text->size - text->cursize; /* bytes needed for full packet */ if (inputlen < diff) { /* not a complete packet, need more input */ memcpy(text->buffer + text->cursize, input, inputlen); text->cursize += inputlen; return SASL_OK; } /* copy the rest of the packet */ memcpy(text->buffer + text->cursize, input, diff); input += diff; inputlen -= diff; /* decode the packet (no need to free tmp) */ ret = decode_pkt(rock, text->buffer, text->size, &tmp, &tmplen); if (ret != SASL_OK) return ret; /* append the decoded packet to the output */ ret = _plug_buf_alloc(text->utils, output, outputsize, *outputlen + tmplen + 1); /* +1 for NUL */ if (ret != SASL_OK) return ret; memcpy(*output + *outputlen, tmp, tmplen); *outputlen += tmplen; /* protect stupid clients */ *(*output + *outputlen) = '\0'; /* reset for the next packet */ text->needsize = 4; } return SASL_OK; } void _plug_decode_free(decode_context_t *text) { if (text->buffer) text->utils->free(text->buffer); } /* returns the realm we should pretend to be in */ int _plug_parseuser(const sasl_utils_t *utils, char **user, char **realm, const char *user_realm, const char *serverFQDN, const char *input) { int ret; char *r; if(!user || !serverFQDN) { PARAMERROR( utils ); return SASL_BADPARAM; } r = strchr(input, '@'); if (!r) { /* hmmm, the user didn't specify a realm */ if(user_realm && user_realm[0]) { ret = _plug_strdup(utils, user_realm, realm, NULL); } else { /* Default to serverFQDN */ ret = _plug_strdup(utils, serverFQDN, realm, NULL); } if (ret == SASL_OK) { ret = _plug_strdup(utils, input, user, NULL); } } else { r++; ret = _plug_strdup(utils, r, realm, NULL); *--r = '\0'; *user = utils->malloc(r - input + 1); if (*user) { strncpy(*user, input, r - input +1); } else { MEMERROR( utils ); ret = SASL_NOMEM; } *r = '@'; } return ret; } int _plug_make_fulluser(const sasl_utils_t *utils, char **fulluser, const char * useronly, const char *realm) { if(!fulluser || !useronly || !realm) { PARAMERROR( utils ); return (SASL_BADPARAM); } *fulluser = utils->malloc (strlen(useronly) + strlen(realm) + 2); if (*fulluser == NULL) { MEMERROR( utils ); return (SASL_NOMEM); } strcpy (*fulluser, useronly); strcat (*fulluser, "@"); strcat (*fulluser, realm); return (SASL_OK); } char * _plug_get_error_message (const sasl_utils_t *utils, #ifdef WIN32 DWORD error #else int error #endif ) { char * return_value; #ifdef WIN32 LPVOID lpMsgBuf; FormatMessage( FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS, NULL, error, MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), /* Default language */ (LPTSTR) &lpMsgBuf, 0, NULL ); if (_plug_strdup (utils, lpMsgBuf, &return_value, NULL) != SASL_OK) { return_value = NULL; } LocalFree( lpMsgBuf ); #else /* !WIN32 */ if (_plug_strdup (utils, strerror(error), &return_value, NULL) != SASL_OK) { return_value = NULL; } #endif /* WIN32 */ return (return_value); } void _plug_snprintf_os_info (char * osbuf, int osbuf_len) { #ifdef WIN32 OSVERSIONINFOEX versioninfo; char *sysname; /* : DWORD dwOSVersionInfoSize; DWORD dwMajorVersion; DWORD dwMinorVersion; DWORD dwBuildNumber; TCHAR szCSDVersion[ 128 ]; //Only NT SP 6 and later WORD wServicePackMajor; WORD wServicePackMinor; WORD wSuiteMask; BYTE wProductType; */ versioninfo.dwOSVersionInfoSize = sizeof (versioninfo); sysname = "Unknown Windows"; if (GetVersionEx ((OSVERSIONINFO *) &versioninfo) == FALSE) { snprintf(osbuf, osbuf_len, "%s", sysname); goto SKIP_OS_INFO; } switch (versioninfo.dwPlatformId) { case VER_PLATFORM_WIN32s: /* Win32s on Windows 3.1 */ sysname = "Win32s on Windows 3.1"; /* I can't test if dwBuildNumber has any meaning on Win32s */ break; case VER_PLATFORM_WIN32_WINDOWS: /* 95/98/ME */ switch (versioninfo.dwMinorVersion) { case 0: sysname = "Windows 95"; break; case 10: sysname = "Windows 98"; break; case 90: sysname = "Windows Me"; break; default: sysname = "Unknown Windows 9X/ME series"; break; } /* Clear the high order word, as it contains major/minor version */ versioninfo.dwBuildNumber &= 0xFFFF; break; case VER_PLATFORM_WIN32_NT: /* NT/2000/XP/.NET */ if (versioninfo.dwMinorVersion > 99) { } else { switch (versioninfo.dwMajorVersion * 100 + versioninfo.dwMinorVersion) { case 351: sysname = "Windows NT 3.51"; break; case 400: sysname = "Windows NT 4.0"; break; case 500: sysname = "Windows 2000"; break; case 501: sysname = "Windows XP/.NET"; /* or Windows .NET Server */ break; default: sysname = "Unknown Windows NT series"; break; } } break; default: break; } snprintf(osbuf, osbuf_len, "%s %s (Build %u)", sysname, versioninfo.szCSDVersion, versioninfo.dwBuildNumber ); SKIP_OS_INFO: ; #else /* !WIN32 */ struct utsname os; uname(&os); snprintf(osbuf, osbuf_len, "%s %s", os.sysname, os.release); #endif /* WIN32 */ } #if defined(WIN32) unsigned int plug_sleep (unsigned int seconds) { long dwSec = seconds*1000; Sleep (dwSec); return 0; } #endif #endif myproxy-6.2.16/myproxy_destroy.c0000644000175100017510000001731114557142036013736 00000000000000/* * myproxy-destroy * * Client program to delete a credential on a myproxy-server */ #include "myproxy_common.h" /* all needed headers included here */ static char usage[] = \ "\n"\ "Syntax: myproxy-destroy [-l username] ...\n"\ " myproxy-destroy [-usage|-help] [-version]\n"\ "\n"\ " Options\n"\ " -h | --help Displays usage\n"\ " -u | --usage \n"\ " \n"\ " -v | --verbose Display debugging messages during execution\n"\ " -V | --version Displays version\n"\ " -l | --username Username for the delegated proxy\n"\ " -s | --pshost Hostname of the myproxy-server\n"\ " -p | --psport # Port of the myproxy-server\n" " -d | --dn_as_username Use the proxy certificate subject\n" " (DN) as the default username,\n" " instead of the LOGNAME env. var.\n" " -k | --credname Specifies credential name.\n" "\n"; struct option long_options[] = { {"help", no_argument, NULL, 'h'}, {"pshost", required_argument, NULL, 's'}, {"psport", required_argument, NULL, 'p'}, {"usage", no_argument, NULL, 'u'}, {"username", required_argument, NULL, 'l'}, {"verbose", no_argument, NULL, 'v'}, {"version", no_argument, NULL, 'V'}, {"dn_as_username", no_argument, NULL, 'd'}, {"credname", required_argument, NULL, 'k'}, {0, 0, 0, 0} }; static char short_options[] = "hus:p:l:vVdk:"; static char version[] = "myproxy-destroy version " MYPROXY_VERSION " (" MYPROXY_VERSION_DATE ") " "\n"; static int dn_as_username = 0; /* Function declarations */ void init_arguments(int argc, char *argv[], myproxy_socket_attrs_t *attrs, myproxy_request_t *request); int main(int argc, char *argv[]) { char *pshost = NULL; char *request_buffer = NULL; int requestlen; int return_value = 1; myproxy_socket_attrs_t *socket_attrs; myproxy_request_t *client_request; myproxy_response_t *server_response; /* check library version */ if (myproxy_check_version()) { fprintf(stderr, "MyProxy library version mismatch.\n" "Expecting %s. Found %s.\n", MYPROXY_VERSION_DATE, myproxy_version(0,0,0)); exit(1); } myproxy_log_use_stream (stderr); socket_attrs = malloc(sizeof(*socket_attrs)); memset(socket_attrs, 0, sizeof(*socket_attrs)); client_request = malloc(sizeof(*client_request)); memset(client_request, 0, sizeof(*client_request)); server_response = malloc(sizeof(*server_response)); memset(server_response, 0, sizeof(*server_response)); /* setup defaults */ client_request->version = malloc(strlen(MYPROXY_VERSION) + 1); strcpy(client_request->version, MYPROXY_VERSION); client_request->command_type = MYPROXY_DESTROY_PROXY; pshost = getenv("MYPROXY_SERVER"); if (pshost != NULL) { socket_attrs->pshost = strdup(pshost); } client_request->proxy_lifetime = 0; if (getenv("MYPROXY_SERVER_PORT")) { socket_attrs->psport = atoi(getenv("MYPROXY_SERVER_PORT")); } else { socket_attrs->psport = MYPROXY_SERVER_PORT; } /* Initialize client arguments and create client request object */ init_arguments(argc, argv, socket_attrs, client_request); /* * We don't need to send the real pass phrase to the server as it * will just use our identity to authenticate and authorize us. * But we need to send over a dummy pass phrase at least * MIN_PASS_PHASE_LEN (currently 6) characters long. */ strncpy(client_request->passphrase, "DUMMY-PASSPHRASE", sizeof(client_request->passphrase)); /* Set up client socket attributes */ if (myproxy_init_client(socket_attrs) < 0) { verror_print_error(stderr); goto cleanup; } /* Authenticate client to server */ if (myproxy_authenticate_init(socket_attrs, NULL /* Default proxy */) < 0) { verror_print_error(stderr); goto cleanup; } if (client_request->username == NULL) { /* set default username */ if (dn_as_username) { if (ssl_get_base_subject_file(NULL, &client_request->username)) { fprintf(stderr, "Cannot get subject name from your certificate\n"); goto cleanup; } } else { char *username = NULL; if (!(username = getenv("LOGNAME"))) { fprintf(stderr, "Please specify a username.\n"); goto cleanup; } client_request->username = strdup(username); } } /* Serialize client request object */ requestlen = myproxy_serialize_request_ex(client_request, &request_buffer); if (requestlen < 0) { verror_print_error(stderr); goto cleanup; } /* Send request to the myproxy-server */ if (myproxy_send(socket_attrs, request_buffer, requestlen) < 0) { verror_print_error(stderr); goto cleanup; } free(request_buffer); request_buffer = NULL; /* Receive a response from the server */ if (myproxy_recv_response_ex(socket_attrs, server_response, client_request) < 0) { verror_print_error(stderr); goto cleanup; } /* Check response */ switch(server_response->response_type) { case MYPROXY_ERROR_RESPONSE: fprintf(stderr, "Received error from server: %s\n", server_response->error_string); goto cleanup; case MYPROXY_OK_RESPONSE: if (client_request->credname) { printf("MyProxy credential '%s' for user %s was successfully removed.\n", client_request->credname, client_request->username); } else { printf("Default MyProxy credential for user %s was successfully removed.\n", client_request->username); } break; default: fprintf(stderr, "Invalid response type received.\n"); goto cleanup; } return_value = 0; cleanup: /* free memory allocated */ myproxy_free(socket_attrs, client_request, server_response); return return_value; } void init_arguments(int argc, char *argv[], myproxy_socket_attrs_t *attrs, myproxy_request_t *request) { extern char *optarg; int arg; while((arg = getopt_long(argc, argv, short_options, long_options, NULL)) != EOF) { switch(arg) { case 's': /* pshost name */ attrs->pshost = strdup(optarg); break; case 'p': /* psport */ attrs->psport = atoi(optarg); break; case 'u': /* print help and exit */ case 'h': /* print help and exit */ printf("%s", usage); exit(0); break; case 'l': /* username */ request->username = strdup(optarg); break; case 'v': /* verbose */ myproxy_debug_set_level(1); break; case 'V': /* print version and exit */ printf("%s", version); exit(0); break; case 'k': /*credential name*/ request->credname = strdup (optarg); break; case 'd': /* use the certificate subject (DN) as the default username instead of LOGNAME */ dn_as_username = 1; break; default: /* print usage and exit */ fprintf(stderr, "%s", usage); exit(1); break; } } if (optind != argc) { fprintf(stderr, "%s: invalid option -- %s\n", argv[0], argv[optind]); fprintf(stderr, "%s", usage); exit(1); } /* Check to see if myproxy-server specified */ if (attrs->pshost == NULL) { fprintf(stderr, "%s", usage); fprintf(stderr, "Unspecified myproxy-server. Please set the MYPROXY_SERVER environment variable\nor set the myproxy-server hostname via the -s flag.\n"); exit(1); } return; } myproxy-6.2.16/accept_credmap.h0000644000175100017510000000304414557142036013373 00000000000000/* * @file accept_credmap.h * @author Terry Fleury (tfleury@ncsa.uiuc.edu) * @version 3.7 2006-09-15 * * This function is called by myproxy_server.c. When one of * accepted_credentials_mapfile or accepted_credentials_mapapp has been * defined in the config file, we need to check if the userdn / username * combination is valid. If the mapfile is used, then we check if there is * a line containing the userdn and username. If the mapapp is used, then * the call-out should accept the userdn and username as parameters and * return a zero value if that combination is acceptable. Basically, we * want to restrict a credential (which has a particular userdn) to be * stored under a particular username. This function returns 0 upon success * (either the userdn/username was successfully mapped by the mapfile or the * mapapp, or there was no need to consult a mapfile or mapapp) and 1 upon * failure. * * @param userdn The C-string credential user (subject) * distinguished name. * @param username The C-string username for storing the credential. * @param server_context A pointer to the server context for the current * request. * @return 0 upon successful mapping of userdn/username (or if no accepted * credentials map check was necessary), 1 upon failure. */ #ifndef __ACCEPT_CREDMAP_H #define __ACCEPT_CREDMAP_H int accept_credmap( char * userdn, char * username, myproxy_server_context_t * server_context ); #endif /* __ACCEPT_CREDMAP_H */ myproxy-6.2.16/gsi_socket.h0000644000175100017510000002300314557142036012570 00000000000000/* * gsi_socket.h * * Interface for a GSI-protected socket. */ #ifndef __GSI_SOCKET_H #define __GSI_SOCKET_H #include struct _gsi_socket; typedef struct _gsi_socket GSI_SOCKET; /* * Return code for many of the GSI_SOCKET routines: */ #define GSI_SOCKET_SUCCESS 0 #define GSI_SOCKET_ERROR -1 #define GSI_SOCKET_TRUNCATED -2 #define GSI_SOCKET_UNAUTHORIZED -3 #define GSI_SOCKET_UNTRUSTED -4 /* * GSI_SOCKET_new() * * Create a new GSI_SOCKET object for a socket descriptor. * * Returns NULL on memory allocation failure. */ GSI_SOCKET *GSI_SOCKET_new(int sock); /* * GSI_SOCKET_destroy() * * Destroy the GSI_SOCKET object and deallocated all associated * memory. */ void GSI_SOCKET_destroy(GSI_SOCKET *gsi_socket); /* * GSI_SOCKET_get_error_string() * * Fills in buffer with a NUL-terminated string (possibly multi-lined) * describing the last error the occurred with this GSI_SOCKET. * bufferlen should be the size of buffer. It returns the number of * characters actually put into buffer (not including the trailing * NUL). * * If there is no error known of, buffer will be set to a zero-length * string, and zero will be returned. * * If the buffer wasn't big enough and the string was truncated, * -1 will be returned. */ int GSI_SOCKET_get_error_string(GSI_SOCKET *gsi_socket, char *buffer, int buffer_len); /* * GSI_SOCKET_clear_error() * * Clears any error state in the given GSI_SOCKET object. */ void GSI_SOCKET_clear_error(GSI_SOCKET *gsi_socket); /* * GSI_SOCKET_authentication_init() * * Perform the client-side authentication process. * The accepted_peer_names argument must be a NULL terminated array of * acceptable peer names. * * Returns GSI_SOCKET_SUCCESS on success, * GSI_SOCKET_UNAUTHORIZED if server identity doesn't match one of the * acceptable peer names, and GSI_SOCKET_ERROR otherwise. */ int GSI_SOCKET_authentication_init(GSI_SOCKET *gsi_socket, gss_name_t accepted_peer_names[]); /* * GSI_SOCKET_use_creds() * * Use the credentials pointed to by creds for authentication. * The exact contents of creds is mechanism-specific, but is * generally a filename. If creds == NULL, the defaults credentials * should be used. * * Returns GSI_SOCKET_SUCCESS on success, GSI_SOCKET_ERROR otherwise. */ int GSI_SOCKET_use_creds(GSI_SOCKET *gsi_socket, const char *creds); /* * GSI_SOCKET_check_creds() * * Check that valid GSI credentials are available. * * Returns GSI_SOCKET_SUCCESS on success, GSI_SOCKET_ERROR otherwise. */ int GSI_SOCKET_check_creds(GSI_SOCKET *gsi_socket); /* * GSI_SOCKET_authentication_accept() * * Perform the server-side authentication process. * * Returns GSI_SOCKET_SUCCESS on success, GSI_SOCKET_ERROR otherwise. */ int GSI_SOCKET_authentication_accept(GSI_SOCKET *gsi_socket); /* * GSI_SOCKET_get_peer_name() * * Fill in buffer with a string representation of the authenticated * identity of the entity on the other side of the socket. * * If the peer is not identified, returns GSI_SOCKET_ERROR. * * If the buffer is too small and the string is truncated returns * GSI_SOCKET_TRUNCATED. * * Other wise returns the number of characters written into the buffer * (not including the trailing NUL). * */ int GSI_SOCKET_get_peer_name(GSI_SOCKET *gsi_socket, char *buffer, int buffer_len); /* * GSI_SOCKET_get_peer_hostname() * * Returns the hostname of the entity on the other side of the socket * or NULL on error. Returned string should be free()'ed by the caller. * */ char *GSI_SOCKET_get_peer_hostname(GSI_SOCKET *gsi_socket); /* * GSI_SOCKET_get_peer_fqans() * * Returns a NULL terminated list of the client's FQAN's (full quolified * attribute names). * */ int GSI_SOCKET_get_peer_fqans(GSI_SOCKET *gsi_socket, char ***fqans); /* * GSI_SOCKET_write_buffer() * * Write the given buffer to the peer. If authentication has been done, * the buffer will be protected via the GSI. * * Returns GSI_SOCKET_SUCCESS on success, GSI_SOCKET_ERROR otherwise. */ int GSI_SOCKET_write_buffer(GSI_SOCKET *gsi_socket, const char *buffer, size_t buffer_len); /* * GSI_SOCKET_read_token() * * Read a token from the peer. If authentication has been done, * the buffer will be protected via the GSI. * * buffer will be set to point to an allocated buffer that should * be freed with GSI_SOCKET_free_token(). buffer_len will be * set to the length of the buffer. * * Returns GSI_SOCKET_SUCCESS or GSI_SOCKET_ERROR. */ int GSI_SOCKET_read_token(GSI_SOCKET *gsi_socket, unsigned char **buffer, size_t *buffer_len); /* * GSI_SOCKET_free_token() * * Free a token returned by GSI_SOCKET_read_token(). */ void GSI_SOCKET_free_token(unsigned char *buffer); /* * GSI_SOCKET_delegation_init_ext() * * Delegate credentials to the peer. * * source_credentials should be a string specifying the location * of the credentials to delegate. This is mechanism specific, * but typically a file path. If NULL, the default credentials for * the current context will be used. * * lifetime should be the lifetime of the delegated credentials * in seconds. A value of GSI_SOCKET_DELEGATION_LIFETIME_MAXIMUM * indicates that the longest possible lifetime should be delegated. * * passphrase is the passphrase set for the source_credentials. * NULL if no passphrase is set. * * Returns GSI_SOCKET_SUCCESS success, GSI_SOCKET_ERROR otherwise. */ int GSI_SOCKET_delegation_init_ext(GSI_SOCKET *gsi_socket, const char *source_credentials, int lifetime, const char *passphrase); /* * Values for GSI_SOCKET_DELEGATION_init() flags: */ #define GSI_SOCKET_DELEGATION_FLAGS_DEFAULT 0x0000 /* * Values for GSI_SOCKET_DELEGATION_init() lifetime: */ #define GSI_SOCKET_DELEGATION_LIFETIME_MAXIMUM 0x0000 /* * Valyes for GSI_SOCKET_DELEGATION_init() restrictions: */ #define GSI_SOCKET_DELEGATION_RESTRICTIONS_DEFAULT NULL /* * GSI_SOCKET_delegation_accept() * * Accept delegated credentials from the peer. * * Return an allocated buffer with the given proxy encoded in PEM format. * The private key is encrypted with passphrase if provided (can be NULL). * * Returns GSI_SOCKET_SUCCESS on success, GSI_SOCKET_ERROR otherwise. */ int GSI_SOCKET_delegation_accept(GSI_SOCKET *gsi_socket, unsigned char **delegated_credentials, int *delegated_credentials_len, char *passphrase); /* * GSI_SOCKET_delegation_accept_ext() * * Accept delegated credentials from the peer. * * delegated_credentials will be filled in with the location of * the delegated credentials. This is mechanism-specific but * probably a file path. * * passphrase is an optional passphrase to use to encrypt the * delegated credentials. May be NULL. * * Returns GSI_SOCKET_SUCCESS on success, GSI_SOCKET_ERROR otherwise. */ int GSI_SOCKET_delegation_accept_ext(GSI_SOCKET *gsi_socket, char *delegated_credentials, int delegated_credentials_len, char *passphrase); /* * GSI_SOCKET_delegation_set_certreq() * * Specify the location of a PEM-encoded certificate request to be * used when accepting delegation via GSI_SOCKET_delegation_accept() * or GSI_SOCKET_delegation_accept_ext(), rather than generating a new * keypair and certificate request as part of delegation. * * Returns GSI_SOCKET_SUCCESS or GSI_SOCKET_ERROR. */ int GSI_SOCKET_delegation_set_certreq(GSI_SOCKET *gsi_socket, char *certreq); /* * GSI_SOCKET_credentials_accept_ext() * * Accept credentials from the peer. * * delegated_credentials will be filled in with the location of * the delegated credentials. This is mechanism-specific but * probably a file path. * * Returns GSI_SOCKET_SUCCESS on success, GSI_SOCKET_ERROR otherwise. */ int GSI_SOCKET_credentials_accept_ext(GSI_SOCKET *self, char *credentials, int credentials_len); int GSI_SOCKET_get_creds(GSI_SOCKET *self, const char *source_credentials); int GSI_SOCKET_credentials_init_ext(GSI_SOCKET *self, const char *source_credentials); /* * GSI_SOCKET_allow_anonymous() * * If value=1, allow anonymous GSSAPI/SSL authentication. * Otherwise, the client must have a valid GSSAPI/SSL credential. * Default is to *not* allow anonymous authentication. * */ int GSI_SOCKET_allow_anonymous(GSI_SOCKET *self, const int value); /* * GSI_SOCKET_peer_used_limited_proxy() * * Returns 1 if peer used a limited proxy, 0 otherwise. * */ int GSI_SOCKET_peer_used_limited_proxy(GSI_SOCKET *self); /* * GSI_SOCKET_set_peer_limited_proxy() * * Set the peer's limited proxy flag (1 if yes, 0 if no). * Used when secondary authentication used a limited proxy * and so limited proxy policies should apply. * */ int GSI_SOCKET_set_peer_limited_proxy(GSI_SOCKET *self, int flag); /* * GSI_SOCKET_set_max_token_len() * * Set the maximum size of accepted incoming tokens (in bytes). * No limit is enforced by default. * A zero or negative value disables the limit. */ int GSI_SOCKET_set_max_token_len(GSI_SOCKET *self, int bytes); /* * GSI_SOCKET_context_established() * * Returns 1 if the socket's secure context has been established via * GSI_SOCKET_authentication_init() or * GSI_SOCKET_authentication_accept(). Returns 0 otherwise. * */ int GSI_SOCKET_context_established(GSI_SOCKET *self); /* * GSI_SOCKET_get_errno() * * Returns saved errno if the socket exists. Otherwise returns 0. * */ int GSI_SOCKET_get_errno(GSI_SOCKET *self); #endif /* !__GSI_SOCKET_H */ myproxy-6.2.16/build-aux/0000755000175100017510000000000014557145304012242 500000000000000myproxy-6.2.16/build-aux/config.guess0000755000175100017510000013036114557142526014511 00000000000000#! /bin/sh # Attempt to guess a canonical system name. # Copyright 1992-2013 Free Software Foundation, Inc. timestamp='2013-06-10' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, see . # # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under # the same distribution terms that you use for the rest of that # program. This Exception is an additional permission under section 7 # of the GNU General Public License, version 3 ("GPLv3"). # # Originally written by Per Bothner. # # You can get the latest version of this script from: # http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD # # Please send patches with a ChangeLog entry to config-patches@gnu.org. me=`echo "$0" | sed -e 's,.*/,,'` usage="\ Usage: $0 [OPTION] Output the configuration name of the system \`$me' is run on. Operation modes: -h, --help print this help, then exit -t, --time-stamp print date of last modification, then exit -v, --version print version number, then exit Report bugs and patches to ." version="\ GNU config.guess ($timestamp) Originally written by Per Bothner. Copyright 1992-2013 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." help=" Try \`$me --help' for more information." # Parse command line while test $# -gt 0 ; do case $1 in --time-stamp | --time* | -t ) echo "$timestamp" ; exit ;; --version | -v ) echo "$version" ; exit ;; --help | --h* | -h ) echo "$usage"; exit ;; -- ) # Stop option processing shift; break ;; - ) # Use stdin as input. break ;; -* ) echo "$me: invalid option $1$help" >&2 exit 1 ;; * ) break ;; esac done if test $# != 0; then echo "$me: too many arguments$help" >&2 exit 1 fi trap 'exit 1' 1 2 15 # CC_FOR_BUILD -- compiler used by this script. Note that the use of a # compiler to aid in system detection is discouraged as it requires # temporary files to be created and, as you can see below, it is a # headache to deal with in a portable fashion. # Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still # use `HOST_CC' if defined, but it is deprecated. # Portable tmp directory creation inspired by the Autoconf team. set_cc_for_build=' trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ; trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ; : ${TMPDIR=/tmp} ; { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } || { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } || { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } || { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ; dummy=$tmp/dummy ; tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ; case $CC_FOR_BUILD,$HOST_CC,$CC in ,,) echo "int x;" > $dummy.c ; for c in cc gcc c89 c99 ; do if ($c -c -o $dummy.o $dummy.c) >/dev/null 2>&1 ; then CC_FOR_BUILD="$c"; break ; fi ; done ; if test x"$CC_FOR_BUILD" = x ; then CC_FOR_BUILD=no_compiler_found ; fi ;; ,,*) CC_FOR_BUILD=$CC ;; ,*,*) CC_FOR_BUILD=$HOST_CC ;; esac ; set_cc_for_build= ;' # This is needed to find uname on a Pyramid OSx when run in the BSD universe. # (ghazi@noc.rutgers.edu 1994-08-24) if (test -f /.attbin/uname) >/dev/null 2>&1 ; then PATH=$PATH:/.attbin ; export PATH fi UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown case "${UNAME_SYSTEM}" in Linux|GNU|GNU/*) # If the system lacks a compiler, then just pick glibc. # We could probably try harder. LIBC=gnu eval $set_cc_for_build cat <<-EOF > $dummy.c #include #if defined(__UCLIBC__) LIBC=uclibc #elif defined(__dietlibc__) LIBC=dietlibc #else LIBC=gnu #endif EOF eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC'` ;; esac # Note: order is significant - the case branches are not exclusive. case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in *:NetBSD:*:*) # NetBSD (nbsd) targets should (where applicable) match one or # more of the tuples: *-*-netbsdelf*, *-*-netbsdaout*, # *-*-netbsdecoff* and *-*-netbsd*. For targets that recently # switched to ELF, *-*-netbsd* would select the old # object file format. This provides both forward # compatibility and a consistent mechanism for selecting the # object file format. # # Note: NetBSD doesn't particularly care about the vendor # portion of the name. We always set it to "unknown". sysctl="sysctl -n hw.machine_arch" UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \ /usr/sbin/$sysctl 2>/dev/null || echo unknown)` case "${UNAME_MACHINE_ARCH}" in armeb) machine=armeb-unknown ;; arm*) machine=arm-unknown ;; sh3el) machine=shl-unknown ;; sh3eb) machine=sh-unknown ;; sh5el) machine=sh5le-unknown ;; *) machine=${UNAME_MACHINE_ARCH}-unknown ;; esac # The Operating System including object format, if it has switched # to ELF recently, or will in the future. case "${UNAME_MACHINE_ARCH}" in arm*|i386|m68k|ns32k|sh3*|sparc|vax) eval $set_cc_for_build if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \ | grep -q __ELF__ then # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout). # Return netbsd for either. FIX? os=netbsd else os=netbsdelf fi ;; *) os=netbsd ;; esac # The OS release # Debian GNU/NetBSD machines have a different userland, and # thus, need a distinct triplet. However, they do not need # kernel version information, so it can be replaced with a # suitable tag, in the style of linux-gnu. case "${UNAME_VERSION}" in Debian*) release='-gnu' ;; *) release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'` ;; esac # Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM: # contains redundant information, the shorter form: # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used. echo "${machine}-${os}${release}" exit ;; *:Bitrig:*:*) UNAME_MACHINE_ARCH=`arch | sed 's/Bitrig.//'` echo ${UNAME_MACHINE_ARCH}-unknown-bitrig${UNAME_RELEASE} exit ;; *:OpenBSD:*:*) UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'` echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE} exit ;; *:ekkoBSD:*:*) echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE} exit ;; *:SolidBSD:*:*) echo ${UNAME_MACHINE}-unknown-solidbsd${UNAME_RELEASE} exit ;; macppc:MirBSD:*:*) echo powerpc-unknown-mirbsd${UNAME_RELEASE} exit ;; *:MirBSD:*:*) echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE} exit ;; alpha:OSF1:*:*) case $UNAME_RELEASE in *4.0) UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'` ;; *5.*) UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'` ;; esac # According to Compaq, /usr/sbin/psrinfo has been available on # OSF/1 and Tru64 systems produced since 1995. I hope that # covers most systems running today. This code pipes the CPU # types through head -n 1, so we only detect the type of CPU 0. ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1` case "$ALPHA_CPU_TYPE" in "EV4 (21064)") UNAME_MACHINE="alpha" ;; "EV4.5 (21064)") UNAME_MACHINE="alpha" ;; "LCA4 (21066/21068)") UNAME_MACHINE="alpha" ;; "EV5 (21164)") UNAME_MACHINE="alphaev5" ;; "EV5.6 (21164A)") UNAME_MACHINE="alphaev56" ;; "EV5.6 (21164PC)") UNAME_MACHINE="alphapca56" ;; "EV5.7 (21164PC)") UNAME_MACHINE="alphapca57" ;; "EV6 (21264)") UNAME_MACHINE="alphaev6" ;; "EV6.7 (21264A)") UNAME_MACHINE="alphaev67" ;; "EV6.8CB (21264C)") UNAME_MACHINE="alphaev68" ;; "EV6.8AL (21264B)") UNAME_MACHINE="alphaev68" ;; "EV6.8CX (21264D)") UNAME_MACHINE="alphaev68" ;; "EV6.9A (21264/EV69A)") UNAME_MACHINE="alphaev69" ;; "EV7 (21364)") UNAME_MACHINE="alphaev7" ;; "EV7.9 (21364A)") UNAME_MACHINE="alphaev79" ;; esac # A Pn.n version is a patched version. # A Vn.n version is a released version. # A Tn.n version is a released field test version. # A Xn.n version is an unreleased experimental baselevel. # 1.2 uses "1.2" for uname -r. echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` # Reset EXIT trap before exiting to avoid spurious non-zero exit code. exitcode=$? trap '' 0 exit $exitcode ;; Alpha\ *:Windows_NT*:*) # How do we know it's Interix rather than the generic POSIX subsystem? # Should we change UNAME_MACHINE based on the output of uname instead # of the specific Alpha model? echo alpha-pc-interix exit ;; 21064:Windows_NT:50:3) echo alpha-dec-winnt3.5 exit ;; Amiga*:UNIX_System_V:4.0:*) echo m68k-unknown-sysv4 exit ;; *:[Aa]miga[Oo][Ss]:*:*) echo ${UNAME_MACHINE}-unknown-amigaos exit ;; *:[Mm]orph[Oo][Ss]:*:*) echo ${UNAME_MACHINE}-unknown-morphos exit ;; *:OS/390:*:*) echo i370-ibm-openedition exit ;; *:z/VM:*:*) echo s390-ibm-zvmoe exit ;; *:OS400:*:*) echo powerpc-ibm-os400 exit ;; arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) echo arm-acorn-riscix${UNAME_RELEASE} exit ;; arm*:riscos:*:*|arm*:RISCOS:*:*) echo arm-unknown-riscos exit ;; SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*) echo hppa1.1-hitachi-hiuxmpp exit ;; Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*) # akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE. if test "`(/bin/universe) 2>/dev/null`" = att ; then echo pyramid-pyramid-sysv3 else echo pyramid-pyramid-bsd fi exit ;; NILE*:*:*:dcosx) echo pyramid-pyramid-svr4 exit ;; DRS?6000:unix:4.0:6*) echo sparc-icl-nx6 exit ;; DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*) case `/usr/bin/uname -p` in sparc) echo sparc-icl-nx7; exit ;; esac ;; s390x:SunOS:*:*) echo ${UNAME_MACHINE}-ibm-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; sun4H:SunOS:5.*:*) echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*) echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; i86pc:AuroraUX:5.*:* | i86xen:AuroraUX:5.*:*) echo i386-pc-auroraux${UNAME_RELEASE} exit ;; i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*) eval $set_cc_for_build SUN_ARCH="i386" # If there is a compiler, see if it is configured for 64-bit objects. # Note that the Sun cc does not turn __LP64__ into 1 like gcc does. # This test works for both compilers. if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \ (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ grep IS_64BIT_ARCH >/dev/null then SUN_ARCH="x86_64" fi fi echo ${SUN_ARCH}-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; sun4*:SunOS:6*:*) # According to config.sub, this is the proper way to canonicalize # SunOS6. Hard to guess exactly what SunOS6 will be like, but # it's likely to be more like Solaris than SunOS4. echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; sun4*:SunOS:*:*) case "`/usr/bin/arch -k`" in Series*|S4*) UNAME_RELEASE=`uname -v` ;; esac # Japanese Language versions have a version number like `4.1.3-JL'. echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'` exit ;; sun3*:SunOS:*:*) echo m68k-sun-sunos${UNAME_RELEASE} exit ;; sun*:*:4.2BSD:*) UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null` test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3 case "`/bin/arch`" in sun3) echo m68k-sun-sunos${UNAME_RELEASE} ;; sun4) echo sparc-sun-sunos${UNAME_RELEASE} ;; esac exit ;; aushp:SunOS:*:*) echo sparc-auspex-sunos${UNAME_RELEASE} exit ;; # The situation for MiNT is a little confusing. The machine name # can be virtually everything (everything which is not # "atarist" or "atariste" at least should have a processor # > m68000). The system name ranges from "MiNT" over "FreeMiNT" # to the lowercase version "mint" (or "freemint"). Finally # the system name "TOS" denotes a system which is actually not # MiNT. But MiNT is downward compatible to TOS, so this should # be no problem. atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*) echo m68k-atari-mint${UNAME_RELEASE} exit ;; atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*) echo m68k-atari-mint${UNAME_RELEASE} exit ;; *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*) echo m68k-atari-mint${UNAME_RELEASE} exit ;; milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*) echo m68k-milan-mint${UNAME_RELEASE} exit ;; hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*) echo m68k-hades-mint${UNAME_RELEASE} exit ;; *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*) echo m68k-unknown-mint${UNAME_RELEASE} exit ;; m68k:machten:*:*) echo m68k-apple-machten${UNAME_RELEASE} exit ;; powerpc:machten:*:*) echo powerpc-apple-machten${UNAME_RELEASE} exit ;; RISC*:Mach:*:*) echo mips-dec-mach_bsd4.3 exit ;; RISC*:ULTRIX:*:*) echo mips-dec-ultrix${UNAME_RELEASE} exit ;; VAX*:ULTRIX*:*:*) echo vax-dec-ultrix${UNAME_RELEASE} exit ;; 2020:CLIX:*:* | 2430:CLIX:*:*) echo clipper-intergraph-clix${UNAME_RELEASE} exit ;; mips:*:*:UMIPS | mips:*:*:RISCos) eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #ifdef __cplusplus #include /* for printf() prototype */ int main (int argc, char *argv[]) { #else int main (argc, argv) int argc; char *argv[]; { #endif #if defined (host_mips) && defined (MIPSEB) #if defined (SYSTYPE_SYSV) printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0); #endif #if defined (SYSTYPE_SVR4) printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0); #endif #if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD) printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0); #endif #endif exit (-1); } EOF $CC_FOR_BUILD -o $dummy $dummy.c && dummyarg=`echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` && SYSTEM_NAME=`$dummy $dummyarg` && { echo "$SYSTEM_NAME"; exit; } echo mips-mips-riscos${UNAME_RELEASE} exit ;; Motorola:PowerMAX_OS:*:*) echo powerpc-motorola-powermax exit ;; Motorola:*:4.3:PL8-*) echo powerpc-harris-powermax exit ;; Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*) echo powerpc-harris-powermax exit ;; Night_Hawk:Power_UNIX:*:*) echo powerpc-harris-powerunix exit ;; m88k:CX/UX:7*:*) echo m88k-harris-cxux7 exit ;; m88k:*:4*:R4*) echo m88k-motorola-sysv4 exit ;; m88k:*:3*:R3*) echo m88k-motorola-sysv3 exit ;; AViiON:dgux:*:*) # DG/UX returns AViiON for all architectures UNAME_PROCESSOR=`/usr/bin/uname -p` if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ] then if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \ [ ${TARGET_BINARY_INTERFACE}x = x ] then echo m88k-dg-dgux${UNAME_RELEASE} else echo m88k-dg-dguxbcs${UNAME_RELEASE} fi else echo i586-dg-dgux${UNAME_RELEASE} fi exit ;; M88*:DolphinOS:*:*) # DolphinOS (SVR3) echo m88k-dolphin-sysv3 exit ;; M88*:*:R3*:*) # Delta 88k system running SVR3 echo m88k-motorola-sysv3 exit ;; XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3) echo m88k-tektronix-sysv3 exit ;; Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD) echo m68k-tektronix-bsd exit ;; *:IRIX*:*:*) echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'` exit ;; ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX. echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id exit ;; # Note that: echo "'`uname -s`'" gives 'AIX ' i*86:AIX:*:*) echo i386-ibm-aix exit ;; ia64:AIX:*:*) if [ -x /usr/bin/oslevel ] ; then IBM_REV=`/usr/bin/oslevel` else IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} fi echo ${UNAME_MACHINE}-ibm-aix${IBM_REV} exit ;; *:AIX:2:3) if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #include main() { if (!__power_pc()) exit(1); puts("powerpc-ibm-aix3.2.5"); exit(0); } EOF if $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` then echo "$SYSTEM_NAME" else echo rs6000-ibm-aix3.2.5 fi elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then echo rs6000-ibm-aix3.2.4 else echo rs6000-ibm-aix3.2 fi exit ;; *:AIX:*:[4567]) IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'` if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then IBM_ARCH=rs6000 else IBM_ARCH=powerpc fi if [ -x /usr/bin/oslevel ] ; then IBM_REV=`/usr/bin/oslevel` else IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} fi echo ${IBM_ARCH}-ibm-aix${IBM_REV} exit ;; *:AIX:*:*) echo rs6000-ibm-aix exit ;; ibmrt:4.4BSD:*|romp-ibm:BSD:*) echo romp-ibm-bsd4.4 exit ;; ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to exit ;; # report: romp-ibm BSD 4.3 *:BOSX:*:*) echo rs6000-bull-bosx exit ;; DPX/2?00:B.O.S.:*:*) echo m68k-bull-sysv3 exit ;; 9000/[34]??:4.3bsd:1.*:*) echo m68k-hp-bsd exit ;; hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*) echo m68k-hp-bsd4.4 exit ;; 9000/[34678]??:HP-UX:*:*) HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` case "${UNAME_MACHINE}" in 9000/31? ) HP_ARCH=m68000 ;; 9000/[34]?? ) HP_ARCH=m68k ;; 9000/[678][0-9][0-9]) if [ -x /usr/bin/getconf ]; then sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null` sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null` case "${sc_cpu_version}" in 523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0 528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1 532) # CPU_PA_RISC2_0 case "${sc_kernel_bits}" in 32) HP_ARCH="hppa2.0n" ;; 64) HP_ARCH="hppa2.0w" ;; '') HP_ARCH="hppa2.0" ;; # HP-UX 10.20 esac ;; esac fi if [ "${HP_ARCH}" = "" ]; then eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #define _HPUX_SOURCE #include #include int main () { #if defined(_SC_KERNEL_BITS) long bits = sysconf(_SC_KERNEL_BITS); #endif long cpu = sysconf (_SC_CPU_VERSION); switch (cpu) { case CPU_PA_RISC1_0: puts ("hppa1.0"); break; case CPU_PA_RISC1_1: puts ("hppa1.1"); break; case CPU_PA_RISC2_0: #if defined(_SC_KERNEL_BITS) switch (bits) { case 64: puts ("hppa2.0w"); break; case 32: puts ("hppa2.0n"); break; default: puts ("hppa2.0"); break; } break; #else /* !defined(_SC_KERNEL_BITS) */ puts ("hppa2.0"); break; #endif default: puts ("hppa1.0"); break; } exit (0); } EOF (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy` test -z "$HP_ARCH" && HP_ARCH=hppa fi ;; esac if [ ${HP_ARCH} = "hppa2.0w" ] then eval $set_cc_for_build # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating # 32-bit code. hppa64-hp-hpux* has the same kernel and a compiler # generating 64-bit code. GNU and HP use different nomenclature: # # $ CC_FOR_BUILD=cc ./config.guess # => hppa2.0w-hp-hpux11.23 # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess # => hppa64-hp-hpux11.23 if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | grep -q __LP64__ then HP_ARCH="hppa2.0w" else HP_ARCH="hppa64" fi fi echo ${HP_ARCH}-hp-hpux${HPUX_REV} exit ;; ia64:HP-UX:*:*) HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` echo ia64-hp-hpux${HPUX_REV} exit ;; 3050*:HI-UX:*:*) eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #include int main () { long cpu = sysconf (_SC_CPU_VERSION); /* The order matters, because CPU_IS_HP_MC68K erroneously returns true for CPU_PA_RISC1_0. CPU_IS_PA_RISC returns correct results, however. */ if (CPU_IS_PA_RISC (cpu)) { switch (cpu) { case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break; case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break; case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break; default: puts ("hppa-hitachi-hiuxwe2"); break; } } else if (CPU_IS_HP_MC68K (cpu)) puts ("m68k-hitachi-hiuxwe2"); else puts ("unknown-hitachi-hiuxwe2"); exit (0); } EOF $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` && { echo "$SYSTEM_NAME"; exit; } echo unknown-hitachi-hiuxwe2 exit ;; 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* ) echo hppa1.1-hp-bsd exit ;; 9000/8??:4.3bsd:*:*) echo hppa1.0-hp-bsd exit ;; *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*) echo hppa1.0-hp-mpeix exit ;; hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* ) echo hppa1.1-hp-osf exit ;; hp8??:OSF1:*:*) echo hppa1.0-hp-osf exit ;; i*86:OSF1:*:*) if [ -x /usr/sbin/sysversion ] ; then echo ${UNAME_MACHINE}-unknown-osf1mk else echo ${UNAME_MACHINE}-unknown-osf1 fi exit ;; parisc*:Lites*:*:*) echo hppa1.1-hp-lites exit ;; C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*) echo c1-convex-bsd exit ;; C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*) if getsysinfo -f scalar_acc then echo c32-convex-bsd else echo c2-convex-bsd fi exit ;; C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*) echo c34-convex-bsd exit ;; C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*) echo c38-convex-bsd exit ;; C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*) echo c4-convex-bsd exit ;; CRAY*Y-MP:*:*:*) echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit ;; CRAY*[A-Z]90:*:*:*) echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \ | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \ -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \ -e 's/\.[^.]*$/.X/' exit ;; CRAY*TS:*:*:*) echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit ;; CRAY*T3E:*:*:*) echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit ;; CRAY*SV1:*:*:*) echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit ;; *:UNICOS/mp:*:*) echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit ;; F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*) FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'` echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" exit ;; 5000:UNIX_System_V:4.*:*) FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'` echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" exit ;; i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*) echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE} exit ;; sparc*:BSD/OS:*:*) echo sparc-unknown-bsdi${UNAME_RELEASE} exit ;; *:BSD/OS:*:*) echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE} exit ;; *:FreeBSD:*:*) UNAME_PROCESSOR=`/usr/bin/uname -p` case ${UNAME_PROCESSOR} in amd64) echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; *) echo ${UNAME_PROCESSOR}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; esac exit ;; i*:CYGWIN*:*) echo ${UNAME_MACHINE}-pc-cygwin exit ;; *:MINGW64*:*) echo ${UNAME_MACHINE}-pc-mingw64 exit ;; *:MINGW*:*) echo ${UNAME_MACHINE}-pc-mingw32 exit ;; i*:MSYS*:*) echo ${UNAME_MACHINE}-pc-msys exit ;; i*:windows32*:*) # uname -m includes "-pc" on this system. echo ${UNAME_MACHINE}-mingw32 exit ;; i*:PW*:*) echo ${UNAME_MACHINE}-pc-pw32 exit ;; *:Interix*:*) case ${UNAME_MACHINE} in x86) echo i586-pc-interix${UNAME_RELEASE} exit ;; authenticamd | genuineintel | EM64T) echo x86_64-unknown-interix${UNAME_RELEASE} exit ;; IA64) echo ia64-unknown-interix${UNAME_RELEASE} exit ;; esac ;; [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*) echo i${UNAME_MACHINE}-pc-mks exit ;; 8664:Windows_NT:*) echo x86_64-pc-mks exit ;; i*:Windows_NT*:* | Pentium*:Windows_NT*:*) # How do we know it's Interix rather than the generic POSIX subsystem? # It also conflicts with pre-2.0 versions of AT&T UWIN. Should we # UNAME_MACHINE based on the output of uname instead of i386? echo i586-pc-interix exit ;; i*:UWIN*:*) echo ${UNAME_MACHINE}-pc-uwin exit ;; amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*) echo x86_64-unknown-cygwin exit ;; p*:CYGWIN*:*) echo powerpcle-unknown-cygwin exit ;; prep*:SunOS:5.*:*) echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; *:GNU:*:*) # the GNU system echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-${LIBC}`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'` exit ;; *:GNU/*:*:*) # other systems with GNU libc and userland echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-${LIBC} exit ;; i*86:Minix:*:*) echo ${UNAME_MACHINE}-pc-minix exit ;; aarch64:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; aarch64_be:Linux:*:*) UNAME_MACHINE=aarch64_be echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; alpha:Linux:*:*) case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in EV5) UNAME_MACHINE=alphaev5 ;; EV56) UNAME_MACHINE=alphaev56 ;; PCA56) UNAME_MACHINE=alphapca56 ;; PCA57) UNAME_MACHINE=alphapca56 ;; EV6) UNAME_MACHINE=alphaev6 ;; EV67) UNAME_MACHINE=alphaev67 ;; EV68*) UNAME_MACHINE=alphaev68 ;; esac objdump --private-headers /bin/sh | grep -q ld.so.1 if test "$?" = 0 ; then LIBC="gnulibc1" ; fi echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; arc:Linux:*:* | arceb:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; arm*:Linux:*:*) eval $set_cc_for_build if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \ | grep -q __ARM_EABI__ then echo ${UNAME_MACHINE}-unknown-linux-${LIBC} else if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \ | grep -q __ARM_PCS_VFP then echo ${UNAME_MACHINE}-unknown-linux-${LIBC}eabi else echo ${UNAME_MACHINE}-unknown-linux-${LIBC}eabihf fi fi exit ;; avr32*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; cris:Linux:*:*) echo ${UNAME_MACHINE}-axis-linux-${LIBC} exit ;; crisv32:Linux:*:*) echo ${UNAME_MACHINE}-axis-linux-${LIBC} exit ;; frv:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; hexagon:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; i*86:Linux:*:*) echo ${UNAME_MACHINE}-pc-linux-${LIBC} exit ;; ia64:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; m32r*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; m68*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; mips:Linux:*:* | mips64:Linux:*:*) eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #undef CPU #undef ${UNAME_MACHINE} #undef ${UNAME_MACHINE}el #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL) CPU=${UNAME_MACHINE}el #else #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB) CPU=${UNAME_MACHINE} #else CPU= #endif #endif EOF eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^CPU'` test x"${CPU}" != x && { echo "${CPU}-unknown-linux-${LIBC}"; exit; } ;; or1k:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; or32:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; padre:Linux:*:*) echo sparc-unknown-linux-${LIBC} exit ;; parisc64:Linux:*:* | hppa64:Linux:*:*) echo hppa64-unknown-linux-${LIBC} exit ;; parisc:Linux:*:* | hppa:Linux:*:*) # Look for CPU level case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in PA7*) echo hppa1.1-unknown-linux-${LIBC} ;; PA8*) echo hppa2.0-unknown-linux-${LIBC} ;; *) echo hppa-unknown-linux-${LIBC} ;; esac exit ;; ppc64:Linux:*:*) echo powerpc64-unknown-linux-${LIBC} exit ;; ppc:Linux:*:*) echo powerpc-unknown-linux-${LIBC} exit ;; ppc64le:Linux:*:*) echo powerpc64le-unknown-linux-${LIBC} exit ;; ppcle:Linux:*:*) echo powerpcle-unknown-linux-${LIBC} exit ;; s390:Linux:*:* | s390x:Linux:*:*) echo ${UNAME_MACHINE}-ibm-linux-${LIBC} exit ;; sh64*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; sh*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; sparc:Linux:*:* | sparc64:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; tile*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; vax:Linux:*:*) echo ${UNAME_MACHINE}-dec-linux-${LIBC} exit ;; x86_64:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; xtensa*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; i*86:DYNIX/ptx:4*:*) # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. # earlier versions are messed up and put the nodename in both # sysname and nodename. echo i386-sequent-sysv4 exit ;; i*86:UNIX_SV:4.2MP:2.*) # Unixware is an offshoot of SVR4, but it has its own version # number series starting with 2... # I am not positive that other SVR4 systems won't match this, # I just have to hope. -- rms. # Use sysv4.2uw... so that sysv4* matches it. echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION} exit ;; i*86:OS/2:*:*) # If we were able to find `uname', then EMX Unix compatibility # is probably installed. echo ${UNAME_MACHINE}-pc-os2-emx exit ;; i*86:XTS-300:*:STOP) echo ${UNAME_MACHINE}-unknown-stop exit ;; i*86:atheos:*:*) echo ${UNAME_MACHINE}-unknown-atheos exit ;; i*86:syllable:*:*) echo ${UNAME_MACHINE}-pc-syllable exit ;; i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.[02]*:*) echo i386-unknown-lynxos${UNAME_RELEASE} exit ;; i*86:*DOS:*:*) echo ${UNAME_MACHINE}-pc-msdosdjgpp exit ;; i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*) UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'` if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL} else echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL} fi exit ;; i*86:*:5:[678]*) # UnixWare 7.x, OpenUNIX and OpenServer 6. case `/bin/uname -X | grep "^Machine"` in *486*) UNAME_MACHINE=i486 ;; *Pentium) UNAME_MACHINE=i586 ;; *Pent*|*Celeron) UNAME_MACHINE=i686 ;; esac echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION} exit ;; i*86:*:3.2:*) if test -f /usr/options/cb.name; then UNAME_REL=`sed -n 's/.*Version //p' /dev/null >/dev/null ; then UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')` (/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486 (/bin/uname -X|grep '^Machine.*Pentium' >/dev/null) \ && UNAME_MACHINE=i586 (/bin/uname -X|grep '^Machine.*Pent *II' >/dev/null) \ && UNAME_MACHINE=i686 (/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \ && UNAME_MACHINE=i686 echo ${UNAME_MACHINE}-pc-sco$UNAME_REL else echo ${UNAME_MACHINE}-pc-sysv32 fi exit ;; pc:*:*:*) # Left here for compatibility: # uname -m prints for DJGPP always 'pc', but it prints nothing about # the processor, so we play safe by assuming i586. # Note: whatever this is, it MUST be the same as what config.sub # prints for the "djgpp" host, or else GDB configury will decide that # this is a cross-build. echo i586-pc-msdosdjgpp exit ;; Intel:Mach:3*:*) echo i386-pc-mach3 exit ;; paragon:*:*:*) echo i860-intel-osf1 exit ;; i860:*:4.*:*) # i860-SVR4 if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4 else # Add other i860-SVR4 vendors below as they are discovered. echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4 fi exit ;; mini*:CTIX:SYS*5:*) # "miniframe" echo m68010-convergent-sysv exit ;; mc68k:UNIX:SYSTEM5:3.51m) echo m68k-convergent-sysv exit ;; M680?0:D-NIX:5.3:*) echo m68k-diab-dnix exit ;; M68*:*:R3V[5678]*:*) test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;; 3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0) OS_REL='' test -r /etc/.relid \ && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ && { echo i486-ncr-sysv4.3${OS_REL}; exit; } /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;; 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*) /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ && { echo i486-ncr-sysv4; exit; } ;; NCR*:*:4.2:* | MPRAS*:*:4.2:*) OS_REL='.3' test -r /etc/.relid \ && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ && { echo i486-ncr-sysv4.3${OS_REL}; exit; } /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ && { echo i586-ncr-sysv4.3${OS_REL}; exit; } /bin/uname -p 2>/dev/null | /bin/grep pteron >/dev/null \ && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;; m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*) echo m68k-unknown-lynxos${UNAME_RELEASE} exit ;; mc68030:UNIX_System_V:4.*:*) echo m68k-atari-sysv4 exit ;; TSUNAMI:LynxOS:2.*:*) echo sparc-unknown-lynxos${UNAME_RELEASE} exit ;; rs6000:LynxOS:2.*:*) echo rs6000-unknown-lynxos${UNAME_RELEASE} exit ;; PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.[02]*:*) echo powerpc-unknown-lynxos${UNAME_RELEASE} exit ;; SM[BE]S:UNIX_SV:*:*) echo mips-dde-sysv${UNAME_RELEASE} exit ;; RM*:ReliantUNIX-*:*:*) echo mips-sni-sysv4 exit ;; RM*:SINIX-*:*:*) echo mips-sni-sysv4 exit ;; *:SINIX-*:*:*) if uname -p 2>/dev/null >/dev/null ; then UNAME_MACHINE=`(uname -p) 2>/dev/null` echo ${UNAME_MACHINE}-sni-sysv4 else echo ns32k-sni-sysv fi exit ;; PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort # says echo i586-unisys-sysv4 exit ;; *:UNIX_System_V:4*:FTX*) # From Gerald Hewes . # How about differentiating between stratus architectures? -djm echo hppa1.1-stratus-sysv4 exit ;; *:*:*:FTX*) # From seanf@swdc.stratus.com. echo i860-stratus-sysv4 exit ;; i*86:VOS:*:*) # From Paul.Green@stratus.com. echo ${UNAME_MACHINE}-stratus-vos exit ;; *:VOS:*:*) # From Paul.Green@stratus.com. echo hppa1.1-stratus-vos exit ;; mc68*:A/UX:*:*) echo m68k-apple-aux${UNAME_RELEASE} exit ;; news*:NEWS-OS:6*:*) echo mips-sony-newsos6 exit ;; R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*) if [ -d /usr/nec ]; then echo mips-nec-sysv${UNAME_RELEASE} else echo mips-unknown-sysv${UNAME_RELEASE} fi exit ;; BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only. echo powerpc-be-beos exit ;; BeMac:BeOS:*:*) # BeOS running on Mac or Mac clone, PPC only. echo powerpc-apple-beos exit ;; BePC:BeOS:*:*) # BeOS running on Intel PC compatible. echo i586-pc-beos exit ;; BePC:Haiku:*:*) # Haiku running on Intel PC compatible. echo i586-pc-haiku exit ;; x86_64:Haiku:*:*) echo x86_64-unknown-haiku exit ;; SX-4:SUPER-UX:*:*) echo sx4-nec-superux${UNAME_RELEASE} exit ;; SX-5:SUPER-UX:*:*) echo sx5-nec-superux${UNAME_RELEASE} exit ;; SX-6:SUPER-UX:*:*) echo sx6-nec-superux${UNAME_RELEASE} exit ;; SX-7:SUPER-UX:*:*) echo sx7-nec-superux${UNAME_RELEASE} exit ;; SX-8:SUPER-UX:*:*) echo sx8-nec-superux${UNAME_RELEASE} exit ;; SX-8R:SUPER-UX:*:*) echo sx8r-nec-superux${UNAME_RELEASE} exit ;; Power*:Rhapsody:*:*) echo powerpc-apple-rhapsody${UNAME_RELEASE} exit ;; *:Rhapsody:*:*) echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE} exit ;; *:Darwin:*:*) UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown eval $set_cc_for_build if test "$UNAME_PROCESSOR" = unknown ; then UNAME_PROCESSOR=powerpc fi if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \ (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ grep IS_64BIT_ARCH >/dev/null then case $UNAME_PROCESSOR in i386) UNAME_PROCESSOR=x86_64 ;; powerpc) UNAME_PROCESSOR=powerpc64 ;; esac fi fi echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE} exit ;; *:procnto*:*:* | *:QNX:[0123456789]*:*) UNAME_PROCESSOR=`uname -p` if test "$UNAME_PROCESSOR" = "x86"; then UNAME_PROCESSOR=i386 UNAME_MACHINE=pc fi echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE} exit ;; *:QNX:*:4*) echo i386-pc-qnx exit ;; NEO-?:NONSTOP_KERNEL:*:*) echo neo-tandem-nsk${UNAME_RELEASE} exit ;; NSE-*:NONSTOP_KERNEL:*:*) echo nse-tandem-nsk${UNAME_RELEASE} exit ;; NSR-?:NONSTOP_KERNEL:*:*) echo nsr-tandem-nsk${UNAME_RELEASE} exit ;; *:NonStop-UX:*:*) echo mips-compaq-nonstopux exit ;; BS2000:POSIX*:*:*) echo bs2000-siemens-sysv exit ;; DS/*:UNIX_System_V:*:*) echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE} exit ;; *:Plan9:*:*) # "uname -m" is not consistent, so use $cputype instead. 386 # is converted to i386 for consistency with other x86 # operating systems. if test "$cputype" = "386"; then UNAME_MACHINE=i386 else UNAME_MACHINE="$cputype" fi echo ${UNAME_MACHINE}-unknown-plan9 exit ;; *:TOPS-10:*:*) echo pdp10-unknown-tops10 exit ;; *:TENEX:*:*) echo pdp10-unknown-tenex exit ;; KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*) echo pdp10-dec-tops20 exit ;; XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*) echo pdp10-xkl-tops20 exit ;; *:TOPS-20:*:*) echo pdp10-unknown-tops20 exit ;; *:ITS:*:*) echo pdp10-unknown-its exit ;; SEI:*:*:SEIUX) echo mips-sei-seiux${UNAME_RELEASE} exit ;; *:DragonFly:*:*) echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` exit ;; *:*VMS:*:*) UNAME_MACHINE=`(uname -p) 2>/dev/null` case "${UNAME_MACHINE}" in A*) echo alpha-dec-vms ; exit ;; I*) echo ia64-dec-vms ; exit ;; V*) echo vax-dec-vms ; exit ;; esac ;; *:XENIX:*:SysV) echo i386-pc-xenix exit ;; i*86:skyos:*:*) echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//' exit ;; i*86:rdos:*:*) echo ${UNAME_MACHINE}-pc-rdos exit ;; i*86:AROS:*:*) echo ${UNAME_MACHINE}-pc-aros exit ;; x86_64:VMkernel:*:*) echo ${UNAME_MACHINE}-unknown-esx exit ;; esac eval $set_cc_for_build cat >$dummy.c < # include #endif main () { #if defined (sony) #if defined (MIPSEB) /* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed, I don't know.... */ printf ("mips-sony-bsd\n"); exit (0); #else #include printf ("m68k-sony-newsos%s\n", #ifdef NEWSOS4 "4" #else "" #endif ); exit (0); #endif #endif #if defined (__arm) && defined (__acorn) && defined (__unix) printf ("arm-acorn-riscix\n"); exit (0); #endif #if defined (hp300) && !defined (hpux) printf ("m68k-hp-bsd\n"); exit (0); #endif #if defined (NeXT) #if !defined (__ARCHITECTURE__) #define __ARCHITECTURE__ "m68k" #endif int version; version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`; if (version < 4) printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version); else printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version); exit (0); #endif #if defined (MULTIMAX) || defined (n16) #if defined (UMAXV) printf ("ns32k-encore-sysv\n"); exit (0); #else #if defined (CMU) printf ("ns32k-encore-mach\n"); exit (0); #else printf ("ns32k-encore-bsd\n"); exit (0); #endif #endif #endif #if defined (__386BSD__) printf ("i386-pc-bsd\n"); exit (0); #endif #if defined (sequent) #if defined (i386) printf ("i386-sequent-dynix\n"); exit (0); #endif #if defined (ns32000) printf ("ns32k-sequent-dynix\n"); exit (0); #endif #endif #if defined (_SEQUENT_) struct utsname un; uname(&un); if (strncmp(un.version, "V2", 2) == 0) { printf ("i386-sequent-ptx2\n"); exit (0); } if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */ printf ("i386-sequent-ptx1\n"); exit (0); } printf ("i386-sequent-ptx\n"); exit (0); #endif #if defined (vax) # if !defined (ultrix) # include # if defined (BSD) # if BSD == 43 printf ("vax-dec-bsd4.3\n"); exit (0); # else # if BSD == 199006 printf ("vax-dec-bsd4.3reno\n"); exit (0); # else printf ("vax-dec-bsd\n"); exit (0); # endif # endif # else printf ("vax-dec-bsd\n"); exit (0); # endif # else printf ("vax-dec-ultrix\n"); exit (0); # endif #endif #if defined (alliant) && defined (i860) printf ("i860-alliant-bsd\n"); exit (0); #endif exit (1); } EOF $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && SYSTEM_NAME=`$dummy` && { echo "$SYSTEM_NAME"; exit; } # Apollos put the system type in the environment. test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit; } # Convex versions that predate uname can use getsysinfo(1) if [ -x /usr/convex/getsysinfo ] then case `getsysinfo -f cpu_type` in c1*) echo c1-convex-bsd exit ;; c2*) if getsysinfo -f scalar_acc then echo c32-convex-bsd else echo c2-convex-bsd fi exit ;; c34*) echo c34-convex-bsd exit ;; c38*) echo c38-convex-bsd exit ;; c4*) echo c4-convex-bsd exit ;; esac fi cat >&2 < in order to provide the needed information to handle your system. config.guess timestamp = $timestamp uname -m = `(uname -m) 2>/dev/null || echo unknown` uname -r = `(uname -r) 2>/dev/null || echo unknown` uname -s = `(uname -s) 2>/dev/null || echo unknown` uname -v = `(uname -v) 2>/dev/null || echo unknown` /usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null` /bin/uname -X = `(/bin/uname -X) 2>/dev/null` hostinfo = `(hostinfo) 2>/dev/null` /bin/universe = `(/bin/universe) 2>/dev/null` /usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null` /bin/arch = `(/bin/arch) 2>/dev/null` /usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null` /usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null` UNAME_MACHINE = ${UNAME_MACHINE} UNAME_RELEASE = ${UNAME_RELEASE} UNAME_SYSTEM = ${UNAME_SYSTEM} UNAME_VERSION = ${UNAME_VERSION} EOF exit 1 # Local variables: # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "timestamp='" # time-stamp-format: "%:y-%02m-%02d" # time-stamp-end: "'" # End: myproxy-6.2.16/build-aux/config.sub0000755000175100017510000010531514557142526014155 00000000000000#! /bin/sh # Configuration validation subroutine script. # Copyright 1992-2013 Free Software Foundation, Inc. timestamp='2013-04-24' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, see . # # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under # the same distribution terms that you use for the rest of that # program. This Exception is an additional permission under section 7 # of the GNU General Public License, version 3 ("GPLv3"). # Please send patches with a ChangeLog entry to config-patches@gnu.org. # # Configuration subroutine to validate and canonicalize a configuration type. # Supply the specified configuration type as an argument. # If it is invalid, we print an error message on stderr and exit with code 1. # Otherwise, we print the canonical config type on stdout and succeed. # You can get the latest version of this script from: # http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD # This file is supposed to be the same for all GNU packages # and recognize all the CPU types, system types and aliases # that are meaningful with *any* GNU software. # Each package is responsible for reporting which valid configurations # it does not support. The user should be able to distinguish # a failure to support a valid configuration from a meaningless # configuration. # The goal of this file is to map all the various variations of a given # machine specification into a single specification in the form: # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM # or in some cases, the newer four-part form: # CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM # It is wrong to echo any other type of specification. me=`echo "$0" | sed -e 's,.*/,,'` usage="\ Usage: $0 [OPTION] CPU-MFR-OPSYS $0 [OPTION] ALIAS Canonicalize a configuration name. Operation modes: -h, --help print this help, then exit -t, --time-stamp print date of last modification, then exit -v, --version print version number, then exit Report bugs and patches to ." version="\ GNU config.sub ($timestamp) Copyright 1992-2013 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." help=" Try \`$me --help' for more information." # Parse command line while test $# -gt 0 ; do case $1 in --time-stamp | --time* | -t ) echo "$timestamp" ; exit ;; --version | -v ) echo "$version" ; exit ;; --help | --h* | -h ) echo "$usage"; exit ;; -- ) # Stop option processing shift; break ;; - ) # Use stdin as input. break ;; -* ) echo "$me: invalid option $1$help" exit 1 ;; *local*) # First pass through any local machine types. echo $1 exit ;; * ) break ;; esac done case $# in 0) echo "$me: missing argument$help" >&2 exit 1;; 1) ;; *) echo "$me: too many arguments$help" >&2 exit 1;; esac # Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any). # Here we must recognize all the valid KERNEL-OS combinations. maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` case $maybe_os in nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \ linux-musl* | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \ knetbsd*-gnu* | netbsd*-gnu* | \ kopensolaris*-gnu* | \ storm-chaos* | os2-emx* | rtmk-nova*) os=-$maybe_os basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` ;; android-linux) os=-linux-android basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`-unknown ;; *) basic_machine=`echo $1 | sed 's/-[^-]*$//'` if [ $basic_machine != $1 ] then os=`echo $1 | sed 's/.*-/-/'` else os=; fi ;; esac ### Let's recognize common machines as not being operating systems so ### that things like config.sub decstation-3100 work. We also ### recognize some manufacturers as not being operating systems, so we ### can provide default operating systems below. case $os in -sun*os*) # Prevent following clause from handling this invalid input. ;; -dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \ -att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \ -unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \ -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ -apple | -axis | -knuth | -cray | -microblaze*) os= basic_machine=$1 ;; -bluegene*) os=-cnk ;; -sim | -cisco | -oki | -wec | -winbond) os= basic_machine=$1 ;; -scout) ;; -wrs) os=-vxworks basic_machine=$1 ;; -chorusos*) os=-chorusos basic_machine=$1 ;; -chorusrdb) os=-chorusrdb basic_machine=$1 ;; -hiux*) os=-hiuxwe2 ;; -sco6) os=-sco5v6 basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -sco5) os=-sco3.2v5 basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -sco4) os=-sco3.2v4 basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -sco3.2.[4-9]*) os=`echo $os | sed -e 's/sco3.2./sco3.2v/'` basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -sco3.2v[4-9]*) # Don't forget version if it is 3.2v4 or newer. basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -sco5v6*) # Don't forget version if it is 3.2v4 or newer. basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -sco*) os=-sco3.2v2 basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -udk*) basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -isc) os=-isc2.2 basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -clix*) basic_machine=clipper-intergraph ;; -isc*) basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -lynx*178) os=-lynxos178 ;; -lynx*5) os=-lynxos5 ;; -lynx*) os=-lynxos ;; -ptx*) basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'` ;; -windowsnt*) os=`echo $os | sed -e 's/windowsnt/winnt/'` ;; -psos*) os=-psos ;; -mint | -mint[0-9]*) basic_machine=m68k-atari os=-mint ;; esac # Decode aliases for certain CPU-COMPANY combinations. case $basic_machine in # Recognize the basic CPU types without company name. # Some are omitted here because they have special meanings below. 1750a | 580 \ | a29k \ | aarch64 | aarch64_be \ | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \ | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \ | am33_2.0 \ | arc | arceb \ | arm | arm[bl]e | arme[lb] | armv[2-8] | armv[3-8][lb] | armv7[arm] \ | avr | avr32 \ | be32 | be64 \ | bfin \ | c4x | clipper \ | d10v | d30v | dlx | dsp16xx \ | epiphany \ | fido | fr30 | frv \ | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ | hexagon \ | i370 | i860 | i960 | ia64 \ | ip2k | iq2000 \ | le32 | le64 \ | lm32 \ | m32c | m32r | m32rle | m68000 | m68k | m88k \ | maxq | mb | microblaze | microblazeel | mcore | mep | metag \ | mips | mipsbe | mipseb | mipsel | mipsle \ | mips16 \ | mips64 | mips64el \ | mips64octeon | mips64octeonel \ | mips64orion | mips64orionel \ | mips64r5900 | mips64r5900el \ | mips64vr | mips64vrel \ | mips64vr4100 | mips64vr4100el \ | mips64vr4300 | mips64vr4300el \ | mips64vr5000 | mips64vr5000el \ | mips64vr5900 | mips64vr5900el \ | mipsisa32 | mipsisa32el \ | mipsisa32r2 | mipsisa32r2el \ | mipsisa64 | mipsisa64el \ | mipsisa64r2 | mipsisa64r2el \ | mipsisa64sb1 | mipsisa64sb1el \ | mipsisa64sr71k | mipsisa64sr71kel \ | mipsr5900 | mipsr5900el \ | mipstx39 | mipstx39el \ | mn10200 | mn10300 \ | moxie \ | mt \ | msp430 \ | nds32 | nds32le | nds32be \ | nios | nios2 | nios2eb | nios2el \ | ns16k | ns32k \ | open8 \ | or1k | or32 \ | pdp10 | pdp11 | pj | pjl \ | powerpc | powerpc64 | powerpc64le | powerpcle \ | pyramid \ | rl78 | rx \ | score \ | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ | sh64 | sh64le \ | sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \ | sparcv8 | sparcv9 | sparcv9b | sparcv9v \ | spu \ | tahoe | tic4x | tic54x | tic55x | tic6x | tic80 | tron \ | ubicom32 \ | v850 | v850e | v850e1 | v850e2 | v850es | v850e2v3 \ | we32k \ | x86 | xc16x | xstormy16 | xtensa \ | z8k | z80) basic_machine=$basic_machine-unknown ;; c54x) basic_machine=tic54x-unknown ;; c55x) basic_machine=tic55x-unknown ;; c6x) basic_machine=tic6x-unknown ;; m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | picochip) basic_machine=$basic_machine-unknown os=-none ;; m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k) ;; ms1) basic_machine=mt-unknown ;; strongarm | thumb | xscale) basic_machine=arm-unknown ;; xgate) basic_machine=$basic_machine-unknown os=-none ;; xscaleeb) basic_machine=armeb-unknown ;; xscaleel) basic_machine=armel-unknown ;; # We use `pc' rather than `unknown' # because (1) that's what they normally are, and # (2) the word "unknown" tends to confuse beginning users. i*86 | x86_64) basic_machine=$basic_machine-pc ;; # Object if more than one company name word. *-*-*) echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 exit 1 ;; # Recognize the basic CPU types with company name. 580-* \ | a29k-* \ | aarch64-* | aarch64_be-* \ | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \ | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \ | alphapca5[67]-* | alpha64pca5[67]-* | arc-* | arceb-* \ | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ | avr-* | avr32-* \ | be32-* | be64-* \ | bfin-* | bs2000-* \ | c[123]* | c30-* | [cjt]90-* | c4x-* \ | clipper-* | craynv-* | cydra-* \ | d10v-* | d30v-* | dlx-* \ | elxsi-* \ | f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \ | h8300-* | h8500-* \ | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ | hexagon-* \ | i*86-* | i860-* | i960-* | ia64-* \ | ip2k-* | iq2000-* \ | le32-* | le64-* \ | lm32-* \ | m32c-* | m32r-* | m32rle-* \ | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ | m88110-* | m88k-* | maxq-* | mcore-* | metag-* \ | microblaze-* | microblazeel-* \ | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ | mips16-* \ | mips64-* | mips64el-* \ | mips64octeon-* | mips64octeonel-* \ | mips64orion-* | mips64orionel-* \ | mips64r5900-* | mips64r5900el-* \ | mips64vr-* | mips64vrel-* \ | mips64vr4100-* | mips64vr4100el-* \ | mips64vr4300-* | mips64vr4300el-* \ | mips64vr5000-* | mips64vr5000el-* \ | mips64vr5900-* | mips64vr5900el-* \ | mipsisa32-* | mipsisa32el-* \ | mipsisa32r2-* | mipsisa32r2el-* \ | mipsisa64-* | mipsisa64el-* \ | mipsisa64r2-* | mipsisa64r2el-* \ | mipsisa64sb1-* | mipsisa64sb1el-* \ | mipsisa64sr71k-* | mipsisa64sr71kel-* \ | mipsr5900-* | mipsr5900el-* \ | mipstx39-* | mipstx39el-* \ | mmix-* \ | mt-* \ | msp430-* \ | nds32-* | nds32le-* | nds32be-* \ | nios-* | nios2-* | nios2eb-* | nios2el-* \ | none-* | np1-* | ns16k-* | ns32k-* \ | open8-* \ | orion-* \ | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \ | pyramid-* \ | rl78-* | romp-* | rs6000-* | rx-* \ | sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \ | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ | sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \ | sparclite-* \ | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx?-* \ | tahoe-* \ | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \ | tile*-* \ | tron-* \ | ubicom32-* \ | v850-* | v850e-* | v850e1-* | v850es-* | v850e2-* | v850e2v3-* \ | vax-* \ | we32k-* \ | x86-* | x86_64-* | xc16x-* | xps100-* \ | xstormy16-* | xtensa*-* \ | ymp-* \ | z8k-* | z80-*) ;; # Recognize the basic CPU types without company name, with glob match. xtensa*) basic_machine=$basic_machine-unknown ;; # Recognize the various machine names and aliases which stand # for a CPU type and a company and sometimes even an OS. 386bsd) basic_machine=i386-unknown os=-bsd ;; 3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc) basic_machine=m68000-att ;; 3b*) basic_machine=we32k-att ;; a29khif) basic_machine=a29k-amd os=-udi ;; abacus) basic_machine=abacus-unknown ;; adobe68k) basic_machine=m68010-adobe os=-scout ;; alliant | fx80) basic_machine=fx80-alliant ;; altos | altos3068) basic_machine=m68k-altos ;; am29k) basic_machine=a29k-none os=-bsd ;; amd64) basic_machine=x86_64-pc ;; amd64-*) basic_machine=x86_64-`echo $basic_machine | sed 's/^[^-]*-//'` ;; amdahl) basic_machine=580-amdahl os=-sysv ;; amiga | amiga-*) basic_machine=m68k-unknown ;; amigaos | amigados) basic_machine=m68k-unknown os=-amigaos ;; amigaunix | amix) basic_machine=m68k-unknown os=-sysv4 ;; apollo68) basic_machine=m68k-apollo os=-sysv ;; apollo68bsd) basic_machine=m68k-apollo os=-bsd ;; aros) basic_machine=i386-pc os=-aros ;; aux) basic_machine=m68k-apple os=-aux ;; balance) basic_machine=ns32k-sequent os=-dynix ;; blackfin) basic_machine=bfin-unknown os=-linux ;; blackfin-*) basic_machine=bfin-`echo $basic_machine | sed 's/^[^-]*-//'` os=-linux ;; bluegene*) basic_machine=powerpc-ibm os=-cnk ;; c54x-*) basic_machine=tic54x-`echo $basic_machine | sed 's/^[^-]*-//'` ;; c55x-*) basic_machine=tic55x-`echo $basic_machine | sed 's/^[^-]*-//'` ;; c6x-*) basic_machine=tic6x-`echo $basic_machine | sed 's/^[^-]*-//'` ;; c90) basic_machine=c90-cray os=-unicos ;; cegcc) basic_machine=arm-unknown os=-cegcc ;; convex-c1) basic_machine=c1-convex os=-bsd ;; convex-c2) basic_machine=c2-convex os=-bsd ;; convex-c32) basic_machine=c32-convex os=-bsd ;; convex-c34) basic_machine=c34-convex os=-bsd ;; convex-c38) basic_machine=c38-convex os=-bsd ;; cray | j90) basic_machine=j90-cray os=-unicos ;; craynv) basic_machine=craynv-cray os=-unicosmp ;; cr16 | cr16-*) basic_machine=cr16-unknown os=-elf ;; crds | unos) basic_machine=m68k-crds ;; crisv32 | crisv32-* | etraxfs*) basic_machine=crisv32-axis ;; cris | cris-* | etrax*) basic_machine=cris-axis ;; crx) basic_machine=crx-unknown os=-elf ;; da30 | da30-*) basic_machine=m68k-da30 ;; decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn) basic_machine=mips-dec ;; decsystem10* | dec10*) basic_machine=pdp10-dec os=-tops10 ;; decsystem20* | dec20*) basic_machine=pdp10-dec os=-tops20 ;; delta | 3300 | motorola-3300 | motorola-delta \ | 3300-motorola | delta-motorola) basic_machine=m68k-motorola ;; delta88) basic_machine=m88k-motorola os=-sysv3 ;; dicos) basic_machine=i686-pc os=-dicos ;; djgpp) basic_machine=i586-pc os=-msdosdjgpp ;; dpx20 | dpx20-*) basic_machine=rs6000-bull os=-bosx ;; dpx2* | dpx2*-bull) basic_machine=m68k-bull os=-sysv3 ;; ebmon29k) basic_machine=a29k-amd os=-ebmon ;; elxsi) basic_machine=elxsi-elxsi os=-bsd ;; encore | umax | mmax) basic_machine=ns32k-encore ;; es1800 | OSE68k | ose68k | ose | OSE) basic_machine=m68k-ericsson os=-ose ;; fx2800) basic_machine=i860-alliant ;; genix) basic_machine=ns32k-ns ;; gmicro) basic_machine=tron-gmicro os=-sysv ;; go32) basic_machine=i386-pc os=-go32 ;; h3050r* | hiux*) basic_machine=hppa1.1-hitachi os=-hiuxwe2 ;; h8300hms) basic_machine=h8300-hitachi os=-hms ;; h8300xray) basic_machine=h8300-hitachi os=-xray ;; h8500hms) basic_machine=h8500-hitachi os=-hms ;; harris) basic_machine=m88k-harris os=-sysv3 ;; hp300-*) basic_machine=m68k-hp ;; hp300bsd) basic_machine=m68k-hp os=-bsd ;; hp300hpux) basic_machine=m68k-hp os=-hpux ;; hp3k9[0-9][0-9] | hp9[0-9][0-9]) basic_machine=hppa1.0-hp ;; hp9k2[0-9][0-9] | hp9k31[0-9]) basic_machine=m68000-hp ;; hp9k3[2-9][0-9]) basic_machine=m68k-hp ;; hp9k6[0-9][0-9] | hp6[0-9][0-9]) basic_machine=hppa1.0-hp ;; hp9k7[0-79][0-9] | hp7[0-79][0-9]) basic_machine=hppa1.1-hp ;; hp9k78[0-9] | hp78[0-9]) # FIXME: really hppa2.0-hp basic_machine=hppa1.1-hp ;; hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893) # FIXME: really hppa2.0-hp basic_machine=hppa1.1-hp ;; hp9k8[0-9][13679] | hp8[0-9][13679]) basic_machine=hppa1.1-hp ;; hp9k8[0-9][0-9] | hp8[0-9][0-9]) basic_machine=hppa1.0-hp ;; hppa-next) os=-nextstep3 ;; hppaosf) basic_machine=hppa1.1-hp os=-osf ;; hppro) basic_machine=hppa1.1-hp os=-proelf ;; i370-ibm* | ibm*) basic_machine=i370-ibm ;; i*86v32) basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` os=-sysv32 ;; i*86v4*) basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` os=-sysv4 ;; i*86v) basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` os=-sysv ;; i*86sol2) basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` os=-solaris2 ;; i386mach) basic_machine=i386-mach os=-mach ;; i386-vsta | vsta) basic_machine=i386-unknown os=-vsta ;; iris | iris4d) basic_machine=mips-sgi case $os in -irix*) ;; *) os=-irix4 ;; esac ;; isi68 | isi) basic_machine=m68k-isi os=-sysv ;; m68knommu) basic_machine=m68k-unknown os=-linux ;; m68knommu-*) basic_machine=m68k-`echo $basic_machine | sed 's/^[^-]*-//'` os=-linux ;; m88k-omron*) basic_machine=m88k-omron ;; magnum | m3230) basic_machine=mips-mips os=-sysv ;; merlin) basic_machine=ns32k-utek os=-sysv ;; microblaze*) basic_machine=microblaze-xilinx ;; mingw64) basic_machine=x86_64-pc os=-mingw64 ;; mingw32) basic_machine=i386-pc os=-mingw32 ;; mingw32ce) basic_machine=arm-unknown os=-mingw32ce ;; miniframe) basic_machine=m68000-convergent ;; *mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*) basic_machine=m68k-atari os=-mint ;; mips3*-*) basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'` ;; mips3*) basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown ;; monitor) basic_machine=m68k-rom68k os=-coff ;; morphos) basic_machine=powerpc-unknown os=-morphos ;; msdos) basic_machine=i386-pc os=-msdos ;; ms1-*) basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'` ;; msys) basic_machine=i386-pc os=-msys ;; mvs) basic_machine=i370-ibm os=-mvs ;; nacl) basic_machine=le32-unknown os=-nacl ;; ncr3000) basic_machine=i486-ncr os=-sysv4 ;; netbsd386) basic_machine=i386-unknown os=-netbsd ;; netwinder) basic_machine=armv4l-rebel os=-linux ;; news | news700 | news800 | news900) basic_machine=m68k-sony os=-newsos ;; news1000) basic_machine=m68030-sony os=-newsos ;; news-3600 | risc-news) basic_machine=mips-sony os=-newsos ;; necv70) basic_machine=v70-nec os=-sysv ;; next | m*-next ) basic_machine=m68k-next case $os in -nextstep* ) ;; -ns2*) os=-nextstep2 ;; *) os=-nextstep3 ;; esac ;; nh3000) basic_machine=m68k-harris os=-cxux ;; nh[45]000) basic_machine=m88k-harris os=-cxux ;; nindy960) basic_machine=i960-intel os=-nindy ;; mon960) basic_machine=i960-intel os=-mon960 ;; nonstopux) basic_machine=mips-compaq os=-nonstopux ;; np1) basic_machine=np1-gould ;; neo-tandem) basic_machine=neo-tandem ;; nse-tandem) basic_machine=nse-tandem ;; nsr-tandem) basic_machine=nsr-tandem ;; op50n-* | op60c-*) basic_machine=hppa1.1-oki os=-proelf ;; openrisc | openrisc-*) basic_machine=or32-unknown ;; os400) basic_machine=powerpc-ibm os=-os400 ;; OSE68000 | ose68000) basic_machine=m68000-ericsson os=-ose ;; os68k) basic_machine=m68k-none os=-os68k ;; pa-hitachi) basic_machine=hppa1.1-hitachi os=-hiuxwe2 ;; paragon) basic_machine=i860-intel os=-osf ;; parisc) basic_machine=hppa-unknown os=-linux ;; parisc-*) basic_machine=hppa-`echo $basic_machine | sed 's/^[^-]*-//'` os=-linux ;; pbd) basic_machine=sparc-tti ;; pbb) basic_machine=m68k-tti ;; pc532 | pc532-*) basic_machine=ns32k-pc532 ;; pc98) basic_machine=i386-pc ;; pc98-*) basic_machine=i386-`echo $basic_machine | sed 's/^[^-]*-//'` ;; pentium | p5 | k5 | k6 | nexgen | viac3) basic_machine=i586-pc ;; pentiumpro | p6 | 6x86 | athlon | athlon_*) basic_machine=i686-pc ;; pentiumii | pentium2 | pentiumiii | pentium3) basic_machine=i686-pc ;; pentium4) basic_machine=i786-pc ;; pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*) basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'` ;; pentiumpro-* | p6-* | 6x86-* | athlon-*) basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` ;; pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*) basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` ;; pentium4-*) basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'` ;; pn) basic_machine=pn-gould ;; power) basic_machine=power-ibm ;; ppc | ppcbe) basic_machine=powerpc-unknown ;; ppc-* | ppcbe-*) basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'` ;; ppcle | powerpclittle | ppc-le | powerpc-little) basic_machine=powerpcle-unknown ;; ppcle-* | powerpclittle-*) basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'` ;; ppc64) basic_machine=powerpc64-unknown ;; ppc64-* | ppc64p7-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'` ;; ppc64le | powerpc64little | ppc64-le | powerpc64-little) basic_machine=powerpc64le-unknown ;; ppc64le-* | powerpc64little-*) basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'` ;; ps2) basic_machine=i386-ibm ;; pw32) basic_machine=i586-unknown os=-pw32 ;; rdos | rdos64) basic_machine=x86_64-pc os=-rdos ;; rdos32) basic_machine=i386-pc os=-rdos ;; rom68k) basic_machine=m68k-rom68k os=-coff ;; rm[46]00) basic_machine=mips-siemens ;; rtpc | rtpc-*) basic_machine=romp-ibm ;; s390 | s390-*) basic_machine=s390-ibm ;; s390x | s390x-*) basic_machine=s390x-ibm ;; sa29200) basic_machine=a29k-amd os=-udi ;; sb1) basic_machine=mipsisa64sb1-unknown ;; sb1el) basic_machine=mipsisa64sb1el-unknown ;; sde) basic_machine=mipsisa32-sde os=-elf ;; sei) basic_machine=mips-sei os=-seiux ;; sequent) basic_machine=i386-sequent ;; sh) basic_machine=sh-hitachi os=-hms ;; sh5el) basic_machine=sh5le-unknown ;; sh64) basic_machine=sh64-unknown ;; sparclite-wrs | simso-wrs) basic_machine=sparclite-wrs os=-vxworks ;; sps7) basic_machine=m68k-bull os=-sysv2 ;; spur) basic_machine=spur-unknown ;; st2000) basic_machine=m68k-tandem ;; stratus) basic_machine=i860-stratus os=-sysv4 ;; strongarm-* | thumb-*) basic_machine=arm-`echo $basic_machine | sed 's/^[^-]*-//'` ;; sun2) basic_machine=m68000-sun ;; sun2os3) basic_machine=m68000-sun os=-sunos3 ;; sun2os4) basic_machine=m68000-sun os=-sunos4 ;; sun3os3) basic_machine=m68k-sun os=-sunos3 ;; sun3os4) basic_machine=m68k-sun os=-sunos4 ;; sun4os3) basic_machine=sparc-sun os=-sunos3 ;; sun4os4) basic_machine=sparc-sun os=-sunos4 ;; sun4sol2) basic_machine=sparc-sun os=-solaris2 ;; sun3 | sun3-*) basic_machine=m68k-sun ;; sun4) basic_machine=sparc-sun ;; sun386 | sun386i | roadrunner) basic_machine=i386-sun ;; sv1) basic_machine=sv1-cray os=-unicos ;; symmetry) basic_machine=i386-sequent os=-dynix ;; t3e) basic_machine=alphaev5-cray os=-unicos ;; t90) basic_machine=t90-cray os=-unicos ;; tile*) basic_machine=$basic_machine-unknown os=-linux-gnu ;; tx39) basic_machine=mipstx39-unknown ;; tx39el) basic_machine=mipstx39el-unknown ;; toad1) basic_machine=pdp10-xkl os=-tops20 ;; tower | tower-32) basic_machine=m68k-ncr ;; tpf) basic_machine=s390x-ibm os=-tpf ;; udi29k) basic_machine=a29k-amd os=-udi ;; ultra3) basic_machine=a29k-nyu os=-sym1 ;; v810 | necv810) basic_machine=v810-nec os=-none ;; vaxv) basic_machine=vax-dec os=-sysv ;; vms) basic_machine=vax-dec os=-vms ;; vpp*|vx|vx-*) basic_machine=f301-fujitsu ;; vxworks960) basic_machine=i960-wrs os=-vxworks ;; vxworks68) basic_machine=m68k-wrs os=-vxworks ;; vxworks29k) basic_machine=a29k-wrs os=-vxworks ;; w65*) basic_machine=w65-wdc os=-none ;; w89k-*) basic_machine=hppa1.1-winbond os=-proelf ;; xbox) basic_machine=i686-pc os=-mingw32 ;; xps | xps100) basic_machine=xps100-honeywell ;; xscale-* | xscalee[bl]-*) basic_machine=`echo $basic_machine | sed 's/^xscale/arm/'` ;; ymp) basic_machine=ymp-cray os=-unicos ;; z8k-*-coff) basic_machine=z8k-unknown os=-sim ;; z80-*-coff) basic_machine=z80-unknown os=-sim ;; none) basic_machine=none-none os=-none ;; # Here we handle the default manufacturer of certain CPU types. It is in # some cases the only manufacturer, in others, it is the most popular. w89k) basic_machine=hppa1.1-winbond ;; op50n) basic_machine=hppa1.1-oki ;; op60c) basic_machine=hppa1.1-oki ;; romp) basic_machine=romp-ibm ;; mmix) basic_machine=mmix-knuth ;; rs6000) basic_machine=rs6000-ibm ;; vax) basic_machine=vax-dec ;; pdp10) # there are many clones, so DEC is not a safe bet basic_machine=pdp10-unknown ;; pdp11) basic_machine=pdp11-dec ;; we32k) basic_machine=we32k-att ;; sh[1234] | sh[24]a | sh[24]aeb | sh[34]eb | sh[1234]le | sh[23]ele) basic_machine=sh-unknown ;; sparc | sparcv8 | sparcv9 | sparcv9b | sparcv9v) basic_machine=sparc-sun ;; cydra) basic_machine=cydra-cydrome ;; orion) basic_machine=orion-highlevel ;; orion105) basic_machine=clipper-highlevel ;; mac | mpw | mac-mpw) basic_machine=m68k-apple ;; pmac | pmac-mpw) basic_machine=powerpc-apple ;; *-unknown) # Make sure to match an already-canonicalized machine name. ;; *) echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 exit 1 ;; esac # Here we canonicalize certain aliases for manufacturers. case $basic_machine in *-digital*) basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'` ;; *-commodore*) basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'` ;; *) ;; esac # Decode manufacturer-specific aliases for certain operating systems. if [ x"$os" != x"" ] then case $os in # First match some system type aliases # that might get confused with valid system types. # -solaris* is a basic system type, with this one exception. -auroraux) os=-auroraux ;; -solaris1 | -solaris1.*) os=`echo $os | sed -e 's|solaris1|sunos4|'` ;; -solaris) os=-solaris2 ;; -svr4*) os=-sysv4 ;; -unixware*) os=-sysv4.2uw ;; -gnu/linux*) os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'` ;; # First accept the basic system types. # The portable systems comes first. # Each alternative MUST END IN A *, to match a version number. # -sysv* is not here because it comes later, after sysvr4. -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \ | -*vms* | -sco* | -esix* | -isc* | -aix* | -cnk* | -sunos | -sunos[34]*\ | -hpux* | -unos* | -osf* | -luna* | -dgux* | -auroraux* | -solaris* \ | -sym* | -kopensolaris* | -plan9* \ | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \ | -aos* | -aros* \ | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \ | -bitrig* | -openbsd* | -solidbsd* \ | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \ | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ | -chorusos* | -chorusrdb* | -cegcc* \ | -cygwin* | -msys* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ | -mingw32* | -mingw64* | -linux-gnu* | -linux-android* \ | -linux-newlib* | -linux-musl* | -linux-uclibc* \ | -uxpv* | -beos* | -mpeix* | -udk* \ | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \ | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \ | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \ | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \ | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \ | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es*) # Remember, each alternative MUST END IN *, to match a version number. ;; -qnx*) case $basic_machine in x86-* | i*86-*) ;; *) os=-nto$os ;; esac ;; -nto-qnx*) ;; -nto*) os=`echo $os | sed -e 's|nto|nto-qnx|'` ;; -sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \ | -windows* | -osx | -abug | -netware* | -os9* | -beos* | -haiku* \ | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*) ;; -mac*) os=`echo $os | sed -e 's|mac|macos|'` ;; -linux-dietlibc) os=-linux-dietlibc ;; -linux*) os=`echo $os | sed -e 's|linux|linux-gnu|'` ;; -sunos5*) os=`echo $os | sed -e 's|sunos5|solaris2|'` ;; -sunos6*) os=`echo $os | sed -e 's|sunos6|solaris3|'` ;; -opened*) os=-openedition ;; -os400*) os=-os400 ;; -wince*) os=-wince ;; -osfrose*) os=-osfrose ;; -osf*) os=-osf ;; -utek*) os=-bsd ;; -dynix*) os=-bsd ;; -acis*) os=-aos ;; -atheos*) os=-atheos ;; -syllable*) os=-syllable ;; -386bsd) os=-bsd ;; -ctix* | -uts*) os=-sysv ;; -nova*) os=-rtmk-nova ;; -ns2 ) os=-nextstep2 ;; -nsk*) os=-nsk ;; # Preserve the version number of sinix5. -sinix5.*) os=`echo $os | sed -e 's|sinix|sysv|'` ;; -sinix*) os=-sysv4 ;; -tpf*) os=-tpf ;; -triton*) os=-sysv3 ;; -oss*) os=-sysv3 ;; -svr4) os=-sysv4 ;; -svr3) os=-sysv3 ;; -sysvr4) os=-sysv4 ;; # This must come after -sysvr4. -sysv*) ;; -ose*) os=-ose ;; -es1800*) os=-ose ;; -xenix) os=-xenix ;; -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) os=-mint ;; -aros*) os=-aros ;; -zvmoe) os=-zvmoe ;; -dicos*) os=-dicos ;; -nacl*) ;; -none) ;; *) # Get rid of the `-' at the beginning of $os. os=`echo $os | sed 's/[^-]*-//'` echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2 exit 1 ;; esac else # Here we handle the default operating systems that come with various machines. # The value should be what the vendor currently ships out the door with their # machine or put another way, the most popular os provided with the machine. # Note that if you're going to try to match "-MANUFACTURER" here (say, # "-sun"), then you have to tell the case statement up towards the top # that MANUFACTURER isn't an operating system. Otherwise, code above # will signal an error saying that MANUFACTURER isn't an operating # system, and we'll never get to this point. case $basic_machine in score-*) os=-elf ;; spu-*) os=-elf ;; *-acorn) os=-riscix1.2 ;; arm*-rebel) os=-linux ;; arm*-semi) os=-aout ;; c4x-* | tic4x-*) os=-coff ;; hexagon-*) os=-elf ;; tic54x-*) os=-coff ;; tic55x-*) os=-coff ;; tic6x-*) os=-coff ;; # This must come before the *-dec entry. pdp10-*) os=-tops20 ;; pdp11-*) os=-none ;; *-dec | vax-*) os=-ultrix4.2 ;; m68*-apollo) os=-domain ;; i386-sun) os=-sunos4.0.2 ;; m68000-sun) os=-sunos3 ;; m68*-cisco) os=-aout ;; mep-*) os=-elf ;; mips*-cisco) os=-elf ;; mips*-*) os=-elf ;; or1k-*) os=-elf ;; or32-*) os=-coff ;; *-tti) # must be before sparc entry or we get the wrong os. os=-sysv3 ;; sparc-* | *-sun) os=-sunos4.1.1 ;; *-be) os=-beos ;; *-haiku) os=-haiku ;; *-ibm) os=-aix ;; *-knuth) os=-mmixware ;; *-wec) os=-proelf ;; *-winbond) os=-proelf ;; *-oki) os=-proelf ;; *-hp) os=-hpux ;; *-hitachi) os=-hiux ;; i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent) os=-sysv ;; *-cbm) os=-amigaos ;; *-dg) os=-dgux ;; *-dolphin) os=-sysv3 ;; m68k-ccur) os=-rtu ;; m88k-omron*) os=-luna ;; *-next ) os=-nextstep ;; *-sequent) os=-ptx ;; *-crds) os=-unos ;; *-ns) os=-genix ;; i370-*) os=-mvs ;; *-next) os=-nextstep3 ;; *-gould) os=-sysv ;; *-highlevel) os=-bsd ;; *-encore) os=-bsd ;; *-sgi) os=-irix ;; *-siemens) os=-sysv4 ;; *-masscomp) os=-rtu ;; f30[01]-fujitsu | f700-fujitsu) os=-uxpv ;; *-rom68k) os=-coff ;; *-*bug) os=-coff ;; *-apple) os=-macos ;; *-atari*) os=-mint ;; *) os=-none ;; esac fi # Here we handle the case where we know the os, and the CPU type, but not the # manufacturer. We pick the logical manufacturer. vendor=unknown case $basic_machine in *-unknown) case $os in -riscix*) vendor=acorn ;; -sunos*) vendor=sun ;; -cnk*|-aix*) vendor=ibm ;; -beos*) vendor=be ;; -hpux*) vendor=hp ;; -mpeix*) vendor=hp ;; -hiux*) vendor=hitachi ;; -unos*) vendor=crds ;; -dgux*) vendor=dg ;; -luna*) vendor=omron ;; -genix*) vendor=ns ;; -mvs* | -opened*) vendor=ibm ;; -os400*) vendor=ibm ;; -ptx*) vendor=sequent ;; -tpf*) vendor=ibm ;; -vxsim* | -vxworks* | -windiss*) vendor=wrs ;; -aux*) vendor=apple ;; -hms*) vendor=hitachi ;; -mpw* | -macos*) vendor=apple ;; -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) vendor=atari ;; -vos*) vendor=stratus ;; esac basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"` ;; esac echo $basic_machine$os exit # Local variables: # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "timestamp='" # time-stamp-format: "%:y-%02m-%02d" # time-stamp-end: "'" # End: myproxy-6.2.16/build-aux/missing0000755000175100017510000001533114557142526013567 00000000000000#! /bin/sh # Common wrapper for a few potentially missing GNU programs. scriptversion=2012-06-26.16; # UTC # Copyright (C) 1996-2013 Free Software Foundation, Inc. # Originally written by Fran,cois Pinard , 1996. # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2, or (at your option) # any later version. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # You should have received a copy of the GNU General Public License # along with this program. If not, see . # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under # the same distribution terms that you use for the rest of that program. if test $# -eq 0; then echo 1>&2 "Try '$0 --help' for more information" exit 1 fi case $1 in --is-lightweight) # Used by our autoconf macros to check whether the available missing # script is modern enough. exit 0 ;; --run) # Back-compat with the calling convention used by older automake. shift ;; -h|--h|--he|--hel|--help) echo "\ $0 [OPTION]... PROGRAM [ARGUMENT]... Run 'PROGRAM [ARGUMENT]...', returning a proper advice when this fails due to PROGRAM being missing or too old. Options: -h, --help display this help and exit -v, --version output version information and exit Supported PROGRAM values: aclocal autoconf autoheader autom4te automake makeinfo bison yacc flex lex help2man Version suffixes to PROGRAM as well as the prefixes 'gnu-', 'gnu', and 'g' are ignored when checking the name. Send bug reports to ." exit $? ;; -v|--v|--ve|--ver|--vers|--versi|--versio|--version) echo "missing $scriptversion (GNU Automake)" exit $? ;; -*) echo 1>&2 "$0: unknown '$1' option" echo 1>&2 "Try '$0 --help' for more information" exit 1 ;; esac # Run the given program, remember its exit status. "$@"; st=$? # If it succeeded, we are done. test $st -eq 0 && exit 0 # Also exit now if we it failed (or wasn't found), and '--version' was # passed; such an option is passed most likely to detect whether the # program is present and works. case $2 in --version|--help) exit $st;; esac # Exit code 63 means version mismatch. This often happens when the user # tries to use an ancient version of a tool on a file that requires a # minimum version. if test $st -eq 63; then msg="probably too old" elif test $st -eq 127; then # Program was missing. msg="missing on your system" else # Program was found and executed, but failed. Give up. exit $st fi perl_URL=http://www.perl.org/ flex_URL=http://flex.sourceforge.net/ gnu_software_URL=http://www.gnu.org/software program_details () { case $1 in aclocal|automake) echo "The '$1' program is part of the GNU Automake package:" echo "<$gnu_software_URL/automake>" echo "It also requires GNU Autoconf, GNU m4 and Perl in order to run:" echo "<$gnu_software_URL/autoconf>" echo "<$gnu_software_URL/m4/>" echo "<$perl_URL>" ;; autoconf|autom4te|autoheader) echo "The '$1' program is part of the GNU Autoconf package:" echo "<$gnu_software_URL/autoconf/>" echo "It also requires GNU m4 and Perl in order to run:" echo "<$gnu_software_URL/m4/>" echo "<$perl_URL>" ;; esac } give_advice () { # Normalize program name to check for. normalized_program=`echo "$1" | sed ' s/^gnu-//; t s/^gnu//; t s/^g//; t'` printf '%s\n' "'$1' is $msg." configure_deps="'configure.ac' or m4 files included by 'configure.ac'" case $normalized_program in autoconf*) echo "You should only need it if you modified 'configure.ac'," echo "or m4 files included by it." program_details 'autoconf' ;; autoheader*) echo "You should only need it if you modified 'acconfig.h' or" echo "$configure_deps." program_details 'autoheader' ;; automake*) echo "You should only need it if you modified 'Makefile.am' or" echo "$configure_deps." program_details 'automake' ;; aclocal*) echo "You should only need it if you modified 'acinclude.m4' or" echo "$configure_deps." program_details 'aclocal' ;; autom4te*) echo "You might have modified some maintainer files that require" echo "the 'automa4te' program to be rebuilt." program_details 'autom4te' ;; bison*|yacc*) echo "You should only need it if you modified a '.y' file." echo "You may want to install the GNU Bison package:" echo "<$gnu_software_URL/bison/>" ;; lex*|flex*) echo "You should only need it if you modified a '.l' file." echo "You may want to install the Fast Lexical Analyzer package:" echo "<$flex_URL>" ;; help2man*) echo "You should only need it if you modified a dependency" \ "of a man page." echo "You may want to install the GNU Help2man package:" echo "<$gnu_software_URL/help2man/>" ;; makeinfo*) echo "You should only need it if you modified a '.texi' file, or" echo "any other file indirectly affecting the aspect of the manual." echo "You might want to install the Texinfo package:" echo "<$gnu_software_URL/texinfo/>" echo "The spurious makeinfo call might also be the consequence of" echo "using a buggy 'make' (AIX, DU, IRIX), in which case you might" echo "want to install GNU make:" echo "<$gnu_software_URL/make/>" ;; *) echo "You might have modified some files without having the proper" echo "tools for further handling them. Check the 'README' file, it" echo "often tells you about the needed prerequisites for installing" echo "this package. You may also peek at any GNU archive site, in" echo "case some other package contains this missing '$1' program." ;; esac } give_advice "$1" | sed -e '1s/^/WARNING: /' \ -e '2,$s/^/ /' >&2 # Propagate the correct exit status (expected to be 127 for a program # not found, 63 for a program that failed due to version mismatch). exit $st # Local variables: # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "scriptversion=" # time-stamp-format: "%:y-%02m-%02d.%02H" # time-stamp-time-zone: "UTC" # time-stamp-end: "; # UTC" # End: myproxy-6.2.16/build-aux/install-sh0000755000175100017510000003325514557142526014201 00000000000000#!/bin/sh # install - install a program, script, or datafile scriptversion=2011-11-20.07; # UTC # This originates from X11R5 (mit/util/scripts/install.sh), which was # later released in X11R6 (xc/config/util/install.sh) with the # following copyright and license. # # Copyright (C) 1994 X Consortium # # Permission is hereby granted, free of charge, to any person obtaining a copy # of this software and associated documentation files (the "Software"), to # deal in the Software without restriction, including without limitation the # rights to use, copy, modify, merge, publish, distribute, sublicense, and/or # sell copies of the Software, and to permit persons to whom the Software is # furnished to do so, subject to the following conditions: # # The above copyright notice and this permission notice shall be included in # all copies or substantial portions of the Software. # # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE # X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN # AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC- # TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. # # Except as contained in this notice, the name of the X Consortium shall not # be used in advertising or otherwise to promote the sale, use or other deal- # ings in this Software without prior written authorization from the X Consor- # tium. # # # FSF changes to this file are in the public domain. # # Calling this script install-sh is preferred over install.sh, to prevent # 'make' implicit rules from creating a file called install from it # when there is no Makefile. # # This script is compatible with the BSD install script, but was written # from scratch. nl=' ' IFS=" "" $nl" # set DOITPROG to echo to test this script # Don't use :- since 4.3BSD and earlier shells don't like it. doit=${DOITPROG-} if test -z "$doit"; then doit_exec=exec else doit_exec=$doit fi # Put in absolute file names if you don't have them in your path; # or use environment vars. chgrpprog=${CHGRPPROG-chgrp} chmodprog=${CHMODPROG-chmod} chownprog=${CHOWNPROG-chown} cmpprog=${CMPPROG-cmp} cpprog=${CPPROG-cp} mkdirprog=${MKDIRPROG-mkdir} mvprog=${MVPROG-mv} rmprog=${RMPROG-rm} stripprog=${STRIPPROG-strip} posix_glob='?' initialize_posix_glob=' test "$posix_glob" != "?" || { if (set -f) 2>/dev/null; then posix_glob= else posix_glob=: fi } ' posix_mkdir= # Desired mode of installed file. mode=0755 chgrpcmd= chmodcmd=$chmodprog chowncmd= mvcmd=$mvprog rmcmd="$rmprog -f" stripcmd= src= dst= dir_arg= dst_arg= copy_on_change=false no_target_directory= usage="\ Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE or: $0 [OPTION]... SRCFILES... DIRECTORY or: $0 [OPTION]... -t DIRECTORY SRCFILES... or: $0 [OPTION]... -d DIRECTORIES... In the 1st form, copy SRCFILE to DSTFILE. In the 2nd and 3rd, copy all SRCFILES to DIRECTORY. In the 4th, create DIRECTORIES. Options: --help display this help and exit. --version display version info and exit. -c (ignored) -C install only if different (preserve the last data modification time) -d create directories instead of installing files. -g GROUP $chgrpprog installed files to GROUP. -m MODE $chmodprog installed files to MODE. -o USER $chownprog installed files to USER. -s $stripprog installed files. -t DIRECTORY install into DIRECTORY. -T report an error if DSTFILE is a directory. Environment variables override the default commands: CHGRPPROG CHMODPROG CHOWNPROG CMPPROG CPPROG MKDIRPROG MVPROG RMPROG STRIPPROG " while test $# -ne 0; do case $1 in -c) ;; -C) copy_on_change=true;; -d) dir_arg=true;; -g) chgrpcmd="$chgrpprog $2" shift;; --help) echo "$usage"; exit $?;; -m) mode=$2 case $mode in *' '* | *' '* | *' '* | *'*'* | *'?'* | *'['*) echo "$0: invalid mode: $mode" >&2 exit 1;; esac shift;; -o) chowncmd="$chownprog $2" shift;; -s) stripcmd=$stripprog;; -t) dst_arg=$2 # Protect names problematic for 'test' and other utilities. case $dst_arg in -* | [=\(\)!]) dst_arg=./$dst_arg;; esac shift;; -T) no_target_directory=true;; --version) echo "$0 $scriptversion"; exit $?;; --) shift break;; -*) echo "$0: invalid option: $1" >&2 exit 1;; *) break;; esac shift done if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then # When -d is used, all remaining arguments are directories to create. # When -t is used, the destination is already specified. # Otherwise, the last argument is the destination. Remove it from $@. for arg do if test -n "$dst_arg"; then # $@ is not empty: it contains at least $arg. set fnord "$@" "$dst_arg" shift # fnord fi shift # arg dst_arg=$arg # Protect names problematic for 'test' and other utilities. case $dst_arg in -* | [=\(\)!]) dst_arg=./$dst_arg;; esac done fi if test $# -eq 0; then if test -z "$dir_arg"; then echo "$0: no input file specified." >&2 exit 1 fi # It's OK to call 'install-sh -d' without argument. # This can happen when creating conditional directories. exit 0 fi if test -z "$dir_arg"; then do_exit='(exit $ret); exit $ret' trap "ret=129; $do_exit" 1 trap "ret=130; $do_exit" 2 trap "ret=141; $do_exit" 13 trap "ret=143; $do_exit" 15 # Set umask so as not to create temps with too-generous modes. # However, 'strip' requires both read and write access to temps. case $mode in # Optimize common cases. *644) cp_umask=133;; *755) cp_umask=22;; *[0-7]) if test -z "$stripcmd"; then u_plus_rw= else u_plus_rw='% 200' fi cp_umask=`expr '(' 777 - $mode % 1000 ')' $u_plus_rw`;; *) if test -z "$stripcmd"; then u_plus_rw= else u_plus_rw=,u+rw fi cp_umask=$mode$u_plus_rw;; esac fi for src do # Protect names problematic for 'test' and other utilities. case $src in -* | [=\(\)!]) src=./$src;; esac if test -n "$dir_arg"; then dst=$src dstdir=$dst test -d "$dstdir" dstdir_status=$? else # Waiting for this to be detected by the "$cpprog $src $dsttmp" command # might cause directories to be created, which would be especially bad # if $src (and thus $dsttmp) contains '*'. if test ! -f "$src" && test ! -d "$src"; then echo "$0: $src does not exist." >&2 exit 1 fi if test -z "$dst_arg"; then echo "$0: no destination specified." >&2 exit 1 fi dst=$dst_arg # If destination is a directory, append the input filename; won't work # if double slashes aren't ignored. if test -d "$dst"; then if test -n "$no_target_directory"; then echo "$0: $dst_arg: Is a directory" >&2 exit 1 fi dstdir=$dst dst=$dstdir/`basename "$src"` dstdir_status=0 else # Prefer dirname, but fall back on a substitute if dirname fails. dstdir=` (dirname "$dst") 2>/dev/null || expr X"$dst" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$dst" : 'X\(//\)[^/]' \| \ X"$dst" : 'X\(//\)$' \| \ X"$dst" : 'X\(/\)' \| . 2>/dev/null || echo X"$dst" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q' ` test -d "$dstdir" dstdir_status=$? fi fi obsolete_mkdir_used=false if test $dstdir_status != 0; then case $posix_mkdir in '') # Create intermediate dirs using mode 755 as modified by the umask. # This is like FreeBSD 'install' as of 1997-10-28. umask=`umask` case $stripcmd.$umask in # Optimize common cases. *[2367][2367]) mkdir_umask=$umask;; .*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;; *[0-7]) mkdir_umask=`expr $umask + 22 \ - $umask % 100 % 40 + $umask % 20 \ - $umask % 10 % 4 + $umask % 2 `;; *) mkdir_umask=$umask,go-w;; esac # With -d, create the new directory with the user-specified mode. # Otherwise, rely on $mkdir_umask. if test -n "$dir_arg"; then mkdir_mode=-m$mode else mkdir_mode= fi posix_mkdir=false case $umask in *[123567][0-7][0-7]) # POSIX mkdir -p sets u+wx bits regardless of umask, which # is incompatible with FreeBSD 'install' when (umask & 300) != 0. ;; *) tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$ trap 'ret=$?; rmdir "$tmpdir/d" "$tmpdir" 2>/dev/null; exit $ret' 0 if (umask $mkdir_umask && exec $mkdirprog $mkdir_mode -p -- "$tmpdir/d") >/dev/null 2>&1 then if test -z "$dir_arg" || { # Check for POSIX incompatibilities with -m. # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or # other-writable bit of parent directory when it shouldn't. # FreeBSD 6.1 mkdir -m -p sets mode of existing directory. ls_ld_tmpdir=`ls -ld "$tmpdir"` case $ls_ld_tmpdir in d????-?r-*) different_mode=700;; d????-?--*) different_mode=755;; *) false;; esac && $mkdirprog -m$different_mode -p -- "$tmpdir" && { ls_ld_tmpdir_1=`ls -ld "$tmpdir"` test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1" } } then posix_mkdir=: fi rmdir "$tmpdir/d" "$tmpdir" else # Remove any dirs left behind by ancient mkdir implementations. rmdir ./$mkdir_mode ./-p ./-- 2>/dev/null fi trap '' 0;; esac;; esac if $posix_mkdir && ( umask $mkdir_umask && $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir" ) then : else # The umask is ridiculous, or mkdir does not conform to POSIX, # or it failed possibly due to a race condition. Create the # directory the slow way, step by step, checking for races as we go. case $dstdir in /*) prefix='/';; [-=\(\)!]*) prefix='./';; *) prefix='';; esac eval "$initialize_posix_glob" oIFS=$IFS IFS=/ $posix_glob set -f set fnord $dstdir shift $posix_glob set +f IFS=$oIFS prefixes= for d do test X"$d" = X && continue prefix=$prefix$d if test -d "$prefix"; then prefixes= else if $posix_mkdir; then (umask=$mkdir_umask && $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break # Don't fail if two instances are running concurrently. test -d "$prefix" || exit 1 else case $prefix in *\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;; *) qprefix=$prefix;; esac prefixes="$prefixes '$qprefix'" fi fi prefix=$prefix/ done if test -n "$prefixes"; then # Don't fail if two instances are running concurrently. (umask $mkdir_umask && eval "\$doit_exec \$mkdirprog $prefixes") || test -d "$dstdir" || exit 1 obsolete_mkdir_used=true fi fi fi if test -n "$dir_arg"; then { test -z "$chowncmd" || $doit $chowncmd "$dst"; } && { test -z "$chgrpcmd" || $doit $chgrpcmd "$dst"; } && { test "$obsolete_mkdir_used$chowncmd$chgrpcmd" = false || test -z "$chmodcmd" || $doit $chmodcmd $mode "$dst"; } || exit 1 else # Make a couple of temp file names in the proper directory. dsttmp=$dstdir/_inst.$$_ rmtmp=$dstdir/_rm.$$_ # Trap to clean up those temp files at exit. trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0 # Copy the file name to the temp name. (umask $cp_umask && $doit_exec $cpprog "$src" "$dsttmp") && # and set any options; do chmod last to preserve setuid bits. # # If any of these fail, we abort the whole thing. If we want to # ignore errors from any of these, just make sure not to ignore # errors from the above "$doit $cpprog $src $dsttmp" command. # { test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } && { test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } && { test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } && { test -z "$chmodcmd" || $doit $chmodcmd $mode "$dsttmp"; } && # If -C, don't bother to copy if it wouldn't change the file. if $copy_on_change && old=`LC_ALL=C ls -dlL "$dst" 2>/dev/null` && new=`LC_ALL=C ls -dlL "$dsttmp" 2>/dev/null` && eval "$initialize_posix_glob" && $posix_glob set -f && set X $old && old=:$2:$4:$5:$6 && set X $new && new=:$2:$4:$5:$6 && $posix_glob set +f && test "$old" = "$new" && $cmpprog "$dst" "$dsttmp" >/dev/null 2>&1 then rm -f "$dsttmp" else # Rename the file to the real destination. $doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null || # The rename failed, perhaps because mv can't rename something else # to itself, or perhaps because mv is so ancient that it does not # support -f. { # Now remove or move aside any old file at destination location. # We try this two ways since rm can't unlink itself on some # systems and the destination file might be busy for other # reasons. In this case, the final cleanup might fail but the new # file should still install successfully. { test ! -f "$dst" || $doit $rmcmd -f "$dst" 2>/dev/null || { $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null && { $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; } } || { echo "$0: cannot unlink or rename $dst" >&2 (exit 1); exit 1 } } && # Now rename the file to the real destination. $doit $mvcmd "$dsttmp" "$dst" } fi || exit 1 trap '' 0 fi done # Local variables: # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "scriptversion=" # time-stamp-format: "%:y-%02m-%02d.%02H" # time-stamp-time-zone: "UTC" # time-stamp-end: "; # UTC" # End: myproxy-6.2.16/build-aux/depcomp0000755000175100017510000005601614557142526013552 00000000000000#! /bin/sh # depcomp - compile a program generating dependencies as side-effects scriptversion=2013-05-30.07; # UTC # Copyright (C) 1999-2013 Free Software Foundation, Inc. # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2, or (at your option) # any later version. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # You should have received a copy of the GNU General Public License # along with this program. If not, see . # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under # the same distribution terms that you use for the rest of that program. # Originally written by Alexandre Oliva . case $1 in '') echo "$0: No command. Try '$0 --help' for more information." 1>&2 exit 1; ;; -h | --h*) cat <<\EOF Usage: depcomp [--help] [--version] PROGRAM [ARGS] Run PROGRAMS ARGS to compile a file, generating dependencies as side-effects. Environment variables: depmode Dependency tracking mode. source Source file read by 'PROGRAMS ARGS'. object Object file output by 'PROGRAMS ARGS'. DEPDIR directory where to store dependencies. depfile Dependency file to output. tmpdepfile Temporary file to use when outputting dependencies. libtool Whether libtool is used (yes/no). Report bugs to . EOF exit $? ;; -v | --v*) echo "depcomp $scriptversion" exit $? ;; esac # Get the directory component of the given path, and save it in the # global variables '$dir'. Note that this directory component will # be either empty or ending with a '/' character. This is deliberate. set_dir_from () { case $1 in */*) dir=`echo "$1" | sed -e 's|/[^/]*$|/|'`;; *) dir=;; esac } # Get the suffix-stripped basename of the given path, and save it the # global variable '$base'. set_base_from () { base=`echo "$1" | sed -e 's|^.*/||' -e 's/\.[^.]*$//'` } # If no dependency file was actually created by the compiler invocation, # we still have to create a dummy depfile, to avoid errors with the # Makefile "include basename.Plo" scheme. make_dummy_depfile () { echo "#dummy" > "$depfile" } # Factor out some common post-processing of the generated depfile. # Requires the auxiliary global variable '$tmpdepfile' to be set. aix_post_process_depfile () { # If the compiler actually managed to produce a dependency file, # post-process it. if test -f "$tmpdepfile"; then # Each line is of the form 'foo.o: dependency.h'. # Do two passes, one to just change these to # $object: dependency.h # and one to simply output # dependency.h: # which is needed to avoid the deleted-header problem. { sed -e "s,^.*\.[$lower]*:,$object:," < "$tmpdepfile" sed -e "s,^.*\.[$lower]*:[$tab ]*,," -e 's,$,:,' < "$tmpdepfile" } > "$depfile" rm -f "$tmpdepfile" else make_dummy_depfile fi } # A tabulation character. tab=' ' # A newline character. nl=' ' # Character ranges might be problematic outside the C locale. # These definitions help. upper=ABCDEFGHIJKLMNOPQRSTUVWXYZ lower=abcdefghijklmnopqrstuvwxyz digits=0123456789 alpha=${upper}${lower} if test -z "$depmode" || test -z "$source" || test -z "$object"; then echo "depcomp: Variables source, object and depmode must be set" 1>&2 exit 1 fi # Dependencies for sub/bar.o or sub/bar.obj go into sub/.deps/bar.Po. depfile=${depfile-`echo "$object" | sed 's|[^\\/]*$|'${DEPDIR-.deps}'/&|;s|\.\([^.]*\)$|.P\1|;s|Pobj$|Po|'`} tmpdepfile=${tmpdepfile-`echo "$depfile" | sed 's/\.\([^.]*\)$/.T\1/'`} rm -f "$tmpdepfile" # Avoid interferences from the environment. gccflag= dashmflag= # Some modes work just like other modes, but use different flags. We # parameterize here, but still list the modes in the big case below, # to make depend.m4 easier to write. Note that we *cannot* use a case # here, because this file can only contain one case statement. if test "$depmode" = hp; then # HP compiler uses -M and no extra arg. gccflag=-M depmode=gcc fi if test "$depmode" = dashXmstdout; then # This is just like dashmstdout with a different argument. dashmflag=-xM depmode=dashmstdout fi cygpath_u="cygpath -u -f -" if test "$depmode" = msvcmsys; then # This is just like msvisualcpp but w/o cygpath translation. # Just convert the backslash-escaped backslashes to single forward # slashes to satisfy depend.m4 cygpath_u='sed s,\\\\,/,g' depmode=msvisualcpp fi if test "$depmode" = msvc7msys; then # This is just like msvc7 but w/o cygpath translation. # Just convert the backslash-escaped backslashes to single forward # slashes to satisfy depend.m4 cygpath_u='sed s,\\\\,/,g' depmode=msvc7 fi if test "$depmode" = xlc; then # IBM C/C++ Compilers xlc/xlC can output gcc-like dependency information. gccflag=-qmakedep=gcc,-MF depmode=gcc fi case "$depmode" in gcc3) ## gcc 3 implements dependency tracking that does exactly what ## we want. Yay! Note: for some reason libtool 1.4 doesn't like ## it if -MD -MP comes after the -MF stuff. Hmm. ## Unfortunately, FreeBSD c89 acceptance of flags depends upon ## the command line argument order; so add the flags where they ## appear in depend2.am. Note that the slowdown incurred here ## affects only configure: in makefiles, %FASTDEP% shortcuts this. for arg do case $arg in -c) set fnord "$@" -MT "$object" -MD -MP -MF "$tmpdepfile" "$arg" ;; *) set fnord "$@" "$arg" ;; esac shift # fnord shift # $arg done "$@" stat=$? if test $stat -ne 0; then rm -f "$tmpdepfile" exit $stat fi mv "$tmpdepfile" "$depfile" ;; gcc) ## Note that this doesn't just cater to obsosete pre-3.x GCC compilers. ## but also to in-use compilers like IMB xlc/xlC and the HP C compiler. ## (see the conditional assignment to $gccflag above). ## There are various ways to get dependency output from gcc. Here's ## why we pick this rather obscure method: ## - Don't want to use -MD because we'd like the dependencies to end ## up in a subdir. Having to rename by hand is ugly. ## (We might end up doing this anyway to support other compilers.) ## - The DEPENDENCIES_OUTPUT environment variable makes gcc act like ## -MM, not -M (despite what the docs say). Also, it might not be ## supported by the other compilers which use the 'gcc' depmode. ## - Using -M directly means running the compiler twice (even worse ## than renaming). if test -z "$gccflag"; then gccflag=-MD, fi "$@" -Wp,"$gccflag$tmpdepfile" stat=$? if test $stat -ne 0; then rm -f "$tmpdepfile" exit $stat fi rm -f "$depfile" echo "$object : \\" > "$depfile" # The second -e expression handles DOS-style file names with drive # letters. sed -e 's/^[^:]*: / /' \ -e 's/^['$alpha']:\/[^:]*: / /' < "$tmpdepfile" >> "$depfile" ## This next piece of magic avoids the "deleted header file" problem. ## The problem is that when a header file which appears in a .P file ## is deleted, the dependency causes make to die (because there is ## typically no way to rebuild the header). We avoid this by adding ## dummy dependencies for each header file. Too bad gcc doesn't do ## this for us directly. ## Some versions of gcc put a space before the ':'. On the theory ## that the space means something, we add a space to the output as ## well. hp depmode also adds that space, but also prefixes the VPATH ## to the object. Take care to not repeat it in the output. ## Some versions of the HPUX 10.20 sed can't process this invocation ## correctly. Breaking it into two sed invocations is a workaround. tr ' ' "$nl" < "$tmpdepfile" \ | sed -e 's/^\\$//' -e '/^$/d' -e "s|.*$object$||" -e '/:$/d' \ | sed -e 's/$/ :/' >> "$depfile" rm -f "$tmpdepfile" ;; hp) # This case exists only to let depend.m4 do its work. It works by # looking at the text of this script. This case will never be run, # since it is checked for above. exit 1 ;; sgi) if test "$libtool" = yes; then "$@" "-Wp,-MDupdate,$tmpdepfile" else "$@" -MDupdate "$tmpdepfile" fi stat=$? if test $stat -ne 0; then rm -f "$tmpdepfile" exit $stat fi rm -f "$depfile" if test -f "$tmpdepfile"; then # yes, the sourcefile depend on other files echo "$object : \\" > "$depfile" # Clip off the initial element (the dependent). Don't try to be # clever and replace this with sed code, as IRIX sed won't handle # lines with more than a fixed number of characters (4096 in # IRIX 6.2 sed, 8192 in IRIX 6.5). We also remove comment lines; # the IRIX cc adds comments like '#:fec' to the end of the # dependency line. tr ' ' "$nl" < "$tmpdepfile" \ | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' \ | tr "$nl" ' ' >> "$depfile" echo >> "$depfile" # The second pass generates a dummy entry for each header file. tr ' ' "$nl" < "$tmpdepfile" \ | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' -e 's/$/:/' \ >> "$depfile" else make_dummy_depfile fi rm -f "$tmpdepfile" ;; xlc) # This case exists only to let depend.m4 do its work. It works by # looking at the text of this script. This case will never be run, # since it is checked for above. exit 1 ;; aix) # The C for AIX Compiler uses -M and outputs the dependencies # in a .u file. In older versions, this file always lives in the # current directory. Also, the AIX compiler puts '$object:' at the # start of each line; $object doesn't have directory information. # Version 6 uses the directory in both cases. set_dir_from "$object" set_base_from "$object" if test "$libtool" = yes; then tmpdepfile1=$dir$base.u tmpdepfile2=$base.u tmpdepfile3=$dir.libs/$base.u "$@" -Wc,-M else tmpdepfile1=$dir$base.u tmpdepfile2=$dir$base.u tmpdepfile3=$dir$base.u "$@" -M fi stat=$? if test $stat -ne 0; then rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" exit $stat fi for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" do test -f "$tmpdepfile" && break done aix_post_process_depfile ;; tcc) # tcc (Tiny C Compiler) understand '-MD -MF file' since version 0.9.26 # FIXME: That version still under development at the moment of writing. # Make that this statement remains true also for stable, released # versions. # It will wrap lines (doesn't matter whether long or short) with a # trailing '\', as in: # # foo.o : \ # foo.c \ # foo.h \ # # It will put a trailing '\' even on the last line, and will use leading # spaces rather than leading tabs (at least since its commit 0394caf7 # "Emit spaces for -MD"). "$@" -MD -MF "$tmpdepfile" stat=$? if test $stat -ne 0; then rm -f "$tmpdepfile" exit $stat fi rm -f "$depfile" # Each non-empty line is of the form 'foo.o : \' or ' dep.h \'. # We have to change lines of the first kind to '$object: \'. sed -e "s|.*:|$object :|" < "$tmpdepfile" > "$depfile" # And for each line of the second kind, we have to emit a 'dep.h:' # dummy dependency, to avoid the deleted-header problem. sed -n -e 's|^ *\(.*\) *\\$|\1:|p' < "$tmpdepfile" >> "$depfile" rm -f "$tmpdepfile" ;; ## The order of this option in the case statement is important, since the ## shell code in configure will try each of these formats in the order ## listed in this file. A plain '-MD' option would be understood by many ## compilers, so we must ensure this comes after the gcc and icc options. pgcc) # Portland's C compiler understands '-MD'. # Will always output deps to 'file.d' where file is the root name of the # source file under compilation, even if file resides in a subdirectory. # The object file name does not affect the name of the '.d' file. # pgcc 10.2 will output # foo.o: sub/foo.c sub/foo.h # and will wrap long lines using '\' : # foo.o: sub/foo.c ... \ # sub/foo.h ... \ # ... set_dir_from "$object" # Use the source, not the object, to determine the base name, since # that's sadly what pgcc will do too. set_base_from "$source" tmpdepfile=$base.d # For projects that build the same source file twice into different object # files, the pgcc approach of using the *source* file root name can cause # problems in parallel builds. Use a locking strategy to avoid stomping on # the same $tmpdepfile. lockdir=$base.d-lock trap " echo '$0: caught signal, cleaning up...' >&2 rmdir '$lockdir' exit 1 " 1 2 13 15 numtries=100 i=$numtries while test $i -gt 0; do # mkdir is a portable test-and-set. if mkdir "$lockdir" 2>/dev/null; then # This process acquired the lock. "$@" -MD stat=$? # Release the lock. rmdir "$lockdir" break else # If the lock is being held by a different process, wait # until the winning process is done or we timeout. while test -d "$lockdir" && test $i -gt 0; do sleep 1 i=`expr $i - 1` done fi i=`expr $i - 1` done trap - 1 2 13 15 if test $i -le 0; then echo "$0: failed to acquire lock after $numtries attempts" >&2 echo "$0: check lockdir '$lockdir'" >&2 exit 1 fi if test $stat -ne 0; then rm -f "$tmpdepfile" exit $stat fi rm -f "$depfile" # Each line is of the form `foo.o: dependent.h', # or `foo.o: dep1.h dep2.h \', or ` dep3.h dep4.h \'. # Do two passes, one to just change these to # `$object: dependent.h' and one to simply `dependent.h:'. sed "s,^[^:]*:,$object :," < "$tmpdepfile" > "$depfile" # Some versions of the HPUX 10.20 sed can't process this invocation # correctly. Breaking it into two sed invocations is a workaround. sed 's,^[^:]*: \(.*\)$,\1,;s/^\\$//;/^$/d;/:$/d' < "$tmpdepfile" \ | sed -e 's/$/ :/' >> "$depfile" rm -f "$tmpdepfile" ;; hp2) # The "hp" stanza above does not work with aCC (C++) and HP's ia64 # compilers, which have integrated preprocessors. The correct option # to use with these is +Maked; it writes dependencies to a file named # 'foo.d', which lands next to the object file, wherever that # happens to be. # Much of this is similar to the tru64 case; see comments there. set_dir_from "$object" set_base_from "$object" if test "$libtool" = yes; then tmpdepfile1=$dir$base.d tmpdepfile2=$dir.libs/$base.d "$@" -Wc,+Maked else tmpdepfile1=$dir$base.d tmpdepfile2=$dir$base.d "$@" +Maked fi stat=$? if test $stat -ne 0; then rm -f "$tmpdepfile1" "$tmpdepfile2" exit $stat fi for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" do test -f "$tmpdepfile" && break done if test -f "$tmpdepfile"; then sed -e "s,^.*\.[$lower]*:,$object:," "$tmpdepfile" > "$depfile" # Add 'dependent.h:' lines. sed -ne '2,${ s/^ *// s/ \\*$// s/$/:/ p }' "$tmpdepfile" >> "$depfile" else make_dummy_depfile fi rm -f "$tmpdepfile" "$tmpdepfile2" ;; tru64) # The Tru64 compiler uses -MD to generate dependencies as a side # effect. 'cc -MD -o foo.o ...' puts the dependencies into 'foo.o.d'. # At least on Alpha/Redhat 6.1, Compaq CCC V6.2-504 seems to put # dependencies in 'foo.d' instead, so we check for that too. # Subdirectories are respected. set_dir_from "$object" set_base_from "$object" if test "$libtool" = yes; then # Libtool generates 2 separate objects for the 2 libraries. These # two compilations output dependencies in $dir.libs/$base.o.d and # in $dir$base.o.d. We have to check for both files, because # one of the two compilations can be disabled. We should prefer # $dir$base.o.d over $dir.libs/$base.o.d because the latter is # automatically cleaned when .libs/ is deleted, while ignoring # the former would cause a distcleancheck panic. tmpdepfile1=$dir$base.o.d # libtool 1.5 tmpdepfile2=$dir.libs/$base.o.d # Likewise. tmpdepfile3=$dir.libs/$base.d # Compaq CCC V6.2-504 "$@" -Wc,-MD else tmpdepfile1=$dir$base.d tmpdepfile2=$dir$base.d tmpdepfile3=$dir$base.d "$@" -MD fi stat=$? if test $stat -ne 0; then rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" exit $stat fi for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" do test -f "$tmpdepfile" && break done # Same post-processing that is required for AIX mode. aix_post_process_depfile ;; msvc7) if test "$libtool" = yes; then showIncludes=-Wc,-showIncludes else showIncludes=-showIncludes fi "$@" $showIncludes > "$tmpdepfile" stat=$? grep -v '^Note: including file: ' "$tmpdepfile" if test $stat -ne 0; then rm -f "$tmpdepfile" exit $stat fi rm -f "$depfile" echo "$object : \\" > "$depfile" # The first sed program below extracts the file names and escapes # backslashes for cygpath. The second sed program outputs the file # name when reading, but also accumulates all include files in the # hold buffer in order to output them again at the end. This only # works with sed implementations that can handle large buffers. sed < "$tmpdepfile" -n ' /^Note: including file: *\(.*\)/ { s//\1/ s/\\/\\\\/g p }' | $cygpath_u | sort -u | sed -n ' s/ /\\ /g s/\(.*\)/'"$tab"'\1 \\/p s/.\(.*\) \\/\1:/ H $ { s/.*/'"$tab"'/ G p }' >> "$depfile" echo >> "$depfile" # make sure the fragment doesn't end with a backslash rm -f "$tmpdepfile" ;; msvc7msys) # This case exists only to let depend.m4 do its work. It works by # looking at the text of this script. This case will never be run, # since it is checked for above. exit 1 ;; #nosideeffect) # This comment above is used by automake to tell side-effect # dependency tracking mechanisms from slower ones. dashmstdout) # Important note: in order to support this mode, a compiler *must* # always write the preprocessed file to stdout, regardless of -o. "$@" || exit $? # Remove the call to Libtool. if test "$libtool" = yes; then while test "X$1" != 'X--mode=compile'; do shift done shift fi # Remove '-o $object'. IFS=" " for arg do case $arg in -o) shift ;; $object) shift ;; *) set fnord "$@" "$arg" shift # fnord shift # $arg ;; esac done test -z "$dashmflag" && dashmflag=-M # Require at least two characters before searching for ':' # in the target name. This is to cope with DOS-style filenames: # a dependency such as 'c:/foo/bar' could be seen as target 'c' otherwise. "$@" $dashmflag | sed "s|^[$tab ]*[^:$tab ][^:][^:]*:[$tab ]*|$object: |" > "$tmpdepfile" rm -f "$depfile" cat < "$tmpdepfile" > "$depfile" # Some versions of the HPUX 10.20 sed can't process this sed invocation # correctly. Breaking it into two sed invocations is a workaround. tr ' ' "$nl" < "$tmpdepfile" \ | sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' \ | sed -e 's/$/ :/' >> "$depfile" rm -f "$tmpdepfile" ;; dashXmstdout) # This case only exists to satisfy depend.m4. It is never actually # run, as this mode is specially recognized in the preamble. exit 1 ;; makedepend) "$@" || exit $? # Remove any Libtool call if test "$libtool" = yes; then while test "X$1" != 'X--mode=compile'; do shift done shift fi # X makedepend shift cleared=no eat=no for arg do case $cleared in no) set ""; shift cleared=yes ;; esac if test $eat = yes; then eat=no continue fi case "$arg" in -D*|-I*) set fnord "$@" "$arg"; shift ;; # Strip any option that makedepend may not understand. Remove # the object too, otherwise makedepend will parse it as a source file. -arch) eat=yes ;; -*|$object) ;; *) set fnord "$@" "$arg"; shift ;; esac done obj_suffix=`echo "$object" | sed 's/^.*\././'` touch "$tmpdepfile" ${MAKEDEPEND-makedepend} -o"$obj_suffix" -f"$tmpdepfile" "$@" rm -f "$depfile" # makedepend may prepend the VPATH from the source file name to the object. # No need to regex-escape $object, excess matching of '.' is harmless. sed "s|^.*\($object *:\)|\1|" "$tmpdepfile" > "$depfile" # Some versions of the HPUX 10.20 sed can't process the last invocation # correctly. Breaking it into two sed invocations is a workaround. sed '1,2d' "$tmpdepfile" \ | tr ' ' "$nl" \ | sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' \ | sed -e 's/$/ :/' >> "$depfile" rm -f "$tmpdepfile" "$tmpdepfile".bak ;; cpp) # Important note: in order to support this mode, a compiler *must* # always write the preprocessed file to stdout. "$@" || exit $? # Remove the call to Libtool. if test "$libtool" = yes; then while test "X$1" != 'X--mode=compile'; do shift done shift fi # Remove '-o $object'. IFS=" " for arg do case $arg in -o) shift ;; $object) shift ;; *) set fnord "$@" "$arg" shift # fnord shift # $arg ;; esac done "$@" -E \ | sed -n -e '/^# [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' \ -e '/^#line [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' \ | sed '$ s: \\$::' > "$tmpdepfile" rm -f "$depfile" echo "$object : \\" > "$depfile" cat < "$tmpdepfile" >> "$depfile" sed < "$tmpdepfile" '/^$/d;s/^ //;s/ \\$//;s/$/ :/' >> "$depfile" rm -f "$tmpdepfile" ;; msvisualcpp) # Important note: in order to support this mode, a compiler *must* # always write the preprocessed file to stdout. "$@" || exit $? # Remove the call to Libtool. if test "$libtool" = yes; then while test "X$1" != 'X--mode=compile'; do shift done shift fi IFS=" " for arg do case "$arg" in -o) shift ;; $object) shift ;; "-Gm"|"/Gm"|"-Gi"|"/Gi"|"-ZI"|"/ZI") set fnord "$@" shift shift ;; *) set fnord "$@" "$arg" shift shift ;; esac done "$@" -E 2>/dev/null | sed -n '/^#line [0-9][0-9]* "\([^"]*\)"/ s::\1:p' | $cygpath_u | sort -u > "$tmpdepfile" rm -f "$depfile" echo "$object : \\" > "$depfile" sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^\(.*\)$/ s::'"$tab"'\1 \\:p' >> "$depfile" echo "$tab" >> "$depfile" sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^\(.*\)$/ s::\1\::p' >> "$depfile" rm -f "$tmpdepfile" ;; msvcmsys) # This case exists only to let depend.m4 do its work. It works by # looking at the text of this script. This case will never be run, # since it is checked for above. exit 1 ;; none) exec "$@" ;; *) echo "Unknown depmode $depmode" 1>&2 exit 1 ;; esac exit 0 # Local Variables: # mode: shell-script # sh-indentation: 2 # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "scriptversion=" # time-stamp-format: "%:y-%02m-%02d.%02H" # time-stamp-time-zone: "UTC" # time-stamp-end: "; # UTC" # End: myproxy-6.2.16/build-aux/ltmain.sh0000644000175100017510000105152214557142523014010 00000000000000 # libtool (GNU libtool) 2.4.2 # Written by Gordon Matzigkeit , 1996 # Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, 2006, # 2007, 2008, 2009, 2010, 2011 Free Software Foundation, Inc. # This is free software; see the source for copying conditions. There is NO # warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. # GNU Libtool is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # As a special exception to the GNU General Public License, # if you distribute this file as part of a program or library that # is built using GNU Libtool, you may include this file under the # same distribution terms that you use for the rest of that program. # # GNU Libtool is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. # # You should have received a copy of the GNU General Public License # along with GNU Libtool; see the file COPYING. If not, a copy # can be downloaded from http://www.gnu.org/licenses/gpl.html, # or obtained by writing to the Free Software Foundation, Inc., # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. # Usage: $progname [OPTION]... [MODE-ARG]... # # Provide generalized library-building support services. # # --config show all configuration variables # --debug enable verbose shell tracing # -n, --dry-run display commands without modifying any files # --features display basic configuration information and exit # --mode=MODE use operation mode MODE # --preserve-dup-deps don't remove duplicate dependency libraries # --quiet, --silent don't print informational messages # --no-quiet, --no-silent # print informational messages (default) # --no-warn don't display warning messages # --tag=TAG use configuration variables from tag TAG # -v, --verbose print more informational messages than default # --no-verbose don't print the extra informational messages # --version print version information # -h, --help, --help-all print short, long, or detailed help message # # MODE must be one of the following: # # clean remove files from the build directory # compile compile a source file into a libtool object # execute automatically set library path, then run a program # finish complete the installation of libtool libraries # install install libraries or executables # link create a library or an executable # uninstall remove libraries from an installed directory # # MODE-ARGS vary depending on the MODE. When passed as first option, # `--mode=MODE' may be abbreviated as `MODE' or a unique abbreviation of that. # Try `$progname --help --mode=MODE' for a more detailed description of MODE. # # When reporting a bug, please describe a test case to reproduce it and # include the following information: # # host-triplet: $host # shell: $SHELL # compiler: $LTCC # compiler flags: $LTCFLAGS # linker: $LD (gnu? $with_gnu_ld) # $progname: (GNU libtool) 2.4.2 # automake: $automake_version # autoconf: $autoconf_version # # Report bugs to . # GNU libtool home page: . # General help using GNU software: . PROGRAM=libtool PACKAGE=libtool VERSION=2.4.2 TIMESTAMP="" package_revision=1.3337 # Be Bourne compatible if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then emulate sh NULLCMD=: # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which # is contrary to our usage. Disable this feature. alias -g '${1+"$@"}'='"$@"' setopt NO_GLOB_SUBST else case `(set -o) 2>/dev/null` in *posix*) set -o posix;; esac fi BIN_SH=xpg4; export BIN_SH # for Tru64 DUALCASE=1; export DUALCASE # for MKS sh # A function that is used when there is no print builtin or printf. func_fallback_echo () { eval 'cat <<_LTECHO_EOF $1 _LTECHO_EOF' } # NLS nuisances: We save the old values to restore during execute mode. lt_user_locale= lt_safe_locale= for lt_var in LANG LANGUAGE LC_ALL LC_CTYPE LC_COLLATE LC_MESSAGES do eval "if test \"\${$lt_var+set}\" = set; then save_$lt_var=\$$lt_var $lt_var=C export $lt_var lt_user_locale=\"$lt_var=\\\$save_\$lt_var; \$lt_user_locale\" lt_safe_locale=\"$lt_var=C; \$lt_safe_locale\" fi" done LC_ALL=C LANGUAGE=C export LANGUAGE LC_ALL $lt_unset CDPATH # Work around backward compatibility issue on IRIX 6.5. On IRIX 6.4+, sh # is ksh but when the shell is invoked as "sh" and the current value of # the _XPG environment variable is not equal to 1 (one), the special # positional parameter $0, within a function call, is the name of the # function. progpath="$0" : ${CP="cp -f"} test "${ECHO+set}" = set || ECHO=${as_echo-'printf %s\n'} : ${MAKE="make"} : ${MKDIR="mkdir"} : ${MV="mv -f"} : ${RM="rm -f"} : ${SHELL="${CONFIG_SHELL-/bin/sh}"} : ${Xsed="$SED -e 1s/^X//"} # Global variables: EXIT_SUCCESS=0 EXIT_FAILURE=1 EXIT_MISMATCH=63 # $? = 63 is used to indicate version mismatch to missing. EXIT_SKIP=77 # $? = 77 is used to indicate a skipped test to automake. exit_status=$EXIT_SUCCESS # Make sure IFS has a sensible default lt_nl=' ' IFS=" $lt_nl" dirname="s,/[^/]*$,," basename="s,^.*/,," # func_dirname file append nondir_replacement # Compute the dirname of FILE. If nonempty, add APPEND to the result, # otherwise set result to NONDIR_REPLACEMENT. func_dirname () { func_dirname_result=`$ECHO "${1}" | $SED "$dirname"` if test "X$func_dirname_result" = "X${1}"; then func_dirname_result="${3}" else func_dirname_result="$func_dirname_result${2}" fi } # func_dirname may be replaced by extended shell implementation # func_basename file func_basename () { func_basename_result=`$ECHO "${1}" | $SED "$basename"` } # func_basename may be replaced by extended shell implementation # func_dirname_and_basename file append nondir_replacement # perform func_basename and func_dirname in a single function # call: # dirname: Compute the dirname of FILE. If nonempty, # add APPEND to the result, otherwise set result # to NONDIR_REPLACEMENT. # value returned in "$func_dirname_result" # basename: Compute filename of FILE. # value retuned in "$func_basename_result" # Implementation must be kept synchronized with func_dirname # and func_basename. For efficiency, we do not delegate to # those functions but instead duplicate the functionality here. func_dirname_and_basename () { # Extract subdirectory from the argument. func_dirname_result=`$ECHO "${1}" | $SED -e "$dirname"` if test "X$func_dirname_result" = "X${1}"; then func_dirname_result="${3}" else func_dirname_result="$func_dirname_result${2}" fi func_basename_result=`$ECHO "${1}" | $SED -e "$basename"` } # func_dirname_and_basename may be replaced by extended shell implementation # func_stripname prefix suffix name # strip PREFIX and SUFFIX off of NAME. # PREFIX and SUFFIX must not contain globbing or regex special # characters, hashes, percent signs, but SUFFIX may contain a leading # dot (in which case that matches only a dot). # func_strip_suffix prefix name func_stripname () { case ${2} in .*) func_stripname_result=`$ECHO "${3}" | $SED "s%^${1}%%; s%\\\\${2}\$%%"`;; *) func_stripname_result=`$ECHO "${3}" | $SED "s%^${1}%%; s%${2}\$%%"`;; esac } # func_stripname may be replaced by extended shell implementation # These SED scripts presuppose an absolute path with a trailing slash. pathcar='s,^/\([^/]*\).*$,\1,' pathcdr='s,^/[^/]*,,' removedotparts=':dotsl s@/\./@/@g t dotsl s,/\.$,/,' collapseslashes='s@/\{1,\}@/@g' finalslash='s,/*$,/,' # func_normal_abspath PATH # Remove doubled-up and trailing slashes, "." path components, # and cancel out any ".." path components in PATH after making # it an absolute path. # value returned in "$func_normal_abspath_result" func_normal_abspath () { # Start from root dir and reassemble the path. func_normal_abspath_result= func_normal_abspath_tpath=$1 func_normal_abspath_altnamespace= case $func_normal_abspath_tpath in "") # Empty path, that just means $cwd. func_stripname '' '/' "`pwd`" func_normal_abspath_result=$func_stripname_result return ;; # The next three entries are used to spot a run of precisely # two leading slashes without using negated character classes; # we take advantage of case's first-match behaviour. ///*) # Unusual form of absolute path, do nothing. ;; //*) # Not necessarily an ordinary path; POSIX reserves leading '//' # and for example Cygwin uses it to access remote file shares # over CIFS/SMB, so we conserve a leading double slash if found. func_normal_abspath_altnamespace=/ ;; /*) # Absolute path, do nothing. ;; *) # Relative path, prepend $cwd. func_normal_abspath_tpath=`pwd`/$func_normal_abspath_tpath ;; esac # Cancel out all the simple stuff to save iterations. We also want # the path to end with a slash for ease of parsing, so make sure # there is one (and only one) here. func_normal_abspath_tpath=`$ECHO "$func_normal_abspath_tpath" | $SED \ -e "$removedotparts" -e "$collapseslashes" -e "$finalslash"` while :; do # Processed it all yet? if test "$func_normal_abspath_tpath" = / ; then # If we ascended to the root using ".." the result may be empty now. if test -z "$func_normal_abspath_result" ; then func_normal_abspath_result=/ fi break fi func_normal_abspath_tcomponent=`$ECHO "$func_normal_abspath_tpath" | $SED \ -e "$pathcar"` func_normal_abspath_tpath=`$ECHO "$func_normal_abspath_tpath" | $SED \ -e "$pathcdr"` # Figure out what to do with it case $func_normal_abspath_tcomponent in "") # Trailing empty path component, ignore it. ;; ..) # Parent dir; strip last assembled component from result. func_dirname "$func_normal_abspath_result" func_normal_abspath_result=$func_dirname_result ;; *) # Actual path component, append it. func_normal_abspath_result=$func_normal_abspath_result/$func_normal_abspath_tcomponent ;; esac done # Restore leading double-slash if one was found on entry. func_normal_abspath_result=$func_normal_abspath_altnamespace$func_normal_abspath_result } # func_relative_path SRCDIR DSTDIR # generates a relative path from SRCDIR to DSTDIR, with a trailing # slash if non-empty, suitable for immediately appending a filename # without needing to append a separator. # value returned in "$func_relative_path_result" func_relative_path () { func_relative_path_result= func_normal_abspath "$1" func_relative_path_tlibdir=$func_normal_abspath_result func_normal_abspath "$2" func_relative_path_tbindir=$func_normal_abspath_result # Ascend the tree starting from libdir while :; do # check if we have found a prefix of bindir case $func_relative_path_tbindir in $func_relative_path_tlibdir) # found an exact match func_relative_path_tcancelled= break ;; $func_relative_path_tlibdir*) # found a matching prefix func_stripname "$func_relative_path_tlibdir" '' "$func_relative_path_tbindir" func_relative_path_tcancelled=$func_stripname_result if test -z "$func_relative_path_result"; then func_relative_path_result=. fi break ;; *) func_dirname $func_relative_path_tlibdir func_relative_path_tlibdir=${func_dirname_result} if test "x$func_relative_path_tlibdir" = x ; then # Have to descend all the way to the root! func_relative_path_result=../$func_relative_path_result func_relative_path_tcancelled=$func_relative_path_tbindir break fi func_relative_path_result=../$func_relative_path_result ;; esac done # Now calculate path; take care to avoid doubling-up slashes. func_stripname '' '/' "$func_relative_path_result" func_relative_path_result=$func_stripname_result func_stripname '/' '/' "$func_relative_path_tcancelled" if test "x$func_stripname_result" != x ; then func_relative_path_result=${func_relative_path_result}/${func_stripname_result} fi # Normalisation. If bindir is libdir, return empty string, # else relative path ending with a slash; either way, target # file name can be directly appended. if test ! -z "$func_relative_path_result"; then func_stripname './' '' "$func_relative_path_result/" func_relative_path_result=$func_stripname_result fi } # The name of this program: func_dirname_and_basename "$progpath" progname=$func_basename_result # Make sure we have an absolute path for reexecution: case $progpath in [\\/]*|[A-Za-z]:\\*) ;; *[\\/]*) progdir=$func_dirname_result progdir=`cd "$progdir" && pwd` progpath="$progdir/$progname" ;; *) save_IFS="$IFS" IFS=${PATH_SEPARATOR-:} for progdir in $PATH; do IFS="$save_IFS" test -x "$progdir/$progname" && break done IFS="$save_IFS" test -n "$progdir" || progdir=`pwd` progpath="$progdir/$progname" ;; esac # Sed substitution that helps us do robust quoting. It backslashifies # metacharacters that are still active within double-quoted strings. Xsed="${SED}"' -e 1s/^X//' sed_quote_subst='s/\([`"$\\]\)/\\\1/g' # Same as above, but do not quote variable references. double_quote_subst='s/\(["`\\]\)/\\\1/g' # Sed substitution that turns a string into a regex matching for the # string literally. sed_make_literal_regex='s,[].[^$\\*\/],\\&,g' # Sed substitution that converts a w32 file name or path # which contains forward slashes, into one that contains # (escaped) backslashes. A very naive implementation. lt_sed_naive_backslashify='s|\\\\*|\\|g;s|/|\\|g;s|\\|\\\\|g' # Re-`\' parameter expansions in output of double_quote_subst that were # `\'-ed in input to the same. If an odd number of `\' preceded a '$' # in input to double_quote_subst, that '$' was protected from expansion. # Since each input `\' is now two `\'s, look for any number of runs of # four `\'s followed by two `\'s and then a '$'. `\' that '$'. bs='\\' bs2='\\\\' bs4='\\\\\\\\' dollar='\$' sed_double_backslash="\ s/$bs4/&\\ /g s/^$bs2$dollar/$bs&/ s/\\([^$bs]\\)$bs2$dollar/\\1$bs2$bs$dollar/g s/\n//g" # Standard options: opt_dry_run=false opt_help=false opt_quiet=false opt_verbose=false opt_warning=: # func_echo arg... # Echo program name prefixed message, along with the current mode # name if it has been set yet. func_echo () { $ECHO "$progname: ${opt_mode+$opt_mode: }$*" } # func_verbose arg... # Echo program name prefixed message in verbose mode only. func_verbose () { $opt_verbose && func_echo ${1+"$@"} # A bug in bash halts the script if the last line of a function # fails when set -e is in force, so we need another command to # work around that: : } # func_echo_all arg... # Invoke $ECHO with all args, space-separated. func_echo_all () { $ECHO "$*" } # func_error arg... # Echo program name prefixed message to standard error. func_error () { $ECHO "$progname: ${opt_mode+$opt_mode: }"${1+"$@"} 1>&2 } # func_warning arg... # Echo program name prefixed warning message to standard error. func_warning () { $opt_warning && $ECHO "$progname: ${opt_mode+$opt_mode: }warning: "${1+"$@"} 1>&2 # bash bug again: : } # func_fatal_error arg... # Echo program name prefixed message to standard error, and exit. func_fatal_error () { func_error ${1+"$@"} exit $EXIT_FAILURE } # func_fatal_help arg... # Echo program name prefixed message to standard error, followed by # a help hint, and exit. func_fatal_help () { func_error ${1+"$@"} func_fatal_error "$help" } help="Try \`$progname --help' for more information." ## default # func_grep expression filename # Check whether EXPRESSION matches any line of FILENAME, without output. func_grep () { $GREP "$1" "$2" >/dev/null 2>&1 } # func_mkdir_p directory-path # Make sure the entire path to DIRECTORY-PATH is available. func_mkdir_p () { my_directory_path="$1" my_dir_list= if test -n "$my_directory_path" && test "$opt_dry_run" != ":"; then # Protect directory names starting with `-' case $my_directory_path in -*) my_directory_path="./$my_directory_path" ;; esac # While some portion of DIR does not yet exist... while test ! -d "$my_directory_path"; do # ...make a list in topmost first order. Use a colon delimited # list incase some portion of path contains whitespace. my_dir_list="$my_directory_path:$my_dir_list" # If the last portion added has no slash in it, the list is done case $my_directory_path in */*) ;; *) break ;; esac # ...otherwise throw away the child directory and loop my_directory_path=`$ECHO "$my_directory_path" | $SED -e "$dirname"` done my_dir_list=`$ECHO "$my_dir_list" | $SED 's,:*$,,'` save_mkdir_p_IFS="$IFS"; IFS=':' for my_dir in $my_dir_list; do IFS="$save_mkdir_p_IFS" # mkdir can fail with a `File exist' error if two processes # try to create one of the directories concurrently. Don't # stop in that case! $MKDIR "$my_dir" 2>/dev/null || : done IFS="$save_mkdir_p_IFS" # Bail out if we (or some other process) failed to create a directory. test -d "$my_directory_path" || \ func_fatal_error "Failed to create \`$1'" fi } # func_mktempdir [string] # Make a temporary directory that won't clash with other running # libtool processes, and avoids race conditions if possible. If # given, STRING is the basename for that directory. func_mktempdir () { my_template="${TMPDIR-/tmp}/${1-$progname}" if test "$opt_dry_run" = ":"; then # Return a directory name, but don't create it in dry-run mode my_tmpdir="${my_template}-$$" else # If mktemp works, use that first and foremost my_tmpdir=`mktemp -d "${my_template}-XXXXXXXX" 2>/dev/null` if test ! -d "$my_tmpdir"; then # Failing that, at least try and use $RANDOM to avoid a race my_tmpdir="${my_template}-${RANDOM-0}$$" save_mktempdir_umask=`umask` umask 0077 $MKDIR "$my_tmpdir" umask $save_mktempdir_umask fi # If we're not in dry-run mode, bomb out on failure test -d "$my_tmpdir" || \ func_fatal_error "cannot create temporary directory \`$my_tmpdir'" fi $ECHO "$my_tmpdir" } # func_quote_for_eval arg # Aesthetically quote ARG to be evaled later. # This function returns two values: FUNC_QUOTE_FOR_EVAL_RESULT # is double-quoted, suitable for a subsequent eval, whereas # FUNC_QUOTE_FOR_EVAL_UNQUOTED_RESULT has merely all characters # which are still active within double quotes backslashified. func_quote_for_eval () { case $1 in *[\\\`\"\$]*) func_quote_for_eval_unquoted_result=`$ECHO "$1" | $SED "$sed_quote_subst"` ;; *) func_quote_for_eval_unquoted_result="$1" ;; esac case $func_quote_for_eval_unquoted_result in # Double-quote args containing shell metacharacters to delay # word splitting, command substitution and and variable # expansion for a subsequent eval. # Many Bourne shells cannot handle close brackets correctly # in scan sets, so we specify it separately. *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") func_quote_for_eval_result="\"$func_quote_for_eval_unquoted_result\"" ;; *) func_quote_for_eval_result="$func_quote_for_eval_unquoted_result" esac } # func_quote_for_expand arg # Aesthetically quote ARG to be evaled later; same as above, # but do not quote variable references. func_quote_for_expand () { case $1 in *[\\\`\"]*) my_arg=`$ECHO "$1" | $SED \ -e "$double_quote_subst" -e "$sed_double_backslash"` ;; *) my_arg="$1" ;; esac case $my_arg in # Double-quote args containing shell metacharacters to delay # word splitting and command substitution for a subsequent eval. # Many Bourne shells cannot handle close brackets correctly # in scan sets, so we specify it separately. *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") my_arg="\"$my_arg\"" ;; esac func_quote_for_expand_result="$my_arg" } # func_show_eval cmd [fail_exp] # Unless opt_silent is true, then output CMD. Then, if opt_dryrun is # not true, evaluate CMD. If the evaluation of CMD fails, and FAIL_EXP # is given, then evaluate it. func_show_eval () { my_cmd="$1" my_fail_exp="${2-:}" ${opt_silent-false} || { func_quote_for_expand "$my_cmd" eval "func_echo $func_quote_for_expand_result" } if ${opt_dry_run-false}; then :; else eval "$my_cmd" my_status=$? if test "$my_status" -eq 0; then :; else eval "(exit $my_status); $my_fail_exp" fi fi } # func_show_eval_locale cmd [fail_exp] # Unless opt_silent is true, then output CMD. Then, if opt_dryrun is # not true, evaluate CMD. If the evaluation of CMD fails, and FAIL_EXP # is given, then evaluate it. Use the saved locale for evaluation. func_show_eval_locale () { my_cmd="$1" my_fail_exp="${2-:}" ${opt_silent-false} || { func_quote_for_expand "$my_cmd" eval "func_echo $func_quote_for_expand_result" } if ${opt_dry_run-false}; then :; else eval "$lt_user_locale $my_cmd" my_status=$? eval "$lt_safe_locale" if test "$my_status" -eq 0; then :; else eval "(exit $my_status); $my_fail_exp" fi fi } # func_tr_sh # Turn $1 into a string suitable for a shell variable name. # Result is stored in $func_tr_sh_result. All characters # not in the set a-zA-Z0-9_ are replaced with '_'. Further, # if $1 begins with a digit, a '_' is prepended as well. func_tr_sh () { case $1 in [0-9]* | *[!a-zA-Z0-9_]*) func_tr_sh_result=`$ECHO "$1" | $SED 's/^\([0-9]\)/_\1/; s/[^a-zA-Z0-9_]/_/g'` ;; * ) func_tr_sh_result=$1 ;; esac } # func_version # Echo version message to standard output and exit. func_version () { $opt_debug $SED -n '/(C)/!b go :more /\./!{ N s/\n# / / b more } :go /^# '$PROGRAM' (GNU /,/# warranty; / { s/^# // s/^# *$// s/\((C)\)[ 0-9,-]*\( [1-9][0-9]*\)/\1\2/ p }' < "$progpath" exit $? } # func_usage # Echo short help message to standard output and exit. func_usage () { $opt_debug $SED -n '/^# Usage:/,/^# *.*--help/ { s/^# // s/^# *$// s/\$progname/'$progname'/ p }' < "$progpath" echo $ECHO "run \`$progname --help | more' for full usage" exit $? } # func_help [NOEXIT] # Echo long help message to standard output and exit, # unless 'noexit' is passed as argument. func_help () { $opt_debug $SED -n '/^# Usage:/,/# Report bugs to/ { :print s/^# // s/^# *$// s*\$progname*'$progname'* s*\$host*'"$host"'* s*\$SHELL*'"$SHELL"'* s*\$LTCC*'"$LTCC"'* s*\$LTCFLAGS*'"$LTCFLAGS"'* s*\$LD*'"$LD"'* s/\$with_gnu_ld/'"$with_gnu_ld"'/ s/\$automake_version/'"`(${AUTOMAKE-automake} --version) 2>/dev/null |$SED 1q`"'/ s/\$autoconf_version/'"`(${AUTOCONF-autoconf} --version) 2>/dev/null |$SED 1q`"'/ p d } /^# .* home page:/b print /^# General help using/b print ' < "$progpath" ret=$? if test -z "$1"; then exit $ret fi } # func_missing_arg argname # Echo program name prefixed message to standard error and set global # exit_cmd. func_missing_arg () { $opt_debug func_error "missing argument for $1." exit_cmd=exit } # func_split_short_opt shortopt # Set func_split_short_opt_name and func_split_short_opt_arg shell # variables after splitting SHORTOPT after the 2nd character. func_split_short_opt () { my_sed_short_opt='1s/^\(..\).*$/\1/;q' my_sed_short_rest='1s/^..\(.*\)$/\1/;q' func_split_short_opt_name=`$ECHO "$1" | $SED "$my_sed_short_opt"` func_split_short_opt_arg=`$ECHO "$1" | $SED "$my_sed_short_rest"` } # func_split_short_opt may be replaced by extended shell implementation # func_split_long_opt longopt # Set func_split_long_opt_name and func_split_long_opt_arg shell # variables after splitting LONGOPT at the `=' sign. func_split_long_opt () { my_sed_long_opt='1s/^\(--[^=]*\)=.*/\1/;q' my_sed_long_arg='1s/^--[^=]*=//' func_split_long_opt_name=`$ECHO "$1" | $SED "$my_sed_long_opt"` func_split_long_opt_arg=`$ECHO "$1" | $SED "$my_sed_long_arg"` } # func_split_long_opt may be replaced by extended shell implementation exit_cmd=: magic="%%%MAGIC variable%%%" magic_exe="%%%MAGIC EXE variable%%%" # Global variables. nonopt= preserve_args= lo2o="s/\\.lo\$/.${objext}/" o2lo="s/\\.${objext}\$/.lo/" extracted_archives= extracted_serial=0 # If this variable is set in any of the actions, the command in it # will be execed at the end. This prevents here-documents from being # left over by shells. exec_cmd= # func_append var value # Append VALUE to the end of shell variable VAR. func_append () { eval "${1}=\$${1}\${2}" } # func_append may be replaced by extended shell implementation # func_append_quoted var value # Quote VALUE and append to the end of shell variable VAR, separated # by a space. func_append_quoted () { func_quote_for_eval "${2}" eval "${1}=\$${1}\\ \$func_quote_for_eval_result" } # func_append_quoted may be replaced by extended shell implementation # func_arith arithmetic-term... func_arith () { func_arith_result=`expr "${@}"` } # func_arith may be replaced by extended shell implementation # func_len string # STRING may not start with a hyphen. func_len () { func_len_result=`expr "${1}" : ".*" 2>/dev/null || echo $max_cmd_len` } # func_len may be replaced by extended shell implementation # func_lo2o object func_lo2o () { func_lo2o_result=`$ECHO "${1}" | $SED "$lo2o"` } # func_lo2o may be replaced by extended shell implementation # func_xform libobj-or-source func_xform () { func_xform_result=`$ECHO "${1}" | $SED 's/\.[^.]*$/.lo/'` } # func_xform may be replaced by extended shell implementation # func_fatal_configuration arg... # Echo program name prefixed message to standard error, followed by # a configuration failure hint, and exit. func_fatal_configuration () { func_error ${1+"$@"} func_error "See the $PACKAGE documentation for more information." func_fatal_error "Fatal configuration error." } # func_config # Display the configuration for all the tags in this script. func_config () { re_begincf='^# ### BEGIN LIBTOOL' re_endcf='^# ### END LIBTOOL' # Default configuration. $SED "1,/$re_begincf CONFIG/d;/$re_endcf CONFIG/,\$d" < "$progpath" # Now print the configurations for the tags. for tagname in $taglist; do $SED -n "/$re_begincf TAG CONFIG: $tagname\$/,/$re_endcf TAG CONFIG: $tagname\$/p" < "$progpath" done exit $? } # func_features # Display the features supported by this script. func_features () { echo "host: $host" if test "$build_libtool_libs" = yes; then echo "enable shared libraries" else echo "disable shared libraries" fi if test "$build_old_libs" = yes; then echo "enable static libraries" else echo "disable static libraries" fi exit $? } # func_enable_tag tagname # Verify that TAGNAME is valid, and either flag an error and exit, or # enable the TAGNAME tag. We also add TAGNAME to the global $taglist # variable here. func_enable_tag () { # Global variable: tagname="$1" re_begincf="^# ### BEGIN LIBTOOL TAG CONFIG: $tagname\$" re_endcf="^# ### END LIBTOOL TAG CONFIG: $tagname\$" sed_extractcf="/$re_begincf/,/$re_endcf/p" # Validate tagname. case $tagname in *[!-_A-Za-z0-9,/]*) func_fatal_error "invalid tag name: $tagname" ;; esac # Don't test for the "default" C tag, as we know it's # there but not specially marked. case $tagname in CC) ;; *) if $GREP "$re_begincf" "$progpath" >/dev/null 2>&1; then taglist="$taglist $tagname" # Evaluate the configuration. Be careful to quote the path # and the sed script, to avoid splitting on whitespace, but # also don't use non-portable quotes within backquotes within # quotes we have to do it in 2 steps: extractedcf=`$SED -n -e "$sed_extractcf" < "$progpath"` eval "$extractedcf" else func_error "ignoring unknown tag $tagname" fi ;; esac } # func_check_version_match # Ensure that we are using m4 macros, and libtool script from the same # release of libtool. func_check_version_match () { if test "$package_revision" != "$macro_revision"; then if test "$VERSION" != "$macro_version"; then if test -z "$macro_version"; then cat >&2 <<_LT_EOF $progname: Version mismatch error. This is $PACKAGE $VERSION, but the $progname: definition of this LT_INIT comes from an older release. $progname: You should recreate aclocal.m4 with macros from $PACKAGE $VERSION $progname: and run autoconf again. _LT_EOF else cat >&2 <<_LT_EOF $progname: Version mismatch error. This is $PACKAGE $VERSION, but the $progname: definition of this LT_INIT comes from $PACKAGE $macro_version. $progname: You should recreate aclocal.m4 with macros from $PACKAGE $VERSION $progname: and run autoconf again. _LT_EOF fi else cat >&2 <<_LT_EOF $progname: Version mismatch error. This is $PACKAGE $VERSION, revision $package_revision, $progname: but the definition of this LT_INIT comes from revision $macro_revision. $progname: You should recreate aclocal.m4 with macros from revision $package_revision $progname: of $PACKAGE $VERSION and run autoconf again. _LT_EOF fi exit $EXIT_MISMATCH fi } # Shorthand for --mode=foo, only valid as the first argument case $1 in clean|clea|cle|cl) shift; set dummy --mode clean ${1+"$@"}; shift ;; compile|compil|compi|comp|com|co|c) shift; set dummy --mode compile ${1+"$@"}; shift ;; execute|execut|execu|exec|exe|ex|e) shift; set dummy --mode execute ${1+"$@"}; shift ;; finish|finis|fini|fin|fi|f) shift; set dummy --mode finish ${1+"$@"}; shift ;; install|instal|insta|inst|ins|in|i) shift; set dummy --mode install ${1+"$@"}; shift ;; link|lin|li|l) shift; set dummy --mode link ${1+"$@"}; shift ;; uninstall|uninstal|uninsta|uninst|unins|unin|uni|un|u) shift; set dummy --mode uninstall ${1+"$@"}; shift ;; esac # Option defaults: opt_debug=: opt_dry_run=false opt_config=false opt_preserve_dup_deps=false opt_features=false opt_finish=false opt_help=false opt_help_all=false opt_silent=: opt_warning=: opt_verbose=: opt_silent=false opt_verbose=false # Parse options once, thoroughly. This comes as soon as possible in the # script to make things like `--version' happen as quickly as we can. { # this just eases exit handling while test $# -gt 0; do opt="$1" shift case $opt in --debug|-x) opt_debug='set -x' func_echo "enabling shell trace mode" $opt_debug ;; --dry-run|--dryrun|-n) opt_dry_run=: ;; --config) opt_config=: func_config ;; --dlopen|-dlopen) optarg="$1" opt_dlopen="${opt_dlopen+$opt_dlopen }$optarg" shift ;; --preserve-dup-deps) opt_preserve_dup_deps=: ;; --features) opt_features=: func_features ;; --finish) opt_finish=: set dummy --mode finish ${1+"$@"}; shift ;; --help) opt_help=: ;; --help-all) opt_help_all=: opt_help=': help-all' ;; --mode) test $# = 0 && func_missing_arg $opt && break optarg="$1" opt_mode="$optarg" case $optarg in # Valid mode arguments: clean|compile|execute|finish|install|link|relink|uninstall) ;; # Catch anything else as an error *) func_error "invalid argument for $opt" exit_cmd=exit break ;; esac shift ;; --no-silent|--no-quiet) opt_silent=false func_append preserve_args " $opt" ;; --no-warning|--no-warn) opt_warning=false func_append preserve_args " $opt" ;; --no-verbose) opt_verbose=false func_append preserve_args " $opt" ;; --silent|--quiet) opt_silent=: func_append preserve_args " $opt" opt_verbose=false ;; --verbose|-v) opt_verbose=: func_append preserve_args " $opt" opt_silent=false ;; --tag) test $# = 0 && func_missing_arg $opt && break optarg="$1" opt_tag="$optarg" func_append preserve_args " $opt $optarg" func_enable_tag "$optarg" shift ;; -\?|-h) func_usage ;; --help) func_help ;; --version) func_version ;; # Separate optargs to long options: --*=*) func_split_long_opt "$opt" set dummy "$func_split_long_opt_name" "$func_split_long_opt_arg" ${1+"$@"} shift ;; # Separate non-argument short options: -\?*|-h*|-n*|-v*) func_split_short_opt "$opt" set dummy "$func_split_short_opt_name" "-$func_split_short_opt_arg" ${1+"$@"} shift ;; --) break ;; -*) func_fatal_help "unrecognized option \`$opt'" ;; *) set dummy "$opt" ${1+"$@"}; shift; break ;; esac done # Validate options: # save first non-option argument if test "$#" -gt 0; then nonopt="$opt" shift fi # preserve --debug test "$opt_debug" = : || func_append preserve_args " --debug" case $host in *cygwin* | *mingw* | *pw32* | *cegcc*) # don't eliminate duplications in $postdeps and $predeps opt_duplicate_compiler_generated_deps=: ;; *) opt_duplicate_compiler_generated_deps=$opt_preserve_dup_deps ;; esac $opt_help || { # Sanity checks first: func_check_version_match if test "$build_libtool_libs" != yes && test "$build_old_libs" != yes; then func_fatal_configuration "not configured to build any kind of library" fi # Darwin sucks eval std_shrext=\"$shrext_cmds\" # Only execute mode is allowed to have -dlopen flags. if test -n "$opt_dlopen" && test "$opt_mode" != execute; then func_error "unrecognized option \`-dlopen'" $ECHO "$help" 1>&2 exit $EXIT_FAILURE fi # Change the help message to a mode-specific one. generic_help="$help" help="Try \`$progname --help --mode=$opt_mode' for more information." } # Bail if the options were screwed $exit_cmd $EXIT_FAILURE } ## ----------- ## ## Main. ## ## ----------- ## # func_lalib_p file # True iff FILE is a libtool `.la' library or `.lo' object file. # This function is only a basic sanity check; it will hardly flush out # determined imposters. func_lalib_p () { test -f "$1" && $SED -e 4q "$1" 2>/dev/null \ | $GREP "^# Generated by .*$PACKAGE" > /dev/null 2>&1 } # func_lalib_unsafe_p file # True iff FILE is a libtool `.la' library or `.lo' object file. # This function implements the same check as func_lalib_p without # resorting to external programs. To this end, it redirects stdin and # closes it afterwards, without saving the original file descriptor. # As a safety measure, use it only where a negative result would be # fatal anyway. Works if `file' does not exist. func_lalib_unsafe_p () { lalib_p=no if test -f "$1" && test -r "$1" && exec 5<&0 <"$1"; then for lalib_p_l in 1 2 3 4 do read lalib_p_line case "$lalib_p_line" in \#\ Generated\ by\ *$PACKAGE* ) lalib_p=yes; break;; esac done exec 0<&5 5<&- fi test "$lalib_p" = yes } # func_ltwrapper_script_p file # True iff FILE is a libtool wrapper script # This function is only a basic sanity check; it will hardly flush out # determined imposters. func_ltwrapper_script_p () { func_lalib_p "$1" } # func_ltwrapper_executable_p file # True iff FILE is a libtool wrapper executable # This function is only a basic sanity check; it will hardly flush out # determined imposters. func_ltwrapper_executable_p () { func_ltwrapper_exec_suffix= case $1 in *.exe) ;; *) func_ltwrapper_exec_suffix=.exe ;; esac $GREP "$magic_exe" "$1$func_ltwrapper_exec_suffix" >/dev/null 2>&1 } # func_ltwrapper_scriptname file # Assumes file is an ltwrapper_executable # uses $file to determine the appropriate filename for a # temporary ltwrapper_script. func_ltwrapper_scriptname () { func_dirname_and_basename "$1" "" "." func_stripname '' '.exe' "$func_basename_result" func_ltwrapper_scriptname_result="$func_dirname_result/$objdir/${func_stripname_result}_ltshwrapper" } # func_ltwrapper_p file # True iff FILE is a libtool wrapper script or wrapper executable # This function is only a basic sanity check; it will hardly flush out # determined imposters. func_ltwrapper_p () { func_ltwrapper_script_p "$1" || func_ltwrapper_executable_p "$1" } # func_execute_cmds commands fail_cmd # Execute tilde-delimited COMMANDS. # If FAIL_CMD is given, eval that upon failure. # FAIL_CMD may read-access the current command in variable CMD! func_execute_cmds () { $opt_debug save_ifs=$IFS; IFS='~' for cmd in $1; do IFS=$save_ifs eval cmd=\"$cmd\" func_show_eval "$cmd" "${2-:}" done IFS=$save_ifs } # func_source file # Source FILE, adding directory component if necessary. # Note that it is not necessary on cygwin/mingw to append a dot to # FILE even if both FILE and FILE.exe exist: automatic-append-.exe # behavior happens only for exec(3), not for open(2)! Also, sourcing # `FILE.' does not work on cygwin managed mounts. func_source () { $opt_debug case $1 in */* | *\\*) . "$1" ;; *) . "./$1" ;; esac } # func_resolve_sysroot PATH # Replace a leading = in PATH with a sysroot. Store the result into # func_resolve_sysroot_result func_resolve_sysroot () { func_resolve_sysroot_result=$1 case $func_resolve_sysroot_result in =*) func_stripname '=' '' "$func_resolve_sysroot_result" func_resolve_sysroot_result=$lt_sysroot$func_stripname_result ;; esac } # func_replace_sysroot PATH # If PATH begins with the sysroot, replace it with = and # store the result into func_replace_sysroot_result. func_replace_sysroot () { case "$lt_sysroot:$1" in ?*:"$lt_sysroot"*) func_stripname "$lt_sysroot" '' "$1" func_replace_sysroot_result="=$func_stripname_result" ;; *) # Including no sysroot. func_replace_sysroot_result=$1 ;; esac } # func_infer_tag arg # Infer tagged configuration to use if any are available and # if one wasn't chosen via the "--tag" command line option. # Only attempt this if the compiler in the base compile # command doesn't match the default compiler. # arg is usually of the form 'gcc ...' func_infer_tag () { $opt_debug if test -n "$available_tags" && test -z "$tagname"; then CC_quoted= for arg in $CC; do func_append_quoted CC_quoted "$arg" done CC_expanded=`func_echo_all $CC` CC_quoted_expanded=`func_echo_all $CC_quoted` case $@ in # Blanks in the command may have been stripped by the calling shell, # but not from the CC environment variable when configure was run. " $CC "* | "$CC "* | " $CC_expanded "* | "$CC_expanded "* | \ " $CC_quoted"* | "$CC_quoted "* | " $CC_quoted_expanded "* | "$CC_quoted_expanded "*) ;; # Blanks at the start of $base_compile will cause this to fail # if we don't check for them as well. *) for z in $available_tags; do if $GREP "^# ### BEGIN LIBTOOL TAG CONFIG: $z$" < "$progpath" > /dev/null; then # Evaluate the configuration. eval "`${SED} -n -e '/^# ### BEGIN LIBTOOL TAG CONFIG: '$z'$/,/^# ### END LIBTOOL TAG CONFIG: '$z'$/p' < $progpath`" CC_quoted= for arg in $CC; do # Double-quote args containing other shell metacharacters. func_append_quoted CC_quoted "$arg" done CC_expanded=`func_echo_all $CC` CC_quoted_expanded=`func_echo_all $CC_quoted` case "$@ " in " $CC "* | "$CC "* | " $CC_expanded "* | "$CC_expanded "* | \ " $CC_quoted"* | "$CC_quoted "* | " $CC_quoted_expanded "* | "$CC_quoted_expanded "*) # The compiler in the base compile command matches # the one in the tagged configuration. # Assume this is the tagged configuration we want. tagname=$z break ;; esac fi done # If $tagname still isn't set, then no tagged configuration # was found and let the user know that the "--tag" command # line option must be used. if test -z "$tagname"; then func_echo "unable to infer tagged configuration" func_fatal_error "specify a tag with \`--tag'" # else # func_verbose "using $tagname tagged configuration" fi ;; esac fi } # func_write_libtool_object output_name pic_name nonpic_name # Create a libtool object file (analogous to a ".la" file), # but don't create it if we're doing a dry run. func_write_libtool_object () { write_libobj=${1} if test "$build_libtool_libs" = yes; then write_lobj=\'${2}\' else write_lobj=none fi if test "$build_old_libs" = yes; then write_oldobj=\'${3}\' else write_oldobj=none fi $opt_dry_run || { cat >${write_libobj}T </dev/null` if test "$?" -eq 0 && test -n "${func_convert_core_file_wine_to_w32_tmp}"; then func_convert_core_file_wine_to_w32_result=`$ECHO "$func_convert_core_file_wine_to_w32_tmp" | $SED -e "$lt_sed_naive_backslashify"` else func_convert_core_file_wine_to_w32_result= fi fi } # end: func_convert_core_file_wine_to_w32 # func_convert_core_path_wine_to_w32 ARG # Helper function used by path conversion functions when $build is *nix, and # $host is mingw, cygwin, or some other w32 environment. Relies on a correctly # configured wine environment available, with the winepath program in $build's # $PATH. Assumes ARG has no leading or trailing path separator characters. # # ARG is path to be converted from $build format to win32. # Result is available in $func_convert_core_path_wine_to_w32_result. # Unconvertible file (directory) names in ARG are skipped; if no directory names # are convertible, then the result may be empty. func_convert_core_path_wine_to_w32 () { $opt_debug # unfortunately, winepath doesn't convert paths, only file names func_convert_core_path_wine_to_w32_result="" if test -n "$1"; then oldIFS=$IFS IFS=: for func_convert_core_path_wine_to_w32_f in $1; do IFS=$oldIFS func_convert_core_file_wine_to_w32 "$func_convert_core_path_wine_to_w32_f" if test -n "$func_convert_core_file_wine_to_w32_result" ; then if test -z "$func_convert_core_path_wine_to_w32_result"; then func_convert_core_path_wine_to_w32_result="$func_convert_core_file_wine_to_w32_result" else func_append func_convert_core_path_wine_to_w32_result ";$func_convert_core_file_wine_to_w32_result" fi fi done IFS=$oldIFS fi } # end: func_convert_core_path_wine_to_w32 # func_cygpath ARGS... # Wrapper around calling the cygpath program via LT_CYGPATH. This is used when # when (1) $build is *nix and Cygwin is hosted via a wine environment; or (2) # $build is MSYS and $host is Cygwin, or (3) $build is Cygwin. In case (1) or # (2), returns the Cygwin file name or path in func_cygpath_result (input # file name or path is assumed to be in w32 format, as previously converted # from $build's *nix or MSYS format). In case (3), returns the w32 file name # or path in func_cygpath_result (input file name or path is assumed to be in # Cygwin format). Returns an empty string on error. # # ARGS are passed to cygpath, with the last one being the file name or path to # be converted. # # Specify the absolute *nix (or w32) name to cygpath in the LT_CYGPATH # environment variable; do not put it in $PATH. func_cygpath () { $opt_debug if test -n "$LT_CYGPATH" && test -f "$LT_CYGPATH"; then func_cygpath_result=`$LT_CYGPATH "$@" 2>/dev/null` if test "$?" -ne 0; then # on failure, ensure result is empty func_cygpath_result= fi else func_cygpath_result= func_error "LT_CYGPATH is empty or specifies non-existent file: \`$LT_CYGPATH'" fi } #end: func_cygpath # func_convert_core_msys_to_w32 ARG # Convert file name or path ARG from MSYS format to w32 format. Return # result in func_convert_core_msys_to_w32_result. func_convert_core_msys_to_w32 () { $opt_debug # awkward: cmd appends spaces to result func_convert_core_msys_to_w32_result=`( cmd //c echo "$1" ) 2>/dev/null | $SED -e 's/[ ]*$//' -e "$lt_sed_naive_backslashify"` } #end: func_convert_core_msys_to_w32 # func_convert_file_check ARG1 ARG2 # Verify that ARG1 (a file name in $build format) was converted to $host # format in ARG2. Otherwise, emit an error message, but continue (resetting # func_to_host_file_result to ARG1). func_convert_file_check () { $opt_debug if test -z "$2" && test -n "$1" ; then func_error "Could not determine host file name corresponding to" func_error " \`$1'" func_error "Continuing, but uninstalled executables may not work." # Fallback: func_to_host_file_result="$1" fi } # end func_convert_file_check # func_convert_path_check FROM_PATHSEP TO_PATHSEP FROM_PATH TO_PATH # Verify that FROM_PATH (a path in $build format) was converted to $host # format in TO_PATH. Otherwise, emit an error message, but continue, resetting # func_to_host_file_result to a simplistic fallback value (see below). func_convert_path_check () { $opt_debug if test -z "$4" && test -n "$3"; then func_error "Could not determine the host path corresponding to" func_error " \`$3'" func_error "Continuing, but uninstalled executables may not work." # Fallback. This is a deliberately simplistic "conversion" and # should not be "improved". See libtool.info. if test "x$1" != "x$2"; then lt_replace_pathsep_chars="s|$1|$2|g" func_to_host_path_result=`echo "$3" | $SED -e "$lt_replace_pathsep_chars"` else func_to_host_path_result="$3" fi fi } # end func_convert_path_check # func_convert_path_front_back_pathsep FRONTPAT BACKPAT REPL ORIG # Modifies func_to_host_path_result by prepending REPL if ORIG matches FRONTPAT # and appending REPL if ORIG matches BACKPAT. func_convert_path_front_back_pathsep () { $opt_debug case $4 in $1 ) func_to_host_path_result="$3$func_to_host_path_result" ;; esac case $4 in $2 ) func_append func_to_host_path_result "$3" ;; esac } # end func_convert_path_front_back_pathsep ################################################## # $build to $host FILE NAME CONVERSION FUNCTIONS # ################################################## # invoked via `$to_host_file_cmd ARG' # # In each case, ARG is the path to be converted from $build to $host format. # Result will be available in $func_to_host_file_result. # func_to_host_file ARG # Converts the file name ARG from $build format to $host format. Return result # in func_to_host_file_result. func_to_host_file () { $opt_debug $to_host_file_cmd "$1" } # end func_to_host_file # func_to_tool_file ARG LAZY # converts the file name ARG from $build format to toolchain format. Return # result in func_to_tool_file_result. If the conversion in use is listed # in (the comma separated) LAZY, no conversion takes place. func_to_tool_file () { $opt_debug case ,$2, in *,"$to_tool_file_cmd",*) func_to_tool_file_result=$1 ;; *) $to_tool_file_cmd "$1" func_to_tool_file_result=$func_to_host_file_result ;; esac } # end func_to_tool_file # func_convert_file_noop ARG # Copy ARG to func_to_host_file_result. func_convert_file_noop () { func_to_host_file_result="$1" } # end func_convert_file_noop # func_convert_file_msys_to_w32 ARG # Convert file name ARG from (mingw) MSYS to (mingw) w32 format; automatic # conversion to w32 is not available inside the cwrapper. Returns result in # func_to_host_file_result. func_convert_file_msys_to_w32 () { $opt_debug func_to_host_file_result="$1" if test -n "$1"; then func_convert_core_msys_to_w32 "$1" func_to_host_file_result="$func_convert_core_msys_to_w32_result" fi func_convert_file_check "$1" "$func_to_host_file_result" } # end func_convert_file_msys_to_w32 # func_convert_file_cygwin_to_w32 ARG # Convert file name ARG from Cygwin to w32 format. Returns result in # func_to_host_file_result. func_convert_file_cygwin_to_w32 () { $opt_debug func_to_host_file_result="$1" if test -n "$1"; then # because $build is cygwin, we call "the" cygpath in $PATH; no need to use # LT_CYGPATH in this case. func_to_host_file_result=`cygpath -m "$1"` fi func_convert_file_check "$1" "$func_to_host_file_result" } # end func_convert_file_cygwin_to_w32 # func_convert_file_nix_to_w32 ARG # Convert file name ARG from *nix to w32 format. Requires a wine environment # and a working winepath. Returns result in func_to_host_file_result. func_convert_file_nix_to_w32 () { $opt_debug func_to_host_file_result="$1" if test -n "$1"; then func_convert_core_file_wine_to_w32 "$1" func_to_host_file_result="$func_convert_core_file_wine_to_w32_result" fi func_convert_file_check "$1" "$func_to_host_file_result" } # end func_convert_file_nix_to_w32 # func_convert_file_msys_to_cygwin ARG # Convert file name ARG from MSYS to Cygwin format. Requires LT_CYGPATH set. # Returns result in func_to_host_file_result. func_convert_file_msys_to_cygwin () { $opt_debug func_to_host_file_result="$1" if test -n "$1"; then func_convert_core_msys_to_w32 "$1" func_cygpath -u "$func_convert_core_msys_to_w32_result" func_to_host_file_result="$func_cygpath_result" fi func_convert_file_check "$1" "$func_to_host_file_result" } # end func_convert_file_msys_to_cygwin # func_convert_file_nix_to_cygwin ARG # Convert file name ARG from *nix to Cygwin format. Requires Cygwin installed # in a wine environment, working winepath, and LT_CYGPATH set. Returns result # in func_to_host_file_result. func_convert_file_nix_to_cygwin () { $opt_debug func_to_host_file_result="$1" if test -n "$1"; then # convert from *nix to w32, then use cygpath to convert from w32 to cygwin. func_convert_core_file_wine_to_w32 "$1" func_cygpath -u "$func_convert_core_file_wine_to_w32_result" func_to_host_file_result="$func_cygpath_result" fi func_convert_file_check "$1" "$func_to_host_file_result" } # end func_convert_file_nix_to_cygwin ############################################# # $build to $host PATH CONVERSION FUNCTIONS # ############################################# # invoked via `$to_host_path_cmd ARG' # # In each case, ARG is the path to be converted from $build to $host format. # The result will be available in $func_to_host_path_result. # # Path separators are also converted from $build format to $host format. If # ARG begins or ends with a path separator character, it is preserved (but # converted to $host format) on output. # # All path conversion functions are named using the following convention: # file name conversion function : func_convert_file_X_to_Y () # path conversion function : func_convert_path_X_to_Y () # where, for any given $build/$host combination the 'X_to_Y' value is the # same. If conversion functions are added for new $build/$host combinations, # the two new functions must follow this pattern, or func_init_to_host_path_cmd # will break. # func_init_to_host_path_cmd # Ensures that function "pointer" variable $to_host_path_cmd is set to the # appropriate value, based on the value of $to_host_file_cmd. to_host_path_cmd= func_init_to_host_path_cmd () { $opt_debug if test -z "$to_host_path_cmd"; then func_stripname 'func_convert_file_' '' "$to_host_file_cmd" to_host_path_cmd="func_convert_path_${func_stripname_result}" fi } # func_to_host_path ARG # Converts the path ARG from $build format to $host format. Return result # in func_to_host_path_result. func_to_host_path () { $opt_debug func_init_to_host_path_cmd $to_host_path_cmd "$1" } # end func_to_host_path # func_convert_path_noop ARG # Copy ARG to func_to_host_path_result. func_convert_path_noop () { func_to_host_path_result="$1" } # end func_convert_path_noop # func_convert_path_msys_to_w32 ARG # Convert path ARG from (mingw) MSYS to (mingw) w32 format; automatic # conversion to w32 is not available inside the cwrapper. Returns result in # func_to_host_path_result. func_convert_path_msys_to_w32 () { $opt_debug func_to_host_path_result="$1" if test -n "$1"; then # Remove leading and trailing path separator characters from ARG. MSYS # behavior is inconsistent here; cygpath turns them into '.;' and ';.'; # and winepath ignores them completely. func_stripname : : "$1" func_to_host_path_tmp1=$func_stripname_result func_convert_core_msys_to_w32 "$func_to_host_path_tmp1" func_to_host_path_result="$func_convert_core_msys_to_w32_result" func_convert_path_check : ";" \ "$func_to_host_path_tmp1" "$func_to_host_path_result" func_convert_path_front_back_pathsep ":*" "*:" ";" "$1" fi } # end func_convert_path_msys_to_w32 # func_convert_path_cygwin_to_w32 ARG # Convert path ARG from Cygwin to w32 format. Returns result in # func_to_host_file_result. func_convert_path_cygwin_to_w32 () { $opt_debug func_to_host_path_result="$1" if test -n "$1"; then # See func_convert_path_msys_to_w32: func_stripname : : "$1" func_to_host_path_tmp1=$func_stripname_result func_to_host_path_result=`cygpath -m -p "$func_to_host_path_tmp1"` func_convert_path_check : ";" \ "$func_to_host_path_tmp1" "$func_to_host_path_result" func_convert_path_front_back_pathsep ":*" "*:" ";" "$1" fi } # end func_convert_path_cygwin_to_w32 # func_convert_path_nix_to_w32 ARG # Convert path ARG from *nix to w32 format. Requires a wine environment and # a working winepath. Returns result in func_to_host_file_result. func_convert_path_nix_to_w32 () { $opt_debug func_to_host_path_result="$1" if test -n "$1"; then # See func_convert_path_msys_to_w32: func_stripname : : "$1" func_to_host_path_tmp1=$func_stripname_result func_convert_core_path_wine_to_w32 "$func_to_host_path_tmp1" func_to_host_path_result="$func_convert_core_path_wine_to_w32_result" func_convert_path_check : ";" \ "$func_to_host_path_tmp1" "$func_to_host_path_result" func_convert_path_front_back_pathsep ":*" "*:" ";" "$1" fi } # end func_convert_path_nix_to_w32 # func_convert_path_msys_to_cygwin ARG # Convert path ARG from MSYS to Cygwin format. Requires LT_CYGPATH set. # Returns result in func_to_host_file_result. func_convert_path_msys_to_cygwin () { $opt_debug func_to_host_path_result="$1" if test -n "$1"; then # See func_convert_path_msys_to_w32: func_stripname : : "$1" func_to_host_path_tmp1=$func_stripname_result func_convert_core_msys_to_w32 "$func_to_host_path_tmp1" func_cygpath -u -p "$func_convert_core_msys_to_w32_result" func_to_host_path_result="$func_cygpath_result" func_convert_path_check : : \ "$func_to_host_path_tmp1" "$func_to_host_path_result" func_convert_path_front_back_pathsep ":*" "*:" : "$1" fi } # end func_convert_path_msys_to_cygwin # func_convert_path_nix_to_cygwin ARG # Convert path ARG from *nix to Cygwin format. Requires Cygwin installed in a # a wine environment, working winepath, and LT_CYGPATH set. Returns result in # func_to_host_file_result. func_convert_path_nix_to_cygwin () { $opt_debug func_to_host_path_result="$1" if test -n "$1"; then # Remove leading and trailing path separator characters from # ARG. msys behavior is inconsistent here, cygpath turns them # into '.;' and ';.', and winepath ignores them completely. func_stripname : : "$1" func_to_host_path_tmp1=$func_stripname_result func_convert_core_path_wine_to_w32 "$func_to_host_path_tmp1" func_cygpath -u -p "$func_convert_core_path_wine_to_w32_result" func_to_host_path_result="$func_cygpath_result" func_convert_path_check : : \ "$func_to_host_path_tmp1" "$func_to_host_path_result" func_convert_path_front_back_pathsep ":*" "*:" : "$1" fi } # end func_convert_path_nix_to_cygwin # func_mode_compile arg... func_mode_compile () { $opt_debug # Get the compilation command and the source file. base_compile= srcfile="$nonopt" # always keep a non-empty value in "srcfile" suppress_opt=yes suppress_output= arg_mode=normal libobj= later= pie_flag= for arg do case $arg_mode in arg ) # do not "continue". Instead, add this to base_compile lastarg="$arg" arg_mode=normal ;; target ) libobj="$arg" arg_mode=normal continue ;; normal ) # Accept any command-line options. case $arg in -o) test -n "$libobj" && \ func_fatal_error "you cannot specify \`-o' more than once" arg_mode=target continue ;; -pie | -fpie | -fPIE) func_append pie_flag " $arg" continue ;; -shared | -static | -prefer-pic | -prefer-non-pic) func_append later " $arg" continue ;; -no-suppress) suppress_opt=no continue ;; -Xcompiler) arg_mode=arg # the next one goes into the "base_compile" arg list continue # The current "srcfile" will either be retained or ;; # replaced later. I would guess that would be a bug. -Wc,*) func_stripname '-Wc,' '' "$arg" args=$func_stripname_result lastarg= save_ifs="$IFS"; IFS=',' for arg in $args; do IFS="$save_ifs" func_append_quoted lastarg "$arg" done IFS="$save_ifs" func_stripname ' ' '' "$lastarg" lastarg=$func_stripname_result # Add the arguments to base_compile. func_append base_compile " $lastarg" continue ;; *) # Accept the current argument as the source file. # The previous "srcfile" becomes the current argument. # lastarg="$srcfile" srcfile="$arg" ;; esac # case $arg ;; esac # case $arg_mode # Aesthetically quote the previous argument. func_append_quoted base_compile "$lastarg" done # for arg case $arg_mode in arg) func_fatal_error "you must specify an argument for -Xcompile" ;; target) func_fatal_error "you must specify a target with \`-o'" ;; *) # Get the name of the library object. test -z "$libobj" && { func_basename "$srcfile" libobj="$func_basename_result" } ;; esac # Recognize several different file suffixes. # If the user specifies -o file.o, it is replaced with file.lo case $libobj in *.[cCFSifmso] | \ *.ada | *.adb | *.ads | *.asm | \ *.c++ | *.cc | *.ii | *.class | *.cpp | *.cxx | \ *.[fF][09]? | *.for | *.java | *.go | *.obj | *.sx | *.cu | *.cup) func_xform "$libobj" libobj=$func_xform_result ;; esac case $libobj in *.lo) func_lo2o "$libobj"; obj=$func_lo2o_result ;; *) func_fatal_error "cannot determine name of library object from \`$libobj'" ;; esac func_infer_tag $base_compile for arg in $later; do case $arg in -shared) test "$build_libtool_libs" != yes && \ func_fatal_configuration "can not build a shared library" build_old_libs=no continue ;; -static) build_libtool_libs=no build_old_libs=yes continue ;; -prefer-pic) pic_mode=yes continue ;; -prefer-non-pic) pic_mode=no continue ;; esac done func_quote_for_eval "$libobj" test "X$libobj" != "X$func_quote_for_eval_result" \ && $ECHO "X$libobj" | $GREP '[]~#^*{};<>?"'"'"' &()|`$[]' \ && func_warning "libobj name \`$libobj' may not contain shell special characters." func_dirname_and_basename "$obj" "/" "" objname="$func_basename_result" xdir="$func_dirname_result" lobj=${xdir}$objdir/$objname test -z "$base_compile" && \ func_fatal_help "you must specify a compilation command" # Delete any leftover library objects. if test "$build_old_libs" = yes; then removelist="$obj $lobj $libobj ${libobj}T" else removelist="$lobj $libobj ${libobj}T" fi # On Cygwin there's no "real" PIC flag so we must build both object types case $host_os in cygwin* | mingw* | pw32* | os2* | cegcc*) pic_mode=default ;; esac if test "$pic_mode" = no && test "$deplibs_check_method" != pass_all; then # non-PIC code in shared libraries is not supported pic_mode=default fi # Calculate the filename of the output object if compiler does # not support -o with -c if test "$compiler_c_o" = no; then output_obj=`$ECHO "$srcfile" | $SED 's%^.*/%%; s%\.[^.]*$%%'`.${objext} lockfile="$output_obj.lock" else output_obj= need_locks=no lockfile= fi # Lock this critical section if it is needed # We use this script file to make the link, it avoids creating a new file if test "$need_locks" = yes; then until $opt_dry_run || ln "$progpath" "$lockfile" 2>/dev/null; do func_echo "Waiting for $lockfile to be removed" sleep 2 done elif test "$need_locks" = warn; then if test -f "$lockfile"; then $ECHO "\ *** ERROR, $lockfile exists and contains: `cat $lockfile 2>/dev/null` This indicates that another process is trying to use the same temporary object file, and libtool could not work around it because your compiler does not support \`-c' and \`-o' together. If you repeat this compilation, it may succeed, by chance, but you had better avoid parallel builds (make -j) in this platform, or get a better compiler." $opt_dry_run || $RM $removelist exit $EXIT_FAILURE fi func_append removelist " $output_obj" $ECHO "$srcfile" > "$lockfile" fi $opt_dry_run || $RM $removelist func_append removelist " $lockfile" trap '$opt_dry_run || $RM $removelist; exit $EXIT_FAILURE' 1 2 15 func_to_tool_file "$srcfile" func_convert_file_msys_to_w32 srcfile=$func_to_tool_file_result func_quote_for_eval "$srcfile" qsrcfile=$func_quote_for_eval_result # Only build a PIC object if we are building libtool libraries. if test "$build_libtool_libs" = yes; then # Without this assignment, base_compile gets emptied. fbsd_hideous_sh_bug=$base_compile if test "$pic_mode" != no; then command="$base_compile $qsrcfile $pic_flag" else # Don't build PIC code command="$base_compile $qsrcfile" fi func_mkdir_p "$xdir$objdir" if test -z "$output_obj"; then # Place PIC objects in $objdir func_append command " -o $lobj" fi func_show_eval_locale "$command" \ 'test -n "$output_obj" && $RM $removelist; exit $EXIT_FAILURE' if test "$need_locks" = warn && test "X`cat $lockfile 2>/dev/null`" != "X$srcfile"; then $ECHO "\ *** ERROR, $lockfile contains: `cat $lockfile 2>/dev/null` but it should contain: $srcfile This indicates that another process is trying to use the same temporary object file, and libtool could not work around it because your compiler does not support \`-c' and \`-o' together. If you repeat this compilation, it may succeed, by chance, but you had better avoid parallel builds (make -j) in this platform, or get a better compiler." $opt_dry_run || $RM $removelist exit $EXIT_FAILURE fi # Just move the object if needed, then go on to compile the next one if test -n "$output_obj" && test "X$output_obj" != "X$lobj"; then func_show_eval '$MV "$output_obj" "$lobj"' \ 'error=$?; $opt_dry_run || $RM $removelist; exit $error' fi # Allow error messages only from the first compilation. if test "$suppress_opt" = yes; then suppress_output=' >/dev/null 2>&1' fi fi # Only build a position-dependent object if we build old libraries. if test "$build_old_libs" = yes; then if test "$pic_mode" != yes; then # Don't build PIC code command="$base_compile $qsrcfile$pie_flag" else command="$base_compile $qsrcfile $pic_flag" fi if test "$compiler_c_o" = yes; then func_append command " -o $obj" fi # Suppress compiler output if we already did a PIC compilation. func_append command "$suppress_output" func_show_eval_locale "$command" \ '$opt_dry_run || $RM $removelist; exit $EXIT_FAILURE' if test "$need_locks" = warn && test "X`cat $lockfile 2>/dev/null`" != "X$srcfile"; then $ECHO "\ *** ERROR, $lockfile contains: `cat $lockfile 2>/dev/null` but it should contain: $srcfile This indicates that another process is trying to use the same temporary object file, and libtool could not work around it because your compiler does not support \`-c' and \`-o' together. If you repeat this compilation, it may succeed, by chance, but you had better avoid parallel builds (make -j) in this platform, or get a better compiler." $opt_dry_run || $RM $removelist exit $EXIT_FAILURE fi # Just move the object if needed if test -n "$output_obj" && test "X$output_obj" != "X$obj"; then func_show_eval '$MV "$output_obj" "$obj"' \ 'error=$?; $opt_dry_run || $RM $removelist; exit $error' fi fi $opt_dry_run || { func_write_libtool_object "$libobj" "$objdir/$objname" "$objname" # Unlock the critical section if it was locked if test "$need_locks" != no; then removelist=$lockfile $RM "$lockfile" fi } exit $EXIT_SUCCESS } $opt_help || { test "$opt_mode" = compile && func_mode_compile ${1+"$@"} } func_mode_help () { # We need to display help for each of the modes. case $opt_mode in "") # Generic help is extracted from the usage comments # at the start of this file. func_help ;; clean) $ECHO \ "Usage: $progname [OPTION]... --mode=clean RM [RM-OPTION]... FILE... Remove files from the build directory. RM is the name of the program to use to delete files associated with each FILE (typically \`/bin/rm'). RM-OPTIONS are options (such as \`-f') to be passed to RM. If FILE is a libtool library, object or program, all the files associated with it are deleted. Otherwise, only FILE itself is deleted using RM." ;; compile) $ECHO \ "Usage: $progname [OPTION]... --mode=compile COMPILE-COMMAND... SOURCEFILE Compile a source file into a libtool library object. This mode accepts the following additional options: -o OUTPUT-FILE set the output file name to OUTPUT-FILE -no-suppress do not suppress compiler output for multiple passes -prefer-pic try to build PIC objects only -prefer-non-pic try to build non-PIC objects only -shared do not build a \`.o' file suitable for static linking -static only build a \`.o' file suitable for static linking -Wc,FLAG pass FLAG directly to the compiler COMPILE-COMMAND is a command to be used in creating a \`standard' object file from the given SOURCEFILE. The output file name is determined by removing the directory component from SOURCEFILE, then substituting the C source code suffix \`.c' with the library object suffix, \`.lo'." ;; execute) $ECHO \ "Usage: $progname [OPTION]... --mode=execute COMMAND [ARGS]... Automatically set library path, then run a program. This mode accepts the following additional options: -dlopen FILE add the directory containing FILE to the library path This mode sets the library path environment variable according to \`-dlopen' flags. If any of the ARGS are libtool executable wrappers, then they are translated into their corresponding uninstalled binary, and any of their required library directories are added to the library path. Then, COMMAND is executed, with ARGS as arguments." ;; finish) $ECHO \ "Usage: $progname [OPTION]... --mode=finish [LIBDIR]... Complete the installation of libtool libraries. Each LIBDIR is a directory that contains libtool libraries. The commands that this mode executes may require superuser privileges. Use the \`--dry-run' option if you just want to see what would be executed." ;; install) $ECHO \ "Usage: $progname [OPTION]... --mode=install INSTALL-COMMAND... Install executables or libraries. INSTALL-COMMAND is the installation command. The first component should be either the \`install' or \`cp' program. The following components of INSTALL-COMMAND are treated specially: -inst-prefix-dir PREFIX-DIR Use PREFIX-DIR as a staging area for installation The rest of the components are interpreted as arguments to that command (only BSD-compatible install options are recognized)." ;; link) $ECHO \ "Usage: $progname [OPTION]... --mode=link LINK-COMMAND... Link object files or libraries together to form another library, or to create an executable program. LINK-COMMAND is a command using the C compiler that you would use to create a program from several object files. The following components of LINK-COMMAND are treated specially: -all-static do not do any dynamic linking at all -avoid-version do not add a version suffix if possible -bindir BINDIR specify path to binaries directory (for systems where libraries must be found in the PATH setting at runtime) -dlopen FILE \`-dlpreopen' FILE if it cannot be dlopened at runtime -dlpreopen FILE link in FILE and add its symbols to lt_preloaded_symbols -export-dynamic allow symbols from OUTPUT-FILE to be resolved with dlsym(3) -export-symbols SYMFILE try to export only the symbols listed in SYMFILE -export-symbols-regex REGEX try to export only the symbols matching REGEX -LLIBDIR search LIBDIR for required installed libraries -lNAME OUTPUT-FILE requires the installed library libNAME -module build a library that can dlopened -no-fast-install disable the fast-install mode -no-install link a not-installable executable -no-undefined declare that a library does not refer to external symbols -o OUTPUT-FILE create OUTPUT-FILE from the specified objects -objectlist FILE Use a list of object files found in FILE to specify objects -precious-files-regex REGEX don't remove output files matching REGEX -release RELEASE specify package release information -rpath LIBDIR the created library will eventually be installed in LIBDIR -R[ ]LIBDIR add LIBDIR to the runtime path of programs and libraries -shared only do dynamic linking of libtool libraries -shrext SUFFIX override the standard shared library file extension -static do not do any dynamic linking of uninstalled libtool libraries -static-libtool-libs do not do any dynamic linking of libtool libraries -version-info CURRENT[:REVISION[:AGE]] specify library version info [each variable defaults to 0] -weak LIBNAME declare that the target provides the LIBNAME interface -Wc,FLAG -Xcompiler FLAG pass linker-specific FLAG directly to the compiler -Wl,FLAG -Xlinker FLAG pass linker-specific FLAG directly to the linker -XCClinker FLAG pass link-specific FLAG to the compiler driver (CC) All other options (arguments beginning with \`-') are ignored. Every other argument is treated as a filename. Files ending in \`.la' are treated as uninstalled libtool libraries, other files are standard or library object files. If the OUTPUT-FILE ends in \`.la', then a libtool library is created, only library objects (\`.lo' files) may be specified, and \`-rpath' is required, except when creating a convenience library. If OUTPUT-FILE ends in \`.a' or \`.lib', then a standard library is created using \`ar' and \`ranlib', or on Windows using \`lib'. If OUTPUT-FILE ends in \`.lo' or \`.${objext}', then a reloadable object file is created, otherwise an executable program is created." ;; uninstall) $ECHO \ "Usage: $progname [OPTION]... --mode=uninstall RM [RM-OPTION]... FILE... Remove libraries from an installation directory. RM is the name of the program to use to delete files associated with each FILE (typically \`/bin/rm'). RM-OPTIONS are options (such as \`-f') to be passed to RM. If FILE is a libtool library, all the files associated with it are deleted. Otherwise, only FILE itself is deleted using RM." ;; *) func_fatal_help "invalid operation mode \`$opt_mode'" ;; esac echo $ECHO "Try \`$progname --help' for more information about other modes." } # Now that we've collected a possible --mode arg, show help if necessary if $opt_help; then if test "$opt_help" = :; then func_mode_help else { func_help noexit for opt_mode in compile link execute install finish uninstall clean; do func_mode_help done } | sed -n '1p; 2,$s/^Usage:/ or: /p' { func_help noexit for opt_mode in compile link execute install finish uninstall clean; do echo func_mode_help done } | sed '1d /^When reporting/,/^Report/{ H d } $x /information about other modes/d /more detailed .*MODE/d s/^Usage:.*--mode=\([^ ]*\) .*/Description of \1 mode:/' fi exit $? fi # func_mode_execute arg... func_mode_execute () { $opt_debug # The first argument is the command name. cmd="$nonopt" test -z "$cmd" && \ func_fatal_help "you must specify a COMMAND" # Handle -dlopen flags immediately. for file in $opt_dlopen; do test -f "$file" \ || func_fatal_help "\`$file' is not a file" dir= case $file in *.la) func_resolve_sysroot "$file" file=$func_resolve_sysroot_result # Check to see that this really is a libtool archive. func_lalib_unsafe_p "$file" \ || func_fatal_help "\`$lib' is not a valid libtool archive" # Read the libtool library. dlname= library_names= func_source "$file" # Skip this library if it cannot be dlopened. if test -z "$dlname"; then # Warn if it was a shared library. test -n "$library_names" && \ func_warning "\`$file' was not linked with \`-export-dynamic'" continue fi func_dirname "$file" "" "." dir="$func_dirname_result" if test -f "$dir/$objdir/$dlname"; then func_append dir "/$objdir" else if test ! -f "$dir/$dlname"; then func_fatal_error "cannot find \`$dlname' in \`$dir' or \`$dir/$objdir'" fi fi ;; *.lo) # Just add the directory containing the .lo file. func_dirname "$file" "" "." dir="$func_dirname_result" ;; *) func_warning "\`-dlopen' is ignored for non-libtool libraries and objects" continue ;; esac # Get the absolute pathname. absdir=`cd "$dir" && pwd` test -n "$absdir" && dir="$absdir" # Now add the directory to shlibpath_var. if eval "test -z \"\$$shlibpath_var\""; then eval "$shlibpath_var=\"\$dir\"" else eval "$shlibpath_var=\"\$dir:\$$shlibpath_var\"" fi done # This variable tells wrapper scripts just to set shlibpath_var # rather than running their programs. libtool_execute_magic="$magic" # Check if any of the arguments is a wrapper script. args= for file do case $file in -* | *.la | *.lo ) ;; *) # Do a test to see if this is really a libtool program. if func_ltwrapper_script_p "$file"; then func_source "$file" # Transform arg to wrapped name. file="$progdir/$program" elif func_ltwrapper_executable_p "$file"; then func_ltwrapper_scriptname "$file" func_source "$func_ltwrapper_scriptname_result" # Transform arg to wrapped name. file="$progdir/$program" fi ;; esac # Quote arguments (to preserve shell metacharacters). func_append_quoted args "$file" done if test "X$opt_dry_run" = Xfalse; then if test -n "$shlibpath_var"; then # Export the shlibpath_var. eval "export $shlibpath_var" fi # Restore saved environment variables for lt_var in LANG LANGUAGE LC_ALL LC_CTYPE LC_COLLATE LC_MESSAGES do eval "if test \"\${save_$lt_var+set}\" = set; then $lt_var=\$save_$lt_var; export $lt_var else $lt_unset $lt_var fi" done # Now prepare to actually exec the command. exec_cmd="\$cmd$args" else # Display what would be done. if test -n "$shlibpath_var"; then eval "\$ECHO \"\$shlibpath_var=\$$shlibpath_var\"" echo "export $shlibpath_var" fi $ECHO "$cmd$args" exit $EXIT_SUCCESS fi } test "$opt_mode" = execute && func_mode_execute ${1+"$@"} # func_mode_finish arg... func_mode_finish () { $opt_debug libs= libdirs= admincmds= for opt in "$nonopt" ${1+"$@"} do if test -d "$opt"; then func_append libdirs " $opt" elif test -f "$opt"; then if func_lalib_unsafe_p "$opt"; then func_append libs " $opt" else func_warning "\`$opt' is not a valid libtool archive" fi else func_fatal_error "invalid argument \`$opt'" fi done if test -n "$libs"; then if test -n "$lt_sysroot"; then sysroot_regex=`$ECHO "$lt_sysroot" | $SED "$sed_make_literal_regex"` sysroot_cmd="s/\([ ']\)$sysroot_regex/\1/g;" else sysroot_cmd= fi # Remove sysroot references if $opt_dry_run; then for lib in $libs; do echo "removing references to $lt_sysroot and \`=' prefixes from $lib" done else tmpdir=`func_mktempdir` for lib in $libs; do sed -e "${sysroot_cmd} s/\([ ']-[LR]\)=/\1/g; s/\([ ']\)=/\1/g" $lib \ > $tmpdir/tmp-la mv -f $tmpdir/tmp-la $lib done ${RM}r "$tmpdir" fi fi if test -n "$finish_cmds$finish_eval" && test -n "$libdirs"; then for libdir in $libdirs; do if test -n "$finish_cmds"; then # Do each command in the finish commands. func_execute_cmds "$finish_cmds" 'admincmds="$admincmds '"$cmd"'"' fi if test -n "$finish_eval"; then # Do the single finish_eval. eval cmds=\"$finish_eval\" $opt_dry_run || eval "$cmds" || func_append admincmds " $cmds" fi done fi # Exit here if they wanted silent mode. $opt_silent && exit $EXIT_SUCCESS if test -n "$finish_cmds$finish_eval" && test -n "$libdirs"; then echo "----------------------------------------------------------------------" echo "Libraries have been installed in:" for libdir in $libdirs; do $ECHO " $libdir" done echo echo "If you ever happen to want to link against installed libraries" echo "in a given directory, LIBDIR, you must either use libtool, and" echo "specify the full pathname of the library, or use the \`-LLIBDIR'" echo "flag during linking and do at least one of the following:" if test -n "$shlibpath_var"; then echo " - add LIBDIR to the \`$shlibpath_var' environment variable" echo " during execution" fi if test -n "$runpath_var"; then echo " - add LIBDIR to the \`$runpath_var' environment variable" echo " during linking" fi if test -n "$hardcode_libdir_flag_spec"; then libdir=LIBDIR eval flag=\"$hardcode_libdir_flag_spec\" $ECHO " - use the \`$flag' linker flag" fi if test -n "$admincmds"; then $ECHO " - have your system administrator run these commands:$admincmds" fi if test -f /etc/ld.so.conf; then echo " - have your system administrator add LIBDIR to \`/etc/ld.so.conf'" fi echo echo "See any operating system documentation about shared libraries for" case $host in solaris2.[6789]|solaris2.1[0-9]) echo "more information, such as the ld(1), crle(1) and ld.so(8) manual" echo "pages." ;; *) echo "more information, such as the ld(1) and ld.so(8) manual pages." ;; esac echo "----------------------------------------------------------------------" fi exit $EXIT_SUCCESS } test "$opt_mode" = finish && func_mode_finish ${1+"$@"} # func_mode_install arg... func_mode_install () { $opt_debug # There may be an optional sh(1) argument at the beginning of # install_prog (especially on Windows NT). if test "$nonopt" = "$SHELL" || test "$nonopt" = /bin/sh || # Allow the use of GNU shtool's install command. case $nonopt in *shtool*) :;; *) false;; esac; then # Aesthetically quote it. func_quote_for_eval "$nonopt" install_prog="$func_quote_for_eval_result " arg=$1 shift else install_prog= arg=$nonopt fi # The real first argument should be the name of the installation program. # Aesthetically quote it. func_quote_for_eval "$arg" func_append install_prog "$func_quote_for_eval_result" install_shared_prog=$install_prog case " $install_prog " in *[\\\ /]cp\ *) install_cp=: ;; *) install_cp=false ;; esac # We need to accept at least all the BSD install flags. dest= files= opts= prev= install_type= isdir=no stripme= no_mode=: for arg do arg2= if test -n "$dest"; then func_append files " $dest" dest=$arg continue fi case $arg in -d) isdir=yes ;; -f) if $install_cp; then :; else prev=$arg fi ;; -g | -m | -o) prev=$arg ;; -s) stripme=" -s" continue ;; -*) ;; *) # If the previous option needed an argument, then skip it. if test -n "$prev"; then if test "x$prev" = x-m && test -n "$install_override_mode"; then arg2=$install_override_mode no_mode=false fi prev= else dest=$arg continue fi ;; esac # Aesthetically quote the argument. func_quote_for_eval "$arg" func_append install_prog " $func_quote_for_eval_result" if test -n "$arg2"; then func_quote_for_eval "$arg2" fi func_append install_shared_prog " $func_quote_for_eval_result" done test -z "$install_prog" && \ func_fatal_help "you must specify an install program" test -n "$prev" && \ func_fatal_help "the \`$prev' option requires an argument" if test -n "$install_override_mode" && $no_mode; then if $install_cp; then :; else func_quote_for_eval "$install_override_mode" func_append install_shared_prog " -m $func_quote_for_eval_result" fi fi if test -z "$files"; then if test -z "$dest"; then func_fatal_help "no file or destination specified" else func_fatal_help "you must specify a destination" fi fi # Strip any trailing slash from the destination. func_stripname '' '/' "$dest" dest=$func_stripname_result # Check to see that the destination is a directory. test -d "$dest" && isdir=yes if test "$isdir" = yes; then destdir="$dest" destname= else func_dirname_and_basename "$dest" "" "." destdir="$func_dirname_result" destname="$func_basename_result" # Not a directory, so check to see that there is only one file specified. set dummy $files; shift test "$#" -gt 1 && \ func_fatal_help "\`$dest' is not a directory" fi case $destdir in [\\/]* | [A-Za-z]:[\\/]*) ;; *) for file in $files; do case $file in *.lo) ;; *) func_fatal_help "\`$destdir' must be an absolute directory name" ;; esac done ;; esac # This variable tells wrapper scripts just to set variables rather # than running their programs. libtool_install_magic="$magic" staticlibs= future_libdirs= current_libdirs= for file in $files; do # Do each installation. case $file in *.$libext) # Do the static libraries later. func_append staticlibs " $file" ;; *.la) func_resolve_sysroot "$file" file=$func_resolve_sysroot_result # Check to see that this really is a libtool archive. func_lalib_unsafe_p "$file" \ || func_fatal_help "\`$file' is not a valid libtool archive" library_names= old_library= relink_command= func_source "$file" # Add the libdir to current_libdirs if it is the destination. if test "X$destdir" = "X$libdir"; then case "$current_libdirs " in *" $libdir "*) ;; *) func_append current_libdirs " $libdir" ;; esac else # Note the libdir as a future libdir. case "$future_libdirs " in *" $libdir "*) ;; *) func_append future_libdirs " $libdir" ;; esac fi func_dirname "$file" "/" "" dir="$func_dirname_result" func_append dir "$objdir" if test -n "$relink_command"; then # Determine the prefix the user has applied to our future dir. inst_prefix_dir=`$ECHO "$destdir" | $SED -e "s%$libdir\$%%"` # Don't allow the user to place us outside of our expected # location b/c this prevents finding dependent libraries that # are installed to the same prefix. # At present, this check doesn't affect windows .dll's that # are installed into $libdir/../bin (currently, that works fine) # but it's something to keep an eye on. test "$inst_prefix_dir" = "$destdir" && \ func_fatal_error "error: cannot install \`$file' to a directory not ending in $libdir" if test -n "$inst_prefix_dir"; then # Stick the inst_prefix_dir data into the link command. relink_command=`$ECHO "$relink_command" | $SED "s%@inst_prefix_dir@%-inst-prefix-dir $inst_prefix_dir%"` else relink_command=`$ECHO "$relink_command" | $SED "s%@inst_prefix_dir@%%"` fi func_warning "relinking \`$file'" func_show_eval "$relink_command" \ 'func_fatal_error "error: relink \`$file'\'' with the above command before installing it"' fi # See the names of the shared library. set dummy $library_names; shift if test -n "$1"; then realname="$1" shift srcname="$realname" test -n "$relink_command" && srcname="$realname"T # Install the shared library and build the symlinks. func_show_eval "$install_shared_prog $dir/$srcname $destdir/$realname" \ 'exit $?' tstripme="$stripme" case $host_os in cygwin* | mingw* | pw32* | cegcc*) case $realname in *.dll.a) tstripme="" ;; esac ;; esac if test -n "$tstripme" && test -n "$striplib"; then func_show_eval "$striplib $destdir/$realname" 'exit $?' fi if test "$#" -gt 0; then # Delete the old symlinks, and create new ones. # Try `ln -sf' first, because the `ln' binary might depend on # the symlink we replace! Solaris /bin/ln does not understand -f, # so we also need to try rm && ln -s. for linkname do test "$linkname" != "$realname" \ && func_show_eval "(cd $destdir && { $LN_S -f $realname $linkname || { $RM $linkname && $LN_S $realname $linkname; }; })" done fi # Do each command in the postinstall commands. lib="$destdir/$realname" func_execute_cmds "$postinstall_cmds" 'exit $?' fi # Install the pseudo-library for information purposes. func_basename "$file" name="$func_basename_result" instname="$dir/$name"i func_show_eval "$install_prog $instname $destdir/$name" 'exit $?' # Maybe install the static library, too. test -n "$old_library" && func_append staticlibs " $dir/$old_library" ;; *.lo) # Install (i.e. copy) a libtool object. # Figure out destination file name, if it wasn't already specified. if test -n "$destname"; then destfile="$destdir/$destname" else func_basename "$file" destfile="$func_basename_result" destfile="$destdir/$destfile" fi # Deduce the name of the destination old-style object file. case $destfile in *.lo) func_lo2o "$destfile" staticdest=$func_lo2o_result ;; *.$objext) staticdest="$destfile" destfile= ;; *) func_fatal_help "cannot copy a libtool object to \`$destfile'" ;; esac # Install the libtool object if requested. test -n "$destfile" && \ func_show_eval "$install_prog $file $destfile" 'exit $?' # Install the old object if enabled. if test "$build_old_libs" = yes; then # Deduce the name of the old-style object file. func_lo2o "$file" staticobj=$func_lo2o_result func_show_eval "$install_prog \$staticobj \$staticdest" 'exit $?' fi exit $EXIT_SUCCESS ;; *) # Figure out destination file name, if it wasn't already specified. if test -n "$destname"; then destfile="$destdir/$destname" else func_basename "$file" destfile="$func_basename_result" destfile="$destdir/$destfile" fi # If the file is missing, and there is a .exe on the end, strip it # because it is most likely a libtool script we actually want to # install stripped_ext="" case $file in *.exe) if test ! -f "$file"; then func_stripname '' '.exe' "$file" file=$func_stripname_result stripped_ext=".exe" fi ;; esac # Do a test to see if this is really a libtool program. case $host in *cygwin* | *mingw*) if func_ltwrapper_executable_p "$file"; then func_ltwrapper_scriptname "$file" wrapper=$func_ltwrapper_scriptname_result else func_stripname '' '.exe' "$file" wrapper=$func_stripname_result fi ;; *) wrapper=$file ;; esac if func_ltwrapper_script_p "$wrapper"; then notinst_deplibs= relink_command= func_source "$wrapper" # Check the variables that should have been set. test -z "$generated_by_libtool_version" && \ func_fatal_error "invalid libtool wrapper script \`$wrapper'" finalize=yes for lib in $notinst_deplibs; do # Check to see that each library is installed. libdir= if test -f "$lib"; then func_source "$lib" fi libfile="$libdir/"`$ECHO "$lib" | $SED 's%^.*/%%g'` ### testsuite: skip nested quoting test if test -n "$libdir" && test ! -f "$libfile"; then func_warning "\`$lib' has not been installed in \`$libdir'" finalize=no fi done relink_command= func_source "$wrapper" outputname= if test "$fast_install" = no && test -n "$relink_command"; then $opt_dry_run || { if test "$finalize" = yes; then tmpdir=`func_mktempdir` func_basename "$file$stripped_ext" file="$func_basename_result" outputname="$tmpdir/$file" # Replace the output file specification. relink_command=`$ECHO "$relink_command" | $SED 's%@OUTPUT@%'"$outputname"'%g'` $opt_silent || { func_quote_for_expand "$relink_command" eval "func_echo $func_quote_for_expand_result" } if eval "$relink_command"; then : else func_error "error: relink \`$file' with the above command before installing it" $opt_dry_run || ${RM}r "$tmpdir" continue fi file="$outputname" else func_warning "cannot relink \`$file'" fi } else # Install the binary that we compiled earlier. file=`$ECHO "$file$stripped_ext" | $SED "s%\([^/]*\)$%$objdir/\1%"` fi fi # remove .exe since cygwin /usr/bin/install will append another # one anyway case $install_prog,$host in */usr/bin/install*,*cygwin*) case $file:$destfile in *.exe:*.exe) # this is ok ;; *.exe:*) destfile=$destfile.exe ;; *:*.exe) func_stripname '' '.exe' "$destfile" destfile=$func_stripname_result ;; esac ;; esac func_show_eval "$install_prog\$stripme \$file \$destfile" 'exit $?' $opt_dry_run || if test -n "$outputname"; then ${RM}r "$tmpdir" fi ;; esac done for file in $staticlibs; do func_basename "$file" name="$func_basename_result" # Set up the ranlib parameters. oldlib="$destdir/$name" func_to_tool_file "$oldlib" func_convert_file_msys_to_w32 tool_oldlib=$func_to_tool_file_result func_show_eval "$install_prog \$file \$oldlib" 'exit $?' if test -n "$stripme" && test -n "$old_striplib"; then func_show_eval "$old_striplib $tool_oldlib" 'exit $?' fi # Do each command in the postinstall commands. func_execute_cmds "$old_postinstall_cmds" 'exit $?' done test -n "$future_libdirs" && \ func_warning "remember to run \`$progname --finish$future_libdirs'" if test -n "$current_libdirs"; then # Maybe just do a dry run. $opt_dry_run && current_libdirs=" -n$current_libdirs" exec_cmd='$SHELL $progpath $preserve_args --finish$current_libdirs' else exit $EXIT_SUCCESS fi } test "$opt_mode" = install && func_mode_install ${1+"$@"} # func_generate_dlsyms outputname originator pic_p # Extract symbols from dlprefiles and create ${outputname}S.o with # a dlpreopen symbol table. func_generate_dlsyms () { $opt_debug my_outputname="$1" my_originator="$2" my_pic_p="${3-no}" my_prefix=`$ECHO "$my_originator" | sed 's%[^a-zA-Z0-9]%_%g'` my_dlsyms= if test -n "$dlfiles$dlprefiles" || test "$dlself" != no; then if test -n "$NM" && test -n "$global_symbol_pipe"; then my_dlsyms="${my_outputname}S.c" else func_error "not configured to extract global symbols from dlpreopened files" fi fi if test -n "$my_dlsyms"; then case $my_dlsyms in "") ;; *.c) # Discover the nlist of each of the dlfiles. nlist="$output_objdir/${my_outputname}.nm" func_show_eval "$RM $nlist ${nlist}S ${nlist}T" # Parse the name list into a source file. func_verbose "creating $output_objdir/$my_dlsyms" $opt_dry_run || $ECHO > "$output_objdir/$my_dlsyms" "\ /* $my_dlsyms - symbol resolution table for \`$my_outputname' dlsym emulation. */ /* Generated by $PROGRAM (GNU $PACKAGE$TIMESTAMP) $VERSION */ #ifdef __cplusplus extern \"C\" { #endif #if defined(__GNUC__) && (((__GNUC__ == 4) && (__GNUC_MINOR__ >= 4)) || (__GNUC__ > 4)) #pragma GCC diagnostic ignored \"-Wstrict-prototypes\" #endif /* Keep this code in sync between libtool.m4, ltmain, lt_system.h, and tests. */ #if defined(_WIN32) || defined(__CYGWIN__) || defined(_WIN32_WCE) /* DATA imports from DLLs on WIN32 con't be const, because runtime relocations are performed -- see ld's documentation on pseudo-relocs. */ # define LT_DLSYM_CONST #elif defined(__osf__) /* This system does not cope well with relocations in const data. */ # define LT_DLSYM_CONST #else # define LT_DLSYM_CONST const #endif /* External symbol declarations for the compiler. */\ " if test "$dlself" = yes; then func_verbose "generating symbol list for \`$output'" $opt_dry_run || echo ': @PROGRAM@ ' > "$nlist" # Add our own program objects to the symbol list. progfiles=`$ECHO "$objs$old_deplibs" | $SP2NL | $SED "$lo2o" | $NL2SP` for progfile in $progfiles; do func_to_tool_file "$progfile" func_convert_file_msys_to_w32 func_verbose "extracting global C symbols from \`$func_to_tool_file_result'" $opt_dry_run || eval "$NM $func_to_tool_file_result | $global_symbol_pipe >> '$nlist'" done if test -n "$exclude_expsyms"; then $opt_dry_run || { eval '$EGREP -v " ($exclude_expsyms)$" "$nlist" > "$nlist"T' eval '$MV "$nlist"T "$nlist"' } fi if test -n "$export_symbols_regex"; then $opt_dry_run || { eval '$EGREP -e "$export_symbols_regex" "$nlist" > "$nlist"T' eval '$MV "$nlist"T "$nlist"' } fi # Prepare the list of exported symbols if test -z "$export_symbols"; then export_symbols="$output_objdir/$outputname.exp" $opt_dry_run || { $RM $export_symbols eval "${SED} -n -e '/^: @PROGRAM@ $/d' -e 's/^.* \(.*\)$/\1/p' "'< "$nlist" > "$export_symbols"' case $host in *cygwin* | *mingw* | *cegcc* ) eval "echo EXPORTS "'> "$output_objdir/$outputname.def"' eval 'cat "$export_symbols" >> "$output_objdir/$outputname.def"' ;; esac } else $opt_dry_run || { eval "${SED} -e 's/\([].[*^$]\)/\\\\\1/g' -e 's/^/ /' -e 's/$/$/'"' < "$export_symbols" > "$output_objdir/$outputname.exp"' eval '$GREP -f "$output_objdir/$outputname.exp" < "$nlist" > "$nlist"T' eval '$MV "$nlist"T "$nlist"' case $host in *cygwin* | *mingw* | *cegcc* ) eval "echo EXPORTS "'> "$output_objdir/$outputname.def"' eval 'cat "$nlist" >> "$output_objdir/$outputname.def"' ;; esac } fi fi for dlprefile in $dlprefiles; do func_verbose "extracting global C symbols from \`$dlprefile'" func_basename "$dlprefile" name="$func_basename_result" case $host in *cygwin* | *mingw* | *cegcc* ) # if an import library, we need to obtain dlname if func_win32_import_lib_p "$dlprefile"; then func_tr_sh "$dlprefile" eval "curr_lafile=\$libfile_$func_tr_sh_result" dlprefile_dlbasename="" if test -n "$curr_lafile" && func_lalib_p "$curr_lafile"; then # Use subshell, to avoid clobbering current variable values dlprefile_dlname=`source "$curr_lafile" && echo "$dlname"` if test -n "$dlprefile_dlname" ; then func_basename "$dlprefile_dlname" dlprefile_dlbasename="$func_basename_result" else # no lafile. user explicitly requested -dlpreopen . $sharedlib_from_linklib_cmd "$dlprefile" dlprefile_dlbasename=$sharedlib_from_linklib_result fi fi $opt_dry_run || { if test -n "$dlprefile_dlbasename" ; then eval '$ECHO ": $dlprefile_dlbasename" >> "$nlist"' else func_warning "Could not compute DLL name from $name" eval '$ECHO ": $name " >> "$nlist"' fi func_to_tool_file "$dlprefile" func_convert_file_msys_to_w32 eval "$NM \"$func_to_tool_file_result\" 2>/dev/null | $global_symbol_pipe | $SED -e '/I __imp/d' -e 's/I __nm_/D /;s/_nm__//' >> '$nlist'" } else # not an import lib $opt_dry_run || { eval '$ECHO ": $name " >> "$nlist"' func_to_tool_file "$dlprefile" func_convert_file_msys_to_w32 eval "$NM \"$func_to_tool_file_result\" 2>/dev/null | $global_symbol_pipe >> '$nlist'" } fi ;; *) $opt_dry_run || { eval '$ECHO ": $name " >> "$nlist"' func_to_tool_file "$dlprefile" func_convert_file_msys_to_w32 eval "$NM \"$func_to_tool_file_result\" 2>/dev/null | $global_symbol_pipe >> '$nlist'" } ;; esac done $opt_dry_run || { # Make sure we have at least an empty file. test -f "$nlist" || : > "$nlist" if test -n "$exclude_expsyms"; then $EGREP -v " ($exclude_expsyms)$" "$nlist" > "$nlist"T $MV "$nlist"T "$nlist" fi # Try sorting and uniquifying the output. if $GREP -v "^: " < "$nlist" | if sort -k 3 /dev/null 2>&1; then sort -k 3 else sort +2 fi | uniq > "$nlist"S; then : else $GREP -v "^: " < "$nlist" > "$nlist"S fi if test -f "$nlist"S; then eval "$global_symbol_to_cdecl"' < "$nlist"S >> "$output_objdir/$my_dlsyms"' else echo '/* NONE */' >> "$output_objdir/$my_dlsyms" fi echo >> "$output_objdir/$my_dlsyms" "\ /* The mapping between symbol names and symbols. */ typedef struct { const char *name; void *address; } lt_dlsymlist; extern LT_DLSYM_CONST lt_dlsymlist lt_${my_prefix}_LTX_preloaded_symbols[]; LT_DLSYM_CONST lt_dlsymlist lt_${my_prefix}_LTX_preloaded_symbols[] = {\ { \"$my_originator\", (void *) 0 }," case $need_lib_prefix in no) eval "$global_symbol_to_c_name_address" < "$nlist" >> "$output_objdir/$my_dlsyms" ;; *) eval "$global_symbol_to_c_name_address_lib_prefix" < "$nlist" >> "$output_objdir/$my_dlsyms" ;; esac echo >> "$output_objdir/$my_dlsyms" "\ {0, (void *) 0} }; /* This works around a problem in FreeBSD linker */ #ifdef FREEBSD_WORKAROUND static const void *lt_preloaded_setup() { return lt_${my_prefix}_LTX_preloaded_symbols; } #endif #ifdef __cplusplus } #endif\ " } # !$opt_dry_run pic_flag_for_symtable= case "$compile_command " in *" -static "*) ;; *) case $host in # compiling the symbol table file with pic_flag works around # a FreeBSD bug that causes programs to crash when -lm is # linked before any other PIC object. But we must not use # pic_flag when linking with -static. The problem exists in # FreeBSD 2.2.6 and is fixed in FreeBSD 3.1. *-*-freebsd2.*|*-*-freebsd3.0*|*-*-freebsdelf3.0*) pic_flag_for_symtable=" $pic_flag -DFREEBSD_WORKAROUND" ;; *-*-hpux*) pic_flag_for_symtable=" $pic_flag" ;; *) if test "X$my_pic_p" != Xno; then pic_flag_for_symtable=" $pic_flag" fi ;; esac ;; esac symtab_cflags= for arg in $LTCFLAGS; do case $arg in -pie | -fpie | -fPIE) ;; *) func_append symtab_cflags " $arg" ;; esac done # Now compile the dynamic symbol file. func_show_eval '(cd $output_objdir && $LTCC$symtab_cflags -c$no_builtin_flag$pic_flag_for_symtable "$my_dlsyms")' 'exit $?' # Clean up the generated files. func_show_eval '$RM "$output_objdir/$my_dlsyms" "$nlist" "${nlist}S" "${nlist}T"' # Transform the symbol file into the correct name. symfileobj="$output_objdir/${my_outputname}S.$objext" case $host in *cygwin* | *mingw* | *cegcc* ) if test -f "$output_objdir/$my_outputname.def"; then compile_command=`$ECHO "$compile_command" | $SED "s%@SYMFILE@%$output_objdir/$my_outputname.def $symfileobj%"` finalize_command=`$ECHO "$finalize_command" | $SED "s%@SYMFILE@%$output_objdir/$my_outputname.def $symfileobj%"` else compile_command=`$ECHO "$compile_command" | $SED "s%@SYMFILE@%$symfileobj%"` finalize_command=`$ECHO "$finalize_command" | $SED "s%@SYMFILE@%$symfileobj%"` fi ;; *) compile_command=`$ECHO "$compile_command" | $SED "s%@SYMFILE@%$symfileobj%"` finalize_command=`$ECHO "$finalize_command" | $SED "s%@SYMFILE@%$symfileobj%"` ;; esac ;; *) func_fatal_error "unknown suffix for \`$my_dlsyms'" ;; esac else # We keep going just in case the user didn't refer to # lt_preloaded_symbols. The linker will fail if global_symbol_pipe # really was required. # Nullify the symbol file. compile_command=`$ECHO "$compile_command" | $SED "s% @SYMFILE@%%"` finalize_command=`$ECHO "$finalize_command" | $SED "s% @SYMFILE@%%"` fi } # func_win32_libid arg # return the library type of file 'arg' # # Need a lot of goo to handle *both* DLLs and import libs # Has to be a shell function in order to 'eat' the argument # that is supplied when $file_magic_command is called. # Despite the name, also deal with 64 bit binaries. func_win32_libid () { $opt_debug win32_libid_type="unknown" win32_fileres=`file -L $1 2>/dev/null` case $win32_fileres in *ar\ archive\ import\ library*) # definitely import win32_libid_type="x86 archive import" ;; *ar\ archive*) # could be an import, or static # Keep the egrep pattern in sync with the one in _LT_CHECK_MAGIC_METHOD. if eval $OBJDUMP -f $1 | $SED -e '10q' 2>/dev/null | $EGREP 'file format (pei*-i386(.*architecture: i386)?|pe-arm-wince|pe-x86-64)' >/dev/null; then func_to_tool_file "$1" func_convert_file_msys_to_w32 win32_nmres=`eval $NM -f posix -A \"$func_to_tool_file_result\" | $SED -n -e ' 1,100{ / I /{ s,.*,import, p q } }'` case $win32_nmres in import*) win32_libid_type="x86 archive import";; *) win32_libid_type="x86 archive static";; esac fi ;; *DLL*) win32_libid_type="x86 DLL" ;; *executable*) # but shell scripts are "executable" too... case $win32_fileres in *MS\ Windows\ PE\ Intel*) win32_libid_type="x86 DLL" ;; esac ;; esac $ECHO "$win32_libid_type" } # func_cygming_dll_for_implib ARG # # Platform-specific function to extract the # name of the DLL associated with the specified # import library ARG. # Invoked by eval'ing the libtool variable # $sharedlib_from_linklib_cmd # Result is available in the variable # $sharedlib_from_linklib_result func_cygming_dll_for_implib () { $opt_debug sharedlib_from_linklib_result=`$DLLTOOL --identify-strict --identify "$1"` } # func_cygming_dll_for_implib_fallback_core SECTION_NAME LIBNAMEs # # The is the core of a fallback implementation of a # platform-specific function to extract the name of the # DLL associated with the specified import library LIBNAME. # # SECTION_NAME is either .idata$6 or .idata$7, depending # on the platform and compiler that created the implib. # # Echos the name of the DLL associated with the # specified import library. func_cygming_dll_for_implib_fallback_core () { $opt_debug match_literal=`$ECHO "$1" | $SED "$sed_make_literal_regex"` $OBJDUMP -s --section "$1" "$2" 2>/dev/null | $SED '/^Contents of section '"$match_literal"':/{ # Place marker at beginning of archive member dllname section s/.*/====MARK====/ p d } # These lines can sometimes be longer than 43 characters, but # are always uninteresting /:[ ]*file format pe[i]\{,1\}-/d /^In archive [^:]*:/d # Ensure marker is printed /^====MARK====/p # Remove all lines with less than 43 characters /^.\{43\}/!d # From remaining lines, remove first 43 characters s/^.\{43\}//' | $SED -n ' # Join marker and all lines until next marker into a single line /^====MARK====/ b para H $ b para b :para x s/\n//g # Remove the marker s/^====MARK====// # Remove trailing dots and whitespace s/[\. \t]*$// # Print /./p' | # we now have a list, one entry per line, of the stringified # contents of the appropriate section of all members of the # archive which possess that section. Heuristic: eliminate # all those which have a first or second character that is # a '.' (that is, objdump's representation of an unprintable # character.) This should work for all archives with less than # 0x302f exports -- but will fail for DLLs whose name actually # begins with a literal '.' or a single character followed by # a '.'. # # Of those that remain, print the first one. $SED -e '/^\./d;/^.\./d;q' } # func_cygming_gnu_implib_p ARG # This predicate returns with zero status (TRUE) if # ARG is a GNU/binutils-style import library. Returns # with nonzero status (FALSE) otherwise. func_cygming_gnu_implib_p () { $opt_debug func_to_tool_file "$1" func_convert_file_msys_to_w32 func_cygming_gnu_implib_tmp=`$NM "$func_to_tool_file_result" | eval "$global_symbol_pipe" | $EGREP ' (_head_[A-Za-z0-9_]+_[ad]l*|[A-Za-z0-9_]+_[ad]l*_iname)$'` test -n "$func_cygming_gnu_implib_tmp" } # func_cygming_ms_implib_p ARG # This predicate returns with zero status (TRUE) if # ARG is an MS-style import library. Returns # with nonzero status (FALSE) otherwise. func_cygming_ms_implib_p () { $opt_debug func_to_tool_file "$1" func_convert_file_msys_to_w32 func_cygming_ms_implib_tmp=`$NM "$func_to_tool_file_result" | eval "$global_symbol_pipe" | $GREP '_NULL_IMPORT_DESCRIPTOR'` test -n "$func_cygming_ms_implib_tmp" } # func_cygming_dll_for_implib_fallback ARG # Platform-specific function to extract the # name of the DLL associated with the specified # import library ARG. # # This fallback implementation is for use when $DLLTOOL # does not support the --identify-strict option. # Invoked by eval'ing the libtool variable # $sharedlib_from_linklib_cmd # Result is available in the variable # $sharedlib_from_linklib_result func_cygming_dll_for_implib_fallback () { $opt_debug if func_cygming_gnu_implib_p "$1" ; then # binutils import library sharedlib_from_linklib_result=`func_cygming_dll_for_implib_fallback_core '.idata$7' "$1"` elif func_cygming_ms_implib_p "$1" ; then # ms-generated import library sharedlib_from_linklib_result=`func_cygming_dll_for_implib_fallback_core '.idata$6' "$1"` else # unknown sharedlib_from_linklib_result="" fi } # func_extract_an_archive dir oldlib func_extract_an_archive () { $opt_debug f_ex_an_ar_dir="$1"; shift f_ex_an_ar_oldlib="$1" if test "$lock_old_archive_extraction" = yes; then lockfile=$f_ex_an_ar_oldlib.lock until $opt_dry_run || ln "$progpath" "$lockfile" 2>/dev/null; do func_echo "Waiting for $lockfile to be removed" sleep 2 done fi func_show_eval "(cd \$f_ex_an_ar_dir && $AR x \"\$f_ex_an_ar_oldlib\")" \ 'stat=$?; rm -f "$lockfile"; exit $stat' if test "$lock_old_archive_extraction" = yes; then $opt_dry_run || rm -f "$lockfile" fi if ($AR t "$f_ex_an_ar_oldlib" | sort | sort -uc >/dev/null 2>&1); then : else func_fatal_error "object name conflicts in archive: $f_ex_an_ar_dir/$f_ex_an_ar_oldlib" fi } # func_extract_archives gentop oldlib ... func_extract_archives () { $opt_debug my_gentop="$1"; shift my_oldlibs=${1+"$@"} my_oldobjs="" my_xlib="" my_xabs="" my_xdir="" for my_xlib in $my_oldlibs; do # Extract the objects. case $my_xlib in [\\/]* | [A-Za-z]:[\\/]*) my_xabs="$my_xlib" ;; *) my_xabs=`pwd`"/$my_xlib" ;; esac func_basename "$my_xlib" my_xlib="$func_basename_result" my_xlib_u=$my_xlib while :; do case " $extracted_archives " in *" $my_xlib_u "*) func_arith $extracted_serial + 1 extracted_serial=$func_arith_result my_xlib_u=lt$extracted_serial-$my_xlib ;; *) break ;; esac done extracted_archives="$extracted_archives $my_xlib_u" my_xdir="$my_gentop/$my_xlib_u" func_mkdir_p "$my_xdir" case $host in *-darwin*) func_verbose "Extracting $my_xabs" # Do not bother doing anything if just a dry run $opt_dry_run || { darwin_orig_dir=`pwd` cd $my_xdir || exit $? darwin_archive=$my_xabs darwin_curdir=`pwd` darwin_base_archive=`basename "$darwin_archive"` darwin_arches=`$LIPO -info "$darwin_archive" 2>/dev/null | $GREP Architectures 2>/dev/null || true` if test -n "$darwin_arches"; then darwin_arches=`$ECHO "$darwin_arches" | $SED -e 's/.*are://'` darwin_arch= func_verbose "$darwin_base_archive has multiple architectures $darwin_arches" for darwin_arch in $darwin_arches ; do func_mkdir_p "unfat-$$/${darwin_base_archive}-${darwin_arch}" $LIPO -thin $darwin_arch -output "unfat-$$/${darwin_base_archive}-${darwin_arch}/${darwin_base_archive}" "${darwin_archive}" cd "unfat-$$/${darwin_base_archive}-${darwin_arch}" func_extract_an_archive "`pwd`" "${darwin_base_archive}" cd "$darwin_curdir" $RM "unfat-$$/${darwin_base_archive}-${darwin_arch}/${darwin_base_archive}" done # $darwin_arches ## Okay now we've a bunch of thin objects, gotta fatten them up :) darwin_filelist=`find unfat-$$ -type f -name \*.o -print -o -name \*.lo -print | $SED -e "$basename" | sort -u` darwin_file= darwin_files= for darwin_file in $darwin_filelist; do darwin_files=`find unfat-$$ -name $darwin_file -print | sort | $NL2SP` $LIPO -create -output "$darwin_file" $darwin_files done # $darwin_filelist $RM -rf unfat-$$ cd "$darwin_orig_dir" else cd $darwin_orig_dir func_extract_an_archive "$my_xdir" "$my_xabs" fi # $darwin_arches } # !$opt_dry_run ;; *) func_extract_an_archive "$my_xdir" "$my_xabs" ;; esac my_oldobjs="$my_oldobjs "`find $my_xdir -name \*.$objext -print -o -name \*.lo -print | sort | $NL2SP` done func_extract_archives_result="$my_oldobjs" } # func_emit_wrapper [arg=no] # # Emit a libtool wrapper script on stdout. # Don't directly open a file because we may want to # incorporate the script contents within a cygwin/mingw # wrapper executable. Must ONLY be called from within # func_mode_link because it depends on a number of variables # set therein. # # ARG is the value that the WRAPPER_SCRIPT_BELONGS_IN_OBJDIR # variable will take. If 'yes', then the emitted script # will assume that the directory in which it is stored is # the $objdir directory. This is a cygwin/mingw-specific # behavior. func_emit_wrapper () { func_emit_wrapper_arg1=${1-no} $ECHO "\ #! $SHELL # $output - temporary wrapper script for $objdir/$outputname # Generated by $PROGRAM (GNU $PACKAGE$TIMESTAMP) $VERSION # # The $output program cannot be directly executed until all the libtool # libraries that it depends on are installed. # # This wrapper script should never be moved out of the build directory. # If it is, it will not operate correctly. # Sed substitution that helps us do robust quoting. It backslashifies # metacharacters that are still active within double-quoted strings. sed_quote_subst='$sed_quote_subst' # Be Bourne compatible if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then emulate sh NULLCMD=: # Zsh 3.x and 4.x performs word splitting on \${1+\"\$@\"}, which # is contrary to our usage. Disable this feature. alias -g '\${1+\"\$@\"}'='\"\$@\"' setopt NO_GLOB_SUBST else case \`(set -o) 2>/dev/null\` in *posix*) set -o posix;; esac fi BIN_SH=xpg4; export BIN_SH # for Tru64 DUALCASE=1; export DUALCASE # for MKS sh # The HP-UX ksh and POSIX shell print the target directory to stdout # if CDPATH is set. (unset CDPATH) >/dev/null 2>&1 && unset CDPATH relink_command=\"$relink_command\" # This environment variable determines our operation mode. if test \"\$libtool_install_magic\" = \"$magic\"; then # install mode needs the following variables: generated_by_libtool_version='$macro_version' notinst_deplibs='$notinst_deplibs' else # When we are sourced in execute mode, \$file and \$ECHO are already set. if test \"\$libtool_execute_magic\" != \"$magic\"; then file=\"\$0\"" qECHO=`$ECHO "$ECHO" | $SED "$sed_quote_subst"` $ECHO "\ # A function that is used when there is no print builtin or printf. func_fallback_echo () { eval 'cat <<_LTECHO_EOF \$1 _LTECHO_EOF' } ECHO=\"$qECHO\" fi # Very basic option parsing. These options are (a) specific to # the libtool wrapper, (b) are identical between the wrapper # /script/ and the wrapper /executable/ which is used only on # windows platforms, and (c) all begin with the string "--lt-" # (application programs are unlikely to have options which match # this pattern). # # There are only two supported options: --lt-debug and # --lt-dump-script. There is, deliberately, no --lt-help. # # The first argument to this parsing function should be the # script's $0 value, followed by "$@". lt_option_debug= func_parse_lt_options () { lt_script_arg0=\$0 shift for lt_opt do case \"\$lt_opt\" in --lt-debug) lt_option_debug=1 ;; --lt-dump-script) lt_dump_D=\`\$ECHO \"X\$lt_script_arg0\" | $SED -e 's/^X//' -e 's%/[^/]*$%%'\` test \"X\$lt_dump_D\" = \"X\$lt_script_arg0\" && lt_dump_D=. lt_dump_F=\`\$ECHO \"X\$lt_script_arg0\" | $SED -e 's/^X//' -e 's%^.*/%%'\` cat \"\$lt_dump_D/\$lt_dump_F\" exit 0 ;; --lt-*) \$ECHO \"Unrecognized --lt- option: '\$lt_opt'\" 1>&2 exit 1 ;; esac done # Print the debug banner immediately: if test -n \"\$lt_option_debug\"; then echo \"${outputname}:${output}:\${LINENO}: libtool wrapper (GNU $PACKAGE$TIMESTAMP) $VERSION\" 1>&2 fi } # Used when --lt-debug. Prints its arguments to stdout # (redirection is the responsibility of the caller) func_lt_dump_args () { lt_dump_args_N=1; for lt_arg do \$ECHO \"${outputname}:${output}:\${LINENO}: newargv[\$lt_dump_args_N]: \$lt_arg\" lt_dump_args_N=\`expr \$lt_dump_args_N + 1\` done } # Core function for launching the target application func_exec_program_core () { " case $host in # Backslashes separate directories on plain windows *-*-mingw | *-*-os2* | *-cegcc*) $ECHO "\ if test -n \"\$lt_option_debug\"; then \$ECHO \"${outputname}:${output}:\${LINENO}: newargv[0]: \$progdir\\\\\$program\" 1>&2 func_lt_dump_args \${1+\"\$@\"} 1>&2 fi exec \"\$progdir\\\\\$program\" \${1+\"\$@\"} " ;; *) $ECHO "\ if test -n \"\$lt_option_debug\"; then \$ECHO \"${outputname}:${output}:\${LINENO}: newargv[0]: \$progdir/\$program\" 1>&2 func_lt_dump_args \${1+\"\$@\"} 1>&2 fi exec \"\$progdir/\$program\" \${1+\"\$@\"} " ;; esac $ECHO "\ \$ECHO \"\$0: cannot exec \$program \$*\" 1>&2 exit 1 } # A function to encapsulate launching the target application # Strips options in the --lt-* namespace from \$@ and # launches target application with the remaining arguments. func_exec_program () { case \" \$* \" in *\\ --lt-*) for lt_wr_arg do case \$lt_wr_arg in --lt-*) ;; *) set x \"\$@\" \"\$lt_wr_arg\"; shift;; esac shift done ;; esac func_exec_program_core \${1+\"\$@\"} } # Parse options func_parse_lt_options \"\$0\" \${1+\"\$@\"} # Find the directory that this script lives in. thisdir=\`\$ECHO \"\$file\" | $SED 's%/[^/]*$%%'\` test \"x\$thisdir\" = \"x\$file\" && thisdir=. # Follow symbolic links until we get to the real thisdir. file=\`ls -ld \"\$file\" | $SED -n 's/.*-> //p'\` while test -n \"\$file\"; do destdir=\`\$ECHO \"\$file\" | $SED 's%/[^/]*\$%%'\` # If there was a directory component, then change thisdir. if test \"x\$destdir\" != \"x\$file\"; then case \"\$destdir\" in [\\\\/]* | [A-Za-z]:[\\\\/]*) thisdir=\"\$destdir\" ;; *) thisdir=\"\$thisdir/\$destdir\" ;; esac fi file=\`\$ECHO \"\$file\" | $SED 's%^.*/%%'\` file=\`ls -ld \"\$thisdir/\$file\" | $SED -n 's/.*-> //p'\` done # Usually 'no', except on cygwin/mingw when embedded into # the cwrapper. WRAPPER_SCRIPT_BELONGS_IN_OBJDIR=$func_emit_wrapper_arg1 if test \"\$WRAPPER_SCRIPT_BELONGS_IN_OBJDIR\" = \"yes\"; then # special case for '.' if test \"\$thisdir\" = \".\"; then thisdir=\`pwd\` fi # remove .libs from thisdir case \"\$thisdir\" in *[\\\\/]$objdir ) thisdir=\`\$ECHO \"\$thisdir\" | $SED 's%[\\\\/][^\\\\/]*$%%'\` ;; $objdir ) thisdir=. ;; esac fi # Try to get the absolute directory name. absdir=\`cd \"\$thisdir\" && pwd\` test -n \"\$absdir\" && thisdir=\"\$absdir\" " if test "$fast_install" = yes; then $ECHO "\ program=lt-'$outputname'$exeext progdir=\"\$thisdir/$objdir\" if test ! -f \"\$progdir/\$program\" || { file=\`ls -1dt \"\$progdir/\$program\" \"\$progdir/../\$program\" 2>/dev/null | ${SED} 1q\`; \\ test \"X\$file\" != \"X\$progdir/\$program\"; }; then file=\"\$\$-\$program\" if test ! -d \"\$progdir\"; then $MKDIR \"\$progdir\" else $RM \"\$progdir/\$file\" fi" $ECHO "\ # relink executable if necessary if test -n \"\$relink_command\"; then if relink_command_output=\`eval \$relink_command 2>&1\`; then : else $ECHO \"\$relink_command_output\" >&2 $RM \"\$progdir/\$file\" exit 1 fi fi $MV \"\$progdir/\$file\" \"\$progdir/\$program\" 2>/dev/null || { $RM \"\$progdir/\$program\"; $MV \"\$progdir/\$file\" \"\$progdir/\$program\"; } $RM \"\$progdir/\$file\" fi" else $ECHO "\ program='$outputname' progdir=\"\$thisdir/$objdir\" " fi $ECHO "\ if test -f \"\$progdir/\$program\"; then" # fixup the dll searchpath if we need to. # # Fix the DLL searchpath if we need to. Do this before prepending # to shlibpath, because on Windows, both are PATH and uninstalled # libraries must come first. if test -n "$dllsearchpath"; then $ECHO "\ # Add the dll search path components to the executable PATH PATH=$dllsearchpath:\$PATH " fi # Export our shlibpath_var if we have one. if test "$shlibpath_overrides_runpath" = yes && test -n "$shlibpath_var" && test -n "$temp_rpath"; then $ECHO "\ # Add our own library path to $shlibpath_var $shlibpath_var=\"$temp_rpath\$$shlibpath_var\" # Some systems cannot cope with colon-terminated $shlibpath_var # The second colon is a workaround for a bug in BeOS R4 sed $shlibpath_var=\`\$ECHO \"\$$shlibpath_var\" | $SED 's/::*\$//'\` export $shlibpath_var " fi $ECHO "\ if test \"\$libtool_execute_magic\" != \"$magic\"; then # Run the actual program with our arguments. func_exec_program \${1+\"\$@\"} fi else # The program doesn't exist. \$ECHO \"\$0: error: \\\`\$progdir/\$program' does not exist\" 1>&2 \$ECHO \"This script is just a wrapper for \$program.\" 1>&2 \$ECHO \"See the $PACKAGE documentation for more information.\" 1>&2 exit 1 fi fi\ " } # func_emit_cwrapperexe_src # emit the source code for a wrapper executable on stdout # Must ONLY be called from within func_mode_link because # it depends on a number of variable set therein. func_emit_cwrapperexe_src () { cat < #include #ifdef _MSC_VER # include # include # include #else # include # include # ifdef __CYGWIN__ # include # endif #endif #include #include #include #include #include #include #include #include /* declarations of non-ANSI functions */ #if defined(__MINGW32__) # ifdef __STRICT_ANSI__ int _putenv (const char *); # endif #elif defined(__CYGWIN__) # ifdef __STRICT_ANSI__ char *realpath (const char *, char *); int putenv (char *); int setenv (const char *, const char *, int); # endif /* #elif defined (other platforms) ... */ #endif /* portability defines, excluding path handling macros */ #if defined(_MSC_VER) # define setmode _setmode # define stat _stat # define chmod _chmod # define getcwd _getcwd # define putenv _putenv # define S_IXUSR _S_IEXEC # ifndef _INTPTR_T_DEFINED # define _INTPTR_T_DEFINED # define intptr_t int # endif #elif defined(__MINGW32__) # define setmode _setmode # define stat _stat # define chmod _chmod # define getcwd _getcwd # define putenv _putenv #elif defined(__CYGWIN__) # define HAVE_SETENV # define FOPEN_WB "wb" /* #elif defined (other platforms) ... */ #endif #if defined(PATH_MAX) # define LT_PATHMAX PATH_MAX #elif defined(MAXPATHLEN) # define LT_PATHMAX MAXPATHLEN #else # define LT_PATHMAX 1024 #endif #ifndef S_IXOTH # define S_IXOTH 0 #endif #ifndef S_IXGRP # define S_IXGRP 0 #endif /* path handling portability macros */ #ifndef DIR_SEPARATOR # define DIR_SEPARATOR '/' # define PATH_SEPARATOR ':' #endif #if defined (_WIN32) || defined (__MSDOS__) || defined (__DJGPP__) || \ defined (__OS2__) # define HAVE_DOS_BASED_FILE_SYSTEM # define FOPEN_WB "wb" # ifndef DIR_SEPARATOR_2 # define DIR_SEPARATOR_2 '\\' # endif # ifndef PATH_SEPARATOR_2 # define PATH_SEPARATOR_2 ';' # endif #endif #ifndef DIR_SEPARATOR_2 # define IS_DIR_SEPARATOR(ch) ((ch) == DIR_SEPARATOR) #else /* DIR_SEPARATOR_2 */ # define IS_DIR_SEPARATOR(ch) \ (((ch) == DIR_SEPARATOR) || ((ch) == DIR_SEPARATOR_2)) #endif /* DIR_SEPARATOR_2 */ #ifndef PATH_SEPARATOR_2 # define IS_PATH_SEPARATOR(ch) ((ch) == PATH_SEPARATOR) #else /* PATH_SEPARATOR_2 */ # define IS_PATH_SEPARATOR(ch) ((ch) == PATH_SEPARATOR_2) #endif /* PATH_SEPARATOR_2 */ #ifndef FOPEN_WB # define FOPEN_WB "w" #endif #ifndef _O_BINARY # define _O_BINARY 0 #endif #define XMALLOC(type, num) ((type *) xmalloc ((num) * sizeof(type))) #define XFREE(stale) do { \ if (stale) { free ((void *) stale); stale = 0; } \ } while (0) #if defined(LT_DEBUGWRAPPER) static int lt_debug = 1; #else static int lt_debug = 0; #endif const char *program_name = "libtool-wrapper"; /* in case xstrdup fails */ void *xmalloc (size_t num); char *xstrdup (const char *string); const char *base_name (const char *name); char *find_executable (const char *wrapper); char *chase_symlinks (const char *pathspec); int make_executable (const char *path); int check_executable (const char *path); char *strendzap (char *str, const char *pat); void lt_debugprintf (const char *file, int line, const char *fmt, ...); void lt_fatal (const char *file, int line, const char *message, ...); static const char *nonnull (const char *s); static const char *nonempty (const char *s); void lt_setenv (const char *name, const char *value); char *lt_extend_str (const char *orig_value, const char *add, int to_end); void lt_update_exe_path (const char *name, const char *value); void lt_update_lib_path (const char *name, const char *value); char **prepare_spawn (char **argv); void lt_dump_script (FILE *f); EOF cat <= 0) && (st.st_mode & (S_IXUSR | S_IXGRP | S_IXOTH))) return 1; else return 0; } int make_executable (const char *path) { int rval = 0; struct stat st; lt_debugprintf (__FILE__, __LINE__, "(make_executable): %s\n", nonempty (path)); if ((!path) || (!*path)) return 0; if (stat (path, &st) >= 0) { rval = chmod (path, st.st_mode | S_IXOTH | S_IXGRP | S_IXUSR); } return rval; } /* Searches for the full path of the wrapper. Returns newly allocated full path name if found, NULL otherwise Does not chase symlinks, even on platforms that support them. */ char * find_executable (const char *wrapper) { int has_slash = 0; const char *p; const char *p_next; /* static buffer for getcwd */ char tmp[LT_PATHMAX + 1]; int tmp_len; char *concat_name; lt_debugprintf (__FILE__, __LINE__, "(find_executable): %s\n", nonempty (wrapper)); if ((wrapper == NULL) || (*wrapper == '\0')) return NULL; /* Absolute path? */ #if defined (HAVE_DOS_BASED_FILE_SYSTEM) if (isalpha ((unsigned char) wrapper[0]) && wrapper[1] == ':') { concat_name = xstrdup (wrapper); if (check_executable (concat_name)) return concat_name; XFREE (concat_name); } else { #endif if (IS_DIR_SEPARATOR (wrapper[0])) { concat_name = xstrdup (wrapper); if (check_executable (concat_name)) return concat_name; XFREE (concat_name); } #if defined (HAVE_DOS_BASED_FILE_SYSTEM) } #endif for (p = wrapper; *p; p++) if (*p == '/') { has_slash = 1; break; } if (!has_slash) { /* no slashes; search PATH */ const char *path = getenv ("PATH"); if (path != NULL) { for (p = path; *p; p = p_next) { const char *q; size_t p_len; for (q = p; *q; q++) if (IS_PATH_SEPARATOR (*q)) break; p_len = q - p; p_next = (*q == '\0' ? q : q + 1); if (p_len == 0) { /* empty path: current directory */ if (getcwd (tmp, LT_PATHMAX) == NULL) lt_fatal (__FILE__, __LINE__, "getcwd failed: %s", nonnull (strerror (errno))); tmp_len = strlen (tmp); concat_name = XMALLOC (char, tmp_len + 1 + strlen (wrapper) + 1); memcpy (concat_name, tmp, tmp_len); concat_name[tmp_len] = '/'; strcpy (concat_name + tmp_len + 1, wrapper); } else { concat_name = XMALLOC (char, p_len + 1 + strlen (wrapper) + 1); memcpy (concat_name, p, p_len); concat_name[p_len] = '/'; strcpy (concat_name + p_len + 1, wrapper); } if (check_executable (concat_name)) return concat_name; XFREE (concat_name); } } /* not found in PATH; assume curdir */ } /* Relative path | not found in path: prepend cwd */ if (getcwd (tmp, LT_PATHMAX) == NULL) lt_fatal (__FILE__, __LINE__, "getcwd failed: %s", nonnull (strerror (errno))); tmp_len = strlen (tmp); concat_name = XMALLOC (char, tmp_len + 1 + strlen (wrapper) + 1); memcpy (concat_name, tmp, tmp_len); concat_name[tmp_len] = '/'; strcpy (concat_name + tmp_len + 1, wrapper); if (check_executable (concat_name)) return concat_name; XFREE (concat_name); return NULL; } char * chase_symlinks (const char *pathspec) { #ifndef S_ISLNK return xstrdup (pathspec); #else char buf[LT_PATHMAX]; struct stat s; char *tmp_pathspec = xstrdup (pathspec); char *p; int has_symlinks = 0; while (strlen (tmp_pathspec) && !has_symlinks) { lt_debugprintf (__FILE__, __LINE__, "checking path component for symlinks: %s\n", tmp_pathspec); if (lstat (tmp_pathspec, &s) == 0) { if (S_ISLNK (s.st_mode) != 0) { has_symlinks = 1; break; } /* search backwards for last DIR_SEPARATOR */ p = tmp_pathspec + strlen (tmp_pathspec) - 1; while ((p > tmp_pathspec) && (!IS_DIR_SEPARATOR (*p))) p--; if ((p == tmp_pathspec) && (!IS_DIR_SEPARATOR (*p))) { /* no more DIR_SEPARATORS left */ break; } *p = '\0'; } else { lt_fatal (__FILE__, __LINE__, "error accessing file \"%s\": %s", tmp_pathspec, nonnull (strerror (errno))); } } XFREE (tmp_pathspec); if (!has_symlinks) { return xstrdup (pathspec); } tmp_pathspec = realpath (pathspec, buf); if (tmp_pathspec == 0) { lt_fatal (__FILE__, __LINE__, "could not follow symlinks for %s", pathspec); } return xstrdup (tmp_pathspec); #endif } char * strendzap (char *str, const char *pat) { size_t len, patlen; assert (str != NULL); assert (pat != NULL); len = strlen (str); patlen = strlen (pat); if (patlen <= len) { str += len - patlen; if (strcmp (str, pat) == 0) *str = '\0'; } return str; } void lt_debugprintf (const char *file, int line, const char *fmt, ...) { va_list args; if (lt_debug) { (void) fprintf (stderr, "%s:%s:%d: ", program_name, file, line); va_start (args, fmt); (void) vfprintf (stderr, fmt, args); va_end (args); } } static void lt_error_core (int exit_status, const char *file, int line, const char *mode, const char *message, va_list ap) { fprintf (stderr, "%s:%s:%d: %s: ", program_name, file, line, mode); vfprintf (stderr, message, ap); fprintf (stderr, ".\n"); if (exit_status >= 0) exit (exit_status); } void lt_fatal (const char *file, int line, const char *message, ...) { va_list ap; va_start (ap, message); lt_error_core (EXIT_FAILURE, file, line, "FATAL", message, ap); va_end (ap); } static const char * nonnull (const char *s) { return s ? s : "(null)"; } static const char * nonempty (const char *s) { return (s && !*s) ? "(empty)" : nonnull (s); } void lt_setenv (const char *name, const char *value) { lt_debugprintf (__FILE__, __LINE__, "(lt_setenv) setting '%s' to '%s'\n", nonnull (name), nonnull (value)); { #ifdef HAVE_SETENV /* always make a copy, for consistency with !HAVE_SETENV */ char *str = xstrdup (value); setenv (name, str, 1); #else int len = strlen (name) + 1 + strlen (value) + 1; char *str = XMALLOC (char, len); sprintf (str, "%s=%s", name, value); if (putenv (str) != EXIT_SUCCESS) { XFREE (str); } #endif } } char * lt_extend_str (const char *orig_value, const char *add, int to_end) { char *new_value; if (orig_value && *orig_value) { int orig_value_len = strlen (orig_value); int add_len = strlen (add); new_value = XMALLOC (char, add_len + orig_value_len + 1); if (to_end) { strcpy (new_value, orig_value); strcpy (new_value + orig_value_len, add); } else { strcpy (new_value, add); strcpy (new_value + add_len, orig_value); } } else { new_value = xstrdup (add); } return new_value; } void lt_update_exe_path (const char *name, const char *value) { lt_debugprintf (__FILE__, __LINE__, "(lt_update_exe_path) modifying '%s' by prepending '%s'\n", nonnull (name), nonnull (value)); if (name && *name && value && *value) { char *new_value = lt_extend_str (getenv (name), value, 0); /* some systems can't cope with a ':'-terminated path #' */ int len = strlen (new_value); while (((len = strlen (new_value)) > 0) && IS_PATH_SEPARATOR (new_value[len-1])) { new_value[len-1] = '\0'; } lt_setenv (name, new_value); XFREE (new_value); } } void lt_update_lib_path (const char *name, const char *value) { lt_debugprintf (__FILE__, __LINE__, "(lt_update_lib_path) modifying '%s' by prepending '%s'\n", nonnull (name), nonnull (value)); if (name && *name && value && *value) { char *new_value = lt_extend_str (getenv (name), value, 0); lt_setenv (name, new_value); XFREE (new_value); } } EOF case $host_os in mingw*) cat <<"EOF" /* Prepares an argument vector before calling spawn(). Note that spawn() does not by itself call the command interpreter (getenv ("COMSPEC") != NULL ? getenv ("COMSPEC") : ({ OSVERSIONINFO v; v.dwOSVersionInfoSize = sizeof(OSVERSIONINFO); GetVersionEx(&v); v.dwPlatformId == VER_PLATFORM_WIN32_NT; }) ? "cmd.exe" : "command.com"). Instead it simply concatenates the arguments, separated by ' ', and calls CreateProcess(). We must quote the arguments since Win32 CreateProcess() interprets characters like ' ', '\t', '\\', '"' (but not '<' and '>') in a special way: - Space and tab are interpreted as delimiters. They are not treated as delimiters if they are surrounded by double quotes: "...". - Unescaped double quotes are removed from the input. Their only effect is that within double quotes, space and tab are treated like normal characters. - Backslashes not followed by double quotes are not special. - But 2*n+1 backslashes followed by a double quote become n backslashes followed by a double quote (n >= 0): \" -> " \\\" -> \" \\\\\" -> \\" */ #define SHELL_SPECIAL_CHARS "\"\\ \001\002\003\004\005\006\007\010\011\012\013\014\015\016\017\020\021\022\023\024\025\026\027\030\031\032\033\034\035\036\037" #define SHELL_SPACE_CHARS " \001\002\003\004\005\006\007\010\011\012\013\014\015\016\017\020\021\022\023\024\025\026\027\030\031\032\033\034\035\036\037" char ** prepare_spawn (char **argv) { size_t argc; char **new_argv; size_t i; /* Count number of arguments. */ for (argc = 0; argv[argc] != NULL; argc++) ; /* Allocate new argument vector. */ new_argv = XMALLOC (char *, argc + 1); /* Put quoted arguments into the new argument vector. */ for (i = 0; i < argc; i++) { const char *string = argv[i]; if (string[0] == '\0') new_argv[i] = xstrdup ("\"\""); else if (strpbrk (string, SHELL_SPECIAL_CHARS) != NULL) { int quote_around = (strpbrk (string, SHELL_SPACE_CHARS) != NULL); size_t length; unsigned int backslashes; const char *s; char *quoted_string; char *p; length = 0; backslashes = 0; if (quote_around) length++; for (s = string; *s != '\0'; s++) { char c = *s; if (c == '"') length += backslashes + 1; length++; if (c == '\\') backslashes++; else backslashes = 0; } if (quote_around) length += backslashes + 1; quoted_string = XMALLOC (char, length + 1); p = quoted_string; backslashes = 0; if (quote_around) *p++ = '"'; for (s = string; *s != '\0'; s++) { char c = *s; if (c == '"') { unsigned int j; for (j = backslashes + 1; j > 0; j--) *p++ = '\\'; } *p++ = c; if (c == '\\') backslashes++; else backslashes = 0; } if (quote_around) { unsigned int j; for (j = backslashes; j > 0; j--) *p++ = '\\'; *p++ = '"'; } *p = '\0'; new_argv[i] = quoted_string; } else new_argv[i] = (char *) string; } new_argv[argc] = NULL; return new_argv; } EOF ;; esac cat <<"EOF" void lt_dump_script (FILE* f) { EOF func_emit_wrapper yes | $SED -n -e ' s/^\(.\{79\}\)\(..*\)/\1\ \2/ h s/\([\\"]\)/\\\1/g s/$/\\n/ s/\([^\n]*\).*/ fputs ("\1", f);/p g D' cat <<"EOF" } EOF } # end: func_emit_cwrapperexe_src # func_win32_import_lib_p ARG # True if ARG is an import lib, as indicated by $file_magic_cmd func_win32_import_lib_p () { $opt_debug case `eval $file_magic_cmd \"\$1\" 2>/dev/null | $SED -e 10q` in *import*) : ;; *) false ;; esac } # func_mode_link arg... func_mode_link () { $opt_debug case $host in *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-cegcc*) # It is impossible to link a dll without this setting, and # we shouldn't force the makefile maintainer to figure out # which system we are compiling for in order to pass an extra # flag for every libtool invocation. # allow_undefined=no # FIXME: Unfortunately, there are problems with the above when trying # to make a dll which has undefined symbols, in which case not # even a static library is built. For now, we need to specify # -no-undefined on the libtool link line when we can be certain # that all symbols are satisfied, otherwise we get a static library. allow_undefined=yes ;; *) allow_undefined=yes ;; esac libtool_args=$nonopt base_compile="$nonopt $@" compile_command=$nonopt finalize_command=$nonopt compile_rpath= finalize_rpath= compile_shlibpath= finalize_shlibpath= convenience= old_convenience= deplibs= old_deplibs= compiler_flags= linker_flags= dllsearchpath= lib_search_path=`pwd` inst_prefix_dir= new_inherited_linker_flags= avoid_version=no bindir= dlfiles= dlprefiles= dlself=no export_dynamic=no export_symbols= export_symbols_regex= generated= libobjs= ltlibs= module=no no_install=no objs= non_pic_objects= precious_files_regex= prefer_static_libs=no preload=no prev= prevarg= release= rpath= xrpath= perm_rpath= temp_rpath= thread_safe=no vinfo= vinfo_number=no weak_libs= single_module="${wl}-single_module" func_infer_tag $base_compile # We need to know -static, to get the right output filenames. for arg do case $arg in -shared) test "$build_libtool_libs" != yes && \ func_fatal_configuration "can not build a shared library" build_old_libs=no break ;; -all-static | -static | -static-libtool-libs) case $arg in -all-static) if test "$build_libtool_libs" = yes && test -z "$link_static_flag"; then func_warning "complete static linking is impossible in this configuration" fi if test -n "$link_static_flag"; then dlopen_self=$dlopen_self_static fi prefer_static_libs=yes ;; -static) if test -z "$pic_flag" && test -n "$link_static_flag"; then dlopen_self=$dlopen_self_static fi prefer_static_libs=built ;; -static-libtool-libs) if test -z "$pic_flag" && test -n "$link_static_flag"; then dlopen_self=$dlopen_self_static fi prefer_static_libs=yes ;; esac build_libtool_libs=no build_old_libs=yes break ;; esac done # See if our shared archives depend on static archives. test -n "$old_archive_from_new_cmds" && build_old_libs=yes # Go through the arguments, transforming them on the way. while test "$#" -gt 0; do arg="$1" shift func_quote_for_eval "$arg" qarg=$func_quote_for_eval_unquoted_result func_append libtool_args " $func_quote_for_eval_result" # If the previous option needs an argument, assign it. if test -n "$prev"; then case $prev in output) func_append compile_command " @OUTPUT@" func_append finalize_command " @OUTPUT@" ;; esac case $prev in bindir) bindir="$arg" prev= continue ;; dlfiles|dlprefiles) if test "$preload" = no; then # Add the symbol object into the linking commands. func_append compile_command " @SYMFILE@" func_append finalize_command " @SYMFILE@" preload=yes fi case $arg in *.la | *.lo) ;; # We handle these cases below. force) if test "$dlself" = no; then dlself=needless export_dynamic=yes fi prev= continue ;; self) if test "$prev" = dlprefiles; then dlself=yes elif test "$prev" = dlfiles && test "$dlopen_self" != yes; then dlself=yes else dlself=needless export_dynamic=yes fi prev= continue ;; *) if test "$prev" = dlfiles; then func_append dlfiles " $arg" else func_append dlprefiles " $arg" fi prev= continue ;; esac ;; expsyms) export_symbols="$arg" test -f "$arg" \ || func_fatal_error "symbol file \`$arg' does not exist" prev= continue ;; expsyms_regex) export_symbols_regex="$arg" prev= continue ;; framework) case $host in *-*-darwin*) case "$deplibs " in *" $qarg.ltframework "*) ;; *) func_append deplibs " $qarg.ltframework" # this is fixed later ;; esac ;; esac prev= continue ;; inst_prefix) inst_prefix_dir="$arg" prev= continue ;; objectlist) if test -f "$arg"; then save_arg=$arg moreargs= for fil in `cat "$save_arg"` do # func_append moreargs " $fil" arg=$fil # A libtool-controlled object. # Check to see that this really is a libtool object. if func_lalib_unsafe_p "$arg"; then pic_object= non_pic_object= # Read the .lo file func_source "$arg" if test -z "$pic_object" || test -z "$non_pic_object" || test "$pic_object" = none && test "$non_pic_object" = none; then func_fatal_error "cannot find name of object for \`$arg'" fi # Extract subdirectory from the argument. func_dirname "$arg" "/" "" xdir="$func_dirname_result" if test "$pic_object" != none; then # Prepend the subdirectory the object is found in. pic_object="$xdir$pic_object" if test "$prev" = dlfiles; then if test "$build_libtool_libs" = yes && test "$dlopen_support" = yes; then func_append dlfiles " $pic_object" prev= continue else # If libtool objects are unsupported, then we need to preload. prev=dlprefiles fi fi # CHECK ME: I think I busted this. -Ossama if test "$prev" = dlprefiles; then # Preload the old-style object. func_append dlprefiles " $pic_object" prev= fi # A PIC object. func_append libobjs " $pic_object" arg="$pic_object" fi # Non-PIC object. if test "$non_pic_object" != none; then # Prepend the subdirectory the object is found in. non_pic_object="$xdir$non_pic_object" # A standard non-PIC object func_append non_pic_objects " $non_pic_object" if test -z "$pic_object" || test "$pic_object" = none ; then arg="$non_pic_object" fi else # If the PIC object exists, use it instead. # $xdir was prepended to $pic_object above. non_pic_object="$pic_object" func_append non_pic_objects " $non_pic_object" fi else # Only an error if not doing a dry-run. if $opt_dry_run; then # Extract subdirectory from the argument. func_dirname "$arg" "/" "" xdir="$func_dirname_result" func_lo2o "$arg" pic_object=$xdir$objdir/$func_lo2o_result non_pic_object=$xdir$func_lo2o_result func_append libobjs " $pic_object" func_append non_pic_objects " $non_pic_object" else func_fatal_error "\`$arg' is not a valid libtool object" fi fi done else func_fatal_error "link input file \`$arg' does not exist" fi arg=$save_arg prev= continue ;; precious_regex) precious_files_regex="$arg" prev= continue ;; release) release="-$arg" prev= continue ;; rpath | xrpath) # We need an absolute path. case $arg in [\\/]* | [A-Za-z]:[\\/]*) ;; *) func_fatal_error "only absolute run-paths are allowed" ;; esac if test "$prev" = rpath; then case "$rpath " in *" $arg "*) ;; *) func_append rpath " $arg" ;; esac else case "$xrpath " in *" $arg "*) ;; *) func_append xrpath " $arg" ;; esac fi prev= continue ;; shrext) shrext_cmds="$arg" prev= continue ;; weak) func_append weak_libs " $arg" prev= continue ;; xcclinker) func_append linker_flags " $qarg" func_append compiler_flags " $qarg" prev= func_append compile_command " $qarg" func_append finalize_command " $qarg" continue ;; xcompiler) func_append compiler_flags " $qarg" prev= func_append compile_command " $qarg" func_append finalize_command " $qarg" continue ;; xlinker) func_append linker_flags " $qarg" func_append compiler_flags " $wl$qarg" prev= func_append compile_command " $wl$qarg" func_append finalize_command " $wl$qarg" continue ;; *) eval "$prev=\"\$arg\"" prev= continue ;; esac fi # test -n "$prev" prevarg="$arg" case $arg in -all-static) if test -n "$link_static_flag"; then # See comment for -static flag below, for more details. func_append compile_command " $link_static_flag" func_append finalize_command " $link_static_flag" fi continue ;; -allow-undefined) # FIXME: remove this flag sometime in the future. func_fatal_error "\`-allow-undefined' must not be used because it is the default" ;; -avoid-version) avoid_version=yes continue ;; -bindir) prev=bindir continue ;; -dlopen) prev=dlfiles continue ;; -dlpreopen) prev=dlprefiles continue ;; -export-dynamic) export_dynamic=yes continue ;; -export-symbols | -export-symbols-regex) if test -n "$export_symbols" || test -n "$export_symbols_regex"; then func_fatal_error "more than one -exported-symbols argument is not allowed" fi if test "X$arg" = "X-export-symbols"; then prev=expsyms else prev=expsyms_regex fi continue ;; -framework) prev=framework continue ;; -inst-prefix-dir) prev=inst_prefix continue ;; # The native IRIX linker understands -LANG:*, -LIST:* and -LNO:* # so, if we see these flags be careful not to treat them like -L -L[A-Z][A-Z]*:*) case $with_gcc/$host in no/*-*-irix* | /*-*-irix*) func_append compile_command " $arg" func_append finalize_command " $arg" ;; esac continue ;; -L*) func_stripname "-L" '' "$arg" if test -z "$func_stripname_result"; then if test "$#" -gt 0; then func_fatal_error "require no space between \`-L' and \`$1'" else func_fatal_error "need path for \`-L' option" fi fi func_resolve_sysroot "$func_stripname_result" dir=$func_resolve_sysroot_result # We need an absolute path. case $dir in [\\/]* | [A-Za-z]:[\\/]*) ;; *) absdir=`cd "$dir" && pwd` test -z "$absdir" && \ func_fatal_error "cannot determine absolute directory name of \`$dir'" dir="$absdir" ;; esac case "$deplibs " in *" -L$dir "* | *" $arg "*) # Will only happen for absolute or sysroot arguments ;; *) # Preserve sysroot, but never include relative directories case $dir in [\\/]* | [A-Za-z]:[\\/]* | =*) func_append deplibs " $arg" ;; *) func_append deplibs " -L$dir" ;; esac func_append lib_search_path " $dir" ;; esac case $host in *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-cegcc*) testbindir=`$ECHO "$dir" | $SED 's*/lib$*/bin*'` case :$dllsearchpath: in *":$dir:"*) ;; ::) dllsearchpath=$dir;; *) func_append dllsearchpath ":$dir";; esac case :$dllsearchpath: in *":$testbindir:"*) ;; ::) dllsearchpath=$testbindir;; *) func_append dllsearchpath ":$testbindir";; esac ;; esac continue ;; -l*) if test "X$arg" = "X-lc" || test "X$arg" = "X-lm"; then case $host in *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-beos* | *-cegcc* | *-*-haiku*) # These systems don't actually have a C or math library (as such) continue ;; *-*-os2*) # These systems don't actually have a C library (as such) test "X$arg" = "X-lc" && continue ;; *-*-openbsd* | *-*-freebsd* | *-*-dragonfly*) # Do not include libc due to us having libc/libc_r. test "X$arg" = "X-lc" && continue ;; *-*-rhapsody* | *-*-darwin1.[012]) # Rhapsody C and math libraries are in the System framework func_append deplibs " System.ltframework" continue ;; *-*-sco3.2v5* | *-*-sco5v6*) # Causes problems with __ctype test "X$arg" = "X-lc" && continue ;; *-*-sysv4.2uw2* | *-*-sysv5* | *-*-unixware* | *-*-OpenUNIX*) # Compiler inserts libc in the correct place for threads to work test "X$arg" = "X-lc" && continue ;; esac elif test "X$arg" = "X-lc_r"; then case $host in *-*-openbsd* | *-*-freebsd* | *-*-dragonfly*) # Do not include libc_r directly, use -pthread flag. continue ;; esac fi func_append deplibs " $arg" continue ;; -module) module=yes continue ;; # Tru64 UNIX uses -model [arg] to determine the layout of C++ # classes, name mangling, and exception handling. # Darwin uses the -arch flag to determine output architecture. -model|-arch|-isysroot|--sysroot) func_append compiler_flags " $arg" func_append compile_command " $arg" func_append finalize_command " $arg" prev=xcompiler continue ;; -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe \ |-threads|-fopenmp|-openmp|-mp|-xopenmp|-omp|-qsmp=*) func_append compiler_flags " $arg" func_append compile_command " $arg" func_append finalize_command " $arg" case "$new_inherited_linker_flags " in *" $arg "*) ;; * ) func_append new_inherited_linker_flags " $arg" ;; esac continue ;; -multi_module) single_module="${wl}-multi_module" continue ;; -no-fast-install) fast_install=no continue ;; -no-install) case $host in *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-*-darwin* | *-cegcc*) # The PATH hackery in wrapper scripts is required on Windows # and Darwin in order for the loader to find any dlls it needs. func_warning "\`-no-install' is ignored for $host" func_warning "assuming \`-no-fast-install' instead" fast_install=no ;; *) no_install=yes ;; esac continue ;; -no-undefined) allow_undefined=no continue ;; -objectlist) prev=objectlist continue ;; -o) prev=output ;; -precious-files-regex) prev=precious_regex continue ;; -release) prev=release continue ;; -rpath) prev=rpath continue ;; -R) prev=xrpath continue ;; -R*) func_stripname '-R' '' "$arg" dir=$func_stripname_result # We need an absolute path. case $dir in [\\/]* | [A-Za-z]:[\\/]*) ;; =*) func_stripname '=' '' "$dir" dir=$lt_sysroot$func_stripname_result ;; *) func_fatal_error "only absolute run-paths are allowed" ;; esac case "$xrpath " in *" $dir "*) ;; *) func_append xrpath " $dir" ;; esac continue ;; -shared) # The effects of -shared are defined in a previous loop. continue ;; -shrext) prev=shrext continue ;; -static | -static-libtool-libs) # The effects of -static are defined in a previous loop. # We used to do the same as -all-static on platforms that # didn't have a PIC flag, but the assumption that the effects # would be equivalent was wrong. It would break on at least # Digital Unix and AIX. continue ;; -thread-safe) thread_safe=yes continue ;; -version-info) prev=vinfo continue ;; -version-number) prev=vinfo vinfo_number=yes continue ;; -weak) prev=weak continue ;; -Wc,*) func_stripname '-Wc,' '' "$arg" args=$func_stripname_result arg= save_ifs="$IFS"; IFS=',' for flag in $args; do IFS="$save_ifs" func_quote_for_eval "$flag" func_append arg " $func_quote_for_eval_result" func_append compiler_flags " $func_quote_for_eval_result" done IFS="$save_ifs" func_stripname ' ' '' "$arg" arg=$func_stripname_result ;; -Wl,*) func_stripname '-Wl,' '' "$arg" args=$func_stripname_result arg= save_ifs="$IFS"; IFS=',' for flag in $args; do IFS="$save_ifs" func_quote_for_eval "$flag" func_append arg " $wl$func_quote_for_eval_result" func_append compiler_flags " $wl$func_quote_for_eval_result" func_append linker_flags " $func_quote_for_eval_result" done IFS="$save_ifs" func_stripname ' ' '' "$arg" arg=$func_stripname_result ;; -Xcompiler) prev=xcompiler continue ;; -Xlinker) prev=xlinker continue ;; -XCClinker) prev=xcclinker continue ;; # -msg_* for osf cc -msg_*) func_quote_for_eval "$arg" arg="$func_quote_for_eval_result" ;; # Flags to be passed through unchanged, with rationale: # -64, -mips[0-9] enable 64-bit mode for the SGI compiler # -r[0-9][0-9]* specify processor for the SGI compiler # -xarch=*, -xtarget=* enable 64-bit mode for the Sun compiler # +DA*, +DD* enable 64-bit mode for the HP compiler # -q* compiler args for the IBM compiler # -m*, -t[45]*, -txscale* architecture-specific flags for GCC # -F/path path to uninstalled frameworks, gcc on darwin # -p, -pg, --coverage, -fprofile-* profiling flags for GCC # @file GCC response files # -tp=* Portland pgcc target processor selection # --sysroot=* for sysroot support # -O*, -flto*, -fwhopr*, -fuse-linker-plugin GCC link-time optimization -64|-mips[0-9]|-r[0-9][0-9]*|-xarch=*|-xtarget=*|+DA*|+DD*|-q*|-m*| \ -t[45]*|-txscale*|-p|-pg|--coverage|-fprofile-*|-F*|@*|-tp=*|--sysroot=*| \ -O*|-flto*|-fwhopr*|-fuse-linker-plugin) func_quote_for_eval "$arg" arg="$func_quote_for_eval_result" func_append compile_command " $arg" func_append finalize_command " $arg" func_append compiler_flags " $arg" continue ;; # Some other compiler flag. -* | +*) func_quote_for_eval "$arg" arg="$func_quote_for_eval_result" ;; *.$objext) # A standard object. func_append objs " $arg" ;; *.lo) # A libtool-controlled object. # Check to see that this really is a libtool object. if func_lalib_unsafe_p "$arg"; then pic_object= non_pic_object= # Read the .lo file func_source "$arg" if test -z "$pic_object" || test -z "$non_pic_object" || test "$pic_object" = none && test "$non_pic_object" = none; then func_fatal_error "cannot find name of object for \`$arg'" fi # Extract subdirectory from the argument. func_dirname "$arg" "/" "" xdir="$func_dirname_result" if test "$pic_object" != none; then # Prepend the subdirectory the object is found in. pic_object="$xdir$pic_object" if test "$prev" = dlfiles; then if test "$build_libtool_libs" = yes && test "$dlopen_support" = yes; then func_append dlfiles " $pic_object" prev= continue else # If libtool objects are unsupported, then we need to preload. prev=dlprefiles fi fi # CHECK ME: I think I busted this. -Ossama if test "$prev" = dlprefiles; then # Preload the old-style object. func_append dlprefiles " $pic_object" prev= fi # A PIC object. func_append libobjs " $pic_object" arg="$pic_object" fi # Non-PIC object. if test "$non_pic_object" != none; then # Prepend the subdirectory the object is found in. non_pic_object="$xdir$non_pic_object" # A standard non-PIC object func_append non_pic_objects " $non_pic_object" if test -z "$pic_object" || test "$pic_object" = none ; then arg="$non_pic_object" fi else # If the PIC object exists, use it instead. # $xdir was prepended to $pic_object above. non_pic_object="$pic_object" func_append non_pic_objects " $non_pic_object" fi else # Only an error if not doing a dry-run. if $opt_dry_run; then # Extract subdirectory from the argument. func_dirname "$arg" "/" "" xdir="$func_dirname_result" func_lo2o "$arg" pic_object=$xdir$objdir/$func_lo2o_result non_pic_object=$xdir$func_lo2o_result func_append libobjs " $pic_object" func_append non_pic_objects " $non_pic_object" else func_fatal_error "\`$arg' is not a valid libtool object" fi fi ;; *.$libext) # An archive. func_append deplibs " $arg" func_append old_deplibs " $arg" continue ;; *.la) # A libtool-controlled library. func_resolve_sysroot "$arg" if test "$prev" = dlfiles; then # This library was specified with -dlopen. func_append dlfiles " $func_resolve_sysroot_result" prev= elif test "$prev" = dlprefiles; then # The library was specified with -dlpreopen. func_append dlprefiles " $func_resolve_sysroot_result" prev= else func_append deplibs " $func_resolve_sysroot_result" fi continue ;; # Some other compiler argument. *) # Unknown arguments in both finalize_command and compile_command need # to be aesthetically quoted because they are evaled later. func_quote_for_eval "$arg" arg="$func_quote_for_eval_result" ;; esac # arg # Now actually substitute the argument into the commands. if test -n "$arg"; then func_append compile_command " $arg" func_append finalize_command " $arg" fi done # argument parsing loop test -n "$prev" && \ func_fatal_help "the \`$prevarg' option requires an argument" if test "$export_dynamic" = yes && test -n "$export_dynamic_flag_spec"; then eval arg=\"$export_dynamic_flag_spec\" func_append compile_command " $arg" func_append finalize_command " $arg" fi oldlibs= # calculate the name of the file, without its directory func_basename "$output" outputname="$func_basename_result" libobjs_save="$libobjs" if test -n "$shlibpath_var"; then # get the directories listed in $shlibpath_var eval shlib_search_path=\`\$ECHO \"\${$shlibpath_var}\" \| \$SED \'s/:/ /g\'\` else shlib_search_path= fi eval sys_lib_search_path=\"$sys_lib_search_path_spec\" eval sys_lib_dlsearch_path=\"$sys_lib_dlsearch_path_spec\" func_dirname "$output" "/" "" output_objdir="$func_dirname_result$objdir" func_to_tool_file "$output_objdir/" tool_output_objdir=$func_to_tool_file_result # Create the object directory. func_mkdir_p "$output_objdir" # Determine the type of output case $output in "") func_fatal_help "you must specify an output file" ;; *.$libext) linkmode=oldlib ;; *.lo | *.$objext) linkmode=obj ;; *.la) linkmode=lib ;; *) linkmode=prog ;; # Anything else should be a program. esac specialdeplibs= libs= # Find all interdependent deplibs by searching for libraries # that are linked more than once (e.g. -la -lb -la) for deplib in $deplibs; do if $opt_preserve_dup_deps ; then case "$libs " in *" $deplib "*) func_append specialdeplibs " $deplib" ;; esac fi func_append libs " $deplib" done if test "$linkmode" = lib; then libs="$predeps $libs $compiler_lib_search_path $postdeps" # Compute libraries that are listed more than once in $predeps # $postdeps and mark them as special (i.e., whose duplicates are # not to be eliminated). pre_post_deps= if $opt_duplicate_compiler_generated_deps; then for pre_post_dep in $predeps $postdeps; do case "$pre_post_deps " in *" $pre_post_dep "*) func_append specialdeplibs " $pre_post_deps" ;; esac func_append pre_post_deps " $pre_post_dep" done fi pre_post_deps= fi deplibs= newdependency_libs= newlib_search_path= need_relink=no # whether we're linking any uninstalled libtool libraries notinst_deplibs= # not-installed libtool libraries notinst_path= # paths that contain not-installed libtool libraries case $linkmode in lib) passes="conv dlpreopen link" for file in $dlfiles $dlprefiles; do case $file in *.la) ;; *) func_fatal_help "libraries can \`-dlopen' only libtool libraries: $file" ;; esac done ;; prog) compile_deplibs= finalize_deplibs= alldeplibs=no newdlfiles= newdlprefiles= passes="conv scan dlopen dlpreopen link" ;; *) passes="conv" ;; esac for pass in $passes; do # The preopen pass in lib mode reverses $deplibs; put it back here # so that -L comes before libs that need it for instance... if test "$linkmode,$pass" = "lib,link"; then ## FIXME: Find the place where the list is rebuilt in the wrong ## order, and fix it there properly tmp_deplibs= for deplib in $deplibs; do tmp_deplibs="$deplib $tmp_deplibs" done deplibs="$tmp_deplibs" fi if test "$linkmode,$pass" = "lib,link" || test "$linkmode,$pass" = "prog,scan"; then libs="$deplibs" deplibs= fi if test "$linkmode" = prog; then case $pass in dlopen) libs="$dlfiles" ;; dlpreopen) libs="$dlprefiles" ;; link) libs="$deplibs %DEPLIBS% $dependency_libs" ;; esac fi if test "$linkmode,$pass" = "lib,dlpreopen"; then # Collect and forward deplibs of preopened libtool libs for lib in $dlprefiles; do # Ignore non-libtool-libs dependency_libs= func_resolve_sysroot "$lib" case $lib in *.la) func_source "$func_resolve_sysroot_result" ;; esac # Collect preopened libtool deplibs, except any this library # has declared as weak libs for deplib in $dependency_libs; do func_basename "$deplib" deplib_base=$func_basename_result case " $weak_libs " in *" $deplib_base "*) ;; *) func_append deplibs " $deplib" ;; esac done done libs="$dlprefiles" fi if test "$pass" = dlopen; then # Collect dlpreopened libraries save_deplibs="$deplibs" deplibs= fi for deplib in $libs; do lib= found=no case $deplib in -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe \ |-threads|-fopenmp|-openmp|-mp|-xopenmp|-omp|-qsmp=*) if test "$linkmode,$pass" = "prog,link"; then compile_deplibs="$deplib $compile_deplibs" finalize_deplibs="$deplib $finalize_deplibs" else func_append compiler_flags " $deplib" if test "$linkmode" = lib ; then case "$new_inherited_linker_flags " in *" $deplib "*) ;; * ) func_append new_inherited_linker_flags " $deplib" ;; esac fi fi continue ;; -l*) if test "$linkmode" != lib && test "$linkmode" != prog; then func_warning "\`-l' is ignored for archives/objects" continue fi func_stripname '-l' '' "$deplib" name=$func_stripname_result if test "$linkmode" = lib; then searchdirs="$newlib_search_path $lib_search_path $compiler_lib_search_dirs $sys_lib_search_path $shlib_search_path" else searchdirs="$newlib_search_path $lib_search_path $sys_lib_search_path $shlib_search_path" fi for searchdir in $searchdirs; do for search_ext in .la $std_shrext .so .a; do # Search the libtool library lib="$searchdir/lib${name}${search_ext}" if test -f "$lib"; then if test "$search_ext" = ".la"; then found=yes else found=no fi break 2 fi done done if test "$found" != yes; then # deplib doesn't seem to be a libtool library if test "$linkmode,$pass" = "prog,link"; then compile_deplibs="$deplib $compile_deplibs" finalize_deplibs="$deplib $finalize_deplibs" else deplibs="$deplib $deplibs" test "$linkmode" = lib && newdependency_libs="$deplib $newdependency_libs" fi continue else # deplib is a libtool library # If $allow_libtool_libs_with_static_runtimes && $deplib is a stdlib, # We need to do some special things here, and not later. if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then case " $predeps $postdeps " in *" $deplib "*) if func_lalib_p "$lib"; then library_names= old_library= func_source "$lib" for l in $old_library $library_names; do ll="$l" done if test "X$ll" = "X$old_library" ; then # only static version available found=no func_dirname "$lib" "" "." ladir="$func_dirname_result" lib=$ladir/$old_library if test "$linkmode,$pass" = "prog,link"; then compile_deplibs="$deplib $compile_deplibs" finalize_deplibs="$deplib $finalize_deplibs" else deplibs="$deplib $deplibs" test "$linkmode" = lib && newdependency_libs="$deplib $newdependency_libs" fi continue fi fi ;; *) ;; esac fi fi ;; # -l *.ltframework) if test "$linkmode,$pass" = "prog,link"; then compile_deplibs="$deplib $compile_deplibs" finalize_deplibs="$deplib $finalize_deplibs" else deplibs="$deplib $deplibs" if test "$linkmode" = lib ; then case "$new_inherited_linker_flags " in *" $deplib "*) ;; * ) func_append new_inherited_linker_flags " $deplib" ;; esac fi fi continue ;; -L*) case $linkmode in lib) deplibs="$deplib $deplibs" test "$pass" = conv && continue newdependency_libs="$deplib $newdependency_libs" func_stripname '-L' '' "$deplib" func_resolve_sysroot "$func_stripname_result" func_append newlib_search_path " $func_resolve_sysroot_result" ;; prog) if test "$pass" = conv; then deplibs="$deplib $deplibs" continue fi if test "$pass" = scan; then deplibs="$deplib $deplibs" else compile_deplibs="$deplib $compile_deplibs" finalize_deplibs="$deplib $finalize_deplibs" fi func_stripname '-L' '' "$deplib" func_resolve_sysroot "$func_stripname_result" func_append newlib_search_path " $func_resolve_sysroot_result" ;; *) func_warning "\`-L' is ignored for archives/objects" ;; esac # linkmode continue ;; # -L -R*) if test "$pass" = link; then func_stripname '-R' '' "$deplib" func_resolve_sysroot "$func_stripname_result" dir=$func_resolve_sysroot_result # Make sure the xrpath contains only unique directories. case "$xrpath " in *" $dir "*) ;; *) func_append xrpath " $dir" ;; esac fi deplibs="$deplib $deplibs" continue ;; *.la) func_resolve_sysroot "$deplib" lib=$func_resolve_sysroot_result ;; *.$libext) if test "$pass" = conv; then deplibs="$deplib $deplibs" continue fi case $linkmode in lib) # Linking convenience modules into shared libraries is allowed, # but linking other static libraries is non-portable. case " $dlpreconveniencelibs " in *" $deplib "*) ;; *) valid_a_lib=no case $deplibs_check_method in match_pattern*) set dummy $deplibs_check_method; shift match_pattern_regex=`expr "$deplibs_check_method" : "$1 \(.*\)"` if eval "\$ECHO \"$deplib\"" 2>/dev/null | $SED 10q \ | $EGREP "$match_pattern_regex" > /dev/null; then valid_a_lib=yes fi ;; pass_all) valid_a_lib=yes ;; esac if test "$valid_a_lib" != yes; then echo $ECHO "*** Warning: Trying to link with static lib archive $deplib." echo "*** I have the capability to make that library automatically link in when" echo "*** you link to this library. But I can only do this if you have a" echo "*** shared version of the library, which you do not appear to have" echo "*** because the file extensions .$libext of this argument makes me believe" echo "*** that it is just a static archive that I should not use here." else echo $ECHO "*** Warning: Linking the shared library $output against the" $ECHO "*** static library $deplib is not portable!" deplibs="$deplib $deplibs" fi ;; esac continue ;; prog) if test "$pass" != link; then deplibs="$deplib $deplibs" else compile_deplibs="$deplib $compile_deplibs" finalize_deplibs="$deplib $finalize_deplibs" fi continue ;; esac # linkmode ;; # *.$libext *.lo | *.$objext) if test "$pass" = conv; then deplibs="$deplib $deplibs" elif test "$linkmode" = prog; then if test "$pass" = dlpreopen || test "$dlopen_support" != yes || test "$build_libtool_libs" = no; then # If there is no dlopen support or we're linking statically, # we need to preload. func_append newdlprefiles " $deplib" compile_deplibs="$deplib $compile_deplibs" finalize_deplibs="$deplib $finalize_deplibs" else func_append newdlfiles " $deplib" fi fi continue ;; %DEPLIBS%) alldeplibs=yes continue ;; esac # case $deplib if test "$found" = yes || test -f "$lib"; then : else func_fatal_error "cannot find the library \`$lib' or unhandled argument \`$deplib'" fi # Check to see that this really is a libtool archive. func_lalib_unsafe_p "$lib" \ || func_fatal_error "\`$lib' is not a valid libtool archive" func_dirname "$lib" "" "." ladir="$func_dirname_result" dlname= dlopen= dlpreopen= libdir= library_names= old_library= inherited_linker_flags= # If the library was installed with an old release of libtool, # it will not redefine variables installed, or shouldnotlink installed=yes shouldnotlink=no avoidtemprpath= # Read the .la file func_source "$lib" # Convert "-framework foo" to "foo.ltframework" if test -n "$inherited_linker_flags"; then tmp_inherited_linker_flags=`$ECHO "$inherited_linker_flags" | $SED 's/-framework \([^ $]*\)/\1.ltframework/g'` for tmp_inherited_linker_flag in $tmp_inherited_linker_flags; do case " $new_inherited_linker_flags " in *" $tmp_inherited_linker_flag "*) ;; *) func_append new_inherited_linker_flags " $tmp_inherited_linker_flag";; esac done fi dependency_libs=`$ECHO " $dependency_libs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` if test "$linkmode,$pass" = "lib,link" || test "$linkmode,$pass" = "prog,scan" || { test "$linkmode" != prog && test "$linkmode" != lib; }; then test -n "$dlopen" && func_append dlfiles " $dlopen" test -n "$dlpreopen" && func_append dlprefiles " $dlpreopen" fi if test "$pass" = conv; then # Only check for convenience libraries deplibs="$lib $deplibs" if test -z "$libdir"; then if test -z "$old_library"; then func_fatal_error "cannot find name of link library for \`$lib'" fi # It is a libtool convenience library, so add in its objects. func_append convenience " $ladir/$objdir/$old_library" func_append old_convenience " $ladir/$objdir/$old_library" elif test "$linkmode" != prog && test "$linkmode" != lib; then func_fatal_error "\`$lib' is not a convenience library" fi tmp_libs= for deplib in $dependency_libs; do deplibs="$deplib $deplibs" if $opt_preserve_dup_deps ; then case "$tmp_libs " in *" $deplib "*) func_append specialdeplibs " $deplib" ;; esac fi func_append tmp_libs " $deplib" done continue fi # $pass = conv # Get the name of the library we link against. linklib= if test -n "$old_library" && { test "$prefer_static_libs" = yes || test "$prefer_static_libs,$installed" = "built,no"; }; then linklib=$old_library else for l in $old_library $library_names; do linklib="$l" done fi if test -z "$linklib"; then func_fatal_error "cannot find name of link library for \`$lib'" fi # This library was specified with -dlopen. if test "$pass" = dlopen; then if test -z "$libdir"; then func_fatal_error "cannot -dlopen a convenience library: \`$lib'" fi if test -z "$dlname" || test "$dlopen_support" != yes || test "$build_libtool_libs" = no; then # If there is no dlname, no dlopen support or we're linking # statically, we need to preload. We also need to preload any # dependent libraries so libltdl's deplib preloader doesn't # bomb out in the load deplibs phase. func_append dlprefiles " $lib $dependency_libs" else func_append newdlfiles " $lib" fi continue fi # $pass = dlopen # We need an absolute path. case $ladir in [\\/]* | [A-Za-z]:[\\/]*) abs_ladir="$ladir" ;; *) abs_ladir=`cd "$ladir" && pwd` if test -z "$abs_ladir"; then func_warning "cannot determine absolute directory name of \`$ladir'" func_warning "passing it literally to the linker, although it might fail" abs_ladir="$ladir" fi ;; esac func_basename "$lib" laname="$func_basename_result" # Find the relevant object directory and library name. if test "X$installed" = Xyes; then if test ! -f "$lt_sysroot$libdir/$linklib" && test -f "$abs_ladir/$linklib"; then func_warning "library \`$lib' was moved." dir="$ladir" absdir="$abs_ladir" libdir="$abs_ladir" else dir="$lt_sysroot$libdir" absdir="$lt_sysroot$libdir" fi test "X$hardcode_automatic" = Xyes && avoidtemprpath=yes else if test ! -f "$ladir/$objdir/$linklib" && test -f "$abs_ladir/$linklib"; then dir="$ladir" absdir="$abs_ladir" # Remove this search path later func_append notinst_path " $abs_ladir" else dir="$ladir/$objdir" absdir="$abs_ladir/$objdir" # Remove this search path later func_append notinst_path " $abs_ladir" fi fi # $installed = yes func_stripname 'lib' '.la' "$laname" name=$func_stripname_result # This library was specified with -dlpreopen. if test "$pass" = dlpreopen; then if test -z "$libdir" && test "$linkmode" = prog; then func_fatal_error "only libraries may -dlpreopen a convenience library: \`$lib'" fi case "$host" in # special handling for platforms with PE-DLLs. *cygwin* | *mingw* | *cegcc* ) # Linker will automatically link against shared library if both # static and shared are present. Therefore, ensure we extract # symbols from the import library if a shared library is present # (otherwise, the dlopen module name will be incorrect). We do # this by putting the import library name into $newdlprefiles. # We recover the dlopen module name by 'saving' the la file # name in a special purpose variable, and (later) extracting the # dlname from the la file. if test -n "$dlname"; then func_tr_sh "$dir/$linklib" eval "libfile_$func_tr_sh_result=\$abs_ladir/\$laname" func_append newdlprefiles " $dir/$linklib" else func_append newdlprefiles " $dir/$old_library" # Keep a list of preopened convenience libraries to check # that they are being used correctly in the link pass. test -z "$libdir" && \ func_append dlpreconveniencelibs " $dir/$old_library" fi ;; * ) # Prefer using a static library (so that no silly _DYNAMIC symbols # are required to link). if test -n "$old_library"; then func_append newdlprefiles " $dir/$old_library" # Keep a list of preopened convenience libraries to check # that they are being used correctly in the link pass. test -z "$libdir" && \ func_append dlpreconveniencelibs " $dir/$old_library" # Otherwise, use the dlname, so that lt_dlopen finds it. elif test -n "$dlname"; then func_append newdlprefiles " $dir/$dlname" else func_append newdlprefiles " $dir/$linklib" fi ;; esac fi # $pass = dlpreopen if test -z "$libdir"; then # Link the convenience library if test "$linkmode" = lib; then deplibs="$dir/$old_library $deplibs" elif test "$linkmode,$pass" = "prog,link"; then compile_deplibs="$dir/$old_library $compile_deplibs" finalize_deplibs="$dir/$old_library $finalize_deplibs" else deplibs="$lib $deplibs" # used for prog,scan pass fi continue fi if test "$linkmode" = prog && test "$pass" != link; then func_append newlib_search_path " $ladir" deplibs="$lib $deplibs" linkalldeplibs=no if test "$link_all_deplibs" != no || test -z "$library_names" || test "$build_libtool_libs" = no; then linkalldeplibs=yes fi tmp_libs= for deplib in $dependency_libs; do case $deplib in -L*) func_stripname '-L' '' "$deplib" func_resolve_sysroot "$func_stripname_result" func_append newlib_search_path " $func_resolve_sysroot_result" ;; esac # Need to link against all dependency_libs? if test "$linkalldeplibs" = yes; then deplibs="$deplib $deplibs" else # Need to hardcode shared library paths # or/and link against static libraries newdependency_libs="$deplib $newdependency_libs" fi if $opt_preserve_dup_deps ; then case "$tmp_libs " in *" $deplib "*) func_append specialdeplibs " $deplib" ;; esac fi func_append tmp_libs " $deplib" done # for deplib continue fi # $linkmode = prog... if test "$linkmode,$pass" = "prog,link"; then if test -n "$library_names" && { { test "$prefer_static_libs" = no || test "$prefer_static_libs,$installed" = "built,yes"; } || test -z "$old_library"; }; then # We need to hardcode the library path if test -n "$shlibpath_var" && test -z "$avoidtemprpath" ; then # Make sure the rpath contains only unique directories. case "$temp_rpath:" in *"$absdir:"*) ;; *) func_append temp_rpath "$absdir:" ;; esac fi # Hardcode the library path. # Skip directories that are in the system default run-time # search path. case " $sys_lib_dlsearch_path " in *" $absdir "*) ;; *) case "$compile_rpath " in *" $absdir "*) ;; *) func_append compile_rpath " $absdir" ;; esac ;; esac case " $sys_lib_dlsearch_path " in *" $libdir "*) ;; *) case "$finalize_rpath " in *" $libdir "*) ;; *) func_append finalize_rpath " $libdir" ;; esac ;; esac fi # $linkmode,$pass = prog,link... if test "$alldeplibs" = yes && { test "$deplibs_check_method" = pass_all || { test "$build_libtool_libs" = yes && test -n "$library_names"; }; }; then # We only need to search for static libraries continue fi fi link_static=no # Whether the deplib will be linked statically use_static_libs=$prefer_static_libs if test "$use_static_libs" = built && test "$installed" = yes; then use_static_libs=no fi if test -n "$library_names" && { test "$use_static_libs" = no || test -z "$old_library"; }; then case $host in *cygwin* | *mingw* | *cegcc*) # No point in relinking DLLs because paths are not encoded func_append notinst_deplibs " $lib" need_relink=no ;; *) if test "$installed" = no; then func_append notinst_deplibs " $lib" need_relink=yes fi ;; esac # This is a shared library # Warn about portability, can't link against -module's on some # systems (darwin). Don't bleat about dlopened modules though! dlopenmodule="" for dlpremoduletest in $dlprefiles; do if test "X$dlpremoduletest" = "X$lib"; then dlopenmodule="$dlpremoduletest" break fi done if test -z "$dlopenmodule" && test "$shouldnotlink" = yes && test "$pass" = link; then echo if test "$linkmode" = prog; then $ECHO "*** Warning: Linking the executable $output against the loadable module" else $ECHO "*** Warning: Linking the shared library $output against the loadable module" fi $ECHO "*** $linklib is not portable!" fi if test "$linkmode" = lib && test "$hardcode_into_libs" = yes; then # Hardcode the library path. # Skip directories that are in the system default run-time # search path. case " $sys_lib_dlsearch_path " in *" $absdir "*) ;; *) case "$compile_rpath " in *" $absdir "*) ;; *) func_append compile_rpath " $absdir" ;; esac ;; esac case " $sys_lib_dlsearch_path " in *" $libdir "*) ;; *) case "$finalize_rpath " in *" $libdir "*) ;; *) func_append finalize_rpath " $libdir" ;; esac ;; esac fi if test -n "$old_archive_from_expsyms_cmds"; then # figure out the soname set dummy $library_names shift realname="$1" shift libname=`eval "\\$ECHO \"$libname_spec\""` # use dlname if we got it. it's perfectly good, no? if test -n "$dlname"; then soname="$dlname" elif test -n "$soname_spec"; then # bleh windows case $host in *cygwin* | mingw* | *cegcc*) func_arith $current - $age major=$func_arith_result versuffix="-$major" ;; esac eval soname=\"$soname_spec\" else soname="$realname" fi # Make a new name for the extract_expsyms_cmds to use soroot="$soname" func_basename "$soroot" soname="$func_basename_result" func_stripname 'lib' '.dll' "$soname" newlib=libimp-$func_stripname_result.a # If the library has no export list, then create one now if test -f "$output_objdir/$soname-def"; then : else func_verbose "extracting exported symbol list from \`$soname'" func_execute_cmds "$extract_expsyms_cmds" 'exit $?' fi # Create $newlib if test -f "$output_objdir/$newlib"; then :; else func_verbose "generating import library for \`$soname'" func_execute_cmds "$old_archive_from_expsyms_cmds" 'exit $?' fi # make sure the library variables are pointing to the new library dir=$output_objdir linklib=$newlib fi # test -n "$old_archive_from_expsyms_cmds" if test "$linkmode" = prog || test "$opt_mode" != relink; then add_shlibpath= add_dir= add= lib_linked=yes case $hardcode_action in immediate | unsupported) if test "$hardcode_direct" = no; then add="$dir/$linklib" case $host in *-*-sco3.2v5.0.[024]*) add_dir="-L$dir" ;; *-*-sysv4*uw2*) add_dir="-L$dir" ;; *-*-sysv5OpenUNIX* | *-*-sysv5UnixWare7.[01].[10]* | \ *-*-unixware7*) add_dir="-L$dir" ;; *-*-darwin* ) # if the lib is a (non-dlopened) module then we can not # link against it, someone is ignoring the earlier warnings if /usr/bin/file -L $add 2> /dev/null | $GREP ": [^:]* bundle" >/dev/null ; then if test "X$dlopenmodule" != "X$lib"; then $ECHO "*** Warning: lib $linklib is a module, not a shared library" if test -z "$old_library" ; then echo echo "*** And there doesn't seem to be a static archive available" echo "*** The link will probably fail, sorry" else add="$dir/$old_library" fi elif test -n "$old_library"; then add="$dir/$old_library" fi fi esac elif test "$hardcode_minus_L" = no; then case $host in *-*-sunos*) add_shlibpath="$dir" ;; esac add_dir="-L$dir" add="-l$name" elif test "$hardcode_shlibpath_var" = no; then add_shlibpath="$dir" add="-l$name" else lib_linked=no fi ;; relink) if test "$hardcode_direct" = yes && test "$hardcode_direct_absolute" = no; then add="$dir/$linklib" elif test "$hardcode_minus_L" = yes; then add_dir="-L$absdir" # Try looking first in the location we're being installed to. if test -n "$inst_prefix_dir"; then case $libdir in [\\/]*) func_append add_dir " -L$inst_prefix_dir$libdir" ;; esac fi add="-l$name" elif test "$hardcode_shlibpath_var" = yes; then add_shlibpath="$dir" add="-l$name" else lib_linked=no fi ;; *) lib_linked=no ;; esac if test "$lib_linked" != yes; then func_fatal_configuration "unsupported hardcode properties" fi if test -n "$add_shlibpath"; then case :$compile_shlibpath: in *":$add_shlibpath:"*) ;; *) func_append compile_shlibpath "$add_shlibpath:" ;; esac fi if test "$linkmode" = prog; then test -n "$add_dir" && compile_deplibs="$add_dir $compile_deplibs" test -n "$add" && compile_deplibs="$add $compile_deplibs" else test -n "$add_dir" && deplibs="$add_dir $deplibs" test -n "$add" && deplibs="$add $deplibs" if test "$hardcode_direct" != yes && test "$hardcode_minus_L" != yes && test "$hardcode_shlibpath_var" = yes; then case :$finalize_shlibpath: in *":$libdir:"*) ;; *) func_append finalize_shlibpath "$libdir:" ;; esac fi fi fi if test "$linkmode" = prog || test "$opt_mode" = relink; then add_shlibpath= add_dir= add= # Finalize command for both is simple: just hardcode it. if test "$hardcode_direct" = yes && test "$hardcode_direct_absolute" = no; then add="$libdir/$linklib" elif test "$hardcode_minus_L" = yes; then add_dir="-L$libdir" add="-l$name" elif test "$hardcode_shlibpath_var" = yes; then case :$finalize_shlibpath: in *":$libdir:"*) ;; *) func_append finalize_shlibpath "$libdir:" ;; esac add="-l$name" elif test "$hardcode_automatic" = yes; then if test -n "$inst_prefix_dir" && test -f "$inst_prefix_dir$libdir/$linklib" ; then add="$inst_prefix_dir$libdir/$linklib" else add="$libdir/$linklib" fi else # We cannot seem to hardcode it, guess we'll fake it. add_dir="-L$libdir" # Try looking first in the location we're being installed to. if test -n "$inst_prefix_dir"; then case $libdir in [\\/]*) func_append add_dir " -L$inst_prefix_dir$libdir" ;; esac fi add="-l$name" fi if test "$linkmode" = prog; then test -n "$add_dir" && finalize_deplibs="$add_dir $finalize_deplibs" test -n "$add" && finalize_deplibs="$add $finalize_deplibs" else test -n "$add_dir" && deplibs="$add_dir $deplibs" test -n "$add" && deplibs="$add $deplibs" fi fi elif test "$linkmode" = prog; then # Here we assume that one of hardcode_direct or hardcode_minus_L # is not unsupported. This is valid on all known static and # shared platforms. if test "$hardcode_direct" != unsupported; then test -n "$old_library" && linklib="$old_library" compile_deplibs="$dir/$linklib $compile_deplibs" finalize_deplibs="$dir/$linklib $finalize_deplibs" else compile_deplibs="-l$name -L$dir $compile_deplibs" finalize_deplibs="-l$name -L$dir $finalize_deplibs" fi elif test "$build_libtool_libs" = yes; then # Not a shared library if test "$deplibs_check_method" != pass_all; then # We're trying link a shared library against a static one # but the system doesn't support it. # Just print a warning and add the library to dependency_libs so # that the program can be linked against the static library. echo $ECHO "*** Warning: This system can not link to static lib archive $lib." echo "*** I have the capability to make that library automatically link in when" echo "*** you link to this library. But I can only do this if you have a" echo "*** shared version of the library, which you do not appear to have." if test "$module" = yes; then echo "*** But as you try to build a module library, libtool will still create " echo "*** a static module, that should work as long as the dlopening application" echo "*** is linked with the -dlopen flag to resolve symbols at runtime." if test -z "$global_symbol_pipe"; then echo echo "*** However, this would only work if libtool was able to extract symbol" echo "*** lists from a program, using \`nm' or equivalent, but libtool could" echo "*** not find such a program. So, this module is probably useless." echo "*** \`nm' from GNU binutils and a full rebuild may help." fi if test "$build_old_libs" = no; then build_libtool_libs=module build_old_libs=yes else build_libtool_libs=no fi fi else deplibs="$dir/$old_library $deplibs" link_static=yes fi fi # link shared/static library? if test "$linkmode" = lib; then if test -n "$dependency_libs" && { test "$hardcode_into_libs" != yes || test "$build_old_libs" = yes || test "$link_static" = yes; }; then # Extract -R from dependency_libs temp_deplibs= for libdir in $dependency_libs; do case $libdir in -R*) func_stripname '-R' '' "$libdir" temp_xrpath=$func_stripname_result case " $xrpath " in *" $temp_xrpath "*) ;; *) func_append xrpath " $temp_xrpath";; esac;; *) func_append temp_deplibs " $libdir";; esac done dependency_libs="$temp_deplibs" fi func_append newlib_search_path " $absdir" # Link against this library test "$link_static" = no && newdependency_libs="$abs_ladir/$laname $newdependency_libs" # ... and its dependency_libs tmp_libs= for deplib in $dependency_libs; do newdependency_libs="$deplib $newdependency_libs" case $deplib in -L*) func_stripname '-L' '' "$deplib" func_resolve_sysroot "$func_stripname_result";; *) func_resolve_sysroot "$deplib" ;; esac if $opt_preserve_dup_deps ; then case "$tmp_libs " in *" $func_resolve_sysroot_result "*) func_append specialdeplibs " $func_resolve_sysroot_result" ;; esac fi func_append tmp_libs " $func_resolve_sysroot_result" done if test "$link_all_deplibs" != no; then # Add the search paths of all dependency libraries for deplib in $dependency_libs; do path= case $deplib in -L*) path="$deplib" ;; *.la) func_resolve_sysroot "$deplib" deplib=$func_resolve_sysroot_result func_dirname "$deplib" "" "." dir=$func_dirname_result # We need an absolute path. case $dir in [\\/]* | [A-Za-z]:[\\/]*) absdir="$dir" ;; *) absdir=`cd "$dir" && pwd` if test -z "$absdir"; then func_warning "cannot determine absolute directory name of \`$dir'" absdir="$dir" fi ;; esac if $GREP "^installed=no" $deplib > /dev/null; then case $host in *-*-darwin*) depdepl= eval deplibrary_names=`${SED} -n -e 's/^library_names=\(.*\)$/\1/p' $deplib` if test -n "$deplibrary_names" ; then for tmp in $deplibrary_names ; do depdepl=$tmp done if test -f "$absdir/$objdir/$depdepl" ; then depdepl="$absdir/$objdir/$depdepl" darwin_install_name=`${OTOOL} -L $depdepl | awk '{if (NR == 2) {print $1;exit}}'` if test -z "$darwin_install_name"; then darwin_install_name=`${OTOOL64} -L $depdepl | awk '{if (NR == 2) {print $1;exit}}'` fi func_append compiler_flags " ${wl}-dylib_file ${wl}${darwin_install_name}:${depdepl}" func_append linker_flags " -dylib_file ${darwin_install_name}:${depdepl}" path= fi fi ;; *) path="-L$absdir/$objdir" ;; esac else eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $deplib` test -z "$libdir" && \ func_fatal_error "\`$deplib' is not a valid libtool archive" test "$absdir" != "$libdir" && \ func_warning "\`$deplib' seems to be moved" path="-L$absdir" fi ;; esac case " $deplibs " in *" $path "*) ;; *) deplibs="$path $deplibs" ;; esac done fi # link_all_deplibs != no fi # linkmode = lib done # for deplib in $libs if test "$pass" = link; then if test "$linkmode" = "prog"; then compile_deplibs="$new_inherited_linker_flags $compile_deplibs" finalize_deplibs="$new_inherited_linker_flags $finalize_deplibs" else compiler_flags="$compiler_flags "`$ECHO " $new_inherited_linker_flags" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` fi fi dependency_libs="$newdependency_libs" if test "$pass" = dlpreopen; then # Link the dlpreopened libraries before other libraries for deplib in $save_deplibs; do deplibs="$deplib $deplibs" done fi if test "$pass" != dlopen; then if test "$pass" != conv; then # Make sure lib_search_path contains only unique directories. lib_search_path= for dir in $newlib_search_path; do case "$lib_search_path " in *" $dir "*) ;; *) func_append lib_search_path " $dir" ;; esac done newlib_search_path= fi if test "$linkmode,$pass" != "prog,link"; then vars="deplibs" else vars="compile_deplibs finalize_deplibs" fi for var in $vars dependency_libs; do # Add libraries to $var in reverse order eval tmp_libs=\"\$$var\" new_libs= for deplib in $tmp_libs; do # FIXME: Pedantically, this is the right thing to do, so # that some nasty dependency loop isn't accidentally # broken: #new_libs="$deplib $new_libs" # Pragmatically, this seems to cause very few problems in # practice: case $deplib in -L*) new_libs="$deplib $new_libs" ;; -R*) ;; *) # And here is the reason: when a library appears more # than once as an explicit dependence of a library, or # is implicitly linked in more than once by the # compiler, it is considered special, and multiple # occurrences thereof are not removed. Compare this # with having the same library being listed as a # dependency of multiple other libraries: in this case, # we know (pedantically, we assume) the library does not # need to be listed more than once, so we keep only the # last copy. This is not always right, but it is rare # enough that we require users that really mean to play # such unportable linking tricks to link the library # using -Wl,-lname, so that libtool does not consider it # for duplicate removal. case " $specialdeplibs " in *" $deplib "*) new_libs="$deplib $new_libs" ;; *) case " $new_libs " in *" $deplib "*) ;; *) new_libs="$deplib $new_libs" ;; esac ;; esac ;; esac done tmp_libs= for deplib in $new_libs; do case $deplib in -L*) case " $tmp_libs " in *" $deplib "*) ;; *) func_append tmp_libs " $deplib" ;; esac ;; *) func_append tmp_libs " $deplib" ;; esac done eval $var=\"$tmp_libs\" done # for var fi # Last step: remove runtime libs from dependency_libs # (they stay in deplibs) tmp_libs= for i in $dependency_libs ; do case " $predeps $postdeps $compiler_lib_search_path " in *" $i "*) i="" ;; esac if test -n "$i" ; then func_append tmp_libs " $i" fi done dependency_libs=$tmp_libs done # for pass if test "$linkmode" = prog; then dlfiles="$newdlfiles" fi if test "$linkmode" = prog || test "$linkmode" = lib; then dlprefiles="$newdlprefiles" fi case $linkmode in oldlib) if test -n "$dlfiles$dlprefiles" || test "$dlself" != no; then func_warning "\`-dlopen' is ignored for archives" fi case " $deplibs" in *\ -l* | *\ -L*) func_warning "\`-l' and \`-L' are ignored for archives" ;; esac test -n "$rpath" && \ func_warning "\`-rpath' is ignored for archives" test -n "$xrpath" && \ func_warning "\`-R' is ignored for archives" test -n "$vinfo" && \ func_warning "\`-version-info/-version-number' is ignored for archives" test -n "$release" && \ func_warning "\`-release' is ignored for archives" test -n "$export_symbols$export_symbols_regex" && \ func_warning "\`-export-symbols' is ignored for archives" # Now set the variables for building old libraries. build_libtool_libs=no oldlibs="$output" func_append objs "$old_deplibs" ;; lib) # Make sure we only generate libraries of the form `libNAME.la'. case $outputname in lib*) func_stripname 'lib' '.la' "$outputname" name=$func_stripname_result eval shared_ext=\"$shrext_cmds\" eval libname=\"$libname_spec\" ;; *) test "$module" = no && \ func_fatal_help "libtool library \`$output' must begin with \`lib'" if test "$need_lib_prefix" != no; then # Add the "lib" prefix for modules if required func_stripname '' '.la' "$outputname" name=$func_stripname_result eval shared_ext=\"$shrext_cmds\" eval libname=\"$libname_spec\" else func_stripname '' '.la' "$outputname" libname=$func_stripname_result fi ;; esac if test -n "$objs"; then if test "$deplibs_check_method" != pass_all; then func_fatal_error "cannot build libtool library \`$output' from non-libtool objects on this host:$objs" else echo $ECHO "*** Warning: Linking the shared library $output against the non-libtool" $ECHO "*** objects $objs is not portable!" func_append libobjs " $objs" fi fi test "$dlself" != no && \ func_warning "\`-dlopen self' is ignored for libtool libraries" set dummy $rpath shift test "$#" -gt 1 && \ func_warning "ignoring multiple \`-rpath's for a libtool library" install_libdir="$1" oldlibs= if test -z "$rpath"; then if test "$build_libtool_libs" = yes; then # Building a libtool convenience library. # Some compilers have problems with a `.al' extension so # convenience libraries should have the same extension an # archive normally would. oldlibs="$output_objdir/$libname.$libext $oldlibs" build_libtool_libs=convenience build_old_libs=yes fi test -n "$vinfo" && \ func_warning "\`-version-info/-version-number' is ignored for convenience libraries" test -n "$release" && \ func_warning "\`-release' is ignored for convenience libraries" else # Parse the version information argument. save_ifs="$IFS"; IFS=':' set dummy $vinfo 0 0 0 shift IFS="$save_ifs" test -n "$7" && \ func_fatal_help "too many parameters to \`-version-info'" # convert absolute version numbers to libtool ages # this retains compatibility with .la files and attempts # to make the code below a bit more comprehensible case $vinfo_number in yes) number_major="$1" number_minor="$2" number_revision="$3" # # There are really only two kinds -- those that # use the current revision as the major version # and those that subtract age and use age as # a minor version. But, then there is irix # which has an extra 1 added just for fun # case $version_type in # correct linux to gnu/linux during the next big refactor darwin|linux|osf|windows|none) func_arith $number_major + $number_minor current=$func_arith_result age="$number_minor" revision="$number_revision" ;; freebsd-aout|freebsd-elf|qnx|sunos) current="$number_major" revision="$number_minor" age="0" ;; irix|nonstopux) func_arith $number_major + $number_minor current=$func_arith_result age="$number_minor" revision="$number_minor" lt_irix_increment=no ;; esac ;; no) current="$1" revision="$2" age="$3" ;; esac # Check that each of the things are valid numbers. case $current in 0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;; *) func_error "CURRENT \`$current' must be a nonnegative integer" func_fatal_error "\`$vinfo' is not valid version information" ;; esac case $revision in 0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;; *) func_error "REVISION \`$revision' must be a nonnegative integer" func_fatal_error "\`$vinfo' is not valid version information" ;; esac case $age in 0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;; *) func_error "AGE \`$age' must be a nonnegative integer" func_fatal_error "\`$vinfo' is not valid version information" ;; esac if test "$age" -gt "$current"; then func_error "AGE \`$age' is greater than the current interface number \`$current'" func_fatal_error "\`$vinfo' is not valid version information" fi # Calculate the version variables. major= versuffix= verstring= case $version_type in none) ;; darwin) # Like Linux, but with the current version available in # verstring for coding it into the library header func_arith $current - $age major=.$func_arith_result versuffix="$major.$age.$revision" # Darwin ld doesn't like 0 for these options... func_arith $current + 1 minor_current=$func_arith_result xlcverstring="${wl}-compatibility_version ${wl}$minor_current ${wl}-current_version ${wl}$minor_current.$revision" verstring="-compatibility_version $minor_current -current_version $minor_current.$revision" ;; freebsd-aout) major=".$current" versuffix=".$current.$revision"; ;; freebsd-elf) major=".$current" versuffix=".$current" ;; irix | nonstopux) if test "X$lt_irix_increment" = "Xno"; then func_arith $current - $age else func_arith $current - $age + 1 fi major=$func_arith_result case $version_type in nonstopux) verstring_prefix=nonstopux ;; *) verstring_prefix=sgi ;; esac verstring="$verstring_prefix$major.$revision" # Add in all the interfaces that we are compatible with. loop=$revision while test "$loop" -ne 0; do func_arith $revision - $loop iface=$func_arith_result func_arith $loop - 1 loop=$func_arith_result verstring="$verstring_prefix$major.$iface:$verstring" done # Before this point, $major must not contain `.'. major=.$major versuffix="$major.$revision" ;; linux) # correct to gnu/linux during the next big refactor func_arith $current - $age major=.$func_arith_result versuffix="$major.$age.$revision" ;; osf) func_arith $current - $age major=.$func_arith_result versuffix=".$current.$age.$revision" verstring="$current.$age.$revision" # Add in all the interfaces that we are compatible with. loop=$age while test "$loop" -ne 0; do func_arith $current - $loop iface=$func_arith_result func_arith $loop - 1 loop=$func_arith_result verstring="$verstring:${iface}.0" done # Make executables depend on our current version. func_append verstring ":${current}.0" ;; qnx) major=".$current" versuffix=".$current" ;; sunos) major=".$current" versuffix=".$current.$revision" ;; windows) # Use '-' rather than '.', since we only want one # extension on DOS 8.3 filesystems. func_arith $current - $age major=$func_arith_result versuffix="-$major" ;; *) func_fatal_configuration "unknown library version type \`$version_type'" ;; esac # Clear the version info if we defaulted, and they specified a release. if test -z "$vinfo" && test -n "$release"; then major= case $version_type in darwin) # we can't check for "0.0" in archive_cmds due to quoting # problems, so we reset it completely verstring= ;; *) verstring="0.0" ;; esac if test "$need_version" = no; then versuffix= else versuffix=".0.0" fi fi # Remove version info from name if versioning should be avoided if test "$avoid_version" = yes && test "$need_version" = no; then major= versuffix= verstring="" fi # Check to see if the archive will have undefined symbols. if test "$allow_undefined" = yes; then if test "$allow_undefined_flag" = unsupported; then func_warning "undefined symbols not allowed in $host shared libraries" build_libtool_libs=no build_old_libs=yes fi else # Don't allow undefined symbols. allow_undefined_flag="$no_undefined_flag" fi fi func_generate_dlsyms "$libname" "$libname" "yes" func_append libobjs " $symfileobj" test "X$libobjs" = "X " && libobjs= if test "$opt_mode" != relink; then # Remove our outputs, but don't remove object files since they # may have been created when compiling PIC objects. removelist= tempremovelist=`$ECHO "$output_objdir/*"` for p in $tempremovelist; do case $p in *.$objext | *.gcno) ;; $output_objdir/$outputname | $output_objdir/$libname.* | $output_objdir/${libname}${release}.*) if test "X$precious_files_regex" != "X"; then if $ECHO "$p" | $EGREP -e "$precious_files_regex" >/dev/null 2>&1 then continue fi fi func_append removelist " $p" ;; *) ;; esac done test -n "$removelist" && \ func_show_eval "${RM}r \$removelist" fi # Now set the variables for building old libraries. if test "$build_old_libs" = yes && test "$build_libtool_libs" != convenience ; then func_append oldlibs " $output_objdir/$libname.$libext" # Transform .lo files to .o files. oldobjs="$objs "`$ECHO "$libobjs" | $SP2NL | $SED "/\.${libext}$/d; $lo2o" | $NL2SP` fi # Eliminate all temporary directories. #for path in $notinst_path; do # lib_search_path=`$ECHO "$lib_search_path " | $SED "s% $path % %g"` # deplibs=`$ECHO "$deplibs " | $SED "s% -L$path % %g"` # dependency_libs=`$ECHO "$dependency_libs " | $SED "s% -L$path % %g"` #done if test -n "$xrpath"; then # If the user specified any rpath flags, then add them. temp_xrpath= for libdir in $xrpath; do func_replace_sysroot "$libdir" func_append temp_xrpath " -R$func_replace_sysroot_result" case "$finalize_rpath " in *" $libdir "*) ;; *) func_append finalize_rpath " $libdir" ;; esac done if test "$hardcode_into_libs" != yes || test "$build_old_libs" = yes; then dependency_libs="$temp_xrpath $dependency_libs" fi fi # Make sure dlfiles contains only unique files that won't be dlpreopened old_dlfiles="$dlfiles" dlfiles= for lib in $old_dlfiles; do case " $dlprefiles $dlfiles " in *" $lib "*) ;; *) func_append dlfiles " $lib" ;; esac done # Make sure dlprefiles contains only unique files old_dlprefiles="$dlprefiles" dlprefiles= for lib in $old_dlprefiles; do case "$dlprefiles " in *" $lib "*) ;; *) func_append dlprefiles " $lib" ;; esac done if test "$build_libtool_libs" = yes; then if test -n "$rpath"; then case $host in *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-*-beos* | *-cegcc* | *-*-haiku*) # these systems don't actually have a c library (as such)! ;; *-*-rhapsody* | *-*-darwin1.[012]) # Rhapsody C library is in the System framework func_append deplibs " System.ltframework" ;; *-*-netbsd*) # Don't link with libc until the a.out ld.so is fixed. ;; *-*-openbsd* | *-*-freebsd* | *-*-dragonfly*) # Do not include libc due to us having libc/libc_r. ;; *-*-sco3.2v5* | *-*-sco5v6*) # Causes problems with __ctype ;; *-*-sysv4.2uw2* | *-*-sysv5* | *-*-unixware* | *-*-OpenUNIX*) # Compiler inserts libc in the correct place for threads to work ;; *) # Add libc to deplibs on all other systems if necessary. if test "$build_libtool_need_lc" = "yes"; then func_append deplibs " -lc" fi ;; esac fi # Transform deplibs into only deplibs that can be linked in shared. name_save=$name libname_save=$libname release_save=$release versuffix_save=$versuffix major_save=$major # I'm not sure if I'm treating the release correctly. I think # release should show up in the -l (ie -lgmp5) so we don't want to # add it in twice. Is that correct? release="" versuffix="" major="" newdeplibs= droppeddeps=no case $deplibs_check_method in pass_all) # Don't check for shared/static. Everything works. # This might be a little naive. We might want to check # whether the library exists or not. But this is on # osf3 & osf4 and I'm not really sure... Just # implementing what was already the behavior. newdeplibs=$deplibs ;; test_compile) # This code stresses the "libraries are programs" paradigm to its # limits. Maybe even breaks it. We compile a program, linking it # against the deplibs as a proxy for the library. Then we can check # whether they linked in statically or dynamically with ldd. $opt_dry_run || $RM conftest.c cat > conftest.c </dev/null` $nocaseglob else potential_libs=`ls $i/$libnameglob[.-]* 2>/dev/null` fi for potent_lib in $potential_libs; do # Follow soft links. if ls -lLd "$potent_lib" 2>/dev/null | $GREP " -> " >/dev/null; then continue fi # The statement above tries to avoid entering an # endless loop below, in case of cyclic links. # We might still enter an endless loop, since a link # loop can be closed while we follow links, # but so what? potlib="$potent_lib" while test -h "$potlib" 2>/dev/null; do potliblink=`ls -ld $potlib | ${SED} 's/.* -> //'` case $potliblink in [\\/]* | [A-Za-z]:[\\/]*) potlib="$potliblink";; *) potlib=`$ECHO "$potlib" | $SED 's,[^/]*$,,'`"$potliblink";; esac done if eval $file_magic_cmd \"\$potlib\" 2>/dev/null | $SED -e 10q | $EGREP "$file_magic_regex" > /dev/null; then func_append newdeplibs " $a_deplib" a_deplib="" break 2 fi done done fi if test -n "$a_deplib" ; then droppeddeps=yes echo $ECHO "*** Warning: linker path does not have real file for library $a_deplib." echo "*** I have the capability to make that library automatically link in when" echo "*** you link to this library. But I can only do this if you have a" echo "*** shared version of the library, which you do not appear to have" echo "*** because I did check the linker path looking for a file starting" if test -z "$potlib" ; then $ECHO "*** with $libname but no candidates were found. (...for file magic test)" else $ECHO "*** with $libname and none of the candidates passed a file format test" $ECHO "*** using a file magic. Last file checked: $potlib" fi fi ;; *) # Add a -L argument. func_append newdeplibs " $a_deplib" ;; esac done # Gone through all deplibs. ;; match_pattern*) set dummy $deplibs_check_method; shift match_pattern_regex=`expr "$deplibs_check_method" : "$1 \(.*\)"` for a_deplib in $deplibs; do case $a_deplib in -l*) func_stripname -l '' "$a_deplib" name=$func_stripname_result if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then case " $predeps $postdeps " in *" $a_deplib "*) func_append newdeplibs " $a_deplib" a_deplib="" ;; esac fi if test -n "$a_deplib" ; then libname=`eval "\\$ECHO \"$libname_spec\""` for i in $lib_search_path $sys_lib_search_path $shlib_search_path; do potential_libs=`ls $i/$libname[.-]* 2>/dev/null` for potent_lib in $potential_libs; do potlib="$potent_lib" # see symlink-check above in file_magic test if eval "\$ECHO \"$potent_lib\"" 2>/dev/null | $SED 10q | \ $EGREP "$match_pattern_regex" > /dev/null; then func_append newdeplibs " $a_deplib" a_deplib="" break 2 fi done done fi if test -n "$a_deplib" ; then droppeddeps=yes echo $ECHO "*** Warning: linker path does not have real file for library $a_deplib." echo "*** I have the capability to make that library automatically link in when" echo "*** you link to this library. But I can only do this if you have a" echo "*** shared version of the library, which you do not appear to have" echo "*** because I did check the linker path looking for a file starting" if test -z "$potlib" ; then $ECHO "*** with $libname but no candidates were found. (...for regex pattern test)" else $ECHO "*** with $libname and none of the candidates passed a file format test" $ECHO "*** using a regex pattern. Last file checked: $potlib" fi fi ;; *) # Add a -L argument. func_append newdeplibs " $a_deplib" ;; esac done # Gone through all deplibs. ;; none | unknown | *) newdeplibs="" tmp_deplibs=`$ECHO " $deplibs" | $SED 's/ -lc$//; s/ -[LR][^ ]*//g'` if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then for i in $predeps $postdeps ; do # can't use Xsed below, because $i might contain '/' tmp_deplibs=`$ECHO " $tmp_deplibs" | $SED "s,$i,,"` done fi case $tmp_deplibs in *[!\ \ ]*) echo if test "X$deplibs_check_method" = "Xnone"; then echo "*** Warning: inter-library dependencies are not supported in this platform." else echo "*** Warning: inter-library dependencies are not known to be supported." fi echo "*** All declared inter-library dependencies are being dropped." droppeddeps=yes ;; esac ;; esac versuffix=$versuffix_save major=$major_save release=$release_save libname=$libname_save name=$name_save case $host in *-*-rhapsody* | *-*-darwin1.[012]) # On Rhapsody replace the C library with the System framework newdeplibs=`$ECHO " $newdeplibs" | $SED 's/ -lc / System.ltframework /'` ;; esac if test "$droppeddeps" = yes; then if test "$module" = yes; then echo echo "*** Warning: libtool could not satisfy all declared inter-library" $ECHO "*** dependencies of module $libname. Therefore, libtool will create" echo "*** a static module, that should work as long as the dlopening" echo "*** application is linked with the -dlopen flag." if test -z "$global_symbol_pipe"; then echo echo "*** However, this would only work if libtool was able to extract symbol" echo "*** lists from a program, using \`nm' or equivalent, but libtool could" echo "*** not find such a program. So, this module is probably useless." echo "*** \`nm' from GNU binutils and a full rebuild may help." fi if test "$build_old_libs" = no; then oldlibs="$output_objdir/$libname.$libext" build_libtool_libs=module build_old_libs=yes else build_libtool_libs=no fi else echo "*** The inter-library dependencies that have been dropped here will be" echo "*** automatically added whenever a program is linked with this library" echo "*** or is declared to -dlopen it." if test "$allow_undefined" = no; then echo echo "*** Since this library must not contain undefined symbols," echo "*** because either the platform does not support them or" echo "*** it was explicitly requested with -no-undefined," echo "*** libtool will only create a static version of it." if test "$build_old_libs" = no; then oldlibs="$output_objdir/$libname.$libext" build_libtool_libs=module build_old_libs=yes else build_libtool_libs=no fi fi fi fi # Done checking deplibs! deplibs=$newdeplibs fi # Time to change all our "foo.ltframework" stuff back to "-framework foo" case $host in *-*-darwin*) newdeplibs=`$ECHO " $newdeplibs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` new_inherited_linker_flags=`$ECHO " $new_inherited_linker_flags" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` deplibs=`$ECHO " $deplibs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` ;; esac # move library search paths that coincide with paths to not yet # installed libraries to the beginning of the library search list new_libs= for path in $notinst_path; do case " $new_libs " in *" -L$path/$objdir "*) ;; *) case " $deplibs " in *" -L$path/$objdir "*) func_append new_libs " -L$path/$objdir" ;; esac ;; esac done for deplib in $deplibs; do case $deplib in -L*) case " $new_libs " in *" $deplib "*) ;; *) func_append new_libs " $deplib" ;; esac ;; *) func_append new_libs " $deplib" ;; esac done deplibs="$new_libs" # All the library-specific variables (install_libdir is set above). library_names= old_library= dlname= # Test again, we may have decided not to build it any more if test "$build_libtool_libs" = yes; then # Remove ${wl} instances when linking with ld. # FIXME: should test the right _cmds variable. case $archive_cmds in *\$LD\ *) wl= ;; esac if test "$hardcode_into_libs" = yes; then # Hardcode the library paths hardcode_libdirs= dep_rpath= rpath="$finalize_rpath" test "$opt_mode" != relink && rpath="$compile_rpath$rpath" for libdir in $rpath; do if test -n "$hardcode_libdir_flag_spec"; then if test -n "$hardcode_libdir_separator"; then func_replace_sysroot "$libdir" libdir=$func_replace_sysroot_result if test -z "$hardcode_libdirs"; then hardcode_libdirs="$libdir" else # Just accumulate the unique libdirs. case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*) ;; *) func_append hardcode_libdirs "$hardcode_libdir_separator$libdir" ;; esac fi else eval flag=\"$hardcode_libdir_flag_spec\" func_append dep_rpath " $flag" fi elif test -n "$runpath_var"; then case "$perm_rpath " in *" $libdir "*) ;; *) func_append perm_rpath " $libdir" ;; esac fi done # Substitute the hardcoded libdirs into the rpath. if test -n "$hardcode_libdir_separator" && test -n "$hardcode_libdirs"; then libdir="$hardcode_libdirs" eval "dep_rpath=\"$hardcode_libdir_flag_spec\"" fi if test -n "$runpath_var" && test -n "$perm_rpath"; then # We should set the runpath_var. rpath= for dir in $perm_rpath; do func_append rpath "$dir:" done eval "$runpath_var='$rpath\$$runpath_var'; export $runpath_var" fi test -n "$dep_rpath" && deplibs="$dep_rpath $deplibs" fi shlibpath="$finalize_shlibpath" test "$opt_mode" != relink && shlibpath="$compile_shlibpath$shlibpath" if test -n "$shlibpath"; then eval "$shlibpath_var='$shlibpath\$$shlibpath_var'; export $shlibpath_var" fi # Get the real and link names of the library. eval shared_ext=\"$shrext_cmds\" eval library_names=\"$library_names_spec\" set dummy $library_names shift realname="$1" shift if test -n "$soname_spec"; then eval soname=\"$soname_spec\" else soname="$realname" fi if test -z "$dlname"; then dlname=$soname fi lib="$output_objdir/$realname" linknames= for link do func_append linknames " $link" done # Use standard objects if they are pic test -z "$pic_flag" && libobjs=`$ECHO "$libobjs" | $SP2NL | $SED "$lo2o" | $NL2SP` test "X$libobjs" = "X " && libobjs= delfiles= if test -n "$export_symbols" && test -n "$include_expsyms"; then $opt_dry_run || cp "$export_symbols" "$output_objdir/$libname.uexp" export_symbols="$output_objdir/$libname.uexp" func_append delfiles " $export_symbols" fi orig_export_symbols= case $host_os in cygwin* | mingw* | cegcc*) if test -n "$export_symbols" && test -z "$export_symbols_regex"; then # exporting using user supplied symfile if test "x`$SED 1q $export_symbols`" != xEXPORTS; then # and it's NOT already a .def file. Must figure out # which of the given symbols are data symbols and tag # them as such. So, trigger use of export_symbols_cmds. # export_symbols gets reassigned inside the "prepare # the list of exported symbols" if statement, so the # include_expsyms logic still works. orig_export_symbols="$export_symbols" export_symbols= always_export_symbols=yes fi fi ;; esac # Prepare the list of exported symbols if test -z "$export_symbols"; then if test "$always_export_symbols" = yes || test -n "$export_symbols_regex"; then func_verbose "generating symbol list for \`$libname.la'" export_symbols="$output_objdir/$libname.exp" $opt_dry_run || $RM $export_symbols cmds=$export_symbols_cmds save_ifs="$IFS"; IFS='~' for cmd1 in $cmds; do IFS="$save_ifs" # Take the normal branch if the nm_file_list_spec branch # doesn't work or if tool conversion is not needed. case $nm_file_list_spec~$to_tool_file_cmd in *~func_convert_file_noop | *~func_convert_file_msys_to_w32 | ~*) try_normal_branch=yes eval cmd=\"$cmd1\" func_len " $cmd" len=$func_len_result ;; *) try_normal_branch=no ;; esac if test "$try_normal_branch" = yes \ && { test "$len" -lt "$max_cmd_len" \ || test "$max_cmd_len" -le -1; } then func_show_eval "$cmd" 'exit $?' skipped_export=false elif test -n "$nm_file_list_spec"; then func_basename "$output" output_la=$func_basename_result save_libobjs=$libobjs save_output=$output output=${output_objdir}/${output_la}.nm func_to_tool_file "$output" libobjs=$nm_file_list_spec$func_to_tool_file_result func_append delfiles " $output" func_verbose "creating $NM input file list: $output" for obj in $save_libobjs; do func_to_tool_file "$obj" $ECHO "$func_to_tool_file_result" done > "$output" eval cmd=\"$cmd1\" func_show_eval "$cmd" 'exit $?' output=$save_output libobjs=$save_libobjs skipped_export=false else # The command line is too long to execute in one step. func_verbose "using reloadable object file for export list..." skipped_export=: # Break out early, otherwise skipped_export may be # set to false by a later but shorter cmd. break fi done IFS="$save_ifs" if test -n "$export_symbols_regex" && test "X$skipped_export" != "X:"; then func_show_eval '$EGREP -e "$export_symbols_regex" "$export_symbols" > "${export_symbols}T"' func_show_eval '$MV "${export_symbols}T" "$export_symbols"' fi fi fi if test -n "$export_symbols" && test -n "$include_expsyms"; then tmp_export_symbols="$export_symbols" test -n "$orig_export_symbols" && tmp_export_symbols="$orig_export_symbols" $opt_dry_run || eval '$ECHO "$include_expsyms" | $SP2NL >> "$tmp_export_symbols"' fi if test "X$skipped_export" != "X:" && test -n "$orig_export_symbols"; then # The given exports_symbols file has to be filtered, so filter it. func_verbose "filter symbol list for \`$libname.la' to tag DATA exports" # FIXME: $output_objdir/$libname.filter potentially contains lots of # 's' commands which not all seds can handle. GNU sed should be fine # though. Also, the filter scales superlinearly with the number of # global variables. join(1) would be nice here, but unfortunately # isn't a blessed tool. $opt_dry_run || $SED -e '/[ ,]DATA/!d;s,\(.*\)\([ \,].*\),s|^\1$|\1\2|,' < $export_symbols > $output_objdir/$libname.filter func_append delfiles " $export_symbols $output_objdir/$libname.filter" export_symbols=$output_objdir/$libname.def $opt_dry_run || $SED -f $output_objdir/$libname.filter < $orig_export_symbols > $export_symbols fi tmp_deplibs= for test_deplib in $deplibs; do case " $convenience " in *" $test_deplib "*) ;; *) func_append tmp_deplibs " $test_deplib" ;; esac done deplibs="$tmp_deplibs" if test -n "$convenience"; then if test -n "$whole_archive_flag_spec" && test "$compiler_needs_object" = yes && test -z "$libobjs"; then # extract the archives, so we have objects to list. # TODO: could optimize this to just extract one archive. whole_archive_flag_spec= fi if test -n "$whole_archive_flag_spec"; then save_libobjs=$libobjs eval libobjs=\"\$libobjs $whole_archive_flag_spec\" test "X$libobjs" = "X " && libobjs= else gentop="$output_objdir/${outputname}x" func_append generated " $gentop" func_extract_archives $gentop $convenience func_append libobjs " $func_extract_archives_result" test "X$libobjs" = "X " && libobjs= fi fi if test "$thread_safe" = yes && test -n "$thread_safe_flag_spec"; then eval flag=\"$thread_safe_flag_spec\" func_append linker_flags " $flag" fi # Make a backup of the uninstalled library when relinking if test "$opt_mode" = relink; then $opt_dry_run || eval '(cd $output_objdir && $RM ${realname}U && $MV $realname ${realname}U)' || exit $? fi # Do each of the archive commands. if test "$module" = yes && test -n "$module_cmds" ; then if test -n "$export_symbols" && test -n "$module_expsym_cmds"; then eval test_cmds=\"$module_expsym_cmds\" cmds=$module_expsym_cmds else eval test_cmds=\"$module_cmds\" cmds=$module_cmds fi else if test -n "$export_symbols" && test -n "$archive_expsym_cmds"; then eval test_cmds=\"$archive_expsym_cmds\" cmds=$archive_expsym_cmds else eval test_cmds=\"$archive_cmds\" cmds=$archive_cmds fi fi if test "X$skipped_export" != "X:" && func_len " $test_cmds" && len=$func_len_result && test "$len" -lt "$max_cmd_len" || test "$max_cmd_len" -le -1; then : else # The command line is too long to link in one step, link piecewise # or, if using GNU ld and skipped_export is not :, use a linker # script. # Save the value of $output and $libobjs because we want to # use them later. If we have whole_archive_flag_spec, we # want to use save_libobjs as it was before # whole_archive_flag_spec was expanded, because we can't # assume the linker understands whole_archive_flag_spec. # This may have to be revisited, in case too many # convenience libraries get linked in and end up exceeding # the spec. if test -z "$convenience" || test -z "$whole_archive_flag_spec"; then save_libobjs=$libobjs fi save_output=$output func_basename "$output" output_la=$func_basename_result # Clear the reloadable object creation command queue and # initialize k to one. test_cmds= concat_cmds= objlist= last_robj= k=1 if test -n "$save_libobjs" && test "X$skipped_export" != "X:" && test "$with_gnu_ld" = yes; then output=${output_objdir}/${output_la}.lnkscript func_verbose "creating GNU ld script: $output" echo 'INPUT (' > $output for obj in $save_libobjs do func_to_tool_file "$obj" $ECHO "$func_to_tool_file_result" >> $output done echo ')' >> $output func_append delfiles " $output" func_to_tool_file "$output" output=$func_to_tool_file_result elif test -n "$save_libobjs" && test "X$skipped_export" != "X:" && test "X$file_list_spec" != X; then output=${output_objdir}/${output_la}.lnk func_verbose "creating linker input file list: $output" : > $output set x $save_libobjs shift firstobj= if test "$compiler_needs_object" = yes; then firstobj="$1 " shift fi for obj do func_to_tool_file "$obj" $ECHO "$func_to_tool_file_result" >> $output done func_append delfiles " $output" func_to_tool_file "$output" output=$firstobj\"$file_list_spec$func_to_tool_file_result\" else if test -n "$save_libobjs"; then func_verbose "creating reloadable object files..." output=$output_objdir/$output_la-${k}.$objext eval test_cmds=\"$reload_cmds\" func_len " $test_cmds" len0=$func_len_result len=$len0 # Loop over the list of objects to be linked. for obj in $save_libobjs do func_len " $obj" func_arith $len + $func_len_result len=$func_arith_result if test "X$objlist" = X || test "$len" -lt "$max_cmd_len"; then func_append objlist " $obj" else # The command $test_cmds is almost too long, add a # command to the queue. if test "$k" -eq 1 ; then # The first file doesn't have a previous command to add. reload_objs=$objlist eval concat_cmds=\"$reload_cmds\" else # All subsequent reloadable object files will link in # the last one created. reload_objs="$objlist $last_robj" eval concat_cmds=\"\$concat_cmds~$reload_cmds~\$RM $last_robj\" fi last_robj=$output_objdir/$output_la-${k}.$objext func_arith $k + 1 k=$func_arith_result output=$output_objdir/$output_la-${k}.$objext objlist=" $obj" func_len " $last_robj" func_arith $len0 + $func_len_result len=$func_arith_result fi done # Handle the remaining objects by creating one last # reloadable object file. All subsequent reloadable object # files will link in the last one created. test -z "$concat_cmds" || concat_cmds=$concat_cmds~ reload_objs="$objlist $last_robj" eval concat_cmds=\"\${concat_cmds}$reload_cmds\" if test -n "$last_robj"; then eval concat_cmds=\"\${concat_cmds}~\$RM $last_robj\" fi func_append delfiles " $output" else output= fi if ${skipped_export-false}; then func_verbose "generating symbol list for \`$libname.la'" export_symbols="$output_objdir/$libname.exp" $opt_dry_run || $RM $export_symbols libobjs=$output # Append the command to create the export file. test -z "$concat_cmds" || concat_cmds=$concat_cmds~ eval concat_cmds=\"\$concat_cmds$export_symbols_cmds\" if test -n "$last_robj"; then eval concat_cmds=\"\$concat_cmds~\$RM $last_robj\" fi fi test -n "$save_libobjs" && func_verbose "creating a temporary reloadable object file: $output" # Loop through the commands generated above and execute them. save_ifs="$IFS"; IFS='~' for cmd in $concat_cmds; do IFS="$save_ifs" $opt_silent || { func_quote_for_expand "$cmd" eval "func_echo $func_quote_for_expand_result" } $opt_dry_run || eval "$cmd" || { lt_exit=$? # Restore the uninstalled library and exit if test "$opt_mode" = relink; then ( cd "$output_objdir" && \ $RM "${realname}T" && \ $MV "${realname}U" "$realname" ) fi exit $lt_exit } done IFS="$save_ifs" if test -n "$export_symbols_regex" && ${skipped_export-false}; then func_show_eval '$EGREP -e "$export_symbols_regex" "$export_symbols" > "${export_symbols}T"' func_show_eval '$MV "${export_symbols}T" "$export_symbols"' fi fi if ${skipped_export-false}; then if test -n "$export_symbols" && test -n "$include_expsyms"; then tmp_export_symbols="$export_symbols" test -n "$orig_export_symbols" && tmp_export_symbols="$orig_export_symbols" $opt_dry_run || eval '$ECHO "$include_expsyms" | $SP2NL >> "$tmp_export_symbols"' fi if test -n "$orig_export_symbols"; then # The given exports_symbols file has to be filtered, so filter it. func_verbose "filter symbol list for \`$libname.la' to tag DATA exports" # FIXME: $output_objdir/$libname.filter potentially contains lots of # 's' commands which not all seds can handle. GNU sed should be fine # though. Also, the filter scales superlinearly with the number of # global variables. join(1) would be nice here, but unfortunately # isn't a blessed tool. $opt_dry_run || $SED -e '/[ ,]DATA/!d;s,\(.*\)\([ \,].*\),s|^\1$|\1\2|,' < $export_symbols > $output_objdir/$libname.filter func_append delfiles " $export_symbols $output_objdir/$libname.filter" export_symbols=$output_objdir/$libname.def $opt_dry_run || $SED -f $output_objdir/$libname.filter < $orig_export_symbols > $export_symbols fi fi libobjs=$output # Restore the value of output. output=$save_output if test -n "$convenience" && test -n "$whole_archive_flag_spec"; then eval libobjs=\"\$libobjs $whole_archive_flag_spec\" test "X$libobjs" = "X " && libobjs= fi # Expand the library linking commands again to reset the # value of $libobjs for piecewise linking. # Do each of the archive commands. if test "$module" = yes && test -n "$module_cmds" ; then if test -n "$export_symbols" && test -n "$module_expsym_cmds"; then cmds=$module_expsym_cmds else cmds=$module_cmds fi else if test -n "$export_symbols" && test -n "$archive_expsym_cmds"; then cmds=$archive_expsym_cmds else cmds=$archive_cmds fi fi fi if test -n "$delfiles"; then # Append the command to remove temporary files to $cmds. eval cmds=\"\$cmds~\$RM $delfiles\" fi # Add any objects from preloaded convenience libraries if test -n "$dlprefiles"; then gentop="$output_objdir/${outputname}x" func_append generated " $gentop" func_extract_archives $gentop $dlprefiles func_append libobjs " $func_extract_archives_result" test "X$libobjs" = "X " && libobjs= fi save_ifs="$IFS"; IFS='~' for cmd in $cmds; do IFS="$save_ifs" eval cmd=\"$cmd\" $opt_silent || { func_quote_for_expand "$cmd" eval "func_echo $func_quote_for_expand_result" } $opt_dry_run || eval "$cmd" || { lt_exit=$? # Restore the uninstalled library and exit if test "$opt_mode" = relink; then ( cd "$output_objdir" && \ $RM "${realname}T" && \ $MV "${realname}U" "$realname" ) fi exit $lt_exit } done IFS="$save_ifs" # Restore the uninstalled library and exit if test "$opt_mode" = relink; then $opt_dry_run || eval '(cd $output_objdir && $RM ${realname}T && $MV $realname ${realname}T && $MV ${realname}U $realname)' || exit $? if test -n "$convenience"; then if test -z "$whole_archive_flag_spec"; then func_show_eval '${RM}r "$gentop"' fi fi exit $EXIT_SUCCESS fi # Create links to the real library. for linkname in $linknames; do if test "$realname" != "$linkname"; then func_show_eval '(cd "$output_objdir" && $RM "$linkname" && $LN_S "$realname" "$linkname")' 'exit $?' fi done # If -module or -export-dynamic was specified, set the dlname. if test "$module" = yes || test "$export_dynamic" = yes; then # On all known operating systems, these are identical. dlname="$soname" fi fi ;; obj) if test -n "$dlfiles$dlprefiles" || test "$dlself" != no; then func_warning "\`-dlopen' is ignored for objects" fi case " $deplibs" in *\ -l* | *\ -L*) func_warning "\`-l' and \`-L' are ignored for objects" ;; esac test -n "$rpath" && \ func_warning "\`-rpath' is ignored for objects" test -n "$xrpath" && \ func_warning "\`-R' is ignored for objects" test -n "$vinfo" && \ func_warning "\`-version-info' is ignored for objects" test -n "$release" && \ func_warning "\`-release' is ignored for objects" case $output in *.lo) test -n "$objs$old_deplibs" && \ func_fatal_error "cannot build library object \`$output' from non-libtool objects" libobj=$output func_lo2o "$libobj" obj=$func_lo2o_result ;; *) libobj= obj="$output" ;; esac # Delete the old objects. $opt_dry_run || $RM $obj $libobj # Objects from convenience libraries. This assumes # single-version convenience libraries. Whenever we create # different ones for PIC/non-PIC, this we'll have to duplicate # the extraction. reload_conv_objs= gentop= # reload_cmds runs $LD directly, so let us get rid of # -Wl from whole_archive_flag_spec and hope we can get by with # turning comma into space.. wl= if test -n "$convenience"; then if test -n "$whole_archive_flag_spec"; then eval tmp_whole_archive_flags=\"$whole_archive_flag_spec\" reload_conv_objs=$reload_objs\ `$ECHO "$tmp_whole_archive_flags" | $SED 's|,| |g'` else gentop="$output_objdir/${obj}x" func_append generated " $gentop" func_extract_archives $gentop $convenience reload_conv_objs="$reload_objs $func_extract_archives_result" fi fi # If we're not building shared, we need to use non_pic_objs test "$build_libtool_libs" != yes && libobjs="$non_pic_objects" # Create the old-style object. reload_objs="$objs$old_deplibs "`$ECHO "$libobjs" | $SP2NL | $SED "/\.${libext}$/d; /\.lib$/d; $lo2o" | $NL2SP`" $reload_conv_objs" ### testsuite: skip nested quoting test output="$obj" func_execute_cmds "$reload_cmds" 'exit $?' # Exit if we aren't doing a library object file. if test -z "$libobj"; then if test -n "$gentop"; then func_show_eval '${RM}r "$gentop"' fi exit $EXIT_SUCCESS fi if test "$build_libtool_libs" != yes; then if test -n "$gentop"; then func_show_eval '${RM}r "$gentop"' fi # Create an invalid libtool object if no PIC, so that we don't # accidentally link it into a program. # $show "echo timestamp > $libobj" # $opt_dry_run || eval "echo timestamp > $libobj" || exit $? exit $EXIT_SUCCESS fi if test -n "$pic_flag" || test "$pic_mode" != default; then # Only do commands if we really have different PIC objects. reload_objs="$libobjs $reload_conv_objs" output="$libobj" func_execute_cmds "$reload_cmds" 'exit $?' fi if test -n "$gentop"; then func_show_eval '${RM}r "$gentop"' fi exit $EXIT_SUCCESS ;; prog) case $host in *cygwin*) func_stripname '' '.exe' "$output" output=$func_stripname_result.exe;; esac test -n "$vinfo" && \ func_warning "\`-version-info' is ignored for programs" test -n "$release" && \ func_warning "\`-release' is ignored for programs" test "$preload" = yes \ && test "$dlopen_support" = unknown \ && test "$dlopen_self" = unknown \ && test "$dlopen_self_static" = unknown && \ func_warning "\`LT_INIT([dlopen])' not used. Assuming no dlopen support." case $host in *-*-rhapsody* | *-*-darwin1.[012]) # On Rhapsody replace the C library is the System framework compile_deplibs=`$ECHO " $compile_deplibs" | $SED 's/ -lc / System.ltframework /'` finalize_deplibs=`$ECHO " $finalize_deplibs" | $SED 's/ -lc / System.ltframework /'` ;; esac case $host in *-*-darwin*) # Don't allow lazy linking, it breaks C++ global constructors # But is supposedly fixed on 10.4 or later (yay!). if test "$tagname" = CXX ; then case ${MACOSX_DEPLOYMENT_TARGET-10.0} in 10.[0123]) func_append compile_command " ${wl}-bind_at_load" func_append finalize_command " ${wl}-bind_at_load" ;; esac fi # Time to change all our "foo.ltframework" stuff back to "-framework foo" compile_deplibs=`$ECHO " $compile_deplibs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` finalize_deplibs=`$ECHO " $finalize_deplibs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` ;; esac # move library search paths that coincide with paths to not yet # installed libraries to the beginning of the library search list new_libs= for path in $notinst_path; do case " $new_libs " in *" -L$path/$objdir "*) ;; *) case " $compile_deplibs " in *" -L$path/$objdir "*) func_append new_libs " -L$path/$objdir" ;; esac ;; esac done for deplib in $compile_deplibs; do case $deplib in -L*) case " $new_libs " in *" $deplib "*) ;; *) func_append new_libs " $deplib" ;; esac ;; *) func_append new_libs " $deplib" ;; esac done compile_deplibs="$new_libs" func_append compile_command " $compile_deplibs" func_append finalize_command " $finalize_deplibs" if test -n "$rpath$xrpath"; then # If the user specified any rpath flags, then add them. for libdir in $rpath $xrpath; do # This is the magic to use -rpath. case "$finalize_rpath " in *" $libdir "*) ;; *) func_append finalize_rpath " $libdir" ;; esac done fi # Now hardcode the library paths rpath= hardcode_libdirs= for libdir in $compile_rpath $finalize_rpath; do if test -n "$hardcode_libdir_flag_spec"; then if test -n "$hardcode_libdir_separator"; then if test -z "$hardcode_libdirs"; then hardcode_libdirs="$libdir" else # Just accumulate the unique libdirs. case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*) ;; *) func_append hardcode_libdirs "$hardcode_libdir_separator$libdir" ;; esac fi else eval flag=\"$hardcode_libdir_flag_spec\" func_append rpath " $flag" fi elif test -n "$runpath_var"; then case "$perm_rpath " in *" $libdir "*) ;; *) func_append perm_rpath " $libdir" ;; esac fi case $host in *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-cegcc*) testbindir=`${ECHO} "$libdir" | ${SED} -e 's*/lib$*/bin*'` case :$dllsearchpath: in *":$libdir:"*) ;; ::) dllsearchpath=$libdir;; *) func_append dllsearchpath ":$libdir";; esac case :$dllsearchpath: in *":$testbindir:"*) ;; ::) dllsearchpath=$testbindir;; *) func_append dllsearchpath ":$testbindir";; esac ;; esac done # Substitute the hardcoded libdirs into the rpath. if test -n "$hardcode_libdir_separator" && test -n "$hardcode_libdirs"; then libdir="$hardcode_libdirs" eval rpath=\" $hardcode_libdir_flag_spec\" fi compile_rpath="$rpath" rpath= hardcode_libdirs= for libdir in $finalize_rpath; do if test -n "$hardcode_libdir_flag_spec"; then if test -n "$hardcode_libdir_separator"; then if test -z "$hardcode_libdirs"; then hardcode_libdirs="$libdir" else # Just accumulate the unique libdirs. case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*) ;; *) func_append hardcode_libdirs "$hardcode_libdir_separator$libdir" ;; esac fi else eval flag=\"$hardcode_libdir_flag_spec\" func_append rpath " $flag" fi elif test -n "$runpath_var"; then case "$finalize_perm_rpath " in *" $libdir "*) ;; *) func_append finalize_perm_rpath " $libdir" ;; esac fi done # Substitute the hardcoded libdirs into the rpath. if test -n "$hardcode_libdir_separator" && test -n "$hardcode_libdirs"; then libdir="$hardcode_libdirs" eval rpath=\" $hardcode_libdir_flag_spec\" fi finalize_rpath="$rpath" if test -n "$libobjs" && test "$build_old_libs" = yes; then # Transform all the library objects into standard objects. compile_command=`$ECHO "$compile_command" | $SP2NL | $SED "$lo2o" | $NL2SP` finalize_command=`$ECHO "$finalize_command" | $SP2NL | $SED "$lo2o" | $NL2SP` fi func_generate_dlsyms "$outputname" "@PROGRAM@" "no" # template prelinking step if test -n "$prelink_cmds"; then func_execute_cmds "$prelink_cmds" 'exit $?' fi wrappers_required=yes case $host in *cegcc* | *mingw32ce*) # Disable wrappers for cegcc and mingw32ce hosts, we are cross compiling anyway. wrappers_required=no ;; *cygwin* | *mingw* ) if test "$build_libtool_libs" != yes; then wrappers_required=no fi ;; *) if test "$need_relink" = no || test "$build_libtool_libs" != yes; then wrappers_required=no fi ;; esac if test "$wrappers_required" = no; then # Replace the output file specification. compile_command=`$ECHO "$compile_command" | $SED 's%@OUTPUT@%'"$output"'%g'` link_command="$compile_command$compile_rpath" # We have no uninstalled library dependencies, so finalize right now. exit_status=0 func_show_eval "$link_command" 'exit_status=$?' if test -n "$postlink_cmds"; then func_to_tool_file "$output" postlink_cmds=`func_echo_all "$postlink_cmds" | $SED -e 's%@OUTPUT@%'"$output"'%g' -e 's%@TOOL_OUTPUT@%'"$func_to_tool_file_result"'%g'` func_execute_cmds "$postlink_cmds" 'exit $?' fi # Delete the generated files. if test -f "$output_objdir/${outputname}S.${objext}"; then func_show_eval '$RM "$output_objdir/${outputname}S.${objext}"' fi exit $exit_status fi if test -n "$compile_shlibpath$finalize_shlibpath"; then compile_command="$shlibpath_var=\"$compile_shlibpath$finalize_shlibpath\$$shlibpath_var\" $compile_command" fi if test -n "$finalize_shlibpath"; then finalize_command="$shlibpath_var=\"$finalize_shlibpath\$$shlibpath_var\" $finalize_command" fi compile_var= finalize_var= if test -n "$runpath_var"; then if test -n "$perm_rpath"; then # We should set the runpath_var. rpath= for dir in $perm_rpath; do func_append rpath "$dir:" done compile_var="$runpath_var=\"$rpath\$$runpath_var\" " fi if test -n "$finalize_perm_rpath"; then # We should set the runpath_var. rpath= for dir in $finalize_perm_rpath; do func_append rpath "$dir:" done finalize_var="$runpath_var=\"$rpath\$$runpath_var\" " fi fi if test "$no_install" = yes; then # We don't need to create a wrapper script. link_command="$compile_var$compile_command$compile_rpath" # Replace the output file specification. link_command=`$ECHO "$link_command" | $SED 's%@OUTPUT@%'"$output"'%g'` # Delete the old output file. $opt_dry_run || $RM $output # Link the executable and exit func_show_eval "$link_command" 'exit $?' if test -n "$postlink_cmds"; then func_to_tool_file "$output" postlink_cmds=`func_echo_all "$postlink_cmds" | $SED -e 's%@OUTPUT@%'"$output"'%g' -e 's%@TOOL_OUTPUT@%'"$func_to_tool_file_result"'%g'` func_execute_cmds "$postlink_cmds" 'exit $?' fi exit $EXIT_SUCCESS fi if test "$hardcode_action" = relink; then # Fast installation is not supported link_command="$compile_var$compile_command$compile_rpath" relink_command="$finalize_var$finalize_command$finalize_rpath" func_warning "this platform does not like uninstalled shared libraries" func_warning "\`$output' will be relinked during installation" else if test "$fast_install" != no; then link_command="$finalize_var$compile_command$finalize_rpath" if test "$fast_install" = yes; then relink_command=`$ECHO "$compile_var$compile_command$compile_rpath" | $SED 's%@OUTPUT@%\$progdir/\$file%g'` else # fast_install is set to needless relink_command= fi else link_command="$compile_var$compile_command$compile_rpath" relink_command="$finalize_var$finalize_command$finalize_rpath" fi fi # Replace the output file specification. link_command=`$ECHO "$link_command" | $SED 's%@OUTPUT@%'"$output_objdir/$outputname"'%g'` # Delete the old output files. $opt_dry_run || $RM $output $output_objdir/$outputname $output_objdir/lt-$outputname func_show_eval "$link_command" 'exit $?' if test -n "$postlink_cmds"; then func_to_tool_file "$output_objdir/$outputname" postlink_cmds=`func_echo_all "$postlink_cmds" | $SED -e 's%@OUTPUT@%'"$output_objdir/$outputname"'%g' -e 's%@TOOL_OUTPUT@%'"$func_to_tool_file_result"'%g'` func_execute_cmds "$postlink_cmds" 'exit $?' fi # Now create the wrapper script. func_verbose "creating $output" # Quote the relink command for shipping. if test -n "$relink_command"; then # Preserve any variables that may affect compiler behavior for var in $variables_saved_for_relink; do if eval test -z \"\${$var+set}\"; then relink_command="{ test -z \"\${$var+set}\" || $lt_unset $var || { $var=; export $var; }; }; $relink_command" elif eval var_value=\$$var; test -z "$var_value"; then relink_command="$var=; export $var; $relink_command" else func_quote_for_eval "$var_value" relink_command="$var=$func_quote_for_eval_result; export $var; $relink_command" fi done relink_command="(cd `pwd`; $relink_command)" relink_command=`$ECHO "$relink_command" | $SED "$sed_quote_subst"` fi # Only actually do things if not in dry run mode. $opt_dry_run || { # win32 will think the script is a binary if it has # a .exe suffix, so we strip it off here. case $output in *.exe) func_stripname '' '.exe' "$output" output=$func_stripname_result ;; esac # test for cygwin because mv fails w/o .exe extensions case $host in *cygwin*) exeext=.exe func_stripname '' '.exe' "$outputname" outputname=$func_stripname_result ;; *) exeext= ;; esac case $host in *cygwin* | *mingw* ) func_dirname_and_basename "$output" "" "." output_name=$func_basename_result output_path=$func_dirname_result cwrappersource="$output_path/$objdir/lt-$output_name.c" cwrapper="$output_path/$output_name.exe" $RM $cwrappersource $cwrapper trap "$RM $cwrappersource $cwrapper; exit $EXIT_FAILURE" 1 2 15 func_emit_cwrapperexe_src > $cwrappersource # The wrapper executable is built using the $host compiler, # because it contains $host paths and files. If cross- # compiling, it, like the target executable, must be # executed on the $host or under an emulation environment. $opt_dry_run || { $LTCC $LTCFLAGS -o $cwrapper $cwrappersource $STRIP $cwrapper } # Now, create the wrapper script for func_source use: func_ltwrapper_scriptname $cwrapper $RM $func_ltwrapper_scriptname_result trap "$RM $func_ltwrapper_scriptname_result; exit $EXIT_FAILURE" 1 2 15 $opt_dry_run || { # note: this script will not be executed, so do not chmod. if test "x$build" = "x$host" ; then $cwrapper --lt-dump-script > $func_ltwrapper_scriptname_result else func_emit_wrapper no > $func_ltwrapper_scriptname_result fi } ;; * ) $RM $output trap "$RM $output; exit $EXIT_FAILURE" 1 2 15 func_emit_wrapper no > $output chmod +x $output ;; esac } exit $EXIT_SUCCESS ;; esac # See if we need to build an old-fashioned archive. for oldlib in $oldlibs; do if test "$build_libtool_libs" = convenience; then oldobjs="$libobjs_save $symfileobj" addlibs="$convenience" build_libtool_libs=no else if test "$build_libtool_libs" = module; then oldobjs="$libobjs_save" build_libtool_libs=no else oldobjs="$old_deplibs $non_pic_objects" if test "$preload" = yes && test -f "$symfileobj"; then func_append oldobjs " $symfileobj" fi fi addlibs="$old_convenience" fi if test -n "$addlibs"; then gentop="$output_objdir/${outputname}x" func_append generated " $gentop" func_extract_archives $gentop $addlibs func_append oldobjs " $func_extract_archives_result" fi # Do each command in the archive commands. if test -n "$old_archive_from_new_cmds" && test "$build_libtool_libs" = yes; then cmds=$old_archive_from_new_cmds else # Add any objects from preloaded convenience libraries if test -n "$dlprefiles"; then gentop="$output_objdir/${outputname}x" func_append generated " $gentop" func_extract_archives $gentop $dlprefiles func_append oldobjs " $func_extract_archives_result" fi # POSIX demands no paths to be encoded in archives. We have # to avoid creating archives with duplicate basenames if we # might have to extract them afterwards, e.g., when creating a # static archive out of a convenience library, or when linking # the entirety of a libtool archive into another (currently # not supported by libtool). if (for obj in $oldobjs do func_basename "$obj" $ECHO "$func_basename_result" done | sort | sort -uc >/dev/null 2>&1); then : else echo "copying selected object files to avoid basename conflicts..." gentop="$output_objdir/${outputname}x" func_append generated " $gentop" func_mkdir_p "$gentop" save_oldobjs=$oldobjs oldobjs= counter=1 for obj in $save_oldobjs do func_basename "$obj" objbase="$func_basename_result" case " $oldobjs " in " ") oldobjs=$obj ;; *[\ /]"$objbase "*) while :; do # Make sure we don't pick an alternate name that also # overlaps. newobj=lt$counter-$objbase func_arith $counter + 1 counter=$func_arith_result case " $oldobjs " in *[\ /]"$newobj "*) ;; *) if test ! -f "$gentop/$newobj"; then break; fi ;; esac done func_show_eval "ln $obj $gentop/$newobj || cp $obj $gentop/$newobj" func_append oldobjs " $gentop/$newobj" ;; *) func_append oldobjs " $obj" ;; esac done fi func_to_tool_file "$oldlib" func_convert_file_msys_to_w32 tool_oldlib=$func_to_tool_file_result eval cmds=\"$old_archive_cmds\" func_len " $cmds" len=$func_len_result if test "$len" -lt "$max_cmd_len" || test "$max_cmd_len" -le -1; then cmds=$old_archive_cmds elif test -n "$archiver_list_spec"; then func_verbose "using command file archive linking..." for obj in $oldobjs do func_to_tool_file "$obj" $ECHO "$func_to_tool_file_result" done > $output_objdir/$libname.libcmd func_to_tool_file "$output_objdir/$libname.libcmd" oldobjs=" $archiver_list_spec$func_to_tool_file_result" cmds=$old_archive_cmds else # the command line is too long to link in one step, link in parts func_verbose "using piecewise archive linking..." save_RANLIB=$RANLIB RANLIB=: objlist= concat_cmds= save_oldobjs=$oldobjs oldobjs= # Is there a better way of finding the last object in the list? for obj in $save_oldobjs do last_oldobj=$obj done eval test_cmds=\"$old_archive_cmds\" func_len " $test_cmds" len0=$func_len_result len=$len0 for obj in $save_oldobjs do func_len " $obj" func_arith $len + $func_len_result len=$func_arith_result func_append objlist " $obj" if test "$len" -lt "$max_cmd_len"; then : else # the above command should be used before it gets too long oldobjs=$objlist if test "$obj" = "$last_oldobj" ; then RANLIB=$save_RANLIB fi test -z "$concat_cmds" || concat_cmds=$concat_cmds~ eval concat_cmds=\"\${concat_cmds}$old_archive_cmds\" objlist= len=$len0 fi done RANLIB=$save_RANLIB oldobjs=$objlist if test "X$oldobjs" = "X" ; then eval cmds=\"\$concat_cmds\" else eval cmds=\"\$concat_cmds~\$old_archive_cmds\" fi fi fi func_execute_cmds "$cmds" 'exit $?' done test -n "$generated" && \ func_show_eval "${RM}r$generated" # Now create the libtool archive. case $output in *.la) old_library= test "$build_old_libs" = yes && old_library="$libname.$libext" func_verbose "creating $output" # Preserve any variables that may affect compiler behavior for var in $variables_saved_for_relink; do if eval test -z \"\${$var+set}\"; then relink_command="{ test -z \"\${$var+set}\" || $lt_unset $var || { $var=; export $var; }; }; $relink_command" elif eval var_value=\$$var; test -z "$var_value"; then relink_command="$var=; export $var; $relink_command" else func_quote_for_eval "$var_value" relink_command="$var=$func_quote_for_eval_result; export $var; $relink_command" fi done # Quote the link command for shipping. relink_command="(cd `pwd`; $SHELL $progpath $preserve_args --mode=relink $libtool_args @inst_prefix_dir@)" relink_command=`$ECHO "$relink_command" | $SED "$sed_quote_subst"` if test "$hardcode_automatic" = yes ; then relink_command= fi # Only create the output if not a dry run. $opt_dry_run || { for installed in no yes; do if test "$installed" = yes; then if test -z "$install_libdir"; then break fi output="$output_objdir/$outputname"i # Replace all uninstalled libtool libraries with the installed ones newdependency_libs= for deplib in $dependency_libs; do case $deplib in *.la) func_basename "$deplib" name="$func_basename_result" func_resolve_sysroot "$deplib" eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $func_resolve_sysroot_result` test -z "$libdir" && \ func_fatal_error "\`$deplib' is not a valid libtool archive" func_append newdependency_libs " ${lt_sysroot:+=}$libdir/$name" ;; -L*) func_stripname -L '' "$deplib" func_replace_sysroot "$func_stripname_result" func_append newdependency_libs " -L$func_replace_sysroot_result" ;; -R*) func_stripname -R '' "$deplib" func_replace_sysroot "$func_stripname_result" func_append newdependency_libs " -R$func_replace_sysroot_result" ;; *) func_append newdependency_libs " $deplib" ;; esac done dependency_libs="$newdependency_libs" newdlfiles= for lib in $dlfiles; do case $lib in *.la) func_basename "$lib" name="$func_basename_result" eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $lib` test -z "$libdir" && \ func_fatal_error "\`$lib' is not a valid libtool archive" func_append newdlfiles " ${lt_sysroot:+=}$libdir/$name" ;; *) func_append newdlfiles " $lib" ;; esac done dlfiles="$newdlfiles" newdlprefiles= for lib in $dlprefiles; do case $lib in *.la) # Only pass preopened files to the pseudo-archive (for # eventual linking with the app. that links it) if we # didn't already link the preopened objects directly into # the library: func_basename "$lib" name="$func_basename_result" eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $lib` test -z "$libdir" && \ func_fatal_error "\`$lib' is not a valid libtool archive" func_append newdlprefiles " ${lt_sysroot:+=}$libdir/$name" ;; esac done dlprefiles="$newdlprefiles" else newdlfiles= for lib in $dlfiles; do case $lib in [\\/]* | [A-Za-z]:[\\/]*) abs="$lib" ;; *) abs=`pwd`"/$lib" ;; esac func_append newdlfiles " $abs" done dlfiles="$newdlfiles" newdlprefiles= for lib in $dlprefiles; do case $lib in [\\/]* | [A-Za-z]:[\\/]*) abs="$lib" ;; *) abs=`pwd`"/$lib" ;; esac func_append newdlprefiles " $abs" done dlprefiles="$newdlprefiles" fi $RM $output # place dlname in correct position for cygwin # In fact, it would be nice if we could use this code for all target # systems that can't hard-code library paths into their executables # and that have no shared library path variable independent of PATH, # but it turns out we can't easily determine that from inspecting # libtool variables, so we have to hard-code the OSs to which it # applies here; at the moment, that means platforms that use the PE # object format with DLL files. See the long comment at the top of # tests/bindir.at for full details. tdlname=$dlname case $host,$output,$installed,$module,$dlname in *cygwin*,*lai,yes,no,*.dll | *mingw*,*lai,yes,no,*.dll | *cegcc*,*lai,yes,no,*.dll) # If a -bindir argument was supplied, place the dll there. if test "x$bindir" != x ; then func_relative_path "$install_libdir" "$bindir" tdlname=$func_relative_path_result$dlname else # Otherwise fall back on heuristic. tdlname=../bin/$dlname fi ;; esac $ECHO > $output "\ # $outputname - a libtool library file # Generated by $PROGRAM (GNU $PACKAGE$TIMESTAMP) $VERSION # # Please DO NOT delete this file! # It is necessary for linking the library. # The name that we can dlopen(3). dlname='$tdlname' # Names of this library. library_names='$library_names' # The name of the static archive. old_library='$old_library' # Linker flags that can not go in dependency_libs. inherited_linker_flags='$new_inherited_linker_flags' # Libraries that this one depends upon. dependency_libs='$dependency_libs' # Names of additional weak libraries provided by this library weak_library_names='$weak_libs' # Version information for $libname. current=$current age=$age revision=$revision # Is this an already installed library? installed=$installed # Should we warn about portability when linking against -modules? shouldnotlink=$module # Files to dlopen/dlpreopen dlopen='$dlfiles' dlpreopen='$dlprefiles' # Directory that this library needs to be installed in: libdir='$install_libdir'" if test "$installed" = no && test "$need_relink" = yes; then $ECHO >> $output "\ relink_command=\"$relink_command\"" fi done } # Do a symbolic link so that the libtool archive can be found in # LD_LIBRARY_PATH before the program is installed. func_show_eval '( cd "$output_objdir" && $RM "$outputname" && $LN_S "../$outputname" "$outputname" )' 'exit $?' ;; esac exit $EXIT_SUCCESS } { test "$opt_mode" = link || test "$opt_mode" = relink; } && func_mode_link ${1+"$@"} # func_mode_uninstall arg... func_mode_uninstall () { $opt_debug RM="$nonopt" files= rmforce= exit_status=0 # This variable tells wrapper scripts just to set variables rather # than running their programs. libtool_install_magic="$magic" for arg do case $arg in -f) func_append RM " $arg"; rmforce=yes ;; -*) func_append RM " $arg" ;; *) func_append files " $arg" ;; esac done test -z "$RM" && \ func_fatal_help "you must specify an RM program" rmdirs= for file in $files; do func_dirname "$file" "" "." dir="$func_dirname_result" if test "X$dir" = X.; then odir="$objdir" else odir="$dir/$objdir" fi func_basename "$file" name="$func_basename_result" test "$opt_mode" = uninstall && odir="$dir" # Remember odir for removal later, being careful to avoid duplicates if test "$opt_mode" = clean; then case " $rmdirs " in *" $odir "*) ;; *) func_append rmdirs " $odir" ;; esac fi # Don't error if the file doesn't exist and rm -f was used. if { test -L "$file"; } >/dev/null 2>&1 || { test -h "$file"; } >/dev/null 2>&1 || test -f "$file"; then : elif test -d "$file"; then exit_status=1 continue elif test "$rmforce" = yes; then continue fi rmfiles="$file" case $name in *.la) # Possibly a libtool archive, so verify it. if func_lalib_p "$file"; then func_source $dir/$name # Delete the libtool libraries and symlinks. for n in $library_names; do func_append rmfiles " $odir/$n" done test -n "$old_library" && func_append rmfiles " $odir/$old_library" case "$opt_mode" in clean) case " $library_names " in *" $dlname "*) ;; *) test -n "$dlname" && func_append rmfiles " $odir/$dlname" ;; esac test -n "$libdir" && func_append rmfiles " $odir/$name $odir/${name}i" ;; uninstall) if test -n "$library_names"; then # Do each command in the postuninstall commands. func_execute_cmds "$postuninstall_cmds" 'test "$rmforce" = yes || exit_status=1' fi if test -n "$old_library"; then # Do each command in the old_postuninstall commands. func_execute_cmds "$old_postuninstall_cmds" 'test "$rmforce" = yes || exit_status=1' fi # FIXME: should reinstall the best remaining shared library. ;; esac fi ;; *.lo) # Possibly a libtool object, so verify it. if func_lalib_p "$file"; then # Read the .lo file func_source $dir/$name # Add PIC object to the list of files to remove. if test -n "$pic_object" && test "$pic_object" != none; then func_append rmfiles " $dir/$pic_object" fi # Add non-PIC object to the list of files to remove. if test -n "$non_pic_object" && test "$non_pic_object" != none; then func_append rmfiles " $dir/$non_pic_object" fi fi ;; *) if test "$opt_mode" = clean ; then noexename=$name case $file in *.exe) func_stripname '' '.exe' "$file" file=$func_stripname_result func_stripname '' '.exe' "$name" noexename=$func_stripname_result # $file with .exe has already been added to rmfiles, # add $file without .exe func_append rmfiles " $file" ;; esac # Do a test to see if this is a libtool program. if func_ltwrapper_p "$file"; then if func_ltwrapper_executable_p "$file"; then func_ltwrapper_scriptname "$file" relink_command= func_source $func_ltwrapper_scriptname_result func_append rmfiles " $func_ltwrapper_scriptname_result" else relink_command= func_source $dir/$noexename fi # note $name still contains .exe if it was in $file originally # as does the version of $file that was added into $rmfiles func_append rmfiles " $odir/$name $odir/${name}S.${objext}" if test "$fast_install" = yes && test -n "$relink_command"; then func_append rmfiles " $odir/lt-$name" fi if test "X$noexename" != "X$name" ; then func_append rmfiles " $odir/lt-${noexename}.c" fi fi fi ;; esac func_show_eval "$RM $rmfiles" 'exit_status=1' done # Try to remove the ${objdir}s in the directories where we deleted files for dir in $rmdirs; do if test -d "$dir"; then func_show_eval "rmdir $dir >/dev/null 2>&1" fi done exit $exit_status } { test "$opt_mode" = uninstall || test "$opt_mode" = clean; } && func_mode_uninstall ${1+"$@"} test -z "$opt_mode" && { help="$generic_help" func_fatal_help "you must specify a MODE" } test -z "$exec_cmd" && \ func_fatal_help "invalid operation mode \`$opt_mode'" if test -n "$exec_cmd"; then eval exec "$exec_cmd" exit $EXIT_FAILURE fi exit $exit_status # The TAGs below are defined such that we never get into a situation # in which we disable both kinds of libraries. Given conflicting # choices, we go for a static library, that is the most portable, # since we can't tell whether shared libraries were disabled because # the user asked for that or because the platform doesn't support # them. This is particularly important on AIX, because we don't # support having both static and shared libraries enabled at the same # time on that platform, so we default to a shared-only configuration. # If a disable-shared tag is given, we'll fallback to a static-only # configuration. But we'll never go from static-only to shared-only. # ### BEGIN LIBTOOL TAG CONFIG: disable-shared build_libtool_libs=no build_old_libs=yes # ### END LIBTOOL TAG CONFIG: disable-shared # ### BEGIN LIBTOOL TAG CONFIG: disable-static build_old_libs=`case $build_libtool_libs in yes) echo no;; *) echo yes;; esac` # ### END LIBTOOL TAG CONFIG: disable-static # Local Variables: # mode:shell-script # sh-indentation:2 # End: # vi:sw=2 myproxy-6.2.16/build-aux/test-driver0000755000175100017510000000761114557142526014370 00000000000000#! /bin/sh # test-driver - basic testsuite driver script. scriptversion=2012-06-27.10; # UTC # Copyright (C) 2011-2013 Free Software Foundation, Inc. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2, or (at your option) # any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under # the same distribution terms that you use for the rest of that program. # This file is maintained in Automake, please report # bugs to or send patches to # . # Make unconditional expansion of undefined variables an error. This # helps a lot in preventing typo-related bugs. set -u usage_error () { echo "$0: $*" >&2 print_usage >&2 exit 2 } print_usage () { cat <$log_file 2>&1 estatus=$? if test $enable_hard_errors = no && test $estatus -eq 99; then estatus=1 fi case $estatus:$expect_failure in 0:yes) col=$red res=XPASS recheck=yes gcopy=yes;; 0:*) col=$grn res=PASS recheck=no gcopy=no;; 77:*) col=$blu res=SKIP recheck=no gcopy=yes;; 99:*) col=$mgn res=ERROR recheck=yes gcopy=yes;; *:yes) col=$lgn res=XFAIL recheck=no gcopy=yes;; *:*) col=$red res=FAIL recheck=yes gcopy=yes;; esac # Report outcome to console. echo "${col}${res}${std}: $test_name" # Register the test result, and other relevant metadata. echo ":test-result: $res" > $trs_file echo ":global-test-result: $res" >> $trs_file echo ":recheck: $recheck" >> $trs_file echo ":copy-in-global-log: $gcopy" >> $trs_file # Local Variables: # mode: shell-script # sh-indentation: 2 # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "scriptversion=" # time-stamp-format: "%:y-%02m-%02d.%02H" # time-stamp-time-zone: "UTC" # time-stamp-end: "; # UTC" # End: myproxy-6.2.16/myproxy.c0000644000175100017510000031463114557142036012172 00000000000000/* * myproxy.c * * See myproxy.h for documentation * */ #include "myproxy_common.h" /* all needed headers included here */ #ifndef MAXPATHLEN #define MAXPATHLEN 4096 #endif /********************************************************************** * * Internal functions * */ static int convert_message(const char *buffer, const char *varname, int flags, char **line); /* Values for convert_message() flags */ #define CONVERT_MESSAGE_NO_FLAGS 0x0000 #define CONVERT_MESSAGE_ALLOW_MULTIPLE 0x0001 #define CONVERT_MESSAGE_DEFAULT_FLAGS CONVERT_MESSAGE_NO_FLAGS #define CONVERT_MESSAGE_KNOWN_FLAGS CONVERT_MESSAGE_ALLOW_MULTIPLE static int parse_command(const char *command_str, myproxy_proto_request_type_t *command_value); /* returns 0 if character not found */ static int findchr (const char *p, const char c) { int i = 0; while (*(p+i) != c && *(p+i) != '\0') i++; return (*(p+i) == '\0')?0:i; } static int countchr (const char *p, const char c) { int i = 0; while (*p != '\0') { if (*p == c) i++; p++; } return i; } static int parse_add_creds (char *response_str, char ***pstrs, int *num_creds) { char *p = response_str; int tmp = 0, len = 0; int idx = 0; int num_entries; char **strs; /* allocate memory for a string-list, returned to caller */ num_entries = countchr(response_str, ',') + 1; *pstrs = strs = (char **)malloc(num_entries*sizeof(char *)); do { tmp = findchr(p+len, ','); if (tmp == 0) /* last credential name */ { size_t slen; slen = strlen (p+len); strs[idx] = (char *) malloc(slen + 1); if (strncpy (strs[idx], p+len, slen) == NULL) return -1; strs[idx++][slen] = '\0'; } else { strs[idx] = (char *) malloc (tmp + 1); if (strncpy (strs[idx], p+len, tmp) == NULL) return -1; strs[idx++][tmp] = '\0'; } len += (tmp + 1); } while (tmp != 0); assert(num_entries == idx); *num_creds = idx; return 0; } /** * Return the timeout for a socket connection. This function checks * the environment varialbe "MYPROXY_SOCKET_TIMEOUT" and returns that * value if it is non-negative. Otherwise, it returns a default * timeout value of 10 seconds. * * @return The timeout for a socket connection in seconds. Default is 10. */ static int get_socket_timeout(void) { int retval = 10; char *timeoutStr = NULL; int timeout; if (getenv("MYPROXY_SOCKET_TIMEOUT")) { timeoutStr = getenv("MYPROXY_SOCKET_TIMEOUT"); timeout = atoi(timeoutStr); if (timeout >= 0) { retval = timeout; } } return(retval); } /** * Check to see if a socket should be bound to a particular port in * a given range. This function checks the environment variables * "MYPROXY_TCP_PORT_RANGE" and "GLOBUS_TCP_PORT_RANGE". If either * is set, then we attempt to "bind" the passed-in socket to a port * in that range. If no port range has been set, or the bind is * successful, return 1. Otherwise return 0. Note that the passed-in * socket is not freed here upon failure. You should do that yourself. * * @param sockfd The previously created socket we want to try to bind * to a port in a given range. * @return 1 if bind of socket to a port is successful or if no port * range environment variable was specified. 0 otherwise. */ static int check_port_range(int sockfd, struct sockaddr *addr) { int retval = 1; /* Assume success; 0 is failure */ char *port_range; unsigned short port = 0, min_port = 0, max_port = 0; char *c; struct sockaddr_in sin; #ifdef AF_INET6 struct sockaddr_in6 sin6; #endif if ((port_range = getenv("MYPROXY_TCP_PORT_RANGE")) || (port_range = getenv("GLOBUS_TCP_PORT_RANGE"))) { /* Replace comma in port range with space */ c = strchr(port_range, ','); if (c) { *c = ' '; } if (addr->sa_family == AF_INET) { memcpy(&sin, addr, sizeof(sin)); sin.sin_addr.s_addr = INADDR_ANY; } #ifdef AF_INET6 else if (addr->sa_family == AF_INET6) { memcpy(&sin6, addr, sizeof(sin6)); sin6.sin6_addr = in6addr_any; } #endif else { verror_put_string("unknown IP address type"); return 0; } if (sscanf(port_range, "%hu %hu", &min_port, &max_port) == 2) { int bind_rval = 0; port = min_port; if (addr->sa_family == AF_INET) { sin.sin_port = htons(port); bind_rval = bind(sockfd, (struct sockaddr *)&sin, sizeof(sin)); } #ifdef AF_INET6 else if (addr->sa_family == AF_INET6) { sin6.sin6_port = htons(port); bind_rval = bind(sockfd, (struct sockaddr *)&sin6, sizeof(sin6)); } #endif while (bind_rval < 0) { if (errno != EADDRINUSE) { verror_put_errno(errno); verror_put_string("Error in bind()"); retval = 0; /* bind failed */ break; } else if (port >= max_port) { verror_put_string( "No available ports in range %hu-%hu.", min_port, max_port); retval = 0; /* no available port */ break; } if (addr->sa_family == AF_INET) { sin.sin_port = htons(++port); bind_rval = bind(sockfd, (struct sockaddr *)&sin, sizeof(sin)); } #ifdef AF_INET6 else if (addr->sa_family == AF_INET6) { sin6.sin6_port = htons(++port); bind_rval = bind(sockfd, (struct sockaddr *)&sin6, sizeof(sin6)); } #endif } if (retval == 1) { myproxy_debug("Socket bound to port %hu.\n", port); } } else { verror_put_errno(errno); verror_put_string("Error parsing port range (%s)", port_range); retval = 0; } } return(retval); } /** * Attempt to connect to a given socket with a timeout (defaults to 10 * seconds). This function attemps to duplicate the standard "connect()" * function, however with a timeout for unsuccessful connections (using * "select()"). "get_socket_timeout()" is called to find how long a * socket connection should wait before timing out. Upon successful * connection, 0 is returned. Otherwise -1 is returned. * * @param sockfd A socket file descriptor to connect to. * @param serv_addr a sockaddr struct which has been populated by the * appropriate values for the connection * @param addrlen The size of the serv_addr struct. * @return 0 if successfully connected. -1 otherwise. */ static int connect_with_timeout(int sockfd, const struct sockaddr *serv_addr, socklen_t addrlen) { struct timeval tv; int flags, res; fd_set rset, wset; socklen_t slen; int optval; tv.tv_sec = get_socket_timeout(); tv.tv_usec = 0; /* Set socket to be non-blocking */ if ((flags = fcntl(sockfd, F_GETFL, NULL)) < 0) { return(flags); } flags |= O_NONBLOCK; if ((res = fcntl(sockfd, F_SETFL, flags)) < 0) { return(res); } /* Try to connect to socket with a timeout */ res = connect(sockfd, (struct sockaddr *)serv_addr, addrlen); if (res < 0) { /* Couldn't connect right away, try select() */ if (errno == EINPROGRESS) { /* connect in progress, now try select */ do { FD_ZERO(&rset); FD_SET(sockfd,&rset); wset = rset; res = select(sockfd + 1, &rset, &wset, NULL, &tv); if (res < 0) { if (errno != EINTR) { /* Error connecting */ return(res); } } else if (res > 0) { /* Socket selected for write */ slen = sizeof(int); if (getsockopt(sockfd, SOL_SOCKET, SO_ERROR, (void*)(&optval), &slen) < 0) { return(-1); } if (optval) { /* Error in delayed connection */ errno = optval; return(-1); } break; /* out of do...while loop - good so far*/ } else { /* res == 0 -> timeout in select() */ errno = ETIMEDOUT; return(-1); } } while (1); } else { return(-1); } } /* Made it this far -> success. Set socket to blocking mode again. */ if ((flags = fcntl(sockfd, F_GETFL, NULL)) < 0) { return(flags); } flags &= (~O_NONBLOCK); if ((res = fcntl(sockfd, F_SETFL, flags)) < 0) { return(res); } return(0); } /** * Attempt to connect a socket to a specific host/port. * This function attempts to connect a socket * (with a timeout) to a given host:port. If the host is given as a * FQDN which resolves to multiple IPs, we loop through the IPs until we * have successfully connected or we cannot find a valid IP to connect to. * * @param host The FQDN of a host to attempt to connect to. * @param port The port to connect to. * @return socket descriptor upon successful connection, -1 otherwise */ static int connect_socket_to_host(char *host, int port) { struct addrinfo hints, *res, *ressave; char service[6]; int sockfd = -1; int n; memset(&hints, 0, sizeof(struct addrinfo)); hints.ai_family = AF_UNSPEC; hints.ai_socktype = SOCK_STREAM; snprintf(service, 6, "%d", port); n = getaddrinfo(host, service, &hints, &res); if (n < 0) { verror_put_string("Unknown host \"%s\"\n", host); return(-1); } ressave = res; while (res) { sockfd = socket(res->ai_family, res->ai_socktype, res->ai_protocol); if (!(sockfd < 0)) { if (check_port_range(sockfd, res->ai_addr)) { char straddr[INET6_ADDRSTRLEN]; getnameinfo(res->ai_addr, res->ai_addrlen, straddr, sizeof(straddr), NULL, 0, NI_NUMERICHOST); myproxy_debug("Attempting to connect to %s:%d\n", straddr, port); if (connect_with_timeout(sockfd, res->ai_addr, res->ai_addrlen) < 0) { verror_put_errno(errno); verror_put_string("Unable to connect to %s:%d\n", straddr,port); } else { /* Success! */ break; /* out of while loop */ } } /* check_port_range() */ close(sockfd); sockfd = -1; } res=res->ai_next; } freeaddrinfo(ressave); return(sockfd); } /** * Loop through a list of MyProxy hosts trying to get a connected * socket. This function takes in a list of MyProxy hosts and a port, * and returns a connected socket to one of those hosts. In the process, * the hostlist variable is updated to reflect the single MyProxy host * that was connected to. This is so future procedures know which host * is being used. * * @param hostlist A comma-separated list of MyProxy hosts to try to connect to. * Upon successful connection, this list is overwritten by the single * host which was actually connected to. * @param port The port to try to connect to. */ static int get_connected_myproxy_host_socket(char *hostlist, int port) { int retsock = -1; /* Connected socket to be returned */ char *pshost = NULL; /* Copy of hostlist for strtok */ char *tok; /* Result of strtok(pshost) */ int connected = 0; /* Assume failed connection */ int spec_port = port; /* Assume hostlist is a comma separated list of MyProxy hosts. */ /* Try to create a socket connection to each one until success. */ pshost = strdup(hostlist); tok = strtok(pshost, ","); while (tok != NULL) { char *tok2 = strchr(tok, ':'); if (tok2 != NULL) { /* server-specific port specified */ *tok2 = '\0'; spec_port = strtol(++tok2, (char **)NULL, 10); if (spec_port == 0) { verror_put_errno(errno); verror_put_string("Error determining port (%s) for host %s\n", tok2, tok); if (retsock != -1) { close(retsock); retsock = -1; } break; } } else spec_port = port; retsock = connect_socket_to_host(tok, spec_port); if (retsock >= 0) { /* Success! */ connected = 1; break; /* out of while loop */ } else { /* Failed. Get new socket and try next host */ verror_put_string("Unable to connect to %s\n", tok); } tok = strtok(NULL, ","); /* Try next MyProxy host in the list */ } if (connected) { /* Rewrite hostlist to actual (single) connected host */ strcpy(hostlist,tok); myproxy_debug("Successfully connected to %s:%d\n", hostlist, spec_port); } if (pshost) free(pshost); return retsock; } static const char * encode_command(const myproxy_proto_request_type_t command_value); static int parse_string(const char *str, int *value); static int encode_integer(int value, char *string, int string_len); static int parse_response_type(const char *type_str, myproxy_proto_response_type_t *type_value); static const char * encode_response(myproxy_proto_response_type_t response_value); static int string_to_int(const char *string, int *integer); static char * parse_entry(char *buffer, authorization_data_t *data); static int parse_auth_data(char *buffer, authorization_data_t ***auth_data); /* Values for string_to_int() */ #define STRING_TO_INT_SUCCESS 1 #define STRING_TO_INT_ERROR -1 #define STRING_TO_INT_NONNUMERIC 0 /********************************************************************** * * Exported functions * */ char * myproxy_version(int *major, int *minor, int *micro) { if (major) *major = MYPROXY_VERSION_MAJOR; if (minor) *minor = MYPROXY_VERSION_MINOR; if (micro) *micro = MYPROXY_VERSION_MICRO; return MYPROXY_VERSION_DATE; } int myproxy_check_version_ex(int major, int minor, int micro) { if (major != MYPROXY_VERSION_MAJOR) return 1; if (minor != MYPROXY_VERSION_MINOR) return 2; if (micro != MYPROXY_VERSION_MICRO) return 3; return 0; } int myproxy_bootstrap_trust(myproxy_socket_attrs_t *attrs) { char *cert_dir = NULL, *tmp_cert_dir = NULL, *work_dir = NULL; int return_value = -1; BIO *sbio = 0; SSL_CTX *ctx = 0; SSL *ssl = 0; STACK_OF(X509) *sk = 0; int i; char buf[BUFSIZ], buf2[BUFSIZ]; int sockfd = -1; mode_t prev_umask = 0; X509 *x; myproxy_log("Bootstrapping MyProxy server root of trust."); globus_module_activate(GLOBUS_GSI_PROXY_MODULE); globus_module_activate(GLOBUS_GSI_CREDENTIAL_MODULE); globus_module_activate(GLOBUS_GSI_CERT_UTILS_MODULE); SSL_load_error_strings(); OpenSSL_add_ssl_algorithms(); /* make writable only by user */ prev_umask = umask(S_IWGRP|S_IWOTH); /* initialize X509_CERT_DIR */ cert_dir = get_trusted_certs_path(); if (!cert_dir) { goto error; } if (access(cert_dir, X_OK) == 0) { myproxy_debug("%s exists. Updating.", cert_dir); work_dir = cert_dir; } else { /* create temporary directory for atomic bootstrap */ tmp_cert_dir = strdup(cert_dir); if (tmp_cert_dir[strlen(tmp_cert_dir) - 1] == '/') { tmp_cert_dir[strlen(tmp_cert_dir) - 1] = '\0'; } snprintf(buf, BUFSIZ, ".%d/", getpid()); if (my_append(&tmp_cert_dir, buf, NULL) == -1) { goto error; } if (make_path(tmp_cert_dir) == -1) { goto error; } work_dir = tmp_cert_dir; } /* get trust root(s) from the myproxy-server */ #if (OPENSSL_VERSION_NUMBER >= 0x10100000L) ctx = SSL_CTX_new(TLS_client_method()); SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION); #else ctx = SSL_CTX_new(SSLv23_client_method()); /* No longer setting SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS since it seemed * like a stop-gap measure to interoperate with broken SSL */ SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3); #endif if (!(sbio = BIO_new_ssl(ctx, 1))) goto error; if ( (sockfd = get_connected_myproxy_host_socket( attrs->pshost, attrs->psport) ) < 0) { goto error; } BIO_get_ssl(sbio, &ssl); SSL_set_fd(ssl, sockfd); if (BIO_do_handshake(sbio) <= 0) goto error; if (BIO_write(sbio, "0", 1) < 1) goto error; /* GSI deleg flag */ sk=SSL_get_peer_cert_chain(ssl); x = sk_X509_value(sk,0); /* start with EEC */ for (i = 1; i < sk_X509_num(sk); i++) { X509 *xp; BIO *certbio, *policybio; unsigned long hash; char path[MAXPATHLEN], tmppath[MAXPATHLEN]; xp = x; x = sk_X509_value(sk,i); hash = X509_subject_name_hash(x); snprintf(path, MAXPATHLEN, "%s%08lx.0", work_dir, hash); snprintf(tmppath, MAXPATHLEN, "%s.tmp", path); certbio = BIO_new_file(tmppath, "w"); if (!certbio) { verror_put_string("failed to open %s", tmppath); goto error; } PEM_write_bio_X509(certbio,x); BIO_free(certbio); if (rename(tmppath, path) < 0) { /* atomic update */ verror_put_errno(errno); verror_put_string("Unable to rename %s to %s\n", tmppath, path); goto error; } myproxy_debug("renamed %s to %s", tmppath, path); myproxy_debug("wrote trusted certificate to %s", path); snprintf(path, MAXPATHLEN, "%s%08lx.signing_policy", work_dir, hash); snprintf(tmppath, MAXPATHLEN, "%s.tmp", path); policybio = BIO_new_file(tmppath, "w"); if (!policybio) { verror_put_string("failed to open %s", tmppath); goto error; } X509_NAME_oneline(X509_get_subject_name(x),buf,sizeof buf); X509_NAME_oneline(X509_get_subject_name(xp),buf2,sizeof buf2); BIO_printf(policybio, "access_id_CA X509 '%s'\npos_rights globus CA:sign\ncond_subjects globus '\"%s\"'\n", buf, buf2); BIO_free(policybio); if (rename(tmppath, path) < 0) { /* atomic update */ verror_put_errno(errno); verror_put_string("Unable to rename %s to %s\n", tmppath, path); goto error; } myproxy_debug("renamed %s to %s", tmppath, path); myproxy_debug("wrote trusted certificate policy to %s", path); if (i == 1) { myproxy_log("New trusted MyProxy server: %s", buf2, hash); } myproxy_log("New trusted CA (%08lx.0): %s", hash, buf); } if (tmp_cert_dir) { /* commit the bootstrapped directory. */ if (rename(tmp_cert_dir, cert_dir) < 0) { verror_put_errno(errno); verror_put_string("Unable to rename %s to %s\n", tmp_cert_dir, cert_dir); goto error; } myproxy_debug("renamed %s to %s", tmp_cert_dir, cert_dir); } return_value = 0; /* success */ error: if (ctx) { SSL_CTX_free(ctx); } if (sbio) { BIO_free_all(sbio); } if (return_value) { ssl_error_to_verror(); myproxy_log("trust root bootstrap failed"); myproxy_log_verror(); if (cert_dir) rmdir(cert_dir); } if (cert_dir) free(cert_dir); if (tmp_cert_dir) free(tmp_cert_dir); if (prev_umask) umask(prev_umask); /* restore umask */ return return_value; } int myproxy_bootstrap_client(myproxy_socket_attrs_t *socket_attrs, int bootstrap_if_no_cert_dir, int bootstrap_even_if_cert_dir_exists) { int return_value = -1; /* Bootstrap trusted certificate directory if none exists. */ if (bootstrap_if_no_cert_dir) { char *cert_dir = NULL; globus_result_t res; globus_module_activate(GLOBUS_GSI_CERT_UTILS_MODULE); res = GLOBUS_GSI_SYSCONFIG_GET_CERT_DIR(&cert_dir); if (res != GLOBUS_SUCCESS) { globus_object_free(globus_error_get(res)); if (myproxy_bootstrap_trust(socket_attrs) < 0) { goto cleanup; } } if (cert_dir) free(cert_dir); } /* Connect to server. */ if (myproxy_init_client(socket_attrs) < 0) { goto cleanup; } /* Attempt anonymous-mode credential retrieval if we don't have a credential. */ GSI_SOCKET_allow_anonymous(socket_attrs->gsi_socket, 1); /* Authenticate client to server */ if (myproxy_authenticate_init(socket_attrs, NULL) < 0) { if (bootstrap_if_no_cert_dir && strstr(verror_get_string(), "CRL") != NULL) { myproxy_log("CRL error detected. Attempting to recover."); switch (myproxy_clean_crls()) { case -1: verror_print_error(stderr); case 0: goto cleanup; } verror_clear(); } else if (bootstrap_if_no_cert_dir && strstr(verror_get_string(), "Can't get the local trusted CA certificate") != NULL) { if (bootstrap_even_if_cert_dir_exists) { if (myproxy_bootstrap_trust(socket_attrs) < 0) { goto cleanup; } verror_clear(); } else { verror_put_string("The CA that signed the myproxy-server's certificate is untrusted."); verror_put_string("If you want to trust the CA, re-run with the -b option."); goto cleanup; } } else if (GSI_SOCKET_check_creds(socket_attrs->gsi_socket) == GSI_SOCKET_SUCCESS) { /* If we tried with credentials and failed, then try again with anonymous authentication. */ myproxy_debug("%s", verror_get_string()); myproxy_debug("Certificate authentication error. Trying anonymous."); verror_clear(); GSI_SOCKET_use_creds(socket_attrs->gsi_socket, "/dev/null"); } else { goto cleanup; /* can't recover, so don't re-try */ } /* Try again after recovery attempt... */ if (myproxy_init_client(socket_attrs) < 0) { goto cleanup; } GSI_SOCKET_allow_anonymous(socket_attrs->gsi_socket, 1); if (myproxy_authenticate_init(socket_attrs, NULL) < 0) { goto cleanup; } } return_value = 0; /* success */ cleanup: return return_value; } int myproxy_init_client(myproxy_socket_attrs_t *attrs) { myproxy_debug("MyProxy %s", myproxy_version(0,0,0)); assert(attrs); if (attrs->gsi_socket) { GSI_SOCKET_destroy(attrs->gsi_socket); attrs->gsi_socket = NULL; close(attrs->socket_fd); } attrs->socket_fd = -1; attrs->socket_fd = get_connected_myproxy_host_socket( attrs->pshost, attrs->psport); /* If we got a good socket, allocate a GSI_SOCKET as well */ if (attrs->socket_fd >= 0) { attrs->gsi_socket = GSI_SOCKET_new(attrs->socket_fd); if (attrs->gsi_socket == NULL) { /* Problem with GSI_SOCKET_new, close the 'normal' socket */ verror_put_string("GSI_SOCKET_new()\n"); close(attrs->socket_fd); attrs->socket_fd = -1; } else { /* Everything is good! Clear out the error string. */ verror_clear(); } } return attrs->socket_fd; } /* Returns 0 if old checks should be performed or non-zero if new checks should be performed. */ static int new_server_identity_check_behavior_needed() { char *compat = NULL; compat = getenv("GLOBUS_GSSAPI_NAME_COMPATIBILITY"); if (compat == NULL || strcmp(compat, "STRICT_RFC2818")) { return 0; /* Perform old checks */ } else { return 1; /* Perform new checks */ } } int myproxy_authenticate_init(myproxy_socket_attrs_t *attrs, const char *proxyfile) { char error_string[1024]; char peer_name[1024] = ""; gss_name_t accepted_peer_names[3] = { 0 }; char *server_dn; int rval, return_value = -1; assert(attrs); if (GSI_SOCKET_use_creds(attrs->gsi_socket, proxyfile) == GSI_SOCKET_ERROR) { GSI_SOCKET_get_error_string(attrs->gsi_socket, error_string, sizeof(error_string)); verror_put_string("Error setting credentials to use: %s\n", error_string); goto error; } /* * What identity to we expect the server to have? */ server_dn = getenv("MYPROXY_SERVER_DN"); if (server_dn) { gss_buffer_desc server_dn_buffer; gss_buffer_desc status_buffer; OM_uint32 major_status, minor_status; myproxy_debug("Expecting non-standard server DN \"%s\"\n", server_dn); server_dn_buffer.length = strlen(server_dn); server_dn_buffer.value = server_dn; major_status = gss_import_name( &minor_status, &server_dn_buffer, GSS_C_NO_OID, &accepted_peer_names[0]); if (major_status != GSS_S_COMPLETE) { OM_uint32 stmin; major_status = gss_display_status(&stmin, minor_status, GSS_C_MECH_CODE, GSS_C_NO_OID, NULL, &status_buffer); if (major_status == GSS_S_COMPLETE) { verror_put_string("Error getting name of remote party: %s\n", status_buffer.value); gss_release_buffer(&minor_status, &status_buffer); } else { verror_put_string("Error getting name of remote party"); } } } else { char *fqhn; if (new_server_identity_check_behavior_needed()) { OM_uint32 major_status, minor_status; gss_buffer_desc hostip; static gss_OID_desc gss_nt_host_ip_oid = { 10, "\x2b\x06\x01\x04\x01\x9b\x50\x01\x01\x02" }; gss_OID_desc * gss_nt_host_ip = &gss_nt_host_ip_oid; hostip.value = strdup(attrs->pshost); if (hostip.value == NULL) { verror_put_string("Error getting name of remote party: %s\n", strerror(errno)); goto error; } hostip.length = strlen(hostip.value); major_status = gss_import_name( &minor_status, &hostip, gss_nt_host_ip, &accepted_peer_names[0]); free(hostip.value); if (GSS_ERROR(major_status)) { OM_uint32 msg_context = 0; OM_uint32 local_major_status, local_minor_status; gss_buffer_desc status_string = {0}; local_major_status = gss_display_status( &local_minor_status, minor_status, GSS_C_MECH_CODE, GSS_C_NO_OID, &msg_context, &status_string); if (!GSS_ERROR(local_major_status)) { verror_put_string("%.*s", (int) status_string.length, status_string.value); gss_release_buffer(&local_minor_status, &status_string); } else { verror_put_string( "Error getting name of remote party: GSSAPI ERROR %d\n", (int) major_status); } goto error; } } else { /* old way */ gss_buffer_desc name_buf; const char *services[] = { "myproxy", "host" }; int s; OM_uint32 major_status, minor_status; fqhn = GSI_SOCKET_get_peer_hostname(attrs->gsi_socket); if (!fqhn) { GSI_SOCKET_get_error_string(attrs->gsi_socket, error_string, sizeof(error_string)); verror_put_string("Error getting name of remote party: %s\n", error_string); goto error; } for (s = 0; s < (sizeof services)/(sizeof *services); s++) { name_buf.value = globus_common_create_string("%s@%s", services[s], fqhn); name_buf.length = strlen(name_buf.value); major_status = gss_import_name( &minor_status, &name_buf, GSS_C_NT_HOSTBASED_SERVICE, &accepted_peer_names[s]); } free(fqhn); } } rval = GSI_SOCKET_authentication_init(attrs->gsi_socket, accepted_peer_names); if (rval == GSI_SOCKET_UNAUTHORIZED) { /* This is a common error. Send the GSI errors to debug and return a more friendly error message in verror(). */ GSI_SOCKET_get_error_string(attrs->gsi_socket, error_string, sizeof(error_string)); myproxy_debug("Error authenticating: %s\n", error_string); GSI_SOCKET_get_peer_name(attrs->gsi_socket, peer_name, sizeof(peer_name)); if (server_dn) { verror_put_string("Server authorization failed. Server identity\n" "(%s)\ndoes not match $MYPROXY_SERVER_DN\n" "(%s).\nIf the server identity is acceptable, " "set\nMYPROXY_SERVER_DN=\"%s\"\n" "and try again.\n", peer_name, server_dn, peer_name); } else { verror_put_string("Server authorization failed. Server identity " "does not match expected identity.\n" "If the server identity is acceptable, " "set\nMYPROXY_SERVER_DN=\"%s\"\n" "and try again.\n", peer_name); } goto error; } else if (rval == GSI_SOCKET_ERROR) { GSI_SOCKET_get_error_string(attrs->gsi_socket, error_string, sizeof(error_string)); verror_put_string("Error authenticating: %s\n", error_string); goto error; } return_value = 0; error: if (accepted_peer_names[0]) free(accepted_peer_names[0]); if (accepted_peer_names[1]) free(accepted_peer_names[1]); if (accepted_peer_names[2]) free(accepted_peer_names[2]); return return_value; } int myproxy_authenticate_accept_fqans(myproxy_socket_attrs_t *attrs, char *client_name, const int namelen, char ***fqans) { char error_string[1024]; assert(client_name != NULL); assert(attrs); if (GSI_SOCKET_authentication_accept(attrs->gsi_socket) == GSI_SOCKET_ERROR) { GSI_SOCKET_get_error_string(attrs->gsi_socket, error_string, sizeof(error_string)); verror_put_string("Error authenticating client: %s\n", error_string); return -1; } if (GSI_SOCKET_get_peer_name(attrs->gsi_socket, client_name, namelen) == GSI_SOCKET_ERROR) { GSI_SOCKET_get_error_string(attrs->gsi_socket, error_string, sizeof(error_string)); verror_put_string("Error getting client name: %s\n", error_string); return -1; } if (fqans && strcmp(client_name, "") && (GSI_SOCKET_get_peer_fqans(attrs->gsi_socket, fqans) == GSI_SOCKET_ERROR)) { GSI_SOCKET_get_error_string(attrs->gsi_socket, error_string, sizeof(error_string)); myproxy_debug("No client VOMS attributes (%s). Continuing without attributes support.\n", error_string); } return 0; } int myproxy_authenticate_accept(myproxy_socket_attrs_t *attrs, char *client_name, const int namelen) { return myproxy_authenticate_accept_fqans(attrs, client_name, namelen, NULL); } int myproxy_init_delegation(myproxy_socket_attrs_t *attrs, const char *delegfile, const int lifetime, char *passphrase) { char error_string[1024]; if (attrs == NULL) return -1; if (GSI_SOCKET_delegation_init_ext(attrs->gsi_socket, delegfile, lifetime, passphrase) == GSI_SOCKET_ERROR) { GSI_SOCKET_get_error_string(attrs->gsi_socket, error_string, sizeof(error_string)); verror_put_string("Error delegating credentials: %s\n", error_string); return -1; } return 0; } int myproxy_accept_delegation(myproxy_socket_attrs_t *attrs, char *data, const int datalen, char *passphrase) { char error_string[1024]; assert(attrs); assert(data != NULL); if (GSI_SOCKET_delegation_accept_ext(attrs->gsi_socket, data, datalen, passphrase) == GSI_SOCKET_ERROR) { GSI_SOCKET_get_error_string(attrs->gsi_socket, error_string, sizeof(error_string)); verror_put_string("Error accepting delegated credentials: %s\n", error_string); return -1; } return 0; } int myproxy_accept_delegation_ex(myproxy_socket_attrs_t *attrs, char **credentials, int *credential_len, char *passphrase) { char error_string[1024]; assert(attrs); assert(credentials != NULL); if (GSI_SOCKET_delegation_accept(attrs->gsi_socket, (unsigned char **)credentials, credential_len, passphrase) == GSI_SOCKET_ERROR) { GSI_SOCKET_get_error_string(attrs->gsi_socket, error_string, sizeof(error_string)); verror_put_string("Error accepting delegated credentials: %s\n", error_string); return -1; } return 0; } int myproxy_request_cert(myproxy_socket_attrs_t *attrs, char *certreq, char **credentials, int *credential_len) { assert(attrs); assert(certreq); GSI_SOCKET_delegation_set_certreq(attrs->gsi_socket, certreq); return myproxy_accept_delegation_ex(attrs, credentials, credential_len, NULL); } int myproxy_serialize_request(const myproxy_request_t *request, char *data, const int datalen) { int len; char *buf = NULL; assert(data != NULL); assert(datalen > 0); len = myproxy_serialize_request_ex(request, &buf); if (len <= 0) { if (buf) free(buf); return len; } if (len >= datalen) { verror_put_string("Buffer size exceeded in myproxy_serialize_request()."); if (buf) free(buf); return -1; } memcpy(data, buf, len); free(buf); return len; } int myproxy_serialize_request_ex(const myproxy_request_t *request, char **data) { int len; char lifetime_string[64]; const char *command_string; assert(data != NULL); if (*data) (*data)[0] = '\0'; /* version */ len = my_append(data, MYPROXY_VERSION_STRING, request->version, "\n", NULL); if (len < 0) return -1; /* command type */ command_string = encode_command((myproxy_proto_request_type_t)request->command_type); if (command_string == NULL) { return -1; } len = my_append(data, MYPROXY_COMMAND_STRING, command_string, "\n", NULL); if (len < 0) return -1; /* username */ len = my_append(data, MYPROXY_USERNAME_STRING, request->username, "\n", NULL); if (len < 0) return -1; /* passphrase */ len = my_append(data, MYPROXY_PASSPHRASE_STRING, request->passphrase, "\n", NULL); if (len < 0) return -1; /* new passphrase */ if (request->new_passphrase[0]!= '\0') { len = my_append(data, MYPROXY_NEW_PASSPHRASE_STRING, request->new_passphrase, "\n", NULL); if (len < 0) return -1; } /* lifetime */ if (encode_integer(request->proxy_lifetime, lifetime_string, sizeof(lifetime_string)) == -1) { return -1; } len = my_append(data, MYPROXY_LIFETIME_STRING, lifetime_string, "\n", NULL); if (len < 0) return -1; /* retrievers */ if (request->retrievers != NULL) { len = my_append(data, MYPROXY_RETRIEVER_STRING, request->retrievers, "\n", NULL); if (len < 0) return -1; } /* renewers */ if (request->renewers != NULL) { len = my_append(data, MYPROXY_RENEWER_STRING, request->renewers, "\n", NULL); if (len < 0) return -1; } /* credential name */ if (request->credname!= NULL) { char *buf = strdup (request->credname); strip_char (buf, '\n'); len = my_append(data, MYPROXY_CRED_PREFIX, "_", MYPROXY_CRED_NAME_STRING, buf, "\n", NULL); free(buf); if (len < 0) return -1; } /* credential description */ if (request->creddesc != NULL) { char *buf = strdup (request->creddesc); strip_char (buf, '\n'); len = my_append(data, MYPROXY_CRED_PREFIX, "_", MYPROXY_CRED_DESC_STRING, buf, "\n", NULL); free(buf); if (len < 0) return -1; } /* key retrievers */ if (request->keyretrieve != NULL) { len = my_append(data, MYPROXY_KEY_RETRIEVER_STRING, request->keyretrieve, "\n", NULL); if (len < 0) return -1; } /* trusted retrievers */ if (request->trusted_retrievers != NULL) { len = my_append(data, MYPROXY_TRUSTED_RETRIEVER_STRING, request->trusted_retrievers, "\n", NULL); if (len < 0) return -1; } /* trusted root certificates */ if (request->want_trusted_certs) { myproxy_debug("requesting trusted certificates download"); len = my_append(data, MYPROXY_TRUSTED_CERTS_STRING, "1", "\n", NULL); if (len < 0) return -1; } /* voname */ if (request->voname) { char *tok = NULL, *vonameDup = NULL; vonameDup = strdup(request->voname); if (vonameDup == NULL) { return -1; } for (tok = strtok(vonameDup, "\n"); tok != NULL; tok = strtok(NULL, "\n")) { len = my_append(data, MYPROXY_VONAME_STRING, tok, "\n", NULL); if (len < 0) { break; } } if (vonameDup) { free(vonameDup); } if (len < 0) { return -1; } } /* vomses */ if (request->vomses) { char *tok = NULL, *vomsesDup = NULL; vomsesDup = strdup(request->vomses); if (vomsesDup == NULL) { return -1; } for (tok = strtok(vomsesDup, "\n"); tok != NULL; tok = strtok(NULL, "\n")) { len = my_append(data, MYPROXY_VOMSES_STRING, tok, "\n", NULL); if (len < 0) { break; } } if (vomsesDup) { free(vomsesDup); } if (len < 0) { return -1; } } return len + 1; } int myproxy_deserialize_request(const char *data, const int datalen, myproxy_request_t *request) { int len, return_code = -1; char *tmp=NULL, *buf=NULL, *new_data=NULL; assert(request != NULL); assert(data != NULL); /* if the input data isn't null terminated, fix it now. */ if (data[datalen - 1] != '\0') { new_data = malloc(datalen + 1); memcpy(new_data, data, datalen); new_data[datalen] = '\0'; data = new_data; } /* version */ len = convert_message(data, MYPROXY_VERSION_STRING, CONVERT_MESSAGE_DEFAULT_FLAGS, &buf); if (len <= -1) { verror_prepend_string("Error parsing version from client request"); goto error; } request->version = strdup(buf); if (request->version == NULL) { verror_put_errno(errno); goto error; } /* command */ len = convert_message(data, MYPROXY_COMMAND_STRING, CONVERT_MESSAGE_DEFAULT_FLAGS, &buf); if (len <= -1) { verror_prepend_string("Error parsing command from client request"); goto error; } if (parse_command(buf, &request->command_type) == -1) { goto error; } /* username */ len = convert_message(data, MYPROXY_USERNAME_STRING, CONVERT_MESSAGE_DEFAULT_FLAGS, &buf); if (len <= -1) { verror_prepend_string("Error parsing usename from client request"); goto error; } request->username = strdup(buf); if (request->username == NULL) { verror_put_errno(errno); goto error; } /* passphrase */ len = convert_message(data, MYPROXY_PASSPHRASE_STRING, CONVERT_MESSAGE_DEFAULT_FLAGS, &buf); if (len <= -1) { verror_prepend_string("Error parsing passphrase from client request"); goto error; } /* XXX request_passphrase is a static buffer. Why? */ strncpy(request->passphrase, buf, sizeof(request->passphrase) - 1); /* new passphrase (for change passphrase only) */ len = convert_message(data, MYPROXY_NEW_PASSPHRASE_STRING, CONVERT_MESSAGE_DEFAULT_FLAGS, &buf); if (len == -1) { verror_prepend_string("Error parsing passphrase from client request"); goto error; } else if (len == -2) request->new_passphrase[0] = '\0'; else strncpy (request->new_passphrase, buf, sizeof(request->new_passphrase) - 1); /* lifetime */ len = convert_message(data, MYPROXY_LIFETIME_STRING, CONVERT_MESSAGE_DEFAULT_FLAGS, &buf); if (len <= -1) { verror_prepend_string("Error parsing lifetime from client request"); goto error; } if (parse_string(buf, &request->proxy_lifetime) == -1) { goto error; } /* retriever */ len = convert_message(data, MYPROXY_RETRIEVER_STRING, CONVERT_MESSAGE_DEFAULT_FLAGS, &buf); if (len == -2) /*-2 indicates string not found*/ request->retrievers = NULL; else if (len <= -1) { verror_prepend_string("Error parsing retriever from client request"); goto error; } else { request->retrievers = strdup(buf); if (request->retrievers == NULL) { verror_put_errno(errno); goto error; } } /* renewer */ len = convert_message(data, MYPROXY_RENEWER_STRING, CONVERT_MESSAGE_DEFAULT_FLAGS, &buf); if (len == -2) /*-2 indicates string not found*/ request->renewers = NULL; else if (len <= -1) { verror_prepend_string("Error parsing renewer from client request"); goto error; } else { request->renewers = strdup(buf); if (request->renewers == NULL) { verror_put_errno(errno); goto error; } } /* credential name */ if (tmp) tmp[0] = '\0'; len = my_append(&tmp, MYPROXY_CRED_PREFIX, "_", MYPROXY_CRED_NAME_STRING, NULL); if (len == -1) { goto error; } len = convert_message(data, tmp, CONVERT_MESSAGE_DEFAULT_FLAGS, &buf); if (len == -2) /*-2 indicates string not found - assign default*/ request->credname = NULL; else if (len <= -1) { verror_prepend_string("Error parsing credential name from client request"); goto error; } else { request->credname = strdup(buf); if (request->credname == NULL) { verror_put_errno(errno); goto error; } } /* credential description */ if (tmp) tmp[0] = '\0'; len = my_append(&tmp, MYPROXY_CRED_PREFIX, "_", MYPROXY_CRED_DESC_STRING, NULL); len = convert_message(data, tmp, CONVERT_MESSAGE_DEFAULT_FLAGS, &buf); if (len == -2) /*-2 indicates string not found*/ request->creddesc = NULL; else if (len <= -1) { verror_prepend_string("Error parsing credential description from client request"); goto error; } else { request->creddesc = strdup(buf); if (request->creddesc == NULL) { verror_put_errno(errno); goto error; } } /* key retriever */ len = convert_message(data, MYPROXY_KEY_RETRIEVER_STRING, CONVERT_MESSAGE_DEFAULT_FLAGS, &buf); if (len == -2) /*-2 indicates string not found*/ request->keyretrieve = NULL; else if (len <= -1) { verror_prepend_string("Error parsing key retriever from client request"); goto error; } else { request->keyretrieve = strdup(buf); if (request->keyretrieve == NULL) { verror_put_errno(errno); goto error; } } /* trusted retriever */ len = convert_message(data, MYPROXY_TRUSTED_RETRIEVER_STRING, CONVERT_MESSAGE_DEFAULT_FLAGS, &buf); if (len == -2) /*-2 indicates string not found*/ request->trusted_retrievers = NULL; else if (len <= -1) { verror_prepend_string("Error parsing trusted retrievers from client request"); goto error; } else { request->trusted_retrievers = strdup(buf); if (request->trusted_retrievers == NULL) { verror_put_errno(errno); goto error; } } /* trusted root certificates */ len = convert_message(data, MYPROXY_TRUSTED_CERTS_STRING, CONVERT_MESSAGE_DEFAULT_FLAGS, &buf); if (len == -2) /*-2 indicates string not found*/ request->want_trusted_certs = 0; else if (len <= -1) { verror_prepend_string("Error parsing TRUSTED_CERTS in client request"); goto error; } else { if (string_to_int(buf, &request->want_trusted_certs) != STRING_TO_INT_SUCCESS) { verror_prepend_string("Error parsing TRUSTED_CERTS in client request"); goto error; } } /* voname */ len = convert_message(data, MYPROXY_VONAME_STRING, CONVERT_MESSAGE_ALLOW_MULTIPLE, &buf); if (len == -2) { /* -2 indicates string not found */ request->voname = NULL; } else { if (len <= -1) { verror_prepend_string("Error parsing VONAME in client request"); goto error; } else { request->voname = strdup(buf); if (request->voname == NULL) { verror_put_errno(errno); goto error; } } } /* vomses */ len = convert_message(data, MYPROXY_VOMSES_STRING, CONVERT_MESSAGE_ALLOW_MULTIPLE, &buf); if (len == -2) /* -2 indicates string not found */ request->vomses = NULL; else if (len <= -1) { verror_prepend_string("Error parsing VOMSES in client request"); goto error; } else { request->vomses = strdup(buf); if (request->vomses == NULL) { verror_put_errno(errno); goto error; } } /* Success */ return_code = 0; error: if (tmp) free(tmp); if (buf) free(buf); if (new_data) free(new_data); return return_code; } int myproxy_serialize_response(const myproxy_response_t *response, char *data, const int datalen) { int len; char *buf = NULL; assert(data != NULL); assert(datalen > 0); len = myproxy_serialize_response_ex(response, &buf); if (len <= 0) { if (buf) free(buf); return len; } if (len >= datalen) { verror_put_string("Buffer size exceeded in myproxy_serialize_response()."); if (buf) free(buf); return -1; } memcpy(data, buf, len); free(buf); return len; } int myproxy_serialize_response_ex(const myproxy_response_t *response, char **data) { int len; authorization_data_t **p; const char *response_string; assert(data != NULL); assert(response != NULL); if (*data) (*data)[0] = '\0'; /*Version*/ len = my_append(data, MYPROXY_VERSION_STRING, response->version, "\n", NULL); if (len < 0) return -1; response_string = encode_response((myproxy_proto_response_type_t) response->response_type); /*Response string*/ if (response_string == NULL) { return -1; } len = my_append(data, MYPROXY_RESPONSE_TYPE_STRING, response_string, "\n", NULL); if (len < 0) return -1; /*Authorization data*/ if ((p = response->authorization_data)) { while (*p) { len = my_append(data, MYPROXY_AUTHORIZATION_STRING, authorization_get_name((*p)->method), ":", (*p)->server_data, "\n", NULL); if (len < 0) return -1; p++; } } /* Include credential info in OK response to INFO request */ if (response->response_type == MYPROXY_OK_RESPONSE && response->info_creds) { int first_cred = 1; myproxy_creds_t *cred; char date[40]; for (cred = response->info_creds; cred != NULL; cred = cred->next) { /* Include name on first cred only. Other creds are indexed by name, so there is no need for an additional name field. */ if (cred->credname && first_cred) { len = my_append(data, MYPROXY_CRED_PREFIX, "_", MYPROXY_CRED_NAME_STRING, cred->credname, "\n", NULL); if (len == -1) goto error; } assert(cred->credname || first_cred); if (cred->creddesc) { if (first_cred) { len = my_append(data, MYPROXY_CRED_PREFIX, "_", MYPROXY_CRED_DESC_STRING, cred->creddesc, "\n", NULL); } else { len = my_append(data, MYPROXY_CRED_PREFIX, "_", cred->credname, "_", MYPROXY_CRED_DESC_STRING, cred->creddesc, "\n", NULL); } if (len == -1) goto error; } sprintf(date, "%lu", cred->start_time); if (first_cred) { len = my_append(data, MYPROXY_CRED_PREFIX, "_", MYPROXY_START_TIME_STRING, date, "\n", NULL); } else { len = my_append(data, MYPROXY_CRED_PREFIX, "_", cred->credname, "_", MYPROXY_START_TIME_STRING, date, "\n", NULL); } if (len == -1) goto error; sprintf(date, "%lu", cred->end_time); if (first_cred) { len = my_append(data, MYPROXY_CRED_PREFIX, "_", MYPROXY_END_TIME_STRING, date, "\n", NULL); } else { len = my_append(data, MYPROXY_CRED_PREFIX, "_", cred->credname, "_", MYPROXY_END_TIME_STRING, date, "\n", NULL); } if (len == -1) goto error; if (first_cred) { len = my_append(data, MYPROXY_CRED_PREFIX, "_", MYPROXY_CRED_OWNER_STRING, cred->owner_name, "\n", NULL); } else { len = my_append(data, MYPROXY_CRED_PREFIX, "_", cred->credname, "_", MYPROXY_CRED_OWNER_STRING, cred->owner_name, "\n", NULL); } if (len == -1) goto error; if (cred->retrievers) { if (first_cred) { len = my_append(data, MYPROXY_CRED_PREFIX, "_", MYPROXY_RETRIEVER_STRING, cred->retrievers, "\n", NULL); } else { len = my_append(data, MYPROXY_CRED_PREFIX, "_", cred->credname, "_", MYPROXY_RETRIEVER_STRING, cred->retrievers, "\n", NULL); } if (len == -1) goto error; } if (cred->keyretrieve) { if (first_cred) { len = my_append(data, MYPROXY_CRED_PREFIX, "_", MYPROXY_KEY_RETRIEVER_STRING, cred->keyretrieve, "\n", NULL); } else { len = my_append(data, MYPROXY_CRED_PREFIX, "_", cred->credname, "_", MYPROXY_KEY_RETRIEVER_STRING, cred->keyretrieve, "\n", NULL); } if (len == -1) goto error; } if (cred->trusted_retrievers) { if (first_cred) { len = my_append(data, MYPROXY_CRED_PREFIX, "_", MYPROXY_TRUSTED_RETRIEVER_STRING, cred->trusted_retrievers, "\n", NULL); } else { len = my_append(data, MYPROXY_CRED_PREFIX, "_", cred->credname, "_", MYPROXY_TRUSTED_RETRIEVER_STRING, cred->trusted_retrievers, "\n", NULL); } if (len == -1) goto error; } if (cred->renewers) { if (first_cred) { len = my_append(data, MYPROXY_CRED_PREFIX, "_", MYPROXY_RENEWER_STRING, cred->renewers, "\n", NULL); } else { len = my_append(data, MYPROXY_CRED_PREFIX, "_", cred->credname, "_", MYPROXY_RENEWER_STRING, cred->renewers, "\n", NULL); } if (len == -1) goto error; } if (cred->lockmsg) { char *newline; newline = strchr(cred->lockmsg, '\n'); if (newline) { *newline = '\0'; /* only send first line */ } if (first_cred) { len = my_append(data, MYPROXY_CRED_PREFIX, "_", MYPROXY_LOCKMSG_STRING, cred->lockmsg, "\n", NULL); } else { len = my_append(data, MYPROXY_CRED_PREFIX, "_", cred->credname, "_", MYPROXY_LOCKMSG_STRING, cred->lockmsg, "\n", NULL); } if (newline) { *newline = '\n'; } if (len == -1) goto error; } first_cred = 0; } if (response->info_creds->next) { len = my_append(data, MYPROXY_ADDITIONAL_CREDS_STRING, NULL); if (len < 0) return -1; for (cred = response->info_creds->next; cred != NULL; cred = cred->next) { if (cred->next) { len = my_append(data, cred->credname, "," , NULL); } else { len = my_append(data, cred->credname, NULL); } if (len < 0) return -1; } len = my_append(data, "\n", NULL); if (len < 0) return -1; } } /* Only add error string(s) if necessary */ if (response->response_type == MYPROXY_ERROR_RESPONSE) { char *start, *end; /* send each line individually */ for (start = response->error_string; (end = strchr(start, '\n')) != NULL; start = end + 1) { *end = '\0'; len = my_append(data, MYPROXY_ERROR_STRING, start, "\n", NULL); if (len < 0) return -1; } /* send the last line */ if (start[0] != '\0') { len = my_append(data, MYPROXY_ERROR_STRING, start, "\n", NULL); if (len < 0) return -1; } } /* Include trusted certificates */ if (response->trusted_certs) { myproxy_certs_t *cert; len = my_append(data, MYPROXY_TRUSTED_CERTS_STRING, NULL); if (len < 0) return -1; for (cert = response->trusted_certs; cert; cert = cert->next) { if (strchr(cert->filename, ',')) { myproxy_log("skipping trusted cert w/ filename containing ',': %s", cert->filename); continue; } if (cert->next) { len = my_append(data, cert->filename, "," , NULL); } else { len = my_append(data, cert->filename, NULL); } if (len < 0) return -1; } len = my_append(data, "\n", NULL); if (len < 0) return -1; for (cert = response->trusted_certs; cert; cert = cert->next) { char *b64data; if (b64_encode(cert->contents, cert->size, &b64data) < 0) { goto error; } /* myproxy_debug("got b64:\n%s\n", b64data); */ len = my_append(data, MYPROXY_FILEDATA_PREFIX, "_", cert->filename, "=", b64data, "\n", NULL); free(b64data); if (len < 0) return -1; } } /* myproxy_debug("sending %s\n", data); */ return len + 1; error: return -1; } int myproxy_deserialize_response(myproxy_response_t *response, const char *data, const int datalen) { int len, return_code = -1; int value, i, num_creds; char *tmp=NULL, *buf=NULL, *new_data=NULL; assert(response != NULL); assert(data != NULL); /* if the input data isn't null terminated, fix it now. */ if (data[datalen - 1] != '\0') { new_data = malloc(datalen + 1); memcpy(new_data, data, datalen); new_data[datalen] = '\0'; data = new_data; } if (response->authorization_data) { free(response->authorization_data); response->authorization_data = NULL; } /* myproxy_debug("received %s\n", data); */ len = convert_message(data, MYPROXY_VERSION_STRING, CONVERT_MESSAGE_DEFAULT_FLAGS, &buf); if (len < 0) { goto error; } if (response->version) { free(response->version); } response->version = strdup(buf); if (response->version == NULL) { verror_put_errno(errno); goto error; } len = convert_message(data, MYPROXY_RESPONSE_TYPE_STRING, CONVERT_MESSAGE_DEFAULT_FLAGS, &buf); if (len < 0) { goto error; } if (parse_response_type(buf, &response->response_type) == -1) { goto error; } if (response->response_type == MYPROXY_ERROR_RESPONSE) { /* It's ok if ERROR not present */ response->error_string = 0; len = convert_message(data, MYPROXY_ERROR_STRING, CONVERT_MESSAGE_ALLOW_MULTIPLE, &response->error_string); return_code = 0; goto error; } /* Parse any cred info in response */ /* start time */ if (tmp) tmp[0] = '\0'; len = my_append(&tmp, MYPROXY_CRED_PREFIX, "_", MYPROXY_START_TIME_STRING, NULL); if (len < 0) goto error; len = convert_message(data, tmp, CONVERT_MESSAGE_DEFAULT_FLAGS, &buf); if (len == -1) goto error; if (len > 0) { /* credential info present */ response->info_creds = malloc(sizeof(struct myproxy_creds)); memset(response->info_creds, 0, sizeof(struct myproxy_creds)); switch(string_to_int(buf, &value)) { case STRING_TO_INT_SUCCESS: response->info_creds->start_time = value; break; case STRING_TO_INT_NONNUMERIC: verror_put_string("Non-numeric characters in CRED_START_TIME \"%s\"", buf); goto error; case STRING_TO_INT_ERROR: goto error; } if (tmp) tmp[0] = '\0'; len = my_append(&tmp, MYPROXY_CRED_PREFIX, "_", MYPROXY_END_TIME_STRING, NULL); if (len < 0) goto error; len = convert_message(data, tmp, CONVERT_MESSAGE_DEFAULT_FLAGS, &buf); if (len > 0) { switch(string_to_int(buf, &value)) { case STRING_TO_INT_SUCCESS: response->info_creds->end_time = value; break; case STRING_TO_INT_NONNUMERIC: verror_put_string("Non-numeric characters in CRED_END_TIME \"%s\"", buf); goto error; case STRING_TO_INT_ERROR: goto error; } } if (tmp) tmp[0] = '\0'; len = my_append(&tmp, MYPROXY_CRED_PREFIX, "_", MYPROXY_CRED_NAME_STRING, NULL); if (len < 0) goto error; len = convert_message(data, tmp, CONVERT_MESSAGE_DEFAULT_FLAGS, &buf); if (len == -1) goto error; if (len > 0) response->info_creds->credname = strdup(buf); if (tmp) tmp[0] = '\0'; len = my_append(&tmp, MYPROXY_CRED_PREFIX, "_", MYPROXY_CRED_DESC_STRING, NULL); if (len < 0) goto error; len = convert_message(data, tmp, CONVERT_MESSAGE_DEFAULT_FLAGS, &buf); if (len == -1) goto error; if (len > 0) response->info_creds->creddesc = strdup(buf); if (tmp) tmp[0] = '\0'; len = my_append(&tmp, MYPROXY_CRED_PREFIX, "_", MYPROXY_CRED_OWNER_STRING, NULL); if (len < 0) goto error; len = convert_message(data, tmp, CONVERT_MESSAGE_DEFAULT_FLAGS, &buf); if (len == -1) goto error; if (len >= 0) response->info_creds->owner_name = strdup(buf); if (tmp) tmp[0] = '\0'; len = my_append(&tmp, MYPROXY_CRED_PREFIX, "_", MYPROXY_RETRIEVER_STRING, NULL); if (len < 0) goto error; len = convert_message(data, tmp, CONVERT_MESSAGE_DEFAULT_FLAGS, &buf); if (len == -1) goto error; if (len >= 0) response->info_creds->retrievers = strdup(buf); if (tmp) tmp[0] = '\0'; len = my_append(&tmp, MYPROXY_CRED_PREFIX, "_", MYPROXY_KEY_RETRIEVER_STRING, NULL); if (len < 0) goto error; len = convert_message(data, tmp, CONVERT_MESSAGE_DEFAULT_FLAGS, &buf); if (len == -1) goto error; if (len >= 0) response->info_creds->keyretrieve = strdup(buf); if (tmp) tmp[0] = '\0'; len = my_append(&tmp, MYPROXY_CRED_PREFIX, "_", MYPROXY_TRUSTED_RETRIEVER_STRING, NULL); if (len < 0) goto error; len = convert_message(data, tmp, CONVERT_MESSAGE_DEFAULT_FLAGS, &buf); if (len == -1) goto error; if (len >= 0) response->info_creds->trusted_retrievers = strdup(buf); if (tmp) tmp[0] = '\0'; len = my_append(&tmp, MYPROXY_CRED_PREFIX, "_", MYPROXY_RENEWER_STRING, NULL); if (len < 0) goto error; len = convert_message(data, tmp, CONVERT_MESSAGE_DEFAULT_FLAGS, &buf); if (len == -1) goto error; if (len >= 0) response->info_creds->renewers = strdup(buf); if (tmp) tmp[0] = '\0'; len = my_append(&tmp, MYPROXY_CRED_PREFIX, "_", MYPROXY_LOCKMSG_STRING, NULL); if (len < 0) goto error; len = convert_message(data, tmp, CONVERT_MESSAGE_DEFAULT_FLAGS, &buf); if (len == -1) goto error; if (len >= 0) response->info_creds->lockmsg = strdup(buf); len = convert_message(data, MYPROXY_ADDITIONAL_CREDS_STRING, CONVERT_MESSAGE_DEFAULT_FLAGS, &buf); if (len == -1) goto error; if (len >= 0) { /* addl credentials */ char **strs; struct myproxy_creds *cred = response->info_creds; len = parse_add_creds(buf, &strs, &num_creds); if (len == -1) { verror_put_string("Error parsing additional cred string"); goto error; } for (i = 0; i < num_creds; i++) { cred->next = malloc(sizeof(struct myproxy_creds)); cred = cred->next; memset(cred, 0, sizeof(struct myproxy_creds)); cred->credname = strdup(strs[i]); if (tmp) tmp[0] = '\0'; len = my_append(&tmp, MYPROXY_CRED_PREFIX, "_", strs[i], "_", MYPROXY_CRED_DESC_STRING, NULL); if (len == -1) goto error; len = convert_message(data, tmp, CONVERT_MESSAGE_DEFAULT_FLAGS, &buf); if (len == -1) goto error; if (len >= 0) cred->creddesc = strdup(buf); if (tmp) tmp[0]='\0'; len = my_append(&tmp, MYPROXY_CRED_PREFIX, "_", strs[i], "_", MYPROXY_START_TIME_STRING, NULL); if (len == -1) goto error; len = convert_message(data, tmp, CONVERT_MESSAGE_DEFAULT_FLAGS, &buf); if (len == -1) goto error; if (len > 0) { switch(string_to_int(buf, &value)) { case STRING_TO_INT_SUCCESS: cred->start_time = value; break; case STRING_TO_INT_NONNUMERIC: verror_put_string("Non-numeric characters in CRED_START_TIME \"%s\"", buf); goto error; case STRING_TO_INT_ERROR: goto error; } } if (tmp) tmp[0] = '\0'; len = my_append(&tmp, MYPROXY_CRED_PREFIX, "_", strs[i], "_", MYPROXY_END_TIME_STRING, NULL); if (len == -1) goto error; len = convert_message(data, tmp, CONVERT_MESSAGE_DEFAULT_FLAGS, &buf); if (len == -1) goto error; if (len > 0) { switch(string_to_int(buf, &value)) { case STRING_TO_INT_SUCCESS: cred->end_time = value; break; case STRING_TO_INT_NONNUMERIC: verror_put_string("Non-numeric characters in CRED_END_TIME \"%s\"", buf); goto error; case STRING_TO_INT_ERROR: goto error; } } if (tmp) tmp[0] = '\0'; len = my_append(&tmp, MYPROXY_CRED_PREFIX, "_", strs[i], "_", MYPROXY_CRED_OWNER_STRING, NULL); if (len == -1) goto error; len = convert_message(data, tmp, CONVERT_MESSAGE_DEFAULT_FLAGS, &buf); if (len == -1) goto error; if (len >= 0) cred->owner_name = strdup(buf); if (tmp) tmp[0] = '\0'; len = my_append(&tmp, MYPROXY_CRED_PREFIX, "_", strs[i], "_", MYPROXY_RETRIEVER_STRING, NULL); if (len == -1) goto error; len = convert_message(data, tmp, CONVERT_MESSAGE_DEFAULT_FLAGS, &buf); if (len == -1) goto error; if (len >= 0) cred->retrievers = strdup(buf); if (tmp) tmp[0] = '\0'; len = my_append(&tmp, MYPROXY_CRED_PREFIX, "_", strs[i], "_", MYPROXY_KEY_RETRIEVER_STRING, NULL); if (len == -1) goto error; len = convert_message(data, tmp, CONVERT_MESSAGE_DEFAULT_FLAGS, &buf); if (len == -1) goto error; if (len >= 0) cred->keyretrieve = strdup(buf); if (tmp) tmp[0] = '\0'; len = my_append(&tmp, MYPROXY_CRED_PREFIX, "_", strs[i], "_", MYPROXY_TRUSTED_RETRIEVER_STRING, NULL); if (len == -1) goto error; len = convert_message(data, tmp, CONVERT_MESSAGE_DEFAULT_FLAGS, &buf); if (len == -1) goto error; if (len >= 0) cred->trusted_retrievers = strdup(buf); if (tmp) tmp[0] = '\0'; len = my_append(&tmp, MYPROXY_CRED_PREFIX, "_", strs[i], "_", MYPROXY_RENEWER_STRING, NULL); if (len == -1) goto error; len = convert_message(data, tmp, CONVERT_MESSAGE_DEFAULT_FLAGS, &buf); if (len == -1) goto error; if (len >= 0) cred->renewers = strdup(buf); if (tmp) tmp[0] = '\0'; len = my_append(&tmp, MYPROXY_CRED_PREFIX, "_", strs[i], "_", MYPROXY_LOCKMSG_STRING, NULL); if (len == -1) goto error; len = convert_message(data, tmp, CONVERT_MESSAGE_DEFAULT_FLAGS, &buf); if (len == -1) goto error; if (len >= 0) cred->lockmsg = strdup(buf); } /* de-allocate string-list from parse_add_creds() */ for (i = 0; i < num_creds; i++) { free(strs[i]); } free(strs); } } len = convert_message(data, MYPROXY_AUTHORIZATION_STRING, CONVERT_MESSAGE_ALLOW_MULTIPLE, &buf); if (len > 0) { if (parse_auth_data(buf, &response->authorization_data)) { verror_put_string("Error parsing authorization data from server response"); goto error; } } len = convert_message(data, MYPROXY_TRUSTED_CERTS_STRING, CONVERT_MESSAGE_DEFAULT_FLAGS, &tmp); if (len > 0) { char *tok, *files; myproxy_certs_t *curr=NULL; files = strdup(tmp); for (tok = strtok(files, ","); tok; tok = strtok(NULL, ",")) { if (curr == NULL) { response->trusted_certs = curr = (myproxy_certs_t *)malloc(sizeof(myproxy_certs_t)); } else { curr->next = (myproxy_certs_t *)malloc(sizeof(myproxy_certs_t)); curr = curr->next; } memset(curr, 0, sizeof(myproxy_certs_t)); curr->filename = strdup(tok); myproxy_debug("got cert file: %s\n", curr->filename); if (tmp) tmp[0] = '\0'; len = my_append(&tmp, MYPROXY_FILEDATA_PREFIX, "_", tok, "=", NULL); if (len == -1) goto error; len = convert_message(data, tmp, CONVERT_MESSAGE_DEFAULT_FLAGS, &buf); if (len == -1) goto error; curr->size = b64_decode(buf, &curr->contents); if (curr->size == (size_t) -1) { verror_put_string("b64 decode failed!"); goto error; } /* myproxy_debug("contents:\n%s\n", curr->contents); */ } free(files); } /* Success */ return_code = 0; error: if (tmp) free(tmp); if (buf) free(buf); if (new_data) free(new_data); return return_code; } int myproxy_send(myproxy_socket_attrs_t *attrs, const char *data, const int datalen) { char error_string[1024]; assert(data != NULL); if (GSI_SOCKET_write_buffer(attrs->gsi_socket, data, datalen) == GSI_SOCKET_ERROR) { GSI_SOCKET_get_error_string(attrs->gsi_socket, error_string, sizeof(error_string)); verror_put_string("Error writing: %s\n", error_string); return -1; } return 0; } int myproxy_recv(myproxy_socket_attrs_t *attrs, char *data, const int datalen) { unsigned char *buffer = NULL; char error_string[1024]; size_t readlen; assert(data != NULL); if (GSI_SOCKET_read_token(attrs->gsi_socket, &buffer, &readlen) == GSI_SOCKET_ERROR) { GSI_SOCKET_get_error_string(attrs->gsi_socket, error_string, sizeof(error_string)); verror_put_string("Error reading: %s\n", error_string); return -1; } if (readlen > datalen) { memcpy(data, buffer, datalen); free(buffer); verror_put_string("Response was truncated\n"); return -2; } memcpy(data, buffer, readlen); free(buffer); return readlen; } int myproxy_recv_ex(myproxy_socket_attrs_t *attrs, char **data) { size_t readlen; char error_string[1024]; if (GSI_SOCKET_read_token(attrs->gsi_socket, (unsigned char **)data, &readlen) == GSI_SOCKET_ERROR) { GSI_SOCKET_get_error_string(attrs->gsi_socket, error_string, sizeof(error_string)); verror_put_string("Error reading: %s\n", error_string); return -1; } return readlen; } int myproxy_recv_response(myproxy_socket_attrs_t *attrs, myproxy_response_t *response) { int responselen; char *response_buffer = NULL; int rval; /* Receive a response from the server */ responselen = myproxy_recv_ex(attrs, &response_buffer); if (responselen < 0) { return(-1); } if (responselen == 0) { verror_put_string("Server closed connection.\n"); return(-1); } rval = myproxy_handle_response(response_buffer, responselen, response); free(response_buffer); return rval; } int myproxy_handle_response(const char *response_buffer, int responselen, myproxy_response_t *response) { /* Make a response object from the response buffer */ if (myproxy_deserialize_response(response, response_buffer, responselen) < 0) { return(-1); } /* Check version */ if (strcmp(response->version, MYPROXY_VERSION) != 0) { verror_put_string("Error: Received invalid version number from server"); return(-1); } /* Check response */ switch(response->response_type) { case MYPROXY_ERROR_RESPONSE: verror_put_string("ERROR from myproxy-server:\n%s", response->error_string); return(-1); break; case MYPROXY_OK_RESPONSE: case MYPROXY_AUTHORIZATION_RESPONSE: break; default: verror_put_string("Received unknown response type"); return(-1); break; } return 0; } int myproxy_recv_response_ex(myproxy_socket_attrs_t *socket_attrs, myproxy_response_t *server_response, myproxy_request_t *client_request) { do { if (myproxy_recv_response(socket_attrs, server_response) != 0) { return -1; } if (server_response->response_type == MYPROXY_AUTHORIZATION_RESPONSE) { if (myproxy_handle_authorization(socket_attrs, server_response, client_request) != 0) { return -1; } authorization_data_free(server_response->authorization_data); server_response->authorization_data = NULL; } } while (server_response->response_type == MYPROXY_AUTHORIZATION_RESPONSE); return 0; } int myproxy_handle_authorization(myproxy_socket_attrs_t *attrs, myproxy_response_t *server_response, myproxy_request_t *client_request) { myproxy_proto_response_type_t response_type; authorization_data_t *d = NULL; /* just pointer into server_response->authorization_data, no memory is allocated for this pointer */ int return_status = -1; char *buffer = NULL; int bufferlen; response_type = server_response->response_type; if (response_type == MYPROXY_AUTHORIZATION_RESPONSE) { /* Server wants authorization. Try the possibilities. */ if (client_request->authzcreds != NULL) { /* We have an AUTHZ cert. */ d = authorization_create_response( server_response->authorization_data, AUTHORIZETYPE_CERT256, client_request->authzcreds, strlen(client_request->authzcreds) + 1); if (d == NULL) { d = authorization_create_response( server_response->authorization_data, AUTHORIZETYPE_CERT, client_request->authzcreds, strlen(client_request->authzcreds) + 1); } } else { verror_put_string("No credentials for renewal authorization."); } #if defined(HAVE_LIBSASL2) if (d == NULL) { /* No luck with AUTHORIZETYPE_CERT. Try SASL. */ d = authorization_create_response( server_response->authorization_data, AUTHORIZETYPE_SASL, "", 1); } #endif if (d == NULL) { /* No luck with previous methods. Try PASSWD. */ d = authorization_create_response( server_response->authorization_data, AUTHORIZETYPE_PASSWD, client_request->passphrase, strlen(client_request->passphrase) + 1); } if (d == NULL) { /* No acceptable methods found. */ verror_put_string("Unable to respond to server's authentication challenge."); goto end; } bufferlen = d->client_data_len + sizeof(int); buffer = malloc(bufferlen); if (!buffer) { verror_put_string("malloc() failed"); goto end; } memset(buffer, '\0', bufferlen); (*buffer) = d->method; memcpy(buffer + sizeof(int), d->client_data, d->client_data_len); /* Send the authorization data to the server */ if (myproxy_send(attrs, buffer, bufferlen) < 0) { goto end; } #if defined(HAVE_LIBSASL2) /* SASL method requires more negotiation. */ if (d->method == AUTHORIZETYPE_SASL) { if (auth_sasl_negotiate_client(attrs, client_request) < 0) goto end; } #endif } return_status = 0; end: if (buffer) free(buffer); return return_status; } void myproxy_free(myproxy_socket_attrs_t *attrs, myproxy_request_t *request, myproxy_response_t *response) { if (attrs != NULL) { if (attrs->pshost != NULL) free(attrs->pshost); GSI_SOCKET_destroy(attrs->gsi_socket); close(attrs->socket_fd); free(attrs); } if (request != NULL) { if (request->version != NULL) free(request->version); if (request->username != NULL) free(request->username); if (request->retrievers != NULL) free(request->retrievers); if (request->renewers != NULL) free(request->renewers); if (request->credname != NULL) free(request->credname); if (request->creddesc != NULL) free(request->creddesc); if (request->authzcreds != NULL) free(request->authzcreds); if (request->keyretrieve != NULL) free(request->keyretrieve); if (request->trusted_retrievers != NULL) free(request->trusted_retrievers); if (request->voname != NULL) free(request->voname); if (request->vomses != NULL) free(request->vomses); free(request); } if (response != NULL) { if (response->version != NULL) free(response->version); if (response->authorization_data != NULL) authorization_data_free(response->authorization_data); if (response->error_string != NULL) free(response->error_string); if (response->info_creds != NULL) { myproxy_creds_free(response->info_creds); } if (response->trusted_certs != NULL) { myproxy_certs_free(response->trusted_certs); } free(response); } } int myproxy_request_add_voname(myproxy_request_t *client_request, const char *voname) { int return_status = -1; if (client_request == NULL) { verror_put_string("NULL client_request passed."); goto error; } if (voname == NULL) { verror_put_string("NULL voname passed."); goto error; } if (client_request->voname == NULL) { client_request->voname = strdup(voname); if (client_request->voname == NULL) { verror_put_string("strdup() failed"); goto error; } } else { if (my_append(&(client_request->voname), "\n", voname, NULL) < 0) { verror_put_string("my_append failed"); goto error; } } return_status = 0; error: return return_status; } int myproxy_request_add_vomses(myproxy_request_t *client_request, const char *vomses) { int return_status = -1; if (client_request == NULL) { verror_put_string("NULL client_request passed."); goto error; } if (vomses == NULL) { verror_put_string("NULL vomses passed."); goto error; } if (client_request->vomses == NULL) { client_request->vomses = strdup(vomses); if (client_request->vomses == NULL) { verror_put_string("strdup() failed"); goto error; } } else { if (my_append(&(client_request->vomses), "\n", vomses, NULL) < 0) { verror_put_string("my_append failed"); goto error; } } return_status = 0; error: return return_status; } /*--------- Helper functions ------------*/ /* * convert_message() * * Searches a buffer and locates varname. Stores contents of varname into line * e.g. convert_message(buf, "VERSION=", &version); * The line argument should be a pointer to NULL or a malloc'ed buffer. * The line buffer will be realloc'ed as required. * The buffer MUST BE NULL TERMINATED. * * flags is a bitwise or of the following values: * CONVERT_MESSAGE_ALLOW_MULTIPLE Allow a multiple instances of * varname, in which case the rvalues * are concatenated. * * Returns the number of characters copied into the line (not including the * terminating '\0'). On error returns -1, setting verror. Returns -2 * if string not found */ static int convert_message(const char *buffer, const char *varname, const int flags, char **line) { int foundone = 0; char *varname_start; int return_value = -1; int line_index = 0; const char *buffer_p; assert(buffer != NULL); assert(varname != NULL); assert(line != NULL); if ((flags & ~CONVERT_MESSAGE_KNOWN_FLAGS) != 0) { verror_put_string("Illegal flags value (%d)", flags); goto error; } /* * Our current position in buffer is in buffer_p. Since we're * done modifying buffer buffer_p can be a const. */ buffer_p = buffer; while ((varname_start = strstr(buffer_p, varname)) != NULL) { char *value_start; int value_length; /* Have is this the first varname we've found? */ if (foundone == 1) { /* No. Is that OK? */ if (flags & CONVERT_MESSAGE_ALLOW_MULTIPLE) { /* Yes. Add carriage return to existing line and concatenate */ *line = realloc(*line, line_index + 2); (*line)[line_index] = '\n'; line_index++; (*line)[line_index] = '\0'; } else { /* No. That's an error */ verror_put_string("Multiple values found in convert_message()"); goto error; } } /* Find start of value */ value_start = &varname_start[strlen(varname)]; /* Find length of value (might be zero) */ value_length = strcspn(value_start, "\n"); *line = realloc(*line, line_index+value_length + 1); /* Copy it over */ strncpy((*line)+line_index, value_start, value_length); line_index += value_length; /* Make sure line stays NULL-terminated */ (*line)[line_index] = '\0'; /* Indicate we've found a match */ foundone = 1; /* Advance our buffer position pointer */ buffer_p = &value_start[value_length]; } /* Did we find anything */ if (foundone == 0) { /* verror_put_string("No value found"); */ return_value = -2; /*string not found*/ goto error; } /* Success */ return_value = strlen(*line); error: if (return_value == -1 || return_value == -2) { /* Don't return anything in line on error */ if (*line) (*line)[0] = '\0'; } return return_value; } /* * parse_command() * * Parse command_str return the respresentation of the command in * command_value. * * Returns 0 on success, -1 on error setting verror. */ static int parse_command(const char *command_str, myproxy_proto_request_type_t *command_value) { int value; int return_value = -1; assert(command_str != NULL); assert(command_value != NULL); /* XXX Should also handle string commands */ switch (string_to_int(command_str, &value)) { case STRING_TO_INT_SUCCESS: return_value = 0; *command_value = (myproxy_proto_request_type_t) value; break; case STRING_TO_INT_NONNUMERIC: verror_put_string("Non-numeric characters in command string \"%s\"", command_str); break; case STRING_TO_INT_ERROR: break; } return return_value; } /* * encode_command() * * Return a string encoding of the command in command_value. * Returns NULL on error, setting verror. */ static const char * encode_command(const myproxy_proto_request_type_t command_value) { const char *string; /* * XXX Should return actual string description. */ switch(command_value) { case MYPROXY_GET_PROXY: string = "0"; break; case MYPROXY_PUT_PROXY: string = "1"; break; case MYPROXY_INFO_PROXY: string = "2"; break; case MYPROXY_DESTROY_PROXY: string = "3"; break; case MYPROXY_CHANGE_CRED_PASSPHRASE: string = "4"; break; case MYPROXY_STORE_CERT: string = "5"; break; case MYPROXY_RETRIEVE_CERT: string = "6"; break; case MYPROXY_GET_TRUSTROOTS: string = "7"; break; default: /* Should never get here */ string = NULL; verror_put_string("Internal error: Bad command type(%d)", command_value); break; } return string; } /* * parse_string * * Given a string representation of an integer value, fill in the given * integer with its integral value. * * Currently the string is just an ascii representation of the integer. * * Returns 0 on success, -1 on error setting verror. */ static int parse_string(const char *str, int *value) { int val; int return_value = -1; assert(str != NULL); assert(value != NULL); /* XXX Should also handle string commands */ switch (string_to_int(str, &val)) { case STRING_TO_INT_SUCCESS: return_value = 0; *value = val; break; case STRING_TO_INT_NONNUMERIC: verror_put_string("Non-numeric characters in string \"%s\"", str); break; case STRING_TO_INT_ERROR: break; } return return_value; } /* * encode_integer() * * Encode the given integer as a string into the given buffer with * length of buffer_len. * * Returns 0 on success, -1 on error setting verror. */ static int encode_integer(int value, char *string, int string_len) { /* Buffer large enough to hold string representation of lifetime */ char buffer[20]; assert(string != NULL); sprintf(buffer, "%d", value); if (my_strncpy(string, buffer, string_len) == -1) { return -1; } return 0; } /* * parse_response_type() * * Given a string representation of a response_type, fill in type_value * with the value. * * Currently the string is just an ascii representation of the value. * * Returns 0 on success, -1 on error setting verror. */ static int parse_response_type(const char *type_str, myproxy_proto_response_type_t *type_value) { int value; int return_value = -1; assert(type_str != NULL); assert(type_value != NULL); /* XXX Should also handle string representations */ switch (string_to_int(type_str, &value)) { case STRING_TO_INT_SUCCESS: return_value = 0; *type_value = (myproxy_proto_response_type_t) value; break; case STRING_TO_INT_NONNUMERIC: verror_put_string("Non-numeric characters in string \"%s\"", type_str); break; case STRING_TO_INT_ERROR: break; } return return_value; } /* * encode_response() * * Return a string encoding of the response_type in response_value. * Returns NULL on error. */ static const char * encode_response(const myproxy_proto_response_type_t response_value) { const char *string; /* * XXX Should return actual string description. */ switch(response_value) { case MYPROXY_OK_RESPONSE: string = "0"; break; case MYPROXY_ERROR_RESPONSE: string = "1"; break; case MYPROXY_AUTHORIZATION_RESPONSE: string = "2"; break; default: /* Should never get here */ string = NULL; verror_put_string("Internal error: Bad response type (%d)", response_value); break; } return string; } /* * string_to_int() * * Convert a string representation of an integer into an integer. * * Returns 1 on success, 0 if string contains non-numeric characters, * -1 on error setting verror. */ static int string_to_int(const char *string, int *integer) { char *parse_end = NULL; int base = 0 /* Any */; long int value; int return_value = -1; assert(string != NULL); assert(integer != NULL); /* Check for empty string */ if (strlen(string) == 0) { verror_put_string("Zero-length string"); goto error; } value = strtol(string, &parse_end, base); if (value == LONG_MIN) { verror_put_string("Underflow error"); goto error; } if (value == LONG_MAX) { verror_put_string("Overflow error"); goto error; } /* Make sure we parsed all the characters in string */ if (*parse_end != '\0') { return_value = 0; goto error; } /* Success */ *integer = (int) value; return_value = 1; error: return return_value; } /* Returns pointer to last processed char in the buffer or NULL on error */ /* The entries are separated either by '\n' or by '\0' */ static char * parse_entry(char *buffer, authorization_data_t *data) { char *str; char *str_method; char *p = buffer; author_method_t method; assert (data != NULL); while (*p == '\0') p++; str_method = p; if ((p = strchr(str_method, ':')) == NULL) { verror_put_string("Parse error"); return NULL; } *p = '\0'; method = authorization_get_method(str_method); str = p + 1; if ((p = strchr(str, '\n'))) *p = '\0'; data->server_data = malloc(strlen(str) + 1); if (data->server_data == NULL) { verror_put_errno(errno); return NULL; } strcpy(data->server_data, str); data->client_data = NULL; data->client_data_len = 0; data->method = method; return str + strlen(str); } /* Parse buffer into author_data. The buffer is supposed to be '0'-terminated */ static int parse_auth_data(char *buffer, authorization_data_t ***auth_data) { char *p = buffer; char *buffer_end; void *tmp; authorization_data_t **data = NULL; int num_data = 0; authorization_data_t entry; int return_status = -1; data = malloc(sizeof(*data)); if (data == NULL) { verror_put_errno(errno); return -1; } data[0] = NULL; buffer_end = buffer + strlen(buffer); do { p = parse_entry(p, &entry); if (p == NULL) goto end; if (entry.method == AUTHORIZETYPE_NULL) continue; tmp = realloc(data, (num_data + 1 + 1) * sizeof(*data)); if (tmp == NULL) { verror_put_errno(errno); goto end; } data = tmp; data[num_data] = malloc(sizeof(entry)); if (data[num_data] == NULL) { verror_put_errno(errno); goto end; } data[num_data]->server_data = entry.server_data; data[num_data]->client_data = entry.client_data; data[num_data]->client_data_len = entry.client_data_len; data[num_data]->method = entry.method; data[num_data + 1] = NULL; num_data++; } while (p < buffer_end); return_status = 0; *auth_data = data; end: if (return_status == -1) authorization_data_free(data); return return_status; } int myproxy_init_credentials(myproxy_socket_attrs_t *attrs, const char *delegfile) { char error_string[1024]; if (attrs == NULL) return -1; if (GSI_SOCKET_credentials_init_ext(attrs->gsi_socket, delegfile) == GSI_SOCKET_ERROR) { GSI_SOCKET_get_error_string(attrs->gsi_socket, error_string, sizeof(error_string)); verror_put_string("Error storing credentials: %s\n", error_string); return -1; } return 0; } /* ** Accepts a credential and stores the information in a temp file ** delegfile. */ int myproxy_accept_credentials(myproxy_socket_attrs_t *attrs, char *delegfile, int delegfile_len) { char error_string[1024]; if (attrs == NULL) return -1; if (GSI_SOCKET_credentials_accept_ext(attrs->gsi_socket, delegfile, delegfile_len) == GSI_SOCKET_ERROR) { GSI_SOCKET_get_error_string(attrs->gsi_socket, error_string, sizeof(error_string)); verror_put_string("Error accepting credentials: %s\n", error_string); return -1; } return 0; } /* ** Retrieves a credential from the repository and sends it to the client. */ int myproxy_get_credentials(myproxy_socket_attrs_t *attrs, const char *delegfile) { char error_string[1024]; if (attrs == NULL) return -1; if (GSI_SOCKET_get_creds(attrs->gsi_socket, delegfile) == GSI_SOCKET_ERROR) { GSI_SOCKET_get_error_string(attrs->gsi_socket, error_string, sizeof(error_string)); verror_put_string("Error getting credentials: %s\n", error_string); return -1; } return 0; } myproxy-6.2.16/configure.ac0000644000175100017510000002120414557142036012554 00000000000000dnl Process this file with autoconf to produce a configure script. AC_INIT([myproxy],[6.2.16]) AC_CONFIG_AUX_DIR([build-aux]) AM_INIT_AUTOMAKE([foreign]) LT_INIT([dlopen win32-dll]) AC_CONFIG_MACRO_DIR([m4]) PACKAGE_VERSION2=${PACKAGE_VERSION%.*} AC_SUBST([MAJOR_VERSION], [${PACKAGE_VERSION2%%.*}]) AC_SUBST([MINOR_VERSION], [${PACKAGE_VERSION2##*.}]) AC_SUBST([MICRO_VERSION], [${PACKAGE_VERSION##*.}]) AC_SUBST([AGE_VERSION], [0]) AC_SUBST([PACKAGE_DEPS], ["globus-gssapi-gsi >= 9, globus-gss-assist >= 8, globus-gsi-sysconfig >= 5, globus-gsi-cert-utils >= 8, globus-gsi-proxy-core >= 6, globus-gsi-credential >= 5, globus-gsi-callback >= 4, globus-common >= 14"]) m4_define([myproxy_date], m4_syscmd([ if git rev-parse --show-toplevel > /dev/null 2>&1; then git log -n 1 --pretty=format:%cD | awk '{printf $3 " " $4}' > myproxy-date.inc.new; if ! cmp myproxy-date.inc myproxy-date.inc.new > /dev/null 2>&1; then mv myproxy-date.inc.new myproxy-date.inc else rm myproxy-date.inc.new fi fi])dnl m4_incl[ude(myproxy-date.inc)])dnl MYPROXY_DATE="myproxy_date" AC_SUBST([MYPROXY_DATE]) PKG_CHECK_EXISTS([globus-proxy-utils], [ GSI_PROXY_UTILS_PATH="$($PKG_CONFIG --variable=path globus-proxy-utils)"]) AC_SUBST([GSI_PROXY_UTILS_PATH]) PKG_CHECK_EXISTS([globus-gsi-cert-utils], [ GSI_CERT_UTILS_PATH="$($PKG_CONFIG --variable=path globus-gsi-cert-utils)"]) AC_SUBST([GSI_CERT_UTILS_PATH]) AC_PROG_LN_S dnl dnl Figure out which regular expression parser to use. dnl (taken from krb5/lib/krb5/os/configure.in) dnl Try, in order, regcomp, compile/step dnl AC_HAVE_HEADERS(regex.h regexpr.h) dnl dnl regcomp (which is present but non-functional on Solaris 2.4) dnl AC_CACHE_CHECK([for working regcomp], [ac_cv_func_regcomp], [AC_TRY_RUN([ #include #include regex_t x; regmatch_t m; int main() { return regcomp(&x,"pat.*",0) || regexec(&x,"pattern",1,&m,0); } ], ac_cv_func_regcomp=yes, ac_cv_func_regcomp=no, ac_cv_func_regcomp=no)]) dnl dnl compre/step dnl save_LIBS=$LIBS LIBS=-lgen dnl this will fail if there's no compile/step in -lgen, or if there's dnl no -lgen. This is fine. AC_CHECK_FUNCS(compile step, have_func_compile=yes) LIBS=$save_LIBS dnl if test "$ac_cv_func_regcomp" = yes ; then AC_MSG_RESULT([Using re_comp for regular expression matching]) AC_DEFINE(HAVE_REGCOMP) elif test "$have_func_compile" = yes ; then AC_MSG_RESULT([Using compile/step for regular expression matching]) AC_CHECK_LIB(gen, compile, [SERVERLIBS="$SERVERLIBS -lgen"]) else AC_MSG_ERROR([No support for regular expression matching]) fi dnl dnl Check for setenv() dnl AC_CHECK_FUNCS(setenv) dnl dnl Check for unsetenv() dnl AC_CHECK_FUNCS(unsetenv) dnl dnl Check for getopt_long() dnl AC_HAVE_HEADERS(getopt.h) AC_CHECK_FUNCS(getopt_long) dnl dnl Check for socklen_t dnl AC_CHECK_HEADERS([sys/socket.h]) AC_CHECK_TYPES([socklen_t],[],[],AC_INCLUDES_DEFAULT[ #if HAVE_SYS_SOCKET_H #include #endif]) dnl dnl Check for facilitynames dnl AC_CHECK_DECLS([facilitynames], [], [], [[ #define SYSLOG_NAMES #include #include ]]) dnl dnl Check to see if we need "netlibs" (specifically, libnsl and libsocket) dnl uname=`(uname) 2>/dev/null` if test "$uname" != IRIX -a "$uname" != IRIX64 ; then AC_CHECK_LIB(socket, socket, [ SYSLIBS="$SYSLIBS -lsocket"], ,-lnsl) AC_CHECK_LIB(nsl, t_bind, [ SYSLIBS="$SYSLIBS -lnsl"]) fi AC_SUBST(SYSLIBS) if test "x$PKG_CONFIG_PATH" = "x" -a "x$GLOBUS_LOCATION" != "x" ; then PKG_CONFIG_PATH=$GLOBUS_LOCATION/lib/pkgconfig export PKG_CONFIG_PATH fi PKG_CHECK_MODULES([GLOBUS], [$PACKAGE_DEPS], [], AC_MSG_ERROR([GLOBUS_PKG_ERRORS])) PKG_CHECK_MODULES([OPENSSL], [openssl >= 1.0], [OPENSSL_PKGCONFIG="openssl >= 1.0"]) CPPFLAGS="$OPENSSL_CFLAGS $CPPFLAGS" LIBS="$OPENSSL_LIBS $LIBS" AC_PATH_PROGS([OPENSSL], openssl) AM_CONDITIONAL([ENABLE_TESTS], [test "x$OPENSSL" != x]) dnl dnl Check for globus_gsi_proxy_handle_set_extensions dnl AC_CHECK_LIB(globus_gsi_proxy_core, globus_gsi_proxy_handle_set_extensions, AC_DEFINE(HAVE_GLOBUS_GSI_PROXY_HANDLE_SET_EXTENSIONS), ) dnl dnl Check for OCSP dnl AC_CHECK_FUNC(OCSP_basic_verify, AC_DEFINE(HAVE_OCSP)) AC_ARG_WITH(sasl2, AS_HELP_STRING([--with-sasl2=PATH], [Build with SASL V2 support]), [ if test "x$withval" = "xyes" ; then AC_MSG_ERROR([--with-sasl2 requires PATH argument]) fi if test "x$withval" != "xno" ; then CPPFLAGS="-I${withval}/include/sasl $CPPFLAGS" LDFLAGS="-L${withval}/lib $LDFLAGS" AC_CHECK_HEADER(sasl.h) AC_CHECK_LIB(sasl2, sasl_client_init, , AC_MSG_ERROR([libsasl2 not found])) AC_MSG_CHECKING(that sasl.h matches libsasl2) AC_TRY_RUN([ #include int main(void) { if (SASL_VERSION_MAJOR != 2) return 1; else return 0; } ], [AC_MSG_RESULT([yes])], [ AC_MSG_RESULT([no]) AC_MSG_ERROR([sasl.h does not match libsasl2]) ], [AC_MSG_RESULT([yes])]) SASL="yes" fi ] ) dnl dnl Check for Kerberos dnl AC_ARG_WITH(kerberos5, AS_HELP_STRING([--with-kerberos5=PATH],[Build with Kerberos V5 support]), [ if test "x$withval" = "xyes" ; then AC_MSG_ERROR([--with-kerberos5 requires PATH argument]) fi if test "x$withval" != "xno" ; then if test "$SASL" != "yes"; then AC_MSG_ERROR([--with-kerberos5 requires --with-sasl2]) fi KRB5CPPFLAGS="-I${withval}/include $CPPFLAGS" AC_SUBST(KRB5CPPFLAGS) AC_DEFINE(BUILD_GSSAPI_PLUGIN) AC_CHECK_HEADERS(gssapi.h) fi ] ) dnl dnl Check for PAM dnl AC_CHECK_HEADERS(security/pam_appl.h pam/pam_appl.h) if test "x$ac_cv_header_security_pam_appl_h" = "xyes" || \ test "x$ac_cv_header_pam_pam_appl_h" = "xyes" ; then AC_CHECK_LIB(dl, dlopen, , ) AC_CHECK_LIB(pam, pam_set_item, , ) fi dnl dnl Check for pthread_sigmask dnl AC_CHECK_FUNC(pthread_sigmask, AC_DEFINE(HAVE_PTHREAD_SIGMASK)) dnl dnl Check for pidfile_open dnl AC_CHECK_DECL(pidfile_open, AC_DEFINE(HAVE_PIDFILE_DECL), , [#include ]) AC_SEARCH_LIBS(pidfile_open, util bsd, AC_DEFINE(HAVE_PIDFILE)) dnl dnl Check for OpenLDAP dnl AC_ARG_WITH(openldap, AS_HELP_STRING([--with-openldap=PATH],[Build with OpenLDAP CA support]), [ if test "x$withval" = "xyes" ; then AC_MSG_ERROR([--with-openldap requires PATH argument]) fi if test "x$withval" != "xno" ; then CPPFLAGS="-I${withval}/include $CPPFLAGS" AC_MSG_CHECKING(for OpenLDAP v2.3 or later) AC_TRY_RUN([ #include int main(void) { if (LDAP_VENDOR_VERSION < 20300) return 1; else return 0; } ], [AC_MSG_RESULT([yes])], [ AC_MSG_RESULT([no]) AC_MSG_ERROR([OpenLDAP is not v2.3 or later]) ], [AC_MSG_RESULT([yes])]) # warning: if ${withval}/lib isn't in the shared library # search path, then adding -lldap may cause AC_TRY_RUN tests # below to fail LDFLAGS="-L${withval}/lib $LDFLAGS" AC_CHECK_HEADERS(ldap.h) AC_CHECK_LIB(lber, ber_free, , AC_MSG_ERROR([ber_free not found in liblber]) ) AC_CHECK_LIB(ldap, ldap_sasl_bind_s, , AC_MSG_ERROR([ldap_sasl_bind_s not found in libldap]) ) AC_CHECK_FUNC(ldap_search_ext_s, , AC_MSG_ERROR([ldap_search_ext_s not found in libldap]) ) AC_CHECK_FUNC(ldap_str2dn, , AC_MSG_ERROR([ldap_str2dn not found in libldap]) ) AC_CHECK_FUNC(ldap_start_tls_s, , AC_MSG_ERROR([ldap_start_tls_s not found in libldap]) ) fi ] ) dnl dnl Check for VOMS libraries dnl AC_ARG_WITH(voms, AS_HELP_STRING([--with-voms=PATH],[Build with VOMS support]), [ if test "x$withval" = "xyes" ; then AC_MSG_ERROR([--with-voms requires PATH argument]) fi if test "x$withval" != "xno" ; then CPPFLAGS="-I${withval}/include -I${withval}/include/voms -I${withval}/include/glite/security/voms $CPPFLAGS" LDFLAGS="-L${withval}/lib -L${withval}/lib64 $LDFLAGS" SAVE_LIBS="$LIBS" AC_CHECK_HEADER(voms_apic.h) AC_CHECK_HEADER(newformat.h) AC_SEARCH_LIBS(VOMS_Init, vomsapi vomsc, , AC_MSG_ERROR([VOMS_Init not found in libvomsapi/libvomsc]) ) VOMS_LIBS="$LIBS" LIBS="$SAVE_LIBS" AC_SUBST([VOMS_LIBS]) HAVE_VOMS=1 AC_DEFINE(HAVE_VOMS) fi ] ) AM_CONDITIONAL([HAVE_VOMS], [test x"$HAVE_VOMS" = x1]) AC_CONFIG_FILES([ Makefile web/Makefile systemd/Makefile man/Makefile myproxy.h myproxy.pc]) AC_OUTPUT myproxy-6.2.16/myproxy_info.c0000644000175100017510000001713414557142036013203 00000000000000/* * myproxy-info * * Client program to inqure a proxy on a myproxy-server */ #include "myproxy_common.h" /* all needed headers included here */ static char usage[] = \ "\n"\ "Syntax: myproxy-info [-l username] ...\n"\ " myproxy-info [-usage|-help] [-version]\n"\ "\n"\ " Options\n"\ " -h | --help Displays usage\n"\ " -u | --usage \n"\ " \n"\ " -v | --verbose Display debugging messages\n"\ " -V | --version Displays version\n"\ " -l | --username Username for the delegated proxy\n"\ " -s | --pshost Hostname of the myproxy-server\n"\ " -p | --psport # Port of the myproxy-server\n" " -d | --dn_as_username Use the proxy certificate subject\n" " (DN) as the default username,\n" " instead of the LOGNAME env. var.\n" " -k | --credname Specifies credential name.\n" "\n"; struct option long_options[] = { {"help", no_argument, NULL, 'h'}, {"pshost", required_argument, NULL, 's'}, {"psport", required_argument, NULL, 'p'}, {"usage", no_argument, NULL, 'u'}, {"username", required_argument, NULL, 'l'}, {"verbose", no_argument, NULL, 'v'}, {"version", no_argument, NULL, 'V'}, {"dn_as_username", no_argument, NULL, 'd'}, {"credname", required_argument, NULL, 'k'}, {0, 0, 0, 0} }; static char short_options[] = "hus:p:l:vVdk:"; static char version[] = "myproxy-info version " MYPROXY_VERSION " (" MYPROXY_VERSION_DATE ") " "\n"; static int dn_as_username = 0; /* Function declarations */ void init_arguments(int argc, char *argv[], myproxy_socket_attrs_t *attrs, myproxy_request_t *request); int main(int argc, char *argv[]) { char *pshost = NULL; char *request_buffer = NULL; int requestlen; int return_value = 1; myproxy_socket_attrs_t *socket_attrs; myproxy_request_t *client_request; myproxy_response_t *server_response; /* check library version */ if (myproxy_check_version()) { fprintf(stderr, "MyProxy library version mismatch.\n" "Expecting %s. Found %s.\n", MYPROXY_VERSION_DATE, myproxy_version(0,0,0)); exit(1); } myproxy_log_use_stream (stderr); socket_attrs = malloc(sizeof(*socket_attrs)); memset(socket_attrs, 0, sizeof(*socket_attrs)); client_request = malloc(sizeof(*client_request)); memset(client_request, 0, sizeof(*client_request)); server_response = malloc(sizeof(*server_response)); memset(server_response, 0, sizeof(*server_response)); /* setup defaults */ client_request->version = malloc(strlen(MYPROXY_VERSION) + 1); strcpy(client_request->version, MYPROXY_VERSION); client_request->command_type = MYPROXY_INFO_PROXY; pshost = getenv("MYPROXY_SERVER"); if (pshost != NULL) { socket_attrs->pshost = strdup(pshost); } if (getenv("MYPROXY_SERVER_PORT")) { socket_attrs->psport = atoi(getenv("MYPROXY_SERVER_PORT")); } else { socket_attrs->psport = MYPROXY_SERVER_PORT; } /* Initialize client arguments and create client request object */ init_arguments(argc, argv, socket_attrs, client_request); /* * We don't need to send the real pass phrase to the server as it * will just use our identity to authenticate and authorize us. * But we need to send over a dummy pass phrase at least * MIN_PASS_PHASE_LEN (currently 6) characters long. */ strncpy(client_request->passphrase, "DUMMY-PASSPHRASE", sizeof(client_request->passphrase)); /* Set up client socket attributes */ if (myproxy_init_client(socket_attrs) < 0) { verror_print_error(stderr); goto cleanup; } /* Authenticate client to server */ if (myproxy_authenticate_init(socket_attrs, NULL /* Default proxy */) < 0) { verror_print_error(stderr); goto cleanup; } if (client_request->username == NULL) { /* set default username */ if (dn_as_username) { if (ssl_get_base_subject_file(NULL, &client_request->username)) { fprintf(stderr, "Cannot get subject name from your certificate\n"); goto cleanup; } } else { char *username = NULL; if (!(username = getenv("LOGNAME"))) { fprintf(stderr, "Please specify a username.\n"); goto cleanup; } client_request->username = strdup(username); } } /* Serialize client request object */ requestlen = myproxy_serialize_request_ex(client_request, &request_buffer); if (requestlen < 0) { verror_print_error(stderr); goto cleanup; } /* Send request to the myproxy-server */ if (myproxy_send(socket_attrs, request_buffer, requestlen) < 0) { verror_print_error(stderr); goto cleanup; } free(request_buffer); request_buffer = 0; /* Receive a response from the server */ if (myproxy_recv_response_ex(socket_attrs, server_response, client_request) < 0) { verror_print_error(stderr); goto cleanup; } /* Check response */ switch(server_response->response_type) { case MYPROXY_ERROR_RESPONSE: fprintf(stderr, "Received ERROR_RESPONSE: %s\n", server_response->error_string); goto cleanup; break; case MYPROXY_OK_RESPONSE: printf("username: %s\n", client_request->username); myproxy_print_cred_info(server_response->info_creds, stdout); break; default: fprintf(stderr, "Invalid response type received.\n"); goto cleanup; break; } return_value = 0; cleanup: /* free memory allocated */ myproxy_free(socket_attrs, client_request, server_response); return return_value; } void init_arguments(int argc, char *argv[], myproxy_socket_attrs_t *attrs, myproxy_request_t *request) { extern char *optarg; int arg; while((arg = getopt_long(argc, argv, short_options, long_options, NULL)) != EOF) { switch(arg) { case 's': /* pshost name */ attrs->pshost = strdup(optarg); break; case 'p': /* psport */ attrs->psport = atoi(optarg); break; case 'u': /* print help and exit */ case 'h': /* print help and exit */ printf("%s", usage); exit(0); break; case 'l': /* username */ request->username = strdup(optarg); break; case 'v': myproxy_debug_set_level(1); break; case 'V': /* print version and exit */ printf("%s", version); exit(0); break; case 'k': /*credential name*/ request->credname = strdup (optarg); break; case 'd': /* use the certificate subject (DN) as the default username instead of LOGNAME */ dn_as_username = 1; break; default: /* print usage and exit */ fprintf(stderr, "%s", usage); exit(1); break; } } if (optind != argc) { fprintf(stderr, "%s: invalid option -- %s\n", argv[0], argv[optind]); fprintf(stderr, "%s", usage); exit(1); } /* Check to see if myproxy-server specified */ if (attrs->pshost == NULL) { fprintf(stderr, "%s", usage); fprintf(stderr, "Unspecified myproxy-server. Please set the MYPROXY_SERVER environment variable\nor set the myproxy-server hostname via the -s flag.\n"); exit(1); } return; } myproxy-6.2.16/myproxy-test-replicate0000755000175100017510000011037514557142036014676 00000000000000#!/usr/bin/perl -w # myproxy test script # written by Jim Basney # Requires a valid proxy credential with lifetime of atleast 3 hours. # # Test cases are: # 1. Store a credential on master (myproxy-init). # 2. Get info on the stored credential (myproxy-info). # 3. Retrieve stored credential from master (myproxy-get-delegation). # 4. Replicate to slaves (myproxy-replicate). # 5. Retrieve stored credential from slave (myproxy-get-delegation). # 6. Change passphrase on master (myproxy-change-pass-phrase). # 7. Retrieve from master with new passphrase. # 8. Replicate to slaves (myproxy-replicate). # 9. Remove credential from repository (myproxy-destroy). # 10. Verify credential is removed from master(myproxy_info). # 11. Replicate to slaves (myproxy-replicate). # 12. Verify credential is removed from slave(myproxy_info). # # 13. Store credential (myproxy-store -v -t 1) # 14. Get info on the stored credential (myproxy-info) # 15. Create proxy from stored credential (myproxy-get-delegation). # 16. Replicate to slaves (myproxy-replicate). # 17. Retrieve stored credential from master (myproxy-retrieve) # 18. Retrieve stored credential from slave (myproxy-retrieve) # # Test server failure. # # 20. Store a credential (myproxy-store -v -t 1) # 21. Shutdown one slave server and replicate (myproxy-replicate) # Should get one failure: STATUS: 256 # Unable to connect to 141.142.96.61:60503 # .myproxy_replicate and .myproxy_deleted should not update # 22. Restart slave server and and replicate (myproxy-replicate) # 23. Shutdown one slave server and destroy cred (myproxy-destroy) # Should get one failure: STATUS: 256 # error in myproxy_init_client(): Unable to connect to 141.142.96.61:60503 # .myproxy_replicate and .myproxy_deleted should not update # 24. Restart slave server and and replicate (myproxy-replicate) # 25. Store a credential (myproxy-store -v -t 1) # 26. Shutdown one slave server and replicate (myproxy-replicate) # Should get one failure: STATUS: 256 # Unable to connect to 141.142.96.61:60503 # .myproxy_replicate and .myproxy_deleted should not update # 27. Restart slave server and destroy cred (myproxy-destroy) use File::Temp qw(tempdir); use File::Copy; use IPC::Open3; use Socket; $tmpdir = tempdir(CLEANUP => 1); $PROXYBITS = "-bits 2048"; # # handle cmdline options # $usage = "usage: myproxy-test-replicate [-help] [-verbose] [-keepfiles]\n"; $verbose = 0; $cleanupfiles = 1; while (($arg = shift @ARGV)) { if ($arg eq "-h" || $arg eq "-help") { print STDERR $usage; exit 1; } elsif ($arg eq "-v" || $arg eq "-verbose") { $verbose = 1; } elsif ($arg eq "-k" || $arg eq "-keepfiles") { $cleanupfiles = 0; } else { print STDERR $usage; exit 1; } } # Create a private CA and proxy locally and use them. my $privcerts = "$tmpdir/privcerts.$$" ; print STDERR "creating a CA in ", $privcerts, "\n" if ($verbose); mkdir("$privcerts") || die("failed to create $privcerts directory, stopped") ; open(SSLCNF, ">$privcerts/openssl.cnf") || die("failed to create $privcerts/openssl.cnf: $!"); print SSLCNF <$privcerts/index.txt") || die("failed to create $privcerts/index.txt"); close(CAINDEX); open(SERIAL,">$privcerts/serial") || die("failed to create $privcerts/serial"); print SERIAL "01\n"; close(SERIAL); &runcmd("openssl req -batch -subj '/CN=MyProxy Test CA' -config $privcerts/openssl.cnf -new -x509 -extensions v3_ca -nodes -keyout $privcerts/cakey.pem -out $privcerts/cacert.pem -days 30"); chomp($hash = `openssl x509 -in $privcerts/cacert.pem -hash -noout`) ; mkdir("$privcerts/grid-security") || die("failed to create $privcerts/grid-security"); copy("$privcerts/cacert.pem","$privcerts/grid-security/$hash.0") || die("failed to copy $privcerts/cacert.pem","$privcerts/grid-security/$hash.0"); open(POLICY,">$privcerts/grid-security/$hash.signing_policy") || die("failed to create $privcerts/grid-security/$hash.signing_policy"); print POLICY "access_id_CA X509 '/CN=MyProxy Test CA'\n"; print POLICY "pos_rights globus CA:sign\n"; print POLICY "cond_subjects globus '\"/*\"'\n"; close(POLICY); print STDERR "creating a user certificate request ", $privcerts, "\n" if ($verbose); &runcmd("openssl req -batch -subj '/CN=MyProxy Test User' -config $privcerts/openssl.cnf -new -nodes -keyout $privcerts/userkey.pem -out $privcerts/usercert.csr -days 7") ; print STDERR "signing user certificate with by CA in ", $privcerts, "\n" if ($verbose); &runcmd("openssl ca -batch -days 7 -config $privcerts/openssl.cnf -policy policy_anything -out $privcerts/usercert.pem -infiles $privcerts/usercert.csr"); chmod(oct("0600"),"$privcerts/userkey.pem","$privcerts/usercert.pem") || die("failed to chmod $privcerts/userkey.pem or $privcerts/usercert.pem"); $ENV{'X509_USER_CERT'} = "$privcerts/usercert.pem" ; $ENV{'X509_USER_KEY'} = "$privcerts/userkey.pem" ; $ENV{'X509_CERT_DIR'} = "$privcerts/grid-security" ; print STDERR "generating a user proxy\n" if ($verbose); chomp($grid_proxy_init = `which grid-proxy-init 2>/dev/null`); die "grid-proxy-init not found, stopped" if (!(-x $grid_proxy_init)); &runcmd("$grid_proxy_init -debug $PROXYBITS"); #end of generatecerts. # # make sure I have a valid proxy # chomp($grid_proxy_init = `which grid-proxy-init 2>/dev/null`); die "grid-proxy-init not found, stopped" if (!(-x $grid_proxy_init)); chomp($grid_proxy_info = `which grid-proxy-info 2>/dev/null`); die "grid-proxy-info not found, stopped" if (!(-x $grid_proxy_info)); $timeleft = `$grid_proxy_info -timeleft 2>/dev/null`; if (!defined($timeleft) || $timeleft eq "" || ($timeleft < 60*60*3)) { &debug("Problem with proxy. Will try to create a new one."); `$grid_proxy_init -pwstdin /dev/null 2>&1`; $timeleft = `$grid_proxy_info -timeleft 2>/dev/null`; } die "grid-proxy-info failed, stopped" if (!defined($timeleft) || $timeleft eq ""); die "proxy expired, stopped" if ($timeleft < 60); die "proxy lifetime too short, stopped" if ($timeleft < 60*60*3); chomp($cert_subject = `$grid_proxy_info -identity`); die "grid-proxy-info -identity failed, stopped" if (!defined($cert_subject) || $cert_subject eq ""); # # check for the commands I want to run # chomp($myproxy_store = `which myproxy-store 2>/dev/null`); die "myproxy-store not in PATH, stopped" if (!(-x $myproxy_store)); chomp($myproxy_init = `which myproxy-init 2>/dev/null`); die "myproxy-init not in PATH, stopped" if (!(-x $myproxy_init)); chomp($myproxy_retrieve = `which myproxy-retrieve 2>/dev/null`); die "myproxy-retrieve not in PATH, stopped" if (!(-x $myproxy_retrieve)); chomp($myproxy_info = `which myproxy-info 2>/dev/null`); die "myproxy-info not in PATH, stopped" if (!(-x $myproxy_info)); chomp($myproxy_destroy = `which myproxy-destroy 2>/dev/null`); die "myproxy-destroy not in PATH, stopped" if (!(-x $myproxy_destroy)); chomp($myproxy_get = `which myproxy-get-delegation 2>/dev/null`); die "myproxy-get-delegation not in PATH, stopped" if (!(-x $myproxy_get)); chomp($myproxy_passwd = `which myproxy-change-pass-phrase 2>/dev/null`); die "myproxy-change-pass-phrase not in PATH, stopped" if (!(-x $myproxy_passwd)); # # setup environment variables # if (!defined($ENV{'X509_USER_PROXY'})) { $ENV{'X509_USER_PROXY'} = "/tmp/x509up_u$<"; } # make proxy from existing proxy, so we don't need to deal with long-term cred $ENV{'X509_USER_CERT'} = $ENV{'X509_USER_PROXY'}; $ENV{'X509_USER_KEY'} = $ENV{'X509_USER_PROXY'}; srand(time||$$); $passphrase = sprintf "%010d", int(rand(0x7fffffff)); my $mport = undef; my $s1port = undef; my $s2port = undef; my $s3port = undef; my $masterpid = undef; my $masterdir = undef; my $masterconf = undef; my $masterpidfile = undef; my $slconf = undef; my $sl1pid = undef; my $sl1dir = undef; my $sl1pidfile = undef; my $sl1portfile = undef; my $sl2pid = undef; my $sl2dir = undef; my $sl2pidfile = undef; my $sl2portfile = undef; my $sl3pid = undef; my $sl3dir = undef; my $sl3pidfile = undef; my $sl3portfile = undef; # # start servers # $ENV{'MYPROXY_SERVER'} = "localhost"; $ENV{'MYPROXY_SERVER_DN'} = $cert_subject; chomp($myproxy_server = `which myproxy-server 2>/dev/null`); die "myproxy-server not in PATH, stopped" if (!(-x $myproxy_server)); $slconf = "$tmpdir/myproxy-test.serverconf.sl.$$"; open(CONF, ">$slconf") || die "failed to open $slconf, stopped"; print CONF "accepted_credentials \"$ENV{MYPROXY_SERVER_DN}\"\n"; print CONF "authorized_retrievers \"*\"\n"; print CONF "default_retrievers \"*\"\n"; print CONF "authorized_renewers \"*\"\n"; print CONF "default_renewers \"none\"\n"; print CONF "authorized_key_retrievers \"*\"\n"; print CONF "default_key_retrievers \"*\"\n"; print CONF "allow_self_authorization true\n"; # temporary workaround close(CONF); $sl1dir = "$tmpdir/myproxy-test.serverdir.sl1.$$"; mkdir($sl1dir) || die "failed to create $sl1dir, stopped"; chmod(0700, $sl1dir) || die "failed to chmod $sl1dir, stopped"; $sl1pidfile = "$tmpdir/myproxy-test.serverpid.sl1.$$"; $sl1portfile = "$tmpdir/myproxy-test.serverport.sl1.$$"; $servercmd = "$myproxy_server -s $sl1dir -c $slconf"; $servercmd .= " -l $ENV{'MYPROXY_SERVER'} -p 0"; $servercmd .= " -P $sl1pidfile -z $sl1portfile"; &debug("running '$servercmd'"); `$servercmd`; sleep(2); # give server a chance to startup if (open SERVERPIDFILE, $sl1pidfile) { $sl1pid = ; close SERVERPIDFILE; } if (!defined($sl1pid) || $sl1pid eq "") { print STDERR "failed to start slave 1:\n"; `$servercmd -d`; # show output on terminal &docleanup(); exit 1; } if (open SERVERPORTFILE, $sl1portfile) { chomp($s1port = ); close SERVERPORTFILE; } $sl2dir = "$tmpdir/myproxy-test.serverdir.sl2.$$"; mkdir($sl2dir) || die "failed to create $sl2dir, stopped"; chmod(0700, $sl2dir) || die "failed to chmod $sl2dir, stopped"; $sl2pidfile = "$tmpdir/myproxy-test.serverpid.sl2.$$"; $sl2portfile = "$tmpdir/myproxy-test.serverport.sl2.$$"; $servercmd = "$myproxy_server -s $sl2dir -c $slconf"; $servercmd .= " -p 0 -P $sl2pidfile -z $sl2portfile"; &debug("running '$servercmd'"); `$servercmd`; sleep(2); # give server a chance to startup if (open SERVERPIDFILE, $sl2pidfile) { $sl2pid = ; close SERVERPIDFILE; } if (!defined($sl2pid) || $sl2pid eq "") { print STDERR "failed to start slave 2:\n"; `$servercmd -d`; # show output on terminal &docleanup(); exit 1; } if (open SERVERPORTFILE, $sl2portfile) { chomp($s2port = ); close SERVERPORTFILE; } start_sl3(); sub start_sl3 { $sl3dir = "$tmpdir/myproxy-test.serverdir.sl3.$$"; if( !(-d $sl3dir) ) { mkdir($sl3dir) || die "failed to create $sl3dir, stopped"; } chmod(0700, $sl3dir) || die "failed to chmod $sl3dir, stopped"; $sl3pidfile = "$tmpdir/myproxy-test.serverpid.sl3.$$"; $sl3portfile = "$tmpdir/myproxy-test.serverport.sl3.$$"; $servercmd = "$myproxy_server -s $sl3dir -c $slconf"; if (defined($s3port)) { $servercmd .= " -p $s3port -P $sl3pidfile"; } else { $servercmd .= " -p 0 -P $sl3pidfile -z $sl3portfile"; } &debug("running '$servercmd'"); `$servercmd`; sleep(2); # give server a chance to startup if (open SERVERPIDFILE, $sl3pidfile) { $sl3pid = ; close SERVERPIDFILE; } if (!defined($sl3pid) || $sl3pid eq "") { print STDERR "failed to start slave 3:\n"; `$servercmd -d`; # show output on terminal &docleanup(); exit 1; } if (!defined($s3port)) { if (open SERVERPORTFILE, $sl3portfile) { chomp($s3port = ); close SERVERPORTFILE; } } } $masterconf = "$tmpdir/myproxy-test.serverconf.master.$$"; open(CONF, ">$masterconf") || die "failed to open $masterconf, stopped"; print CONF "accepted_credentials \"*\"\n"; print CONF "authorized_retrievers \"*\"\n"; print CONF "default_retrievers \"*\"\n"; print CONF "authorized_renewers \"*\"\n"; print CONF "default_renewers \"none\"\n"; print CONF "authorized_key_retrievers \"*\"\n"; print CONF "default_key_retrievers \"*\"\n"; print CONF "allow_self_authorization true\n"; # temporary workaround print CONF "slave_servers localhost:$s1port;localhost:$s2port;localhost:$s3port"; close(CONF); $masterdir = "$tmpdir/myproxy-test.serverdir.master.$$"; mkdir($masterdir) || die "failed to create $masterdir, stopped"; chmod(0700, $masterdir) || die "failed to chmod $masterdir, stopped"; $masterpidfile = "$tmpdir/myproxy-test.serverpid.master.$$"; $masterportfile = "$tmpdir/myproxy-test.serverport.master.$$"; $servercmd = "$myproxy_server -s $masterdir -c $masterconf"; $servercmd .= " -p 0 -P $masterpidfile -z $masterportfile"; &debug("running '$servercmd'"); `$servercmd`; sleep(2); # give server a chance to startup if (open SERVERPIDFILE, $masterpidfile) { $masterpid = ; close SERVERPIDFILE; } if (!defined($masterpid) || $masterpid eq "") { print STDERR "failed to start master:\n"; `$servercmd -d`; # show output on terminal &docleanup(); exit 1; } if (open SERVERPORTFILE, $masterportfile) { chomp($mport = ); close SERVERPORTFILE; } # # BEGIN TESTS # $SUCCESSES = $FAILURES = 0; # commands to test: myproxy-init, myproxy-info, myproxy-destroy, # myproxy-get-delegation, and myproxy-change-pass-phrase ## ## Test 1 ## ($exitstatus, $output) = &runtest("myproxy-init -s localhost -p $mport -v -a -c 1 -t 1 -S -d -k \"test credential\"", $passphrase . "\n"); print "MyProxy Test 1 (store credential): "; if ($exitstatus == 0) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } ## ## Test 2 ## ($exitstatus, $output) = &runtest("myproxy-info -s localhost -p $mport -v -d", undef); print "MyProxy Test 2 (get info for stored credential): "; if ($exitstatus == 0 && $output =~ /username/) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } ## ## Test 3 ## ($exitstatus, $output) = &runtest("myproxy-get-delegation -s localhost -p $mport -t 1 -o $tmpdir/myproxy-test.$$ -v -S -d -k \"test credential\"", $passphrase . "\n"); print "MyProxy Test 3 (retrieve stored credential): "; if ($exitstatus == 0) { ($exitstatus, $output) = &verifyproxy("$tmpdir/myproxy-test.$$"); } if ($exitstatus == 0) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } ## ## Test 4 ## ($exitstatus, $output) = &runtest("myproxy-replicate -d -v -c $masterconf -r $masterdir", undef); print "MyProxy Test 4 (Replicate master server to all slaves): "; if ($exitstatus == 0) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; goto end_of_tests; } ## ## Test 5 ## ($exitstatus, $output) = &runtest("myproxy-get-delegation -s localhost -p $s1port -t 1 -o $tmpdir/myproxy-test.$$ -v -S -d -k \"test credential\"", $passphrase . "\n"); print "MyProxy Test 5 (retrieve stored credential from slave): "; if ($exitstatus == 0) { ($exitstatus, $output) = &verifyproxy("$tmpdir/myproxy-test.$$"); } if ($exitstatus == 0) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } ## ## Test 6 ## $old_passphrase = $passphrase; $passphrase = sprintf "%010d", int(rand(0x7fffffff)); ($exitstatus, $output) = &runtest("myproxy-change-pass-phrase -s localhost -p $mport -v -S -d -k \"test credential\"", "$old_passphrase\n$passphrase\n"); print "MyProxy Test 6 (change passphrase for credential): "; if ($exitstatus == 0 && $output =~ /Pass phrase changed/) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } ## ## Test 7 ## ($exitstatus, $output) = &runtest("myproxy-get-delegation -s localhost -p $mport -t 1 -o $tmpdir/myproxy-test.$$ -v -S -d -k \"test credential\"", $passphrase . "\n"); print "MyProxy Test 7 (verify new passphrase): "; if ($exitstatus == 0) { ($exitstatus, $output) = &verifyproxy("$tmpdir/myproxy-test.$$"); } if ($exitstatus == 0) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } ## ## Test 8 ## ($exitstatus, $output) = &runtest("myproxy-replicate -d -v -c $masterconf -r $masterdir", undef); print "MyProxy Test 8 (Replicate master server to all slaves): "; if ($exitstatus == 0) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } ## ## Test 9 ## ($exitstatus, $output) = &runtest("myproxy-get-delegation -s localhost -p $s2port -t 1 -o $tmpdir/myproxy-test.$$ -v -S -d -k \"test credential\"", $passphrase . "\n"); print "MyProxy Test 9 (verify new passphrase has been replicated to slaves): "; if ($exitstatus == 0) { ($exitstatus, $output) = &verifyproxy("$tmpdir/myproxy-test.$$"); } if ($exitstatus == 0) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } ## ## Test 10 ## ($exitstatus, $output) = &runtest("myproxy-get-delegation -s localhost -p $s3port -a \$X509_USER_PROXY -t 1 -o $tmpdir/myproxy-test.$$ -v -d -k \"test credential\"", undef); print "MyProxy Test 10 (verify default renewal policy on slave): "; if ($exitstatus != 0) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } ## ## Test 11 ## ($exitstatus, $output) = &runtest("myproxy-destroy -s localhost -p $mport -v -d -k \"test credential\"", undef); print "MyProxy Test 11 (remove credential from master repository): "; if ($exitstatus == 0 && $output =~ /was successfully removed/) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } ## ## Test 12 ## ($exitstatus, $output) = &runtest("myproxy-info -v -d", undef); print "MyProxy Test 12 (verify credentials are removed from master): "; if (!($output =~ /default credential/)) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } ## ## Test 13 ## ($exitstatus, $output) = &runtest("myproxy-replicate -d -v -c $tmpdir/myproxy-test.serverconf.$mport.master.$$ -r $masterdir", undef); print "MyProxy Test 13 (Replicate destroy to all slaves): "; if ($exitstatus == 0) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } ## ## Test 14 ## ($exitstatus, $output) = &runtest("myproxy-get-delegation -s localhost -p $s2port -t 1 -o $tmpdir/myproxy-test.$$ -v -S -d -k \"test credential\"", $passphrase . "\n"); print "MyProxy Test 14 (verify destroy has been replicated to slaves): "; if ($exitstatus != 0 && $output =~ /exist/) { ($exitstatus, $output) = &verifyproxy("$tmpdir/myproxy-test.$$"); } if ($exitstatus == 0) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } ## ## Test 15 ## ($exitstatus, $output) = &runtest("myproxy-init -s localhost -p $mport -v -R 'nobody' -k 'nobody' -c 1 -t 1 -d -S", $passphrase . "\n"); print "MyProxy Test 15 (store credentials with renewal policies): "; if ($exitstatus == 0) { ($exitstatus, $output) = &runtest("myproxy-init -s localhost -p $mport -v -x -R '$cert_subject' -k 'mine' -c 1 -t 1 -d -S", $passphrase . "\n"); } if ($exitstatus == 0) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } ## ## Test 16 ## ($exitstatus, $output) = &runtest("myproxy-info -s localhost -p $mport -v -d", undef); print "MyProxy Test 16 (get info for stored renewal credentials): "; if ($exitstatus == 0 && $output =~ /username/) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } ## ## Test 17 ## ($exitstatus, $output) = &runtest("myproxy-get-delegation -s localhost -p $mport -k 'mine' -a $ENV{'X509_USER_PROXY'} -t 1 -o $tmpdir/myproxy-test.$$ -v -d", undef); print "MyProxy Test 17 (verify renewal policies): "; if ($exitstatus == 0) { ($exitstatus, $output) = &verifyproxy("$tmpdir/myproxy-test.$$"); } if ($exitstatus == 0) { ($exitstatus, $output) = &runtest("myproxy-get-delegation -s localhost -p $mport -k 'nobody' -a $ENV{'X509_USER_PROXY'} -t 1 -o $tmpdir/myproxy-test.$$ -v -d", undef); if ($exitstatus != 0) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR "Shouldn't have allowed retrieval.\n"; print STDERR $output; } } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } ## ## Test 18 ## ($exitstatus, $output) = &runtest("myproxy-replicate -d -v -c $masterconf -r $masterdir", undef); print "MyProxy Test 18 (Replicate to all slaves): "; if ($exitstatus == 0) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } ## ## Test 19 ## ($exitstatus, $output) = &runtest("myproxy-get-delegation -s localhost -p $s1port -k 'mine' -a $ENV{'X509_USER_PROXY'} -t 1 -o $tmpdir/myproxy-test.$$ -v -d", undef); print "MyProxy Test 19 (verify renewal policies on slave): "; if ($exitstatus == 0) { ($exitstatus, $output) = &verifyproxy("$tmpdir/myproxy-test.$$"); } if ($exitstatus == 0) { ($exitstatus, $output) = &runtest("myproxy-get-delegation -s localhost -p $s1port -k 'nobody' -a $ENV{'X509_USER_PROXY'} -t 1 -o $tmpdir/myproxy-test.$$ -v -d", undef); if ($exitstatus != 0) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR "Shouldn't have allowed retrieval.\n"; print STDERR $output; } } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } &runtest("myproxy-destroy -s localhost -p $mport -v -k 'mine' -d", undef); &runtest("myproxy-destroy -s localhost -p $mport -v -k 'nobody' -d", undef); &runtest("myproxy-replicate -d -v -c $masterconf -r $masterdir", undef); ## ## Test replication failure handling ## ## ## Test 20 ## ($exitstatus, $output) = &runtest("myproxy-init -s localhost -p $mport -v -a -c 1 -t 1 -S", $passphrase . "\n"); print "MyProxy Test 20 (store credential with default name): "; if ($exitstatus == 0) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } ## ## Test 21 ## kill('TERM', $sl3pid) if (defined($sl3pid)); ($exitstatus, $output) = &runtest("myproxy-replicate -d -v -c $masterconf -r $masterdir", undef); print "MyProxy Test 21 (Replicate master server to all slaves): "; if ($exitstatus != 0 && $output =~ /Unable to connect to/) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } ## ## Test 22 ## start_sl3(); ($exitstatus, $output) = &runtest("myproxy-replicate -d -v -c $masterconf -r $masterdir", undef); print "MyProxy Test 22 (Replicate master server to all slaves): "; if ($exitstatus == 0) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } ## ## Test 23 ## kill('TERM', $sl3pid) if (defined($sl3pid)); ($exitstatus, $output) = &runtest("myproxy-destroy -s localhost -p $mport -v", undef); print "MyProxy Test 23 (remove credential from master repository): "; if ($exitstatus == 0 && $output =~ /was successfully removed/) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } ($exitstatus, $output) = &runtest("myproxy-replicate -d -v -c $masterconf -r $masterdir", undef); print "\t(Replicate master server to all slaves): "; if ($exitstatus != 0 && $output =~ /Unable to connect to/) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } ## ## Test 24 ## start_sl3(); ($exitstatus, $output) = &runtest("myproxy-replicate -d -v -c $masterconf -r $masterdir", undef); print "MyProxy Test 24 (Replicate master server to all slaves): "; if ($exitstatus == 0) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; goto end_of_tests; } ## ## Test 25 ## kill('TERM', $sl3pid) if (defined($sl3pid)); ($exitstatus, $output) = &runtest("myproxy-init -s localhost -p $mport -v -a -c 1 -t 1 -S", $passphrase . "\n"); print "MyProxy Test 25 (store credential with default name): "; if ($exitstatus == 0) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } ($exitstatus, $output) = &runtest("myproxy-replicate -d -v -c $masterconf -r $masterdir", undef); print "\t(Replicate master server to all slaves): "; if ($exitstatus != 0 && $output =~ /Unable to connect to/) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } ($exitstatus, $output) = &runtest("myproxy-destroy -s localhost -p $mport -v", undef); print "\t(remove credential from master repository): "; if ($exitstatus == 0 && $output =~ /was successfully removed/) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } start_sl3(); ($exitstatus, $output) = &runtest("myproxy-replicate -d -v -c $masterconf -r $masterdir", undef); print "\t(Replicate master server to all slaves): "; if ($exitstatus == 0) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } # # Start of myproxy-store and myproxy-retrieve tests # # commands to test: myproxy-store, myproxy-info, myproxy-destroy, # myproxy-get-delegation, myproxy-retrieve, and # myproxy-change-pass-phrase # For myproxy-store, we need an encrypted key to store. # So, let's encrypt our proxy key. $passphrase = sprintf "%010d", int(rand(0x7fffffff)); $testkey = "$tmpdir/myproxy-test.$$.key"; &runtest("openssl rsa -des3 -passout stdin -in \$X509_USER_KEY -out $testkey", $passphrase . "\n"); chmod(0600, $testkey); # # Test 26 # ($exitstatus, $output) = &runtest("myproxy-store -s localhost -p $mport -v -t 1 -y $testkey", undef); print "MyProxy Test 26 (store credential with default name): "; if ($exitstatus == 0) { print "SUCCEEDED\n"; $SUCCESSES++; } elsif (($output =~ /Error checking authorization/) || ($output =~ /unknown command/)) { print "UNSUPPORTED\n"; $FAILURES++; print "Server does not support myproxy-store. Skipping futher myproxy-store tests.\n"; goto end_of_tests; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; print "Skipping futher myproxy-store tests.\n"; goto end_of_tests; } # # Test 27 # ($exitstatus, $output) = &runtest("myproxy-info -s localhost -p $mport -v", undef); print "MyProxy Test 27 (get info for stored credential): "; if ($exitstatus == 0 && $output =~ /username/) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } # # Test 28 # ($exitstatus, $output) = &runtest("myproxy-get-delegation -s localhost -p $mport -t 1 -o $tmpdir/myproxy-test.$$ -v -S", $passphrase . "\n"); print "MyProxy Test 28 (create proxy from stored credential on master): "; if ($exitstatus == 0) { ($exitstatus, $output) = &verifyproxy("$tmpdir/myproxy-test.$$"); } if ($exitstatus == 0) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } # # Test 29 # ($exitstatus, $output) = &runtest("myproxy-retrieve -s localhost -p $mport -c $tmpdir/myproxy-test.cert.$$ -y $tmpdir/myproxy-test.key.$$ -v -S", $passphrase . "\n"); print "MyProxy Test 29 (retrieve stored credential from master): "; if ($exitstatus == 0) { ($exitstatus, $output) = &verifycert("$tmpdir/myproxy-test.cert.$$", "$tmpdir/myproxy-test.key.$$"); } if ($exitstatus == 0) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } unlink( "$tmpdir/myproxy-test.cert.$$" ); unlink( "$tmpdir/myproxy-test.key.$$" ); ## ## Test 30 ## ($exitstatus, $output) = &runtest("myproxy-replicate -d -v -c $masterconf -r $masterdir", undef); print "MyProxy Test 30 (Replicate to all slaves): "; if ($exitstatus == 0) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } # # Test 31 # ($exitstatus, $output) = &runtest("myproxy-get-delegation -s localhost -p $s1port -t 1 -o $tmpdir/myproxy-test.$$ -v -S", $passphrase . "\n"); print "MyProxy Test 31 (create proxy from stored credential on slave): "; if ($exitstatus == 0) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } # # Test 32 # ($exitstatus, $output) = &runtest("myproxy-retrieve -s localhost -p $s2port -c $tmpdir/myproxy-test-cert.$$ -y $tmpdir/myproxy-test-key.$$ -v -S", $passphrase . "\n"); print "MyProxy Test 32 (retrieve stored credential from slave): "; if ($exitstatus == 0) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } unlink( "$tmpdir/myproxy-test.cert.$$" ); unlink( "$tmpdir/myproxy-test.key.$$" ); # # Test 33 # ($exitstatus, $output) = &runtest("myproxy-destroy -s localhost -p $mport -v", undef); print "MyProxy Test 33 (remove credential from master repository): "; if ($exitstatus == 0 && $output =~ /was successfully removed/) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } # # Test 34 # ($exitstatus, $output) = &runtest("myproxy-info -v", undef); print "MyProxy Test 34 (verify credentials are removed from master): "; if (!($output =~ /default credential/)) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } ## ## Test 35 ## ($exitstatus, $output) = &runtest("myproxy-replicate -d -v -c $masterconf -r $masterdir", undef); print "MyProxy Test 35 (Replicate to all slaves): "; if ($exitstatus == 0) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } ## ## Test 36 ## ($exitstatus, $output) = &runtest("myproxy-get-delegation -s localhost -p $s3port -t 1 -o $tmpdir/myproxy-test.$$ -v -S", $passphrase . "\n"); print "MyProxy Test 36 (verify destroy has been replicated to slaves): "; if ($exitstatus != 0 && $output =~ /exist/) { ($exitstatus, $output) = &verifyproxy("$tmpdir/myproxy-test.$$"); } if ($exitstatus == 0) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } end_of_tests: &runtest("myproxy-destroy -v -k 'mine' -d", undef); &runtest("myproxy-destroy -v -k 'nobody' -d", undef); `rm -f $tmpdir/myproxy-test.*.12.*.$$`; unlink("$tmpdir/myproxy-test.$$.key"); # # END TESTS # &docleanup(); print "MyProxy Tests Complete: ", $SUCCESSES, " tests passed, "; print $FAILURES, " tests failed\n"; exit $FAILURES; # # SUBROUTINES # sub runtest { local($command, $input) = @_; $pid = open3(*Writer, *Reader, 0, "exec $command") || die "failed to run $command"; print Writer $input if (defined($input)); close(Writer); @output = ; close(Reader); waitpid($pid, 0); $exitstatus = $?; $output = join('', @output); return ($exitstatus, $output); } # # verify_proxy # # Check to see if user has a valid proxy, and verify proxy is usable # # Dependencies: (-x grid-proxy-info) # # grid-proxy-info -timeleft # die if no output, or output is less than 60 seconds # $proxy = grid-proxy-info -path # grid-proxy-init -debug -verify -cert $proxy -key $proxy # if $? == 0 then proxy is valid # if $? != 0, die, b/c proxy is invalid and won't work # sub verifyproxy { local($proxyfile) = @_; chomp (my $timeleft = `$grid_proxy_info -file $proxyfile -timeleft`); if (!defined($timeleft) || $timeleft eq "") { $output = "failed to verify proxy\n"; $output .= "'grid-proxy-info -timeleft' failed\n"; return (1, $output); } if ($timeleft < 1) { $output = "proxy is expired\n"; return (1, $output); } chomp (my $proxytype = `$grid_proxy_info -file $proxyfile -type`); local($oldproxy) = ""; if ($proxytype =~ /legacy/) { $oldproxy = "-old"; } local($output) = '$grid_proxy_init $oldproxy -debug -verify -cert $proxyfile -key $proxyfile -valid 0:1 -out $tmpdir/tmpproxy.$$'; if ($? != 0) { $output = "failed to verify proxy\n" . $output; unlink("$tmpdir/tmpproxy.$$"); return (1, $output); } # remove the new proxy we created for validation # NOTE: this does not affect the user's original proxy in any way unlink("$tmpdir/tmpproxy.$$"); return (0, ""); } # # verifycert # # Check to see if user has a valid usable certificate # # Dependencies: (-x grid-proxy-int) # # grid-proxy-init -debug -verify -cert $certfile -key $keyfile # if $? == 0 then proxy is valid # if $? != 0, die, b/c proxy is invalid and won't work # sub verifycert { local($certfile, $keyfile) = @_; local($output) = '$grid_proxy_init $oldproxy -debug -verify -cert $certfile -key $keyfile -valid 0:1 -out $tmpdir/tmpproxy.$$'; if ($? != 0) { $output = "failed to verify certificate from: $certfile and $keyfile\n" . $output; unlink("$tmpdir/tmpproxy.$$"); return (1, $output); } # remove the new proxy we created for validation # NOTE: this does not affect the user's original proxy in any way unlink("$tmpdir/tmpproxy.$$"); return (0, ""); } sub debug { print STDERR join('', @_), "\n" if ($verbose); } sub docleanup { unlink("$tmpdir/myproxy-test.$$"); unlink("$tmpdir/myproxy-test-cert.$$"); unlink("$tmpdir/myproxy-test-key.$$"); # Kill off servers... kill('TERM', $masterpid) if (defined($masterpid)); kill('TERM', $sl1pid) if (defined($sl1pid)); kill('TERM', $sl2pid) if (defined($sl2pid)); kill('TERM', $sl3pid) if (defined($sl3pid)); # Get rid of pid files... unlink($masterpidfile) if (defined($masterpidfile)); unlink($sl1pidfile) if (defined($sl1pidfile)); unlink($sl2pidfile) if (defined($sl2pidfile)); unlink($sl3pidfile) if (defined($sl3pidfile)); if ($cleanupfiles) { # Remove configuration files... unlink($masterconf) if (defined($masterconf)); unlink($slconf) if (defined($slconf)); # Get rid of left over creds and dirs... `rm -rf $masterdir` if (defined($masterdir)); `rm -rf $sl1dir` if (defined($sl1dir)); `rm -rf $sl2dir` if (defined($sl2dir)); `rm -rf $sl3dir` if (defined($sl3dir)); } } sub openport { $sockaddr = 'S n a4 x8'; $host = "127.0.0.1"; local($port) = @_; @list = getprotobyname('tcp'); $proto = $list[2]; @list = gethostbyaddr(inet_aton($host), AF_INET); $addr = $list[4]; while ($port < 65535) { $destaddr = pack($sockaddr, AF_INET, $port, $addr); socket(S, AF_INET, SOCK_STREAM, $proto) || die $!; connect(S, $destaddr); if ($! =~ /Connection refused/) { return $port; } close(S); $port++; } die "failed to find available port"; } sub runcmd { local($command, $input) = @_; print STDERR "running: ", $command, "\n" if ($verbose); $pid = open3(*Writer, *Reader, '', "exec $command") || die "failed to run $command"; print Writer $input if (defined($input)); close(Writer); @output = ; close(Reader); waitpid($pid, 0); $exitstatus = $?; $output = join('', @output); print STDERR $output if ($verbose); return ($exitstatus, $output); } myproxy-6.2.16/myproxy_sasl_client.h0000644000175100017510000000044614557142036014553 00000000000000/* * myproxy_sasl_client.h * * Internal MyProxy SASL client interface. * */ #ifndef __MYPROXY_SASL_CLIENT_H #define __MYPROXY_SASL_CLIENT_H #if defined(HAVE_LIBSASL2) int auth_sasl_negotiate_client(myproxy_socket_attrs_t *attrs, myproxy_request_t *client_request); #endif #endif myproxy-6.2.16/myproxy-replicate0000755000175100017510000003747314557142036013730 00000000000000#!/usr/bin/perl use strict; use Getopt::Long; ##use File::Find; use Fcntl ':flock'; # import LOCK_* constants use File::stat; ##use Cwd; ##use Config; use Data::Dumper; use Time::Local; use IPC::Open3; require Pod::Usage; my $MYPROXY_DEFAULT_PORT = "7512"; my $MYPROXY_DEFAULT_LOCATION = "/var/lib/myproxy"; my $MYPROXY_REPLICATE_FILE = "\.myproxy_replicate"; my $MYPROXY_DELETED_FILE = "\.myproxy_deleted"; my $MYPROXY_PID_FILE = "\.myproxy_pid"; my $SECONDS_PER_HOUR = (60 * 60); # # Do a perl check for version >= 5.005. # if ( ! ( defined eval "require 5.005" ) ) { die "Requires at least Perl version 5.005"; } my $gpath = $ENV{GLOBUS_LOCATION}; if (!defined($gpath)) { print "GLOBUS_LOCATION not defined in environment. Defaulting to /usr\n"; $ENV{GLOBUS_LOCATION} = '/usr'; $gpath = $ENV{GLOBUS_LOCATION}; } # process the -option options my ( $repository, $verbose, $debug, $help, $usage, $config ); GetOptions( 'storage|r=s' => \$repository, 'config|c=s' => \$config, 'verbose|v' => \$verbose, 'debug|d' => \$debug, 'usage|u' => \$usage, 'help|h' => \$help) or Pod::Usage::pod2usage(0); Pod::Usage::pod2usage(0) if $help; Pod::Usage::pod2usage(0) if $usage; my $dbglvl = 0; $dbglvl += 1 if( $verbose ); $dbglvl += 2 if( $debug ); my $globus_dir = $ENV{GLOBUS_LOCATION}; ## ## Find the MyProxy Repository. If one is not given check the default ## locations. ## if( !defined($repository) ) { print "Checking for $MYPROXY_DEFAULT_LOCATION\n" if( $dbglvl > 0 ); if( !(-d $MYPROXY_DEFAULT_LOCATION) ) { print "Checking for $globus_dir$MYPROXY_DEFAULT_LOCATION\n" if( $dbglvl > 0 ); if( !(-d "$globus_dir$MYPROXY_DEFAULT_LOCATION") ) { die "Could not find MyProxy repository in any of the default " . "locations.\nDefault: $MYPROXY_DEFAULT_LOCATION or " . "\$GLOBUS_LOCATION$MYPROXY_DEFAULT_LOCATION.\n"; } $repository = "$globus_dir$MYPROXY_DEFAULT_LOCATION"; } else { $repository = $MYPROXY_DEFAULT_LOCATION; } print "Setting repository to $repository\n" if( $dbglvl > 1 ); } ## ## Check to see if myproxy-store is found and executable ## my $myproxy_store; chomp($myproxy_store = `which myproxy-store 2>/dev/null`); die "myproxy-store not in PATH, stopped" if (!(-x $myproxy_store)); ## ## Check to see if myproxy-destroy is found and executable ## my $myproxy_destroy; chomp($myproxy_destroy = `which myproxy-destroy 2>/dev/null`); die "myproxy-destroy not in PATH, stopped" if (!(-x $myproxy_destroy)); ## ## Check for a server configuration file. If one is not given, check the ## default locations. ## if( !defined($config) ) { if( !(-e "/etc/myproxy-server.config") ) { if( !(-e "$globus_dir/etc/myproxy-server.config") ) { die "Could not find MyProxy configuration file in any of the " . "default locations.\nDefault: /etc/myproxy-server.config or " . "\$GLOBUS_LOCATION/etc/myproxy-server.config.\n"; } $config = "$globus_dir/etc/myproxy-server.config"; } else { $config = "/etc/myproxy-server.config"; } } print "Using server config file: $config\n" if( $dbglvl > 0 ); my $lst_rep_time; my $new_rep_time = undef; my @file_list; my $retval = main(); exit( $retval ); ########################################################################### ## Do everything ########################################################################### sub main { ## ## Make sure no other instance of myproxy-replicate can run until ## current one finishes. ## open PID, ">$repository/$MYPROXY_PID_FILE"; flock( PID, LOCK_EX ); print PID "$$\n"; my $rep_file = "$repository/$MYPROXY_REPLICATE_FILE"; ## ## Get the timestamp of the last replication. ## if( -e $rep_file ) { $lst_rep_time = get_last_replicate_time( $rep_file ); } else { $lst_rep_time = 0; } $new_rep_time = timelocal(localtime); ## ## Retrieve all of the slave MyProxy servers from config file. ## my $slave_servers = get_slaves( $config ); print "Slave Servers:\n" . Dumper $slave_servers if( $dbglvl > 1 ); ## ## Read the repository and find the files that have changed since the ## last replication. ## my $files = read_dir( $repository, "\.creds" ); print Dumper $files if( $dbglvl > 1 ); ## ## send the files to the slave servers. ## my $ret = replicate_files( $repository, $files, $slave_servers ); if( $ret == 0 ) { $ret = delete_files( $repository, $files, $slave_servers ); } ## ## Check to see if we had a problem with either replicating or ## deleting. If there was a problem don't update .myproxy_replicate ## or .myproxy_delete. ## if( !$ret ) { print "Replication complete: ", localtime() . "\n"; finish_up( $repository ); } else { print STDERR "Replication Failed\n"; } ##sleep( 50 ); flock( PID, LOCK_UN ); close PID; unlink( "$repository/$MYPROXY_PID_FILE" ); return( $ret ); } ########################################################################### ## Functions ########################################################################### ## ## get_last_replicate_time( file ) ## ## Read the replication timestamp. ## sub get_last_replicate_time { my $filename = shift; open LSTREP, $filename; $lst_rep_time = ; close LSTREP; return $lst_rep_time; } ## ## get_slaves( file ) ## ## Get the list of slave servers from the configuration file. ## sub get_slaves { my $config = shift; my $slist; my $junk; my @slave_list; open CFG, $config; for () { next if( !($_ =~ /^slave_servers/) ); ($junk, $slist) = split /slave_servers/, $_; my @slaves = split /;/, $slist; for my $s (@slaves) { my ($server, $port) = split /:/, $s; chomp($server); chomp($port); my $ops = "-s $server "; $ops .= "-p $port " if( length($port) > 0 ); push @slave_list, $ops; } } close CFG; return \@slave_list; } ## ## read_dir( directory, expression ) ## ## Read the MyProxy repository and find files that match expression. ## sub read_dir { my $directory = shift; my $expression = shift; my $files; my $stuff = undef; opendir(DIR, $directory) or die print "ERROR: directory \"$directory\" could not be opened!\n"; @file_list = map { $_->[0] } # Form a list of names without paths. grep { $_->[0] =~ /$expression/ } # extract the files. map { [ $_, "$directory/$_" ] } # form anonymous array [name, pathname] # because readdir strips the path from the bname grep { ! /^\.\.?$/ } # remove the current directory and its parent readdir(DIR); #read all of the filenames in the directory for my $f (@file_list) { my $sb = stat("$directory/$f"); my $mod_time = localtime $sb->mtime; printf "File is %s, mtime %s\n", $f, $mod_time if( $dbglvl > 1 ); if( $sb->mtime >= $lst_rep_time ) { push @{$files}, $f; } } $stuff->{'files'} = $files; closedir(DIR); $stuff->{'del'} = missing_files( $directory, @file_list ); return $stuff; } ## ## replicate_files( reposityr, files, slaves ) ## ## Replicate all of the files listed to all of the slaves listed. ## sub replicate_files { my $rep = shift; my $files = shift; my $slaves = shift; my ($exitstatus, $output); my $ret = 0; for my $f (@{$files->{'files'}}) { my $data = $f; $data =~ s/creds/data/; my $options = parse_datafile( $rep, $data ); print "File not found: $rep/$data\n File $rep/$f not replicated.\n\n" if( !defined($options) ); next if( !defined($options) ); $options .= "-c \"$rep/$f\" -y \"$rep/$f\" "; for my $s (@{$slaves}) { print "OPTIONS: $myproxy_store\n$options $s\n\n" if( $dbglvl > 2 ); ($exitstatus, $output) = runcmd( "$myproxy_store $options $s" ); if( $exitstatus != 0 ) { $ret = 1; } print STDERR "STATUS: $exitstatus\n $output\n" if( $dbglvl > 0 ); } $options = undef; } return $ret; } ## ## parse_datafile( repository, datafile ) ## ## Read the data file and use the information in it to create the option ## list for replication. ## sub parse_datafile { my $rep = shift; my $fname = shift; my $options = undef; open( FN, "$rep/$fname" ) or return undef; for my $value () { my( $tag, $val ) = split( /\=/, $value ); # OWNER creds->owner_name # where does this come from? It seems like it is something that is passed # but not flaged. If this is true, how do we get it to replicate? if( $value =~ /OWNER=(.*)/ ) { } # LIFETIME -t elsif( $value =~ /LIFETIME=(.*)/ ) { $options .= "-t " . $1 / $SECONDS_PER_HOUR . " "; } # NAME -k creds->credname elsif( $value =~ /^NAME=(.*)/ ) { $options .= "-k \"$1\" "; } # USERNAME -l elsif( $value =~ /^USERNAME=(.*)/ ) { $options .= "-l \"$1\" "; } # DESCRIPTION -K creds->creddesc elsif( $value =~ /DESCRIPTION=(.*)/ ) { $options .= "-K \"$1\" "; } # RETRIEVERS -r creds->retrievers # what about anonymous retrievers? elsif( $value =~ /RETRIEVERS=(.*)/ ) { $options .= "-x -r \"$1\" "; } # RENEWERS -R creds->renewers # what about anonymous renewers? elsif( $value =~ /RENEWERS=(.*)/ ) { $options .= "-x -R \"$1\" "; } # KEYRETRIEVERS -E creds->keyretrieve elsif( $value =~ /KEYRETRIEVERS=(.*)/ ) { $options .= "-x -E \"$1\" "; } # END_OPTIONS elsif( $tag eq "END_OPTIONS" ) { } } close FN; return $options; } ## ## missing_files( repository, files ) ## ## Look at the last snapshot of the repository on the master. Compare it ## to the current list of files in the repository. If any are missing ## from the repository, they must have been deleted, so we need to delete ## them. ## sub missing_files { my $rep = shift; my @files = @_; my @delfiles; open FD, "$rep/$MYPROXY_DELETED_FILE" or return undef; my @fd = ; for my $r (@fd) { my $fnd = 0; chomp($r); for my $f (@files) { chomp($f); $fnd = 1 if( $f eq $r ); } if( !$fnd ) { push @delfiles, $r; } } return \@delfiles } ## ## delete_files( repostiroy, files, slaves ) ## ## Using the list of files that are to be deleted, send a destroy command ## to each of the listed slaves. ## sub delete_files { my $rep = shift; my $files = shift; my $slaves = shift; my ($exitstatus, $output); my $ret = 0; for my $f (@{$files->{'del'}}) { my ($name, $ext) = split /\./, $f; my ($uname, $oname ) = split /-/, $name; my $options = "-l \"$uname\" "; $options .= "-k \"$oname\" " if( length($oname) > 0 ); for my $s (@{$slaves}) { print "OPTIONS: myproxy_destroy\n$options $s -v\n\n" if( $dbglvl > 2 ); ($exitstatus, $output) = runcmd( "$myproxy_destroy $options $s -v" ); if( ($exitstatus != 0) && !($output =~ /No such file or directory/ || $output =~ /do not exist/) ) { print "Bad delete\n"; $ret = 1; # For now do nothing about this. myproxy-server neeeds to be modified # to return more error information. There is no way to tell why this # failed. # # There are several problems with the current retry scheme. If we do # not update the date and directory snap shot. The next time around # we are going to have problems. Resending myproxy-destroy commands # to servers where the cred has already been destroied returns an # error message. This will just cause an infinate cycle of failures. # # If we log the deletes and then rerun them we can run into problems # with missing creds. If we have a case where a cred is stored but # the store fails and then before the next replicate, the user # destories that cred we will have a problem with the destory. The # server will have no idea what we are trying to destroy and return # an error. Again, we end up in an infinate cycle of destories. # # If we log both the stores and destories we still have problems. Is # we do a store and it fails and we log it, then the user destories # the cred before the next replicate. We try and do a store on a # cred that is not there. This causes an error. Then the destory # runs and we end up with another error. Now we have two infinate # cycles going. # # We need a better solution! I still like the idea of just taring # the directory and coping it over to each slave. # } print STDERR "STATUS: $exitstatus\n $output\n" if( $dbglvl > 0 ); } $options = undef; } return $ret; } ## ## runcmd( command ) ## ## Run a MyProxy command and capture the exit value and the output ## sub runcmd { my ($command) = @_; my $pid = open3(*Writer, *Reader, 0, "exec $command") || die "failed to run $command"; close(Writer); my @output = ; close(Reader); waitpid($pid, 0); my $exitstatus = $?; my $output = join('', @output); return ($exitstatus, $output); } sub write_timestamp { my $rep = shift; open FD, ">$rep/$MYPROXY_REPLICATE_FILE"; print FD $new_rep_time; close FD; } sub write_delete_file { my $rep = shift; open FD, ">$rep/$MYPROXY_DELETED_FILE" or die print "ERROR: $rep/$MYPROXY_DELETED_FILE could not be opened!\n"; for (@file_list) { print FD "$_\n"; } close FD; } ## ## findish_up( repository ) ## ## Update the .myproxy_replicate with the current timesamp. Update ## .myproxy_delete with the current snapshot of the repository. ## sub finish_up { my $rep = shift; open FD, ">$rep/$MYPROXY_REPLICATE_FILE"; print FD $new_rep_time; close FD; open FD, ">$rep/$MYPROXY_DELETED_FILE" or die print "ERROR: $rep/$MYPROXY_DELETED_FILE could not be opened!\n"; for (@file_list) { print FD "$_\n"; } close FD; } __END__ =head1 NAME B - Stores data from the MyProxy master repository to all the slave servers. =head1 SYNOPSIS B [options] ... Options: [-verbose|-v] Print copious output [-help|-h] Print usage [-storage|-r]= Directory of the MyProxy repository. [-config|-c]= Directory of the MyProxy Server configuration file. [-debug|-d] Run in debug mode =head1 DESCRIPTION B Replicates data. This utility will read a specified MyProxy repository and send any new or changed data to a slave MyProxy server. The slave servers are specified in the B file. This utility will need to run at some specified interval in order to keep the slave repositories semi current with the Master repository. This can best be accomplished using cron, or some similar mechanism. =head1 OPTIONS =over 8 =item B<-v>, B<-verbose> Enables verbose debugging output to the terminal. =item B<-h>, B<-help> Displays command usage text and exits. =item B<-u>, B<-usage> Displays command usage text and exits. =item B<-r> I, B<-storage> I Specifies the location of the credential storage directory. The directory must be accessible only by the user running the B process for security reasons. Default: /var/lib/myproxy or $GLOBUS_LOCATION/var/myproxy =item B<-c> I, B<-config> I Specifies the location of the myproxy-server configuration file. Default: /etc/myproxy-server.config or $GLOBUS_LOCA-TION/etc/myproxy-server.config =back =head1 SEE ALSO myproxy-init(1) myproxy-store(1) myproxy-retrieve(1) myproxy-delegate(1) myproxy-server(8) myproxy-server.config(5) =head1 AUTHOR =cut myproxy-6.2.16/safe_is_path_trusted.c0000644000175100017510000011127614557142036014642 00000000000000/* * safefile package http://www.cs.wisc.edu/~kupsch/safefile * * Copyright 2007-2008 James A. Kupsch * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #include #include #include #include #include #include #include #include #include #include #include "safe_id_range_list.h" #include "safe_is_path_trusted.h" #ifndef PATH_MAX #define PATH_MAX 4096 #endif /*********************************************************************** * * Functions to check the safety of the directory or path * ***********************************************************************/ /* * is_mode_trusted * Returns trustedness of mode * parameters * stat_buf * the result of the stat system call on the entry in question * safe_uids * list of safe user ids * safe_gids * list of safe group ids * returns * 0 SAFE_PATH_UNTRUSTED * 1 SAFE_PATH_TRUSTED_STICKY_DIR * 2 SAFE_PATH_TRUSTED * 3 SAFE_PATH_TRUSTED_CONFIDENTIAL */ static int is_mode_trusted(struct stat *stat_buf, safe_id_range_list *trusted_uids, safe_id_range_list *trusted_gids) { mode_t mode = stat_buf->st_mode; uid_t uid = stat_buf->st_uid; gid_t gid = stat_buf->st_gid; int is_untrusted_uid = (uid != 0 && !safe_is_id_in_list(trusted_uids, uid)); int is_dir = S_ISDIR(mode); int is_untrusted_group = !safe_is_id_in_list(trusted_gids, gid); int is_untrusted_group_writable = is_untrusted_group && (mode & S_IWGRP); mode_t is_other_writable = (mode & S_IWOTH); int is_trusted = SAFE_PATH_UNTRUSTED; if (!(is_untrusted_uid || is_untrusted_group_writable || is_other_writable)) { int other_read_mask = is_dir ? S_IXOTH : S_IROTH; mode_t is_other_readable = (mode & other_read_mask); int group_read_mask = is_dir ? S_IXGRP : S_IRGRP; int is_untrusted_group_readable = is_untrusted_group && (mode & group_read_mask); if (is_other_readable || is_untrusted_group_readable) { is_trusted = SAFE_PATH_TRUSTED; } else { is_trusted = SAFE_PATH_TRUSTED_CONFIDENTIAL; } } else if (S_ISLNK(mode)) { is_trusted = SAFE_PATH_TRUSTED; } else { int is_sticky_dir = is_dir && (mode & S_ISVTX); if (is_sticky_dir && !is_untrusted_uid) { is_trusted = SAFE_PATH_TRUSTED_STICKY_DIR; } } return is_trusted; } /* abbreviations to make trust_matrix initialization easier to read */ enum { PATH_U = SAFE_PATH_UNTRUSTED, PATH_S = SAFE_PATH_TRUSTED_STICKY_DIR, PATH_T = SAFE_PATH_TRUSTED, PATH_C = SAFE_PATH_TRUSTED_CONFIDENTIAL }; /* trust composition table, given the trust of the parent directory and the child * this is only valid for directories. is_component_in_dir_trusted() modifies it * slightly for other file system types */ static int trust_matrix[][4] = { /* parent\child | PATH_U PATH_U PATH_U PATH_U */ /* ------ ------------------------------ */ /* PATH_U */ { PATH_U, PATH_U, PATH_U, PATH_U }, /* PATH_S */ { PATH_U, PATH_S, PATH_T, PATH_C }, /* PATH_T */ { PATH_U, PATH_S, PATH_T, PATH_C }, /* PATH_C */ { PATH_U, PATH_S, PATH_T, PATH_C } }; /* * is_component_in_dir_trusted * Returns trustedness of mode. See trust_matrix above, plus if the * parent directory is a stick bit directory everything that can be * hard linked (everyting except directories) is SAFE_PATH_UNTRUSTED. * parameters * parent_dir_trust * trust level of parent directory * child_stat_buf * the result of the stat system call on the entry in question * safe_uids * list of safe user ids * safe_gids * list of safe group ids * returns * 0 SAFE_PATH_UNTRUSTED * 1 SAFE_PATH_TRUSTED_STICKY_DIR * 2 SAFE_PATH_TRUSTED * 3 SAFE_PATH_TRUSTED_CONFIDENTIAL */ static int is_component_in_dir_trusted( int parent_dir_trust, struct stat *child_stat_buf, safe_id_range_list *trusted_uids, safe_id_range_list *trusted_gids ) { int child_trust = is_mode_trusted(child_stat_buf, trusted_uids, trusted_gids); int status = trust_matrix[parent_dir_trust][child_trust]; int is_dir = S_ISDIR(child_stat_buf->st_mode); if (parent_dir_trust == SAFE_PATH_TRUSTED_STICKY_DIR && !is_dir) { /* anything in a sticky bit directory is untrusted, except a directory */ status = SAFE_PATH_UNTRUSTED; } return status; } /* * is_current_working_directory_trusted * Returns the trustedness of the current working directory. If any * directory from here to the root is untrusted the path is untrusted, * otherwise it returns the trustedness of the current working directory. * * This function is not thread safe if other threads depend on the value * of the current working directory as it changes the current working * directory while checking the path and restores it on exit. * parameters * safe_uids * list of safe user ids * safe_gids * list of safe group ids * returns * <0 on error * 0 SAFE_PATH_UNTRUSTED * 1 SAFE_PATH_TRUSTED_STICKY_DIR * 2 SAFE_PATH_TRUSTED * 3 SAFE_PATH_TRUSTED_CONFIDENTIAL */ static int is_current_working_directory_trusted(safe_id_range_list *trusted_uids, safe_id_range_list *trusted_gids) { int saved_dir = -1; int parent_dir_fd = -1; int r; int status = SAFE_PATH_UNTRUSTED; /* trust of cwd or error value */ int cur_status; /* trust of current directory being checked */ struct stat cur_stat; struct stat prev_stat; int not_at_root; /* save the cwd, so it can be restored */ saved_dir = open(".", O_RDONLY); if (saved_dir == -1) { status = SAFE_PATH_ERROR; goto restore_dir_and_exit; } r = fstat(saved_dir, &cur_stat); if (r == -1) { status = SAFE_PATH_ERROR; goto restore_dir_and_exit; } /* Walk the directory tree, from the directory given to the root. * * If there is a directory that is_trusted_mode returns SAFE_PATH_UNTRUSTED * exit immediately with that value * * Assumes no hard links to directories. */ do { cur_status = is_mode_trusted(&cur_stat, trusted_uids, trusted_gids); if (status == SAFE_PATH_UNTRUSTED) { /* this is true only the first time through the loop (the cwd). * The return result is the value of the cwd. */ status = cur_status; } if (cur_status == SAFE_PATH_UNTRUSTED) { /* untrusted directory persmissions */ status = SAFE_PATH_UNTRUSTED; goto restore_dir_and_exit; } prev_stat = cur_stat; /* get handle to parent directory */ parent_dir_fd = open("..", O_RDONLY); if (parent_dir_fd == -1) { status = SAFE_PATH_ERROR; goto restore_dir_and_exit; } /* get the parent directory stat buffer */ r = fstat(parent_dir_fd, &cur_stat); if (r == -1) { status = SAFE_PATH_ERROR; goto restore_dir_and_exit; } /* check if we are at the root directory */ not_at_root = cur_stat.st_dev != prev_stat.st_dev || cur_stat.st_ino != prev_stat.st_ino; if (not_at_root) { /* not at root, change directory to parent */ r = fchdir(parent_dir_fd); if (r == -1) { status = SAFE_PATH_ERROR; goto restore_dir_and_exit; } } /* done with parent directory handle, close it */ r = close(parent_dir_fd); if (r == -1) { status = SAFE_PATH_ERROR; goto restore_dir_and_exit; } parent_dir_fd = -1; } while (not_at_root); restore_dir_and_exit: /* restore the old working directory & close open file descriptors if needed * and return value */ if (saved_dir != -1) { r = fchdir(saved_dir); if (r == -1) { status = SAFE_PATH_ERROR; } r = close(saved_dir); if (r == -1) { status = SAFE_PATH_ERROR; } } if (parent_dir_fd != -1) { r = close(parent_dir_fd); if (r == -1) { status = SAFE_PATH_ERROR; } } return status; } /* * is_current_working_directory_trusted_r * Returns the trustedness of the current working directory. If any * directory from here to the root is untrusted the path is untrusted, * otherwise it returns the trustedness of the current working directory. * parameters * safe_uids * list of safe user ids * safe_gids * list of safe group ids * returns * <0 on error * 0 SAFE_PATH_UNTRUSTED * 1 SAFE_PATH_TRUSTED_STICKY_DIR * 2 SAFE_PATH_TRUSTED * 3 SAFE_PATH_TRUSTED_CONFIDENTIAL */ static int is_current_working_directory_trusted_r(safe_id_range_list *trusted_uids, safe_id_range_list *trusted_gids) { int r; int status = SAFE_PATH_UNTRUSTED; /* trust of cwd or error value */ int cur_status; /* trust of current directory being checked */ struct stat cur_stat; struct stat prev_stat; int not_at_root; char path[PATH_MAX] = "."; char *path_end = &path[0]; r = lstat(path, &cur_stat); if (r == -1) { return SAFE_PATH_ERROR; } /* Walk the directory tree, from the directory given to the root. * * If there is a directory that is_trusted_mode returns SAFE_PATH_UNTRUSTED * exit immediately with that value * * Assumes no hard links to directories. */ do { cur_status = is_mode_trusted(&cur_stat, trusted_uids, trusted_gids); if (status == SAFE_PATH_UNTRUSTED) { /* this is true only the first time through the loop (the cwd). * The return result is the value of the cwd. */ status = cur_status; } if (cur_status == SAFE_PATH_UNTRUSTED) { /* untrusted directory persmissions */ return SAFE_PATH_UNTRUSTED; } prev_stat = cur_stat; if (path_end != path) { /* if not the first time through, append a directory separator */ if ((size_t)(path_end - path + 1) > sizeof(path)) { errno = ENAMETOOLONG; return SAFE_PATH_ERROR; } *path_end++ = '/'; *path_end = '\0'; } /* append a parent directory, .. */ if ((size_t)(path_end - path + 1) > sizeof(path)) { errno = ENAMETOOLONG; return SAFE_PATH_ERROR; } *path_end++ = '.'; *path_end++ = '.'; *path_end = '\0'; /* get the parent directory stat buffer */ r = lstat(path, &cur_stat); if (r == -1) { return SAFE_PATH_ERROR; } /* check if we are at the root directory */ not_at_root = cur_stat.st_dev != prev_stat.st_dev || cur_stat.st_ino != prev_stat.st_ino; } while (not_at_root); return status; } #ifdef SYMLOOP_MAX #define MAX_SYMLINK_DEPTH SYMLOOP_MAX #else #define MAX_SYMLINK_DEPTH 32 #endif typedef struct dir_stack { struct dir_path { char *original_ptr; char *cur_position; } stack[MAX_SYMLINK_DEPTH]; int count; } dir_stack; /* * init_dir_stack * Initialize a dir_stack data structure * parameters * stack * pointer to a dir_stack to initialize * returns * Nothing */ static void init_dir_stack(dir_stack* stack) { stack->count = 0; } /* * destroy_dir_stack * Destroy a dir_stack data structure, free's unfreed paths that have * been pushed onto the stack * parameters * stack * pointer to a dir_stack to destroy * returns * Nothing */ static void destroy_dir_stack(dir_stack* stack) { while (stack->count > 0) { free(stack->stack[--stack->count].original_ptr); } } /* * push_path_on_stack * Pushes a copy of the path onto the directory stack * parameters * stack * pointer to a dir_stack to get pushed * path * path to push on the stack. A copy is made. * returns * 0 on success * <0 on error (if the stack if contains MAX_SYMLINK_DEPTH directories * errno = ELOOP for detecting symbolic link loops */ static int push_path_on_stack(dir_stack* stack, const char* path) { char *new_path; if (stack->count >= MAX_SYMLINK_DEPTH) { /* return potential symbolic link loop */ errno = ELOOP; return -1; } new_path = strdup(path); if (new_path == NULL) { return -1; } stack->stack[stack->count].original_ptr = new_path; stack->stack[stack->count].cur_position = new_path; ++stack->count; return 0; } /* * get_next_component * Returns the next directory component that was pushed on the stack. * This value is always a local entry in the current directory (contains * no "/"), unless this is the first call to get_next_component after * an absolute path name was pushed on the stack, in which case the root * directory path ("/") is returned. * * The pointer to path is valid until the next call to get_next_component, * or destroy_dir_stack is called. The dir_stack owns the memory pointed * by *path. * parameters * stack * pointer to a dir_stack to get the next component * path * pointer to a pointer to store the next component * returns * 0 on success * <0 on stack empty */ static int get_next_component(dir_stack* stack, const char **path) { while (stack->count > 0) { if (!*stack->stack[stack->count - 1].cur_position) { /* current top is now empty, delete it, and try again */ --stack->count; free(stack->stack[stack->count].original_ptr); } else { /* get beginning of the path */ char *cur_path = stack->stack[stack->count - 1].cur_position; /* find the end */ char *dir_sep_pos = strchr(cur_path, '/'); *path = cur_path; if (dir_sep_pos) { if (dir_sep_pos == stack->stack[stack->count - 1].original_ptr) { /* at the beginning of an absolute path, return root directory */ *path = "/"; } else { /* terminate the path returned just after the end of the component */ *dir_sep_pos = '\0'; } /* set the pointer for the next call */ stack->stack[stack->count - 1].cur_position = dir_sep_pos + 1; } else { /* at the last component, set the pointer to the end of the string */ stack->stack[stack->count - 1].cur_position += strlen(cur_path); } /* return success */ return 0; } } /* return stack was empty */ return -1; } /* * is_stack_empty * Returns true if the stack is empty, false otherwise. * parameters * stack * pointer to a dir_stack to get the next component * returns * 0 if stack is not empty * 1 is stack is empty */ static int is_stack_empty(dir_stack* stack) { /* since the empty items are not removed until the next call to * get_next_component(), we need to check all the items on the stack * and if any of them are not empty, return false, otherwise it truely * is empty. */ int cur_head = stack->count - 1; while (cur_head >= 0) { if (*stack->stack[cur_head--].cur_position != '\0') { return 0; } } return 1; } /* * safe_is_path_trusted * * Returns the trustedness of the path. * * If the path is relative the path from the current working directory to * the root must be trusted as defined in * is_current_working_directory_trusted(). * * This checks directory entry by directory entry for trustedness, * following symbolic links as discovered. Non-directory entries in a * sticky bit directory are not trusted as untrusted users could have * hard linked an old file at that name. * * SAFE_PATH_UNTRUSTED is returned if the path is not trusted somewhere. * SAFE_PATH_TRUSTED_STICKY_DIR is returned if the path is trusted but ends * in a stick bit directory. This path should only be used to * make a true temporaray file (opened using mkstemp(), and * the pathname returned never used again except to remove the * file in the same process), or to create a directory. * SAFE_PATH_TRUSTED is returned only if the path given always referes to * the same object and the object referred can not be modified. * SAFE_PATH_TRUSTED_CONFIDENTIAL is returned if the path is * SAFE_PATH_TRUSTED and the object referred to can not be read by * untrusted users. This assumes the permissions on the object * were always strong enough to return this during the life of the * object. This confidentiality is only based on the the actual * object, not the containing directories (for example a file with * weak permissions in a confidential directory is not * confidential). * * This function is not thread safe if other threads depend on the value * of the current working directory as it changes the current working * directory while checking the path and restores it on exit. * parameters * pathname * name of path to check * safe_uids * list of safe user ids * safe_gids * list of safe group ids * returns * <0 on error * 0 SAFE_PATH_UNTRUSTED * 1 SAFE_PATH_TRUSTED_STICKY_DIR * 2 SAFE_PATH_TRUSTED * 3 SAFE_PATH_TRUSTED_CONFIDENTIAL */ int safe_is_path_trusted(const char *pathname, safe_id_range_list *trusted_uids, safe_id_range_list *trusted_gids) { int r; int status = SAFE_PATH_UNTRUSTED; int previous_status; int num_tries; int saved_dir; dir_stack paths; const char *path; if (!pathname || !trusted_uids || !trusted_gids) { errno = EINVAL; return SAFE_PATH_ERROR; } init_dir_stack(&paths); saved_dir = open(".", O_RDONLY); if (saved_dir == -1) { goto restore_dir_and_exit; } /* * If the path is relative, check that the current working directory is a * trusted file system object. If it is not then the path is not trusted */ if (*pathname != '/') { /* relative path */ status = is_current_working_directory_trusted(trusted_uids, trusted_gids); if (status <= SAFE_PATH_UNTRUSTED) { /* an error or untrusted current working directory */ goto restore_dir_and_exit; } } /* start the stack with the pathname given */ if (push_path_on_stack(&paths, pathname)) { status = SAFE_PATH_ERROR; goto restore_dir_and_exit; } while (!get_next_component(&paths, &path)) { struct stat stat_buf; mode_t m; int prev_status; if (*path == '\0' || !strcmp(path, ".")) { /* current directory, already checked */ continue; } if (!strcmp(path, "/")) { /* restarting at root, trust what is above root */ status = SAFE_PATH_TRUSTED; } prev_status = status; /* * At this point if the directory component is '..', then the status * should be set to be that of the grandparent directory, '../..', * for the code below to work, which would require either recomputing * the value, or keeping a cache of the value (which could then be used * to get the trust level of '..' directly). * * This is not necessary at this point in the processing as we know that * 1) '..' is a directory * 2) '../..' trust was not SAFE_PATH_UNTRUSTED * 3) the current trust level (status) is not SAFE_PATH_UNTRUSTED * 4) the trust matrix rows are the same, when the parent is not * SAFE_PATH_UNTRUSTED * So not chnaging status will still result in the correct value * * WARNING: If any of these assumptions change, this will need to change. */ previous_status = status; num_tries = 0; try_lstat_again: if (++num_tries > SAFE_IS_PATH_TRUSTED_RETRY_MAX) { /* let the user decide what to do */ status = SAFE_PATH_ERROR; errno = EAGAIN; goto restore_dir_and_exit; } /* check the next component in the path */ r = lstat(path, &stat_buf); if (r == -1) { status = SAFE_PATH_ERROR; goto restore_dir_and_exit; } /* compute the new trust, from the parent trust and the current directory */ status = is_component_in_dir_trusted(status, &stat_buf, trusted_uids, trusted_gids); if (status <= SAFE_PATH_UNTRUSTED) { goto restore_dir_and_exit; } m = stat_buf.st_mode; if (S_ISLNK(m)) { /* symbolic link found */ size_t link_path_len = (size_t)stat_buf.st_size; int readlink_len; char *link_path = 0; link_path = (char*)malloc(link_path_len + 1); if (link_path == 0) { status = SAFE_PATH_ERROR; errno = ENOMEM; goto restore_dir_and_exit; } /* Get the link's referent. readlink does not null terminate. * Let it read one more than the size it is supposed to be to * detect truncation. */ readlink_len = readlink(path, link_path, link_path_len + 1); if (readlink_len == -1) { free(link_path); status = SAFE_PATH_ERROR; goto restore_dir_and_exit; } /* check for truncation of value */ if ((size_t)readlink_len > link_path_len) { free(link_path); status = previous_status; goto try_lstat_again; } /* null terminate referent from readlink */ link_path[readlink_len] = '\0'; /* add the path of the referent to the stack */ if (push_path_on_stack(&paths, link_path)) { free(link_path); status = SAFE_PATH_ERROR; goto restore_dir_and_exit; } /* restore value to that of containing directory */ status = prev_status; free(link_path); continue; } else if (!is_stack_empty(&paths)) { /* more components remaining, change directory * it is not a sym link, so it must be a directory, or an error */ r = chdir(path); if (r == -1) { status = SAFE_PATH_ERROR; goto restore_dir_and_exit; } } } restore_dir_and_exit: /* restore original directory if needed and return value */ destroy_dir_stack(&paths); if (saved_dir != -1) { r = fchdir(saved_dir); if (r == -1) { status = SAFE_PATH_ERROR; } r = close(saved_dir); if (r == -1) { status = SAFE_PATH_ERROR; } } return status; } /* * safe_is_path_trusted_fork * * Returns the trustedness of the path. * * This functino is thread/signal handler safe in that it does not change * the current working directory. It does fork the process to return do * the check, which changes the new process's current working directory as * it does the checks by calling safe_is_path_trusted(). * * If the path is relative the path from the current working directory to * the root must be trusted as defined in * is_current_working_directory_trusted(). * * This checks directory entry by directory entry for trustedness, * following symbolic links as discovered. Non-directory entries in a * sticky bit directory are not trusted as untrusted users could have * hard linked an old file at that name. * * SAFE_PATH_UNTRUSTED is returned if the path is not trusted somewhere. * SAFE_PATH_TRUSTED_STICKY_DIR is returned if the path is trusted but ends * in a stick bit directory. This path should only be used to * make a true temporaray file (opened using mkstemp(), and * the pathname returned never used again except to remove the * file in the same process), or to create a directory. * SAFE_PATH_TRUSTED is returned only if the path given always referes to * the same object and the object referred can not be modified. * SAFE_PATH_TRUSTED_CONFIDENTIAL is returned if the path is * SAFE_PATH_TRUSTED and the object referred to can not be read by * untrusted users. This assumes the permissions on the object * were always strong enough to return this during the life of the * object. This confidentiality is only based on the the actual * object, not the containing directories (for example a file with * weak permissions in a confidential directory is not * confidential). * * parameters * pathname * name of path to check * safe_uids * list of safe user ids * safe_gids * list of safe group ids * returns * <0 on error * 0 SAFE_PATH_UNTRUSTED * 1 SAFE_PATH_TRUSTED_STICKY_DIR * 2 SAFE_PATH_TRUSTED * 3 SAFE_PATH_TRUSTED_CONFIDENTIAL */ int safe_is_path_trusted_fork(const char *pathname, safe_id_range_list *trusted_uids, safe_id_range_list *trusted_gids) { int r; int status = 0; pid_t pid; int fd[2]; sigset_t no_sigchld_mask; sigset_t save_mask; sigset_t all_signals_mask; struct result_struct { int status; int err; }; struct result_struct result; if (!pathname || !trusted_uids || !trusted_gids) { errno = EINVAL; return SAFE_PATH_ERROR; } /* create a mask to block all signals */ r = sigfillset(&all_signals_mask); if (r < 0) { return SAFE_PATH_ERROR; } /* set no_sigchld_mask to current mask with SIGCHLD */ #ifdef HAVE_PTHREAD_SIGMASK r = pthread_sigmask(SIG_BLOCK, NULL, &no_sigchld_mask); #else r = sigprocmask(SIG_BLOCK, NULL, &no_sigchld_mask); #endif if (r < 0) { return SAFE_PATH_ERROR; } r = sigaddset(&no_sigchld_mask, SIGCHLD); if (r < 0) { return SAFE_PATH_ERROR; } /* block all signals to prevent a signal handler from running in our * child */ #ifdef HAVE_PTHREAD_SIGMASK r = pthread_sigmask(SIG_SETMASK, &all_signals_mask, &save_mask); #else r = sigprocmask(SIG_SETMASK, &all_signals_mask, &save_mask); #endif if (r < 0) { return SAFE_PATH_ERROR; } /* create a pipe to communicate the results back */ r = pipe(fd); if (r < 0) { goto restore_mask_and_exit; } pid = fork(); if (pid < 0) { status = SAFE_PATH_ERROR; goto restore_mask_and_exit; } else if (pid == 0) { /* in the child process * * SIGPIPE should be set to SIG_IGN if signal handling is ever * unblocked in the child, so the child is not killed by SIGPIPE if the * parent exits before the write. Since all signals are blocked in the * child and only the child writes to the pipe, it is ok. */ char *buf = (char*)&result; ssize_t bytes_to_send = sizeof result; /* close the read end of the pipe */ r = close(fd[0]); result.status = safe_is_path_trusted(pathname, trusted_uids, trusted_gids); result.err = errno; /* send the result and errno back, handle EINTR and partial writes */ while (bytes_to_send > 0) { ssize_t bytes_sent = write(fd[1], buf, (size_t)bytes_to_send); if (bytes_sent != bytes_to_send && errno != EINTR) { status = SAFE_PATH_ERROR; break; } else if (bytes_sent > 0) { buf += bytes_sent; bytes_to_send -= bytes_sent; } } r = close(fd[1]); if (r < 0) { status = SAFE_PATH_ERROR; } /* do not do any cleanup (atexit, etc) leave it to the parent */ _exit(status); } else { /* in the parent process */ char *buf = (char*)&result; ssize_t bytes_to_read = sizeof result; int child_status; /* allow all signals except SIGCHLD from being sent, * so the application does not see our child die */ #ifdef HAVE_PTHREAD_SIGMASK r = pthread_sigmask(SIG_SETMASK, &no_sigchld_mask, NULL); #else r = sigprocmask(SIG_SETMASK, &no_sigchld_mask, NULL); #endif if (r < 0) { status = SAFE_PATH_ERROR; } /* close the write end of the pipe */ r = close(fd[1]); if (r < 0) { status = SAFE_PATH_ERROR; } result.err = 0; /* read the result and errno, handle EINTR and partial reads */ while (status != SAFE_PATH_ERROR && bytes_to_read > 0) { ssize_t bytes_read = read(fd[0], buf, (size_t)bytes_to_read); if (bytes_read != bytes_to_read && errno != EINTR) { status = SAFE_PATH_ERROR; } else if (bytes_read > 0) { buf += bytes_read; bytes_to_read -= bytes_read; } else if (bytes_read == 0) { /* EOF - pipe was closed before all the data was written */ status = SAFE_PATH_ERROR; } } if (status == 0) { /* successfully got result and errno from child set them */ status = result.status; errno = result.err; } r = close(fd[0]); if (r < 0) { status = SAFE_PATH_ERROR; } while (waitpid(pid, &child_status, 0) < 0) { if (errno != EINTR) { status = SAFE_PATH_ERROR; goto restore_mask_and_exit; } } if (!WIFEXITED(child_status) && WEXITSTATUS(child_status) != 0) { status = SAFE_PATH_ERROR; } } restore_mask_and_exit: #ifdef HAVE_PTHREAD_SIGMASK r = pthread_sigmask(SIG_SETMASK, &save_mask, NULL); #else r = sigprocmask(SIG_SETMASK, &save_mask, NULL); #endif if (r < 0) { status = r; } return status; } /* * append_dir_entry_to_path * * Creates a new path that starts in "path" and moves to "name". Path are * name are both assumed to contain no symbolic links. * * If name is "/", path is set to "/". If name is "" or ".", path is * unchanged. If name is "..", the last component of path is removed if * it exists and is not "", ".", or "..". Otherwise, "/name" is appended * to the path. If path exceed the path buffer, ENAMETOOLONG is returned * and path is left unchanged. * * parameters * path * a pointer to the beginning of the path buffer, that is the * current directory to which name is relative. Path contains no * symbolic links. * path_end * a pointer to a pointer to the current end of the path. Updated * to reflect the new end of path on success. * buf_end * a pointer to one past the end of the path buffer * name * the new path component to traverse relative to path. It is * assumed to be a single directory name (no directory separators, * "/", in name), or the root directory "/"; and the name is not * a symbolic link. * returns * 0 on success * -1 on error */ static int append_dir_entry_to_path(char *path, char **path_end, char *buf_end, const char *name) { char *old_path_end = *path_end; if (*name == '\0' || !strcmp(name, ".")) { /* current working directory name, skip */ return 0; } if (!strcmp(name, "/")) { /* reset the path, if name is the root directory */ *path_end = path; } if (!strcmp(name, "..")) { /* if path is empty, skip and append ".." later */ if (path != *path_end) { /* find the beginning of the last component */ char *last_comp = *path_end; while (last_comp > path && last_comp[-1] != '/') { --last_comp; } if (strcmp(last_comp, "") && strcmp(last_comp, ".") && strcmp(last_comp, "..")) { /* if not current or parent directory, remove component */ *path_end = last_comp; if (last_comp > path) { --*path_end; } **path_end = '\0'; } return 0; } } if (*path_end != path && (*path_end)[-1] != '/') { if (*path_end + 1 >= buf_end) { errno = ENAMETOOLONG; return -1; } *(*path_end)++ = '/'; *(*path_end) = '\0'; } /* copy component name to the end, except null */ while (*path_end < buf_end && *name) { *(*path_end)++ = *name++; } if (*name) { /* not enough room for path, return error */ errno = ENAMETOOLONG; *old_path_end = '\0'; return -1; } /* null terminate the path */ **path_end = '\0'; return 0; } /* * safe_is_path_trusted_r * * Returns the trustedness of the path. * * If the path is relative the path from the current working directory to * the root must be trusted as defined in * is_current_working_directory_trusted(). * * This checks directory entry by directory entry for trustedness, * following symbolic links as discovered. Non-directory entries in a * sticky bit directory are not trusted as untrusted users could have * hard linked an old file at that name. * * SAFE_PATH_UNTRUSTED is returned if the path is not trusted somewhere. * SAFE_PATH_TRUSTED_STICKY_DIR is returned if the path is trusted but ends * in a stick bit directory. This path should only be used to * make a true temporaray file (opened using mkstemp(), and * the pathname returned never used again except to remove the * file in the same process), or to create a directory. * SAFE_PATH_TRUSTED is returned only if the path given always referes to * the same object and the object referred can not be modified. * SAFE_PATH_TRUSTED_CONFIDENTIAL is returned if the path is * SAFE_PATH_TRUSTED and the object referred to can not be read by * untrusted users. This assumes the permissions on the object * were always strong enough to return this during the life of the * object. This confidentiality is only based on the the actual * object, not the containing directories (for example a file with * weak permissions in a confidential directory is not * confidential). * parameters * pathname * name of path to check * safe_uids * list of safe user ids * safe_gids * list of safe group ids * returns * <0 on error * 0 SAFE_PATH_UNTRUSTED * 1 SAFE_PATH_TRUSTED_STICKY_DIR * 2 SAFE_PATH_TRUSTED * 3 SAFE_PATH_TRUSTED_CONFIDENTIAL */ int safe_is_path_trusted_r(const char *pathname, safe_id_range_list *trusted_uids, safe_id_range_list *trusted_gids) { int r; int status = SAFE_PATH_UNTRUSTED; int previous_status; int num_tries; dir_stack paths; const char *comp_name; char path[PATH_MAX]; char *path_end = path; char *prev_path_end; if (!pathname || !trusted_uids || !trusted_gids) { errno = EINVAL; return SAFE_PATH_ERROR; } init_dir_stack(&paths); if (*pathname != '/') { /* relative path */ status = is_current_working_directory_trusted_r(trusted_uids, trusted_gids); if (status <= SAFE_PATH_UNTRUSTED) { /* an error or untrusted current working directory */ goto cleanup_and_exit; } } /* start the stack with the pathname given */ if (push_path_on_stack(&paths, pathname)) { status = SAFE_PATH_ERROR; goto cleanup_and_exit; } while (!get_next_component(&paths, &comp_name)) { struct stat stat_buf; mode_t m; int prev_status; if (*comp_name == '\0' || !strcmp(comp_name, ".")) { /* current directory, already checked */ continue; } if (!strcmp(comp_name, "/")) { /* restarting at root, trust what is above root */ status = SAFE_PATH_TRUSTED; } prev_path_end = path_end; prev_status = status; r = append_dir_entry_to_path(path, &path_end, path + sizeof(path), comp_name); if (r == -1) { status = SAFE_PATH_ERROR; goto cleanup_and_exit; } /* * At this point if the directory component is '..', then the status * should be set to be that of the grandparent directory, '../..', * for the code below to work, which would require either recomputing * the value, or keeping a cache of the value (which could then be used * to get the trust level of '..' directly). * * This is not necessary at this point in the processing as we know that * 1) '..' is a directory * 2) '../..' trust was not SAFE_PATH_UNTRUSTED * 3) the current trust level (status) is not SAFE_PATH_UNTRUSTED * 4) the trust matrix rows are the same, when the parent is not * SAFE_PATH_UNTRUSTED * So not chnaging status will still result in the correct value * * WARNING: If any of these assumptions change, this will need to change. */ previous_status = status; num_tries = 0; try_lstat_again: if (++num_tries > SAFE_IS_PATH_TRUSTED_RETRY_MAX) { /* let the user decide what to do */ status = SAFE_PATH_ERROR; errno = EAGAIN; goto cleanup_and_exit; } /* check the next component in the path */ r = lstat(path, &stat_buf); if (r == -1) { status = SAFE_PATH_ERROR; goto cleanup_and_exit; } /* compute the new trust, from the parent trust and the current directory */ status = is_component_in_dir_trusted(status, &stat_buf, trusted_uids, trusted_gids); if (status <= SAFE_PATH_UNTRUSTED) { goto cleanup_and_exit; } m = stat_buf.st_mode; if (S_ISLNK(m)) { /* symbolic link found */ size_t link_path_len = (size_t)stat_buf.st_size; int readlink_len; char *link_path = (char*)malloc(link_path_len + 1); if (link_path == 0) { status = SAFE_PATH_ERROR; errno = ENOMEM; goto cleanup_and_exit; } /* Get the link's referent. readlink does not null terminate. * Let it read on emore that the size it is supposed to be to * detect truncation. */ readlink_len = readlink(path, link_path, link_path_len + 1); if (readlink_len == -1) { free(link_path); status = SAFE_PATH_ERROR; goto cleanup_and_exit; } if ((size_t)readlink_len > link_path_len) { free(link_path); status = previous_status; goto try_lstat_again; } /* null terminate referent from readlink */ link_path[readlink_len] = '\0'; /* add path to the stack */ if (push_path_on_stack(&paths, link_path)) { free(link_path); status = SAFE_PATH_ERROR; goto cleanup_and_exit; } free(link_path); /* restore values to the containing directory */ status = prev_status; path_end = prev_path_end; *path_end = '\0'; } else { if (!is_stack_empty(&paths) && !S_ISDIR(stat_buf.st_mode)) { status = SAFE_PATH_ERROR; errno = ENOTDIR; goto cleanup_and_exit; } } } cleanup_and_exit: /* restore original directory if needed and return value */ destroy_dir_stack(&paths); /* if this algorithm failed because the pathname was too long, * try the fork version on the same pathname as it can handle all valid paths */ if (status == SAFE_PATH_ERROR && errno == ENAMETOOLONG) { status = safe_is_path_trusted_fork(pathname, trusted_uids, trusted_gids); } return status; } myproxy-6.2.16/myproxy.init.sles0000644000175100017510000000634114557142036013654 00000000000000#!/bin/sh # # myproxy-server - Server for X.509 Public Key Infrastructure (PKI) security credentials # # chkconfig: 235 55 25 # description: Server for X.509 Public Key Infrastructure (PKI) security credentials # ### BEGIN INIT INFO # Provides: myproxy-server # Required-Start: $remote_fs $network $syslog # Required-Stop: $remote_fs $syslog # Should-Start: $syslog # Should-Stop: $network $syslog # Default-Stop: 0 1 4 6 # Default-Start: 2 3 5 # Short-Description: Startup the MyProxy server daemon # Description: Server for X.509 Public Key Infrastructure (PKI) security credentials ### END INIT INFO # Source function library. . /lib/lsb/init-functions exec="/usr/sbin/myproxy-server" prog=$(basename $exec) # Defaults MYPROXY_USER=myproxy MYPROXY_OPTIONS="-s /var/lib/myproxy" X509_USER_CERT=/etc/grid-security/myproxy/hostcert.pem X509_USER_KEY=/etc/grid-security/myproxy/hostkey.pem export X509_USER_CERT export X509_USER_KEY PIDFILE=/run/myproxy.pid # Override defaults here. [ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog # Start/Stop the myproxy daemon as user $MYPROXY_USER # Is there a better LSB idiom for this? if [ "$(id -u)" = 0 ]; then userexist="$(getent passwd "$MYPROXY_USER" | cut -d: -f3)" if [ "$userexist" != "" ] && [ "$userexist" != 0 ]; then exec su "$MYPROXY_USER" -s /bin/sh -c "$0 ${1+"$@"}" fi fi # A few sanity checks if [ "$1" != "status" ]; then [ ! -f $X509_USER_KEY ] && log_failure_msg "$prog: No hostkey file" && exit 0 [ ! -r $X509_USER_KEY ] && log_failure_msg "$prog: Unable to read hostkey file $X509_USER_KEY" && exit 0 [ ! -r $X509_USER_CERT ] && log_failure_msg "$prog: No hostcert file" && exit 0 [ ! -r $X509_USER_CERT ] && log_failure_msg "$prog: Unable to read hostcert file" && exit 0 fi start() { pidofproc $prog > /dev/null && log_warning_msg "$prog already running" && exit 0 cd / X509_USER_CERT=$X509_USER_CERT X509_USER_KEY=$X509_USER_KEY start_daemon -p $PIDFILE "$exec" ${MYPROXY_OPTIONS} retval="$?" if [ "$retval" -eq 0 ]; then log_success_msg "Started $prog" pidofproc "$exec" > "$PIDFILE" else log_failure_msg "Error starting $prog" fi return $retval } stop() { killproc -p $PIDFILE "$exec" retval=$? if [ "$retval" -eq 0 ]; then log_success_msg "Stopped $prog" else log_success_msg "Error stopping $prog" fi return $retval } restart() { stop start } case "$1" in start|stop|restart) $1 ;; force-reload) restart ;; status) pidofproc -p $PIDFILE $prog > /dev/null result="$?" if [ "$result" -eq 0 ]; then log_success_msg "$prog is running" else log_failure_msg "$prog is not running" fi exit $result ;; try-restart|condrestart) if pidofproc -p $PIDFILE $prog >/dev/null ; then restart fi ;; reload) # If config can be reloaded without restarting, implement it here, # remove the "exit", and add "reload" to the usage message below. # For example: pidofproc -p $PIDFILE $prog >/dev/null || exit 3 killproc -p $PIDFILE $prog -HUP ;; *) echo $"Usage: $0 {start|stop|status|restart|reload|try-restart|force-reload}" exit 2 esac myproxy-6.2.16/myproxy-server.config0000644000175100017510000006737614557142036014534 00000000000000# # Example myproxy server configuration file. # # You should modify this file to meet your specific requirements # and install in /etc/myproxy-server.config or # $GLOBUS_LOCATION/etc/myproxy-server.config. # # Any line starting with a pound sign (#) is a comment. # ###################################################################### # # Complete Sample Policy #1 - Credential Repository # # The following lines define a sample policy that enables all # myproxy-server credential repository features. # See below for more examples. #accepted_credentials "*" #authorized_retrievers "*" #default_retrievers "*" #authorized_renewers "*" #default_renewers "none" #authorized_key_retrievers "*" #default_key_retrievers "none" #trusted_retrievers "*" #default_trusted_retrievers "none" #cert_dir /etc/grid-security/certificates # # Complete Sample Policy #2 - Certificate Authority # # The following lines define a sample policy that enables # myproxy-server certificate authority features using # an existing Globus Simple CA configuration. # See below for more examples. #authorized_retrievers "*" #pam "sufficient" #sasl "sufficient" #certificate_issuer_cert /home/globus/.globus/simpleCA/cacert.pem #certificate_issuer_key /home/globus/.globus/simpleCA/private/cakey.pem #certificate_issuer_key_passphrase "myproxy" #certificate_serialfile /home/globus/.globus/simpleCA/serial #certificate_out_dir /home/globus/.globus/simpleCA/newcerts #certificate_mapfile /etc/grid-security/grid-mapfile #cert_dir /etc/grid-security/certificates # # Accepted Credentials # # Which credentials is the server willing to accept and store? # # Example: Willing to store Alliance credentials #accepted_credentials "/C=US/O=National Computational Science Alliance/CN=*" # # Example: Willing to store Globus credentials #accepted_credentials "/C=US/O=Globus/*" #accepted_credentials "/O=Grid/O=Globus/*" # # Example: Willing to story any credentials #accepted_credentials "*" # # Authorized Retrievers # # Who is authorized to retrieve proxy credentials from the repository? # # Example: Allow only trusted Alliance web portals with a valid # Myproxy passphrase to retrieve proxy credentials, thereby discouraging # users from giving out their Myproxy passphrase to untrusted sites # and limiting the vulnerability of the credentials stored on the # Myproxy server. # Note: NCSA doesn't audit sites with portal certificates. #authorized_retrievers "/C=US/O=National Computational Science Alliance/CN=portal/*" # # Example: Allow any client, including anonymous clients, with a valid # MyProxy passphrase to retrieve credentials. This is the recommended # setting, as it gives users the flexibility to set their own policies # on their credentials. #authorized_retrievers "*" # # Default Retrievers # # If a user doesn't set a retrieval policy with the credential on # upload, apply the following policy in addition to the # authorized_retrievers policy. # # If no default_retrievers policy is set, then only the # authorized_retrievers policy is applied. # # Example: Allow NCSA portals to retrieve credentials by default. #default_retrievers "/C=US/O=National Computational Science Alliance/CN=portal/*" # # Authorized Renewers # # Who is authorized to renew a proxy credential before it expires? # # If no authorized_renewers line is defined, credential renewal is not # allowed. # # Example: Allow trusted schedulers to renew proxy credentials for the # jobs they manage. # Note: NCSA doesn't give out /CN=scheduler/* certificates. This is # a fictitious example. #authorized_renewers "/C=US/O=National Computational Science Alliance/CN=scheduler/*" # # Example: Allow any client to renew a proxy credential. In this # case, the client can simply authenticate with the proxy it wants to # renew. This is potentially dangerous, in that it can be used to # extend the lifetime of a compromised proxy credential on any host. # However, when use with default_renewers, it gives users the # flexibility to set their own policies. #authorized_renewers "*" # # Default Renewers # # If a user doesn't set a renewal policy with the credential on # upload, apply the following policy. # # Example: Disable renewal unless the client specifically authorizes it. #default_renewers "none" # # Example: Allow the Condor-G scheduler on modi4.ncsa.uiuc.edu to # renew user credentials by default. #default_renewers "/C=US/O=National Computational Science Alliance/CN=condorg/modi4.ncsa.uiuc.edu" # # Authorized Key Retrievers # # Who is authorized to retrieve credentials (keys) directly from the # repository? # # Example: Allow any client, including anonymous clients, with a valid # MyProxy passphrase to retrieve credentials. This allows expert # users to have direct access to their keys, with the associated added # vulnerability. See default_key_retrievers below for a way to # restrict this to specific credentials. #authorized_key_retrievers "*" # # Default Key Retrievers # # If a user doesn't set a key retrieval policy with the credential on # upload, apply the following policy in addition to the # authorized_key_retrievers policy. # # If no default_key_retrievers policy is set, then only the # authorized_key_retrievers policy is applied. # # Example: Don't allow anyone to retrieve keys directly by default. # Expert users must enable key retrieval when storing credentials. #default_key_retrievers "none" # # Trusted Retrievers # # Who is authorized to retrieve credentials without further # authentication? # # By default, clients that match authorized_retrievers must perform # additional authentication (such as passphrase, PAM, or SASL) to # retrieve credentials. However, authenticated clients that match # trusted_retrievers do not need to perform additional authentication. # # Example: Allow any client to retrieve a credential. This permissive # policy can be used with a restrictive default_trusted_retrievers # policy (see below) to allow expert users to set their own policy # with 'myproxy-init -Z'. #trusted_retrievers "*" # # Default Trusted Retrievers # # # If a user doesn't set a trusted retrieval policy with the credential # on upload (via 'myproxy-init -Z'), the myproxy-server will apply the # following policy in addition to the trusted_retrievers policy. # # If no default_trusted_retrievers policy is set, then only the # trusted_retrievers policy is applied. # # Example: Don't allow retrieval based on certificate-only # authentication by default. Expert users must enable # certificate-only retrieval when storing credentials. #default_trusted_retrievers "none" # # Allow Self Authorization # # The authorized_renewers and trusted_retrievers policies are # typically used to allow authenticated clients to retrieve # credentials with different identities (i.e., certificate subject # distinguished names) than the credentials used for # authentication. Typically we want to disallow the case where the # client can get a new credential with the same subject as the one it # uses for authentication, as this could allow a stolen proxy to be # refreshed by the attacker. By default, the myproxy-server will not # allow this. Set allow_self_authorization to true to override this # behavior. #allow_self_authorization true # # Passphrase Policy Enforcement # # Specifies the path to an external passphrase policy enforcement # program. The program is passed the new passphrase via stdin and is # passed the following arguments: username, distinguished name, # credential name (if any), per-credential retriever policy (if any), # and per-credential renewal policy (if any). If the passphrase is # acceptable, the program should exit with status 0. Otherwise, it # should exit with non-zero status, causing the operation in progress # (credential load, passphrase change) to fail with the error message # provided by the program's stdout. # Be sure to follow secure coding practices for this call-out: # - Don't allow input to overflow fixed-size buffers. # - Don't pass unchecked input to a shell command. #passphrase_policy_program /usr/local/sbin/myproxy-passphrase-policy # # Trusted CA Directory # # Specifies the path to the CA certificates directory to be returned # to clients requesting trust roots (i.e., myproxy-logon -T). #cert_dir /etc/grid-security/certificates # # Maximum Proxy Certificate Lifetime # # Specifies the maximum allowed lifetime (in hours) of proxy # certificates issued by the myproxy-server, to minimize the window of # vulnerability of all issued credentials. By default, no server-wide # maximum is enforced. There is also a maximum proxy lifetime set per # credential by the client. #max_proxy_lifetime 12 # # Maximum Credential Lifetime # # Specifies the maximum lifetime (in hours) of credentials allowed to # be stored on the myproxy-server, to minimize the window of # vulnerability for stored credentials. By default, no server-wide # maximum is enforced. #max_cred_lifetime 12 # # Ignore Globus Limited Proxy Flag # # By default, MyProxy will respect the policy of "limited" proxy # certificates as follows. If a client authenticates with a limited # proxy, the client should only be able to obtain another limited # proxy, not a full proxy or end entity certificate. Thus, the # MyProxy CA will not accept limited proxies for authentication. # However, if this option is set, MyProxy will treat limited proxy # certificates as if they were full proxy certificates. #ignore_globus_limited_proxy_flag true # # PAM Policy # # Governs use of PAM to check passphrases. MyProxy will attempt to # authenticate via PAM, with the supplied username and passphrase. # Note that PAM will need to be configured externally for the # application "myproxy" (usually in /etc/pam.d/), or for the # application named by pam_id, below. # # Accepted values: # # required # PAM password authentication is required under all conditions. # If the credential is unencrypted (that is, it has no # passphrase), a PAM password check is still required for # authentication. If the credential is encrypted, its # passphrase must match the PAM password. # # sufficient # The user's passphrase may match either the credential # passphrase or, if the credential is unencrypted, the PAM # passphrase. If the credential is encrypted, then the PAM # password is not relevant. # # disabled (default) # PAM is not used to check passphrases. #pam "disabled" # # PAM ID # # The name that myproxy uses to identify itself to PAM. Default is # "myproxy". # # For example, on most Unix-like systems, if pam_id is set to "login", # MyProxy will authenticate against the system's own usernames and # passwords. #pam_id "myproxy" # # SASL Policy # # Governs use of SASL authentication. # # Accepted values: # # required # SASL authentication is required for retrieving credentials. # # sufficient # SASL authentication is sufficient for retrieving credentials, # but other authentication methods may also be used. # # disabled (default) # SASL authentication isn't used. #sasl "disabled" # # SASL Mechanism # # Forces the use of a single SASL mechanism, overriding the SASL # configuration file. (Typically not required.) #sasl_mech GSSAPI # # SASL Server FQDN # # Configures the SASL server fully-qualified domain name for # multi-homed servers. (Typically not required.) #sasl_serverFQDN myproxy.teragrid.org # # SASL User Realm # # Configures the SASL user realm. (Typically not required.) #sasl_user_realm TERAGRID.ORG # # Certificate Issuer Certificate # # Specifies the path to the issuer certificate to optionally configure # the myproxy-server to act as an online certificate authority. #certificate_issuer_cert /home/globus/.globus/simpleCA/cacert.pem # # Certificate Issuer Key # # When specifying certificate_issuer_cert above, you must also give # the path to a CA private key in PEM format for signing certificates. #certificate_issuer_key /home/globus/.globus/simpleCA/private/cakey.pem # # Certificate Issuer Key Passphrase # # If the certificate_issuer_key is encrypted, give the passphrase here. #certificate_issuer_key_passphrase "myproxy" # # Certificate Issuer Sub-CA Certificates # # If you would like an intermediate/sub-CA certificate chain to be sent # along with the EEC (End Entity Certificate) generated using a local # intermediate/sub-CA, specify the file that contains those certificates in # PEM format. This is meant to aid scenarios where the CA used is an # intermediate CA (i.e. not a root CA) and the client may not have the # intermediate CA(s) in its trust store. The client will write out the # chain into the same file as the EEC, following the EEC. #certificate_issuer_subca_certfile "/etc/grid-security/subca_certificates" # # Certificate Issuer Hash Algorithm # # Specifies the hash algorithm to use when signing end-entity # certificates. Defaults to "sha256". When linked with OpenSSL 0.9.8 or # later, "sha224", "sha256", "sha384" and "sha512" are also # supported. #certificate_issuer_hashalg "sha256" # # Certificate Issuer Program # # The path to a program to issue certificates for authenticated # clients that don't have credentials stored. This optionally # configures the myproxy-server to act as an online certificate # authority, allowing programmatic control over the certificate # issuance process. # You can specify certificate_issuer_cert or # certificate_issuer_program but not both. # Be sure to follow secure coding practices for this call-out: # - Don't allow input to overflow fixed-size buffers. # - Don't pass unchecked input to a shell command. #certificate_issuer_program /usr/local/sbin/myproxy-ca # # OpenSSL engine support # # OpenSSL engine support allows you to use a Certificate Issuer Key # that is stored in a hardware token or HSM. This gives the ID of # the engine to use. In this case the certificate_issuer_key # details the identity of the key to use from the engine and # certificate_issuer_key_passphrase gives the passphrase (if any) # to access that key #certificate_openssl_engine_id "dynamic" # # OpenSSL engine lockfile # # If your hardware token or HSM is unable to handle simultaneous # operations, provide a path to a lockfile for synchronizing # operations to the engine device. The myproxy-server will create the # file if it does not already exist. #certificate_openssl_engine_lockfile /var/lib/myproxy/enginelock # # Pre commands for OpenSSL engine support # # Some OpenSSL engines require parameters before they are initialised, # these can be specified here: # certificate_openssl_engine_pre "SO_PATH:/usr/lib/engines/engine_pkcs11.so" "ID:pkcs11" "LIST_ADD:1" "LOAD" "MODULE_PATH:/usr/lib/opensc-pksc11.so" # # Post commands for OpenSSL engine support # # Some OpenSSL engines require parameters after they are initialised, # these can be specified here: # certificate_openssl_engine_post "PIN:abcdef" # # Certificate Issuer Serial File # # The path to a file to store the serial number counter for issued # certificates. #certificate_serialfile /home/globus/.globus/simpleCA/serial # # Certificate Issuer Serial Skip # # The number to add to the serial number each time a certificate is # issued. Use this to stagger serial numbers across multiple CA # instances to avoid serial number clashes. Defaults to 1. #certificate_serial_skip 1 # # Certificate Issuer Output Directory # # A path to the directory where new certificates will be archived. #certificate_out_dir /home/globus/.globus/simpleCA/newcerts # # Certificate Issuer Email Domain # # If set, include an email X509v3 Subject Alternative Name in issued # certificates with the MyProxy username and the configured domain. #certificate_issuer_email_domain "ncsa.uiuc.edu" # # Max Certificate Lifetime # # The maximum lifetime (in hours) for certificates issued by the CA # module. Defaults to 12 hours. #max_cert_lifetime 12 # # Minimum RSA key length # # The minimum RSA key length (in bits) for certificates issued by the # CA module. #min_keylen 1024 # # Certificate Issuer Extension File # # Optionally specifies the full path to a file containing an OpenSSL # formatted set of certificate extensions to include in all issued # end-entity certificates (from the CA module). For example: # keyUsage=critical,digitalSignature,keyEncipherment,dataEncipherment # subjectKeyIdentifier=hash # authorityKeyIdentifier=keyid,issuer:always # crlDistributionPoints=URI:http://ca.ncsa.uiuc.edu/4a6cd8b1.r0 # basicConstraints=CA:FALSE # If not set, the MyProxy CA will include a basic set of extensions in # issued certificates. #certificate_extfile /etc/myproxy-ca-extfile.txt # # Certificate Issuer Extension Application # # This is the call-out version of certificate_extfile. It optionally # specifies the full path to a call-out program for specifying # certificate extensions. It will be passed the authenticated # username as the single command argument. On success, it should # write the OpenSSL formatted set of certificate extensions to stdout # and exit with zero status. On error, it should write to stderr and # exit with nonzero status. # Be sure to follow secure coding practices for this call-out: # - Don't allow input to overflow fixed-size buffers. # - Don't pass unchecked input to a shell command. #certificate_extapp /usr/local/sbin/myproxy-extapp # # Certificate Authority Mapfile # # When specifying certificate_issuer_cert above, you can map account # names to certificate subject distinguished names for the issued # certificates using this mapfile, which has the same format as used # by other Grid Community Toolkit services, i.e., lines of the form: # "DN" username # By default, /etc/grid-security/grid-mapfile is used. #certificate_mapfile /etc/grid-security/grid-mapfile # # CA Map Application # # When specifying certificate_issuer_cert above, you can map account # names to certificate subject distinguished names for the issued # certificates using this call-out. It will be passed the # authenticated username as the single command argument. On success, # it should write the distinguished name to stdout and exit with zero # status. On error, it should write to stderr and exit with nonzero # status. If it is not defined, then mapfile lookup will be executed # instead (see certificate_mapfile above). # Be sure to follow secure coding practices for this call-out: # - Don't allow input to overflow fixed-size buffers. # - Don't pass unchecked input to a shell command. #certificate_mapapp /usr/local/sbin/myproxy-mapapp # # CA Certificate Request Callout # # This CA call-out can be used to perform checks on incoming # certificate requests. It will be passed the certificate request in # PEM format on stdin. If it returns a nonzero exit status, the CA # will abort without signing the request. When returning a nonzero # exit status, the callout should indicate the problem on stderr. # Be sure to follow secure coding practices for this call-out: # - Don't allow input to overflow fixed-size buffers. # - Don't pass unchecked input to a shell command. #certificate_request_checker /usr/local/bin/certreq-checker # # CA Certificate Issuance Callout # # This CA call-out can be used to perform checks on issued # certificates before the certificate is returned to the client. It # will be passed the certificate in PEM format on stdin. If it returns # a nonzero exit status, the CA will abort without returning the # signed certificate to the client. When returning a nonzero exit # status, the callout should indicate the problem on stderr. # Be sure to follow secure coding practices for this call-out: # - Don't allow input to overflow fixed-size buffers. # - Don't pass unchecked input to a shell command. #certificate_issuer_checker /usr/local/bin/cert-checker # # CA LDAP Server # # If OpenLDAP support is built-in to the myproxy-server, this # parameter specifies the URI to the LDAP server to use for username # to DN resolution in the Certificate Authority module. Both ldap:// # and ldaps:// protocols are supported. A port number may optionally # be specified as well. Defining this directive is the "trigger" that # causes the name resolution module to use LDAP querying. If it is # not defined, then mapfile lookup will be executed instead (see # certificate_mapfile above). #ca_ldap_server "ldap://localhost:389/" # # CA LDAP UID Attribute # # The name of the record attribute that maps to the MyProxy username. # Required for LDAP username to DN resolution. #ca_ldap_uid_attribute "uid" # # CA LDAP SearchBase # # The DN of the region of the ldap database to be searched. # Required for LDAP username to DN resolution. #ca_ldap_searchbase "ou=people,dc=bullwinkle,dc=lbl,dc=gov" # # CA LDAP DN Attribute # # If this directive is set, the LDAP resolver will pull the DN from # the specified attribute in the returned record. If it is not set, # the default is to use the DN of the record itself. #ca_ldap_dn_attribute "subjectDN" # # CA LDAP DN/Passphrase # # User/passphrase combination to be used for LDAP basic # authentication (optional). #ca_ldap_connect_dn "cn=Monte Goode,ou=ldapusers,dc=bullwinkle,dc=lbl,dc=gov" #ca_ldap_connect_passphrase "passphrase" # # CA LDAP StartTLS # # If this option is set to a "positive" boolean value (true/1/yes/enabled/on), # use StartTLS when connecting to the LDAP server. #ca_ldap_start_tls true # # Slave server list # # When the myproxy-replicate program is run. This list of servers is # used to indicate where the repository information is to be sent. # The list is comprised of hostnames and optional port numbers. The # hostname may be in the form: # name # FQDN # tcp/ip address # # The host name and port number must be separated by a ':'. # # If multiple slaves are given, each slave server must be separated with # a ';'. # # # Example: # grids1 # grids1.ncsa.uiuc.edu # grids1:9000 # grids1;grids2.ncsa.uiuc.edu:9000;141.142.96.41 # #slave_servers # # Accepted Credentials Mapfile # # This option points to a grid-mapfile which is possibly different from # the grid-mapfiles specified above. When specified, this mapfile is # utilized during puts/stores (e.g. with myproxy-init and myproxy-store). # The credential being put/stored must be under the username specified in # the mapfile. In essence, a given username must be in the mapfile to be # authorized to put/store a given credential. This prevents storing a # user's credential under a different username. #accepted_credentials_mapfile /etc/grid-security/store-mapfile # # Accepted Credentials Mapapp # # As an alternative to the accepted_credentials_mapfile option above, you # can specify a call-out which is passed two parameters: a certificate # subject distinguished name and a username (in that order). In essence, # the call-out performs a lookup in a 'virtual' accepted_credentials_mapfile. # If the SubjectDN/Username line would appear in such a mapfile, then the # call-out should exit with zero status indicating that a credential with # the given SubjectDN is allowed to be stored under the given Username. # Otherwise, the call-out should exit with nonzero status indicating error. #accepted_credentials_mapapp /usr/local/sbin/myproxy-accepted-mapapp # # Check Multiple Credentials # # If this option is set to a "positive" boolean value (true/1/yes/enabled/on) # AND the user does not specify a credential name for a MyProxy GET operation, # then multiple credentials (i.e. the 'unnamed' credential as well as any # named credentials) will be checked for the given username. If one # credential is found that is 'authorized' by MyProxy, then that credential # will be used during processing. Otherwise, an error message will be # printed. Note that the credentials for the username are checked # in an unspecified order. If there are multiple credentials that would be # authorized given the user's criteria, only the first one found will be # utilized. #check_multiple_credentials true # # OCSP Policy # # Controls the policy for checking certificate validity via OCSP # before credentials may be delegated. Supported policies are: # "aia" - use OCSP responder in certificate AIA extension, if # present; otherwise use ocsp_responder_url, if set # Currently, only the status of the end entity certificate is checked # via OCSP (and not any proxy certificates or CA certificates). # OCSP will not be used unless ocsp_responder_url and/or ocsp_policy # are set. #ocsp_policy "aia" # # OCSP Responder URL # # Specifies the URL of an OCSP responder to use to check the validity # of credentials stored in the myproxy-server repository before # they may be delegated, so that revoked credentials can not be # retrieved and used where their revocation status may not be checked. # Currently, only the status of the end entity certificate is checked # via OCSP (and not any proxy certificates or CA certificates). # In any case, CRL checks are always performed. # Both http and https urls are supported. # OCSP will not be used unless ocsp_responder_url and/or ocsp_policy # are set. #ocsp_responder_url "http://ca.ncsa.uiuc.edu:8888/" # # OCSP Responder Certificate # # Specifies the path to the certificate of a trusted OCSP responder. # This is needed if the OCSP responder must be explicitly trusted in # cases where standard path validation fails for the OCSP responder's # certificate. #ocsp_responder_cert /etc/grid-security/trustedocspresponder.pem # # Syslog Ident # # When the myproxy-server is run in server mode (i.e. not debug), messages # are output to the syslog. With this option you can specify the string # that gets prepended to every message written to the syslog. When not # specified, the program's name (myproxy-server) is prepended to each # message. #syslog_ident myproxy-server # # Syslog Facility # # By default, the myproxy-server will log to the syslog "daemon" # facility. With this option you can specify an alternate syslog # facility, such as "auth", "user", "security", or "local0". The # facility can also be specified numerically as with the logger(1) # command. #syslog_facility user # # Request Timeout # # Specifies the maximum time a myproxy-server child process should # spend servicing a client request before aborting. # By default, child processes will abort after 120 seconds. # A negative value will disable the timeout. #request_timeout 120 # # Request Size Limit # # Limits the amount of incoming application-level protocol data the # myproxy-server will accept from clients, to avoid memory exhaustion # under heavy load. Specified in bytes. # Defaults to 1MB (1048576 bytes). # A zero or negative value disables the limit. #request_size_limit 1048576 # # Proxy Certificate Extension File # # Optionally specifies the full path to a file containing an OpenSSL # formatted set of certificate extensions to include in all proxy # certificates issued from the MyProxy repository (analogous to # certificate_extfile for the CA module). #proxy_extfile /etc/myproxy-proxy-extfile.txt # # Proxy Certificate Extension Application # # This is the call-out version of proxy_extfile. It optionally # specifies the full path to a call-out program for specifying proxy # certificate extensions. It will be passed the authenticated # username and the proxy credential location as the two command # arguments. On success, it should write the OpenSSL formatted set of # certificate extensions to stdout and exit with zero status. On # error, it should write to stderr and exit with nonzero status. # Be sure to follow secure coding practices for this call-out: # - Don't allow input to overflow fixed-size buffers. # - Don't pass unchecked input to a shell command. #proxy_extapp /usr/local/sbin/myproxy-extapp # # Allow VOMS Attribute Requests # # If this parameter is set to true and a GET request includes VONAME # and (optionally) VOMSES parameters, call-out to VOMS to add the # requested attributes to the issued certificate. Requires linking # with VOMS libraries. By default, VONAME and VOMSES parameters in # requests will be ignored unless this parameter is set to true. #allow_voms_attribute_requests true # # VOMS Server Configuration # # Specifies the path to the VOMS server configuration. # #voms_userconf /path/to/vomses myproxy-6.2.16/auth_pam.c0000644000175100017510000002204514557142036012234 00000000000000/* * Adapted from cyrus-sasl-2.1.20 auth_pam.c, except for: * - this comment * - the #define AUTH_PAM / #undef AUTH_PAM pair * - the "#if defined(HAVE_LIBPAM)" block * - "#include mechanisms.h" is commented out (it appears to be * unnecessary) * - #include "myproxy_common.h" instead of system headers * - changed failure return values from auth_pam to improve * usefulness of error messages * - remove const from struct pam_message argument to * saslauthd_pam_conv to match PAM types on AIX * - remove instances of __attribute__((unused)) */ #define AUTH_PAM yes #if defined(HAVE_LIBPAM) /* MODULE: auth_pam */ /* COPYRIGHT * Copyright (c) 2000 Fabian Knittel. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain any existing copyright * notice, and this entire permission notice in its entirety, * including the disclaimer of warranties. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 2. Redistributions in binary form must reproduce all prior and current * copyright notices, this list of conditions, and the following * disclaimer in the documentation and/or other materials provided * with the distribution. * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR * TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH * DAMAGE. * END COPYRIGHT */ /* * Pluggable Authentication Modules, PAM(8), based authentication module * for saslauthd. * * Written by Fabian Knittel . Original implementation * Debian's pwcheck_pam daemon by Michael-John Turner . */ /* PUBLIC DEPENDENCIES */ /* #include "mechanisms.h" */ #include "myproxy_common.h" #ifdef AUTH_PAM # include "auth_pam.h" /* END PUBLIC DEPENDENCIES */ /* Structure for application specific data passed through PAM * to our conv call-back routine saslauthd_pam_conv. */ typedef struct { const char *login; /* plaintext authenticator */ const char *password; /* plaintext password */ pam_handle_t *pamh; /* pointer to PAM handle */ } pam_appdata; # define RETURN(x) return strdup(x) /* FUNCTION: saslauthd_pam_conv */ /* SYNOPSIS * Call-back function used by the PAM library to communicate with us. Each * received message expects a response, pointed to by resp. * END SYNOPSIS */ static int /* R: PAM return code */ saslauthd_pam_conv ( /* PARAMETERS */ int num_msg, /* I: number of messages */ const struct pam_message **msg, /* I: pointer to array of messages */ struct pam_response **resp, /* O: pointer to pointer of response */ void *appdata_ptr /* I: pointer to app specific data */ /* END PARAMETERS */ ) { /* VARIABLES */ pam_appdata *my_appdata; /* application specific data */ struct pam_response *my_resp; /* response created by this func */ int i; /* loop counter */ const char *login_prompt; /* string prompting for user-name */ int rc; /* return code holder */ /* END VARIABLES */ my_appdata = appdata_ptr; my_resp = malloc(sizeof(struct pam_response) * num_msg); if (my_resp == NULL) return PAM_CONV_ERR; for (i = 0; i < num_msg; i++) switch (msg[i]->msg_style) { /* * We assume PAM_PROMPT_ECHO_OFF to be a request for password. * This assumption might be unsafe. * * For PAM_PROMPT_ECHO_ON we first check whether the provided * request string matches PAM_USER_PROMPT and, only if they do * match, assume it to be a request for the login. */ case PAM_PROMPT_ECHO_OFF: /* password */ my_resp[i].resp = strdup(my_appdata->password); if (my_resp[i].resp == NULL) { myproxy_log("saslauthd_pam_conv: strdup failed"); goto ret_error; } my_resp[i].resp_retcode = PAM_SUCCESS; break; case PAM_PROMPT_ECHO_ON: /* username? */ /* Recheck setting each time, as it might have been changed in the mean-while. */ rc = pam_get_item(my_appdata->pamh, PAM_USER_PROMPT, (void *) &login_prompt); if (rc != PAM_SUCCESS) { myproxy_log("saslauthd_pam_conv: unable to read " "login prompt string: %s", pam_strerror(my_appdata->pamh, rc)); goto ret_error; } if (strcmp(msg[i]->msg, login_prompt) == 0) { my_resp[i].resp = strdup(my_appdata->login); my_resp[i].resp_retcode = PAM_SUCCESS; } else { /* ignore */ myproxy_log("saslauthd_pam_conv: unknown prompt " "string: %s", msg[i]->msg); my_resp[i].resp = NULL; my_resp[i].resp_retcode = PAM_SUCCESS; } break; case PAM_ERROR_MSG: /* ignore */ case PAM_TEXT_INFO: /* ignore */ myproxy_log("PAM: %s", msg[i]->msg); my_resp[i].resp = NULL; my_resp[i].resp_retcode = PAM_SUCCESS; break; default: /* error */ goto ret_error; } *resp = my_resp; return PAM_SUCCESS; ret_error: /* * Free response structure. Don't free my_resp[i], as that * isn't initialised yet. */ { int y; for (y = 0; y < i; y++) if (my_resp[y].resp != NULL) free(my_resp[y].resp); free(my_resp); } return PAM_CONV_ERR; } /* END FUNCTION: saslauthd_pam_conv */ /* FUNCTION: auth_pam */ char * /* R: allocated response string */ auth_pam ( /* PARAMETERS */ const char *login, /* I: plaintext authenticator */ const char *password, /* I: plaintext password */ const char *service, /* I: service name */ const char *realm /* END PARAMETERS */ ) { /* VARIABLES */ pam_appdata my_appdata; /* application specific data */ struct pam_conv my_conv; /* pam conversion data */ pam_handle_t *pamh; /* pointer to PAM handle */ int rc; /* return code holder */ char result[200]; /* END VARIABLES */ my_appdata.login = login; my_appdata.password = password; my_appdata.pamh = NULL; /* There's an unavoidable compiler warning in the following line due to inconsistent use of const in the struct pam_message argument to saslauthd_pam_conv across platforms. */ my_conv.conv = saslauthd_pam_conv; my_conv.appdata_ptr = &my_appdata; rc = pam_start(service, login, &my_conv, &pamh); if (rc != PAM_SUCCESS) { myproxy_log("unable to initialize PAM for %s: %s", login, pam_strerror(pamh, rc)); goto error; } my_appdata.pamh = pamh; rc = pam_authenticate(pamh, 0); if (rc != PAM_SUCCESS) { myproxy_log("PAM authentication failed for %s: %s", login, pam_strerror(pamh, rc)); pam_end(pamh, rc); goto error; } rc = pam_acct_mgmt(pamh, PAM_SILENT); if (rc != PAM_SUCCESS) { myproxy_log("PAM account check failed for %s: %s", login, pam_strerror(pamh, rc)); pam_end(pamh, rc); goto error; } pam_end(pamh, PAM_SUCCESS); RETURN("OK"); error: if (rc == PAM_USER_UNKNOWN) { RETURN("NO invalid username"); } if (rc == PAM_AUTH_ERR) { RETURN("NO invalid password"); } snprintf(result, sizeof(result), "NO PAM authentication failed: %s", pam_strerror(pamh, rc)); RETURN(result); } /* END FUNCTION: auth_pam */ #else /* !AUTH_PAM */ char * auth_pam( const char *login, const char *password, const char *service, const char *realm ) { return NULL; } #endif /* !AUTH_PAM */ /* END MODULE: auth_pam */ #endif /* defined(HAVE_LIBPAM) */ #undef AUTH_PAM myproxy-6.2.16/myproxy-date.inc0000644000175100017510000000001014557142522013413 00000000000000Jan 2024myproxy-6.2.16/myproxy_ocsp.h0000644000175100017510000000123614557142036013215 00000000000000/* * myproxy_ocsp.h - verify certificate status via OCSP */ #ifndef __MYPROXY_OCSP_H #define __MYPROXY_OCSP_H #include /* * Set configuration value. * Return 0 on success, -1 on error (setting verror). */ int myproxy_ocsp_set_responder(const char *url); int myproxy_ocsp_set_responder_cert(const char *path); int myproxy_ocsp_set_policy(const char *policy); int myproxy_ocsp_set_signer(X509 *sign_cert, EVP_PKEY *sign_key); int myproxy_ocsp_set_times(long skew, long maxage); /* * Verify certificate status via OCSP. * Return 1 if revoked, 0 if valid, <0 on error (setting verror). */ int myproxy_ocsp_verify(X509 *cert, X509 *issuer); #endif myproxy-6.2.16/certauth_resolveuser.h0000644000175100017510000000065214557142036014720 00000000000000/* Defines a function to be called by myproxy_server.c and certauth_extensions.c to do username to DN resolution when the internal CA is being used. The mode of resolution (grid-mapfile or ldap query) is decided on the basis of configuration file directives. Returns a slash-delimited DN. Not thread safe. */ int user_dn_lookup( char * username, char ** userdn, myproxy_server_context_t *server_context ); myproxy-6.2.16/myproxy_sasl_server.c0000644000175100017510000002236614557142036014603 00000000000000#if defined(HAVE_LIBSASL2) #include "myproxy_common.h" /* all needed headers included here */ int myproxy_sasl_authenticated = 0; char *myproxy_sasl_mech = NULL; char *myproxy_sasl_serverFQDN = NULL; char *myproxy_sasl_user_realm = NULL; static sasl_conn_t *conn = NULL; static void sasl_free_conn(void) { if (conn) sasl_dispose(&conn); } static int sasl_my_log(void *context __attribute__((unused)), int priority, const char *message) { const char *label; if (! message) return SASL_BADPARAM; switch (priority) { case SASL_LOG_ERR: label = "Error"; break; case SASL_LOG_NOTE: label = "Info"; break; default: label = "Other"; break; } myproxy_log("SASL %s: %s\n", label, message); return SASL_OK; } static sasl_callback_t callbacks[] = { { SASL_CB_LOG, (int(*)(void)) (&sasl_my_log), NULL }, { SASL_CB_LIST_END, NULL, NULL } }; static int send_response_sasl_data(myproxy_socket_attrs_t *attrs, const char *data, int data_len) { myproxy_response_t response = {0}; authorization_data_t* auth_data; char buf[SASL_BUFFER_SIZE]; int result; unsigned len=0; result = sasl_encode64(data, data_len, buf, SASL_BUFFER_SIZE, &len); buf[len] = '\0'; if (result != SASL_OK) { verror_put_string("Encoding SASL data in base64 failed.\n"); verror_put_errno(errno); return -1; } myproxy_debug("S: %s", buf); memset(&response, 0, sizeof (response)); response.version = strdup(MYPROXY_VERSION); response.response_type = MYPROXY_AUTHORIZATION_RESPONSE; response.authorization_data = malloc(sizeof(authorization_data_t*) * 2); response.authorization_data[0] = malloc(sizeof(authorization_data_t)); response.authorization_data[1] = NULL; auth_data = response.authorization_data[0]; auth_data->server_data = strdup(buf); auth_data->client_data = NULL; auth_data->client_data_len = 0; auth_data->method = AUTHORIZETYPE_SASL; len = myproxy_serialize_response(&response, buf, sizeof(buf)); if (len < 0) { verror_put_string("error in myproxy_serialize_response()"); return -1; } if (myproxy_send(attrs, buf, len) < 0) { verror_put_string("error in myproxy_send()\n"); return -1; } free(response.version); authorization_data_free(response.authorization_data); return 0; } static int recv_response_sasl_data(myproxy_socket_attrs_t *attrs, char *data) { char buf[SASL_BUFFER_SIZE]; int result; unsigned len; author_method_t client_auth_method; char *b64data; int client_data_len = 0; len = myproxy_recv(attrs, buf, sizeof(buf)); if (len <= 0) return -1; client_auth_method = (*buf); if (client_auth_method != AUTHORIZETYPE_SASL) { verror_put_string("SASL method not match.\n"); verror_put_errno(errno); return -1; } client_data_len = len - sizeof(int); b64data = buf + sizeof(int); myproxy_debug("C: %s", b64data); result = sasl_decode64(b64data, strnlen(b64data, client_data_len), data, SASL_BUFFER_SIZE, &len); if (result != SASL_OK) { myproxy_log("Decoding data from base64 failed in recv_response_sasl_data."); return -1; } data[len] = '\0'; return len; } int auth_sasl_negotiate_server(myproxy_socket_attrs_t *attrs, myproxy_request_t *client_request) { char client_buffer[SASL_BUFFER_SIZE]; int client_data_len = 0; unsigned len; int count; const char *data; sasl_security_properties_t secprops; int result; int rval = -1; char *iplocal = NULL, *ipremote = NULL; char *service = "myproxy"; char *userandrealm = NULL; myproxy_debug("Server: begin SASL negotiation..."); myproxy_sasl_authenticated = 0; if (getenv("SASL_PATH")) { myproxy_debug("$SASL_PATH is %s", getenv("SASL_PATH")); } else { myproxy_debug("$SASL_PATH isn't set. Using /usr/lib/sasl2."); } result = sasl_server_init(callbacks, service); if (result != SASL_OK) { myproxy_log("Initializing libsasl failed."); return -1; } atexit(&sasl_done); result = sasl_server_new(service, myproxy_sasl_serverFQDN, myproxy_sasl_user_realm, iplocal, ipremote, NULL, 0, &conn); if (result != SASL_OK) { myproxy_log("Allocating sasl connection state failed."); return -1; } atexit(&sasl_free_conn); /* don't need integrity or privacy, since we're over SSL already. in fact, let's disable them to avoid the overhead. */ memset(&secprops, 0L, sizeof(secprops)); result = sasl_setprop(conn, SASL_SEC_PROPS, &secprops); if (result != SASL_OK) { myproxy_log("Setting security properties failed."); return -1; } if (myproxy_sasl_mech) { myproxy_debug("Forcing use of SASL mechanism %s", myproxy_sasl_mech); data = myproxy_sasl_mech; if (! data) { myproxy_log("Duplicate string for SASL negotiation failed"); return -1; } len = strlen(data); count = 1; } else { myproxy_debug("Generating SASL mechanism list..."); result = sasl_listmech(conn, NULL, NULL, " ", NULL, &data, &len, &count); if (result != SASL_OK) { myproxy_log("Generating SASL mechanism list failed."); return -1; } if (count == 0) { myproxy_log("No SASL mechanisms available."); return -1; } } myproxy_debug("Sending list of %d mechanism(s): %s", count, data); if (send_response_sasl_data(attrs, data, len) < 0) { return -1; } myproxy_debug("Waiting for client mechanism..."); len = recv_response_sasl_data(attrs, client_buffer); if (myproxy_sasl_mech && strcasecmp(myproxy_sasl_mech, client_buffer)) { myproxy_log( "Client chose something other than the mandatory mechanism."); return -1; } if (strlen(client_buffer) < len) { data = client_buffer + strlen(client_buffer) + 1; len = len - strlen(client_buffer) - 1; } else { data = NULL; len = 0; } result = sasl_server_start(conn, client_buffer, data, len, &data, &len); if (result != SASL_OK && result != SASL_CONTINUE) { myproxy_log("Starting SASL negotiation failed."); verror_put_string("%s", sasl_errdetail(conn)); return -1; } while (result == SASL_CONTINUE) { if (data) { myproxy_debug("Sending response..."); if (send_response_sasl_data(attrs, data, len) < 0) { return -1; } } else { myproxy_log("No SASL data to send--something's wrong"); return -1; } myproxy_debug("Waiting for client reply..."); client_data_len = recv_response_sasl_data(attrs, client_buffer); data = NULL; result = sasl_server_step(conn, client_buffer, client_data_len, &data, &len); if (result != SASL_OK && result != SASL_CONTINUE) { verror_put_string("%s", sasl_errdetail(conn)); myproxy_log("Performing SASL negotiation failed."); return -1; } } myproxy_debug("SASL negotiation complete."); if (sasl_getprop(conn, SASL_USERNAME, (const void **)&data) != SASL_OK) { myproxy_log("Error: SASL username is NULL."); return -1; } if (myproxy_sasl_user_realm) { size_t len; len = strlen(client_request->username) + strlen(myproxy_sasl_user_realm) + 2; userandrealm = malloc(len); snprintf(userandrealm, len, "%s@%s", client_request->username, myproxy_sasl_user_realm); } else { userandrealm = strdup(client_request->username); } if (strcmp((char *)data, userandrealm) != 0) { myproxy_log("Authentication failure: SASL username (%s) and " "request username (%s) differ.\n", (char *)data, userandrealm); goto error; } if (sasl_getprop(conn, SASL_AUTHUSER, (const void **)&data) != SASL_OK) { myproxy_log("Error: SASL username is NULL."); goto error; } if (strcmp((char *)data, userandrealm) != 0) { myproxy_log("Authentication failure: SASL authuser (%s) and " "request username (%s) differ.\n", (char *)data, userandrealm); goto error; } myproxy_sasl_authenticated = 1; /* for later sanity checks */ rval = 0; error: if (userandrealm) free(userandrealm); return rval; } #endif /* defined(HAVE_LIBSASL2) */ myproxy-6.2.16/VERSION0000644000175100017510000012333014557142036011341 00000000000000This is MyProxy v6.2. This version should be protocol compatible with all versions since v0.2. Binary compatibility of the C API is not guaranteed between releases. Version History --------------- v6.2.8 - Update default run directory from /var/run to /run v6.2.7 - Exit with error if voms-proxy-init fails v6.2.6 - Remove LICENSE.globus file - Add BuildRequires perl-interpreter - Add additional perl dependencies for tests v6.2.5 - Drop obsolete configure option --with-gpt - Drop obsolete configure option --with-flavor - Drop globus_automake_pre and globus_automake_post - Clean up old GPT references - Install myproxy-get-trustroots man page v6.2.4 - Remove usage statistics collection support v6.2.3 - remove macro overquoting v6.2.2 - Use 2048 bit CA key for myproxy tests v6.2.1 - Fix -Werror=format-security errors v6.2.0 - First Grid Community Toolkit release - Remove support for openssl101e (RHEL5 is EOL) - Disable usage statistics reporting by default - Fix option parsing bug v6.1.28 - Fix OpenSSL 1.1.0-related typo v6.1.27 - Remove legacy SSLv3 support v6.1.26 - Fix error check v6.1.25 - Don't call ERR_GET_REASON twice #89 v6.1.24 - Fix crash in myproxy_bootstrap_trust() with OpenSSL 1.1.0c v6.1.23 - Fixes for OpenSSL 1.1.0 v6.1.22 - Check for openssl 101e for epel5 v6.1.21 - Do not overwrite configuration flags v6.1.20 - Updates for el.5 with openssl101e v6.1.19 - update myproxy debug/error msgs for accepted_peer_names type change v6.1.18 - Spelling v6.1.17 - Handle error returns from OCSP_parse_url v6.1.16 - Handle invalid proxy_req type v6.1.15 - GT-616: Myproxy uses resolved IP address when importing names v6.1.14 - improve rfc2818 name comparison handling v6.1.13 - Fixed 2 instances of underallocation of memory. v6.1.12 - Missing -module v6.1.11 - Fix missing redirect in date detection autoconf v6.1.10 - Fix version and date string macros v6.1.9 - Myproxy systemd fix v6.1.8 - Properly extract MINOR_VERSION from a three digit PACKAGE_VERSION - Fix undefined symbols in myproxy-voms plugin - Don't install test wrapper - Comments are not allowed in tmpfile.d config files v6.1.7 - Allow TLS in myproxy-get-trustroots and myproxy-logon -T v6.1.6 - Make VOMS dependency optional v6.1.5 - Minor packaging fixes v6.1.4 - Stop patching myproxy.sysconfig v6.1.3 - Fix incorrect soname change v6.1.2 - Update arg parsing to Getopt::Long v6.1.1 - Increment library age v6.1 Oct 2014 - portability, man page, and build script fixes from Mattias Ellert - first release from https://github.com/globus/globus-toolkit sources v6.0 Jul 2014 - disable usage stats collection by default - make myproxy-server's credential repository storage directory optional and run in "CA only" mode if no valid storage directory - update default for certificate_issuer_hashalg from sha1 to sha256 - handle very long usernames (avoiding ENAMETOOLONG) by creating hashed filename in MyProxy repository when username or credname is longer than 80 characters - can be overridden by MYPROXY_CREDS_MAX_NAMELEN environment variable (https://bugzilla.mcs.anl.gov/globus/show_bug.cgi?id=7275) - use unbuffered I/O on stdin read of passwords (http://jira.globus.org/browse/GT-387) - create files in certificate_out_dir with 0600 mode - check for out of bounds lifetime values (integer overflows) (https://bugzilla.mcs.anl.gov/globus/show_bug.cgi?id=7263) - remove Pubcookie support in myproxy-server - update build scripts for GT6 v5.9 Jul 2012 - fix a memory error in myproxy-logon --voms when more than 19 entries in vomses file (https://bugzilla.mcs.anl.gov/globus/show_bug.cgi?id=7261) v5.8 Jun 2012 - fixes for myproxy-server VOMS attribute support: API updates for libvomsapi, fixes for FQAN regex matching - fix for myproxy-server "Failed to load sub-CA certs from file" error when using certificate_issuer_subca_certfile (https://bugzilla.mcs.anl.gov/globus/show_bug.cgi?id=7259) - update $GLOBUS_LOCATION paths for GT 5.2 in etc.init.d.myproxy v5.7 May 2012 - add IPv6 support (https://bugzilla.mcs.anl.gov/globus/show_bug.cgi?id=7252) - update configure script for platforms where pidfile_open is defined in libbsd - support limited proxy certificates in myproxy-logon -voms by passing -limited option to voms-proxy-init as needed (https://bugzilla.mcs.anl.gov/globus/show_bug.cgi?id=7250) - add support for TLS 1.1 and TLS 1.2 using OpenSSL 1.0.1 and later v5.6 20 Feb 2012 - in myproxy-logon --voms, use voms-proxy-init -valid H:M rather than voms-proxy-init -hours H so proxy lifetime matches assertion lifetime (https://bugzilla.mcs.anl.gov/globus/show_bug.cgi?id=7244) - on myproxy-server daemon startup, don't exit original process until daemon child has completed initialization (https://bugzilla.mcs.anl.gov/globus/show_bug.cgi?id=7240) - improve myproxy-server pidfile creation: when root, write pidfile by default to /var/run/myproxy.pid; write pidfile on startup before detaching from parent process; lock pidfile to avoid collisions; remove pidfile on SIGTERM shutdown [LICENSE.pidfile added for pidfile.c from FreeBSD's libutil.] (https://bugzilla.mcs.anl.gov/globus/show_bug.cgi?id=7240) - allow escaping of '.' in regular expressions (https://bugzilla.mcs.anl.gov/globus/show_bug.cgi?id=7213) - when converting to POSIX extended regular expressions for DN matching, wrap the expression inside '^(' and ')$' instead of just '^' and '$' to ensure matching the entire DN using proper operator precedence (https://bugzilla.mcs.anl.gov/globus/show_bug.cgi?id=7215) - add liblber to link line when using --with-openldap (https://bugzilla.mcs.anl.gov/globus/show_bug.cgi?id=7217) - fix section number in myproxy-admin-query man page (https://bugzilla.mcs.anl.gov/globus/show_bug.cgi?id=7219) - in myproxy-admin-load-credential, handle the case of running as root but /var/lib/myproxy owned by non-root by switching to the non-root user before writing the credential files (https://bugzilla.mcs.anl.gov/globus/show_bug.cgi?id=7234) v5.5 5 Sep 2011 - undo escaping of POSIX extended regular expression meta-characters in myproxy-server authorization policies (introduced in v5.1) to enable full use of POSIX ERE capabilities. For literal matching of parentheses and brackets, the characters must again be explicitly escaped (i.e., '\(' and '\)'). Non-POSIX handling of wildcard characters ('*' and '?') is maintained for backward compatibility, so these characters must be escaped if POSIX ERE behavior is desired. (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=7211) - in MyProxy CA, ensure that any domainComponent or emailAddress components in the certificate subject are type IA5String per RFC 5280 (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=7201) - add myproxy-logon --certreq option, to accept an externally generated certificate request rather than generating private key and request internally (http://bugzilla.ncsa.uiuc.edu/show_bug.cgi?id=347) - in myproxy-server, fix abort when processing INFO response when the user has stored credentials both with and without a credential name; bug was introduced in myproxy-server v4.9 (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=7209) - use /var/lib/myproxy as first choice default storage directory, for Filesystem Hierarchy Standard compliance; still fallback to /var/myproxy and $GLOBUS_LOCATION/var/myproxy for alternatives - fix erroneous error message when no VOMS attributes found (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=7207) v5.4 22 Apr 2011 - support disabling reverse DNS lookup of server hostname in MyProxy clients by setting the environment variable GLOBUS_GSSAPI_NAME_COMPATIBILITY to STRICT_RFC2818 (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=6789) - prefer to link with libvomsapi instead of libvomsc (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=7133) - fix double-free in myproxy_install_trusted_cert_files() on write error (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=7135) - add myproxy-test -generatecerts option and remove dependency on $HOME (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=7139) - myproxy-server trustroots security improvements: - cert_dir no longer defaults to /etc/grid-security/certificates. - Server will ignore requests for trustroots if cert_dir is not defined. - Server will refuse to start if the trustroots directory set using cert_dir contains any regular files that are not world-readable. - Once started, the server will skip (i.e. will not return to client) any regular files found later to NOT have world-readable permissions. - fix GPT dependency on globus_proxy_utils package (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=7151) - Allow empty SASL responses. Needed for Moonshot GS2. (http://www.project-moonshot.org/devwiki//testing/myproxy/) v5.3 17 Jan 2011 - fix myproxy-logon bug in versions 5.0-5.2 that disabled myproxy-server identity verification (http://grid.ncsa.illinois.edu/myproxy/security/myproxy-adv-2011-01.txt) - if myproxy-logon GSI mutual authentication with the myproxy-server fails, try again with client-side anonymous authentication, in case the client-side GSI credentials are unacceptable to the myproxy-server (for example, signed by an untrusted CA), but the myproxy-server would accept an anonymous client (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=7103) - fix configure checks for globus_usage_stats_send, globus_usage_stats_send_array, and globus_gsi_proxy_handle_set_extensions when installing without existing Globus libraries in LD_LIBRARY_PATH (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=7098) - in myproxy-server-setup, look in /sbin and /usr/sbin for chkconfig or update-rc.d in case they're not in PATH - add certificate_issuer_subca_certfile option in myproxy-server.config (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=7119) - make all Globus Usage library errors non-fatal (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=7111) - add myproxy-logon support for requesting certificates containing VOMS assertions from myproxy-servers that have "allow_voms_attribute_requests true" in myproxy-server.config; if the myproxy-server does not add the requested VOMS assertion, myproxy-logon tries to add it by running voms-proxy-init as before v5.2 22 Jun 2010 - allow specification of port numbers in MYPROXY_SERVER list (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=7039) - support PKCS8 encoded private keys in myproxy-retrieve, myproxy-store, and myproxy-admin-load-credential (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=7033) - add work-around for Globus libraries blocking signals (SIGTERM, SIGCHLD, SIGHUP, etc.) when myproxy-server is built with pthr flavor (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=7048) - increase default RSA key sizes from 1024 bits to 2048 bits per NIST SP 800-57 and add MYPROXY_KEYBITS environment variable for setting custom RSA key sizes - fix configure check for facilitynames structure on Linux to support myproxy-server.config syslog_facility option mapping of names to numeric values (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=6983) - add myproxy-admin-adduser -v (verbose) option (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=6963) - bug fix for possible truncation of ca_ldap_connect_passphrase value from myproxy-server.config v5.1 9 Mar 2010 - fix configure script check for non-flavored globus_usage and globus_gsi_proxy_core libraries for Fedora/EPEL RPM compatibility (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=6897) - fix myproxy-logon -T segfault after "removed bad CRL file" message (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=6909) - add server-side support for including VOMS attributes in retrieved credentials (from the repository); requires setting "allow_voms_attribute_requests true" in myproxy-server.config (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=6882) - add support for LDAP StartTLS (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=6957) - fix myproxy-test behavior when -startserver is not given (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=6959) - fix parsing of certificate_issuer_hashalg (broken since v4.8) - treat trustroot file contents as binary data rather than text in myproxy-logon -T / myproxy-get-trustroots - fix escaping of POSIX extended regular expression meta-characters in myproxy-server authorization policies (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=6903) - added support for GT 4.0.8 metrics library, for backward compatibility, and require linking with globus_usage library; usage collection can be disabled by setting "GLOBUS_USAGE_OPTOUT=1" in the environment of the myproxy-server - fix myproxy.h header dependencies - changes for compatibility with OpenSSL 1.0.0-beta5 v5.0 4 Dec 2009 - add Globus Usage Metrics to the myproxy-server - in myproxy-server, atomically update credential files and avoid unnecessary file copies; NOTE API CHANGE: myproxy_creds_store() now moves file to the repository, rather than copying it - add myproxy-server.config request_size_limit parameter to control myproxy-server network limits, and fix network limit handling to apply only to myproxy-server (not clients), so clients can handle large X509_CERT_DIR contents (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=6889) - include extendedKeyUsage=clientAuth in EECs by default per GFD.125 - add myproxy-logon/myproxy-get-trustroots -b option to allow bootstrapping CA trust even when X509_CERT_DIR exists (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=6886) - myproxy-logon -T / myproxy-get-trustroots fixes/improvements: - when cleaning bad CRLs, also remove any CRLs we can't parse - when recovering from CRL errors, allow anonymous authentication on second attempt, just like first attempt - when bootstrapping, restrict CA trust to only the one certificate subject needed, rather than a wildcard v4.9 2 Nov 2009 - fix support for "check_multiple_credentials true" in myproxy-server.config, disabled since v4.4 (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=6878); changes include: - limit check_multiple_credentials functionality to GET requests (myproxy-logon) only - in authorization failures, give underlying error message rather than check_multiple_credentials unique error message - add myproxy-test cases for check_multiple_credentials and myproxy-admin-query v4.8 10 Sep 2009 - add myproxy-server.config proxy_extfile and proxy_extapp options for including custom certificate extensions in proxy certificates issued from the MyProxy repository (analogous to certificate_extfile and certificate_extapp for the CA module); requires GT 4.2.0 libraries (or later) (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=6786) - look for VOMS header files in include/voms directory for compatibility with Fedora's VOMS package (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=6847) - exit with an error message when --voms and -o - are used together in myproxy-logon (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=6807) - fix a memory error in myproxy-info/myproxy-destroy error handling (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=6849) - check myproxy-server.config lines for correct number of arguments (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=6852) v4.7 6 May 2009 - in myproxy-get-trustroots and myproxy-logon -T, update files atomically (using rename) rather than overwriting - add myproxy-get-trustroots.cron example for keeping /etc/grid-security/certificates up-to-date - support linking against flavored VOMS libraries - fix "self-authorization" check for CA requests (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=6713) - check certificate requests and issued certificates in the CA: (http://bugzilla.globus.org/globus/show_bug.cgi?id=6648) - add certificate_request_checker and certificate_issuer_checker options in myproxy-server.config for specifying call-outs before and after the MyProxy CA signs certificates - example myproxy-cert-checker and myproxy-certreq-checker call-outs are installed in $GLOBUS_LOCATION/share/myproxy - only accept RSA keys in certificate requests - don't allow RSA exponents < 65537 - add min_keylen option in myproxy-server.config for specifying a minimum allowed RSA key length - add syslog_facility option in myproxy-server.config to configure the myproxy-server to log to the specified syslog facility; the default is the "daemon" facility (http://bugzilla.globus.org/globus/show_bug.cgi?id=6717) - added an example in myproxy-accepted-credentials-mapapp of how to ban users (http://grid.ncsa.illinois.edu/myproxy/blacklist.html) - added myproxy-admin-query -o option to query by owner DN - replace fixed-length buffer in read_data_file() (credential repository file parser) with dynamically-sized buffer to support credentials with policies longer than 511 characters (http://bugzilla.globus.org/globus/show_bug.cgi?id=6723) - added certificate_serial_skip in myproxy-server.config to support staggered serial numbers across multiple CA instances - added certificate_issuer_hashalg in myproxy-server.config to configure the MyProxy CA to issue certificates using SHA-2 hash algorithms (SHA-224, SHA-256, SHA-384, SHA-512) rather than SHA-1 (the default). Requires OpenSSL 0.9.8 or later. v4.6 25 Mar 2009 - add myproxy-get-trustroots command to download trusted CA certificates without client-side authentication (http://bugzilla.globus.org/globus/show_bug.cgi?id=5899) - add sasl_mech, sasl_serverFQDN, and sasl_user_realm options to myproxy-server.config - include certificate subject in myproxy-admin-adduser output (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=6324) - handle error response message from myproxy-server during delegation (http://bugzilla.ncsa.uiuc.edu/show_bug.cgi?id=359) v4.5 12 Feb 2009 - in myproxy-server, disallow release of a credential based only on authentication with a client credential of the same subject (i.e., self-renewal) unless "allow_self_authorization true" is specified in myproxy-server.config (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=6630) - fix myproxy-logon --voms interaction with --out option (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=6612) - implement stricter checks on myproxy-server storage directory security using Safefile's safe_is_path_trusted_r() (http://pages.cs.wisc.edu/~kupsch/safefile/); for now, these checks result in WARNING messages rather than errors - added myproxy-server --portfile option, useful when binding to a random available port via myproxy-server --port 0 (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=6623) v4.4 12 Dec 2008 - allow $MYPROXY_SERVER and -s command-line options to be a comma-separated list of hostnames to try to connect to - in myproxy-server, fail on startup or reconfig with an "unsafe policy" error if a policy of trusted_retrievers "*" is specified without also specifying a restrictive default_trusted_retrievers policy, to avoid an unsafe policy that could release credentials to any client without additional authentication. - in myproxy-server, log info for the received client request before the authorization check, so we have the request info for troubleshooting purposes even if the request is denied. - in myproxy-server, fail on startup if PAM, SASL, or OCSP is configured in myproxy-server.config but the needed libraries are not linked in - fix problem with OpenSSL engine (for HSM support) being shutdown on child process failures - fix bug when issuing certificates with subject containing "//" (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=6488) - add support for multiple --voms options to myproxy-init/logon (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=6436) - added myproxy-info --credname option (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=6561) - for myproxy-logon -T, bootstrap the trusted certificates directory atomically (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=6432) - for myproxy-logon --voms, request the correct proxy type from voms-proxy-init - added example myproxy-revoke and myproxy-crl.cron scripts for revoking certificates issued by the MyProxy CA and generating CRLs - added max_cred_lifetime option in myproxy-server.config to limit the lifetime of credentials stored in the repository v4.3 2 Sep 2008 - improve MyProxy CA error message on incorrect passphrase. specifically, in myproxy-server, if passphrase in the request is non-empty, fail immediately if it can't be verified, rather than trying other methods; this forces other authentication methods (SASL, renewal) to send an empty passphrase (which current clients do by default), but it results in a better error message in the common case when an incorrect passphrase is given. also stop appending "invalid pass phrase" to the more specific error message from PAM or OpenSSL. - fix -m command-line option for myproxy-init and myproxy-logon - fix myproxy-init --voms with GT_PROXY_MODE="old" - in myproxy-init --voms, use voms-proxy-init -vomslife so VOMS AC lifetime matches proxy lifetime - if myproxy-init --local_proxy and --voms options are used together, only call voms-proxy-init once, and use that proxy to create the local proxy (via grid-proxy-init) - add a default timeout of 120 seconds for myproxy-server child processes to service requests before aborting, customizable via the myproxy-server.config request_timeout parameter - in myproxy-server, read incoming messages up to 1MB maximum to avoid memory exhaustion under heavy load - on myproxy-server startup, perform more sanity checks before fork to become daemon so exit status of original process is set to 1 on errors (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=6325) - in myproxy-server, don't re-read config file automatically on changes (i.e., undo change in v4.2); instead, re-read on SIGHUP (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=5627) - add reconfig method to etc.init.d.myproxy - make myproxy-admin-adduser less verbose by only showing the output of grid-cert-request on errors - added myproxy-admin-adduser -p option for specifying the CA private key password using openssl format (see the PASS PHRASE ARGUMENTS section in the openssl(1) man page) - associate "Connection from xxx.xxx.xxx.xxx" syslog message with child pid so it matches up with other syslog messages for that client v4.2 10 Jan 2008 - add support for $GT_PROXY_MODE="rfc" in myproxy-init - in the myproxy-server, no longer default to issuing a "legacy globus proxy" from an end-entity certificate; instead, issue the default proxy type according to the GSI library version - drop support for $GT_PROXY_MODE="old" in myproxy-logon; however, myproxy-init still supports $GT_PROXY_MODE="old" - in myproxy-server, re-read config file automatically on changes - fixes for newer OpenSSL versions used in GT 4.2 - fixes for MIT Kerberos 1.6 support (via SASL) v4.1 10 Sep 2007 - in myproxy-server, listen on $MYPROXY_SERVER_PORT if defined - for myproxy-logon/myproxy-retrieve -T, fix handling of zero length files and process only regular files (not subdirectories) v4.0 11 Jul 2007 - add myproxy-server-setup script for simple server install - fix myproxy-logon/myproxy-retrieve -T bug that caused trust bootstrap to fail when no certificates directory exists - add myproxy-admin-load-credential --retrieve_key and --retrievable_by_cert options - add myproxy-admin-addservice for distributing host/service credentials v3.9 12 Jun 2007 - update myproxy-logon/myproxy-retrieve -T behavior: - if no certificates directory exists, install the myproxy-server's CA certificate to bootstrap trust - if authentication to the myproxy-server fails due to a CRL error, remove problematic CRL file(s) and retry - if running as root, store trust roots in /etc/grid-security/certificates rather than ~root/.globus/certificates and credentials in /etc/grid-security/hostcert.pem/hostkey.pem - add --voms options to myproxy-init and myproxy-logon to add VOMS attributes, analogous to voms-proxy-init -voms; requires voms-proxy-init to be installed and configured - add myproxy-admin-query --config option v3.8 13 Apr 2007 - drop support for Globus Toolkit versions 3.0 and 2.4 - fix myproxy-replicate errors for credentials with usernames or crednames containing spaces - fix server-side problem when linking against globus_gssapi_gsi version 4.12 and later that causes "no shared cipher" errors - return more concise error messages to clients for common errors, with additional diagnostics written to the server log - fix configure check for OCSP functions in OpenSSL for enabling OCSP support - for --help, --usage, and --version options, exit with status 0 after printing help/usage/version information - add OpenSSL Engine support in the MyProxy CA to enable the use of hardware tokens via new myproxy-server.config certificate_openssl_engine options - check if client authenticates with a limited proxy, and if so, only allow the client to obtain another limited proxy, unless ignore_globus_limited_proxy_flag is set in myproxy-server.config - optionally store all certificates issued by the MyProxy CA in a directory via the certificate_out_dir myproxy-server.config option v3.7 12 Dec 2006 - fix handling of usernames containing '/', '-', and '.' characters; note this required a change to the myproxy-server repository format, so credential data files written by a new myproxy-server won't be readable by an older myproxy-server - verify that credentials in the myproxy-server repository are still valid (i.e., not revoked) before performing delegation - added myproxy-admin-query --invalid option for listing, locking, or removing invalid credentials from repository - optionally check OCSP status of stored credentials before performing delegation via myproxy-server.config ocsp settings; requires GT 3.2 (OpenSSL 0.9.7) or later - update etc.init.d.myproxy script to use pidfile to locate server to stop (rather than searching ps output), include a restart option, and exit with error if $GLOBUS_LOCATION isn't set - if the myproxy-server hostname given by $MYPROXY_SERVER or the -s option resolves to multiple IP addresses, clients will connect to each address until a connection is established or all fail - added accepted_credentials_mapapp call-out version of accepted_credentials_mapfile in myproxy-server.config - support unencrypted, although still signed, Pubcookie granting cookies as passwords - added myproxy-server.config syslog_ident option - improved MyProxy CA logging - added myproxy-server --listen to specify host/ip to bind to v3.6 10 Aug 2006 - support credential renewal via the MyProxy CA using myproxy-server.config authorized_renewers/default_renewers options - provide an access control list for storing credentials via the myproxy-server.config accepted_credentials_mapfile option - fix insecure temporary file handling in myproxy-admin-adduser - fix insecure input handling in myproxy-get-delegation.cgi example - support VOMS attributes in myproxy-server.config policies - in CA, issue certificates valid starting 5 minutes in the past to account for possible clock skew between hosts - add check_multiple_credentials option in myproxy-server.config to allow clients to retrieve a credential for a given username even if the associated "credential name" isn't provided (via myproxy-logon --credname) v3.5 14 Mar 2006 - dropped support for certificate_issuer option in myproxy-server.config; use certificate_issuer_cert instead - added myproxy_accept_delegation_ex() to retrieve credentials to a buffer rather than a file - in myproxy-logon, added support for writing credential to standard output via '-o -' option; also added --quiet option - added myproxy-logon --no_credentials option to authenticate without retrieving credentials - added certificate_mapapp call-out for mapping usernames to certificate subject distinguished names for the CA module - added certificate_extfile and certificate_extapp (call-out) for setting extensions in certificates issued by CA module - do not indicate in info command error output whether credentials owned by someone else exist, to avoid giving potentially useful information to an attacker - delegate credentials with minimum lifetime of 5 minutes to avoid problems with clock skew - fixed build problem with GT 2.4/3.0 introduced in v3.4: EVP_MD_CTX_cleanup() wasn't in OpenSSL 0.9.6 v3.4 19 Dec 2005 - added myproxy-test -valgrind option for detecting memory errors - fixed memory errors found with myproxy-test -valgrind - fixed handling of lifetime=0 requests in myproxy-server v3.3 2 Dec 2005 - API changes: new trusted_retrievers member for struct myproxy_creds and struct myproxy_request_t - generate 1024 bit keys instead of 512 bit keys - add support for certificate-only authentication to the myproxy-server via myproxy-init -Z and myproxy-server.config trusted_retrievers options - add support for CA username to DN resolution via LDAP using myproxy-server.config ca_ldap options - add myproxy-server authentication support for Pubcookie (http://www.pubcookie.org/) granting cookie via pubcookie_granting_cert and pubcookie_app_server_key myproxy-server.config options - add myproxy-init --local_proxy option to create a local proxy credential after storing a credential on the myproxy-server - add myproxy-init --keyfile/--certfile options - fix segmentation fault on reverse lookup in client - fix SASL build problems on Darwin - fix client-side memory leak in GSI_SOCKET_authentication_init() - in CA, use SHA1 instead of MD5 digest algorithm, set CA:FALSE in X509v3 Basic Constraints, include X509v3 Subject Key Identifier, and optionally set email X509v3 Subject Alternative Name using certificate_issuer_email_domain in myproxy-server.config - support alternate syntax "min max" for GLOBUS_TCP_PORT_RANGE and improve error handling and documentation for this environment variable v3.2 11 Oct 2005 - fix fd_set compiler error introduced in v3.1 v3.1 11 Oct 2005 - fix compilation problem on platforms without setenv() v3.0 28 Sep 2005 - add ability for myproxy-server to act as a CA by setting certificate_issuer options in myproxy-server.config - fix for static builds using 'gpt-build -static' - fixes for SASL support - increased myproxy-server's listen(2) backlog for improved scalability - modify myproxy-test to use "$LOGNAME.myproxy-test" for a username to avoid overwriting any existing credentials - include configured trusted certificate directory in debug/verbose output - install example myproxy-server.config to $GLOBUS_LOCATION/share/myproxy instead of potentially overwriting existing version in $GLOBUS_LOCATION/etc - warn on unknown directives in myproxy-server.config v2.3 28 Jul 2005 - fix AIX compliation problems in PAM module v2.2 14 Jul 2005 - fix TRU64 compilation problem - for --dn_as_username option, get DN from user proxy if available rather than requiring access to user certificate v2.1 6 Jul 2005 - fix compilation problem for ISO C89 compilers - fix myproxy-init compatibility with Java CoG grid-proxy-init in PATH (use grid-proxy-init -hours instead of -valid) - improve PAM error messages - fix error message on server-side authorized_renewers check - perform reverse lookup on server IP address for authorization consistency with other GSI clients - removed myproxy_resolve_hostname() from API v2.0 8 Jun 2005 - unified versioning with GPT packaging - added native PAM support (not requiring SASL) - added support for managing trusted CA certificates using myproxy-logon/myproxy-retrieve -T option - added the myproxy-replicate utility for managing multiple myproxy-server repository replicas for high availability - added myproxy_version() and myproxy_check_version() functions to verify headers match the shared library in use - fixed bug in previous version that caused myproxy-get-delegation not to be included in binary GPT installs - use system getopt_long() if available; otherwise, use included getopt_long from NetBSD instead of GNU version as previous - fixed server side bug where the default_key_retrievers policy was always applied even if the credential had a key retriever policy - fixed myproxy-test GT 2.4 compatibility problem in v0.6.5 - fixed myproxy_get_delegation() signature, erroneously changed in v0.6.2, to maintain API-level compatibility - added dynamic buffer management for improved handling of large messages v0.6.5 8 Apr 2005 (GPT package version 1.17) - added support for RFC 3820 proxy certificate format - renamed myproxy-get-delegation to myproxy-logon; kept myproxy-get-delegation symlink for backward compatibility - added myproxy-store and myproxy-retrieve commands for storing and retrieving credentials directly to/from the repository; note myproxy-retrieve support must be explicitly enabled by setting authorized_key_retrievers in myproxy-server.config - write temp proxy to /tmp/myproxy-proxy.. instead of /tmp/myproxy-proxy. so we can run more than one myproxy-init in an account at a time - added myproxy-test -performance option for performance testing - fixed potential logging race condition when running myproxy-server in verbose mode - fixed potential network race condition in myproxy-init - for myproxy-admin-change-pass, only prompt for existing password if existing credential is encrypted - check for invalid options passed to myproxy commands - fixed a myproxy-admin-change-pass segmentation fault when the storage directory is invalid - improve error messages for too-short passphrases (6 character minimum) v0.6.4 4 Jan 2005 (GPT package version 1.16) - fixed file permission bug in myproxy-admin-load-credential v0.6.3 22 Nov 2004 (GPT package version 1.15) - updated GPT packaging for compatibility with GT 3.9.3 (globus_gssapi_gsi-4.0) - added support for $GT_PROXY_MODE="old" in myproxy-get-delegation, to retrieve a "legacy globus proxy" from an end-entity certificate stored in the MyProxy repository. - modified client tools to attempt connecting to the server first, before prompting for user input, to catch server problems early. - added initial experimental support for Kerberos authentication via the SASL/GSSAPI mechanism. - removed dependency on perl Expect package in myproxy-test - added myproxy-test -startserver option - added myproxy-server --pidfile option to ease myproxy-server shutdown v0.6.2 21 Jun 2004 (GPT package version 1.14) - added initial experimental support for PAM authentication via the SASL/PLAIN mechanism. - changed myproxy-admin-change-pass so an empty pass phrase can be used for unencrypted keys (for example, for renewal keys) - fixed myproxy-admin-adduser to not depend on nonexistent myproxy-admin-adduser-config command - removed pass phrase functions from myproxy-admin-load-credential, so the existing pass phrase on the source key is kept as is. Use myproxy-admin-change-pass to change the pass phrase of a credential after loading. - fixed GT 2.2 and Java CoG incompatibility introduced in v0.6.1. Note: if repository contains end-entity credentials, Java CoG will retrieve old-style (legacy) proxies because the Java CoG certificate request doesn't specify the proxy type. - changed signature of myproxy_get_delegation() method. original signature is restored in v2.0. v0.6.1 30 Mar 2004 (GPT package version 1.13) Fixed a bug where the myproxy-server would always delegate new-style proxy credentials from end-entity credentials in repository. The myproxy-server now respects proxy type in the certificate request when end-entity credentials are stored in repository. However, if the repository contains proxy credentials, the server will delegate a proxy of the same type as stored in the repository irrespective of the certificate request, because new-style and old-style proxies can't be mixed. This bug fix resulted in an incompatibility with GT 2.2 and Java CoG clients, fixed in v0.6.2. v0.6.0 22 Mar 2004 (GPT package version 1.12) - added max_proxy_lifetime server configuration option for limiting the lifetime of retrieved credentials v0.5.9 28 Jan 2004 (GPT package version 1.11) - removed requirement for /dev/urandom and instead let OpenSSL seed its random number generator itself using its standard methods - added myproxy-admin-change-pass command - changed myproxy-get-delegation -d option to have effect even when -a option is not given - added support for OpenSSL 0.9.7 v0.5.8 23 Sep 2003 (GPT package version 1.10) - fixed networking problem with v0.5.7 on some platforms v0.5.7 25 Aug 2003 (GPT package version 1.9) - fixed additional problems with handling large credentials - bugfix: myproxy-admin-load-credential fails to prompt for passphrase of source credential in versions 0.5.4-0.5.6. v0.5.6 31 Jul 2003 (GPT package version 1.8) - added support for Globus Toolkit 3.0 libraries - added support for new GSI proxy certificate format - fixed 'myproxy-info -d' - fixed credential problem when using Globus Toolkit 2.4 libraries - removed buffer length restriction in credential renewal protocol v0.5.5 30 May 2003 (GPT package version 1.7) - added support for Globus Toolkit 2.4 libraries - added support for external passphrase quality enforcement with passphrase_policy_program command in myproxy-server.config - added support for locking credentials via myproxy-admin-query - included example myproxy.cron script for removing expired credentials - fixed problems with installed headers - added MYPROXY_SERVER_PORT environment variable v0.5.4 2 May 2003 (GPT package version 1.6) - myproxy-admin-adduser command added - default lifetime of delegated proxies changed to 12 hours instead of 2 - --passphrase option added to myproxy-admin-load-credential - new options (including remove option) added to myproxy-admin-query - compatibility problem with v0.2 (introduced in v0.5.0) fixed - OSX build problem fixed - support for delegating proxies with maximum lifetime added v0.5.3 19 Mar 2003 (GPT package version 1.5) This version fixes a build problem on AIX. v0.5.2 10 Mar 2003 (GPT package version 1.4) This version adds the myproxy-admin-query and myproxy-admin-load-credential commands and adds support for running the myproxy-server with a /CN=myproxy/fqhn credential. v0.5.1 12 Feb 2003 (GPT package version 1.3) This release fixes a bug where the X509_USER_CERT and X509_USER_KEY environment variables would confuse myproxy-init. v0.5.0 15 Nov 2002 (GPT package version 1.2) This is the first version for Globus Toolkit 2.2. It adds support for storing multiple credentials per username, stores private keys encrypted with the credential's passphrase (if set), and adds the myproxy-change-pass-phrase command. It is also the first version to be released unter the NCSA Open Source license. Note that due to version incompatibilities with Globus Toolkit 2.2 libraries and the Java CoG (not specific to MyProxy), this and future versions of MyProxy are not compatible with Java CoG versions before 1.0. v0.4.6 3 Sep 2002 (GPT package version 1.1) This version adds sample init.d and xinetd entries in the GPT package. v0.4.5 28 Aug 2002 (GPT package version 1.0) This is the first version packaged with GPT. In addition to changes for GPT compatibility, it contains minor changes to some MyProxy debug messages. v0.4.4 22 Mar 2002 This version adds the myproxy-info command. v0.4.3 6 Mar 2002 This version adds support for per-credential authorization. Users can specify retrieval/renewal policies for a credential on upload using myproxy-init. v0.4.2 4 Feb 2002 This version includes the GSI distinguished name matching logic that was removed in v0.4.0, so for example host/fqhn will now match fqhn again. It also adds support for restricting the TCP port ranges of the clients. v0.4.1 4 Dec 2001 This version adds support for Globus 2.0 and optionally using the distinguished name from the proxy certificate as the default myproxy username. v0.4.0 20 Nov 2001 This version adds support for anonymous X.509 client authentication, to allow users to retrieve a credential using their myproxy passphrase when they don't already have a credential. The myproxy server configuration file can enable or disable anonymous and certificate-based (from v0.3) authentication. v0.3 5 Oct 2001 This version adds support for certificate-based authentication in addition to passphrase based authentication, to enable credential renewal. It was developed by Daniel Kouril and Miroslav Ruda for the European DataGrid project. v0.2alpha3 11 Oct 2000 This version was used by many grid portals. v0.2alpha1 27 Sep 2000 v0.2 20 Sep 2000 v0.1b3 30 June 2000 v0.1b2 08 May 2000 v0.1b1 05 May 2000 v0.1 03 Apr 2000 myproxy-6.2.16/ssl_utils.c0000644000175100017510000017733114557142036012470 00000000000000/* * ssl_utils.c * * Routines for interacting directly with SSL, X509 certificates, etc. */ #include "myproxy_common.h" /* all needed headers included here */ #ifndef MAXPATHLEN #define MAXPATHLEN 4096 #endif #define PEM_CALLBACK(func) func, NULL #define PEM_NO_CALLBACK NULL, NULL #if OPENSSL_VERSION_NUMBER < 0x10100000L #define EVP_PKEY_id(k) (k)->type #endif /********************************************************************** * * Constants * */ #define PROXY_DEFAULT_LIFETIME -1L /* magic # for lifetime */ /* of signing cert */ /********************************************************************** * * Internal data structures * */ struct _ssl_credentials { X509 *certificate; EVP_PKEY *private_key; STACK_OF(X509) *certificate_chain; globus_gsi_proxy_handle_t proxy_req; }; struct _ssl_proxy_restrictions { /* 0 = unrestricted, 1 = limited */ int limited_proxy; /* Proxy lifetime in seconds, 0 means default, -1 means maximum */ long lifetime; }; /********************************************************************** * * Internal variables. * */ /* * Holder for pass phrase so callback function can find it. */ static const char *_ssl_pass_phrase = NULL; /********************************************************************** * * Internal functions. * */ /* * ssl_error_to_verror() * * Transfer an error description out of the ssl error handler to verror. */ void ssl_error_to_verror() { unsigned long error; ERR_STATE *error_state; const char *error_data; int error_number; while ((error = ERR_peek_error()) != 0) { /* Find data for last error */ error_state = ERR_get_state(); error_number = (error_state->bottom + 1) % ERR_NUM_ERRORS; error_data = error_state->err_data[error_number]; /* Now add to verror state */ verror_put_string("%s", ERR_error_string(error, NULL)); if (error_data != NULL) { verror_put_string("%s", error_data); } /* Pop error off of stack */ ERR_get_error(); } ERR_clear_error(); } /* * globus_error_to_verror() * * Transfer an error description out of the Globus error handler to verror. */ void globus_error_to_verror(globus_result_t result) { globus_object_t *error; char *desc; error = globus_error_get(result); if (!error) return; desc = globus_error_print_chain(error); globus_object_free(error); if (!desc) return; verror_put_string("%s", desc); free(desc); } /* * bio_from_buffer() * * Given a buffer of length buffer_len, return a memory bio with the * contents of the buffer. * * Returns pointer to bio on success, NULL on error. */ static BIO * bio_from_buffer(const unsigned char *buffer, int buffer_len) { BIO *bio = NULL; assert(buffer != NULL); bio = BIO_new(BIO_s_mem()); if (bio == NULL) { verror_put_string("Failed creating memory BIO"); ssl_error_to_verror(); goto error; } if (BIO_write(bio, (unsigned char *) buffer, buffer_len) == SSL_ERROR) { verror_put_string("Failed writing buffer to BIO"); ssl_error_to_verror(); BIO_free(bio); bio = NULL; goto error; } error: return bio; } /* * bio_to_buffer() * * Given a bio return the contents of the bio in a buffer. * pbuffer is set to point to the allocated buffer, and pbuffer_len * is filled in with the buffer length. Caller should free *pbuffer. * * Returns SSL_SUCCESS or SSL_ERROR. */ static int bio_to_buffer(BIO *bio, unsigned char **pbuffer, int *pbuffer_len) { char *buffer = NULL; int buffer_len; int return_status = SSL_ERROR; assert(bio != NULL); buffer_len = BIO_pending(bio); buffer = malloc(buffer_len+1); memset(buffer, '\0', buffer_len+1); if (buffer == NULL) { verror_put_string("Failed dumping BIO to buffer (malloc() failed)"); verror_put_errno(errno); goto error; } if (BIO_read(bio, buffer, buffer_len) == SSL_ERROR) { verror_put_string("Failed dumping BIO to buffer (BIO_read() failed)"); ssl_error_to_verror(); goto error; } /* Success */ *pbuffer = (unsigned char *)buffer; *pbuffer_len = buffer_len; return_status = SSL_SUCCESS; error: if (return_status == SSL_ERROR) { if (buffer != NULL) { free(buffer); } } return return_status; } /* * ssl_cert_chain_free() * * Free the given certificate chain and all it contents. */ static void ssl_cert_chain_free(STACK_OF(X509) *cert_chain) { if (cert_chain != NULL) { sk_X509_pop_free(cert_chain, X509_free); } } /* * ssl_credentials_free_contents() * * Free all the contents of the given credentials without freeing * the credentials structure itself. */ static void ssl_credentials_free_contents(SSL_CREDENTIALS *creds) { if (creds != NULL) { if (creds->certificate != NULL) { X509_free(creds->certificate); } if (creds->private_key != NULL) { EVP_PKEY_free(creds->private_key); } if (creds->certificate_chain != NULL) { ssl_cert_chain_free(creds->certificate_chain); } } } static int creds_from_bio(BIO *bio, SSL_CREDENTIALS **creds) { STACK_OF(X509) *cert_chain = NULL; X509 *cert = NULL; unsigned char number_of_certs; int cert_index; int return_status = SSL_ERROR; if (BIO_read(bio, &number_of_certs, sizeof(number_of_certs)) == SSL_ERROR) { verror_put_string("Failed unpacking chain from buffer" "(reading number of certificates)"); ssl_error_to_verror(); return SSL_ERROR; } if (number_of_certs == 0) { verror_put_string("Failed unpacking chain from buffer" "(number of certificates is zero)"); ssl_error_to_verror(); return SSL_ERROR; } cert = d2i_X509_bio(bio, NULL /* make new cert */); if (cert == NULL) { verror_put_string("Failed unpacking chain from buffer" "(reading user's certificate)"); ssl_error_to_verror(); goto end; } /* Now read the certificate chain */ cert_chain = sk_X509_new_null(); for (cert_index = 1; cert_index < number_of_certs; cert_index++) { X509 *x509; x509 = d2i_X509_bio(bio, NULL /* make new cert */); if (x509 == NULL) { verror_put_string("Failed unpacking chain from buffer" "(reading certificate)"); ssl_error_to_verror(); goto end; } if (sk_X509_push(cert_chain, x509) == SSL_ERROR) { verror_put_string("Failed unpacking chain from buffer" "(building a new chain)"); ssl_error_to_verror(); X509_free(x509); goto end; } } *creds = ssl_credentials_new(); if (*creds == NULL) { verror_put_string("Failed unpacking chain from buffer" "(building a new chain)"); goto end; } (*creds)->certificate_chain = cert_chain; cert_chain = NULL; (*creds)->certificate = cert; cert = NULL; return_status = SSL_SUCCESS; end: if (cert) X509_free(cert); if (cert_chain) ssl_cert_chain_free(cert_chain); return return_status; } static int creds_to_bio(SSL_CREDENTIALS *chain, BIO **bio) { unsigned char number_of_certs; BIO *output_bio = NULL; int index; int return_status = SSL_ERROR; output_bio = BIO_new(BIO_s_mem()); if (output_bio == NULL) { verror_put_string("BIO_new() failed"); ssl_error_to_verror(); return SSL_ERROR; } number_of_certs = 1; if (chain->certificate_chain != NULL) number_of_certs += sk_X509_num(chain->certificate_chain); if (BIO_write(output_bio, &number_of_certs,sizeof(number_of_certs)) == SSL_ERROR) { verror_put_string("Failed dumping chain to buffer" "(BIO_write() failed)"); ssl_error_to_verror(); goto end; } if (i2d_X509_bio(output_bio, chain->certificate) == SSL_ERROR) { verror_put_string("Failed dumping chain to buffer " "(write of user's certificate failed)"); ssl_error_to_verror(); goto end; } for (index = 0; index < sk_X509_num(chain->certificate_chain); index++) { X509 *cert; cert = (X509 *) sk_X509_value(chain->certificate_chain, index); if (i2d_X509_bio(output_bio, cert) == SSL_ERROR) { verror_put_string("Failed dumping chain to buffer " "(write of cert chain failed)"); ssl_error_to_verror(); goto end; } } *bio = output_bio; output_bio = NULL; return_status = SSL_SUCCESS; end: if (output_bio) BIO_free(output_bio); return return_status; } /* * my_init() * * Do any needed initialization for these routines. * Should be called first. Can be called multiple times. */ static void my_init() { static int my_inited = 0; if (my_inited == 0) { my_inited = 1; /* Initialize the ssleay libraries */ SSL_load_error_strings(); SSL_library_init(); globus_module_activate(GLOBUS_GSI_PROXY_MODULE); globus_module_activate(GLOBUS_GSI_CREDENTIAL_MODULE); globus_module_activate(GLOBUS_GSI_SYSCONFIG_MODULE); globus_module_activate(GLOBUS_GSI_CERT_UTILS_MODULE); } } /* * my_pass_phrase_callback() * * Callback from PEM_read_PrivateKey() in ssl_load_user_key() * to return the passphrase stored in _ssl_pass_phrase. */ static int my_pass_phrase_callback(char *buffer, int buffer_len, int verify /* Ignored */, void *u) { /* SSL libs supply these, make sure they are reasonable */ assert(buffer != NULL); assert(buffer_len > 0); if (_ssl_pass_phrase == NULL) { strcpy(buffer, ""); } else { strncpy(buffer, _ssl_pass_phrase, buffer_len); buffer[buffer_len - 1] = '\0'; } return strlen(buffer); } /* * ssl_x509_request_to_buffer() * * Dump the given X509 request structure to an allocated buffer. * * Returns SSL_SUCCESS or SSL_ERROR */ static int ssl_x509_request_to_buffer(X509_REQ *request, unsigned char **buffer, int *buffer_length) { int return_status = SSL_ERROR; BIO *bio = NULL; assert(request != NULL); assert(buffer != NULL); assert(buffer_length != NULL); bio = BIO_new(BIO_s_mem()); if (bio == NULL) { verror_put_string("Failed dumping X509 request to buffer (BIO_new() failed)"); ssl_error_to_verror(); goto error; } if (i2d_X509_REQ_bio(bio, request) == SSL_ERROR) { verror_put_string("Failed dumping X509 request to buffer"); ssl_error_to_verror(); goto error; } if (bio_to_buffer(bio, buffer, buffer_length) == SSL_ERROR) { goto error; } /* Success */ return_status = SSL_SUCCESS; error: if (bio != NULL) { BIO_free(bio); } return return_status; } /********************************************************************** * * API Functions * */ void ssl_credentials_destroy(SSL_CREDENTIALS *creds) { my_init(); if (creds != NULL) { ssl_credentials_free_contents(creds); free(creds); } } int ssl_proxy_file_destroy(const char *proxyfile) { FILE *fp; long offset, i; char zero = '\0'; struct stat s; int return_status = SSL_ERROR; assert(proxyfile != NULL); fp = fopen(proxyfile, "r+"); if (!fp) { verror_put_string("fopen(%s): %s\n", proxyfile, strerror(errno)); goto error; } /* Don't get fooled into zeroing out the wrong file via tricks with links and the like. */ if (fstat(fileno(fp), &s) < 0) { verror_put_string("fstat(%s): %s\n", proxyfile, strerror(errno)); goto error; } if (S_ISDIR(s.st_mode)) { verror_put_string("proxy file %s is a directory!\n", proxyfile); goto error; } if (!S_ISREG(s.st_mode)) { verror_put_string("proxy file %s is not a regular file!\n", proxyfile); goto error; } if (s.st_nlink != 1) { verror_put_string("proxy file %s has links!\n", proxyfile); goto error; } if (fseek(fp, 0L, SEEK_END) < 0) { verror_put_string("fseek(%s): %s\n", proxyfile, strerror(errno)); goto error; } offset = ftell(fp); if (offset < 0) { verror_put_string("ftell(%s): %s\n", proxyfile, strerror(errno)); goto error; } if (fseek(fp, 0L, SEEK_SET) < 0) { verror_put_string("fseek(%s): %s\n", proxyfile, strerror(errno)); goto error; } for (i=0; i < offset; i++) { if (fwrite(&zero, 1, 1, fp) != 1) { verror_put_string("fwrite(%s): %s\n", proxyfile, strerror(errno)); goto error; } } return_status = SSL_SUCCESS; error: if (fp) fclose(fp); if (unlink(proxyfile) < 0) { /* always try to unlink it, even on error */ verror_put_string("unlink: %s\n", strerror(errno)); return SSL_ERROR; } return return_status; } int ssl_certificate_load_from_file(SSL_CREDENTIALS *creds, const char *path) { FILE *cert_file = NULL; X509 *cert = NULL; int return_status = SSL_ERROR; STACK_OF(X509) *cert_chain = NULL; assert(creds != NULL); assert(path != NULL); my_init(); cert_file = fopen(path, "r"); if (cert_file == NULL) { verror_put_string("Error opening certificate file %s", path); verror_put_errno(errno); goto error; } if ((cert = PEM_read_X509(cert_file, NULL, PEM_NO_CALLBACK)) == NULL) { verror_put_string("Error reading certificate %s", path); ssl_error_to_verror(); goto error; } if (creds->certificate != NULL) { X509_free(creds->certificate); } creds->certificate = cert; /* Ok, now read the certificate chain */ /* Create empty stack */ cert_chain = sk_X509_new_null(); while (1) { cert = NULL; ERR_clear_error(); /* clear any prior OpenSSL errors */ if ((cert = PEM_read_X509(cert_file, NULL, PEM_NO_CALLBACK)) == NULL) { /* * If we just can't find a start line then we've reached EOF. */ if (ERR_GET_REASON(ERR_peek_error()) == PEM_R_NO_START_LINE) { /* Just EOF, clear error and break out of loop */ ERR_clear_error(); break; } /* Actual error */ verror_put_string("Error parsing certificate chain"); ssl_error_to_verror(); goto error; } /* Add to chain */ if (sk_X509_insert(cert_chain, cert, sk_X509_num(cert_chain)) == SSL_ERROR) { verror_put_string("Error parsing certificate chain"); ssl_error_to_verror(); goto error; } } /* while(1) */ creds->certificate_chain = cert_chain; /* Success */ return_status = SSL_SUCCESS; error: if (cert_file != NULL) { fclose(cert_file); } return return_status; } int ssl_certificate_push(SSL_CREDENTIALS *creds, X509 *cert) { assert(creds != NULL); assert(cert != NULL); /* Place the given cert on top of other certs in creds */ if (creds->certificate != NULL) { if (creds->certificate_chain == NULL) creds->certificate_chain = sk_X509_new_null(); if (sk_X509_insert(creds->certificate_chain, creds->certificate, 0) == SSL_ERROR) { verror_put_string("Error inserting certificate into creds cert chain"); ssl_error_to_verror(); return SSL_ERROR; } } creds->certificate = cert; return SSL_SUCCESS; } int ssl_private_key_load_from_file(SSL_CREDENTIALS *creds, const char *path, const char *pass_phrase, const char *pass_phrase_prompt) { FILE *key_file = NULL; EVP_PKEY *key = NULL; int return_status = SSL_ERROR; assert(creds != NULL); assert(path != NULL); my_init(); /* * Put pass phrase where the callback function can find it. */ _ssl_pass_phrase = pass_phrase; if (pass_phrase_prompt) EVP_set_pw_prompt((char *)pass_phrase_prompt); key_file = fopen(path, "r"); if (key_file == NULL) { verror_put_string("Error opening key file %s", path); verror_put_errno(errno); goto error; } if ((key = PEM_read_PrivateKey(key_file, NULL, (pass_phrase_prompt) ? NULL : my_pass_phrase_callback, NULL)) == NULL) { unsigned long error, reason; error = ERR_peek_error(); reason = ERR_GET_REASON(error); /* If this is a bad password, return a better error message */ if (reason == EVP_R_BAD_DECRYPT || reason == PEM_R_BAD_PASSWORD_READ) { verror_put_string("Bad password"); } else { verror_put_string("Error reading private key %s", path); ssl_error_to_verror(); } goto error; } if (creds->private_key != NULL) { EVP_PKEY_free(creds->private_key); } creds->private_key = key; /* Success */ return_status = SSL_SUCCESS; error: if (key_file != NULL) { fclose(key_file); } _ssl_pass_phrase = NULL; return return_status; } int ssl_private_key_store_to_file(SSL_CREDENTIALS *creds, const char *path, const char *pass_phrase) { BIO *keybio = 0; const EVP_CIPHER *cipher; int pass_phrase_len; int return_status = SSL_ERROR; keybio = BIO_new_file(path, "w"); if (!keybio) { verror_put_string("failed to open %s", path); goto error; } if (pass_phrase == NULL) { /* No encryption */ cipher = NULL; pass_phrase_len = 0; } else { /* Encrypt with pass phrase */ /* XXX This is my best guess at a cipher */ cipher = EVP_des_ede3_cbc(); pass_phrase_len = strlen(pass_phrase); } /* Replaced PEM_write_bio_PrivateKey() with PEM_ASN1_write_bio() because starting with OpenSSL 1.0 PEM_write_bio_PrivateKey() wouldn't put "RSA" in "BEGIN RSA PRIVATE KEY" that could cause some grid utilities and such to fail. We should probably still consider reverting back to PEM_write_bio_PrivateKey() in the future as PEM_write_bio_PrivateKey() uses PEM_write_bio_PKCS8PrivateKey() which "uses the more more secure PKCS#8 private key format with a high iteration count" per the CHANGES file in the openssl tree */ if (PEM_ASN1_write_bio((int (*)())i2d_PrivateKey, ((EVP_PKEY_id(creds->private_key) == EVP_PKEY_DSA)? PEM_STRING_DSA:PEM_STRING_RSA), keybio, (void *)creds->private_key, cipher, (unsigned char *) pass_phrase, pass_phrase_len, PEM_NO_CALLBACK) == SSL_ERROR) { verror_put_string("Error packing private key"); ssl_error_to_verror(); goto error; } return_status = SSL_SUCCESS; error: if (keybio) BIO_free(keybio); return return_status; } int ssl_private_key_is_encrypted(const char *path) { FILE *key_file = NULL; EVP_PKEY *key = NULL; int return_status = -1; my_init(); key_file = fopen(path, "r"); if (key_file == NULL) { verror_put_string("Error opening key file %s", path); verror_put_errno(errno); goto cleanup; /* error */ } _ssl_pass_phrase = NULL; ERR_clear_error(); if ((key = PEM_read_PrivateKey(key_file, NULL, PEM_CALLBACK(my_pass_phrase_callback))) == NULL) { return_status = 1; /* key is encrypted */ } else { return_status = 0; /* key is unencrypted */ } cleanup: if (key_file) fclose(key_file); if (key) EVP_PKEY_free(key); ERR_clear_error(); return return_status; /* key unencrypted */ } int ssl_proxy_from_pem(SSL_CREDENTIALS *creds, const unsigned char *buffer, int buffer_len, const char *pass_phrase) { BIO *bio = NULL; X509 *cert = NULL; EVP_PKEY *key = NULL; STACK_OF(X509) *cert_chain = NULL; int return_status = SSL_ERROR; assert(creds != NULL); assert(buffer != NULL); my_init(); /* * Put pass phrase where the callback function can find it. */ _ssl_pass_phrase = pass_phrase; ERR_clear_error(); bio = bio_from_buffer(buffer, buffer_len); if (bio == NULL) { goto error; } /* * Proxy file contains proxy certificate followed by proxy * private key, followed by the certificate chain. */ /* Read proxy certificate */ if (PEM_read_bio_X509(bio, &cert, PEM_NO_CALLBACK) == NULL) { verror_put_string("Error parsing proxy certificate"); ssl_error_to_verror(); goto error; } /* Read proxy private key */ if ((key = PEM_read_bio_PrivateKey(bio, NULL, PEM_CALLBACK(my_pass_phrase_callback))) == NULL) { unsigned long error, reason; error = ERR_peek_error(); reason = ERR_GET_REASON(error); /* If this is a bad password, return a better error message */ if (reason == EVP_R_BAD_DECRYPT || reason == PEM_R_BAD_PASSWORD_READ) { verror_put_string("Bad password"); } else { verror_put_string("Error parsing private key"); ssl_error_to_verror(); } goto error; } /* Ok, now read the certificate chain */ /* Create empty stack */ cert_chain = sk_X509_new_null(); while (1) { X509 *certificate = NULL; ERR_clear_error(); /* clear any prior OpenSSL errors */ if (PEM_read_bio_X509(bio, &certificate, PEM_NO_CALLBACK) == NULL) { /* * If we just can't find a start line then we've reached EOF. */ if (ERR_GET_REASON(ERR_peek_error()) == PEM_R_NO_START_LINE) { /* Just EOF, clear error and break out of loop */ ERR_clear_error(); break; } /* Actual error */ verror_put_string("Error parsing certificate chain from proxy"); ssl_error_to_verror(); goto error; } /* Add to chain */ if (sk_X509_insert(cert_chain, certificate, sk_X509_num(cert_chain)) == SSL_ERROR) { verror_put_string("Error parsing certificate chain from proxy"); ssl_error_to_verror(); goto error; } } /* while(1) */ /* * Ok, everything has been successfully read, now store it into * creds, removing any existing contents. */ ssl_credentials_free_contents(creds); creds->private_key = key; creds->certificate = cert; creds->certificate_chain = cert_chain; /* Success */ return_status = SSL_SUCCESS; error: if (return_status == SSL_ERROR) { /* * On error, clean up any key, cert or chain. On success * we don't want to do this as they are part of the creds. */ if (cert != NULL) { X509_free(cert); } if (key != NULL) { EVP_PKEY_free(key); } if (cert_chain) { ssl_cert_chain_free(cert_chain); } } if (bio != NULL) { BIO_free(bio); } return return_status; } int ssl_proxy_load_from_file(SSL_CREDENTIALS *creds, const char *path, const char *pass_phrase) { unsigned char *buffer = NULL; int buffer_len; int return_status = SSL_ERROR; assert(creds != NULL); assert(path != NULL); my_init(); /* Read the whole contents of the given file */ if (buffer_from_file(path, &buffer, &buffer_len) == -1) { goto error; } if (ssl_proxy_from_pem(creds, buffer, buffer_len, pass_phrase) == SSL_ERROR) { verror_prepend_string("Error reading proxy from %s", path); goto error; } /* Success */ return_status = SSL_SUCCESS; error: if (buffer != NULL) { free(buffer); } return return_status; } int ssl_proxy_to_pem(SSL_CREDENTIALS *creds, unsigned char **pbuffer, int *pbuffer_len, const char *pass_phrase) { BIO *bio = NULL; const EVP_CIPHER *cipher; int pass_phrase_len; int cert_chain_index; int return_status = SSL_ERROR; assert(creds != NULL); assert(pbuffer != NULL); assert(pbuffer_len != NULL); my_init(); bio = BIO_new(BIO_s_mem()); if (bio == NULL) { verror_put_string("Failed creating memory BIO"); ssl_error_to_verror(); goto error; } /* * Write out proxy certificate, followed by proxy private key and * then followed by the cert chain. */ if (creds->certificate == NULL) { verror_put_string("Malformed proxy credentials (No certificate)"); goto error; } if (PEM_write_bio_X509(bio, creds->certificate) == SSL_ERROR) { verror_put_string("Error packing proxy certificate"); ssl_error_to_verror(); goto error; } if (creds->private_key) { /* just write certs if no private key */ if (pass_phrase == NULL) { /* No encryption */ cipher = NULL; pass_phrase_len = 0; } else { /* Encrypt with pass phrase */ /* XXX This is my best guess at a cipher */ cipher = EVP_des_ede3_cbc(); pass_phrase_len = strlen(pass_phrase); } /* Replaced PEM_write_bio_PrivateKey() with PEM_ASN1_write_bio() because starting with OpenSSL 1.0 PEM_write_bio_PrivateKey() wouldn't put "RSA" in "BEGIN RSA PRIVATE KEY" that could cause some grid utilities and such to fail. We should probably still consider reverting back to PEM_write_bio_PrivateKey() in the future as PEM_write_bio_PrivateKey() uses PEM_write_bio_PKCS8PrivateKey() which "uses the more more secure PKCS#8 private key format with a high iteration count" per the CHANGES file in the openssl tree */ if (PEM_ASN1_write_bio((int (*)())i2d_PrivateKey, ((EVP_PKEY_id(creds->private_key) == EVP_PKEY_DSA)? PEM_STRING_DSA:PEM_STRING_RSA), bio, (void *)creds->private_key, cipher, (unsigned char *) pass_phrase, pass_phrase_len, PEM_NO_CALLBACK) == SSL_ERROR) { verror_put_string("Error packing private key"); ssl_error_to_verror(); goto error; } } if (creds->certificate_chain != NULL) { for (cert_chain_index = 0; cert_chain_index < sk_X509_num(creds->certificate_chain); cert_chain_index++) { X509 *cert; cert = (X509 *) sk_X509_value(creds->certificate_chain, cert_chain_index); if (PEM_write_bio_X509(bio, cert) == SSL_ERROR) { verror_put_string("Error packing certificate chain"); ssl_error_to_verror(); goto error; } } } /* OK, bio is filled, now dump to buffer */ if (bio_to_buffer(bio, pbuffer, pbuffer_len) == SSL_ERROR) { goto error; } /* Success */ return_status = SSL_SUCCESS; error: if (bio != NULL) { BIO_free(bio); } return return_status; } int ssl_proxy_store_to_file(SSL_CREDENTIALS *proxy_creds, const char *path, const char *pass_phrase) { int bufsiz; char *tmpfilename = NULL; int fd = -1; int return_status = SSL_ERROR; unsigned char *buffer = NULL; int buffer_len; assert(proxy_creds != NULL); assert(path != NULL); my_init(); bufsiz = strlen(path) + 15; tmpfilename = malloc(bufsiz); snprintf(tmpfilename, bufsiz, "%s.temp.XXXXXX", path); /* mkstemp creates a file with O_EXCL flag, and permissions 0600 */ fd = mkstemp(tmpfilename); if (fd == -1) { verror_put_string("Error creating %s", tmpfilename); verror_put_errno(errno); goto error; } /* * Dump proxy to buffer */ if (ssl_proxy_to_pem(proxy_creds, &buffer, &buffer_len, pass_phrase) == SSL_ERROR) { goto error; } if (write(fd, buffer, buffer_len) == -1) { verror_put_errno(errno); verror_put_string("Error writing proxy to %s", path); goto error; } close(fd); fd = -1; if (rename(tmpfilename, path) < 0) { verror_put_string("rename(%s, %s) failed", tmpfilename, path); verror_put_errno(errno); goto error; } /* Success */ return_status = SSL_SUCCESS; error: if (buffer != NULL) { free(buffer); } if (fd != -1) { close(fd); if (return_status == SSL_ERROR) { /* Remove any file we created */ ssl_proxy_file_destroy(tmpfilename); } } if (tmpfilename) { free(tmpfilename); } return return_status; } SSL_CREDENTIALS * ssl_credentials_new() { SSL_CREDENTIALS *creds = NULL; my_init(); creds = malloc(sizeof(*creds)); if (creds == NULL) { verror_put_errno(errno); goto error; } memset(creds, 0, sizeof(SSL_CREDENTIALS)); error: return creds; } int ssl_certreq_pem_to_der(char *certreq, unsigned char **buffer, int *buffer_length) { int return_status = SSL_ERROR; BIO *bio = NULL; X509_REQ *req = NULL; my_init(); assert(certreq != NULL); assert(buffer != NULL); assert(buffer_length != NULL); if (certreq[0] == '-' && certreq[1] == '\0') { bio = BIO_new_fp(stdin,BIO_NOCLOSE); } else { bio = BIO_new_file(certreq, "r"); } if (!bio) { ssl_error_to_verror(); goto error; } req=PEM_read_bio_X509_REQ(bio,NULL,NULL,NULL); if (!req) { ssl_error_to_verror(); goto error; } if (ssl_x509_request_to_buffer(req, buffer, buffer_length) == SSL_ERROR) { ssl_error_to_verror(); goto error; } /* Success */ return_status = SSL_SUCCESS; error: if (bio) BIO_free(bio); if (req) X509_REQ_free(req); return return_status; } int ssl_proxy_delegation_init(SSL_CREDENTIALS **new_creds, unsigned char **buffer, int *buffer_length, int requested_bits, void (*callback)(int,int,void *)) { int return_status = SSL_ERROR; globus_result_t local_result; globus_gsi_proxy_handle_attrs_t proxy_handle_attrs = NULL; BIO *bio = NULL; char *GT_PROXY_MODE = NULL; char *keybitsenv = NULL; int keybits = MYPROXY_DEFAULT_KEYBITS; my_init(); assert(new_creds != NULL); assert(buffer != NULL); assert(buffer_length != NULL); if ((keybitsenv = getenv("MYPROXY_KEYBITS")) != NULL) { keybits = atoi(keybitsenv); } *new_creds = ssl_credentials_new(); globus_gsi_proxy_handle_attrs_init(&proxy_handle_attrs); globus_gsi_proxy_handle_attrs_set_keybits(proxy_handle_attrs, keybits); /* globus_gsi_proxy_handle_init() initializes proxy_req->type, which is used * when the GT_PROXY_MODE environment variable is unset */ local_result = globus_gsi_proxy_handle_init(&(*new_creds)->proxy_req, proxy_handle_attrs); /* done with proxy_handle_attrs now */ globus_gsi_proxy_handle_attrs_destroy(proxy_handle_attrs); if (local_result != GLOBUS_SUCCESS) { verror_put_string("globus_gsi_proxy_handle_init() failed"); globus_error_to_verror(local_result); goto error; } GT_PROXY_MODE = getenv("GT_PROXY_MODE"); if (GT_PROXY_MODE) { if (strcmp(GT_PROXY_MODE, "old") == 0) { local_result = globus_gsi_proxy_handle_set_type((*new_creds)->proxy_req, GLOBUS_GSI_CERT_UTILS_TYPE_GSI_2_PROXY); #if defined(GLOBUS_GSI_CERT_UTILS_IS_RFC_PROXY) } else if (strcmp(GT_PROXY_MODE, "rfc") == 0) { local_result = globus_gsi_proxy_handle_set_type((*new_creds)->proxy_req, GLOBUS_GSI_CERT_UTILS_TYPE_RFC_IMPERSONATION_PROXY); #endif } else { verror_put_string("Unsupported value for GT_PROXY_MODE: %s", GT_PROXY_MODE); globus_error_to_verror(GLOBUS_FAILURE); goto error; } if (local_result != GLOBUS_SUCCESS) { verror_put_string("globus_gsi_proxy_handle_set_type() failed"); globus_error_to_verror(local_result); goto error; } } bio = BIO_new(BIO_s_mem()); if (bio == NULL) { verror_put_string("BIO_new() failed"); goto error; } local_result = globus_gsi_proxy_create_req((*new_creds)->proxy_req, bio); if (local_result != GLOBUS_SUCCESS) { verror_put_string("globus_gsi_proxy_create_req() failed"); globus_error_to_verror(local_result); goto error; } if (bio_to_buffer(bio, buffer, buffer_length) == SSL_ERROR) { verror_put_string("bio_to_buffer() failed"); goto error; } /* Success */ return_status = SSL_SUCCESS; error: if (bio) { BIO_free(bio); } return return_status; } int ssl_proxy_delegation_finalize(SSL_CREDENTIALS *creds, unsigned char *buffer, int buffer_length) { BIO *bio = NULL; int return_status = SSL_ERROR; unsigned char number_of_certs; globus_result_t local_result; globus_gsi_cred_handle_t cred_handle; assert(creds != NULL); assert(buffer != NULL); /* Transfer the buffer to a bio */ bio = bio_from_buffer(buffer, buffer_length); if (bio == NULL) { verror_put_string("Failed unpacking proxy certificate from buffer"); goto error; } /* * Buffer contains: * -a bytes containing the number of certificates. * -the proxy certificate * -the certificate chain */ /* Read number of certificates for backward compatibility */ if (BIO_read(bio, &number_of_certs, sizeof(number_of_certs)) == SSL_ERROR) { verror_put_string("Failed unpacking proxy certificate from buffer (reading number of certificates)"); ssl_error_to_verror(); goto error; } if (number_of_certs == 0) { verror_put_string("Failed unpacking proxy certificate from buffer (number of certificates == 0)"); ssl_error_to_verror(); goto error; } if (creds->proxy_req) { /* read the proxy certificate and certificate chain */ local_result = globus_gsi_proxy_assemble_cred(creds->proxy_req, &cred_handle, bio); if (local_result != GLOBUS_SUCCESS) { verror_put_string("globus_gsi_proxy_assemble_cred() failed"); globus_error_to_verror(local_result); goto error; } /* don't need the proxy_req anymore */ globus_gsi_proxy_handle_destroy(creds->proxy_req); /* pull out what we need from the cred_handle */ local_result = globus_gsi_cred_get_cert(cred_handle, &creds->certificate); if (local_result != GLOBUS_SUCCESS) { verror_put_string("globus_gsi_cred_get_cert() failed"); globus_error_to_verror(local_result); goto error; } local_result = globus_gsi_cred_get_key(cred_handle, &creds->private_key); if (local_result != GLOBUS_SUCCESS) { verror_put_string("globus_gsi_cred_get_key() failed"); globus_error_to_verror(local_result); goto error; } local_result = globus_gsi_cred_get_cert_chain(cred_handle, &creds->certificate_chain); if (local_result != GLOBUS_SUCCESS) { verror_put_string("globus_gsi_cred_get_cert_chain() failed"); globus_error_to_verror(local_result); goto error; } globus_gsi_cred_handle_destroy(cred_handle); } else { X509 *proxy_cert = NULL; int cert_index = 0; STACK_OF(X509) *cert_chain = NULL; /* Now read the certificate */ proxy_cert = d2i_X509_bio(bio, NULL /* make new cert */); if (proxy_cert == NULL) { verror_put_string("Failed unpacking certificate from buffer (reading certificate)"); ssl_error_to_verror(); goto error; } cert_index++; /* Now read the certificate chain */ cert_chain = sk_X509_new_null(); while (cert_index < number_of_certs) { X509 *cert; cert = d2i_X509_bio(bio, NULL /* make new cert */); if (cert == NULL) { verror_put_string("Failed unpacking certificate from buffer (reading cert chain)"); ssl_error_to_verror(); goto error; } if (sk_X509_push(cert_chain, cert) == SSL_ERROR) { verror_put_string("Failed unpacking certificate from buffer (building cert chain)"); ssl_error_to_verror(); X509_free(cert); goto error; } cert_index++; } /* Success */ /* XXX Should free any current contents first */ creds->certificate = proxy_cert; creds->certificate_chain = cert_chain; } return_status = SSL_SUCCESS; error: if (bio != NULL) { BIO_free(bio); } return return_status; } int ssl_proxy_delegation_sign(SSL_CREDENTIALS *creds, SSL_PROXY_RESTRICTIONS *restrictions, unsigned char *input_buffer, int input_buffer_length, unsigned char **output_buffer, int *output_buffer_length) { X509 *proxy_certificate = NULL; int return_status = SSL_ERROR; BIO *bio = NULL; unsigned char number_of_certs; int index; globus_gsi_proxy_handle_t proxy_handle = NULL; globus_gsi_cred_handle_t cred_handle = NULL; globus_result_t local_result; globus_gsi_cert_utils_cert_type_t cert_type; STACK_OF(X509_EXTENSION) *extensions = NULL; assert(creds != NULL); assert(creds->certificate); assert(creds->private_key); assert(input_buffer != NULL); assert(output_buffer != NULL); assert(output_buffer_length != NULL); my_init(); /* initialize cred_handle with our credential so we can use Globus GSI API */ local_result = globus_gsi_cred_handle_init(&cred_handle, NULL); if (local_result != GLOBUS_SUCCESS) { verror_put_string("globus_gsi_cred_handle_init() failed"); globus_error_to_verror(local_result); goto error; } local_result = globus_gsi_cred_set_cert(cred_handle, creds->certificate); if (local_result != GLOBUS_SUCCESS) { verror_put_string("globus_gsi_cred_set_cert() failed"); globus_error_to_verror(local_result); goto error; } local_result = globus_gsi_cred_set_key(cred_handle, creds->private_key); if (local_result != GLOBUS_SUCCESS) { verror_put_string("globus_gsi_cred_set_key() failed"); globus_error_to_verror(local_result); goto error; } local_result = globus_gsi_cred_set_cert_chain(cred_handle, creds->certificate_chain); if (local_result != GLOBUS_SUCCESS) { verror_put_string("globus_gsi_cred_set_cert_chain() failed"); globus_error_to_verror(local_result); goto error; } /* proxy handle is the proxy we're going to sign */ local_result = globus_gsi_proxy_handle_init(&proxy_handle, NULL); if (local_result != GLOBUS_SUCCESS) { verror_put_string("globus_gsi_proxy_handle_init() failed"); globus_error_to_verror(local_result); goto error; } /* what type of certificate do we have in the repository? */ local_result = globus_gsi_cert_utils_get_cert_type(creds->certificate, &cert_type); if (local_result != GLOBUS_SUCCESS) { verror_put_string("globus_gsi_cert_utils_get_cert_type() failed"); globus_error_to_verror(local_result); goto error; } /* get proxy request */ bio = BIO_new(BIO_s_mem()); if (bio == NULL) { verror_put_string("BIO_new() failed"); goto error; } if (BIO_write(bio, input_buffer, input_buffer_length) < 0) { verror_put_string("BIO_write() failed"); goto error; } local_result = globus_gsi_proxy_inquire_req(proxy_handle, bio); if (local_result != GLOBUS_SUCCESS) { verror_put_string("globus_gsi_proxy_inquire_req() failed"); globus_error_to_verror(local_result); goto error; } BIO_free(bio); bio = NULL; /* Set lifetime and limited options on proxy before signing. */ if (GLOBUS_GSI_CERT_UTILS_IS_PROXY(cert_type)) { local_result = globus_gsi_proxy_handle_set_type(proxy_handle, cert_type); if (local_result != GLOBUS_SUCCESS) { verror_put_string("globus_gsi_proxy_handle_set_type() failed"); globus_error_to_verror(local_result); goto error; } } if (restrictions && restrictions->limited_proxy) { globus_gsi_proxy_handle_get_type(proxy_handle, &cert_type); if (GLOBUS_GSI_CERT_UTILS_IS_GSI_3_PROXY(cert_type)) { globus_gsi_proxy_handle_set_type(proxy_handle, GLOBUS_GSI_CERT_UTILS_TYPE_GSI_3_LIMITED_PROXY); #if defined(GLOBUS_GSI_CERT_UTILS_IS_RFC_PROXY) } else if (GLOBUS_GSI_CERT_UTILS_IS_RFC_PROXY(cert_type)) { globus_gsi_proxy_handle_set_type(proxy_handle, GLOBUS_GSI_CERT_UTILS_TYPE_RFC_LIMITED_PROXY); #endif } else if (GLOBUS_GSI_CERT_UTILS_IS_GSI_2_PROXY(cert_type)) { globus_gsi_proxy_handle_set_type(proxy_handle, GLOBUS_GSI_CERT_UTILS_TYPE_GSI_2_LIMITED_PROXY); } else { verror_put_string("unknown proxy type for limited proxy"); goto error; } } if (!restrictions || !restrictions->lifetime) { globus_gsi_proxy_handle_set_time_valid(proxy_handle, PROXY_DEFAULT_LIFETIME/60); } else if (restrictions->lifetime > 0) { globus_gsi_proxy_handle_set_time_valid(proxy_handle, restrictions->lifetime/60); } #if defined(HAVE_GLOBUS_GSI_PROXY_HANDLE_SET_EXTENSIONS) /* add any additional extensions */ myproxy_get_extensions(&extensions); if (extensions) { local_result = globus_gsi_proxy_handle_set_extensions(proxy_handle, extensions); if (local_result != GLOBUS_SUCCESS) { verror_put_string("globus_gsi_proxy_handle_set_extensions() failed"); globus_error_to_verror(local_result); goto error; } } #endif /* send number of certificates in reply for backward compatibility */ bio = BIO_new(BIO_s_mem()); if (bio == NULL) { verror_put_string("BIO_new() failed"); goto error; } number_of_certs = 2; if (creds->certificate_chain != NULL) number_of_certs += sk_X509_num(creds->certificate_chain); if (BIO_write(bio, &number_of_certs, sizeof(number_of_certs)) == SSL_ERROR) { verror_put_string("Failed dumping proxy certificate to buffer (BIO_write() failed)"); ssl_error_to_verror(); goto error; } /* sign request and write out proxy certificate to bio */ local_result = globus_gsi_proxy_sign_req(proxy_handle, cred_handle, bio); if (local_result != GLOBUS_SUCCESS) { verror_put_string("globus_gsi_proxy_sign_req() failed"); globus_error_to_verror(local_result); goto error; } /* then write out our signing certificate... */ if (i2d_X509_bio(bio, creds->certificate) == SSL_ERROR) { verror_put_string("Failed dumping proxy certificate to buffer (write of signing cert failed)"); ssl_error_to_verror(); goto error; } /* ...and any other certificates in the chain. */ for (index = 0; index < sk_X509_num(creds->certificate_chain); index++) { X509 *cert; cert = sk_X509_value(creds->certificate_chain, index); if (i2d_X509_bio(bio, cert) == SSL_ERROR) { verror_put_string("Failed dumping proxy certificate to buffer (write of cert chain failed)"); ssl_error_to_verror(); goto error; } } /* Now dump bio's contents to buffer */ if (bio_to_buffer(bio, output_buffer, output_buffer_length) == SSL_ERROR) { goto error; } /* Success */ return_status = SSL_SUCCESS; error: if (bio != NULL) { BIO_free(bio); } if (proxy_certificate != NULL) { X509_free(proxy_certificate); } if (proxy_handle) { globus_gsi_proxy_handle_destroy(proxy_handle); } if (cred_handle) { globus_gsi_cred_handle_destroy(cred_handle); } if (extensions) { sk_X509_EXTENSION_free(extensions); } return return_status; } void ssl_free_buffer(unsigned char *buffer) { if (buffer != NULL) { free(buffer); } } SSL_PROXY_RESTRICTIONS * ssl_proxy_restrictions_new() { SSL_PROXY_RESTRICTIONS *restrictions = NULL; restrictions = malloc(sizeof(SSL_PROXY_RESTRICTIONS)); if (restrictions == NULL) { verror_put_string("malloc() failed"); verror_put_errno(errno); return NULL; } /* Set defaults */ restrictions->limited_proxy = 0; /* Not limited */ restrictions->lifetime = 0; /* 0 == default */ return restrictions; } void ssl_proxy_restrictions_destroy(SSL_PROXY_RESTRICTIONS *restrictions) { if (restrictions != NULL) { free(restrictions); } } int ssl_proxy_restrictions_set_lifetime(SSL_PROXY_RESTRICTIONS *restrictions, const long lifetime) { int return_value = SSL_ERROR; /* Check arguments */ if (restrictions == NULL) { verror_put_errno(EINVAL); goto error; } if (lifetime < 0L) { verror_put_errno(EINVAL); goto error; } /* OK */ restrictions->lifetime = lifetime; return_value = SSL_SUCCESS; /* keep minimum lifetime at 5min for clock skew issues */ if (restrictions->lifetime > 0 && restrictions->lifetime < MYPROXY_DEFAULT_CLOCK_SKEW) { restrictions->lifetime = MYPROXY_DEFAULT_CLOCK_SKEW; } error: return return_value; } int ssl_proxy_restrictions_set_limited(SSL_PROXY_RESTRICTIONS *restrictions, const int limited) { int return_value = SSL_ERROR; /* Check arguments */ if (restrictions == NULL) { verror_put_errno(EINVAL); goto error; } if (limited < 0) { verror_put_errno(EINVAL); goto error; } /* OK */ restrictions->limited_proxy = limited; return_value = SSL_SUCCESS; error: return return_value; } int ssl_get_base_subject_file(const char *proxyfile, char **subject) { SSL_CREDENTIALS *creds = NULL; int return_value = -1; char path[MAXPATHLEN]; if (proxyfile == NULL) { char *user_cert = NULL; GLOBUS_GSI_SYSCONFIG_GET_PROXY_FILENAME(&user_cert, GLOBUS_PROXY_FILE_INPUT); if (user_cert == NULL) { GLOBUS_GSI_SYSCONFIG_GET_USER_CERT_FILENAME(&user_cert, NULL); if (user_cert == NULL) { verror_put_string("Unable to locate certificate to determine " "subject name."); goto error; } } strncpy(path, user_cert, sizeof(path) - 1); free(user_cert); } else { strncpy(path, proxyfile, sizeof(path) - 1); } creds = ssl_credentials_new(); if (ssl_certificate_load_from_file(creds, path) != SSL_SUCCESS) goto error; if (ssl_get_base_subject(creds, subject) != SSL_SUCCESS) goto error; return_value = 0; error: if (creds) ssl_credentials_destroy(creds); return return_value; } int ssl_get_base_subject(SSL_CREDENTIALS *creds, char **subject) { char client[1024]; X509_NAME *client_subject = NULL; client_subject = X509_NAME_dup(X509_get_subject_name(creds->certificate)); if (client_subject == NULL) { return SSL_ERROR; } sk_X509_unshift(creds->certificate_chain, creds->certificate); globus_gsi_cert_utils_get_base_name(client_subject, creds->certificate_chain); (void)sk_X509_shift(creds->certificate_chain); X509_NAME_oneline(client_subject, client, sizeof(client)); *subject = strdup(client); X509_NAME_free(client_subject); return SSL_SUCCESS; } int ssl_creds_to_buffer(SSL_CREDENTIALS *creds, unsigned char **buffer, int *buffer_length) { BIO *bio = NULL; if (creds_to_bio(creds, &bio) == SSL_ERROR) return SSL_ERROR; if (bio_to_buffer(bio, buffer, buffer_length) == SSL_ERROR) { BIO_free(bio); return SSL_ERROR; } BIO_free(bio); return SSL_SUCCESS; } int ssl_creds_from_buffer(unsigned char *buffer, int buffer_length, SSL_CREDENTIALS **creds) { BIO *bio = NULL; bio = bio_from_buffer(buffer, buffer_length); if (bio == NULL) return SSL_ERROR; if (creds_from_bio(bio, creds) == SSL_ERROR) { BIO_free(bio); return SSL_ERROR; } BIO_free(bio); return SSL_SUCCESS; } int ssl_creds_certificate_is_proxy(SSL_CREDENTIALS *creds) { int return_status = -1; globus_result_t local_result; globus_gsi_cert_utils_cert_type_t cert_type; my_init(); local_result = globus_gsi_cert_utils_get_cert_type(creds->certificate, &cert_type); if (local_result != GLOBUS_SUCCESS) { verror_put_string("globus_gsi_cert_utils_get_cert_type() failed"); globus_error_to_verror(local_result); goto error; } if (GLOBUS_GSI_CERT_UTILS_IS_PROXY(cert_type)) { return_status = 1; /* certificate is proxy */ } else { return_status = 0; /* certificate is not proxy */ } error: return return_status; } int ssl_sign(unsigned char *data, int length, SSL_CREDENTIALS *creds, unsigned char **signature, int *signature_len, const EVP_MD *md) { EVP_MD_CTX *ctx = EVP_MD_CTX_create(); *signature = malloc(EVP_PKEY_size(creds->private_key)); if (*signature == NULL) { verror_put_string("malloc()"); verror_put_errno(errno); return SSL_ERROR; } EVP_SignInit(ctx, md); EVP_SignUpdate(ctx, (void *)data, length); if (EVP_SignFinal(ctx, *signature, (unsigned int *)signature_len, creds->private_key) != 1) { verror_put_string("Creating signature (EVP_SignFinal())"); ssl_error_to_verror(); free(*signature); *signature = NULL; EVP_MD_CTX_destroy(ctx); return SSL_ERROR; } EVP_MD_CTX_destroy(ctx); return SSL_SUCCESS; } int ssl_verify(unsigned char *data, int length, SSL_CREDENTIALS *creds, unsigned char *signature, int signature_len, const EVP_MD *md) { EVP_MD_CTX *ctx = EVP_MD_CTX_create(); EVP_PKEY *pubkey = NULL; EVP_VerifyInit(ctx, md); EVP_VerifyUpdate(ctx, (void*) data, length); pubkey = X509_get_pubkey(creds->certificate); if (EVP_VerifyFinal(ctx, signature, signature_len, pubkey) != 1 ) { verror_put_string("Verifying signature (EVP_VerifyFinal())"); ssl_error_to_verror(); EVP_MD_CTX_destroy(ctx); EVP_PKEY_free(pubkey); return SSL_ERROR; } EVP_MD_CTX_destroy(ctx); EVP_PKEY_free(pubkey); return SSL_SUCCESS; } /* Chain verifying is inspired by proxy_verify_chain() from GSI. */ int ssl_verify_gsi_chain(SSL_CREDENTIALS *chain) { int return_status = SSL_ERROR; int i,j; char *certdir = NULL; X509 *cert = NULL, *issuer = NULL; X509_LOOKUP *lookup = NULL; X509_STORE *cert_store = NULL; X509_STORE_CTX *csc; SSL *ssl = NULL; SSL_CTX *sslContext = NULL; globus_result_t res; int callback_data_index; globus_gsi_cert_utils_cert_type_t cert_type; globus_gsi_callback_data_t callback_data = NULL; csc = X509_STORE_CTX_new(); cert_store=X509_STORE_new(); if (chain->certificate_chain != NULL) { for (i = 0; i < sk_X509_num(chain->certificate_chain); i++) { cert = sk_X509_value(chain->certificate_chain, i); j = X509_STORE_add_cert(cert_store, cert); if (!j) { if ((ERR_GET_REASON(ERR_peek_error()) == X509_R_CERT_ALREADY_IN_HASH_TABLE)) { ERR_clear_error(); break; } else { verror_put_string("X509_STORE_add_cert()"); ssl_error_to_verror(); goto end; } } } } lookup = X509_STORE_add_lookup(cert_store, X509_LOOKUP_hash_dir()); if (lookup == NULL) { verror_put_string("X509_STORE_add_lookup()"); ssl_error_to_verror(); goto end; } res = GLOBUS_GSI_SYSCONFIG_GET_CERT_DIR(&certdir); if (res != GLOBUS_SUCCESS) { verror_put_string("failed to find GSI CA cert directory"); globus_error_to_verror(res); goto end; } X509_LOOKUP_add_dir(lookup, certdir, X509_FILETYPE_PEM); X509_STORE_CTX_init(csc, cert_store, chain->certificate, NULL); #if (OPENSSL_VERSION_NUMBER >= 0x10100000L) sslContext = SSL_CTX_new(TLS_server_method()); #else sslContext = SSL_CTX_new(SSLv23_server_method()); #endif if (sslContext == NULL) { verror_put_string("Initializing SSL_CTX"); ssl_error_to_verror(); goto end; } #if (OPENSSL_VERSION_NUMBER >= 0x10100000L) SSL_CTX_set_min_proto_version(sslContext, TLS1_VERSION); #else SSL_CTX_set_options(sslContext, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3); #endif SSL_CTX_set_purpose(sslContext, X509_PURPOSE_ANY); ssl = SSL_new(sslContext); if (ssl == NULL) { verror_put_string("Initializing SSL"); ssl_error_to_verror(); goto end; } /* override the check_issued with our version */ #if OPENSSL_VERSION_NUMBER < 0x10100000L csc->check_issued = globus_gsi_callback_check_issued; #else X509_STORE_set_check_issued(X509_STORE_CTX_get0_store(csc), globus_gsi_callback_check_issued); #endif X509_STORE_CTX_set_app_data(csc, (void*)ssl); X509_STORE_CTX_set_depth(csc, 100); /* allow more than 9 certs in chain */ #if defined(X509_V_FLAG_ALLOW_PROXY_CERTS) X509_STORE_CTX_set_flags(csc, X509_V_FLAG_ALLOW_PROXY_CERTS); #endif globus_gsi_callback_data_init(&callback_data); globus_gsi_callback_set_cert_dir(callback_data, certdir); globus_gsi_callback_get_X509_STORE_callback_data_index(&callback_data_index); X509_STORE_CTX_set_ex_data(csc, callback_data_index, (void *)callback_data); X509_STORE_CTX_set_verify_cb(csc, globus_gsi_callback_create_proxy_callback); /* check OCSP status of the EEC */ if (globus_gsi_cert_utils_get_cert_type(chain->certificate, &cert_type) != GLOBUS_SUCCESS) { verror_put_string("globus_gsi_cert_utils_get_cert_type() failed"); goto end; } if (!GLOBUS_GSI_CERT_UTILS_IS_PROXY(cert_type)) { cert = chain->certificate; } else { for (i = 0; i < sk_X509_num(chain->certificate_chain); i++) { cert = sk_X509_value(chain->certificate_chain, i); if (globus_gsi_cert_utils_get_cert_type(cert, &cert_type) != GLOBUS_SUCCESS) { verror_put_string("globus_gsi_cert_utils_get_cert_type() failed"); goto end; } if (!GLOBUS_GSI_CERT_UTILS_IS_PROXY(cert_type)) { break; } } } if (X509_STORE_CTX_get1_issuer(&issuer, csc, cert) != 1) { verror_put_string("X509_STORE_CTX_get1_issuer() failed"); ssl_error_to_verror(); goto end; } if(X509_verify_cert(csc) != 1) { verror_put_string("X509_verify_cert() failed: %s", (char *)X509_verify_cert_error_string(X509_STORE_CTX_get_error(csc))); goto end; } if (myproxy_ocsp_verify(cert, issuer) == 1) { verror_put_string("OCSP says EEC is revoked!"); goto end; } return_status = SSL_SUCCESS; end: X509_STORE_CTX_free(csc); if (issuer) X509_free(issuer); if (ssl) SSL_free(ssl); if (sslContext) SSL_CTX_free(sslContext); if (certdir) free(certdir); if (cert_store) X509_STORE_free(cert_store); globus_gsi_callback_data_destroy(callback_data); return return_status; } int ssl_limited_proxy_chain(SSL_CREDENTIALS *chain) { X509 *cert = NULL; globus_gsi_cert_utils_cert_type_t cert_type; int i; if (globus_gsi_cert_utils_get_cert_type(chain->certificate, &cert_type) != GLOBUS_SUCCESS) { verror_put_string("globus_gsi_cert_utils_get_cert_type() failed"); return -1; } if (GLOBUS_GSI_CERT_UTILS_IS_LIMITED_PROXY(cert_type)) { return 1; } for (i = 0; i < sk_X509_num(chain->certificate_chain); i++) { cert = (X509 *)sk_X509_value(chain->certificate_chain, i); if (globus_gsi_cert_utils_get_cert_type(cert, &cert_type) != GLOBUS_SUCCESS) { verror_put_string("globus_gsi_cert_utils_get_cert_type() failed"); return -1; } if (GLOBUS_GSI_CERT_UTILS_IS_LIMITED_PROXY(cert_type)) { return 1; } } return 0; } int ssl_limited_proxy_file(const char path[]) { SSL_CREDENTIALS *creds = NULL; int return_value = -1; creds = ssl_credentials_new(); if (ssl_certificate_load_from_file(creds, path) != SSL_SUCCESS) goto error; return_value = ssl_limited_proxy_chain(creds); error: if (creds) ssl_credentials_destroy(creds); return return_value; } int ssl_get_times(const char *path, time_t *not_before, time_t *not_after) { FILE *cert_file = NULL; X509 *cert = NULL; char *tz = NULL; assert(path != NULL); my_init(); cert_file = fopen(path, "r"); if (cert_file == NULL) { verror_put_string("Failure opening file \"%s\"", path); verror_put_errno(errno); return -1; } if (not_before) *not_before = 0; if (not_after) *not_after = 0; tz = getenv("TZ"); setenv("TZ", "", 1); tzset(); while ((cert = PEM_read_X509(cert_file, NULL, PEM_NO_CALLBACK)) != NULL) { if (not_before) { time_t new_not_before; globus_gsi_cert_utils_make_time(X509_get_notBefore(cert), &new_not_before); if (*not_before == 0 || *not_before < new_not_before) { *not_before = new_not_before; } } if (not_after) { time_t new_not_after; globus_gsi_cert_utils_make_time(X509_get_notAfter(cert), &new_not_after); if (*not_after == 0 || *not_after > new_not_after) { *not_after = new_not_after; } } X509_free(cert); cert = NULL; } if (tz) setenv("TZ", tz, 1); else unsetenv("TZ"); tzset(); fclose(cert_file); ERR_clear_error(); /* clear EOF error */ return 0; } int ssl_verify_cred(const char path[]) { SSL_CREDENTIALS *ssl_creds = NULL; /* Do the certificates check out with OpenSSL? */ if ((ssl_creds = ssl_credentials_new()) == NULL || ssl_certificate_load_from_file(ssl_creds, path) != SSL_SUCCESS || ssl_verify_gsi_chain(ssl_creds) != SSL_SUCCESS) { ssl_credentials_destroy(ssl_creds); return -1; } ssl_credentials_destroy(ssl_creds); return 0; } myproxy-6.2.16/myproxy-certreq-checker0000755000175100017510000000141114557142036015006 00000000000000#!/bin/sh # example certificate_request_checker script # pull certreq from stdin to shell variable certreq=`openssl req -text` # check for blacklisted Debian keys blacklist=`ls /usr/local/openssl-blacklist/blacklist.RSA-*` tag=`echo "$certreq" | \ openssl req -noout -modulus|sha1sum|cut -d ' ' -f 1|cut -c21-41` if [ `cat $blacklist | grep -c $tag` -ne 0 ]; then echo "known weak Debian key in certificate request" 1>&2 exit 1 fi # check for weak exponents exponent=`echo "$certreq" | \ openssl req -noout -pubkey | \ openssl rsa -pubin -text -noout | \ grep Exponent | awk '{print $2}'` if [ "$exponent" -lt 65537 ]; then echo "weak exponent ($exponent < 65537) in certificate request" 1>&2 exit 1 fi # all done exit 0 myproxy-6.2.16/myproxy-admin-adduser0000755000175100017510000001450314557142036014462 00000000000000#!/usr/bin/perl # myproxy admin adduser/addservice script # generates a certificate request using grid-cert-request # signs the request using grid-ca-sign # and stores the credential in the repository using # myproxy-admin-load-credential use File::Temp qw(tempdir); use File::Basename; use IPC::Open3; # check for program dependencies chomp($grid_cert_request = `which grid-cert-request 2>/dev/null`); if (!(-x $grid_cert_request)) { print STDERR "Error: grid-cert-request not found.\n"; exit 1; } chomp($grid_ca_sign = `which grid-ca-sign 2>/dev/null`); if (!(-x $grid_ca_sign)) { print STDERR "Error: grid-ca-sign not found.\n"; print STDERR "Is the Simple CA package installed?\n"; exit 1; } chomp($mpalc = `which myproxy-admin-load-credential 2>/dev/null`); if (!(-x $mpalc)) { print STDERR "Error: myproxy-admin-load-credential not found.\n"; print STDERR "Is MyProxy installed in $ENV{GLOBUS_LOCATION}?\n"; exit 1; } chomp($grid_cert_info = `which grid-cert-info 2>/dev/null`); if (!(-x $grid_cert_info)) { print STDERR "Error: grid-cert-info not found.\n"; exit 1; } $cmdname = basename($0); # handle arguments use Getopt::Long; our ($opt_h, $opt_u, $opt_v, $opt_c, $opt_p, $opt_s, $opt_l, $opt_t, $opt_a, $opt_A, $opt_x, $opt_X, $opt_r, $opt_R, $opt_n, $opt_d, $opt_k, $opt_K, $opt_Z, $opt_E); $result = GetOptions('h', 'u', 'v', 'c=s', 'p=s', 'l=s', 't=i', 'a', 'A', 'x', 'X', 'r=s', 'R=s', 'n', 'd', 'k=s', 'K=s', 'Z=s', 'E=s'); if ((!$result) || $opt_h || $opt_u) { print STDERR <<"EOF"; Syntax: $0 [-c cn] [-l username] ... $0 [-usage|-help] Options -h Displays usage -u -v Display debugging messages -c Common Name for new credential -s Credential storage directory -l Credential username -t Max. lifetime of delegated proxies -p Set CA private key password using openssl format (see the PASS PHRASE ARGUMENTS section in the openssl(1) man page) -a Allow credentials to be retrieved with just username/passphrase -A Allow credentials to be renewed by any client (not recommended) -x Set regular expression matching mode for following policy options -X Set CN matching mode (default) for following policy options -r Allow specified entity to retrieve credential -R Allow specified entity to renew credential -Z Allow specified entity to retrieve credential w/o passphrase -E Allow specified entity to retrieve credential key -n Disable passphrase authentication -d Use the proxy certificate subject as username -k Specifies credential name -K Specifies credential description EOF exit(1); } #grid-cert-request if (!$opt_c) { print "Enter common name for the certificate: "; chop($opt_c = ); } $tmp_dir_name = tempdir("myproxy_adduser_XXXXXX", TMPDIR => 1, CLEANUP => 1); $prefix="myproxy_adduser_"; $certfile = "${tmp_dir_name}/${prefix}cert.pem"; $reqfile = "${tmp_dir_name}/${prefix}cert_request.pem"; $keyfile = "${tmp_dir_name}/${prefix}key.pem"; if ($opt_v) { print "temporary directory is: $tmp_dir_name\n"; } @args = ("grid-cert-request", "-cn", $opt_c, "-prefix", $prefix, "-dir", $tmp_dir_name, "-force"); push(@args, "-nopassphrase") if ($opt_n); &runcmd(@args); #grid-ca-sign @args = ("grid-ca-sign", "-in", $reqfile, "-out", $certfile, "-force"); if ($opt_p) { push(@args, "-passin"); push(@args, $opt_p); } if ($opt_v) { print "running command:\n@args\n"; } if (system(@args)) { print STDERR "grid-ca-sign failed.\n"; &cleanup(); exit 1; } #myproxy-alcf if (!$opt_l && !$opt_d) { print "Enter username [use DN by default]: "; chop ($opt_l = ); if (length $opt_l == 0) { $opt_d = 1; } } @args = ("myproxy-admin-load-credential", "-c", $certfile, "-y", $keyfile); if ($opt_s) { push(@args, "-s"); push(@args, $opt_s); } if ($opt_l) { push(@args, "-l"); push(@args, $opt_l); } if ($opt_t) { push(@args, "-t"); push(@args, $opt_t); } push(@args, "-a") if ($opt_a); push(@args, "-A") if ($opt_A); push(@args, "-x") if ($opt_x); push(@args, "-X") if ($opt_X); if ($opt_r) { push(@args, "-r"); push(@args, $opt_r); } if ($opt_R) { push(@args, "-R"); push(@args, $opt_R); } if ($opt_Z) { push(@args, "-Z"); push(@args, $opt_Z); } if ($opt_E) { push(@args, "-E"); push(@args, $opt_E); } elsif ($cmdname eq "myproxy-admin-addservice") { push(@args, "-x"); push(@args, "-E"); push(@args, "\*"); } push(@args, "-d") if ($opt_d); if ($opt_k) { push(@args, "-k"); push(@args, $opt_k); } elsif ($opt_c && $cmdname eq "myproxy-admin-addservice") { push(@args, "-k"); push(@args, $opt_c); } if ($opt_K) { push(@args, "-K"); push(@args, $opt_K); } if ($opt_v) { print "running command:\n@args\n"; } if (system(@args)) { print STDERR "myproxy-admin-load-credential failed.\n"; &cleanup(); exit 1; } print "Certificate subject is:\n"; @args = ("grid-cert-info", "-subject", "-file", $certfile); system(@args); &cleanup(); exit 0; sub cleanup { unlink($certfile) if (defined($certfile)); unlink($reqfile) if (defined($reqfile)); if (defined($keyfile)) { &wipefile($keyfile); unlink($keyfile); } # temporary directory is automatically removed by File::Temp } sub wipefile { local($filename) = @_; $size = (stat($filename))[7]; return if (!defined($size) || !$size); return if (!open(WIPEFILE, '>', $filename)); for ($i = 0; $i < $size; $i++) { print WIPEFILE "\0"; } close(WIPEFILE); } sub runcmd { @args = @_; if ($opt_v) { print "running command:\n@args\n"; } $pid = open3(*Writer, *Reader, '', @args); close(Writer); @output = ; $output = join('', @output); close(Reader); waitpid($pid, 0); if ($?) { print STDERR $args[0], " failed:\n"; print STDERR $output; exit 1; } elsif ($opt_v) { print "command output:\n$output\n"; } } myproxy-6.2.16/myproxy_server.c0000644000175100017510000024257014557142036013562 00000000000000/* * myproxy-server * * program to store user's delegated credentials for later retrieval */ #include "myproxy_common.h" /* all needed headers included here */ #ifndef MAXPATHLEN #define MAXPATHLEN 4096 #endif #ifndef MIN #define MIN(x,y) ((x) < (y) ? (x) : (y)) #endif int have_voms = 0; void (*get_voms_proxy_impl)(); static char usage[] = \ "\n"\ "Syntax: myproxy-server [-p|-port #] [-c config-file] [-s storage-dir] ...\n"\ " myproxy-server [-h|-help] [-version]\n"\ "\n"\ " Options\n"\ " -h | --help Displays usage\n"\ " -u | --usage \n"\ " \n"\ " -v | --verbose Display debugging messages\n"\ " -V | --version Displays version\n"\ " -d | --debug Run in debug mode (don't fork)\n"\ " -c | --config Specifies configuration file to use\n"\ " -l | --listen Specifies hostname/ip to listen to\n"\ " -p | --port Specifies the port to run on\n"\ " -P | --pidfile Specifies a file to write the pid to\n"\ " -z | --portfile Specifies a file to write the port to\n"\ " -s | --storage Specifies the credential storage directory\n"\ "\n"; struct option long_options[] = { {"debug", no_argument, NULL, 'd'}, {"help", no_argument, NULL, 'h'}, {"listen", required_argument, NULL, 'l'}, {"port", required_argument, NULL, 'p'}, {"pidfile", required_argument, NULL, 'P'}, {"portfile", required_argument, NULL, 'z'}, {"config", required_argument, NULL, 'c'}, {"storage", required_argument, NULL, 's'}, {"usage", no_argument, NULL, 'u'}, {"verbose", no_argument, NULL, 'v'}, {"version", no_argument, NULL, 'V'}, {0, 0, 0, 0} }; static char short_options[] = "dhc:l:p:P:z:s:vVuD:"; static char version[] = "myproxy-server version " MYPROXY_VERSION " (" MYPROXY_VERSION_DATE ") " "\n"; /* Signal handling */ typedef void Sigfunc(int); Sigfunc *my_signal(int signo, Sigfunc *func); void sig_exit(int signo); void sig_chld(int signo); void sig_hup(int signo); void sig_ign(int signo); /* Function declarations */ int init_arguments(int argc, char *argv[], myproxy_socket_attrs_t *server_attrs, myproxy_server_context_t *server_context); int myproxy_init_server(myproxy_socket_attrs_t *server_attrs); int handle_config(myproxy_server_context_t *server_context); int handle_client(myproxy_socket_attrs_t *server_attrs, myproxy_server_context_t *server_context); void respond_with_error_and_die(myproxy_socket_attrs_t *attrs, const char *error, myproxy_server_context_t *context); void send_response(myproxy_socket_attrs_t *server_attrs, myproxy_response_t *response, char *client_name, int ignore_net_error); void get_proxy(myproxy_socket_attrs_t *server_attrs, myproxy_creds_t *creds, myproxy_request_t *request, myproxy_response_t *response, int max_proxy_lifetime); void put_proxy(myproxy_socket_attrs_t *server_attrs, myproxy_creds_t *creds, myproxy_response_t *response, int max_cred_lifetime); void info_proxy(myproxy_creds_t *creds, myproxy_response_t *response); void destroy_proxy(myproxy_creds_t *creds, myproxy_response_t *response); void change_passwd(myproxy_creds_t *creds, char *new_passphrase, myproxy_response_t *response); static void failure(const char *failure_message); static void my_failure(const char *failure_message); static void my_failure_chld(const char *failure_message); static char *timestamp(void); static int become_daemon_step1(void); static int become_daemon_step2(void); static int become_daemon_step3(char); static void write_pfile(const char path[], long val); static int myproxy_check_policy(myproxy_server_context_t *context, myproxy_socket_attrs_t *attrs, myproxy_server_peer_t *client, const char *policy_name, const char **server_policy, const char *credential_policy, const char **default_credential_policy); static int myproxy_authorize_accept(myproxy_server_context_t *context, myproxy_socket_attrs_t *attrs, myproxy_request_t *client_request, myproxy_server_peer_t *client); /* returns 1 if passphrase matches, 0 otherwise */ static int verify_passphrase(struct myproxy_creds *creds, myproxy_request_t *client_request, char *client_name, myproxy_server_context_t* config); /* returns -1 if authentication failed, 0 if authentication succeeded, 1 if certificate-based (renewal) authentication succeeded */ static int authenticate_client(myproxy_socket_attrs_t *attrs, struct myproxy_creds *creds, myproxy_request_t *client_request, char *client_name, myproxy_server_context_t* config, int already_authenticated, int allowed_to_renew); /* Delegate requested credentials to the client */ void get_credentials(myproxy_socket_attrs_t *attrs, myproxy_creds_t *creds, myproxy_request_t *request, myproxy_response_t *response, int max_proxy_lifetime); /* Accept end-entity credentials from client */ void put_credentials(myproxy_socket_attrs_t *attrs, myproxy_creds_t *creds, myproxy_response_t *response, int max_cred_lifetime); /* Helper function for put_proxy() and put_credentials() */ void check_and_store_credentials(const char path[], myproxy_creds_t *creds, myproxy_response_t *response, int max_cred_lifetime); static int debug = 0; static int readconfig = 1; /* do we need to read config file? */ static int cleanshutdown = 0; /* should we shutdown? */ static int caonly = 0; /* CA-only mode */ static int startup_pipe[2]; static int listenfd = -1; int main(int argc, char *argv[]) { pid_t childpid, otherpid; struct sockaddr_storage client_addr; socklen_t client_addr_len = sizeof(client_addr); sigset_t mysigset; struct pidfh *pfh = NULL; void * voms_lib_handle; myproxy_socket_attrs_t *socket_attrs; myproxy_server_context_t *server_context; /* check library version */ if (myproxy_check_version()) { fprintf(stderr, "MyProxy library version mismatch.\n" "Expecting %s. Found %s. Exiting.\n", MYPROXY_VERSION_DATE, myproxy_version(0,0,0)); exit(1); } voms_lib_handle = dlopen("libmyproxy_voms.so", RTLD_LAZY|RTLD_LOCAL); if (voms_lib_handle != NULL) { have_voms = 1; get_voms_proxy_impl = dlsym(voms_lib_handle, "get_voms_proxy"); } socket_attrs = malloc(sizeof(*socket_attrs)); memset(socket_attrs, 0, sizeof(*socket_attrs)); server_context = malloc(sizeof(*server_context)); memset(server_context, 0, sizeof(*server_context)); sigemptyset(&mysigset); /* Set context defaults */ server_context->run_as_daemon = 1; if (init_arguments(argc, argv, socket_attrs, server_context) < 0) { fprintf(stderr, "%s", usage); exit(1); } /* * Test to see if we're run out of inetd * If so, then stdin will be connected to a socket, * so getpeername() will succeed. * If we're not run out of inetd, do the proper daemon setup * by calling become_daemon_step1(), but save the daemon fork() * in become_daemon_step2() until after some sanity checks. */ if (getpeername(fileno(stdin), (struct sockaddr *) &client_addr, &client_addr_len) < 0) { server_context->run_as_daemon = 1; if (!debug) { if (become_daemon_step1() < 0) { fprintf(stderr, "Error starting daemon. Exiting.\n"); exit(1); } } } else { server_context->run_as_daemon = 0; close(1); (void) open("/dev/null",O_WRONLY); } /* Initialize Logging */ if (debug) { myproxy_debug_set_level(1); myproxy_log_use_stream(stderr); } else { myproxy_log_use_syslog(LOG_DAEMON, server_context->my_name); } /* * Logging initialized: For here on use myproxy_log functions * instead of fprintf() and ilk. */ myproxy_log("myproxy-server %s starting at %s", myproxy_version(0,0,0), timestamp()); /* If process is killed or Ctrl-C */ my_signal(SIGTERM, sig_exit); sigaddset(&mysigset, SIGTERM); my_signal(SIGINT, sig_exit); sigaddset(&mysigset, SIGINT); /* Read my configuration */ if (handle_config(server_context) < 0) { myproxy_log_verror(); myproxy_log("Exiting."); exit(1); } /* Make sure all's well with the storage directory. */ if (myproxy_check_storage_dir() == -1) { myproxy_log_verror(); if (is_certificate_authority_configured(server_context)) { myproxy_log("No valid storage directory found. Running in CA-only mode."); verror_clear(); caonly = 1; } else { myproxy_log("Exiting. Please fix errors with storage directory and restart."); exit(1); } } if(server_context->certificate_openssl_engine_id) { if(!initialise_openssl_engine(server_context)) { myproxy_log_verror(); my_failure("Could not initialise OpenSSL engine."); } } if (!server_context->run_as_daemon) { server_context->usage.client_ip[0] = '\0'; getnameinfo((struct sockaddr *)&client_addr, sizeof(client_addr), server_context->usage.client_ip, sizeof(server_context->usage.client_ip), NULL, 0, NI_NUMERICHOST); myproxy_log("Connection from %s", server_context->usage.client_ip); socket_attrs->socket_fd = fileno(stdin); if (handle_client(socket_attrs, server_context) < 0) { my_failure("error in handle_client()"); } } else { /* Initialize the server before becoming a daemon to catch errors before exit of parent process. */ listenfd = myproxy_init_server(socket_attrs); /* Run as a daemon */ if (!debug) { if (become_daemon_step2() < 0) { my_failure("Error forking daemon. Exiting.\n"); } } /* no exit() allowed before become_daemon_step3() call */ if (getuid() == 0 && !server_context->pidfile) { server_context->pidfile = "/run/myproxy.pid"; } if (server_context->pidfile) { /* It'd be nice to call pidfile_open() before forking the daemon process, but we'd lose our POSIX file lock on the pidfile when the original process exits, so we create/lock/write pidfile here after forking a new daemon process. */ pfh = pidfile_open(server_context->pidfile, 0600, &otherpid); if (pfh == NULL) { if (errno == EEXIST) { myproxy_log("Daemon already running, pid=%ld, pidfile=%s.\n" "Use the -P option to run multiple " "myproxy-server instances with different pidfiles.", (long)otherpid, server_context->pidfile); if (!debug) become_daemon_step3(1); /* notify parent */ exit(1); } /* If we cannot create pidfile from other reasons, only warn. */ myproxy_log("Cannot open or create pidfile %s", server_context->pidfile); } } if (pfh) pidfile_write(pfh); if (server_context->portfile) { write_pfile(server_context->portfile, socket_attrs->psport); } /* Set up signal handling to deal with zombie processes left over */ my_signal(SIGCHLD, sig_chld); sigaddset(&mysigset, SIGCHLD); /* Re-read configuration file on SIGHUP */ my_signal(SIGHUP, sig_hup); sigaddset(&mysigset, SIGHUP); if (!debug) { become_daemon_step3(0); /* all done with initialization */ } /* Set up concurrent server */ while (1) { /* make sure Globus hasn't blocked signals we care about */ #ifdef HAVE_PTHREAD_SIGMASK pthread_sigmask(SIG_UNBLOCK, &mysigset, NULL); #else sigprocmask(SIG_UNBLOCK, &mysigset, NULL); #endif socket_attrs->socket_fd = accept(listenfd, (struct sockaddr *) &client_addr, &client_addr_len); if (cleanshutdown) goto parent_exit; if (handle_config(server_context) < 0) { myproxy_log_verror(); my_failure("error in handle_config()"); } if (socket_attrs->socket_fd < 0) { if (errno == EINTR) { continue; } else { myproxy_log_perror("Error in accept()"); continue; } } if (!debug) { childpid = fork(); if (childpid < 0) { /* check for error */ myproxy_log_perror("Error in fork"); close(socket_attrs->socket_fd); } else if (childpid != 0) { /* Parent */ /* parent closes connected socket */ close(socket_attrs->socket_fd); continue; /* while(1) */ } /* child process */ server_context->usage.client_ip[0] = '\0'; getnameinfo((struct sockaddr *)&client_addr, sizeof(client_addr), server_context->usage.client_ip, sizeof(server_context->usage.client_ip), NULL, 0, NI_NUMERICHOST); myproxy_log("Connection from %s", server_context->usage.client_ip); close(0); close(1); if (!debug) { close(2); } close(listenfd); if (pfh) pidfile_close(pfh); if (server_context->request_timeout == 0) { alarm(MYPROXY_DEFAULT_TIMEOUT); } else if (server_context->request_timeout > 0) { alarm(server_context->request_timeout); } } my_signal(SIGCHLD, SIG_DFL); if (handle_client(socket_attrs, server_context) < 0) { my_failure_chld("error in handle_client()"); } _exit(0); } } parent_exit: pidfile_remove(pfh); return 0; } int handle_config(myproxy_server_context_t *server_context) { if (readconfig) { if (myproxy_server_config_read(server_context) == -1) { return -1; } readconfig = 0; /* reset the flag now that we've read it */ /* Check to see if config file had syslog_ident or syslog_facility specified. If so, then re-open the syslog with the new name. */ if ((!debug) && ((server_context->syslog_ident != NULL) || (server_context->syslog_facility != LOG_DAEMON))) { closelog(); if (server_context->syslog_ident != NULL) { myproxy_log_use_syslog(server_context->syslog_facility, server_context->syslog_ident); } else { myproxy_log_use_syslog(server_context->syslog_facility, server_context->my_name); } } /* * set up gridmap file if explicitly defined. * if not, default to the usual place, but do not over write * the env var if previously defined. */ if ( server_context->certificate_mapfile != NULL ) { setenv( "GRIDMAP", server_context->certificate_mapfile, 1 ); } else { setenv( "GRIDMAP", "/etc/grid-security/grid-mapfile", 0 ); } } return 0; } int handle_client(myproxy_socket_attrs_t *attrs, myproxy_server_context_t *context) { myproxy_server_peer_t client; char *client_buffer = NULL; int requestlen; int use_ca_callout = 0; int found_auth_cred = 0; int num_auth_creds = 0; char *command_name = NULL; myproxy_creds_t *client_creds; myproxy_creds_t *all_creds; myproxy_creds_t *cur_cred; myproxy_request_t *client_request; myproxy_response_t *server_response; client_creds = malloc(sizeof(*client_creds)); memset(client_creds, 0, sizeof(*client_creds)); client_request = malloc(sizeof(*client_request)); memset(client_request, 0, sizeof(*client_request)); server_response = malloc(sizeof(*server_response)); memset(server_response, 0, sizeof(*server_response)); memset(&client, 0, sizeof(client)); /* Create a new gsi socket */ attrs->gsi_socket = GSI_SOCKET_new(attrs->socket_fd); if (attrs->gsi_socket == NULL) { myproxy_log_perror("GSI_SOCKET_new()"); return -1; } if (context->request_size_limit > 0) { GSI_SOCKET_set_max_token_len(attrs->gsi_socket, context->request_size_limit); } /* Authenticate server to client and get DN of client */ if (myproxy_authenticate_accept_fqans(attrs, client.name, sizeof(client.name), &client.fqans) < 0) { /* Client_name may not be set on error so don't use it. */ myproxy_log_verror(); respond_with_error_and_die(attrs, "authentication failed", context); } /* Log client name */ myproxy_log("Authenticated client %s", client.name); if (client.fqans && *client.fqans) { char **attributes = client.fqans; myproxy_debug("Client's attributes: "); while (attributes && *attributes) { myproxy_debug("%s", *attributes); attributes++; } } /* Receive client request */ requestlen = myproxy_recv_ex(attrs, &client_buffer); if (requestlen <= 0) { myproxy_log_verror(); respond_with_error_and_die(attrs, "Error in myproxy_recv_ex()", context); } /* Deserialize client request */ if (myproxy_deserialize_request(client_buffer, requestlen, client_request) < 0) { myproxy_log_verror(); respond_with_error_and_die(attrs, "error parsing request", context); } free(client_buffer); client_buffer = NULL; /* Set response OK unless error... */ server_response->response_type = MYPROXY_OK_RESPONSE; /* Log received client request. We log before the authorization * check, so we have the request info for troubleshooting purposes * even if the request is denied. */ switch (client_request->command_type) { case MYPROXY_GET_PROXY: command_name = "GET"; break; case MYPROXY_RETRIEVE_CERT: command_name = "RETRIEVE"; break; case MYPROXY_PUT_PROXY: command_name = "PUT"; break; case MYPROXY_INFO_PROXY: command_name = "INFO"; break; case MYPROXY_DESTROY_PROXY: command_name = "DESTROY"; break; case MYPROXY_CHANGE_CRED_PASSPHRASE: command_name = "CHANGE_CRED_PASSPHRASE"; break; case MYPROXY_STORE_CERT: command_name = "STORE"; break; case MYPROXY_GET_TRUSTROOTS: command_name = "GET TRUSTROOTS"; break; default: myproxy_log("Received UNKNOWN command: %d", client_request->command_type); respond_with_error_and_die(attrs, "UNKNOWN command in request.\n", context); } if (client_request->username && client_request->username[0]) { myproxy_log("Received %s request for username %s", command_name, client_request->username); } else { myproxy_log("Received %s request", command_name); } if (client_request->credname != NULL) { myproxy_debug(" Credname: %s", client_request->credname); } if (client_request->proxy_lifetime) { myproxy_debug(" Requested lifetime: %d seconds", client_request->proxy_lifetime); if (client_request->proxy_lifetime < 0) { /* integer overflow */ myproxy_log("requested lifetime is negative. setting to 0 instead."); client_request->proxy_lifetime = 0; } } if (client_request->retrievers != NULL) { myproxy_debug(" Retriever policy: %s", client_request->retrievers); } if (client_request->renewers != NULL) { myproxy_debug(" Renewer policy: %s", client_request->renewers); } if (client_request->keyretrieve != NULL) { myproxy_debug(" Key Retriever policy: %s", client_request->keyretrieve); } /* Check client version */ if (strcmp(client_request->version, MYPROXY_VERSION) != 0) { myproxy_log("client %s Invalid version number (%s) received", client.name, client_request->version); respond_with_error_and_die(attrs, "Invalid version number received.\n", context); } if (client_request->command_type != MYPROXY_GET_TRUSTROOTS) { /* Check client username */ if ((client_request->username == NULL) || (strlen(client_request->username) == 0)) { myproxy_log("client %s Invalid username (%s) received", client.name, (client_request->username == NULL ? "" : client_request->username)); respond_with_error_and_die(attrs, "Invalid username received.\n", context); } } if (client_request->command_type == MYPROXY_GET_PROXY) { /* If the check_multiple_credentials option has been set AND no * client_request->credname is specified, then check ALL credentials * with the specified username for one that matches all other criteria * set by the user. If we find at least one credential that is okay * according to myproxy_authorize_accept, we SET the credname and * continue processing as normal. (Thus we know that the credential * with that username AND credname will be utilized.) Otherwise, we * error out here since there are no matching credentials with the given * username and other user-specified criteria (e.g. passphrase). */ if ((context->check_multiple_credentials) && (client_request->credname == NULL) && /* Do an initial check for authz of "default" credential */ (myproxy_authorize_accept(context,attrs, client_request,&client) != 0)) { /* Create a new temp cred struct pointer to fetch all creds */ all_creds = malloc(sizeof(*all_creds)); memset(all_creds, 0, sizeof(*all_creds)); /* For fetching all creds, we need set only the username */ all_creds->username = strdup(client_request->username); if ((num_auth_creds = myproxy_admin_retrieve_all(all_creds)) >= 0) { /* Loop through all_creds searching for authorized credential */ found_auth_cred = 0; cur_cred = all_creds; while ((!found_auth_cred) && (cur_cred != NULL)) { myproxy_debug("Checking credential for '%s' named '%s'", cur_cred->username,cur_cred->credname); /* Copy the cur_cred->credname (if present) into the * client_request structure. Be sure to free later. */ if (cur_cred->credname) client_request->credname = strdup(cur_cred->credname); /* Check to see if the credname is authorized */ if (myproxy_authorize_accept(context,attrs,client_request, &client) == 0) { found_auth_cred = 1; /* Good! Authz success! */ } else { /* Free up char memory allocated by strdup earlier */ if (cur_cred->credname) { free(client_request->credname); client_request->credname = NULL; } cur_cred = cur_cred->next; /* Try next cred in list */ } } /* end while ((!found_auth_cred) && (cur_cred != NULL)) */ } /* end if (myproxy_admin_retrieve_all) */ myproxy_creds_free(all_creds); } /*** END check_multiple_credentials ***/ } /* All authorization policies are enforced in this function. */ if (myproxy_authorize_accept(context, attrs, client_request, &client) < 0) { myproxy_log("authorization failed"); myproxy_free(NULL, client_request, server_response); respond_with_error_and_die(attrs, verror_get_string(), context); } /* Fill in client_creds with info from the request that describes the credentials the request applies to. We must do this *after* processing check_multiple_credentials above. */ client_creds->owner_name = strdup(client.name); client_creds->username = strdup(client_request->username); client_creds->passphrase = strdup(client_request->passphrase); client_creds->lifetime = client_request->proxy_lifetime; if (client_request->retrievers != NULL) client_creds->retrievers = strdup(client_request->retrievers); if (client_request->keyretrieve != NULL) client_creds->keyretrieve = strdup(client_request->keyretrieve); if (client_request->trusted_retrievers != NULL) client_creds->trusted_retrievers = strdup(client_request->trusted_retrievers); if (client_request->renewers != NULL) client_creds->renewers = strdup(client_request->renewers); if (client_request->credname != NULL) client_creds->credname = strdup (client_request->credname); if (client_request->creddesc != NULL) client_creds->creddesc = strdup (client_request->creddesc); /* Handle client request */ switch (client_request->command_type) { case MYPROXY_GET_PROXY: if (caonly || !myproxy_creds_exist(client_request->username, client_request->credname)) { use_ca_callout = 1; } /* fall through to MYPROXY_RETRIEVE_CERT */ case MYPROXY_RETRIEVE_CERT: if (!use_ca_callout) { /* Retrieve the credentials from the repository */ if (myproxy_creds_retrieve(client_creds) < 0) { respond_with_error_and_die(attrs, verror_get_string(), context); } myproxy_debug(" Owner: %s", client_creds->username); myproxy_debug(" Location: %s", client_creds->location); myproxy_debug(" Max. delegation lifetime: %d seconds", client_creds->lifetime); if (context->max_proxy_lifetime) { myproxy_debug(" Server max_proxy_lifetime: %d seconds", context->max_proxy_lifetime); } /* Are credentials locked? */ if (client_creds->lockmsg) { char *error, *msg="credential locked\n"; error = malloc(strlen(msg) + strlen(client_creds->lockmsg) + 1); strcpy(error, msg); strcat(error, client_creds->lockmsg); respond_with_error_and_die(attrs, error, context); } if (myproxy_creds_verify(client_creds) < 0) { myproxy_creds_free(client_creds); myproxy_free(NULL, client_request, server_response); respond_with_error_and_die(attrs, verror_get_string(), context); } } if (client_request->want_trusted_certs) { case MYPROXY_GET_TRUSTROOTS: if (context->cert_dir) { server_response->trusted_certs = myproxy_get_certs(context->cert_dir); if (server_response->trusted_certs) { myproxy_log("Sending trust roots to %s", client.name); } else { myproxy_log("myproxy_get_certs() failed"); myproxy_log_verror(); } } else { myproxy_log("WARNING: client requested trusted certificates but " "cert_dir not configured"); } } /* Send initial OK response */ if (client_request->command_type != MYPROXY_GET_TRUSTROOTS) { send_response(attrs, server_response, client.name, 0); /* Any trustroots wanted as addl. info would have been sent in this send. No need to send them again later. */ if (server_response->trusted_certs) { myproxy_certs_free(server_response->trusted_certs); server_response->trusted_certs = NULL; context->usage.trustroots_sent = 1; } } if (client_request->command_type == MYPROXY_GET_PROXY) { /* Delegate the credential and set final server_response */ if (use_ca_callout) { context->usage.ca_used = 1; myproxy_debug("using CA callout"); get_certificate_authority(attrs, client_creds, client_request, server_response, context); } else { myproxy_debug("retrieving proxy"); if (context->proxy_extfile) { if (myproxy_set_extensions_from_file(context->proxy_extfile) < 0) { myproxy_log("myproxy_set_extensions_from_file() failed"); myproxy_log_verror(); verror_clear(); } } else if (context->proxy_extapp) { if (myproxy_set_extensions_from_callout(context->proxy_extapp, client_request->username, client_creds->location) < 0) { myproxy_log("myproxy_set_extensions_from_callout() failed"); myproxy_log_verror(); verror_clear(); } } if (have_voms != 0 && get_voms_proxy_impl != NULL && client_request->voname != NULL && context->allow_voms_attribute_requests) { get_voms_proxy_impl(attrs, client_creds, client_request, server_response, context); } else get_proxy(attrs, client_creds, client_request, server_response, context->max_proxy_lifetime); } } else if (client_request->command_type == MYPROXY_RETRIEVE_CERT) { /* Delegate the credential and set final server_response */ get_credentials(attrs, client_creds, client_request, server_response, context->max_proxy_lifetime); } break; case MYPROXY_PUT_PROXY: if (myproxy_check_passphrase_policy(client_request->passphrase, context->passphrase_policy_pgm, client_request->username, client_request->credname, client_request->retrievers, client_request->renewers, client.name) < 0) { myproxy_creds_free(client_creds); myproxy_free(NULL, client_request, server_response); respond_with_error_and_die(attrs, verror_get_string(), context); } /* Send initial OK response */ send_response(attrs, server_response, client.name, 0); /* Store the credentials in the repository and set final server_response */ put_proxy(attrs, client_creds, server_response, context->max_cred_lifetime); break; case MYPROXY_INFO_PROXY: info_proxy(client_creds, server_response); if (server_response->info_creds == client_creds) { client_creds = NULL; /* avoid potential double-free */ } break; case MYPROXY_DESTROY_PROXY: destroy_proxy(client_creds, server_response); break; case MYPROXY_CHANGE_CRED_PASSPHRASE: /* change credential passphrase*/ if (myproxy_check_passphrase_policy(client_request->new_passphrase, context->passphrase_policy_pgm, client_request->username, client_request->credname, client_request->retrievers, client_request->renewers, client.name) < 0) { myproxy_creds_free(client_creds); myproxy_free(NULL, client_request, server_response); respond_with_error_and_die(attrs, verror_get_string(), context); } change_passwd(client_creds, client_request->new_passphrase, server_response); break; case MYPROXY_STORE_CERT: /* Store the end-entity credential */ /* Send initial OK response */ send_response(attrs, server_response, client.name, 0); /* Store the credentials in the repository and set final server_response */ put_credentials(attrs, client_creds, server_response, context->max_cred_lifetime); break; default: server_response->error_string = strdup("Unknown command.\n"); break; } /* return server response */ /* ignore any send errors for this final OK message since currently some clients may close without waiting for this terminating message to be received due to a timing issue */ send_response(attrs, server_response, client.name, 1 /* ignore net errors */); if (server_response->trusted_certs) { context->usage.trustroots_sent = 1; } /* Log request */ myproxy_log("Client %s disconnected", client.name); /* free stuff up */ myproxy_creds_free(client_creds); myproxy_free(attrs, client_request, server_response); myproxy_free_extensions(); if (client.fqans) { char **p; for (p = client.fqans; p && *p; p++) free(*p); free(client.fqans); } return 0; } int init_arguments(int argc, char *argv[], myproxy_socket_attrs_t *attrs, myproxy_server_context_t *context) { extern char *optarg; int arg; int arg_error = 0; char *last_directory_seperator; char directory_seperator = '/'; /* NULL implies INADDR_ANY */ attrs->pshost = NULL; if (getenv("MYPROXY_SERVER_PORT")) { attrs->psport = atoi(getenv("MYPROXY_SERVER_PORT")); } else { attrs->psport = MYPROXY_SERVER_PORT; } /* Get my name, removing any preceding path */ last_directory_seperator = strrchr(argv[0], directory_seperator); if (last_directory_seperator == NULL) { context->my_name = strdup(argv[0]); } else { context->my_name = strdup(last_directory_seperator + 1); } while((arg = getopt_long(argc, argv, short_options, long_options, NULL)) != EOF) { switch(arg) { case 'l': /* listen to hostname / ipaddr */ attrs->pshost = strdup(optarg); break; case 'p': /* port */ attrs->psport = atoi(optarg); break; case 'P': /* pidfile */ context->pidfile = strdup(optarg); break; case 'z': /* portfile */ context->portfile = strdup(optarg); break; case 'h': /* print help and exit */ printf("%s", usage); exit(0); break; case 'c': context->config_file = malloc(strlen(optarg) + 1); strcpy(context->config_file, optarg); break; case 'v': myproxy_debug_set_level(1); break; case 'V': /* print version and exit */ printf("%s", version); exit(0); break; case 's': /* set the credential storage directory */ myproxy_set_storage_dir(optarg); break; case 'u': /* print version and exit */ printf("%s", usage); exit(0); break; case 'd': debug = 1; break; default: /* print usage and exit */ fprintf(stderr, "%s", usage); exit(1); break; } } if (optind != argc) { fprintf(stderr, "%s: invalid option -- %s\n", argv[0], argv[optind]); arg_error = -1; } return arg_error; } static int bind_socket(const char *hostname, int port) { int sock = -1; struct addrinfo hints, *res, *ressave; int on = 1; struct linger lin = {0,0}; int n; char portstr[6] = {0}, *portstrp = NULL; /* getaddrinfo() requires either hostname or port to be set */ assert(hostname || port); if (port) { snprintf(portstr, 6, "%d", port); portstrp=portstr; } memset(&hints, 0, sizeof(struct addrinfo)); hints.ai_flags = AI_PASSIVE; hints.ai_family = AF_UNSPEC; hints.ai_socktype = SOCK_STREAM; n = getaddrinfo(hostname, portstrp, &hints, &res); if (n < 0) { myproxy_log("getaddrinfo error: %s", gai_strerror(n)); return -1; } ressave=res; while (res) { char chosenhost[NI_MAXHOST] = { 0 }; char chosenport[NI_MAXSERV] = { 0 }; getnameinfo(res->ai_addr, res->ai_addrlen, chosenhost, sizeof(chosenhost), chosenport, sizeof(chosenport), NI_NUMERICHOST|NI_NUMERICSERV); sock = socket(res->ai_family, res->ai_socktype, res->ai_protocol); if (sock >= 0) { /* Allow reuse of socket */ setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void *)&on, sizeof(on)); setsockopt(sock, SOL_SOCKET, SO_LINGER, (char *)&lin, sizeof(lin)); if (bind(sock, res->ai_addr, res->ai_addrlen) == 0) { myproxy_log("Socket bound to %s:%s", chosenhost, chosenport); break; } if (errno == EADDRINUSE) { myproxy_log("Port %s on %s already in use, probably by another " "myproxy-server instance.\nUse the -p option to run " "multiple myproxy-server instances on different " "ports.", chosenport, chosenhost); } else { myproxy_log("Failed to bind socket to %s:%s: %s", chosenhost, chosenport, strerror(errno)); } close(sock); sock = -1; } else { myproxy_log("Failed to create socket for %s:%s: %s", chosenhost, chosenport, strerror(errno)); } res = res->ai_next; } freeaddrinfo(ressave); return sock; } /* * myproxy_init_server() * * Create a generic server socket ready on the given port ready to accept. * * returns the listener fd on success */ int myproxy_init_server(myproxy_socket_attrs_t *attrs) { int listen_sock = -1; GSI_SOCKET *tmp_gsi_sock; if ((tmp_gsi_sock = GSI_SOCKET_new(0)) == NULL) { failure("malloc() failed in GSI_SOCKET_new()"); } if (GSI_SOCKET_check_creds(tmp_gsi_sock) == GSI_SOCKET_ERROR) { char error_string[1024] = { 0 }; GSI_SOCKET_get_error_string(tmp_gsi_sock, error_string, sizeof(error_string)); myproxy_log("Problem with server credentials.\n%s\n", error_string); exit(1); } GSI_SOCKET_destroy(tmp_gsi_sock); if (attrs->pshost || attrs->psport) { myproxy_debug("using getaddrinfo() to configure listen socket"); listen_sock = bind_socket(attrs->pshost, attrs->psport); } else { /* just create unbound IPv4 socket for now */ int on = 1; struct linger lin = {0,0}; myproxy_debug("creating IPv4 listen socket without binding"); listen_sock = socket(AF_INET, SOCK_STREAM, 0); /* Allow reuse of socket */ setsockopt(listen_sock, SOL_SOCKET, SO_REUSEADDR, (void *)&on, sizeof(on)); setsockopt(listen_sock, SOL_SOCKET, SO_LINGER, (char *)&lin, sizeof(lin)); } if (listen_sock == -1) { failure("Error creating server socket"); } if (listen(listen_sock, INT_MAX) < 0) { failure("Error in listen()"); } if (attrs->psport == 0) { struct sockaddr_storage addr; socklen_t socklen = sizeof(addr); if (getsockname(listen_sock, (struct sockaddr *) &addr, &socklen) < 0) { failure("Error in getsockname()"); } if (addr.ss_family == AF_INET) { struct sockaddr_in saddr; memcpy(&saddr, &addr, sizeof(saddr)); attrs->psport = ntohs(saddr.sin_port); } #ifdef AF_INET6 else if (addr.ss_family == AF_INET6) { struct sockaddr_in6 saddr6; memcpy(&saddr6, &addr, sizeof(saddr6)); attrs->psport = ntohs(saddr6.sin6_port); } #endif } /* Got this far? Then log success! */ myproxy_log("Starting myproxy-server on %s:%d...", ((attrs->pshost == NULL) ? "*" : attrs->pshost), attrs->psport); return listen_sock; } void respond_with_error_and_die(myproxy_socket_attrs_t *attrs, const char *error, myproxy_server_context_t *context) { myproxy_response_t response = {0}; /* initialize with 0s */ int responselen; char *response_buffer = NULL; memset (&response, 0, sizeof (response)); response.version = strdup(MYPROXY_VERSION); response.response_type = MYPROXY_ERROR_RESPONSE; response.authorization_data = NULL; response.error_string = strdup(error); responselen = myproxy_serialize_response_ex(&response, &response_buffer); if (responselen < 0) { my_failure_chld("error in myproxy_serialize_response()"); } if (myproxy_send(attrs, response_buffer, responselen) < 0) { my_failure_chld("error in myproxy_send()\n"); } myproxy_log("Exiting: %s", error); myproxy_free(attrs, NULL, NULL); if(debug) exit(1); else _exit(1); } void send_response(myproxy_socket_attrs_t *attrs, myproxy_response_t *response, char *client_name, int ignore_net_error) { char *server_buffer = NULL; int responselen; assert(response != NULL); /* set version */ response->version = malloc(strlen(MYPROXY_VERSION) + 1); sprintf(response->version, "%s", MYPROXY_VERSION); responselen = myproxy_serialize_response_ex(response, &server_buffer); if (responselen < 0) { my_failure_chld("error in myproxy_serialize_response()"); } /* Log response */ if (response->response_type == MYPROXY_OK_RESPONSE) { myproxy_debug("Sending OK response to client %s", client_name); } else if (response->response_type == MYPROXY_ERROR_RESPONSE) { myproxy_debug("Sending ERROR response \"%s\" to client %s", response->error_string, client_name); } if (myproxy_send(attrs, server_buffer, responselen) < 0) { int error_number = GSI_SOCKET_get_errno(attrs->gsi_socket); myproxy_log_verror(); if (!(ignore_net_error && (error_number == EPIPE || error_number == ECONNRESET))) my_failure_chld("error in myproxy_send()\n"); } free(response->version); response->version = NULL; free(server_buffer); return; } /********************************************************************** * * Routines to handle client requests to the server. * */ /* Delegate requested credentials to the client */ void get_proxy(myproxy_socket_attrs_t *attrs, myproxy_creds_t *creds, myproxy_request_t *request, myproxy_response_t *response, int max_proxy_lifetime) { int lifetime = 0; if (request->proxy_lifetime > 0) { lifetime = request->proxy_lifetime; } if (creds->lifetime > 0) { if (lifetime > 0) { lifetime = MIN(lifetime, creds->lifetime); } else { lifetime = creds->lifetime; } } if (max_proxy_lifetime > 0) { if (lifetime > 0) { lifetime = MIN(lifetime, max_proxy_lifetime); } else { lifetime = max_proxy_lifetime; } } if (myproxy_init_delegation(attrs, creds->location, lifetime, request->passphrase) < 0) { myproxy_log_verror(); response->response_type = MYPROXY_ERROR_RESPONSE; response->error_string = strdup("Unable to delegate credentials.\n"); } else { myproxy_log("Delegating credentials for %s lifetime=%d", creds->owner_name, lifetime); response->response_type = MYPROXY_OK_RESPONSE; } } /* Delegate requested credentials to the client */ void get_credentials(myproxy_socket_attrs_t *attrs, myproxy_creds_t *creds, myproxy_request_t *request, myproxy_response_t *response, int max_proxy_lifetime) { if (myproxy_get_credentials(attrs, creds->location) < 0) { myproxy_log_verror(); response->response_type = MYPROXY_ERROR_RESPONSE; response->error_string = strdup("Unable to retrieve credentials.\n"); } else { myproxy_log("Sent credentials for %s", creds->owner_name); response->response_type = MYPROXY_OK_RESPONSE; } } /* Accept delegated credentials from client */ void put_proxy(myproxy_socket_attrs_t *attrs, myproxy_creds_t *creds, myproxy_response_t *response, int max_cred_lifetime) { char delegfile[MAXPATHLEN] = { 0 }; if (myproxy_accept_delegation(attrs, delegfile, sizeof(delegfile), creds->passphrase) < 0) { myproxy_log_verror(); response->response_type = MYPROXY_ERROR_RESPONSE; response->error_string = strdup("Failed to accept credentials.\n"); return; } myproxy_debug(" Accepted delegation: %s", delegfile); check_and_store_credentials(delegfile, creds, response, max_cred_lifetime); } /* Accept end-entity credentials from client */ void put_credentials(myproxy_socket_attrs_t *attrs, myproxy_creds_t *creds, myproxy_response_t *response, int max_cred_lifetime) { char delegfile[MAXPATHLEN] = { 0 }; if (myproxy_accept_credentials(attrs, delegfile, sizeof(delegfile)) < 0) { myproxy_log_verror(); response->response_type = MYPROXY_ERROR_RESPONSE; response->error_string = strdup("Failed to accept credentials.\n"); return; } myproxy_debug(" Accepted credentials: %s", delegfile); check_and_store_credentials(delegfile, creds, response, max_cred_lifetime); } void check_and_store_credentials(const char path[], myproxy_creds_t *creds, myproxy_response_t *response, int max_cred_lifetime) { time_t cred_expiration = 0; int cred_lifetime = 0; if (ssl_verify_cred(path) < 0) { myproxy_log_verror(); response->response_type = MYPROXY_ERROR_RESPONSE; response->error_string = strdup("Credentials are not valid.\n"); goto cleanup; } if (max_cred_lifetime) { ssl_get_times(path, NULL, &cred_expiration); if (cred_expiration == 0) { myproxy_log_verror(); response->response_type = MYPROXY_ERROR_RESPONSE; response->error_string = strdup("Unable to get expiration time from credentials.\n"); goto cleanup; } cred_lifetime = cred_expiration-time(0); if (cred_lifetime <= 0) { response->response_type = MYPROXY_ERROR_RESPONSE; response->error_string = strdup("Credential expired!\n"); goto cleanup; } /* up to 1hr clock skew*/ if (cred_lifetime > max_cred_lifetime + 3599) { char errstr[200]; response->response_type = MYPROXY_ERROR_RESPONSE; snprintf(errstr, 200, "Credential lifetime (%d hours) exceeds maximum allowed by server (%d hours).\n", cred_lifetime/60/60, max_cred_lifetime/60/60); response->error_string = strdup(errstr); goto cleanup; } } creds->location = strdup(path); if (myproxy_creds_store(creds) < 0) { myproxy_log_verror(); response->response_type = MYPROXY_ERROR_RESPONSE; response->error_string = strdup("Unable to store credentials.\n"); } else { response->response_type = MYPROXY_OK_RESPONSE; } cleanup: /* Clean up temporary delegation */ if (path[0]) ssl_proxy_file_destroy(path); } void info_proxy(myproxy_creds_t *creds, myproxy_response_t *response) { if (myproxy_creds_retrieve_all(creds) < 0) { myproxy_log_verror(); response->response_type = MYPROXY_ERROR_RESPONSE; response->error_string = strdup(verror_get_string()); } else { response->response_type = MYPROXY_OK_RESPONSE; response->info_creds = creds; /* beware shallow copy here */ } } void destroy_proxy(myproxy_creds_t *creds, myproxy_response_t *response) { myproxy_debug("Deleting credentials for username \"%s\"", creds->username); myproxy_debug(" Owner is \"%s\"", creds->owner_name); myproxy_debug(" Delegation lifetime is %d seconds", creds->lifetime); if (myproxy_creds_delete(creds) < 0) { myproxy_log_verror(); response->response_type = MYPROXY_ERROR_RESPONSE; response->error_string = strdup(verror_get_string()); } else { response->response_type = MYPROXY_OK_RESPONSE; } } void change_passwd(myproxy_creds_t *creds, char *new_passphrase, myproxy_response_t *response) { myproxy_debug("Changing pass phrase for username \"%s\"", creds->username); myproxy_debug(" Owner is \"%s\"", creds->owner_name); if (myproxy_creds_change_passphrase(creds, new_passphrase) < 0) { myproxy_log_verror(); response->response_type = MYPROXY_ERROR_RESPONSE; response->error_string = strdup("Unable to change pass phrase.\n"); } else { response->response_type = MYPROXY_OK_RESPONSE; } } /* * my_signal * * installs a signal handler, and returns the old handler. * This emulates the semi-standard signal() function in a * standard way using the Posix sigaction function. * * from Stevens, 1998, section 5.8 */ Sigfunc *my_signal(int signo, Sigfunc *func) { struct sigaction new_action, old_action; new_action.sa_handler = func; sigemptyset( &new_action.sa_mask ); new_action.sa_flags = 0; if (signo == SIGALRM) { #ifdef SA_INTERRUPT new_action.sa_flags |= SA_INTERRUPT; /* SunOS 4.x */ #endif } else { #ifdef SA_RESTART new_action.sa_flags |= SA_RESTART; /* SVR4, 4.4BSD */ #endif } if (sigaction(signo, &new_action, &old_action) < 0) { return SIG_ERR; } else { return old_action.sa_handler; } } /* Signal handlers here. Call only asynchronous-safe functions! This means no logging! */ void sig_chld(int signo) { pid_t pid; int stat; while ( (pid = waitpid(-1, &stat, WNOHANG)) > 0); return; } void sig_hup(int signo) { readconfig = 1; /* set the flag */ } void sig_exit(int signo) { if (listenfd >= 0) close(listenfd); /* force break out of accept() */ cleanshutdown = 1; } static void failure(const char *failure_message) { myproxy_log_perror("Failure: %s", failure_message); exit(1); } static void my_failure(const char *failure_message) { myproxy_log("Failure: %s", failure_message); exit(1); } static void my_failure_chld(const char *failure_message) { myproxy_log("Failure: %s", failure_message); if(debug) exit(1); else _exit(1); } static char * timestamp(void) { time_t clock; struct tm *tmp; time(&clock); tmp = (struct tm *)localtime(&clock); return (char *)asctime(tmp); } /* Do these steps right at the start. */ static int become_daemon_step1() { int fd = 0; int fdlimit; /* Steps taken from UNIX Programming FAQ */ /* 4. `chdir("/")' to ensure that our process doesn't keep any directory in use */ chdir("/"); /* 5. umask(0077) as a defensive measure to restrict permissions on any files we create. */ umask(0077); /* 6. Close all file descriptors */ fdlimit = sysconf(_SC_OPEN_MAX); while (fd < fdlimit) close(fd++); /* 7.Establish new open descriptors for stdin, stdout and stderr */ (void)open("/dev/null", O_RDWR); dup(0); dup(0); #ifdef TIOCNOTTY fd = open("/dev/tty", O_RDWR); if (fd >= 0) { ioctl(fd, TIOCNOTTY, 0); (void)close(fd); } #endif /* TIOCNOTTY */ return 0; } /* Save fork() until after we've done some sanity checks. */ static int become_daemon_step2() { pid_t childpid; char byte = 1; /* Create a pipe to notify the original process when initialization is complete per http://0pointer.de/public/systemd-man/daemon.html */ if (pipe(startup_pipe) < 0) { perror("Error in pipe()"); return -1; } /* 1. Fork off a child so the new process is not a process group leader */ childpid = fork(); switch (childpid) { case 0: /* child */ close(startup_pipe[0]); break; case -1: /* error */ perror("Error in fork()"); return -1; default: /* exit the original process */ close(startup_pipe[1]); read(startup_pipe[0], &byte, 1); /* wait for child to signal */ close(startup_pipe[0]); _exit(byte); } /* 2. Set session id to become a process group and session group leader */ if (setsid() < 0) { perror("Error in setsid()"); return -1; } /* 3. Fork again so the parent, (the session group leader), can exit. This means that we, as a non-session group leader, can never regain a controlling terminal. */ signal(SIGHUP, SIG_IGN); childpid = fork(); switch (childpid) { case 0: /* child */ break; case -1: /* error */ perror("Error in fork()"); return -1; default: /* exit the original process */ _exit(0); } return 0; } /* We're all done starting up, so signal the original process to exit. */ static int become_daemon_step3(char status) { write(startup_pipe[1], &status, 1); close(startup_pipe[1]); return 0; } static void write_pfile(const char path[], long val) { FILE *f = NULL; f = fopen(path, "wb"); if (f == NULL) { myproxy_log("Couldn't create \"%s\": %s", path, strerror(errno)); } else { fprintf(f, "%ld\n", val); fclose(f); } } /* * check that all following conditions hold: * (1) the client_name matches the server-wide policy (eg authorized_retrievers) * (2) if the per-credential credential_policy isn't empty than the client_name * is allowed by the policy * (3) if the per-credential credential_policy is empty and the server default * policy is not than the client_name matches the server-wide policy * (eg default_retrievers) */ static int myproxy_check_policy(myproxy_server_context_t *context, myproxy_socket_attrs_t *attrs, myproxy_server_peer_t *client, const char *policy_name, const char **server_policy, const char *credential_policy, const char **default_credential_policy) { int authorization_ok = -1; myproxy_debug("applying %s policy", policy_name); authorization_ok = myproxy_server_check_policy_list_ext(server_policy, client); if (authorization_ok != 1) { verror_put_string("\"%s\" not authorized by server's %s policy", client->name, policy_name); return authorization_ok; } if (credential_policy != NULL) { authorization_ok = myproxy_server_check_policy_ext(credential_policy, client); if (authorization_ok != 1) { verror_put_string("\"%s\" not authorized by credential's %s policy", client->name, policy_name); return authorization_ok; } } else if (default_credential_policy != NULL) { authorization_ok = myproxy_server_check_policy_list_ext(default_credential_policy, client); if (authorization_ok != 1) { verror_put_string("\"%s\" not authorized by server's default %s policy", client->name, policy_name); return authorization_ok; } } return authorization_ok; } static void no_creds_abort(myproxy_socket_attrs_t *attrs, char username[], char credname[], myproxy_server_context_t *context) { verror_clear(); /* don't distract with other errors */ if (!credname) { verror_put_string("No credentials exist for username \"%s\".", username); } else { verror_put_string("No credentials exist with username \"%s\" and credential name \"%s\".", username, credname); } respond_with_error_and_die(attrs, verror_get_string(), context); } /* Check if we're granting access to a certificate with the same identity as the requester (so-called "self-authz"). If the request is to access a credential in the repository, check that. Otherwise, lookup the subject of the certificate we'd issue from the CA. */ static int check_self_authz(myproxy_server_context_t *context, myproxy_creds_t *creds, myproxy_server_peer_t *client) { char *subject = NULL; int rval = 1; /* default allow */ if (context->allow_self_authz == 0) { if (creds->location) { if (ssl_get_base_subject_file(creds->location, &subject)) { verror_put_string("internal error: ssl_get_base_subject_file(%s) failed in check_self_authz()", creds->location); return -1; /* error */ } } else { if (user_dn_lookup(creds->username, &subject, context)) { verror_put_string("unknown username: %s", creds->username); return -1; /* error */ } } if (strcasecmp(client->name, subject) == 0) { verror_put_string("self-authz detected"); rval = 0; /* not allowed */ } } if (subject) free(subject); return rval; } /* Check authorization for all incoming requests. The authorization * rules are as follows. * RETRIEVE: * Credentials must exist. * Client DN must match server-wide authorized_key_retrievers policy. * Client DN must match credential-specific authorized_key_retrievers policy. * Also, see below. * RETRIEVE and GET with passphrase (credential retrieval): * Client DN must match server-wide authorized_retrievers policy. * Client DN must match credential-specific authorized_retrievers policy. * Passphrase in request must match passphrase for credentials. * RETRIEVE and GET with certificate (credential renewal): * Client DN must match server-wide authorized_renewers policy. * Client DN must match credential-specific authorized_renewers policy. * If !allow_self_authz, client DN must not match credential DN. * DN in second X.509 authentication must match owner of credentials. * Private key can not be encrypted in this case. * RETRIEVE and GET from trusted_retrievers: * Client DN must match server-wide trusted_retrievers policy. * Client DN must match credential-specific trusted_retrievers policy. * If !allow_self_authz, client DN must not match credential DN. * GET_TRUSTROOTS: * Client DN must match server-wide authorized_retrievers policy. * PUT, STORE, and DESTROY: * If accepted_credentials_mapfile or accepted_credentials_mapapp, * client_name / client_request->username map entry must be present/valid. * Client DN must match accepted_credentials. * If credentials already exist for the username, the client must own them. * INFO: * Always allow here. Ownership checking done in info_proxy(). * CHANGE_CRED_PASSPHRASE: * Client DN must match accepted_credentials. * Client DN must match credential owner. * Passphrase in request must match passphrase for credentials. */ static int myproxy_authorize_accept(myproxy_server_context_t *context, myproxy_socket_attrs_t *attrs, myproxy_request_t *client_request, myproxy_server_peer_t *client) { int credentials_exist = 0; int client_owns_credentials = 0; int authorization_ok = -1; /* 1 = success, 0 = failure, -1 = error */ int allowed_to_retrieve = 0; int allowed_to_renew = 0; int trusted_retriever = 0; int return_status = -1; myproxy_creds_t creds = { 0 }; char *userdn = NULL; if (caonly) { switch (client_request->command_type) { case MYPROXY_GET_PROXY: case MYPROXY_GET_TRUSTROOTS: break; default: verror_put_string("command not supported by MyProxy CA"); respond_with_error_and_die(attrs, verror_get_string(), context); } } if (client_request->command_type != MYPROXY_GET_TRUSTROOTS) { if (caonly) { credentials_exist = 0; } else { credentials_exist = myproxy_creds_exist(client_request->username, client_request->credname); } if (credentials_exist == -1) { myproxy_log_verror(); verror_put_string("Error checking credential existence"); goto end; } creds.username = strdup(client_request->username); if (client_request->credname) { creds.credname = strdup(client_request->credname); } if (credentials_exist) { if (myproxy_creds_retrieve(&creds) < 0) { verror_put_string("Unable to retrieve credential information"); goto end; } context->usage.credentials_exist = credentials_exist; if (strcmp(creds.owner_name, client->name) == 0) { client_owns_credentials = 1; } } } switch (client_request->command_type) { case MYPROXY_RETRIEVE_CERT: authorization_ok = myproxy_check_policy(context, attrs, client, "authorized_key_retrievers", (const char **)context->authorized_key_retrievers_dns, creds.keyretrieve, (const char **)context->default_key_retrievers_dns); if (authorization_ok != 1) goto end; if (!credentials_exist) { no_creds_abort(attrs, client_request->username, client_request->credname, context); } /* fall through to MYPROXY_GET_PROXY */ case MYPROXY_GET_PROXY: /* check trusted_retrievers */ authorization_ok = myproxy_check_policy(context, attrs, client, "trusted_retrievers", (const char **)context->trusted_retriever_dns, creds.trusted_retrievers, (const char **)context->default_trusted_retriever_dns); if (authorization_ok == 1) { if (check_self_authz(context, &creds, client) != 1) { myproxy_log_verror(); myproxy_log("self-authz not allowed for trusted retriever"); } else { trusted_retriever = 1; context->usage.trusted_retr = 1; myproxy_log("trusted retrievers policy matched"); } } allowed_to_retrieve = myproxy_check_policy(context, attrs, client, "authorized_retrievers", (const char **)context->authorized_retriever_dns, creds.retrievers, (const char **)context->default_retriever_dns); allowed_to_renew = myproxy_check_policy(context, attrs, client, "authorized_renewers", (const char **)context->authorized_renewer_dns, creds.renewers, (const char **)context->default_renewer_dns); if (!allowed_to_retrieve && !allowed_to_renew) { goto end; } /* log non-fatal errors collected so far and clear them so we don't confuse the client with too much diagnostics */ if (debug) myproxy_log_verror(); verror_clear(); /* if it appears that we need to use the ca callouts because * of no stored creds, we should check if the ca is configured * and if the user exists in the mapfile if not using the * external program callout. */ if (!credentials_exist) { if ( (context->certificate_issuer_program == NULL) && (context->certificate_issuer_cert == NULL) ) { no_creds_abort(attrs, client_request->username, client_request->credname, context); } if (context->certificate_issuer_cert) { if ( user_dn_lookup( client_request->username, &userdn, context ) ) { verror_put_string("unknown username: %s", client_request->username); respond_with_error_and_die(attrs, verror_get_string(), context); } if (userdn) { free(userdn); userdn = NULL; } } } /* this call may set context->limited_proxy */ authorization_ok = authenticate_client(attrs, &creds, client_request, client->name, context, trusted_retriever, allowed_to_renew); if (authorization_ok < 0) { if (!verror_is_error()) { /* if we don't have a good error message already, it means we had insufficient authentication */ if (client_request->passphrase[0] == '\0') { verror_put_string("no passphrase"); } verror_put_string("authentication failed"); } goto end; /* authentication failed */ } else if (authorization_ok == 0) { authorization_ok = allowed_to_retrieve; } else if (authorization_ok == 1) { /* renewal */ if (check_self_authz(context, &creds, client) != 1) { authorization_ok = -1; verror_put_string("self-authz not allowed for renewer"); } } if (authorization_ok != 1) { goto end; } if (context->limited_proxy == -1) { /* config says ignore limited */ GSI_SOCKET_set_peer_limited_proxy(attrs->gsi_socket, 0); } else if (context->limited_proxy == 1) { GSI_SOCKET_set_peer_limited_proxy(attrs->gsi_socket, 1); } if (GSI_SOCKET_peer_used_limited_proxy(attrs->gsi_socket)) { myproxy_debug("client authenticated with a limited proxy chain"); if (!credentials_exist) { verror_put_string("MyProxy CA will not accept limited proxy for authentication."); authorization_ok = 0; goto end; } if (client_request->command_type == MYPROXY_RETRIEVE_CERT) { switch(ssl_limited_proxy_file(creds.location)) { case 1: break; /* ok */ case 0: verror_put_string("Client with limited proxy may not retrieve full credentials."); authorization_ok = 0; goto end; default: verror_put_string("Can't determine if credentials contain a limited proxy."); authorization_ok = 0; goto end; } } } break; case MYPROXY_GET_TRUSTROOTS: /* just check authorized_retrievers */ authorization_ok = myproxy_check_policy( context, attrs, client, "authorized_retrievers", (const char **)context->authorized_retriever_dns, NULL, NULL); if (authorization_ok != 1) { verror_put_string("\"%s\" not authorized to retrieve credentials from this " "server (authorized_retrievers policy)", client->name); goto end; } break; case MYPROXY_PUT_PROXY: case MYPROXY_STORE_CERT: case MYPROXY_DESTROY_PROXY: /* Check for a valid mapping in accepted_credentials_mapfile or * accepted_credentials_mapapp. Note that accept_credmap returns 0 * upon success (or if no check of mapfile/mapapp is needed). */ if (accept_credmap(client->name,client_request->username,context)) { goto end; /* No valid UserDN/Username mapping found! */ } /* Is this client authorized to store credentials here? */ authorization_ok = myproxy_server_check_policy_list_ext((const char **)context->accepted_credential_dns, client); if (authorization_ok != 1) { verror_put_string("\"%s\" not authorized to store credentials on this server (accepted_credentials policy)", client->name); goto end; } if (credentials_exist == 1) { if (!client_owns_credentials) { if ((client_request->command_type == MYPROXY_PUT_PROXY) || (client_request->command_type == MYPROXY_STORE_CERT)) { verror_put_string("Credentials are already stored for user %s", client_request->username); if (client_request->credname) { verror_put_string("and credential name \"%s\"", client_request->credname); } verror_put_string("and they are not owned by\n\"%s\",", client->name); verror_put_string("so you may not overwrite them."); verror_put_string("Please choose a different username or credential name or"); verror_put_string("contact your myproxy-server administrator."); } else { verror_put_string("Credentials not owned by \"%s\".", client->name); } goto end; } } break; case MYPROXY_INFO_PROXY: /* Authorization checking done inside the processing of the INFO request, since there may be multiple credentials stored under this username. */ authorization_ok = 1; break; case MYPROXY_CHANGE_CRED_PASSPHRASE: if (!client_owns_credentials) { verror_put_string("'%s' does not own the credentials", client->name); goto end; } authorization_ok = verify_passphrase(&creds, client_request, client->name, context); if (!authorization_ok) { verror_put_string("invalid pass phrase"); goto end; } break; default: verror_put_string("unknown command"); goto end; } if (authorization_ok == -1) { verror_put_string("Error checking authorization"); goto end; } if (authorization_ok != 1) { verror_put_string("authorization failed"); goto end; } return_status = 0; end: if (creds.passphrase) memset(creds.passphrase, 0, strlen(creds.passphrase)); myproxy_creds_free_contents(&creds); return return_status; } static int do_authz_handshake(myproxy_socket_attrs_t *attrs, struct myproxy_creds *creds, myproxy_request_t *client_request, char *client_name, myproxy_server_context_t* config, author_method_t methods[], authorization_data_t *auth_data) { myproxy_response_t server_response = {0}; char *client_buffer = NULL; int client_length; int return_status = -1; authorization_data_t *client_auth_data = NULL; author_method_t client_auth_method; assert(auth_data != NULL); memset(&server_response, 0, sizeof(server_response)); myproxy_debug("sending MYPROXY_AUTHORIZATION_RESPONSE"); authorization_init_server(&server_response.authorization_data, methods); server_response.response_type = MYPROXY_AUTHORIZATION_RESPONSE; send_response(attrs, &server_response, client_name, 0); /* Wait for client's response. Its first four bytes are supposed to contain a specification of the method that the client chose for authorization. */ client_length = myproxy_recv_ex(attrs, &client_buffer); if (client_length <= 0) goto end; client_auth_method = (author_method_t)(*client_buffer); myproxy_debug("client chose %s", authorization_get_name(client_auth_method)); /* fill in the client's response and return pointer to filled data */ client_auth_data = authorization_store_response( client_buffer + sizeof(client_auth_method), client_length - sizeof(client_auth_method), client_auth_method, server_response.authorization_data); if (client_auth_data == NULL) goto end; if (auth_data->server_data) free(auth_data->server_data); auth_data->server_data = strdup(client_auth_data->server_data); if (auth_data->client_data) free(auth_data->client_data); auth_data->client_data = malloc(client_auth_data->client_data_len); if (auth_data->client_data == NULL) { verror_put_string("malloc() failed"); verror_put_errno(errno); goto end; } memcpy(auth_data->client_data, client_auth_data->client_data, client_auth_data->client_data_len); auth_data->client_data_len = client_auth_data->client_data_len; auth_data->method = client_auth_data->method; #if defined(HAVE_LIBSASL2) if (auth_data->method == AUTHORIZETYPE_SASL) { config->usage.sasl_used = 1; if (auth_sasl_negotiate_server(attrs, client_request) < 0) { verror_put_string("SASL authentication failed"); goto end; } } #endif if (authorization_check_ex(auth_data, creds, client_name, config) == 1) { return_status = 0; } end: authorization_data_free(server_response.authorization_data); if (client_buffer) free(client_buffer); return return_status; } static int verify_passphrase(struct myproxy_creds *creds, myproxy_request_t *client_request, char *client_name, myproxy_server_context_t* config) { authorization_data_t auth_data = { 0 }; int return_status; auth_data.server_data = NULL; auth_data.client_data = strdup(client_request->passphrase); auth_data.client_data_len = strlen(client_request->passphrase) + 1; auth_data.method = AUTHORIZETYPE_PASSWD; return_status = authorization_check_ex(&auth_data, creds, client_name, config); free(auth_data.client_data); return return_status; } /* returns -1 if authentication failed, 0 if authentication succeeded, 1 if certificate-based (renewal) authentication succeeded */ static int authenticate_client(myproxy_socket_attrs_t *attrs, struct myproxy_creds *creds, myproxy_request_t *client_request, char *client_name, myproxy_server_context_t* config, int already_authenticated, int allowed_to_renew) { int return_status = -1, authcnt, certauth = 0; int i, j; author_method_t methods[AUTHORIZETYPE_NUMMETHODS] = { 0 }; author_status_t status[AUTHORIZETYPE_NUMMETHODS] = { 0 }; authorization_data_t auth_data = { 0 }; authcnt = already_authenticated; /* if already authenticated, just do required methods */ for (i = 0; i < AUTHORIZETYPE_NUMMETHODS; i++) { if ((i == AUTHORIZETYPE_CERT || i == AUTHORIZETYPE_CERT256) && allowed_to_renew != 1) { status[i] = AUTHORIZEMETHOD_DISABLED; } else { status[i] = authorization_get_status(i, creds, client_name, config); } } /* First, check any required methods. */ for (i = 0; i < AUTHORIZETYPE_NUMMETHODS; i++) { if (status[i] == AUTHORIZEMETHOD_REQUIRED) { /* password is a special case for now. don't send password challenges. */ if (i == AUTHORIZETYPE_PASSWD) { if (verify_passphrase(creds, client_request, client_name, config) != 1) { /* verify_passphrase() will set verror */ goto end; } authcnt++; } else { methods[0] = i; if (do_authz_handshake(attrs, creds, client_request, client_name, config, methods, &auth_data) < 0) { verror_put_string("authentication failed"); goto end; } if (i == AUTHORIZETYPE_CERT || i == AUTHORIZETYPE_CERT256) { certauth = 1; } authcnt++; } } } /* if none required, try sufficient */ if (authcnt == 0) { /* if we already have a password, try it now */ if (status[AUTHORIZETYPE_PASSWD] == AUTHORIZEMETHOD_SUFFICIENT && client_request->passphrase[0] != '\0') { if (verify_passphrase(creds, client_request, client_name, config) == 1) { authcnt++; } else { /* if given password was bad, fail immediately for a more helpful error message */ /* verify_passphrase() will set verror */ goto end; } } } if (authcnt == 0) { for (i = 0, j = 0; i < AUTHORIZETYPE_NUMMETHODS; i++) { if (status[i] == AUTHORIZEMETHOD_SUFFICIENT && i != AUTHORIZETYPE_PASSWD) { methods[j++] = i; } } if (j > 0) { if (do_authz_handshake(attrs, creds, client_request, client_name, config, methods, &auth_data) < 0) { verror_put_string("authentication failed"); goto end; } if (auth_data.method == AUTHORIZETYPE_CERT || auth_data.method == AUTHORIZETYPE_CERT256) { certauth = 1; } authcnt++; } } if (certauth) { return_status = 1; } else if (authcnt) { return_status = 0; } end: authorization_data_free_contents(&auth_data); return return_status; } myproxy-6.2.16/LICENSE.netbsd0000644000175100017510000000364314557142036012560 00000000000000/*- * Copyright (c) 2000 The NetBSD Foundation, Inc. * All rights reserved. * * This code is derived from software contributed to The NetBSD Foundation * by Dieter Baron and Thomas Klausner. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the NetBSD * Foundation, Inc. and its contributors. * 4. Neither the name of The NetBSD Foundation nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ myproxy-6.2.16/PROTOCOL0000644000175100017510000004114314557142036011456 00000000000000MyProxyv2 protocol Section A ------- - Basic Tenants: 1) All communications between MyProxy process will be authenticated via GSSAPI. The MyProxyServer will always be the accepting side and will have an identity of "host/" or "myproxy/". 2) The transport protocol will be SSL (Kerberos support is planned) Each message will be integrity protected and encrypted via gss_wrap(). 3) Messages will consist of either one or more NULL-terminated ASCII text strings or a single chunk of arbitrary data whose meaning is determined by the context of the current state of the protocol. 4) All communications will be over TCP. 5) By default the MyProxy server will listen on port 7512 unless otherwise specified. [NOTE - the port number choice is arbitrary.] 6) MyProxy server always replies to the requests with either a OK, ERROR, or AUTHORIZATION message: An OK message will simply contain: VERSION=MYPROXYv2 RESPONSE=0 An ERROR message will contain: VERSION=MYPROXYv2 RESPONSE=1 ERROR= ERROR= ... There may be one or more lines of error text, with the intent that the client may concatenate them together (separated with carriage returns). The line separator is the LF character: '\n'. After sending an ERROR response myproxy-server will close the connection and no more data should be sent in either direction. If the client sends an empty passphrase, the server can also reply with a MYPROXY_AUTHORIZATION_RESPONSE message: VERSION=MYPROXYv2 RESPONSE=2 AUTHORIZATION_DATA=: ... There may be more then one line of authorization data. The purpose of this message is to provide the client with available authorization methods along with data needed to use the methods. The client will choose one method, create a response according to server's challenge and send it back to the server. The first four bytes of the response convey a method identifier (see myproxy_authorization.[ch] for supported methods). Currently, the identifier is specified in the first byte only. The remaining three bytes are ignored. The contents of the remaining part of the response depends on the particular authorization method and is not specified here. The server will verify the response, check authorization data, check authorization policy and reply with either an OK or an ERROR message. Then the protocol will continue. Currently there are two supported methods: the original password based and a new X.509 certificate based. When using the later one, the server will generate a random 32 bytes long challenge, encode it into an ASCII string and send to the client as . The client will sign the challenge with its private key and send the result back along with the whole certificate chain. Format of the client's response in this case is following: - first four bytes state length of the signature - signature itself - four bytes state number of certificates sent - certificates in the ASN.1 encoding. Since the original client never sends an empty password, compatibility is retained (the MYPROXY_AUTHORIZATION_RESPONSE message is sent iff the server receives an empty password). 7) The delegated credentials are sent over the wire as a chain of certificates in a _single_ message. The message contains: A byte that indicates the number of certificates in the message followed by the certificates of the certificate chain. Each certificate is encoded in the stardard X.509 v3 ASN.1 format. The first certificate sent is the newly delegated certificate, followed by the first certificate of the certificate chain, and the rest of the chain. The last certificate sent should be the user certificate signed by the CA. The CA certificate does not have to be included. 8) For protocol extensibility, clients and servers are expected to ignore lines in messages that they don't understand. ==== Section B ------- - MyProxyInit <-> MyProxyServer protocol The following illustrates a MyProxyInit process connecting to a MyProxyServer process and storing a proxy for later retrieval. 1) MyProxyInit will make a connection to the MyProxyServer at the host and port as specified by its configuration or the user. 2) MyProxyInit will initiate the GSSAPI context setup loop, with MyProxyServer accepting. See Section A.1. 3) MyProxyInit will then send a message to MyProxyServer containing the following strings: VERSION=MYPROXYv2 COMMAND=1 USERNAME= PASSPHRASE= LIFETIME= and optional strings RETRIEVER= RENEWER= CRED_NAME= CRED_DESC= The intent of the VERSION string is to allow the server to know if it is dealing with an outdated or newer client. and are the strings supplied by the user to be used for retrieval by the portal. is the ASCII representation of the lifetime of the proxy to be delegated to the portal, in seconds. and are strings specifying the retriever and renewer policy regular expressions. assigns a name to the credential, allowing multiple credentials to be stored for a given username. can provide additional descriptive text to be displayed in MyProxyInfo requests, for example. 4) MyProxyServer will then respond with either a OK or an ERROR message. See Section A.6 for details. 5) Next, the server will perform delegation with the client. The MyProxyServer will generate a public/private key pair and send the public key to the MyProxyInit client as a certificate request. MyProxyInit client will sign the request with its proxy private key and send the new certificate and the entire certificate chain back to the server. See section A.8 for details of the certificate chain message. 6) MyProxyServer will read the individual certificates, chain them back up together into a new delegated credentials and store them. The server also stores the retriever and renewer DN strings if they are specified. 7) MyProxyServer will then respond with either a OK message if it successfully stored the proxy or an ERROR message if an error occurred. For example, an error might occur when the stored proxy already exists for the same username but belongs to another user. For the reply message details see section A.6. 8) At this point, both sides should close the connection. ==== Section C ------- - MyProxyGet <-> MyProxyServer protocol The following illustrates a MyProxyGet process connecting to a MyProxyServer process and retrieving a proxy for use. 1) MyProxyGet makes a connection to the MyProxyServer as indicated by its configuration or arguments. 2) MyProxyGet will initiate the GSSAPI context setup loop, with MyProxyServer accepting. See Section A.1. 3) MyProxyGet will then send a message to MyProxyServer containing the following strings: VERSION=MYPROXYv2 COMMAND=0 USERNAME= PASSPHRASE= LIFETIME= The message can also contain an optional string : CRED_NAME= The intent of the VERSION string is to allow the server to know if it is dealing with an outdated or newer client. and are the strings supplied by the user to the portal to be used for retrieval by the portal. 4) MyProxyServer will then respond with either a OK, ERROR, or AUTHORIZATION message. See Section A.6 for details. 5) Next, the server will delegate the user credential to the client. The MyProxyGet will generate a public/private key pair and send the public key to the MyProxyServer as a certificate request. MyProxyServer will sign the request with the private key of the stored user credential and send it as a new certificate back to the client along with the rest of the certificate chain of the stored credential. See section A.7 for details of the certificate chain message. The MyProxyGet will then chain up the certificates together and create the new user credentials. 6) MyProxyServer will then respond with either a OK message if it successfully completed sending the certificates or an ERROR message if an error occurred. See section A.6 for details. 7) At this point, both sides should close the connection. ==== Section D ------- - MyProxyDestroy <-> MyProxyServer protocol The following illustrates a MyProxyDestroy process connecting to a MyProxyServer process and removing a proxy. 1) MyProxyDestroy makes a connection to the MyProxyServer as indicated by its configuration or arguments. 2) MyProxyDestroy will initiate the GSSAPI context setup loop, with MyProxyServer accepting. See section A.1. 3) MyProxyDestroy will then send a message to MyProxyServer containing the following strings: VERSION=MYPROXYv2 COMMAND=3 USERNAME= PASSPHRASE= The message can also contain an optional string : CRED_NAME= The intent of the VERSION string is to allow the server to know if it is dealing with an outdated or newer client. and are the strings supplied by the user to the portal used for retrieval of a proxy from the portal. 4) MyProxyServer will then respond with either a OK or an ERROR message. See section A.6 for details. 5) At this point, both sides should close the connection. ==== Section E ------- - MyProxyInfo <->MyProxyServer protocol The following illustrates a MyProxyInfo process connecting to a MyProxyServer process and queries information about a proxy. 1) MyProxyInfo makes a connection to the MyProxyServer as indicated by its configuration or arguments. 2) MyProxyInfo will initiate the GSSAPI context setup loop, with MyProxyServer accepting. See section A.1. 3) MyProxyInfo will then send a message to MyProxyServer containing the following strings: VERSION=MYPROXYv2 COMMAND=2 USERNAME= PASSPHRASE= The intent of the VERSION string is to allow the server to know if it is dealing with an outdated or newer client. and are the strings supplied by the user. 4) MyProxyServer will then respond with either a OK or an ERROR message. See section A.6 for details. If the response is OK it will also contain the following strings: CRED_NAME= // optional CRED_DESC= // optional CRED_START_TIME= // required CRED_END_TIME= // required CRED_OWNER= // required CRED_RETRIEVER= // optional CRED_RENEWER= // optional ADDL_CREDS=cred1,cred2,....,credn // If multiple creds are stored CRED_cred1_DESC= // optional CRED_cred1_START_TIME= // required CRED_cred1_END_TIME= // required CRED_cred1_OWNER= // required CRED_cred1_RETRIEVER= // optional CRED_cred1_RENEWER= // optional .... The time strings carry information on lifetime of the proxy in a repository. Both the times are in unix format, i.e. number seconds since the Epoch (00:00:00 UTC January 1, 1970). The field contains DN of the proxy's owner. 5) At this point, both sides should close the connection. ====== Section F ------- - MyProxyChangePasswd <-> MyProxyServer protocol The following illustrates a MyProxyChangePasswd process connecting to a MyProxyServer process and changes password of a proxy. 1) MyProxyChangePasswd makes a connection to the MyProxyServer as indicated by its configuration or arguments. 2) MyProxyChangePasswd will initiate the GSSAPI context setup loop, with MyProxyServer accepting. See section A.1. 3) MyProxyChangePasswd will then send a message to MyProxyServer containing the following strings: VERSION=MYPROXYv2 COMMAND=4 USERNAME= PASSPHRASE= NEW_PHRASE= The message can also contain an optional string : CRED_NAME= The intent of the VERSION string is to allow the server to know if it is dealing with an outdated or newer client. and are the strings supplied by the user for authentication. is the new pass phrase assigned to the credential. 4) MyProxyServer will then respond with either a OK or an ERROR message. See section A.6 for details. 5) At this point, both sides should close the connection. ====== Section G ------- - MyProxyStoreCertificate <-> MyProxyServer protocol The following illustrates a MyProxyStoreCertificate process connecting to a MyProxyServer process and storing a proxy for later retrieval. 1) MyProxyStoreCertificate will make a connection to the MyProxyServer at the host and port as specified by its configuration or the user. 2) MyProxyStoreCertificate will initiate the GSSAPI context setup loop, with MyProxyServer accepting. See Section A.1. 3) MyProxyStoreCertificate will then send a message to MyProxyServer containing the following strings: VERSION=MYPROXYv2 COMMAND=5 USERNAME= LIFETIME= and optional strings RETRIEVER= RENEWER= CRED_NAME= CRED_DESC= KEYRETRIEVER= The intent of the VERSION string is to allow the server to know if it is dealing with an outdated or newer client. is the strings supplied by the user to be used for retrieval by the portal. is the ASCII representation of the lifetime of the proxy to be delegated to the portal, in seconds. and are strings specifying the retriever and renewer policy regular expressions. is a string specifying the key retriever policy regular expression. assigns a name to the credential, allowing multiple credentials to be stored for a given username. can provide additional descriptive text to be displayed in MyProxyInfo requests, for example. 4) MyProxyServer will then respond with either a OK or an ERROR message. See Section A.6 for details. 5) Next, the client will send the users end-entity credentials to the server. 6) MyProxyServer will read the individual certificates and store it. The server also stores the retriever, renewer, or key retriever DN strings if they are specified. 7) MyProxyServer will then respond with either a OK message if it successfully stored the proxy or an ERROR message if an error occurred. For example, an error might occur when the stored proxy already exists for the same username but belongs to another user. For the reply message details see section A.6. 8) At this point, both sides should close the connection. ==== Section H ------- - MyProxyRetrieve <-> MyProxyServer protocol The following illustrates a MyProxyRetrieve process connecting to a MyProxyServer process and retrieving the end-entity credentials. 1) MyProxyRetrieve makes a connection to the MyProxyServer as indicated by its configuration or arguments. 2) MyProxyRetrieve will initiate the GSSAPI context setup loop, with MyProxyServer accepting. See Section A.1. 3) MyProxyRetrieve will then send a message to MyProxyServer containing the following strings: VERSION=MYPROXYv2 COMMAND=6 USERNAME= PASSPHRASE= LIFETIME= The message can also contain an optional string : CRED_NAME= The intent of the VERSION string is to allow the server to know if it is dealing with an outdated or newer client. and are the strings supplied by the user to the portal to be used for retrieval by the portal. 4) MyProxyServer will then respond with either a OK, ERROR, or AUTHORIZATION message. See Section A.6 for details. 5) Next, the server will retrieve the user credential and send it to the client. 6) At this point, both sides should close the connection. myproxy-6.2.16/myproxy_popen.c0000644000175100017510000000226414557142036013367 00000000000000#include "myproxy_common.h" #define MAXARGS 20 pid_t myproxy_popen(int fds[3], const char *path, ...) { pid_t childpid; int p0[2], p1[2], p2[2]; assert(path); if (access(path, X_OK) < 0) { verror_put_string("%s not executable", path); verror_put_errno(errno); return -1; } if (pipe(p0) < 0 || pipe(p1) < 0 || pipe(p2) < 0) { verror_put_string("pipe() failed"); verror_put_errno(errno); return -1; } if ((childpid = fork()) < 0) { verror_put_string("fork() failed"); verror_put_errno(errno); return -1; } if (childpid == 0) { /* child */ va_list ap; const char *argv[MAXARGS]; int i=0; close(p0[1]); close(p1[0]); close(p2[0]); if (dup2(p0[0], 0) < 0 || dup2(p1[1], 1) < 0 || dup2(p2[1], 2) < 0) { perror("dup2"); exit(1); } argv[i++] = path; va_start(ap, path); while ((argv[i++] = va_arg(ap, const char *)) != NULL) { assert(i < MAXARGS); } va_end(ap); execv(path, (char *const *)argv); fprintf(stderr, "failed to run %s: %s\n", path, strerror(errno)); exit(1); } close(p0[0]); close(p1[1]); close(p2[1]); fds[0] = p0[1]; fds[1] = p1[0]; fds[2] = p2[0]; return childpid; } myproxy-6.2.16/myproxy_read_pass.h0000644000175100017510000000316514557142036014215 00000000000000/* * my_proxy_read_pass.h * * Common client side routines. */ #ifndef _MYPROXY_READ_PASS_H #define _MYPROXY_READ_PASS_H /* Minimum pass phrase length */ #define MIN_PASS_PHRASE_LEN 6 /* * myproxy_read_passphrase() * * Issue the specified prompt (or a standard prompt if prompt is NULL) * and read the pass phrase from the tty * and place it into the given buffer with length given by buffer_len. * If pass phrase is greater than buffer_len bytes, it is silently * truncated. * * Returns number of characters read, -1 on error. */ int myproxy_read_passphrase(char *buffer, int buffer_len, const char *prompt); /* * myproxy_read_passphrase_stdin() * * Same as myproxy_read_passphrase() except reads pass phrase from stdin. */ int myproxy_read_passphrase_stdin(char *buffer, int buffer_len, const char *prompt); /* * myproxy_read_verified_passphrase() * * Same as myproxy_read_passphrase except the user is prompted * twice for the passphrase and both must match. */ int myproxy_read_verified_passphrase(char *buffer, int buffer_len, const char *prompt); /* * Check for good passphrases: * 1. Make sure the passphrase is at least MIN_PASS_PHRASE_LEN long. * 2. Optionally run an external passphrase policy program. * * Returns 0 if passphrase is accepted and -1 otherwise. */ int myproxy_check_passphrase_policy(const char *passphrase, const char *passphrase_policy_pgm, const char *username, const char *credname, const char *retrievers, const char *renewers, const char *client_name); #endif /* _MYPROXY_READ_PASS_H */ myproxy-6.2.16/verror.c0000644000175100017510000001055314557142036011756 00000000000000/* * verror.c * * Simple error-handling interface. See verror.h for documentation. */ #include "myproxy_common.h" /* all needed headers included here */ /********************************************************************** * * Internal variables. * */ struct verror_context { int is_set; char *string; int value; int number; }; static struct verror_context my_context = { 0, NULL, 0, 0 }; /********************************************************************** * * Internal constants * */ /* Values for where_flag to verror_add_string() */ #define VERROR_PREPEND 0 #define VERROR_APPEND 1 /********************************************************************** * * Internal functions. * */ /* * Added a string to the current error. * * If where_flag == VERROR_PREPEND, then prepend the string. * == VERROR_APPEND, then append the string. */ static void verror_add_string(const char *string, int where_flag) { int need_cr = 0; int string_len; int new_string_length; char *new_string; assert(string != NULL); string_len = strlen(string); /* Do we need to add a carriage return to the string */ if (string[string_len - 1] != '\n') { need_cr = 1; } /* Determine the length of the new string */ new_string_length = (my_context.string == NULL ? 0 : strlen(my_context.string)); new_string_length += strlen(string) + 1 /* NUL */; if (need_cr == 1) { new_string_length++; } new_string = malloc(new_string_length); if (new_string == NULL) { /* Punt */ return; } new_string[0] = '\0'; /* Fill in new_string */ switch (where_flag) { case VERROR_PREPEND: strcat(new_string, string); if (need_cr) { strcat(new_string, "\n"); } if (my_context.string != NULL) { strcat(new_string, my_context.string); } break; default: /* Punt */ case VERROR_APPEND: if (my_context.string != NULL) { strcat(new_string, my_context.string); } strcat(new_string, string); if (need_cr) { strcat(new_string, "\n"); } break; } /* And put new_string in place */ if (my_context.string != NULL) { free(my_context.string); } my_context.string = new_string; return; } /********************************************************************** * * API Functions * */ void verror_prepend_string(const char *format, ...) { char *string = NULL; va_list ap; my_context.is_set = 1; va_start(ap, format); string = my_vsnprintf(format, ap); va_end(ap); if (string == NULL) { /* Punt */ goto error; } verror_add_string(string, VERROR_PREPEND); error: if (string != NULL) { free(string); } return; } void verror_put_string(const char *format, ...) { char *string = NULL; va_list ap; my_context.is_set = 1; va_start(ap, format); string = my_vsnprintf(format, ap); va_end(ap); if (string == NULL) { /* Punt */ goto error; } verror_add_string(string, VERROR_APPEND); error: if (string != NULL) { free(string); } return; } void verror_put_errno(const int error_number) { my_context.is_set = 1; my_context.number = error_number; } void verror_put_value(const int value) { my_context.is_set = 1; my_context.value = value; } int verror_is_error() { return my_context.is_set; } char * verror_get_string() { if (!my_context.string) { return "unknown error"; } return my_context.string; } int verror_get_errno() { return my_context.number; } char * verror_strerror() { char *return_string; if (my_context.number == 0) { return_string = ""; } else { return_string = strerror(my_context.number); } return return_string; } int verror_get_value() { return my_context.value; } void verror_clear() { my_context.is_set = 0; if (my_context.string != NULL) { free(my_context.string); my_context.string = NULL; } my_context.value = 0; my_context.number = 0; } void verror_print_error(FILE *stream) { if (my_context.number) { fprintf(stream, "%s%s\n", verror_get_string(), verror_strerror()); } else { fprintf(stream, "%s", verror_get_string()); } } myproxy-6.2.16/myproxy_server.h0000644000175100017510000001566014557142036013565 00000000000000/* * myproxy_server.h * * Myproxy server header file */ #ifndef __MYPROXY_SERVER_H #define __MYPROXY_SERVER_H #define MYPROXY_SERVER_POLICY_TYPE_FQAN "FQAN:" #define MYPROXY_SERVER_POLICY_TYPE_SUBJECT "SUBJECT:" extern int errno; typedef struct myproxy_usage_s { int pam_used; int sasl_used; int cred_pphrase_used; int trusted_retr; int certauthz_used; int pubcookie_used; int ca_used; int credentials_exist; int trustroots_sent; char client_ip[256]; } myproxy_usage_t; typedef struct myproxy_server_context_s { char *my_name; /* My name for logging and such */ int run_as_daemon; /* Run as a daemon? */ char *config_file; /* configuration file */ char *pidfile; /* pid file */ char *portfile; /* port file */ char *passphrase_policy_pgm; /* external program for password check */ char **accepted_credential_dns; /* List of creds that can be stored */ char **authorized_retriever_dns; /* List of DNs we'll delegate to */ char **default_retriever_dns; /* List of DNs we'll delegate to */ char **trusted_retriever_dns; /* DNs we'll delegate to w/o passwd */ char **default_trusted_retriever_dns; /* DNs we'll delegate to w/o pass */ char **authorized_renewer_dns; /* List of DNs that can renew creds */ char **default_renewer_dns; /* List of DNs that can renew creds */ char **authorized_key_retrievers_dns; /* List of DNs that can retrieve keys */ char **default_key_retrievers_dns; /* List of DNs that can retrieve keys */ int max_proxy_lifetime; /* Max life (in seconds) of retrieved creds */ int max_cred_lifetime; /* Max life (in seconds) of stored creds */ char *cert_dir; /* Trusted certificate directory to send */ char *pam_policy; /* How we depend on PAM for passwd auth */ char *pam_id; /* Application name we present to PAM */ char *sasl_policy; /* SASL required, sufficient, disabled */ char *certificate_issuer_program; /* CA callout external program */ char *certificate_issuer_cert; /* CA certificate */ char *certificate_issuer_key; /* CA signing key */ const void *certificate_hashalg; /* hash algorithm for issued EECs (EVP_MD *)*/ char *certificate_request_checker; /* callout for checking certreqs */ char *certificate_issuer_checker; /* callout for checking issued certs */ char *certificate_openssl_engine_id; /* Which OpenSSL engine to use */ char *certificate_openssl_engine_lockfile; /* synchronize engine calls */ char **certificate_openssl_engine_pre; /* Which 'pre' commands to use */ char **certificate_openssl_engine_post;/* Which 'post' commands to use */ char *certificate_issuer_key_passphrase; /* CA signing key passphrase */ char *certificate_issuer_subca_certfile; /* Sub-CA certs to be sent with CA-GET */ char *certificate_issuer_email_domain; /* CA email domain for alt name */ char *certificate_extfile; /* CA extension file */ char *certificate_extapp; /* CA extension call-out */ char *certificate_mapfile; /* CA gridmap file if not the default */ char *certificate_mapapp; /* gridmap call-out */ int max_cert_lifetime; /* like proxy_lifetime for the CA */ int min_keylen; /* minimum keylength for the CA */ char *certificate_serialfile; /* path to serialnumber file for CA */ int certificate_serial_skip; /* CA serial number increment */ char *certificate_out_dir; /* path to certificate directory */ char *ca_ldap_server; /* URL to CA ldap user DN server */ char *ca_ldap_uid_attribute; /* Username attribute name */ char *ca_ldap_searchbase; /* Search base DN for ldap query */ char *ca_ldap_connect_dn; /* Optional connect-as ldap DN */ char *ca_ldap_connect_passphrase; /* Optional connect-as ldap passphrase */ char *ca_ldap_dn_attribute; /* Opt - pull dn from record attr */ int ca_ldap_start_tls; /* Optional LDAP StartTLS */ char *accepted_credentials_mapfile; /* Force username/userDN gridmap lookup */ char *accepted_credentials_mapapp;/* gridmap call-out */ int check_multiple_credentials; /* Check multiple creds for U/P match */ char *syslog_ident; /* Identity for logging to syslog */ int syslog_facility; /* syslog facility */ int limited_proxy; /* Should we delegate a limited proxy? */ int request_timeout; /* Timeout for child processes */ int request_size_limit; /* Size limit for incoming requests */ int allow_self_authz; /* Allow client subject to match cert? */ char *proxy_extfile; /* Extensions for issued proxies */ char *proxy_extapp; /* proxy extension call-out */ int obsolete1; /* Obsolete: was disable_usage_stats */ char *obsolete2; /* Obsolete: was usage_stats_target */ myproxy_usage_t usage; int allow_voms_attribute_requests;/* Support VONAME/VOMSES in requests? */ char *voms_userconf; /* VOMS confuration file */ } myproxy_server_context_t; typedef struct myproxy_server_peer_t { char name[1024]; /* shouldn't be allocated dynamicaly? */ char **fqans; } myproxy_server_peer_t; /********************************************************************** * * Routines from myproxy_server_config.c * */ /* * myproxy_server_config_read() * * Read the configuration file as indicated in the context, parse * it and store the results in the context. * * Returns 0 on success, -1 on error setting verror. */ int myproxy_server_config_read(myproxy_server_context_t *context); /* * myproxy_server_clear_context() * * Re-initialize the myproxy_server_context_t structure, * deallocating memory as needed. */ void myproxy_server_clear_context(myproxy_server_context_t *context); /* * myproxy_server_check_policy_list() * * Check to see if the given client matches an entry the dn_list. * * Returns 1 if match found, 0 if no match found, * -1 on error, setting verror. */ int myproxy_server_check_policy_list(const char **dn_list, const char *client_name); /* * myproxy_server_check_policy_list_ext() * * Same as myproxy_server_check_policy_list() but receives more detailed * client description. */ int myproxy_server_check_policy_list_ext(const char **dn_list, myproxy_server_peer_t *client); /* * myproxy_server_check_policy() * * Check to see if the given client matches the dn_regex. * * Returns 1 if match found, 0 if no match found, * -1 on error, setting verror. */ int myproxy_server_check_policy(const char *dn_regex, const char *client); /* * myproxy_server_check_policy_ext() * * Same as myproxy_server_check_policy() but receives more detailed client * description. */ int myproxy_server_check_policy_ext(const char *dn_regex, myproxy_server_peer_t *client); #endif /* !__MYPROXY_SERVER_H */ myproxy-6.2.16/auth_pam.h0000644000175100017510000000357014557142036012243 00000000000000/* * Copied in entirety from cyrus-sasl-2.1.20 auth_pam.c, except for: * - this comment * - the "#if defined(HAVE_LIBPAM)" block */ #if defined(HAVE_LIBPAM) /* COPYRIGHT * Copyright (c) 2000 Fabian Knittel. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain any existing copyright * notice, and this entire permission notice in its entirety, * including the disclaimer of warranties. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 2. Redistributions in binary form must reproduce all prior and current * copyright notices, this list of conditions, and the following * disclaimer in the documentation and/or other materials provided * with the distribution. * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR * TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH * DAMAGE. * END COPYRIGHT */ char *auth_pam(const char *, const char *, const char *, const char *); #endif /* defined(HAVE_LIBPAM) */ myproxy-6.2.16/myproxy_creds.c0000644000175100017510000016205314557142036013351 00000000000000/* * myproxy_creds.c * * Routines for storing and retrieving credentials. * * See myproxy_creds.h for documentation. */ #include "myproxy_common.h" /* all needed headers included here */ #ifndef MAXPATHLEN #define MAXPATHLEN 4096 #endif /* Files should only be readable by me */ #define FILE_MODE 0600 #if OPENSSL_VERSION_NUMBER < 0x10100000L #define X509_OBJECT_get0_X509(o) (o)->data.x509 #define X509_OBJECT_new() calloc(1, sizeof(X509_OBJECT)) #define X509_OBJECT_free(o) \ do { \ X509_OBJECT *otmp = (o); \ X509_OBJECT_free_contents(otmp); \ free(otmp); \ } while (0) #endif /********************************************************************** * * Internal variables * */ static char *storage_dir = NULL; static int searched_for_storage_dir = 0; static int max_namelen = -1; /********************************************************************** * * Internal functions * */ /* * mystrdup() * * Wrapper around strdup() */ static char * mystrdup(const char *string) { char *dup = NULL; assert(string != NULL); dup = strdup(string); if (dup == NULL) { verror_put_errno(errno); } return dup; } /* * file_exists() * * Check for existance of a file. * * Returns 1 if exists, 0 if not, -1 on error. */ static int file_exists(const char *path) { struct stat statbuf = {0}; /* initialize with 0s */ int return_value = -1; if (path == NULL) { verror_put_errno(EINVAL); return -1; } if (stat(path, &statbuf) == -1) { switch (errno) { case ENOENT: case ENOTDIR: /* File does not exist */ return_value = 0; break; default: /* Some error */ return_value = -1; break; } } else { /* File exists */ return_value = 1; } return return_value; } static int check_storage_directory_safety() { struct safe_id_range_list trusted_uids, trusted_gids; struct passwd *pw = NULL; int trust_type; /* check permissions on full path; make these WARNINGs for now */ errno = 0; safe_init_id_range_list(&trusted_uids); safe_init_id_range_list(&trusted_gids); safe_add_id_to_list(&trusted_uids, geteuid()); pw = getpwuid(geteuid()); trust_type = safe_is_path_trusted_r(storage_dir, &trusted_uids, &trusted_gids); safe_destroy_id_range_list(&trusted_uids); safe_destroy_id_range_list(&trusted_gids); switch (trust_type) { case SAFE_PATH_TRUSTED_CONFIDENTIAL: /* accessible/modifiable only by us */ break; case SAFE_PATH_TRUSTED: case SAFE_PATH_TRUSTED_STICKY_DIR: myproxy_log("WARNING: safe_is_path_trusted_r: permissions on %s do not provide confidentiality", storage_dir); break; case SAFE_PATH_UNTRUSTED: if (geteuid() == 0) { myproxy_log("WARNING: safe_is_path_trusted_r: %s can be modified by users/groups other than uid=0/gid=0", storage_dir, pw->pw_name); } else { myproxy_log("WARNING: safe_is_path_trusted_r: %s can be modified by users/groups other than %s and uid=0/gid=0", storage_dir, pw->pw_name); } break; case SAFE_PATH_ERROR: default: myproxy_log("WARNING: safe_is_path_trusted_r: unable to check permissions on %s: %s", storage_dir, strerror(errno)); break; } return 0; /* just warn for now */ } static int locate_storage_directory() { struct stat statbuf = {0}; /* initialize with 0s */ int return_code = -1; char *gl_storage_dir = NULL; if (storage_dir == NULL) { char *GL; searched_for_storage_dir = 1; GL = getenv("GLOBUS_LOCATION"); if (stat("/var/lib/myproxy", &statbuf) == 0) { storage_dir = mystrdup("/var/lib/myproxy"); if (!storage_dir) goto error; } /* if /var/lib/myproxy doesn't exist, look for /var/myproxy */ if (storage_dir == NULL && stat("/var/myproxy", &statbuf) == 0) { storage_dir = mystrdup("/var/myproxy"); if (!storage_dir) goto error; } /* if /var/myproxy doesn't exist, look for $GL/var/myproxy */ if (storage_dir == NULL && GL != NULL) { gl_storage_dir = (char *)malloc(strlen(GL)+strlen("/var/myproxy")+1); if (!gl_storage_dir) { verror_put_errno(errno); verror_put_string("malloc() failed"); goto error; } sprintf(gl_storage_dir, "%s/var/myproxy", GL); if (stat(gl_storage_dir, &statbuf) == 0) { storage_dir = gl_storage_dir; gl_storage_dir = NULL; } } if (storage_dir == NULL) { verror_put_string("did not find a storage directory"); if (!GL) verror_put_string("GLOBUS_LOCATION not set"); goto error; } } return 0; error: if (gl_storage_dir) free(gl_storage_dir); return return_code; } /* * check_storage_directory() * * Check for existance and permissions on storage directory. * Do not create storage directory if it doesn't exist. * * Returns 0 if ok, -1 on error. */ static int check_storage_directory() { struct stat statbuf = {0}; /* initialize with 0s */ int return_code = -1; struct passwd *pw = NULL; static int firsttime = 1; if (storage_dir == NULL && !searched_for_storage_dir) { locate_storage_directory(); searched_for_storage_dir = 1; } if (storage_dir == NULL) { verror_put_errno(ENOENT); goto error; } if (stat(storage_dir, &statbuf) == -1) { verror_put_errno(errno); verror_put_string("could not stat directory %s", storage_dir); goto error; } if (!S_ISDIR(statbuf.st_mode)) { verror_put_string("%s is not a directory", storage_dir); goto error; } /* Make sure it's owned by me */ if (statbuf.st_uid != geteuid()) { pw = getpwuid(geteuid()); if (pw) { verror_put_string("%s not owned by %s", storage_dir, pw->pw_name); } else { verror_put_string("%s not owned by uid %d", storage_dir, geteuid()); } goto error; } /* Make sure it's not readable or writable by anyone else */ if ((statbuf.st_mode & S_IRWXG) || (statbuf.st_mode & S_IRWXO)) { verror_put_string("permissions on %s must be 0700", storage_dir); goto error; } if (max_namelen == -1) { if (getenv("MYPROXY_CREDS_MAX_NAMELEN")) { max_namelen = atoi(getenv("MYPROXY_CREDS_MAX_NAMELEN")); } else { max_namelen = MYPROXY_CREDS_MAX_NAMELEN; } } if (firsttime) { /* just once */ check_storage_directory_safety(); myproxy_log("using storage directory %s", storage_dir); firsttime = 0; } /* Success */ return_code = 0; error: return return_code; } static char * strmd5(const char *s, unsigned char *digest) { MD5_CTX md5; unsigned char d[16]; int i; char mbuf[33]; MD5_Init(&md5); MD5_Update(&md5,s,strlen(s)); MD5_Final(d,&md5); if (digest) memcpy(digest,d,sizeof(d)); for (i=0; i<16; i++) { int dd = d[i] & 0x0f; mbuf[2*i+1] = dd<10 ? dd+'0' : dd-10+'a'; dd = d[i] >> 4; mbuf[2*i] = dd<10 ? dd+'0' : dd-10+'a'; } mbuf[32] = 0; return mystrdup(mbuf); } /* * get_storage_locations() * * Given an user name return the path where the credentials for that * username should be stored and the path where data about the credentials * should be stored. * * Return 0 on success, -1 on error. */ static int get_storage_locations(const char *username, const char *credname, char **creds_path, char **data_path, char **lock_path) { int return_code = -1; int long_username = 0; int long_credname = 0; char *sterile_username = NULL; char *sterile_credname = NULL; const char *creds_suffix = ".creds"; const char *data_suffix = ".data"; const char *lock_suffix = ".lock"; assert(username != NULL); assert(creds_path != NULL); assert(data_path != NULL); assert(lock_path != NULL); if (check_storage_directory() == -1) { goto error; } if (strlen(username) > max_namelen) { long_username = 1; } if (long_username || strchr(username, '/')) { sterile_username = strmd5(username, NULL); if (sterile_username == NULL) { goto error; } } else { sterile_username = mystrdup(username); if (sterile_username == NULL) { goto error; } sterilize_string(sterile_username); } if (*creds_path) (*creds_path)[0] = '\0'; if (*data_path) (*data_path)[0] = '\0'; if (*lock_path) (*lock_path)[0] = '\0'; if (!credname) { if (my_append(creds_path, storage_dir, "/", sterile_username, creds_suffix, NULL) == -1) { verror_put_string("Internal error: creds_path too small: " "%s line %s", __FILE__, __LINE__); goto error; } if (my_append(data_path, storage_dir, "/", sterile_username, data_suffix, NULL) == -1) { verror_put_string("Internal error: data_path too small: " "%s line %s", __FILE__, __LINE__); goto error; } if (my_append(lock_path, storage_dir, "/", sterile_username, lock_suffix, NULL) == -1) { verror_put_string("Internal error: lock_path too small: " "%s line %s", __FILE__, __LINE__); goto error; } } else { if (strlen(credname) > max_namelen) { long_credname = 1; } if (long_credname || strchr(credname, '/')) { sterile_credname = strmd5(credname, NULL); if (sterile_credname == NULL) { goto error; } } else { sterile_credname = mystrdup(credname); if (sterile_credname == NULL) { goto error; } sterilize_string(sterile_credname); } if (my_append(creds_path, storage_dir, "/", sterile_username, "-", sterile_credname, creds_suffix, NULL) == -1) { verror_put_string("Internal error: creds_path too small: %s line %s", __FILE__, __LINE__); goto error; } if (my_append(data_path, storage_dir, "/", sterile_username, "-", sterile_credname, data_suffix, NULL) == -1) { verror_put_string("Internal error: data_path too small: %s line %s", __FILE__, __LINE__); goto error; } if (my_append(lock_path, storage_dir, "/", sterile_username, "-", sterile_credname, lock_suffix, NULL) == -1) { verror_put_string("Internal error: lock_path too small: %s line %s", __FILE__, __LINE__); goto error; } } /* Success */ return_code = 0; error: if (sterile_username != NULL) { free(sterile_username); } if (sterile_credname != NULL) { free(sterile_credname); } return return_code; } /* * write_data_file() * * Write the data in the myproxy_creds structure to the * file name given, creating the file with the given mode. * * Returns 0 on success, -1 on error. */ static int write_data_file(const struct myproxy_creds *creds, const char *data_file_path, const mode_t data_file_mode) { int data_fd = -1; FILE *data_stream = NULL; char *tmpfilename = NULL; int bufsiz; int return_code = -1; if (data_file_path == NULL) { goto error; } bufsiz = strlen(data_file_path)+15; tmpfilename = malloc(bufsiz); snprintf(tmpfilename, bufsiz, "%s.temp.XXXXXX", data_file_path); data_fd = mkstemp(tmpfilename); if (data_fd == -1) { verror_put_errno(errno); verror_put_string("opening %s for writing", tmpfilename); goto error; } if (data_file_mode != 0600) { /* mkstemp creates file with 0600 */ fchmod(data_fd, data_file_mode); } /* Now open as stream for easier IO */ data_stream = fdopen(data_fd, "w"); if (data_stream == NULL) { verror_put_errno(errno); verror_put_string("reopening storage file %s", data_file_path); goto error; } fprintf (data_stream, "OWNER=%s\n",creds->owner_name); fprintf (data_stream, "LIFETIME=%d\n", creds->lifetime); if (creds->credname != NULL) fprintf (data_stream, "NAME=%s\n", creds->credname); if (creds->creddesc != NULL) fprintf (data_stream, "DESCRIPTION=%s\n", creds->creddesc); if (creds->retrievers != NULL) fprintf (data_stream, "RETRIEVERS=%s\n", creds->retrievers); if (creds->keyretrieve != NULL) fprintf (data_stream, "KEYRETRIEVERS=%s\n", creds->keyretrieve); if (creds->trusted_retrievers != NULL) fprintf (data_stream, "TRUSTED_RETRIEVERS=%s\n", creds->trusted_retrievers); if (creds->renewers != NULL) fprintf (data_stream, "RENEWERS=%s\n", creds->renewers); if (creds->username != NULL) fprintf (data_stream, "USERNAME=%s\n", creds->username); fprintf (data_stream, "END_OPTIONS\n"); fclose(data_stream); data_fd = -1; if (rename(tmpfilename, data_file_path) < 0) { verror_put_string("rename(%s,%s) failed", tmpfilename, data_file_path); verror_put_errno(errno); goto error; } /* Success */ return_code = 0; error: if (data_fd != -1) { if (data_stream != NULL) { fclose(data_stream); /* this does close(data_fd) */ } else { close(data_fd); } } if (tmpfilename) { if (return_code == -1) { unlink(tmpfilename); } free(tmpfilename); } return return_code; } /* * read_data_file() * * Read the data contained in the given data file and fills in the * given creds structure. * * Returns 0 on success, -1 on error. */ static int read_data_file(struct myproxy_creds *creds, const char *datafile_path) { FILE *data_stream = NULL; char *data_stream_mode = "r"; int done = 0; int line_number = 0; int return_code = -1; char *line_buffer = NULL; size_t line_buffer_len = 512; assert(creds != NULL); assert(datafile_path != NULL); myproxy_creds_free_contents(creds); /* initialize creds structure */ data_stream = fopen(datafile_path, data_stream_mode); if (data_stream == NULL) { verror_put_errno(errno); verror_put_string("opening %s for reading", datafile_path); goto error; } line_buffer = (char *)malloc(line_buffer_len); assert(line_buffer != NULL); while (!done) { char *variable; char *value; int len; if (fgets(line_buffer, line_buffer_len, data_stream) == NULL) { int errno_save = errno; if (feof(data_stream)) { verror_put_string("unexpected EOF reading %s", datafile_path); goto error; } else { verror_put_errno(errno_save); verror_put_string("reading %s", datafile_path); goto error; } /* Not reached */ } len = strlen(line_buffer); while (line_buffer[len-1] != '\n') { /* didn't get a full line */ char *more; line_buffer_len *= 2; line_buffer = realloc(line_buffer, line_buffer_len); assert(line_buffer != NULL); more = line_buffer+len; if (fgets(more, line_buffer_len-len, data_stream) == NULL) { verror_put_errno(errno); verror_put_string("reading %s", datafile_path); goto error; } len = strlen(line_buffer); } /* Remove terminating newline */ line_buffer[len-1] = '\0'; line_number++; variable = line_buffer; value = strchr(line_buffer, '='); if (value != NULL) { /* NUL-terminate variable name */ *value = '\0'; /* ...and advance value to point at value */ value++; } if (strcmp(variable, "END_OPTIONS") == 0) { done = 1; break; } /* Everything else requires values to be non-NULL */ if (value == NULL) { verror_put_string("malformed line: %s line %d", datafile_path, line_number); goto error; } if (strcmp(variable, "OWNER") == 0) { creds->owner_name = mystrdup(value); if (creds->owner_name == NULL) { goto error; } continue; } /* We no longer store a PASSPHRASE element. Read it in for backwards compatibility only. */ if (strcmp(variable, "PASSPHRASE") == 0) { creds->passphrase = mystrdup(value); if (creds->passphrase == NULL) { goto error; } continue; } if (strcmp(variable, "RETRIEVERS") == 0) { creds->retrievers = mystrdup(value); if (creds->retrievers == NULL) { goto error; } continue; } if (strcmp(variable, "KEYRETRIEVERS") == 0) { creds->keyretrieve = mystrdup(value); if (creds->keyretrieve == NULL) { goto error; } continue; } if (strcmp(variable, "TRUSTED_RETRIEVERS") == 0) { creds->trusted_retrievers = mystrdup(value); if (creds->trusted_retrievers == NULL) { goto error; } continue; } if (strcmp(variable, "RENEWERS") == 0) { creds->renewers = mystrdup(value); if (creds->renewers == NULL) { goto error; } continue; } if (strcmp(variable, "NAME") == 0) { creds->credname = mystrdup(value); if (creds->credname == NULL) { goto error; } continue; } if (strcmp(variable, "DESCRIPTION") == 0) { creds->creddesc= mystrdup(value); if (creds->creddesc == NULL) { goto error; } continue; } if (strcmp(variable, "LIFETIME") == 0) { creds->lifetime = (int) strtol(value, NULL, 10); continue; } if (strcmp(variable, "USERNAME") == 0) { creds->username = mystrdup(value); if (creds->username == NULL) { goto error; } continue; } /* Unrecognized varibale */ verror_put_string("unrecognized line: %s line %d", datafile_path, line_number); goto error; } /* Success */ return_code = 0; error: if (data_stream != NULL) { fclose(data_stream); } if (line_buffer != NULL) { free(line_buffer); } return return_code; } static int write_lock_file(const char *filename, const char *reason) { int lock_fd = -1; FILE *lock_stream = NULL; char *tmpfilename = NULL; int bufsiz; int return_code = -1; if (filename == NULL) { goto error; } bufsiz = strlen(filename)+15; tmpfilename = malloc(bufsiz); snprintf(tmpfilename, bufsiz, "%s.temp.XXXXXX", filename); lock_fd = mkstemp(tmpfilename); if (lock_fd == -1) { verror_put_errno(errno); verror_put_string("opening %s for writing", tmpfilename); goto error; } /* Now open as stream for easier IO */ lock_stream = fdopen(lock_fd, "w"); if (lock_stream == NULL) { verror_put_errno(errno); verror_put_string("reopening lock file %s", filename); goto error; } fprintf(lock_stream, "%s", reason); fclose(lock_stream); lock_stream = NULL; lock_fd = -1; if (rename(tmpfilename, filename) < 0) { verror_put_string("rename(%s,%s) failed", tmpfilename, filename); verror_put_errno(errno); goto error; } /* Success */ return_code = 0; error: if (lock_stream) { fclose(lock_stream); } else if (lock_fd >= 0) { close(lock_fd); } if (tmpfilename) { if (return_code == -1) { unlink(tmpfilename); } free(tmpfilename); } return return_code; } /* ** Check trusted certificates directory, create if needed. */ int myproxy_check_trusted_certs_dir() { char *path = NULL; struct stat statbuf; path = get_trusted_certs_path(); if (path == NULL) { goto error; } myproxy_debug("Trusted cert dir is %s\n", path); if (stat(path, &statbuf) == -1) { switch(errno) { case ENOENT: myproxy_debug("%s does not exist. Creating.\n", path); if (make_path(path) == -1) { goto error; } break; default: verror_put_errno(errno); verror_put_string("stat(%s)", path); goto error; } } else if (!S_ISDIR(statbuf.st_mode)) { verror_put_string("Trusted certificates directory \"%s\" is not a directory.\n", path); goto error; } free(path); /* Success */ return 0; error: if (path != NULL) { free(path); } return -1; } /********************************************************************** * * API routines * */ int myproxy_creds_store(const struct myproxy_creds *creds) { char *creds_path = NULL; char *data_path = NULL; char *lock_path = NULL; char *path_prefix = NULL, *path_end = NULL; mode_t data_file_mode = FILE_MODE; mode_t creds_file_mode = FILE_MODE; int return_code = -1; if ((creds == NULL) || (creds->username == NULL) || (creds->owner_name == NULL) || (creds->location == NULL)) { verror_put_errno(EINVAL); goto error; } if (get_storage_locations(creds->username, creds->credname, &creds_path, &data_path, &lock_path) == -1) { goto error; } /* info about credential */ if (write_data_file(creds, data_path, data_file_mode) == -1) { verror_put_string ("Error writing data file"); goto clean_up; } /* credential */ path_prefix = strdup(creds->location); path_end = strrchr(path_prefix, '/'); if (path_end) { *path_end = '\0'; } if (strncmp(path_prefix, creds_path, strlen(path_prefix)) == 0) { /* If we're in the same directory (and thus on the same filesystem), we can do an atomic rename. */ if (rename(creds->location, creds_path) < 0) { verror_put_string("rename(%s,%s) failed", creds->location, creds_path); verror_put_errno(errno); goto clean_up; } } else { if (copy_file(creds->location, creds_path, creds_file_mode) == -1) { verror_put_string ("Error writing credential file"); goto clean_up; } ssl_proxy_file_destroy(creds->location); } /* administrative locks */ if (creds->lockmsg) { if (write_lock_file(lock_path, creds->lockmsg) < 0) { verror_put_string("Error writing lockfile"); goto clean_up; } } else { unlink(lock_path); } /* Success */ return_code = 0; clean_up: /* XXX */ /* Remove files on error */ if (return_code == -1) { unlink(data_path); ssl_proxy_file_destroy(creds_path); } if (creds_path) free(creds_path); if (data_path) free(data_path); if (lock_path) free(lock_path); if (path_prefix) free(path_prefix); error: return return_code; } int myproxy_creds_retrieve(struct myproxy_creds *creds) { char *creds_path = NULL; char *data_path = NULL; char *lock_path = NULL; char *username = NULL; FILE *lockfile = NULL; int return_code = -1; if ((creds == NULL) || (creds->username == NULL)) { verror_put_errno(EINVAL); goto error; } /* stash username */ username = mystrdup(creds->username); if (get_storage_locations(creds->username, creds->credname, &creds_path, &data_path, &lock_path) == -1) { goto error; } if (read_data_file(creds, data_path) == -1) { if (verror_get_errno() == ENOENT) { verror_clear(); verror_put_string("Credentials do not exist"); } else { verror_put_string("Can't read credentials"); } goto error; } /* read lockmsg in lockfile if it exists */ if (creds->lockmsg) { free(creds->lockmsg); creds->lockmsg = NULL; } if ((lockfile = fopen(lock_path, "r")) != NULL) { long len; fseek(lockfile, 0, SEEK_END); len = ftell(lockfile); rewind(lockfile); if (len < 0) { verror_put_string("Failed to access %s", lock_path); fclose(lockfile); goto error; } len++; creds->lockmsg = malloc(len); fgets(creds->lockmsg, len, lockfile); fclose(lockfile); } /* reset username from stashed value */ if (creds->username == NULL) { creds->username = username; } else { free(username); } username = NULL; assert(creds->location == NULL); creds->location = mystrdup(creds_path); ssl_get_times(creds_path, &creds->start_time, &creds->end_time); /* Success */ return_code = 0; error: if (creds_path) free(creds_path); if (data_path) free(data_path); if (lock_path) free(lock_path); if (username) free(username); return return_code; } /* * returns 1 if creds structure matches the query parameters; 0 otherwise */ static int myproxy_creds_match(struct myproxy_creds *creds, char *username, char *owner_name, char *credname, time_t start_time, time_t end_time) { if (username && strcmp(username, creds->username)) return 0; if (owner_name && strcmp(owner_name, creds->owner_name)) return 0; if (credname && ((!creds->credname && credname[0] != '\0') || (creds->credname && strcmp(credname, creds->credname)))) return 0; if ((start_time && start_time > creds->end_time) || (end_time && end_time < creds->end_time)) return 0; return 1; } /* * We implement the query logic of both myproxy_creds_retrieve_all() * and myproxy_admin_retrieve_all() in this function here since * querying the repository has gotten sufficiently complex that we * don't want it implemented in multiple places. Note that because of * the translations we do between username/credname and the actual * filename used to store the credentials, we do a brute force scan, * calling myproxy_creds_retrieve() for each credentials, relying on * that function to set username/credname/etc. correctly for us, again * so we have just one function that does the translation. Beware * trying to optimize this function, because the handling of usernames * containing '/' and '-' characters can cause surprises. */ static int myproxy_creds_retrieve_all_ex(struct myproxy_creds *creds) { char *username = NULL, *sterile_username = NULL; char *credname = NULL, *owner_name = NULL; time_t end_time = 0, start_time = 0; size_t sterile_username_len = 0; struct myproxy_creds *cur_cred = NULL, *new_cred = NULL; DIR *dir = NULL; struct dirent *de = NULL; int return_code = -1, numcreds=0; if (check_storage_directory() == -1) { goto error; } if (creds == NULL) { verror_put_errno(EINVAL); goto error; } /* stash query values so we can test each credential */ if (creds->username) { username = creds->username; creds->username = NULL; if (strchr(username, '/')) { sterile_username = strmd5(username, NULL); } else { sterile_username = strdup(username); } if (sterile_username == NULL) { goto error; } sterilize_string(sterile_username); sterile_username_len = strlen(sterile_username); } if (creds->owner_name) { owner_name = creds->owner_name; creds->owner_name = NULL; } if (creds->credname) { credname = creds->credname; creds->credname = NULL; } if (creds->start_time) { start_time = creds->start_time; creds->start_time = 0; } if (creds->end_time) { end_time = creds->end_time; creds->end_time = 0; } /* * cur_cred always points to the last valid credential in the list. * If cur_cred is NULL, we haven't found any credentials yet. * The first cred in the list is the one passed in. Other creds * in the list are ones we allocated and added. */ new_cred = creds; /* new_cred is what we're filling in */ /* * first add the credential w/o a credname, if one exists, because * we always want it to be first on the list. */ if (sterile_username && (!credname || credname[0] == '\0')) { /* only if no credname query */ assert(new_cred->username == NULL); assert(new_cred->credname == NULL); new_cred->username = strdup(sterile_username); if (myproxy_creds_retrieve(new_cred) == 0) { if (myproxy_creds_match(new_cred, username, owner_name, credname, start_time, end_time)) { cur_cred = new_cred; new_cred = malloc(sizeof(struct myproxy_creds)); memset(new_cred, 0, sizeof(struct myproxy_creds)); numcreds++; } } else { verror_clear(); /* OK if we don't find creds w/o credname */ } } /* * next search for credentials with a credname, by scanning the * entire directory... */ if ((dir = opendir(storage_dir)) == NULL) { verror_put_string("failed to open credential storage directory"); goto error; } while ((de = readdir(dir)) != NULL) { if (!strncmp(de->d_name+strlen(de->d_name)-5, ".data", 5)) { char *cname = NULL, *dot, *dash; /* optimization: skip credential right away if username doesn't match */ if (sterile_username && strncmp(de->d_name, sterile_username, sterile_username_len)) { continue; } dash = strchr (de->d_name, '-'); dot = strrchr(de->d_name, '.'); *dot = '\0'; if (dash) { /*Credential with a name */ *dash = '\0'; cname = dash+1; } if (new_cred->username) free(new_cred->username); if (new_cred->credname) free(new_cred->credname); new_cred->username = strdup(de->d_name); if (cname) { new_cred->credname = strdup(cname); } else { new_cred->credname = NULL; } if (myproxy_creds_retrieve(new_cred) == 0) { if (sterile_username && !new_cred->credname) continue; /* already handled cred w/o name */ if (!myproxy_creds_match(new_cred, username, owner_name, credname, start_time, end_time)) { continue; } if (cur_cred) cur_cred->next = new_cred; cur_cred = new_cred; new_cred = malloc(sizeof(struct myproxy_creds)); memset(new_cred, 0, sizeof(struct myproxy_creds)); numcreds++; } else { verror_put_string("failed to retrieve credentials for " "username \"%s\", credname \"%s\"", de->d_name, cname ? cname : ""); myproxy_log_verror(); /* internal error; should not happen */ verror_clear(); } } } closedir(dir); return_code = numcreds; error: if (username) free(username); if (sterile_username) free(sterile_username); if (owner_name) free(owner_name); if (credname) free(credname); if (cur_cred && new_cred) { myproxy_creds_free_contents(new_cred); free(new_cred); } return return_code; } int myproxy_creds_retrieve_all(struct myproxy_creds *creds) { int return_code = -1; char *username = NULL, *credname = NULL, *owner_name = NULL; if ((creds == NULL) || (creds->username == NULL) || (creds->owner_name == NULL)) { verror_put_errno(EINVAL); return -1; } /* stash query values for error message */ username = strdup(creds->username); owner_name = strdup(creds->owner_name); if (creds->credname) { credname = strdup(creds->credname); } return_code = myproxy_creds_retrieve_all_ex(creds); if (return_code > 0) { return_code = 0; } else if (return_code == 0) { if (credname) { verror_put_string("no credentials found with name %s for user %s, " ", owner \"%s\"", credname, username, owner_name); } else { verror_put_string("no credentials found for user %s, owner \"%s\"", username, owner_name); } return_code = -1; } free(username); free(owner_name); if (credname) free(credname); return return_code; } int myproxy_admin_retrieve_all(struct myproxy_creds *creds) { return myproxy_creds_retrieve_all_ex(creds); } int myproxy_creds_exist(const char *username, const char *credname) { char *creds_path = NULL; char *data_path = NULL; char *lock_path = NULL; int rc = -1; if (username == NULL) { verror_put_errno(EINVAL); goto done; } if (get_storage_locations(username, credname, &creds_path, &data_path, &lock_path) == -1) { goto done; } rc = file_exists(creds_path); switch(rc) { case 0: /* File does not exist */ goto done; case 1: /* File exists, keep checking */ break; case -1: /* Error */ goto done; default: /* Should not be here */ verror_put_string("file_exists(%s) return unknown value (%d)", creds_path, rc); rc = -1; goto done; } rc = file_exists(data_path); switch(rc) { case 0: /* File does not exist */ goto done; case 1: /* File exists, keep checking */ break; case -1: /* Error */ goto done; default: /* Should not be here */ verror_put_string("file_exists(%s) return unknown value (%d)", data_path, rc); rc = -1; goto done; } /* Everything seems to exist */ /* XXX Should check for expiration? */ done: if (creds_path) free(creds_path); if (data_path) free(data_path); if (lock_path) free(lock_path); return rc; } int myproxy_creds_is_owner(const char *username, const char *credname, const char *client_name) { char *creds_path = NULL; char *data_path = NULL; char *lock_path = NULL; struct myproxy_creds retrieved_creds = {0}; /* initialize with 0s */ int return_code = -1; assert(username != NULL); assert(client_name != NULL); if (get_storage_locations(username, credname, &creds_path, &data_path, &lock_path) == -1) { goto error; } if (read_data_file(&retrieved_creds, data_path) == -1) { goto error; } if (strcmp(retrieved_creds.owner_name, client_name) == 0) { /* Is owner */ return_code = 1; } else { /* Is not owner */ return_code = 0; } error: myproxy_creds_free_contents(&retrieved_creds); if (creds_path) free(creds_path); if (data_path) free(data_path); if (lock_path) free(lock_path); return return_code; } int myproxy_creds_delete(const struct myproxy_creds *creds) { char *creds_path = NULL; char *data_path = NULL; char *lock_path = NULL; int return_code = -1; if ((creds == NULL) || (creds->username == NULL)) { verror_put_errno(EINVAL); return -1; } if (get_storage_locations(creds->username, creds->credname, &creds_path, &data_path, &lock_path) == -1) { goto error; } if (unlink(data_path) == -1) { if (errno == ENOENT) { verror_put_string("Credentials do not exist."); } else { verror_put_errno(errno); verror_put_string("deleting credentials data file %s: %s", data_path, verror_strerror()); } goto error; } if (ssl_proxy_file_destroy(creds_path) != SSL_SUCCESS) { verror_put_string("deleting credentials file %s", creds_path); goto error; } unlink(lock_path); /* may not exist */ /* Success */ return_code = 0; error: if (creds_path) free(creds_path); if (data_path) free(data_path); if (lock_path) free(lock_path); return return_code; } int myproxy_creds_lock(const struct myproxy_creds *creds, const char *reason) { char *creds_path = NULL; char *data_path = NULL; char *lock_path = NULL; int return_code = -1; if ((creds == NULL) || (creds->username == NULL) || (reason == NULL)) { verror_put_errno(EINVAL); return -1; } if (get_storage_locations(creds->username, creds->credname, &creds_path, &data_path, &lock_path) == -1) { goto error; } if (write_lock_file(lock_path, reason) < 0) { verror_put_string("Error writing lockfile"); goto error; } /* Success */ return_code = 0; error: if (creds_path) free(creds_path); if (data_path) free(data_path); if (lock_path) free(lock_path); return return_code; } int myproxy_creds_unlock(const struct myproxy_creds *creds) { char *creds_path = NULL; char *data_path = NULL; char *lock_path = NULL; int return_code = -1; if ((creds == NULL) || (creds->username == NULL)) { verror_put_errno(EINVAL); return -1; } if (get_storage_locations(creds->username, creds->credname, &creds_path, &data_path, &lock_path) == -1) { goto error; } unlink(lock_path); /* Success */ return_code = 0; error: if (creds_path) free(creds_path); if (data_path) free(data_path); if (lock_path) free(lock_path); return return_code; } /* Server password change function - called from myproxy_server. Checks existing password before changing it */ int myproxy_creds_change_passphrase(const struct myproxy_creds *creds, const char *new_passphrase) { char *creds_path = NULL; char *data_path = NULL; char *lock_path = NULL; mode_t data_file_mode = FILE_MODE; struct myproxy_creds tmp_creds = {0}; /* initialize with 0s */ int return_code = -1; SSL_CREDENTIALS *ssl_creds = NULL; if ((creds == NULL) || (creds->username == NULL)) { verror_put_errno(EINVAL); goto error; } if (get_storage_locations(creds->username, creds->credname, &creds_path, &data_path, &lock_path) == -1) { goto error; } if ((ssl_creds = ssl_credentials_new()) == NULL) { goto error; } if (ssl_proxy_load_from_file(ssl_creds, creds_path, creds->passphrase) != SSL_SUCCESS) { goto error; } if (read_data_file(&tmp_creds, data_path) == -1) { goto error; } /* Remove and rewrite with modified password. Crude but works */ if (unlink(data_path) == -1) { verror_put_errno(errno); verror_put_string("deleting credentials data file %s: %s", data_path, verror_strerror()); goto error; } if (ssl_proxy_file_destroy(creds_path) == SSL_ERROR) { verror_put_string("deleting credentials data file %s", creds_path); goto error; } /* overwrite old passphrase with new */ if (new_passphrase && new_passphrase[0]) tmp_creds.passphrase = strdup(new_passphrase); if (write_data_file(&tmp_creds, data_path, data_file_mode) == -1) { verror_put_string ("Error writing data file"); goto error; } if (ssl_proxy_store_to_file(ssl_creds, creds_path, tmp_creds.passphrase) != SSL_SUCCESS) { goto error; } /* Success */ return_code = 0; error: myproxy_creds_free_contents(&tmp_creds); ssl_credentials_destroy(ssl_creds); if (creds_path) free(creds_path); if (data_path) free(data_path); if (lock_path) free(lock_path); return return_code; } int myproxy_creds_encrypted(const struct myproxy_creds *creds) { char *creds_path = NULL; char *data_path = NULL; char *lock_path = NULL; int rc = -1; if ((creds == NULL) || (creds->username == NULL)) { verror_put_errno(EINVAL); goto error; } if (get_storage_locations(creds->username, creds->credname, &creds_path, &data_path, &lock_path) == -1) { goto error; } rc = ssl_private_key_is_encrypted(creds_path); error: if (creds_path) free(creds_path); if (data_path) free(data_path); if (lock_path) free(lock_path); return rc; } int myproxy_creds_verify_passphrase(const struct myproxy_creds *creds, const char *passphrase) { char *creds_path = NULL; char *data_path = NULL; char *lock_path = NULL; char *tmp = NULL; int return_code = -1; SSL_CREDENTIALS *ssl_creds = NULL; if ((creds == NULL) || (creds->username == NULL) || (passphrase == NULL)) { verror_put_errno(EINVAL); goto error; } if (get_storage_locations(creds->username, creds->credname, &creds_path, &data_path, &lock_path) == -1) { goto error; } /* * Verify the passphrase here. * If the private key is encrypted, verify the passphrase by attempting * to decrypt. * Otherwise, if we have a crypted passphrase in the myproxy_creds * struct, verify against that (for backwards compatibility). */ if (ssl_private_key_is_encrypted(creds_path) == 1 && (ssl_creds = ssl_credentials_new()) != NULL && ssl_private_key_load_from_file(ssl_creds, creds_path, passphrase, NULL) == SSL_SUCCESS) { return_code = 1; } else if (creds->passphrase && strlen(passphrase) >= MIN_PASS_PHRASE_LEN && (tmp = (char *)DES_crypt(passphrase, &creds->owner_name[strlen(creds->owner_name)-3])) != NULL && strcmp(creds->passphrase, tmp) == 0) { return_code = 1; } else return_code = 0; error: ssl_credentials_destroy(ssl_creds); if (creds_path) free(creds_path); if (data_path) free(data_path); if (lock_path) free(lock_path); return return_code; } void myproxy_creds_free(struct myproxy_creds *creds) { if (!creds) return; if (creds->next) myproxy_creds_free(creds->next); myproxy_creds_free_contents(creds); free(creds); } void myproxy_creds_free_contents(struct myproxy_creds *creds) { if (creds == NULL) return; if (creds->username != NULL) free(creds->username); if (creds->passphrase != NULL) free(creds->passphrase); if (creds->owner_name != NULL) free(creds->owner_name); if (creds->location != NULL) free(creds->location); if (creds->retrievers != NULL) free(creds->retrievers); if (creds->keyretrieve != NULL) free(creds->keyretrieve); if (creds->trusted_retrievers != NULL) free(creds->trusted_retrievers); if (creds->renewers != NULL) free(creds->renewers); if (creds->credname != NULL) free(creds->credname); if (creds->creddesc != NULL) free(creds->creddesc); if (creds->lockmsg != NULL) free(creds->lockmsg); memset(creds, 0, sizeof(struct myproxy_creds)); } void myproxy_certs_free(struct myproxy_certs *certs) { if (!certs) return; if (certs->filename) free(certs->filename); if (certs->contents) free(certs->contents); myproxy_certs_free(certs->next); free(certs); } int myproxy_set_storage_dir(const char *dir) { if (storage_dir) { free(storage_dir); storage_dir = NULL; } storage_dir=strdup(dir); searched_for_storage_dir = 0; if (!storage_dir) { verror_put_errno(errno); verror_put_string("strdup() failed"); return -1; } return 0; } int myproxy_check_storage_dir() { return check_storage_directory(); } const char *myproxy_get_storage_dir() { if (check_storage_directory() < 0) { return NULL; } return storage_dir; } int myproxy_print_cred_info(myproxy_creds_t *creds, FILE *out) { if (!creds) return -1; for (; creds; creds = creds->next) { time_t time_diff = 0, now = 0; float days = 0.0; if (creds->owner_name) fprintf(out, "owner: %s\n", creds->owner_name); if (creds->username) fprintf(out, "username: %s\n", creds->username); if (creds->credname) fprintf(out, " name: %s\n", creds->credname); if (creds->creddesc) fprintf(out, " description: %s\n", creds->creddesc); if (creds->retrievers) fprintf(out, " retrieval policy: %s\n", creds->retrievers); if (creds->renewers) fprintf(out, " renewal policy: %s\n", creds->renewers); if (creds->keyretrieve) fprintf(out, " key retrieval policy: %s\n", creds->keyretrieve); if (creds->trusted_retrievers) fprintf(out, " trusted retrieval policy: %s\n", creds->trusted_retrievers); if (creds->lockmsg) fprintf(out, " locked: %s\n", creds->lockmsg); now = time(0); if (creds->end_time > now) { time_diff = creds->end_time - now; days = time_diff / 86400.0; } fprintf(out, " timeleft: %ld:%02ld:%02ld", (long)(time_diff / 3600), (long)(time_diff % 3600) / 60, (long)time_diff % 60 ); if (days > 1.0) { fprintf(out, " (%.1f days)\n", days); } else { fprintf(out, "\n"); } } return 0; } int myproxy_check_cert_dir(const char cert_dir[]) { DIR *dir = NULL; struct dirent *de = NULL; char path[MAXPATHLEN]; struct stat s; if ((dir = opendir(cert_dir)) == NULL) { verror_put_string("failed to open %s", cert_dir); return 0; } while ((de = readdir(dir)) != NULL) { snprintf(path, MAXPATHLEN, "%s/%s", cert_dir, de->d_name); if (stat(path, &s) < 0) { myproxy_log("stat(%s) failed: %s", path, strerror(errno)); goto failure; } if (!S_ISREG(s.st_mode)) { /* only regular files, please */ continue; } if (!(s.st_mode & S_IROTH)) { /* must be world-readable */ verror_put_string("FAILURE: %s not world readable. ", path); goto failure; } } closedir(dir); return 1; failure: if (dir != NULL) closedir(dir); return 0; } myproxy_certs_t * myproxy_get_certs(const char cert_dir[]) { DIR *dir = NULL; struct dirent *de = NULL; myproxy_certs_t *head=NULL, *curr=NULL; char path[MAXPATHLEN]; struct stat s; if ((dir = opendir(cert_dir)) == NULL) { verror_put_string("failed to open %s", cert_dir); return NULL; } while ((de = readdir(dir)) != NULL) { snprintf(path, MAXPATHLEN, "%s/%s", cert_dir, de->d_name); if (stat(path, &s) < 0) { myproxy_log("stat(%s) failed: %s", path, strerror(errno)); goto failure; } if (!S_ISREG(s.st_mode)) { /* only regular files, please */ continue; } if (!(s.st_mode & S_IROTH)) { /* must be world-readable */ myproxy_log("WARNING: %s not world readable; skipping it", cert_dir); continue; } if (curr == NULL) { curr = head = (myproxy_certs_t *)malloc(sizeof(myproxy_certs_t)); } else { curr->next = (myproxy_certs_t *)malloc(sizeof(myproxy_certs_t)); curr = curr->next; } memset(curr, 0, sizeof(myproxy_certs_t)); curr->filename = strdup(de->d_name); curr->size = s.st_size; if (buffer_from_file(path, (unsigned char **)&curr->contents, NULL) < 0) { goto failure; } } closedir(dir); return head; failure: if (dir != NULL) closedir(dir); myproxy_certs_free(head); return NULL; } /* ** Install a list of files in trusted certificates directory. */ #define TRUSTED_INSTALL_LOG "myproxy-install-log" int myproxy_install_trusted_cert_files(myproxy_certs_t *trusted_certs) { myproxy_certs_t *trusted_cert; char *file_path = NULL; char *tmp_path = NULL; int tmp_len; FILE *file = NULL; char *log_file_name = NULL; FILE *log_file = NULL; if (trusted_certs == NULL) { return 0; } /* Make writable only by user */ umask(S_IWGRP|S_IWOTH); if (myproxy_check_trusted_certs_dir() != 0) { goto error; } log_file_name = get_trusted_file_path(TRUSTED_INSTALL_LOG); if (log_file_name == NULL) { goto error; } myproxy_debug("Writing out trusted certificate files. Logging to %s\n", log_file_name); log_file = fopen(log_file_name, "w"); if (log_file == NULL) { verror_put_errno(errno); verror_put_string("fopen(%s)", log_file_name); goto error; } for (trusted_cert = trusted_certs; trusted_cert != NULL; trusted_cert = trusted_cert->next) { /* ** Sanity check structure */ if ((trusted_cert == NULL) || (trusted_cert->filename == NULL) || (trusted_cert->contents == NULL)) { myproxy_debug("Malformed trusted_cert ignored.\n"); continue; } file_path = get_trusted_file_path(trusted_cert->filename); if (file_path == NULL) { goto error; } tmp_len = strlen(file_path)+strlen(".tmp")+1; tmp_path = malloc(tmp_len); snprintf(tmp_path, tmp_len, "%s%s", file_path, ".tmp"); myproxy_debug("Creating trusted cert file: %s\n", file_path); file = fopen(tmp_path, "w"); if (file == NULL) { verror_put_errno(errno); verror_put_string("Error opening \"%s\"", tmp_path); goto error; } if (fwrite(trusted_cert->contents, trusted_cert->size, 1, file) != 1) { verror_put_errno(errno); verror_put_string("Unable to write to %s", tmp_path); fclose(file); file = NULL; goto error; } fclose(file); file = NULL; if (rename(tmp_path, file_path) < 0) { verror_put_errno(errno); verror_put_string("Unable to rename %s to %s", tmp_path, file_path); goto error; } fprintf(log_file, "%ld: %s\n", time(NULL), file_path); free(file_path); file_path = NULL; free(tmp_path); tmp_path = NULL; } free(log_file_name); fclose(log_file); myproxy_debug("Trusted cert file writing complete.\n"); return 0; error: if (log_file_name != NULL) { free(log_file_name); } if (log_file != NULL) { fclose(log_file); } if (file != NULL) { fclose(file); } if (file_path != NULL) { free(file_path); } if (tmp_path != NULL) { free(tmp_path); } return -1; } int myproxy_creds_verify(const struct myproxy_creds *creds) { char *creds_path = NULL; char *data_path = NULL; char *lock_path = NULL; int return_code = -1; if (!creds || !creds->username) { verror_put_errno(EINVAL); goto error; } if (get_storage_locations(creds->username, creds->credname, &creds_path, &data_path, &lock_path) == -1) { goto error; } /* Do the certificates check out with OpenSSL? */ if (ssl_verify_cred(creds_path) < 0) { goto error; } /* Success */ return_code = 0; error: if (creds_path) free(creds_path); if (data_path) free(data_path); if (lock_path) free(lock_path); return return_code; } #define UNLINK_CRL(path) \ if (unlink(path) == 0) { \ myproxy_log("removed bad CRL file at %s", path); \ return_value = 1; \ } else { \ myproxy_log("failed to unlink %s: %s", path, strerror(errno)); \ } \ continue; int myproxy_clean_crls() { char *cert_dir = NULL; DIR *dir = NULL; struct dirent *de = NULL; int return_value = -1; X509_STORE *store = NULL; X509_STORE_CTX *ctx = NULL; X509_LOOKUP *lookup = NULL; X509_OBJECT *xobj = NULL; X509_CRL *x = NULL; EVP_PKEY *pkey = NULL; BIO *in = NULL; char path[MAXPATHLEN]; int ok = 0; cert_dir = get_trusted_certs_path(); if (cert_dir == NULL) { goto error; } myproxy_debug("Trusted cert dir is %s\n", cert_dir); if ((dir = opendir(cert_dir)) == NULL) { verror_put_string("failed to open trusted cert dir"); verror_put_errno(errno); goto error; } store = X509_STORE_new(); lookup=X509_STORE_add_lookup(store,X509_LOOKUP_hash_dir()); if (lookup == NULL) { verror_put_string("X509_STORE_add_lookup() failed"); ssl_error_to_verror(); goto error; } if (!X509_LOOKUP_add_dir(lookup,cert_dir,X509_FILETYPE_PEM)) { verror_put_string("X509_LOOKUP_add_dir() failed"); ssl_error_to_verror(); goto error; } ERR_clear_error(); ctx = X509_STORE_CTX_new(); if (!ctx) { verror_put_string("X509_STORE_CTX_new() failed"); ssl_error_to_verror(); goto error; } if(!X509_STORE_CTX_init(ctx, store, NULL, NULL)) { verror_put_string("X509_STORE_CTX_init() failed"); ssl_error_to_verror(); goto error; } while ((de = readdir(dir)) != NULL) { if (!strstr(de->d_name, ".r")) { continue; } snprintf(path, MAXPATHLEN, "%s%s", cert_dir, de->d_name); if (in) BIO_free_all(in); in = BIO_new(BIO_s_file()); if (BIO_read_filename(in, path) <= 0) { myproxy_log("can't read %s", path); UNLINK_CRL(path); } if (x) X509_CRL_free(x); x=PEM_read_bio_X509_CRL(in, NULL, NULL, NULL); if (!x) { myproxy_log("can't parse CRL at %s", path); UNLINK_CRL(path); } BIO_free_all(in); in = NULL; xobj = X509_OBJECT_new(); ok = X509_STORE_get_by_subject(ctx, X509_LU_X509, X509_CRL_get_issuer(x), xobj); if(ok <= 0) { myproxy_log("CRL issuer certificate not found for %s", path); UNLINK_CRL(path); } if (pkey) EVP_PKEY_free(pkey); pkey = X509_get_pubkey(X509_OBJECT_get0_X509(xobj)); X509_OBJECT_free(xobj); if(!pkey) { myproxy_log("unable to get CRL issuer public key for %s", path); UNLINK_CRL(path); } ok = X509_CRL_verify(x, pkey); EVP_PKEY_free(pkey); pkey = NULL; if (!ok) { myproxy_log("bad CRL signature: %s", path); UNLINK_CRL(path); } ok = X509_cmp_time(X509_CRL_get_lastUpdate(x), NULL); if (ok == 0) { myproxy_log("bad CRL last update field: %s", path); UNLINK_CRL(path); } if (ok > 0) { myproxy_log("CRL not yet valid: %s", path); UNLINK_CRL(path); } if (X509_CRL_get_nextUpdate(x)) { ok=X509_cmp_time(X509_CRL_get_nextUpdate(x), NULL); if (ok == 0) { myproxy_log("BAD CRL next update field: %s", path); UNLINK_CRL(path); } if (ok < 0) { myproxy_log("CRL has expired: %s", path); UNLINK_CRL(path); } } X509_CRL_free(x); x = NULL; } if (return_value < 0) return_value = 0; error: if (cert_dir) free(cert_dir); if (dir) closedir(dir); if (pkey) EVP_PKEY_free(pkey); if (x) X509_CRL_free(x); if (in) BIO_free_all(in); if (store) { X509_STORE_CTX_free(ctx); X509_STORE_free(store); } return return_value; } char * myproxy_creds_path_template() { if (storage_dir) { char *path; path = malloc(strlen(storage_dir)+12); sprintf(path, "%s/tmp.XXXXXX", storage_dir); return path; } return strdup("/tmp/myproxy.XXXXXX"); } myproxy-6.2.16/myproxy_authorization.c0000644000175100017510000005534014557142036015151 00000000000000#include "myproxy_common.h" /* all needed headers included here */ #if defined(HAVE_LIBPAM) #include "auth_pam.h" #endif struct authorization_func { author_status_t (*get_status) (struct myproxy_creds *creds, char *client_name, myproxy_server_context_t *config); char * (*create_server_data) (void); char * (*create_client_data) (authorization_data_t *data, void *extra_data, size_t extra_data_len, size_t *client_data_len); int (*check_client) (authorization_data_t *client_auth_data, struct myproxy_creds *creds, char *client_name, myproxy_server_context_t *config); author_method_t method; char *name; /* arbitrary ASCII string without a colon (':') */ }; static struct authorization_func * _find_func(author_method_t method); static authorization_data_t * _find_data(author_method_t method, authorization_data_t **data); /* * Implementation of password-based authorization */ static author_status_t auth_passwd_get_status(struct myproxy_creds *creds, char *client_name, myproxy_server_context_t *config) { assert(creds); assert(config); if (myproxy_creds_exist(creds->username, creds->credname) == 1 && myproxy_creds_encrypted(creds) == 1) { verror_clear(); return AUTHORIZEMETHOD_REQUIRED; } #if defined(HAVE_LIBPAM) if (config->pam_policy) { if (strcmp(config->pam_policy, "required") == 0) { return AUTHORIZEMETHOD_REQUIRED; } if (strcmp(config->pam_policy, "sufficient") == 0) { return AUTHORIZEMETHOD_SUFFICIENT; } } #endif return AUTHORIZEMETHOD_DISABLED; } static char *auth_passwd_create_server_data(void) { return strdup("Enter MyProxy pass phrase:"); } static char *auth_passwd_create_client_data(authorization_data_t *data, void *extra_data, size_t extra_data_len, size_t *client_data_len) { char *tmp; tmp = malloc(extra_data_len + 1); if (tmp == NULL) return NULL; memcpy(tmp, extra_data, extra_data_len); tmp[extra_data_len] = '\0'; *client_data_len = extra_data_len + 1; return tmp; } static int auth_passwd_check_client(authorization_data_t *client_auth_data, struct myproxy_creds *creds, char *client_name, myproxy_server_context_t *config) { int exist=0, encrypted=0, cred_passphrase_match=0; #if defined(HAVE_LIBPAM) char* pam_policy = NULL; char* pam_id = NULL; int pam_required, pam_sufficient, pam_disabled; #endif /* 1. Gather some initial information. */ exist = myproxy_creds_exist(creds->username, creds->credname); if (exist < 0) { exist = 0; verror_clear(); /* may be in CA-only mode */ } if (exist) { encrypted = myproxy_creds_encrypted(creds); if (encrypted < 0) { return 0; } } /* 2. Check whether the password the user gave matches the * credential passphrase */ if (exist && (encrypted || creds->passphrase)) { if (config) config->usage.cred_pphrase_used = 1; if (client_auth_data->client_data_len >= MIN_PASS_PHRASE_LEN && client_auth_data->client_data != NULL && myproxy_creds_verify_passphrase(creds, client_auth_data->client_data) == 1){ cred_passphrase_match = 1; myproxy_log("credential passphrase matched"); } else { /* We always have to match the credential passphrase if it exists. */ verror_put_string("invalid credential passphrase"); return 0; } } #if defined(HAVE_LIBPAM) /* Tangent: figure out PAM configuration. */ pam_policy = config ? config->pam_policy : NULL; pam_id = config ? config->pam_id : NULL; /* Default value is "disabled". */ if (pam_policy == NULL) pam_policy = "disabled"; pam_required = (strcmp(pam_policy, "required" ) == 0 ? 1 : 0); pam_sufficient = (strcmp(pam_policy, "sufficient") == 0 ? 1 : 0); pam_disabled = (strcmp(pam_policy, "disabled" ) == 0 ? 1 : 0); /* Note: if pam_policy is not recognized, it will fall through to * the disabled case below, and a debug message will be printed. */ /* 3. If the passphrase matches the credentials, and PAM config is * "sufficient", then we're done, and we don't need to check * PAM, as long as a passphrase was actually entered. */ if (pam_sufficient && cred_passphrase_match) { myproxy_debug("Passphrase matches credentials, and PAM config is \"%s\"; " "authentication succeeds without checking PAM.", pam_policy); return cred_passphrase_match; } /* 4. If PAM is "required", *always* check it, regardless of * whether the credential passphrase matches, so that any * logging, pausing, etc. can occur. Also, if PAM is sufficient * and we've gotten this far, it means that the credential * passphrase is blank and therefore we need to check PAM. */ else if (pam_required || pam_sufficient) { char* auth_pam_result = NULL; int pam_success = 0; if (pam_id == NULL) pam_id = "myproxy"; myproxy_debug ("Checking passphrase via PAM. PAM policy: \"%s\"; PAM ID: \"%s\"", pam_policy, pam_id); auth_pam_result = auth_pam(creds->username, client_auth_data->client_data, pam_id, NULL); if (config) config->usage.pam_used = 1; if (auth_pam_result && strcmp("OK", auth_pam_result) == 0) { pam_success = 1; myproxy_log("PAM authentication succeeded for %s", creds->username); } else { if (auth_pam_result) { /* The Cyrus SASL convention is to prepend the error message with "NO ". We can chop that off. */ if (strlen(auth_pam_result) > 3 && strncmp(auth_pam_result, "NO ", 3) == 0) { verror_put_string("%s", auth_pam_result + 3); } else verror_put_string("%s", auth_pam_result); } else verror_put_string("PAM authentication failed with unknown error for user %s", creds->username); } if (auth_pam_result != NULL) { free(auth_pam_result); } return pam_success; } /* 5. If PAM is disabled, check only the credential passphrase. */ else { if (!pam_disabled) { myproxy_log("Unknown PAM policy: \"%s\"; not using PAM.\n", pam_policy); } return cred_passphrase_match; } #else /* defined(HAVE_LIBPAM) */ return cred_passphrase_match; #endif /* defined(HAVE_LIBPAM) */ } static struct authorization_func authorization_passwd = { auth_passwd_get_status, auth_passwd_create_server_data, auth_passwd_create_client_data, auth_passwd_check_client, AUTHORIZETYPE_PASSWD, "password" }; /* * Implementation of certificate-based authorization */ static author_status_t auth_cert_get_status(struct myproxy_creds *creds, char *client_name, myproxy_server_context_t *config) { /* Just check here if this server allows renewal. Other checks for credential existence or CA configuration are done elsewhere. */ if (config->authorized_renewer_dns) { return AUTHORIZEMETHOD_SUFFICIENT; } return AUTHORIZEMETHOD_DISABLED; } #define CHALLENGE_SIZE 16 static char *auth_cert_create_server_data(void) { unsigned char random[CHALLENGE_SIZE]; char *challenge; int i; /* RAND_bytes() will fail if the PRNG has not been seeded with enough randomness to ensure an unpredictable byte sequence. */ if (RAND_bytes(random, sizeof(random)) == 0) { verror_put_string("RAND_bytes failed"); ssl_error_to_verror(); return NULL; } challenge = malloc(CHALLENGE_SIZE * 2 + 1); if (challenge == NULL) { verror_put_string("malloc()"); verror_put_errno(errno); return NULL; } for (i = 0; i < CHALLENGE_SIZE; i++) { int dd = random[i] & 0x0f; challenge[2*i+1] = dd<10 ? dd+'0' : dd-10+'a'; dd = random[i] >> 4; challenge[2*i] = dd<10 ? dd+'0' : dd-10+'a'; } challenge[CHALLENGE_SIZE * 2] = '\0'; return challenge; } /* the extra data parameter must contain a filename with a certificate to authorization */ static char *auth_cert_create_client_data_ex(authorization_data_t *data, void *extra_data, size_t extra_data_len, size_t *client_data_len, const EVP_MD *md) { char * return_data = NULL; SSL_CREDENTIALS *proxy = NULL; unsigned char *signature = NULL; unsigned int signature_len; char *output = NULL; char *p; unsigned char *creds_buf = NULL; int creds_buf_len; proxy = ssl_credentials_new(); if (proxy == NULL) return NULL; if (ssl_proxy_load_from_file(proxy, (char *)extra_data, NULL) == SSL_ERROR) { verror_prepend_string("ssl_proxy_load_from_file()"); goto end; } if (ssl_sign((unsigned char *)data->server_data, strlen(data->server_data), proxy, &signature, (int *)&signature_len, md) == SSL_ERROR) { verror_prepend_string("ssl_sign()"); goto end; } if (ssl_creds_to_buffer(proxy, &creds_buf, &creds_buf_len) == SSL_ERROR) { verror_prepend_string("ssl_creds_to_buffer()"); goto end; } *client_data_len = 4 + signature_len + creds_buf_len; output = malloc(*client_data_len); if (output == NULL) { verror_put_string("malloc failed"); verror_put_errno(errno); goto end; } p = output; *(unsigned int*)p = htonl(signature_len); p += 4; memcpy(p, signature, signature_len); p += signature_len; memcpy(p, creds_buf, creds_buf_len); return_data = output; output = NULL; end: ssl_credentials_destroy(proxy); if (signature) free(signature); if (output) free(output); if (creds_buf) free(creds_buf); return return_data; } static char *auth_cert_create_client_data(authorization_data_t *data, void *extra_data, size_t extra_data_len, size_t *client_data_len) { return auth_cert_create_client_data_ex(data, extra_data, extra_data_len, client_data_len, EVP_sha1()); } static char *auth_cert256_create_client_data(authorization_data_t *data, void *extra_data, size_t extra_data_len, size_t *client_data_len) { return auth_cert_create_client_data_ex(data, extra_data, extra_data_len, client_data_len, EVP_sha256()); } static int auth_cert_check_client_ex(authorization_data_t *auth_data, struct myproxy_creds *creds, char *client_name, myproxy_server_context_t *config, const EVP_MD *md) { SSL_CREDENTIALS *chain = NULL; unsigned char *signature = NULL; unsigned char *p; unsigned int signature_len; char * authorization_subject = NULL; char * cred_subject = NULL; int return_status = 0; if (config) config->usage.certauthz_used = 1; p = (unsigned char *)auth_data->client_data; signature_len = ntohl(*(unsigned int*)p); p += 4; signature = p; p += signature_len; if (ssl_creds_from_buffer(p, auth_data->client_data_len - 4 - signature_len, &chain) == SSL_ERROR) { verror_prepend_string("internal error: ssl_creds_from_buffer() failed"); goto end; } if (ssl_verify((unsigned char *)auth_data->server_data, strlen(auth_data->server_data), chain, signature, signature_len, md) == SSL_ERROR) { verror_prepend_string("certificate verification failed"); goto end; } if (ssl_verify_gsi_chain(chain) == SSL_ERROR) { verror_prepend_string("certificate chain verification failed"); goto end; } if (config->limited_proxy == 0) { switch (ssl_limited_proxy_chain(chain)) { case 1: config->limited_proxy = 1; myproxy_debug("client has a limited proxy chain"); break; case 0: break; default: verror_prepend_string("unable to determine if limited proxy is present"); goto end; } } if (ssl_get_base_subject(chain, &authorization_subject) == SSL_ERROR) { verror_prepend_string("internal error: ssl_get_base_subject() failed"); goto end; } if (creds->location) { if (ssl_get_base_subject_file(creds->location, &cred_subject)) { verror_put_string("internal error: ssl_get_base_subject_file() failed"); goto end; } } else { if (user_dn_lookup(creds->username, &cred_subject, config)) { verror_put_string("unknown username: %s ", creds->username); goto end; } } if (strcmp(authorization_subject, cred_subject) != 0) { verror_prepend_string("certificate subject does not match credential to be renewed"); goto end; } myproxy_log("renewal authentication succeeded"); return_status = 1; end: if (chain) ssl_credentials_destroy(chain); if (authorization_subject) free(authorization_subject); if (cred_subject) free(cred_subject); return return_status; } static int auth_cert_check_client(authorization_data_t *auth_data, struct myproxy_creds *creds, char *client_name, myproxy_server_context_t *config) { return auth_cert_check_client_ex(auth_data, creds, client_name, config, EVP_sha1()); } static int auth_cert256_check_client(authorization_data_t *auth_data, struct myproxy_creds *creds, char *client_name, myproxy_server_context_t *config) { return auth_cert_check_client_ex(auth_data, creds, client_name, config, EVP_sha256()); } static struct authorization_func authorization_cert = { auth_cert_get_status, auth_cert_create_server_data, auth_cert_create_client_data, auth_cert_check_client, AUTHORIZETYPE_CERT, "X509_certificate" }; static struct authorization_func authorization_cert256 = { auth_cert_get_status, auth_cert_create_server_data, auth_cert256_create_client_data, auth_cert256_check_client, AUTHORIZETYPE_CERT256, "X509_certificate_SHA256" }; #if defined(HAVE_LIBSASL2) /* * Implementation of SASL-based authorization */ static author_status_t auth_sasl_get_status(struct myproxy_creds *creds, char *client_name, myproxy_server_context_t *config) { if (config->sasl_policy) { if (strcmp(config->sasl_policy, "required") == 0) { return AUTHORIZEMETHOD_REQUIRED; } if (strcmp(config->sasl_policy, "sufficient") == 0) { return AUTHORIZEMETHOD_SUFFICIENT; } } return AUTHORIZEMETHOD_DISABLED; } static char *auth_sasl_create_server_data(void) { char *challenge = strdup("SASL authorization negotiation server"); return challenge; } static char *auth_sasl_create_client_data(authorization_data_t *data, void *extra_data, size_t extra_data_len, size_t *client_data_len) { char *tmp; tmp = malloc(extra_data_len + 1); if (tmp == NULL) return NULL; memcpy(tmp, extra_data, extra_data_len); tmp[extra_data_len] = '\0'; *client_data_len = extra_data_len + 1; return tmp; } static int auth_sasl_check_client(authorization_data_t *auth_data, struct myproxy_creds *creds, char *client_name, myproxy_server_context_t *config) { if (config) config->usage.sasl_used = 1; if (myproxy_sasl_authenticated) { myproxy_log("SASL authentication succeeded for %s", creds->username); } return myproxy_sasl_authenticated; } static struct authorization_func authorization_sasl = { auth_sasl_get_status, auth_sasl_create_server_data, auth_sasl_create_client_data, auth_sasl_check_client, AUTHORIZETYPE_SASL, "SASL" }; #endif /* defined(HAVE_LIBSASL2) */ static struct authorization_func *authorization_funcs[] = { &authorization_passwd, #if defined(HAVE_LIBSASL2) &authorization_sasl, #endif &authorization_cert, &authorization_cert256 }; static int num_funcs = sizeof(authorization_funcs) / sizeof(authorization_funcs[0]); int authorization_init_server(authorization_data_t ***data, author_method_t methods[]) { authorization_data_t **auth_data; int i=0, j=0, num_methods=0; auth_data = malloc(sizeof(authorization_data_t *) * (num_funcs + 1)); if (auth_data == NULL) { verror_put_string("malloc() failed"); verror_put_errno(errno); return -1; } memset(auth_data, 0, sizeof(authorization_data_t *) * (num_funcs + 1)); for (i = 0; methods[i] != AUTHORIZETYPE_NULL; i++) { for (j = 0; j < num_funcs; j++) { if (authorization_funcs[j]->method == methods[i]) { auth_data[num_methods] = malloc(sizeof(authorization_data_t)); if (auth_data[num_methods] == NULL) { verror_put_string("malloc() failed"); verror_put_errno(errno); authorization_data_free(auth_data); return -1; } auth_data[num_methods]->server_data = authorization_funcs[j]->create_server_data(); auth_data[num_methods]->client_data = NULL; auth_data[num_methods]->client_data_len = 0; auth_data[num_methods]->method = authorization_funcs[j]->method; num_methods++; } } } auth_data[num_methods] = NULL; *data = auth_data; return 0; } void authorization_data_free_contents(authorization_data_t *data) { if (data == NULL) return; if (data->server_data) { free (data->server_data); data->server_data = NULL; } if (data->client_data) { free (data->client_data); data->client_data = NULL; } } void authorization_data_free(authorization_data_t **data) { authorization_data_t **p = data; if (data == NULL) return; while (*p) { authorization_data_free_contents(*p); free(*p); p++; } free(data); } authorization_data_t * authorization_store_response(char *buffer, size_t bufferlen, author_method_t method, authorization_data_t **data) { authorization_data_t *d; d = _find_data(method, data); if (d) { if (d->client_data) free(d->client_data); d->client_data = malloc (bufferlen); if (d->client_data == NULL) return NULL; memcpy(d->client_data, buffer, bufferlen); d->client_data_len = bufferlen; } return d; } static struct authorization_func * _find_func(author_method_t method) { int i; for (i = 0; i < num_funcs; i++) if (authorization_funcs[i]->method == method) return authorization_funcs[i]; return NULL; } static authorization_data_t * _find_data(author_method_t method, authorization_data_t **data) { authorization_data_t **d = data; if (data == NULL) return NULL; while (*d) { if ((*d)->method == method) return (*d); d++; } return NULL; } char * authorization_get_name(author_method_t method) { struct authorization_func *af = _find_func(method); if (af == NULL) return "unknown"; return(af->name); } author_method_t authorization_get_method(char *name) { int i; for (i = 0; i < num_funcs; i++) if (strcmp(authorization_funcs[i]->name, name) == 0) return authorization_funcs[i]->method; return AUTHORIZETYPE_NULL; } author_status_t authorization_get_status(author_method_t method, struct myproxy_creds *creds, char *client_name, myproxy_server_context_t *config) { struct authorization_func *af = _find_func(method); if (af == NULL) { return AUTHORIZEMETHOD_DISABLED; } return (af->get_status(creds, client_name, config)); } int authorization_check(authorization_data_t *client_auth_data, struct myproxy_creds *creds, char *client_name) { return authorization_check_ex(client_auth_data, creds, client_name, NULL); } int authorization_check_ex(authorization_data_t *client_auth_data, struct myproxy_creds *creds, char *client_name, myproxy_server_context_t *config) { struct authorization_func *af = _find_func(client_auth_data->method); if (af == NULL) { verror_put_string("Not supported authorization method"); return -1; } return (af->check_client(client_auth_data, creds, client_name, config)); } authorization_data_t * authorization_create_response(authorization_data_t **data, author_method_t method, void *extra_data, size_t extra_data_len) { authorization_data_t *d; struct authorization_func *af = _find_func(method); if (af == NULL) { verror_put_string("Unsupported authorization method"); return NULL; } d = _find_data(method, data); if (d == NULL) { verror_put_string("Unable to perform %s negotiation with server.", af->name); return NULL; } if (d->client_data) free(d->client_data); if ((d->client_data = af->create_client_data(d, extra_data, extra_data_len, &d->client_data_len)) == NULL) return NULL; return d; } myproxy-6.2.16/myproxy-test0000755000175100017510000021451114557142036012725 00000000000000#!/usr/bin/perl -w # myproxy test script # written by Jim Basney # Assumes myproxy-server running as root on the local machine if # MYPROXY_SERVER not set. # Requires a valid proxy credential with lifetime of at least 3 hours # unless the -generatecerts option is used # Assumes myproxy-server.config has default policy. # # Some tests only run if -startserver is given. use File::Temp qw(tempdir); use File::Copy; use IPC::Open3; use Socket; $tmpdir = tempdir(CLEANUP => 1); my $openssl = $ENV{OPENSSL} || "openssl"; $PROXYBITS = "-bits 2048"; # # handle cmdline options # $usage = "usage: myproxy-test [-help] [-verbose] [-startserver]\n" . " [-performance iterations clients]\n" . " [-dbperformance] [-valgrind]\n" . " [-generatecerts]\n" ; $startserver = 0; $performance = 0; $dbperformance = 0; $perfiters = 0; $perfclients = 0; $verbose = 0; $generatecerts = 0; while (($arg = shift @ARGV)) { if ($arg eq "-h" || $arg eq "-help") { print STDERR $usage; exit 1; } elsif ($arg eq "-v" || $arg eq "-verbose") { $verbose = 1; } elsif ($arg eq "-startserver") { $startserver = 1; } elsif ($arg eq "-performance") { $performance = 1; $perfiters = shift @ARGV; $perfclients = shift @ARGV; } elsif ($arg eq "-dbperformance") { $dbperformance = 1; } elsif ($arg eq "-valgrind") { chomp($valgrind = `which valgrind 2>/dev/null`); die "valgrind not in PATH, stopped" if (!(-x $valgrind)); &write_valgrind_supp(); $valgrind .= " --leak-check=full"; $valgrind .= " --suppressions=$tmpdir/valgrind.supp"; $valgrind .= " --undef-value-errors=no"; $valgrind .= " --gen-suppressions=all"; $valgrind .= " --num-callers=50 -q "; } elsif ($arg eq "-generatecerts" ) { $generatecerts = 1; } else { print STDERR $usage; exit 1; } } # # If generatecerts option is specified then create # a private CA and proxy locally and use them. if ( $generatecerts) { die("-generatecerts option requires -startserver option") unless ($startserver); my $privcerts = "$tmpdir/privcerts.$$" ; print STDERR "creating a CA in ", $privcerts, "\n" if ($verbose); mkdir("$privcerts") || die("failed to create $privcerts directory, stopped") ; open(SSLCNF, ">$privcerts/openssl.cnf") || die("failed to create $privcerts/openssl.cnf: $!"); print SSLCNF <$privcerts/index.txt") || die("failed to create $privcerts/index.txt"); close(CAINDEX); open(SERIAL,">$privcerts/serial") || die("failed to create $privcerts/serial"); print SERIAL "01\n"; close(SERIAL); &runcmd("$openssl req -batch -subj '/CN=MyProxy Test CA' -config $privcerts/openssl.cnf -new -x509 -extensions v3_ca -nodes -keyout $privcerts/cakey.pem -out $privcerts/cacert.pem -days 30"); chomp($hash = `$openssl x509 -in $privcerts/cacert.pem -hash -noout`) ; mkdir("$privcerts/grid-security") || die("failed to create $privcerts/grid-security"); copy("$privcerts/cacert.pem","$privcerts/grid-security/$hash.0") || die("failed to copy $privcerts/cacert.pem","$privcerts/grid-security/$hash.0"); open(POLICY,">$privcerts/grid-security/$hash.signing_policy") || die("failed to create $privcerts/grid-security/$hash.signing_policy"); print POLICY "access_id_CA X509 '/CN=MyProxy Test CA'\n"; print POLICY "pos_rights globus CA:sign\n"; print POLICY "cond_subjects globus '\"/*\"'\n"; close(POLICY); print STDERR "creating a user certificate request ", $privcerts, "\n" if ($verbose); &runcmd("$openssl req -batch -subj '/CN=MyProxy Test User' -config $privcerts/openssl.cnf -new -nodes -keyout $privcerts/userkey.pem -out $privcerts/usercert.csr -days 7") ; print STDERR "signing user certificate with by CA in ", $privcerts, "\n" if ($verbose); &runcmd("$openssl ca -batch -days 7 -config $privcerts/openssl.cnf -policy policy_anything -out $privcerts/usercert.pem -infiles $privcerts/usercert.csr"); chmod(oct("0600"),"$privcerts/userkey.pem","$privcerts/usercert.pem") || die("failed to chmod $privcerts/userkey.pem or $privcerts/usercert.pem"); $ENV{'X509_USER_CERT'} = "$privcerts/usercert.pem" ; $ENV{'X509_USER_KEY'} = "$privcerts/userkey.pem" ; $ENV{'X509_CERT_DIR'} = "$privcerts/grid-security" ; print STDERR "generating a user proxy\n" if ($verbose); chomp($grid_proxy_init = `which grid-proxy-init 2>/dev/null`); die "grid-proxy-init not found, stopped" if (!(-x $grid_proxy_init)); &runcmd("$grid_proxy_init -debug $PROXYBITS"); } #end of generatecerts. # # make sure I have a valid proxy # chomp($grid_proxy_init = `which grid-proxy-init 2>/dev/null`); die "grid-proxy-init not found, stopped" if (!(-x $grid_proxy_init)); chomp($grid_proxy_info = `which grid-proxy-info 2>/dev/null`); die "grid-proxy-info not found, stopped" if (!(-x $grid_proxy_info)); chomp($grid_cert_info = `which grid-cert-info 2>/dev/null`); die "grid-cert-info not found, stopped" if (!(-x $grid_cert_info)); $timeleft = `$grid_proxy_info -timeleft 2>/dev/null`; if (!defined($timeleft) || $timeleft eq "" || ($timeleft < 60*60*3)) { &debug("Problem with proxy. Will try to create a new one."); `$grid_proxy_init $PROXYBITS -pwstdin /dev/null 2>&1`; $timeleft = `$grid_proxy_info -timeleft 2>/dev/null`; } if (!defined($timeleft) || $timeleft eq "") { print STDERR "grid-proxy-info failed:\n"; system("$grid_proxy_info -timeleft"); # show the error die "stopped"; } die "proxy expired, stopped" if ($timeleft < 60); die "proxy lifetime too short, stopped" if ($timeleft < 60*60*6); die "proxy is limited, stopped" if (`$grid_proxy_info -type` =~ /limited/); chomp($cert_subject = `$grid_proxy_info -identity`); die "grid-proxy-info -identity failed, stopped" if (!defined($cert_subject) || $cert_subject eq ""); chomp($proxy_path = `$grid_proxy_info -path 2>/dev/null`); die "grid-proxy-info -path failed, stopped" if (!(-e $proxy_path)); ($exitstatus, $output) = &verifyproxy($proxy_path); if ($exitstatus) { print STDERR $output; die if ($exitstatus); } # # check for the commands I want to run # chomp($myproxy_store = `which myproxy-store 2>/dev/null`); die "myproxy-store not in PATH, stopped" if (!(-x $myproxy_store)); chomp($myproxy_init = `which myproxy-init 2>/dev/null`); die "myproxy-init not in PATH, stopped" if (!(-x $myproxy_init)); chomp($myproxy_retrieve = `which myproxy-retrieve 2>/dev/null`); die "myproxy-retrieve not in PATH, stopped" if (!(-x $myproxy_retrieve)); chomp($myproxy_info = `which myproxy-info 2>/dev/null`); die "myproxy-info not in PATH, stopped" if (!(-x $myproxy_info)); chomp($myproxy_destroy = `which myproxy-destroy 2>/dev/null`); die "myproxy-destroy not in PATH, stopped" if (!(-x $myproxy_destroy)); chomp($myproxy_get = `which myproxy-logon 2>/dev/null`); die "myproxy-logon not in PATH, stopped" if (!(-x $myproxy_get)); chomp($myproxy_passwd = `which myproxy-change-pass-phrase 2>/dev/null`); die "myproxy-change-pass-phrase not in PATH, stopped" if (!(-x $myproxy_passwd)); chomp($bintrue = `which true 2>/dev/null`); # # setup environment variables # if (!defined($ENV{'MYPROXY_SERVER'})) { chomp($hostname = `hostname 2>/dev/null`); $ENV{'MYPROXY_SERVER'} = $hostname; } if (!defined($ENV{'X509_USER_PROXY'})) { $ENV{'X509_USER_PROXY'} = "/tmp/x509up_u$<"; } # make proxy from existing proxy, so we don't need to deal with long-term cred $ENV{'X509_USER_CERT'} = $ENV{'X509_USER_PROXY'}; $ENV{'X509_USER_KEY'} = $ENV{'X509_USER_PROXY'}; $ENV{'LOGNAME'} = $ENV{'USER'} if (!defined($ENV{'LOGNAME'})); $ENV{'LOGNAME'} = $ENV{'LOGNAME'} . ".myproxy-test"; # # make an independent proxy for a separate identity # $iproxyloc = "$tmpdir/iproxy.pem"; &runcmd("$grid_proxy_init $PROXYBITS -out $iproxyloc -independent -hours 0"); chomp($iproxysubject = `$grid_proxy_info -file $iproxyloc -identity`); die "grid-proxy-info -file $iproxyloc -identity failed, stopped" if (!defined($iproxysubject) || $iproxysubject eq ""); srand(time||$$); $passphrase = sprintf "%010d", int(rand(0x7fffffff)); $trustrootdir = "$tmpdir/.globus/certificates.test.$$"; $origtrustrootdir = $ENV{'X509_CERT_DIR'} if defined($ENV{'X509_CERT_DIR'}); &opensslsanitycheck(); # all temporary files accessible only by running user umask(0077); # # start server if requested # if ($startserver) { $ENV{'MYPROXY_SERVER'} = "localhost"; $ENV{'MYPROXY_SERVER_DN'} = $cert_subject; chomp($myproxy_server = `which myproxy-server 2>/dev/null`); die "myproxy-server not in PATH, stopped" if (!(-x $myproxy_server)); $serverdir = "$tmpdir/myproxy-test.serverdir.$$"; mkdir($serverdir, 0700) || die "failed to create $serverdir, stopped"; $serverconf = "$tmpdir/myproxy-test.serverconf.$$"; open(CONF, ">$serverconf") || die "failed to open $serverconf, stopped"; print CONF "accepted_credentials \"*\"\n"; print CONF "authorized_retrievers \"*\"\n"; print CONF "default_retrievers \"*\"\n"; print CONF "authorized_renewers \"*\"\n"; print CONF "default_renewers \"none\"\n"; print CONF "authorized_key_retrievers \"*\"\n"; print CONF "default_key_retrievers \"none\"\n"; print CONF "trusted_retrievers \"*\"\n"; print CONF "default_trusted_retrievers \"none\"\n"; print CONF "passphrase_policy_program $bintrue\n" if (-x $bintrue); print CONF "accepted_credentials_mapapp $bintrue\n" if (-x $bintrue); print CONF "allow_self_authorization true\n"; # for renewal testing print CONF "check_multiple_credentials true\n"; close(CONF); $SERVERPIDFILE = "$tmpdir/myproxy-test.serverpid.$$"; $SERVERPORTFILE = "$tmpdir/myproxy-test.serverport.$$"; $servercmd = "$myproxy_server -s $serverdir -c $serverconf"; $servercmd .= " -l $ENV{'MYPROXY_SERVER'} -p 0"; $servercmd .= " -P $SERVERPIDFILE -z $SERVERPORTFILE"; if (defined($valgrind)) { $valgrindlog = File::Temp::tempnam($tmpdir, "valgrind.log."); $valgrindlogopt = " --log-file=$valgrindlog "; $servercmd = $valgrind . $valgrindlogopt . $servercmd; } &debug("running '$servercmd'"); system($servercmd); sleep(2); # give server a chance to startup sleep(4) if (defined($valgrind)); # valgrind slows things down if (open SERVERPIDFILE) { chomp($serverpid = ); close SERVERPIDFILE; } if (!defined($serverpid) || $serverpid eq "") { print STDERR "failed to start myproxy-server:\n"; system("$servercmd -d"); # send errors to STDERR if (defined($valgrindlog) && -e $valgrindlog) { print STDERR "valgrind log follows:\n"; system("cat $valgrindlog"); } &docleanup(); exit 1; } if (open SERVERPORTFILE) { chomp($serverport = ); close SERVERPORTFILE; } if (!defined($serverport) || $serverport eq "") { print STDERR "myproxy-server didn't write portfile!\n"; &docleanup(); exit 1; } else { $ENV{'MYPROXY_SERVER_PORT'} = $serverport; print STDERR "server listening on port ", $serverport, "\n" if ($verbose); } } # # run performance tests if requested # if ($performance) { &doperftests(); exit 0; } # # BEGIN TESTS # $SUCCESSES = $FAILURES = 0; # commands to test: myproxy-init, myproxy-info, myproxy-destroy, # myproxy-logon, and myproxy-change-pass-phrase ($exitstatus, $output) = &runtest("myproxy-init -v -a -c 1 -t 1 -S", $passphrase . "\n"); print "MyProxy Test 1 (store credential with default name): "; if ($exitstatus == 0) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; print "Skipping remaining tests.\n"; goto end_of_all_tests; } ($exitstatus, $output) = &runtest("myproxy-info -v", undef); print "MyProxy Test 2 (get info for stored credential): "; if ($exitstatus == 0 && $output =~ /username/) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } ($exitstatus, $output) = &runtest("myproxy-logon -t 1 -o $tmpdir/myproxy-test.$$ -v -S", $passphrase . "\n"); print "MyProxy Test 3 (retrieve stored credential): "; if ($exitstatus == 0) { ($exitstatus, $output) = &verifyproxy("$tmpdir/myproxy-test.$$"); } if ($exitstatus == 0) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } ($exitstatus, $output) = &runtest("myproxy-logon -t 1 -o - -v -S > $tmpdir/myproxy-test.$$", $passphrase . "\n"); print "MyProxy Test 3- (retrieve stored credential to stdout): "; if ($exitstatus == 0) { ($exitstatus, $output) = &verifyproxy("$tmpdir/myproxy-test.$$"); } if ($exitstatus == 0) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } ($exitstatus, $output) = &runtest("myproxy-logon -t 1 -N -v -S", $passphrase . "\n"); print "MyProxy Test 3N (authenticate w/o retrieving credential): "; if ($exitstatus == 0) { ($exitstatus, $output) = &verifyproxy("$tmpdir/myproxy-test.$$"); } if ($exitstatus == 0) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } $ENV{'X509_CERT_DIR'} = $trustrootdir; ($exitstatus, $output) = &runtest("myproxy-logon -T -t 1 -o $tmpdir/myproxy-test.$$ -v -S", $passphrase . "\n"); print "MyProxy Test 3T (retrieve stored credential w/ trustroots): "; if ($exitstatus == 0) { ($exitstatus, $output) = &verifyproxy("$tmpdir/myproxy-test.$$"); } if ($exitstatus == 0) { ($exitstatus, $output) = &verifytrustroots(); } if ($exitstatus == 0) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } if (defined($origtrustrootdir)) { $ENV{'X509_CERT_DIR'} = $origtrustrootdir; } else { delete $ENV{'X509_CERT_DIR'}; } if (defined($serverconf)) { system("touch $serverconf") && die "failed to touch $serverconf, stopped"; ($exitstatus, $output) = &runtest("myproxy-logon -t 1 -o $tmpdir/myproxy-test.$$ -v -S", $passphrase . "\n"); print "MyProxy Test 3R1 (retrieve stored credential after server reconfig): "; if ($exitstatus == 0) { ($exitstatus, $output) = &verifyproxy("$tmpdir/myproxy-test.$$"); } if ($exitstatus == 0) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } system("touch $serverconf") && die "failed to touch $serverconf, stopped"; ($exitstatus, $output) = &runtest("myproxy-logon -t 1 -o $tmpdir/myproxy-test.$$ -v -S", $passphrase . "\n"); print "MyProxy Test 3R2 (retrieve stored credential after server reconfig): "; if ($exitstatus == 0) { ($exitstatus, $output) = &verifyproxy("$tmpdir/myproxy-test.$$"); } if ($exitstatus == 0) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } system("touch $serverconf") && die "failed to touch $serverconf, stopped"; ($exitstatus, $output) = &runtest("myproxy-logon -t 1 -o $tmpdir/myproxy-test.$$ -v -S", $passphrase . "\n"); print "MyProxy Test 3R3 (retrieve stored credential after server reconfig): "; if ($exitstatus == 0) { ($exitstatus, $output) = &verifyproxy("$tmpdir/myproxy-test.$$"); } if ($exitstatus == 0) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } } ($exitstatus, $output) = &runtest("myproxy-logon -t 1 -o $tmpdir/myproxy-test.$$ -v -S", "badpassphrase\n"); print "MyProxy Test 4 (verify passphrase checking on retrieve): "; if ($exitstatus != 0 && $output =~ /invalid credential passphrase/) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } ($exitstatus, $output) = &runtest("myproxy-logon -t 1 -N -v -S", "badpassphrase\n"); print "MyProxy Test 4N (verify passphrase checking on authenticate): "; if ($exitstatus != 0 && $output =~ /invalid credential passphrase/) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } $old_passphrase = $passphrase; $passphrase = sprintf "%010d", int(rand(0x7fffffff)); ($exitstatus, $output) = &runtest("myproxy-change-pass-phrase -v -S", "$old_passphrase\n$passphrase\n"); print "MyProxy Test 5 (change passphrase for credential): "; if ($exitstatus == 0 && $output =~ /Pass phrase changed/) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } ($exitstatus, $output) = &runtest("myproxy-logon -t 1 -N -v -S", $passphrase . "\n"); print "MyProxy Test 6 (verify new passphrase): "; if ($exitstatus == 0) { ($exitstatus, $output) = &verifyproxy("$tmpdir/myproxy-test.$$"); } if ($exitstatus == 0) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } ($exitstatus, $output) = &runtest("myproxy-logon -t 1 -o $tmpdir/myproxy-test.$$ -v -S", $old_passphrase . "\n"); print "MyProxy Test 7 (verify old passphrase fails): "; if ($exitstatus != 0 && $output =~ /invalid credential passphrase/) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } ($exitstatus, $output) = &runtest("myproxy-logon -a \$X509_USER_PROXY -t 1 -o $tmpdir/myproxy-test.$$ -v", undef); print "MyProxy Test 8 (verify default renewal policy): "; if ($exitstatus != 0) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } ($exitstatus, $output) = &runtest("myproxy-destroy -v", undef); print "MyProxy Test 9 (remove credential from repository): "; if ($exitstatus == 0 && $output =~ /was successfully removed/) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } ($exitstatus, $output) = &runtest("myproxy-info -v", undef); print "MyProxy Test 10 (verify credentials are removed): "; if (!($output =~ /default credential/)) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } # # Test 10.a # if ($startserver && defined($serverpid)) { # only case we have direct access to server # ($exitstatus, $output) = kill('HUP', $serverpid); ($exitstatus, $output) = &runtest("/bin/kill -HUP $serverpid"); print "MyProxy Test 10.a (kill -HUP $serverpid): "; if ($exitstatus != 0) { print "FAILED with $exitstatus\n"; $FAILURES++; print STDERR $output; } else { print "SUCCEEDED\n"; $SUCCESSES++; } } else { print "MyProxy Test 10.a (kill -HUP ): SKIPPED\n"; } ($exitstatus, $output) = &runtest("myproxy-init -v -r 'nobody' -k 'nobody' -c 1 -t 1 -S", $passphrase . "\n"); print "MyProxy Test 11 (store credentials with retrieval policies): "; if ($exitstatus == 0) { ($exitstatus, $output) = &runtest("myproxy-init -v -x -r '$cert_subject' -k 'mine' -c 1 -t 1 -S", $passphrase . "\n"); } if ($exitstatus == 0) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } ($exitstatus, $output) = &runtest("myproxy-logon -k 'mine' -t 1 -o $tmpdir/myproxy-test.$$ -v -S", $passphrase . "\n"); print "MyProxy Test 12 (verify retrieval policies): "; if ($exitstatus == 0) { ($exitstatus, $output) = &verifyproxy("$tmpdir/myproxy-test.$$"); } if ($exitstatus == 0) { ($exitstatus, $output) = &runtest("myproxy-logon -k 'nobody' -t 1 -o $tmpdir/myproxy-test.$$ -v -S", $passphrase . "\n"); if ($exitstatus != 0) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR "Shouldn't have allowed retrieval.\n"; print STDERR $output; } } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } &runtest("myproxy-destroy -v -k 'mine'", undef); &runtest("myproxy-destroy -v -k 'nobody'", undef); ($exitstatus, $output) = &runtest("myproxy-init -v -R 'nobody' -k 'nobody' -c 1 -t 1 -d -S", $passphrase . "\n"); print "MyProxy Test 13 (store credentials with renewal policies): "; if ($exitstatus == 0) { ($exitstatus, $output) = &runtest("myproxy-init -v -x -R '$cert_subject' -k 'mine' -c 1 -t 1 -d -S", $passphrase . "\n"); } if ($exitstatus == 0) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } ($exitstatus, $output) = &runtest("myproxy-info -v -d", undef); print "MyProxy Test 14 (get info for stored renewal credentials): "; if ($exitstatus == 0 && $output =~ /username/) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } ($exitstatus, $output) = &runtest("myproxy-logon -k 'mine' -a $ENV{'X509_USER_PROXY'} -t 1 -o $tmpdir/myproxy-test.$$ -v -d", undef); print "MyProxy Test 15 (verify renewal policies): "; if ($exitstatus == 0) { ($exitstatus, $output) = &verifyproxy("$tmpdir/myproxy-test.$$"); } elsif ($output =~ /self-authz not allowed/) { $exitstatus = 0; # default policy will give this response } if ($exitstatus == 0) { ($exitstatus, $output) = &runtest("myproxy-logon -k 'nobody' -a $ENV{'X509_USER_PROXY'} -t 1 -o $tmpdir/myproxy-test.$$ -v -d", undef); if ($exitstatus != 0) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR "Shouldn't have allowed retrieval.\n"; print STDERR $output; } } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } &runtest("myproxy-destroy -v -k 'mine' -d", undef); &runtest("myproxy-destroy -v -k 'nobody' -d", undef); ($exitstatus, $output) = &runtest("myproxy-init -v -a -c 3 -t 2 -S", $passphrase . "\n"); print "MyProxy Test 16 (verify lifetime of retrieved credentials): "; if ($exitstatus == 0) { ($exitstatus, $output) = &runtest("myproxy-logon -o $tmpdir/myproxy-test.$$ -v -S", $passphrase . "\n"); $timeleft = `$grid_proxy_info -file $tmpdir/myproxy-test.$$ -timeleft`; if (defined($timeleft) && $timeleft > 60*60*2+300 || $timeleft < 60*60*2-300) { $output = "Credential lifetime ($timeleft) incorrect." . "It should be " . (60*60*2) . ".\n"; $exitstatus = 1; } } if ($exitstatus == 0) { ($exitstatus, $output) = &verifyproxy("$tmpdir/myproxy-test.$$"); } if ($exitstatus == 0) { ($exitstatus, $output) = &runtest("myproxy-logon -t 1 -o $tmpdir/myproxy-test.$$ -v -S", $passphrase . "\n"); $timeleft = `$grid_proxy_info -file $tmpdir/myproxy-test.$$ -timeleft`; if ($timeleft > 60*61 || $timeleft < 60*59) { $output = "Credential lifetime ($timeleft) incorrect." . "It should be " . (60*60) . ".\n"; $exitstatus = 1; } } if ($exitstatus == 0) { ($exitstatus, $output) = &verifyproxy("$tmpdir/myproxy-test.$$"); } if ($exitstatus == 0) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } &runtest("myproxy-destroy -v", undef); # # Start of myproxy-store and myproxy-retrieve tests # # commands to test: myproxy-store, myproxy-info, myproxy-destroy, # myproxy-logon, myproxy-retrieve, and # myproxy-change-pass-phrase # For myproxy-store, we need an encrypted key to store. # So, let's encrypt our proxy key. $passphrase = sprintf "%010d", int(rand(0x7fffffff)); $testkey = "$tmpdir/myproxy-test.$$.key"; &runcmd("$openssl rsa -des3 -passout stdin -in \$X509_USER_KEY -out $testkey", $passphrase . "\n"); chmod(0600, $testkey); # # Test 17 # ($exitstatus, $output) = &runtest("myproxy-store -x -E '$cert_subject' -v -t 1 -y $testkey", undef); print "MyProxy Test 17 (store credential with default name): "; if ($exitstatus == 0) { print "SUCCEEDED\n"; $SUCCESSES++; } elsif (($output =~ /Error checking authorization/) || ($output =~ /unknown command/)) { print "UNSUPPORTED\n"; $FAILURES++; print "Server does not support myproxy-store. Skipping futher myproxy-store tests.\n"; goto end_of_store_tests; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; print "Skipping futher myproxy-store tests.\n"; goto end_of_store_tests; } # # Test 18 # ($exitstatus, $output) = &runtest("myproxy-info -v", undef); print "MyProxy Test 18 (get info for stored credential): "; if ($exitstatus == 0 && $output =~ /username/) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } # # Test 19 # ($exitstatus, $output) = &runtest("myproxy-logon -t 1 -o $tmpdir/myproxy-test.$$ -v -S", $passphrase . "\n"); print "MyProxy Test 19 (create proxy from stored credential): "; if ($exitstatus == 0) { ($exitstatus, $output) = &verifyproxy("$tmpdir/myproxy-test.$$"); } if ($exitstatus == 0) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } # # Test 20 # ($exitstatus, $output) = &runtest("myproxy-retrieve -c $tmpdir/myproxy-test.cert.$$.pem -y $tmpdir/myproxy-test.key.$$.pem -v -S", $passphrase . "\n"); print "MyProxy Test 20 (retrieve stored credential): "; if ($exitstatus == 0) { ($exitstatus, $output) = &verifycert("$tmpdir/myproxy-test.cert.$$.pem", "$tmpdir/myproxy-test.key.$$.pem"); } if ($exitstatus == 0) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } unlink( "$tmpdir/myproxy-test.cert.$$.pem" ); unlink( "$tmpdir/myproxy-test.key.$$.pem" ); $ENV{'X509_CERT_DIR'} = $trustrootdir; ($exitstatus, $output) = &runtest("myproxy-retrieve -T -c $tmpdir/myproxy-test.cert.$$.pem -y $tmpdir/myproxy-test.key.$$.pem -v -S", $passphrase . "\n"); print "MyProxy Test 20T (retrieve stored credential w/ trustroots): "; if ($exitstatus == 0) { ($exitstatus, $output) = &verifycert("$tmpdir/myproxy-test.cert.$$.pem", "$tmpdir/myproxy-test.key.$$.pem"); } if ($exitstatus == 0) { ($exitstatus, $output) = &verifytrustroots(); } if ($exitstatus == 0) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } unlink( "$tmpdir/myproxy-test.cert.$$.pem" ); unlink( "$tmpdir/myproxy-test.key.$$.pem" ); if (defined($origtrustrootdir)) { $ENV{'X509_CERT_DIR'} = $origtrustrootdir; } else { delete $ENV{'X509_CERT_DIR'}; } # # Test 20.a # if ($startserver && defined($serverpid)) { # only case we have direct access to server # ($exitstatus, $output) = kill('HUP', $serverpid); ($exitstatus, $output) = &runtest("/bin/kill -HUP $serverpid"); print "MyProxy Test 20.a (kill -HUP $serverpid): "; if ($exitstatus != 0) { print "FAILED with $exitstatus\n"; $FAILURES++; print STDERR $output; } else { print "SUCCEEDED\n"; $SUCCESSES++; } } else { print "MyProxy Test 20.a (kill -HUP ): SKIPPED\n"; } # # Test 21 # ($exitstatus, $output) = &runtest("myproxy-logon -t 1 -o $tmpdir/myproxy-test.$$ -v -S", "badpassphrase\n"); print "MyProxy Test 21 (verify passphrase checking on myproxy-logon): "; if ($exitstatus != 0 && $output =~ /invalid credential passphrase/) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } # # Test 22 # ($exitstatus, $output) = &runtest("myproxy-retrieve -c $tmpdir/myproxy-test-cert.$$.pem -y $tmpdir/myproxy-test-key.$$.pem -v -S", "badpassphrase\n"); print "MyProxy Test 22 (verify passphrase checking on myproxy-retrieve): "; if ($exitstatus != 0 && $output =~ /invalid credential passphrase/) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } unlink( "$tmpdir/myproxy-test.cert.$$.pem" ); unlink( "$tmpdir/myproxy-test.key.$$.pem" ); # # Test 23 # ($exitstatus, $output) = &runtest("myproxy-logon -a \$X509_USER_PROXY -t 1 -o $tmpdir/myproxy-test.$$ -v", undef); print "MyProxy Test 23 (verify myproxy-logon default renewal policy): "; if ($exitstatus != 0) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } # # Test 24 # ($exitstatus, $output) = &runtest("myproxy-retrieve -a \$X509_USER_PROXY -c $tmpdir/myproxy-test-cert.$$.pem -y $tmpdir/myproxy-test-key.$$.pem -v", undef); print "MyProxy Test 24 (verify myproxy-retrieve default renewal policy): "; if ($exitstatus != 0) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } unlink( "$tmpdir/myproxy-test-cert.$$.pem" ); unlink( "$tmpdir/myproxy-test-key.$$.pem" ); # # Test 25 # ($exitstatus, $output) = &runtest("myproxy-destroy -v", undef); print "MyProxy Test 25 (remove credential from repository): "; if ($exitstatus == 0 && $output =~ /was successfully removed/) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } # # Test 26 # ($exitstatus, $output) = &runtest("myproxy-info -v", undef); print "MyProxy Test 26 (verify credentials are removed): "; if (!($output =~ /default credential/)) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } # # Test 27 # ($exitstatus, $output) = &runtest("myproxy-store -v -r 'nobody' -k 'nobody' -t 1 -y $testkey", undef); print "MyProxy Test 27 (store credentials with retrieval policies): "; if ($exitstatus == 0) { ($exitstatus, $output) = &runtest("myproxy-store -x -E '$cert_subject' -v -r '$cert_subject' -k 'mine' -t 1 -y $testkey", undef); } if ($exitstatus == 0) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } # # Test 28 # ($exitstatus, $output) = &runtest("myproxy-logon -k 'mine' -t 1 -o $tmpdir/myproxy-test.$$ -v -S", $passphrase . "\n"); print "MyProxy Test 28 (verify myproxy-logon retrieval policies): "; if ($exitstatus == 0) { ($exitstatus, $output) = &verifyproxy("$tmpdir/myproxy-test.$$"); } if ($exitstatus == 0) { ($exitstatus, $output) = &runtest("myproxy-logon -k 'nobody' -t 1 -o $tmpdir/myproxy-test.$$ -v -S", $passphrase . "\n"); if ($exitstatus != 0) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR "Shouldn't have allowed retrieval.\n"; print STDERR $output; } } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } # # Test 29 # ($exitstatus, $output) = &runtest("myproxy-retrieve -k 'mine' -c $tmpdir/myproxy-test.cert.12.1.$$.pem -y $tmpdir/myproxy-test.key.12.1.$$.pem -v -S", $passphrase . "\n"); print "MyProxy Test 29 (verify myproxy-retrieve retrieval policies): "; if ($exitstatus == 0) { ($exitstatus, $output) = &verifycert("$tmpdir/myproxy-test.cert.12.1.$$.pem", "$tmpdir/myproxy-test.key.12.1.$$.pem"); } if ($exitstatus == 0) { ($exitstatus, $output) = &runtest("myproxy-retrieve -k 'nobody' -c $tmpdir/myproxy-test.cert.12.2.$$.pem -y $tmpdir/myproxy-test.key.12.2.$$.pem -v -S", $passphrase . "\n"); if ($exitstatus != 0) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR "Shouldn't have allowed retrieval.\n"; print STDERR $output; } } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } &runtest("myproxy-destroy -v -k 'mine'", undef); &runtest("myproxy-destroy -v -k 'nobody'", undef); `rm -f $tmpdir/myproxy-test.*.12.*.$$.pem`; # # Test 30 # ($exitstatus, $output) = &runtest("myproxy-store -v -R 'nobody' -k 'nobody' -t 1 -d -y \$X509_USER_PROXY -c \$X509_USER_PROXY", undef); print "MyProxy Test 30 (store credentials with renewal policies): "; if ($exitstatus == 0) { ($exitstatus, $output) = &runtest("myproxy-store -v -x -R '$cert_subject' -k 'mine' -t 1 -d -y \$X509_USER_PROXY -c \$X509_USER_PROXY", undef); } if ($exitstatus == 0) { ($exitstatus, $output) = &runtest("myproxy-store -v -c $iproxyloc -y $iproxyloc -x -R '$cert_subject' -k 'independent' -t 1", undef); } if ($exitstatus == 0) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } # # Test 30.a # if ($startserver && defined($serverpid)) { # only case we have direct access to server # ($exitstatus, $output) = kill('HUP', $serverpid); ($exitstatus, $output) = &runtest("/bin/kill -HUP $serverpid"); print "MyProxy Test 30.a (kill -HUP $serverpid): "; if ($exitstatus != 0) { print "FAILED with $exitstatus\n"; $FAILURES++; print STDERR $output; } else { print "SUCCEEDED\n"; $SUCCESSES++; } } else { print "MyProxy Test 30.a (kill -HUP ): SKIPPED\n"; } # # Test 31 # ($exitstatus, $output) = &runtest("myproxy-info -v -d", undef); print "MyProxy Test 31 (get info for stored renewal credentials): "; if ($exitstatus == 0 && $output =~ /username/) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } # # Test 32 # ($exitstatus, $output) = &runtest("myproxy-logon -k 'mine' -a $ENV{'X509_USER_PROXY'} -t 1 -o $tmpdir/myproxy-test.$$ -v -d -S", $passphrase . "\n"); print "MyProxy Test 32 (verify renewal policies): "; if ($exitstatus == 0) { ($exitstatus, $output) = &verifyproxy("$tmpdir/myproxy-test.$$"); } elsif ($output =~ /self-authz not allowed/) { $exitstatus = 0; # default policy will give this response } if ($exitstatus == 0) { ($exitstatus, $output) = &runtest("myproxy-logon -k 'independent' -a $iproxyloc -t 1 -o $tmpdir/myproxy-test.$$ -v", undef); } if ($exitstatus == 0) { ($exitstatus, $output) = &verifyproxy("$tmpdir/myproxy-test.$$"); } if ($exitstatus == 0) { ($exitstatus, $output) = &runtest("myproxy-logon -k 'nobody' -a $ENV{'X509_USER_PROXY'} -t 1 -o $tmpdir/myproxy-test.$$ -v -d -S", $passphrase . "\n"); if ($exitstatus != 0) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR "Shouldn't have allowed retrieval.\n"; print STDERR $output; } } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } &runtest("myproxy-destroy -v -k 'mine' -d", undef); &runtest("myproxy-destroy -v -k 'nobody' -d", undef); &runtest("env X509_USER_PROXY=$iproxyloc myproxy-destroy -v -k 'independent'", undef); # # Test 33 # ($exitstatus, $output) = &runtest("myproxy-store -x -E '$cert_subject' -v -a -t 2 -y $testkey", undef); print "MyProxy Test 33 (verify lifetime of retrieved credentials): "; if ($exitstatus == 0) { ($exitstatus, $output) = &runtest("myproxy-logon -o $tmpdir/myproxy-test.$$ -v -S", $passphrase . "\n"); $timeleft = `$grid_proxy_info -file $tmpdir/myproxy-test.$$ -timeleft`; if (defined($timeleft) && $timeleft > 60*60*2+300 || $timeleft < 60*60*2-300) { $output = "Credential lifetime ($timeleft) incorrect." . "It should be " . (60*60*2) . ".\n"; $exitstatus = 1; } } if ($exitstatus == 0) { ($exitstatus, $output) = &verifyproxy("$tmpdir/myproxy-test.$$"); } if ($exitstatus == 0) { ($exitstatus, $output) = &runtest("myproxy-logon -t 1 -o $tmpdir/myproxy-test.$$ -v -S", $passphrase . "\n"); $timeleft = `$grid_proxy_info -file $tmpdir/myproxy-test.$$ -timeleft`; if ($timeleft > 60*61 || $timeleft < 60*59) { $output = "Credential lifetime ($timeleft) incorrect." . "It should be " . (60*60) . ".\n"; $exitstatus = 1; } } if ($exitstatus == 0) { ($exitstatus, $output) = &verifyproxy("$tmpdir/myproxy-test.$$"); } if ($exitstatus == 0) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } &runtest("myproxy-destroy -v", undef); # # Test 34 # ($exitstatus, $output) = &runtest("myproxy-store -v -E 'nobody' -k 'nobody' -t 1 -y $testkey", undef); print "MyProxy Test 34 (store credentials with retrieve key policies): "; if ($exitstatus == 0) { ($exitstatus, $output) = &runtest("myproxy-store -v -x -E '$cert_subject' -k 'mine' -t 1 -y $testkey", undef); } if ($exitstatus == 0) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } # # Test 35 # ($exitstatus, $output) = &runtest("myproxy-info -v", undef); print "MyProxy Test 35 (get info for stored retrieve key credentials): "; if ($exitstatus == 0 && $output =~ /username/) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } # # Test 36 # ($exitstatus, $output) = &runtest("myproxy-retrieve -k 'mine' -c $tmpdir/myproxy-test.cert.12.1.$$.pem -y $tmpdir/myproxy-test.key.12.1.$$.pem -v -S", $passphrase . "\n"); print "MyProxy Test 36 (verify myproxy-retrieve key retrieval policies): "; if ($exitstatus == 0) { ($exitstatus, $output) = &verifycert("$tmpdir/myproxy-test.cert.12.1.$$.pem", "$tmpdir/myproxy-test.key.12.1.$$.pem"); } if ($exitstatus == 0) { ($exitstatus, $output) = &runtest("myproxy-retrieve -k 'nobody' -c $tmpdir/myproxy-test.cert.12.2.$$.pem -y $tmpdir/myproxy-test.key.12.2.$$.pem -v -S", $passphrase . "\n"); if ($exitstatus != 0) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR "Shouldn't have allowed retrieval.\n"; print STDERR $output; } } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } end_of_store_tests: &runtest("myproxy-destroy -v -k 'mine'", undef); &runtest("myproxy-destroy -v -k 'nobody'", undef); `rm -f $tmpdir/myproxy-test.*.12.*.$$.pem`; unlink("$tmpdir/myproxy-test.$$.key.pem"); # # Test 37 # ($exitstatus, $output) = &runtest("myproxy-init -v -Z 'nobody' -k 'nobody' -c 1 -t 1 -d -S -n", $passphrase . "\n"); print "MyProxy Test 37 (store credentials w/ retrievable_by_cert policies): "; if ($exitstatus == 0) { ($exitstatus, $output) = &runtest("myproxy-store -v -x -Z '$cert_subject' -k 'mine' -c $iproxyloc -y $iproxyloc -t 1", undef); } if ($exitstatus == 0) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } # # Test 38 # ($exitstatus, $output) = &runtest("myproxy-logon -k 'mine' -t 1 -o $tmpdir/myproxy-test.$$ -v -n", undef); print "MyProxy Test 38 (verify retrievable_by_cert policies): "; if ($exitstatus == 0) { ($exitstatus, $output) = &verifyproxy("$tmpdir/myproxy-test.$$"); } if ($exitstatus == 0) { ($exitstatus, $output) = &runtest("myproxy-logon -k 'nobody' -t 1 -o $tmpdir/myproxy-test.$$ -v -d -n", undef); if ($exitstatus != 0) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR "Shouldn't have allowed retrieval.\n"; print STDERR $output; } } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } &runtest("env X509_USER_PROXY=$iproxyloc myproxy-destroy -v -k 'mine'", undef); &runtest("myproxy-destroy -v -k 'nobody' -d", undef); # # Test 39 # &runtest("myproxy-init -v -a -c 1 -t 1 -S", $passphrase . "\n"); &runtest("myproxy-init -v -x -R '$cert_subject' -k renew -c 1 -t 1", undef); &runcmd("grid-proxy-init $PROXYBITS -limited -o \$X509_USER_PROXY.limited", undef); rename("\$X509_USER_PROXY", "\$X509_USER_PROXY.orig"); rename("\$X509_USER_PROXY.limited", "\$X509_USER_PROXY"); ($exitstatus, $output) = &runtest("myproxy-logon -t 1 -o $tmpdir/myproxy-test.$$ -v -S", $passphrase . "\n"); print "MyProxy Test 39 (verify limited proxy retrieves a limited proxy): "; if ($exitstatus == 0) { ($exitstatus, $output) = &verifyproxy("$tmpdir/myproxy-test.$$"); } if ($exitstatus != 0) { print "FAILED\n"; $FAILURES++; print STDERR $output; goto cleanup_limited; } if (!`$grid_proxy_info -file $tmpdir/myproxy-test.$$ -type` =~ /limited/) { print "FAILED\nRetrieved proxy is not limited.\n"; $FAILURES++; } print "SUCCEEDED\n"; $SUCCESSES++; # # Test 40 # ($exitstatus, $output) = &runtest("myproxy-logon -a \$X509_USER_PROXY -k renew -t 1 -o $tmpdir/myproxy-test.$$ -v", undef); print "MyProxy Test 40 (verify renewed limited proxy is still limited): "; if ($exitstatus == 0) { ($exitstatus, $output) = &verifyproxy("$tmpdir/myproxy-test.$$"); } elsif ($output =~ /self-authz not allowed/) { $exitstatus = 0; # default policy will give this response } if ($exitstatus != 0) { print "FAILED\n"; $FAILURES++; print STDERR $output; goto cleanup_limited; } if (!`$grid_proxy_info -file $tmpdir/myproxy-test.$$ -type` =~ /limited/) { print "FAILED\nRetrieved proxy is not limited.\n"; $FAILURES++; } print "SUCCEEDED\n"; $SUCCESSES++; cleanup_limited: &runtest("myproxy-destroy -v", undef); &runtest("myproxy-destroy -v -k renew", undef); rename("\$X509_USER_PROXY.orig", "\$X509_USER_PROXY"); # # Test 40.a # if ($startserver && defined($serverpid)) { # only case we have direct access to server # ($exitstatus, $output) = kill('HUP', $serverpid); ($exitstatus, $output) = &runtest("/bin/kill -HUP $serverpid"); print "MyProxy Test 40.a (kill -HUP $serverpid): "; if ($exitstatus != 0) { print "FAILED with $exitstatus\n"; $FAILURES++; print STDERR $output; } else { print "SUCCEEDED\n"; $SUCCESSES++; } } else { print "MyProxy Test 40.a (kill -HUP ): SKIPPED\n"; } # # Test 41 # $ENV{'X509_CERT_DIR'} = $trustrootdir; ($exitstatus, $output) = &runtest("myproxy-get-trustroots -v", undef); print "MyProxy Test 41 (retrieve trustroots w/o authentication): "; if ($exitstatus == 0) { ($exitstatus, $output) = &verifytrustroots(); } if ($exitstatus == 0) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } if (defined($origtrustrootdir)) { $ENV{'X509_CERT_DIR'} = $origtrustrootdir; } else { delete $ENV{'X509_CERT_DIR'}; } # # Test 42 # if ($startserver) { # only way to know check_multiple_credentials is true $passphrase = sprintf "%010d", int(rand(0x7fffffff)); ($exitstatus, $output) = &runtest("myproxy-init -v -a -k multiple -c 1 -t 1 -S", $passphrase . "\n"); print "MyProxy Test 42 (check_multiple_credentials): "; if ($exitstatus == 0) { ($exitstatus, $output) = &runtest("myproxy-logon -k multiple -t 1 -o $tmpdir/myproxy-test.$$ -v -S", $passphrase . "\n"); } if ($exitstatus == 0) { $passphrase = sprintf "%010d", int(rand(0x7fffffff)); ($exitstatus, $output) = &runtest("myproxy-logon -k multiple -t 1 -o $tmpdir/myproxy-test.$$ -v -S", $passphrase . "\n"); if ($exitstatus == 0) { print "FAILED\n"; $FAILURES++; print STDERR "Shouldn't have allowed retrieval with bad passphrase.\n"; print STDERR $output; } else { print "SUCCEEDED\n"; $SUCCESSES++; } } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } &runtest("myproxy-destroy -v -k multiple", undef); } else { print "MyProxy Test 42 (check_multiple_credentials): SKIPPED\n"; } # # Test 43 # if ($startserver) { # only case we have direct access to repository ($exitstatus, $output) = &runtest("myproxy-init -v -a -l test-user1 -c 2 -t 2 -S", $passphrase . "\n"); print "MyProxy Test 43 (myproxy-admin-query): "; if ($exitstatus == 0) { ($exitstatus, $output) = &runtest("myproxy-init -v -a -l test-user2 -k test-credname -c 4 -t 4 -S", $passphrase . "\n"); } if ($exitstatus == 0) { ($exitstatus, $output) = &runtest("myproxy-admin-query -s $serverdir -c $serverconf"); @usernames = split(/username/, $output); if ($#usernames != 2) { $exitstatus = 1; print "FAILED\n"; $FAILURES++; print STDERR "CASE 1: Should have returned two credentials. Found ", $#usernames, ".\n"; print STDERR $output; } } if ($exitstatus == 0) { ($exitstatus, $output) = &runtest("myproxy-admin-query -l test-user1 -s $serverdir -c $serverconf"); @usernames = split(/username/, $output); if ($#usernames != 1) { $exitstatus = 1; print "FAILED\n"; $FAILURES++; print STDERR "CASE 2: Should have returned one credential. Found ", $#usernames, ".\n"; print STDERR $output; } } if ($exitstatus == 0) { ($exitstatus, $output) = &runtest("myproxy-admin-query -e 5 -s $serverdir -c $serverconf"); @usernames = split(/username/, $output); if ($#usernames != 2) { $exitstatus = 1; print "FAILED\n"; $FAILURES++; print STDERR "CASE 3: Should have returned two credentials. Found ", $#usernames, ".\n"; print STDERR $output; } } if ($exitstatus == 0) { ($exitstatus, $output) = &runtest("myproxy-admin-query -t 5 -s $serverdir -c $serverconf"); @usernames = split(/username/, $output); if ($#usernames != 0) { $exitstatus = 1; print "FAILED\n"; $FAILURES++; print STDERR "CASE 4: Should have returned no credentials. Found ", $#usernames, ".\n"; print STDERR $output; } } if ($exitstatus == 0) { ($exitstatus, $output) = &runtest("myproxy-admin-query -e 3 -s $serverdir -c $serverconf"); @usernames = split(/username/, $output); if ($#usernames != 1) { $exitstatus = 1; print "FAILED\n"; $FAILURES++; print STDERR "CASE 5: Should have returned one credential. Found ", $#usernames, ".\n"; print STDERR $output; } } if ($exitstatus == 0) { ($exitstatus, $output) = &runtest("myproxy-admin-query -t 3 -s $serverdir -c $serverconf"); @usernames = split(/username/, $output); if ($#usernames != 1) { $exitstatus = 1; print "FAILED\n"; $FAILURES++; print STDERR "CASE 6: Should have returned one credential. Found ", $#usernames, ".\n"; print STDERR $output; } } if ($exitstatus == 0) { ($exitstatus, $output) = &runtest("myproxy-admin-query -e 1 -s $serverdir -c $serverconf"); @usernames = split(/username/, $output); if ($#usernames != 0) { $exitstatus = 1; print "FAILED\n"; $FAILURES++; print STDERR "CASE 7: Should have returned no credentials. Found ", $#usernames, ".\n"; print STDERR $output; } } if ($exitstatus == 0) { ($exitstatus, $output) = &runtest("myproxy-admin-query -t 1 -s $serverdir -c $serverconf"); @usernames = split(/username/, $output); if ($#usernames != 2) { $exitstatus = 1; print "FAILED\n"; $FAILURES++; print STDERR "CASE 8: Should have returned two credentials. Found ", $#usernames, ".\n"; print STDERR $output; } } if ($exitstatus == 0) { ($exitstatus, $output) = &runtest("myproxy-admin-query -i -s $serverdir -c $serverconf"); @usernames = split(/username/, $output); if ($#usernames != 0) { $exitstatus = 1; print "FAILED\n"; $FAILURES++; print STDERR "CASE 9: Should have returned no credentials. Found ", $#usernames, ".\n"; print STDERR $output; } } if ($exitstatus == 0) { ($exitstatus, $output) = &runtest("myproxy-admin-query -r -s $serverdir -c $serverconf"); } if ($exitstatus == 0) { ($exitstatus, $output) = &runtest("myproxy-admin-query -s $serverdir -c $serverconf"); @usernames = split(/username/, $output); if ($#usernames != 0) { $exitstatus = 1; print "FAILED\n"; $FAILURES++; print STDERR "CASE 10: Should have returned no credentials. Found ", $#usernames, ".\n"; print STDERR $output; } } if ($exitstatus == 0) { print "SUCCEEDED\n"; $SUCCESSES++; } } else { print "MyProxy Test 43 (myproxy-admin-query): SKIPPED\n"; } myproxy_header_test: # # Test 44 # chomp($gcc = `which gcc 2>/dev/null`); if (-x $gcc && defined($ENV{'GLOBUS_LOCATION'}) && -d "$ENV{'GLOBUS_LOCATION'}/include") { &write_myproxy_header_test; $basedir = "$ENV{'GLOBUS_LOCATION'}/include"; $includedirs = "-I$basedir"; opendir(DIRHANDLE, "$basedir") || die "can't opendir $basedir: $!"; while (defined($filename = readdir(DIRHANDLE))) { next if $filename =~ /^\.\.?$/; # skip . and .. if (-d "$basedir/$filename") { $includedirs .= " -I$basedir/$filename"; } } closedir(DIRHANDLE); # should really just make this a recursive search... $basedir = "$ENV{'GLOBUS_LOCATION'}/include/globus"; if (opendir(DIRHANDLE, "$basedir")) { while (defined($filename = readdir(DIRHANDLE))) { next if $filename =~ /^\.\.?$/; # skip . and .. if (-d "$basedir/$filename") { $includedirs .= " -I$basedir/$filename"; } } closedir(DIRHANDLE); } ($exitstatus, $output) = &runcmd("$gcc $includedirs -o $tmpdir/myproxy-header $tmpdir/myproxy.c"); print "MyProxy Test 44 (myproxy.h): "; if ($exitstatus == 0) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } } else { print "MyProxy Test 44 (myproxy.h): SKIPPED\n"; } # # Test 45 # $SAVED_LOGNAME = $ENV{'LOGNAME'}; $ENV{'LOGNAME'} = $ENV{'LOGNAME'} . "ruld9ocitegdatNigWaiwacWowd5blerUdCaxVanurs4OtNimEsDeicEgOakEkavTykEvenIpRipCarattAidcack3grirtigrimhuatwykCoth5QuicAtJawmAdutbi0QuekKabCugNelgAneuvCavNokdejnilevityixafyudGujBekIgDoadjel9shraruld9ocitegdatNigWaiwacWowd5blerUdCaxVanurs4OtNimEsDeicEgOakEkavTykEvenIpRipCarattAidcack3grirtigrimhuatwykCoth5QuicAtJawmAdutbi0QuekKabCugNelgAneuvCavNokdejnilevityixafyudGujBekIgDoadjel9shraruld9ocitegdatNigWaiwacWowd5blerUdCaxVanurs4OtNimEsDeicEgOakEkavTykEvenIpRipCarattAidcack3grirtigrimhuatwykCoth5QuicAtJawmAdutbi0QuekKabCugNelgAneuvCavNokdejnilevityixafyudGujBekIgDoadjel9shraruld9ocitegdatNigWaiwacWowd5blerUdCaxVanurs4OtNimEsDeicEgOakEkavTykEvenIpRipCarattAidcack3grirtigrimhuatwykCoth5QuicAtJawmAdutbi0QuekKabCugNelgAneuvCavNokdejnilevityixafyudGujBekIgDoadjel9shraruld9ocitegdatNigWaiwacWowd5blerUdCaxVanurs4OtNimEsDeicEgOakEkavTykEvenIpRipCarattAidcack3grirtigrimhuatwykCoth5QuicAtJawmAdutbi0QuekKabCugNelgAneuvCavNokdejnilevityixafyudGujBekIgDoadjel9shraruld9ocitegdatNigWaiwacWowd5blerUdCaxVanurs4OtNimEsDeicEgOakEkavTykEvenIpRipCarattAidcack3grirtigrimhuatwykCoth5QuicAtJawmAdutbi0QuekKabCugNelgAneuvCavNokdejnilevityixafyudGujBekIgDoadjel9shra"; ($exitstatus, $output) = &runtest("myproxy-init -v -a -c 1 -t 1 -S", $passphrase . "\n"); if ($exitstatus == 0) { ($exitstatus, $output) = &runtest("myproxy-logon -t 1 -o $tmpdir/myproxy-test.$$ -v -S", $passphrase . "\n"); } print "MyProxy Test 45 (verify long username handling): "; if ($exitstatus == 0) { ($exitstatus, $output) = &verifyproxy("$tmpdir/myproxy-test.$$"); } if ($exitstatus == 0) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } $ENV{'LOGNAME'} = $SAVED_LOGNAME; # # COG tests # if (defined($ENV{"COG_INSTALL_PATH"})) { &docogtests(); } else { print "\$COG_INSTALL_PATH undefined. Skipping Java CoG tests.\n"; } # # END TESTS # end_of_all_tests: &docleanup(); print "MyProxy Tests Complete: ", $SUCCESSES, " tests passed, "; print $FAILURES, " tests failed\n"; if (defined($valgrind)) { `cat $tmpdir/valgrind.log.* > valgrind.log.$$`; if (-s "valgrind.log.$$") { print "Valgrind errors in valgrind.log.$$.\n"; # $FAILURES++; } else { print "Valgrind found no errors.\n"; unlink("valgrind.log.$$"); } } exit $FAILURES; # # SUBROUTINES # sub runtest { local($command, $input) = @_; if (defined($valgrind)) { $valgrindlog = File::Temp::tempnam($tmpdir, "valgrind.log."); $valgrindlogopt = " --log-file=$valgrindlog "; $command = $valgrind . $valgrindlogopt . $command; } return &runcmd($command, $input); } sub runcmd { local($command, $input) = @_; print STDERR "running: ", $command, "\n" if ($verbose); $pid = open3(*Writer, *Reader, '', "exec $command") || die "failed to run $command"; print Writer $input if (defined($input)); close(Writer); @output = ; close(Reader); waitpid($pid, 0); $exitstatus = $?; $output = join('', @output); print STDERR $output if ($verbose); return ($exitstatus, $output); } sub docogtests { $cogmyproxy = "$ENV{COG_INSTALL_PATH}/bin/myproxy -h $ENV{MYPROXY_SERVER}"; if (defined($ENV{"MYPROXY_SERVER_DN"})) { $cogmyproxy .= " -s \"$ENV{MYPROXY_SERVER_DN}\""; } if (defined($ENV{"MYPROXY_SERVER_PORT"})) { $cogmyproxy .= " -p $ENV{MYPROXY_SERVER_PORT}"; } $cogmyproxy .= " -l $ENV{'LOGNAME'}"; $ENV{"COG_OPTS"} = " -DX509_USER_PROXY=$ENV{X509_USER_PROXY}" . " -DX509_USER_CERT=$ENV{X509_USER_CERT}" . " -DX509_USER_KEY=$ENV{X509_USER_KEY}"; ($exitstatus, $output) = &runtest("myproxy-init -v -a -c 1 -t 1 -S", $passphrase . "\n"); if ($exitstatus == 0) { ($exitstatus, $output) = &runcmd("$cogmyproxy anonget -o $tmpdir/myproxy-test.$$", $passphrase . "\n"); } if ($exitstatus == 0) { ($exitstatus, $output) = &verifyproxy("$tmpdir/myproxy-test.$$"); } print "MyProxy CoG Test 1 (anonget of myproxy-init credential): "; if ($exitstatus == 0) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } if ($exitstatus == 0) { ($exitstatus, $output) = &runcmd("$cogmyproxy get -o $tmpdir/myproxy-test.$$", $passphrase . "\n"); } if ($exitstatus == 0) { ($exitstatus, $output) = &verifyproxy("$tmpdir/myproxy-test.$$"); } print "MyProxy CoG Test 2 (get of myproxy-init credential): "; if ($exitstatus == 0) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } # This test requires a recent Java CoG release # with certificate chain support: # (http://bugzilla.globus.org/globus/show_bug.cgi?id=1914) # ($exitstatus, $output) = &runcmd("$cogmyproxy put -a -c 1 -t 1", $passphrase . "\n"); print "MyProxy CoG Test 3 (store credential with default name): "; if ($exitstatus == 0) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } if ($exitstatus == 0) { ($exitstatus, $output) = &runcmd("$cogmyproxy anonget -o $tmpdir/myproxy-test.$$", $passphrase . "\n"); } if ($exitstatus == 0) { ($exitstatus, $output) = &verifyproxy("$tmpdir/myproxy-test.$$"); } print "MyProxy CoG Test 4 (anonget of CoG stored credential): "; if ($exitstatus == 0) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } if ($exitstatus == 0) { ($exitstatus, $output) = &runcmd("$cogmyproxy get -o $tmpdir/myproxy-test.$$", $passphrase . "\n"); } if ($exitstatus == 0) { ($exitstatus, $output) = &verifyproxy("$tmpdir/myproxy-test.$$"); } print "MyProxy CoG Test 5 (get of CoG stored credential): "; if ($exitstatus == 0) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } ($exitstatus, $output) = &runcmd("$cogmyproxy info", undef); print "MyProxy CoG Test 6 (get info for stored credentials): "; if ($exitstatus == 0 && $output =~ /Owner/) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } ($exitstatus, $output) = &runcmd("$cogmyproxy destroy", undef); print "MyProxy CoG Test 7 (remove credential from repository): "; if ($exitstatus == 0 && $output =~ /was succes+fully/) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } ($exitstatus, $output) = &runcmd("$cogmyproxy put -n -x -R '$cert_subject' -k 'mine' -c 1 -t 1", $passphrase . "\n"); print "MyProxy CoG Test 8 (store credential with renewal policy): "; if ($exitstatus == 0) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } ($exitstatus, $output) = &runcmd("$cogmyproxy get -k 'mine' -a $ENV{'X509_USER_PROXY'} -t 1 -o $tmpdir/myproxy-test.$$", undef); print "MyProxy CoG Test 9 (renew credential): "; if ($exitstatus == 0) { ($exitstatus, $output) = &verifyproxy("$tmpdir/myproxy-test.$$"); } if ($exitstatus == 0) { print "SUCCEEDED\n"; $SUCCESSES++; } else { print "FAILED\n"; $FAILURES++; print STDERR $output; } &runtest("myproxy-destroy -v -k 'mine' -d", undef); } # # verify_proxy # # Check to see if user has a valid proxy, and verify proxy is usable # # Dependencies: (-x grid-proxy-info) # # grid-proxy-info -timeleft # die if no output, or output is less than 60 seconds # $proxy = grid-proxy-info -path # grid-proxy-init -debug -verify -cert $proxy -key $proxy # if $? == 0 then proxy is valid # if $? != 0, die, b/c proxy is invalid and won't work # sub verifyproxy { local($proxyfile) = @_; chomp (my $timeleft = `$grid_proxy_info -file $proxyfile -timeleft`); if (!defined($timeleft) || $timeleft eq "") { $output = "failed to verify proxy\n"; $output .= "'grid-proxy-info -timeleft' failed\n"; return (1, $output); } if ($timeleft < 1) { $output = "proxy is expired\n"; return (1, $output); } chomp (my $proxytype = `$grid_proxy_info -file $proxyfile -type`); local($typeopt) = ""; if ($proxytype =~ /legacy/) { $typeopt = "-old"; } elsif ($proxytype =~ /RFC 3820 compliant/) { $typeopt = "-rfc"; } $output = `$grid_proxy_init $PROXYBITS $typeopt -debug -verify -cert $proxyfile -key $proxyfile -valid 0:1 -out $tmpdir/tmpproxy.$$ 2>&1`; if ($? != 0) { $output = "failed to verify proxy\n" . $output; unlink("$tmpdir/tmpproxy.$$"); return (1, $output); } # remove the new proxy we created for validation # NOTE: this does not affect the user's original proxy in any way unlink("$tmpdir/tmpproxy.$$"); return (0, ""); } # # verifycert # # Check to see if user has a valid usable certificate # # Dependencies: (-x grid-proxy-int) # # grid-proxy-init -debug -verify -cert $certfile -key $keyfile # if $? == 0 then proxy is valid # if $? != 0, die, b/c proxy is invalid and won't work # sub verifycert { local($certfile, $keyfile) = @_; chomp (my $info = `$grid_cert_info -file $certfile`); local($proxytype) = ""; if ($info =~ /Subject: .* CN=proxy|\/CN=limited proxy/) { $proxytype = "-old"; } elsif ($info =~ /1.3.6.1.4.1.3536.1.222/) { # no option for this -- hope for the best } elsif ($info =~ /1.3.6.1.5.5.7.1.14/) { $proxytype = "-rfc"; } elsif ($info =~ /Proxy Certificate Information/) { $proxytype = "-rfc"; } else { # shrug } local($output) = &runcmd("$grid_proxy_init $PROXYBITS $proxytype -debug -verify -cert $certfile -key $keyfile -valid 0:1 -out $tmpdir/tmpproxy.$$ -pwstdin", $passphrase); if ($? != 0) { $output = "failed to verify certificate from: $certfile and $keyfile\n" . $output; unlink("$tmpdir/tmpproxy.$$"); return (1, $output); } # remove the new proxy we created for validation # NOTE: this does not affect the user's original proxy in any way unlink("$tmpdir/tmpproxy.$$"); return (0, ""); } # # verifytrustroots # # Check to see that trustroots were properly installed in # ~/.globus/certificates, then remove that directory. # sub verifytrustroots { if (!(-d $trustrootdir)) { return (1, "trust root directory $trustrootdir doesn't exist!"); } $diritems = 0; opendir(DIRHANDLE, $trustrootdir) or die "couldn't open $trustrootdir : $!"; while (defined($filename = readdir(DIRHANDLE))) { next if $filename =~ /^\.\.?$/; # skip . and .. $diritems++; } closedir(DIRHANDLE); if ($diritems == 0) { rmdir($trustrootdir); return (1, "trust root directory $trustrootdir is empty!"); } `rm -rf $trustrootdir`; return (0, ""); } sub opensslsanitycheck { $testkey = "$tmpdir/myproxy-test.$$.key"; $cmd = "$openssl rsa -des3 -passout stdin -in $ENV{'X509_USER_KEY'} -out $testkey"; ($exitstatus, $output) = &runcmd($cmd, $passphrase . "\n"); if ($exitstatus) { print STDERR "$openssl rsa encrypt failed:\n", $cmd, "\n", $output; system("which $openssl"); system("$openssl version"); die; } $cmd = "$openssl rsa -passin stdin -in $testkey > /dev/null"; ($exitstatus, $output) = &runcmd($cmd, $passphrase . "\n"); if ($exitstatus) { print STDERR "$openssl rsa decrypt failed:\n", $cmd, "\n", $output; system("which $openssl"); system("$openssl version"); die; } unlink($testkey); } sub debug { print STDERR join('', @_), "\n" if ($verbose); } sub docleanup { unlink("$tmpdir/myproxy-test.$$"); kill('TERM', $serverpid) if (defined($serverpid)); unlink($SERVERPIDFILE) if (defined($SERVERPIDFILE)); unlink($serverconf) if (defined($serverconf)); `rm -rf $serverdir` if (defined($serverdir)); } sub doperftests { &dogpiperftest(); &doinitperftest(); &dogetdelegperftest(); &doinfoperftest(); &docpperftest(); &dodbperftest() if ($dbperformance); &docleanup(); } sub dogpiperftest { $starttime = time(); $i = $perfclients; while ($i--) { $pid = fork(); last if ($pid == 0); } if ($pid == 0) { $i = $perfiters; while ($i--) { ($exitstatus, $output) = &runcmd("grid-proxy-init $PROXYBITS -hours 1 -out $tmpdir/myproxy-test.$$", undef); if ($exitstatus != 0) { print "$$: grid-proxy-init FAILED with $i iters to go.\n"; print STDERR $output; exit($exitstatus>>8); } } unlink("$tmpdir/myproxy-test.$$"); &debug("$$ is done."); exit 0; } $i = $perfclients; while ($i--) { wait(); if ($?) { printf "child failed. aborting.\n"; &docleanup(); exit 1; } } $endtime = time(); print $perfiters*$perfclients, " grid-proxy-inits in "; print $endtime-$starttime, " seconds.\n"; } sub doinitperftest { $starttime = time(); $i = $perfclients; while ($i--) { $pid = fork(); last if ($pid == 0); } if ($pid == 0) { $i = $perfiters; while ($i--) { ($exitstatus, $output) = &runtest("myproxy-init -v -a -c 1 -t 1 -S -k $$", $passphrase . "\n"); if ($exitstatus != 0) { print "$$: myproxy-init FAILED with $i iters to go.\n"; print STDERR $output; exit($exitstatus>>8); } } &runtest("myproxy-destroy -v -k $$", undef); &debug("$$ is done."); exit 0; } $i = $perfclients; while ($i--) { wait(); if ($?) { printf "child failed. aborting.\n"; &docleanup(); exit 1; } } $endtime = time(); print $perfiters*$perfclients, " myproxy-inits in "; print $endtime-$starttime, " seconds.\n"; } sub dogetdelegperftest { ($exitstatus, $output) = &runtest("myproxy-init -v -a -c 1 -t 1 -S", $passphrase . "\n"); if ($exitstatus != 0) { print "myproxy-init failed\n"; print STDERR $output; exit($exitstatus>>8); } $starttime = time(); $i = $perfclients; while ($i--) { $pid = fork(); last if ($pid == 0); } if ($pid == 0) { $i = $perfiters; while ($i--) { ($exitstatus, $output) = &runtest("myproxy-logon -t 1 -o $tmpdir/myproxy-test.$$ -v -S", $passphrase . "\n"); if ($exitstatus != 0) { print "$$: myproxy-logon FAILED with $i iters to go.\n"; print STDERR $output; exit($exitstatus>>8); } } unlink("$tmpdir/myproxy-test.$$"); &debug("$$ is done."); exit 0; } $i = $perfclients; while ($i--) { wait(); if ($?) { printf "child failed. aborting.\n"; &docleanup(); exit 1; } } $endtime = time(); print $perfiters*$perfclients, " myproxy-logons in "; print $endtime-$starttime, " seconds.\n"; &runtest("myproxy-destroy -v", undef); } sub doinfoperftest { ($exitstatus, $output) = &runtest("myproxy-init -v -a -c 1 -t 1 -S", $passphrase . "\n"); if ($exitstatus != 0) { print "myproxy-init failed\n"; print STDERR $output; exit($exitstatus>>8); } $starttime = time(); $i = $perfclients; while ($i--) { $pid = fork(); last if ($pid == 0); } if ($pid == 0) { $i = $perfiters; while ($i--) { ($exitstatus, $output) = &runtest("myproxy-info -v", undef); if ($exitstatus != 0) { print "$$: myproxy-info FAILED with $i iters to go.\n"; print STDERR $output; exit($exitstatus>>8); } } &debug("$$ is done."); exit 0; } $i = $perfclients; while ($i--) { wait(); if ($?) { printf "child failed. aborting.\n"; &docleanup(); exit 1; } } $endtime = time(); print $perfiters*$perfclients, " myproxy-infos in "; print $endtime-$starttime, " seconds.\n"; &runtest("myproxy-destroy -v", undef); } sub docpperftest { $starttime = time(); $i = $perfclients; while ($i--) { $pid = fork(); last if ($pid == 0); } if ($pid == 0) { ($exitstatus, $output) = &runtest("myproxy-init -v -a -c 1 -t 1 -S -k $$", $passphrase . "\n"); if ($exitstatus != 0) { print "$$: myproxy-init FAILED with $i iters to go.\n"; print STDERR $output; exit($exitstatus>>8); } $i = $perfiters; while ($i--) { $old_passphrase = $passphrase; $passphrase = sprintf "%010d", int(rand(0x7fffffff)); ($exitstatus, $output) = &runtest("myproxy-change-pass-phrase -v -S -k $$", "$old_passphrase\n$passphrase\n"); if ($exitstatus != 0) { print "$$: myproxy-change-pass-phrase FAILED with $i iters to go.\n"; print STDERR $output; exit($exitstatus>>8); } } &runtest("myproxy-destroy -v -k $$", undef); &debug("$$ is done."); exit 0; } $i = $perfclients; while ($i--) { wait(); if ($?) { printf "child failed. aborting.\n"; &docleanup(); exit 1; } } $endtime = time(); print $perfiters*$perfclients, " myproxy-change-pass-phrases in "; print $endtime-$starttime, " seconds.\n"; } sub dodbperftest { foreach $dbsize (10,100,1000,10000) { $i = $dbsize; while ($i--) { ($exitstatus, $output) = &runtest("myproxy-admin-load-credential -v -d -l $i" . " -c $ENV{X509_USER_CERT} -y $ENV{X509_USER_KEY}" . (defined($serverdir) ? " -s $serverdir" : ""), undef); if ($exitstatus != 0) { print "myproxy-admin-load-credential FAILED.\n"; print STDERR $output; exit($exitstatus>>8); } } $starttime = time(); $i = $dbsize; while ($i--) { ($exitstatus, $output) = &runtest("myproxy-info -v -l $i", undef); if ($exitstatus != 0) { print "myproxy-info FAILED.\n"; print STDERR $output; exit($exitstatus>>8); } } $endtime = time(); print $dbsize, " myproxy-infos in ", $endtime-$starttime, " seconds.\n"; $starttime = $endtime; $i = $dbsize; while ($i--) { ($exitstatus, $output) = &runtest("myproxy-destroy -v -l $i", undef); if ($exitstatus != 0) { print "myproxy-destroy FAILED.\n"; print STDERR $output; exit($exitstatus>>8); } } $endtime = time(); print $dbsize, " myproxy-destroys in "; print $endtime-$starttime, " seconds.\n"; } } sub openport { $sockaddr = 'S n a4 x8'; $host = "127.0.0.1"; local($port) = @_; @list = getprotobyname('tcp'); $proto = $list[2]; @list = gethostbyaddr(inet_aton($host), AF_INET); $addr = $list[4]; while ($port < 65535) { $destaddr = pack($sockaddr, AF_INET, $port, $addr); socket(S, AF_INET, SOCK_STREAM, $proto) || die $!; connect(S, $destaddr); if ($! =~ /Connection refused/) { return $port; } close(S); $port++; } die "failed to find available port"; } sub write_myproxy_header_test { open(SRC, ">$tmpdir/myproxy.c") || die "failed to open $tmpdir/myproxy.c, stopped"; print SRC < int main() { return 0; } EOF close(SRC); } sub write_valgrind_supp { open(SUPP, ">$tmpdir/valgrind.supp") || die "failed to open $tmpdir/valgrind.supp, stopped"; print SUPP < Specifies the credential storage directory\n" " -l | --username Query by username\n" " -k | --credname Query by credential name\n" " -o | --owner Query by owner name\n" " -e | --expiring_in Query for creds expiring in less than \n" " specified \n" " -t | --time_left Query for creds with lifetime greater \n" " than specified \n" " -i | --invalid Query for invalid credentials\n" " -r | --remove Remove credentials matching query\n" " -L | --lock 'msg' Lock access to credential(s).\n" " Specified msg will be returned instead.\n" " -U | --unlock Unlock previously locked credential(s).\n" " -v | --verbose Display debugging messages\n" " -V | --version Displays version\n" "\n"; struct option long_options[] = { {"help", no_argument, NULL, 'h'}, {"usage", no_argument, NULL, 'u'}, {"username", required_argument, NULL, 'l'}, {"credname", required_argument, NULL, 'k'}, {"owner", required_argument, NULL, 'o'}, {"config", required_argument, NULL, 'c'}, {"expiring_in", required_argument, NULL, 'e'}, {"time_left", required_argument, NULL, 't'}, {"storage", required_argument, NULL, 's'}, {"lock", required_argument, NULL, 'L'}, {"unlock", no_argument, NULL, 'U'}, {"verbose", no_argument, NULL, 'v'}, {"version", no_argument, NULL, 'V'}, {"remove", no_argument, NULL, 'r'}, {"invalid", no_argument, NULL, 'i'}, {0, 0, 0, 0} }; static char short_options[] = "hul:c:k:o:e:t:s:vVriL:U"; static char version[] = BINARY_NAME "version " MYPROXY_VERSION " (" MYPROXY_VERSION_DATE ") " "\n"; /* Function declarations */ void init_arguments(int argc, char *argv[]); void do_remove_creds(myproxy_creds_t *creds); void do_lock_creds(myproxy_creds_t *creds); void do_unlock_creds(myproxy_creds_t *creds); struct myproxy_creds cred = {0}; int remove_creds = 0; char *lock_msg = NULL; char *config_file = NULL; int unlock_creds = 0; int invalid_creds = 0; int verbose = 0; int main(int argc, char *argv[]) { int numcreds = 0, return_value = 1; myproxy_server_context_t server_context = { 0 }; struct myproxy_creds *credp = NULL; /* check library version */ if (myproxy_check_version()) { fprintf(stderr, "MyProxy library version mismatch.\n" "Expecting %s. Found %s.\n", MYPROXY_VERSION_DATE, myproxy_version(0,0,0)); exit(1); } /* Initialize arguments*/ init_arguments(argc, argv); if (verbose) myproxy_log_use_stream (stderr); /* Read server config file for OCSP options, etc. */ server_context.config_file = config_file; myproxy_server_config_read(&server_context); numcreds = myproxy_admin_retrieve_all(&cred); if (numcreds < 0) { myproxy_log_verror(); fprintf (stderr, "Failed to read credentials.\n%s\n", verror_get_string()); exit(1); } if (numcreds && invalid_creds) { int i; struct myproxy_creds **credlist; credlist = malloc(sizeof(struct myproxy_creds *)*(numcreds+1)); numcreds = 0; for (credp = &cred; credp; credp = credp->next) { verror_clear(); if (myproxy_creds_verify(credp) < 0) { fprintf(stderr, "%s: %s", credp->location, verror_get_string()); credlist[numcreds++] = credp; } } if (numcreds) { for (i = 1; i < numcreds; i++) { credlist[i-1]->next = credlist[i]; } credlist[numcreds-1]->next = NULL; credp = credlist[0]; } else { credp = &cred; } free(credlist); } else { credp = &cred; } verror_clear(); if (numcreds == 0) { printf("No credentials found.\n"); } else if (remove_creds) { do_remove_creds (credp); } else if (lock_msg) { do_lock_creds (credp); } else if (unlock_creds) { do_unlock_creds (credp); } else { if (myproxy_print_cred_info(credp, stdout) < 0) { verror_print_error(stderr); goto cleanup; } } return_value = 0; cleanup: if (cred.next) { myproxy_creds_free(cred.next); } myproxy_creds_free_contents(&cred); myproxy_server_clear_context(&server_context); return return_value; } void init_arguments(int argc, char *argv[]) { extern char *optarg; int arg; while((arg = getopt_long(argc, argv, short_options, long_options, NULL)) != EOF) { switch(arg) { case 'h': /* print help and exit */ case 'u': /* print help and exit */ printf("%s", usage); exit(0); break; case 's': /* set the credential storage directory */ myproxy_set_storage_dir(optarg); break; case 'l': /* username */ cred.username = strdup(optarg); break; case 'k': /* credname */ cred.credname = strdup(optarg); break; case 'o': /* owner */ cred.owner_name = strdup(optarg); break; case 'c': config_file = strdup(optarg); break; case 'e': /* expiring in */ cred.end_time = (SECONDS_PER_HOUR * atoi(optarg)) + time(0); break; case 'i': invalid_creds = 1; break; case 't': /* time left */ cred.start_time = (SECONDS_PER_HOUR * atoi(optarg)) + time(0); break; case 'r': /* remove */ remove_creds = 1; break; case 'L': /* lock */ lock_msg = strdup(optarg); break; case 'U': /* unlock */ unlock_creds = 1; break; case 'v': /* verbose */ myproxy_debug_set_level(1); verbose = 1; break; case 'V': /* print version and exit */ printf("%s", version); exit(0); break; default: /* print usage and exit */ fprintf(stderr, "%s", usage); exit(1); break; } } if (optind != argc) { fprintf(stderr, "%s: invalid option -- %s\n", argv[0], argv[optind]); fprintf(stderr, "%s", usage); exit(1); } return; } void do_remove_creds(myproxy_creds_t *creds) { if (!creds) return; for (; creds; creds = creds->next) { if (myproxy_creds_delete(creds) == 0) { printf("Credential for user %s (name: %s) removed.\n", creds->username, creds->credname ? creds->credname : "default"); } else { fprintf(stderr, "Failed to remove credential for user %s " "(name: %s).\n%s\n", creds->username, creds->credname ? creds->credname : "default", verror_get_string()); } } } void do_lock_creds(myproxy_creds_t *creds) { if (!creds) return; for (; creds; creds = creds->next) { if (myproxy_creds_lock(creds, lock_msg) == 0) { printf("Credential for user %s (name: %s) locked.\n", creds->username, creds->credname ? creds->credname : "default"); } else { fprintf(stderr, "Failed to lock credential for user %s " "(name: %s).\n%s\n", creds->username, creds->credname ? creds->credname : "default", verror_get_string()); } } } void do_unlock_creds(myproxy_creds_t *creds) { if (!creds) return; for (; creds; creds = creds->next) { if (myproxy_creds_unlock(creds) == 0) { printf("Credential for user %s (name: %s) unlocked.\n", creds->username, creds->credname ? creds->credname : "default"); } else { fprintf(stderr, "Failed to unlock credential for user %s " "(name: %s).\n%s\n", creds->username, creds->credname ? creds->credname : "default", verror_get_string()); } } } myproxy-6.2.16/Makefile.am0000644000175100017510000001402614557142036012326 00000000000000## Process this file with automake to produce Makefile.in SUBDIRS= \ web \ systemd \ man LibSources= \ accept_credmap.c \ accept_credmap.h \ auth_pam.c \ auth_pam.h \ certauth_extensions.c \ certauth_extensions.h \ certauth_resolveuser.c \ certauth_resolveuser.h \ getopt_long.c \ gsi_socket.c \ gsi_socket.h \ gsi_socket_priv.h \ gssapi.c \ myproxy.c \ myproxy_authorization.c \ myproxy_authorization.h \ myproxy_common.h \ myproxy_creds.c \ myproxy_creds.h \ myproxy_delegation.c \ myproxy_delegation.h \ myproxy_extensions.c \ myproxy_extensions.h \ myproxy_read_pass.c \ myproxy_read_pass.h \ myproxy_log.c \ myproxy_log.h \ myproxy_ocsp.c \ myproxy_ocsp.h \ myproxy_ocsp_aia.c \ myproxy_ocsp_aia.h \ myproxy_popen.c \ myproxy_popen.h \ myproxy_sasl_client.c \ myproxy_sasl_client.h \ myproxy_sasl_server.h \ myproxy_sasl_server.c \ myproxy_server.h \ myproxy_server_config.c \ pidfile.c \ plugin_common.c \ plugin_common.h \ port_getopt.h \ safe_id_range_list.c \ safe_id_range_list.h \ safe_is_path_trusted.c \ safe_is_path_trusted.h \ ssl_utils.c \ ssl_utils.h \ string_funcs.c \ string_funcs.h \ verror.c \ verror.h \ vomsclient.h \ voms_utils.c \ voms_utils.h \ vparse.c \ vparse.h Scripts= \ myproxy-test \ myproxy-replicate \ myproxy-test-replicate \ myproxy-admin-adduser \ myproxy-admin-addservice \ myproxy-server-setup sbin_SCRIPTS = $(Scripts) check_SCRIPTS = myproxy-test-wrapper nodist_include_HEADERS = \ myproxy.h include_HEADERS = \ myproxy_constants.h \ myproxy_authorization.h \ myproxy_protocol.h \ myproxy_creds.h \ myproxy_delegation.h \ myproxy_log.h \ myproxy_read_pass.h \ myproxy_sasl_client.h \ myproxy_sasl_server.h \ myproxy_server.h \ verror.h ACLOCAL_AMFLAGS = -I m4 AM_CPPFLAGS = $(GLOBUS_CFLAGS) LDADD = $(GLOBUS_LIBS) lib_LTLIBRARIES = libmyproxy.la if HAVE_VOMS lib_LTLIBRARIES += libmyproxy_voms.la else EXTRA_LTLIBRARIES = libmyproxy_voms.la endif libmyproxy_la_SOURCES = $(LibSources) libmyproxy_la_LDFLAGS = \ -version-info $(MAJOR_VERSION):$(MINOR_VERSION):$(AGE_VERSION) libmyproxy_la_LIBADD = $(GLOBUS_LIBS) libmyproxy_voms_la_SOURCES = gsi_socket_voms.c vomsclient.c libmyproxy_voms_la_LDFLAGS = \ -module -avoid-version -no-undefined libmyproxy_voms_la_LIBADD = libmyproxy.la $(VOMS_LIBS) $(GLOBUS_LIBS) bin_PROGRAMS= \ myproxy-init \ myproxy-info \ myproxy-store \ myproxy-destroy \ myproxy-retrieve \ myproxy-get-trustroots \ myproxy-get-delegation \ myproxy-logon \ myproxy-change-pass-phrase sbin_PROGRAMS= \ myproxy-server \ myproxy-admin-load-credential \ myproxy-admin-query \ myproxy-admin-change-pass myproxy_init_SOURCES = myproxy_init.c myproxy_init_LDADD = ./libmyproxy.la myproxy_info_SOURCES = myproxy_info.c myproxy_info_LDADD = ./libmyproxy.la myproxy_store_SOURCES = myproxy_store.c myproxy_store_LDADD = ./libmyproxy.la $(LDADD) myproxy_retrieve_SOURCES = myproxy_get_credential.c myproxy_retrieve_LDADD = ./libmyproxy.la $(LDADD) myproxy_destroy_SOURCES = myproxy_destroy.c myproxy_destroy_LDADD = ./libmyproxy.la myproxy_server_SOURCES = myproxy_server.c myproxy_server_LDADD = ./libmyproxy.la $(LDADD) myproxy_get_trustroots_SOURCES = myproxy_get_trustroots.c myproxy_get_trustroots_LDADD = ./libmyproxy.la myproxy_get_delegation_SOURCES = myproxy_get_delegation.c myproxy_get_delegation_LDADD = ./libmyproxy.la $(LDADD) myproxy_logon_SOURCES = myproxy_get_delegation.c myproxy_logon_LDADD = ./libmyproxy.la $(LDADD) myproxy_change_pass_phrase_SOURCES = myproxy_cp.c myproxy_change_pass_phrase_LDADD = ./libmyproxy.la myproxy_admin_query_SOURCES = myproxy_arq.c myproxy_admin_query_LDADD = ./libmyproxy.la myproxy_admin_load_credential_SOURCES = myproxy_alcf.c myproxy_admin_load_credential_LDADD = ./libmyproxy.la myproxy_admin_change_pass_SOURCES = myproxy_acp.c myproxy_admin_change_pass_LDADD = ./libmyproxy.la pkgdata_DATA = \ LICENSE LICENSE.sasl LICENSE.netbsd LICENSE.pidfile \ LICENSE.safefile \ VERSION PROTOCOL README.sasl REPOSITORY \ myproxy-server.config \ etc.services.modifications etc.inetd.conf.modifications \ myproxy.cron myproxy-crl.cron myproxy-get-trustroots.cron \ etc.init.d.myproxy etc.init.d.myproxy.nonroot \ etc.xinetd.myproxy myproxy-passphrase-policy \ myproxy-certificate-mapapp myproxy-revoke \ myproxy-accepted-credentials-mapapp \ myproxy-cert-checker myproxy-certreq-checker EXTRA_DIST = $(Scripts) $(check_SCRIPTS) \ LICENSE LICENSE.sasl LICENSE.netbsd LICENSE.pidfile \ LICENSE.safefile \ VERSION PROTOCOL README.sasl REPOSITORY \ myproxy-server.config \ etc.services.modifications etc.inetd.conf.modifications \ myproxy.cron myproxy-crl.cron myproxy-get-trustroots.cron \ etc.init.d.myproxy etc.init.d.myproxy.nonroot \ etc.xinetd.myproxy myproxy-passphrase-policy \ myproxy-certificate-mapapp myproxy-revoke \ myproxy-accepted-credentials-mapapp \ myproxy-cert-checker myproxy-certreq-checker \ myproxy.init myproxy.init.sles myproxy.sysconfig \ README.Fedora myproxy-admin-addservice: myproxy-admin-adduser rm -f myproxy-admin-addservice $(LN_S) $(srcdir)/myproxy-admin-adduser myproxy-admin-addservice KRB5CPPFLAGS = @KRB5CPPFLAGS@ gssapi.lo: gssapi.c plugin_common.h plugin_common.lo: plugin_common.c plugin_common.h splint: splint +posixlib \ -Dsocklen_t=int -Din_addr_t=int \ -Du_int="unsigned int" -Du_char="unsigned char" \ $(DEFS) *.c pkgconfdir = ${libdir}/pkgconfig pkgconf_DATA = myproxy.pc if ENABLE_TESTS TESTS_ENVIRONMENT = export \ GSI_PROXY_UTILS_PATH=$(GSI_PROXY_UTILS_PATH) \ GSI_CERT_UTILS_PATH=$(GSI_CERT_UTILS_PATH) \ OPENSSL=$(OPENSSL); \ export PATH=$(abs_builddir):$(abs_srcdir)$${GSI_PROXY_UTILS_PATH:+:$$GSI_PROXY_UTILS_PATH}$${GSI_CERT_UTILS_PATH:+:$$GSI_CERT_UTILS_PATH}:$${PATH}; TESTS = myproxy-test-wrapper endif myproxy-6.2.16/gsi_socket.c0000644000175100017510000013773214557142036012602 00000000000000/* * gsi_socket.c * * See gsi_socket.h for documentation. */ #include "myproxy_common.h" #include "gsi_socket_priv.h" /********************************************************************* * * Internal functions * */ static int GSI_SOCKET_set_error_string(GSI_SOCKET *self, char *buffer) { if (self->error_string) { free(self->error_string); } self->error_string = strdup(buffer); return GSI_SOCKET_SUCCESS; } /* * append_gss_status() * * Given a gssapi status and and indicator (gssapi error or mechanism- * specific error), append the errors strings to the given string. * * Returns number of bytes written to buffer, -1 if error was truncated * because the buffer was too small. */ static int append_gss_status(char *buffer, int bufferlen, const OM_uint32 gss_code, const int type) { OM_uint32 min_stat; gss_buffer_desc error_string; OM_uint32 context = 0; int total_chars = 0; int chars; assert(buffer != NULL); do { gss_display_status(&min_stat, gss_code, type, GSS_C_NULL_OID, &context, &error_string); if ((error_string.value != NULL) && (error_string.length > 0)) { chars = my_strncpy(buffer, error_string.value, bufferlen); if (chars == -1) { return -1; } total_chars += chars; buffer = &buffer[chars]; bufferlen -= chars; } (void) gss_release_buffer(&min_stat, &error_string); } while(context); return total_chars; } /* * read_all() * * Read all the requested bytes into the requested buffer. */ static int read_all(const int sock, char *buffer, const int nbytes) { int total_bytes_read = 0; int bytes_read; assert(buffer != NULL); while (total_bytes_read < nbytes) { bytes_read = read(sock, &buffer[total_bytes_read], nbytes - total_bytes_read); if (bytes_read == -1) { return -1; } if (bytes_read == 0) { /* EOF */ errno = EPIPE; return -1; } total_bytes_read += bytes_read; } return total_bytes_read; } /* * write_all() * * Write all the requested bytes to the given socket. */ static int write_all(const int sock, const char *buffer, const int nbytes) { int total_bytes_written = 0; int bytes_written; assert(buffer != NULL); while (total_bytes_written < nbytes) { bytes_written = write(sock, &buffer[total_bytes_written], nbytes - total_bytes_written); if (bytes_written == -1) { return -1; } if (bytes_written == 0) { /* EOF */ errno = EPIPE; return -1; } total_bytes_written += bytes_written; } return total_bytes_written; } /* * read_token() * * Read and allocate a token from the given socket. */ static int read_token(const int sock, char **p_buffer, const int max_token_len) { enum header_fields { flag = 0, major_version = 1, minor_version = 2, length_high_byte = 3, length_low_byte = 4 }; int tot_buffer_len = 0, retval; assert(p_buffer != NULL); *p_buffer = NULL; do { unsigned char header[5]; char *bufferp; int data_len, buffer_len; fd_set rfds; struct timeval tv = { 0 }; if (read_all(sock, (char *)header, sizeof(header)) < 0) { if (errno == EPIPE && tot_buffer_len > 0) goto done; if (*p_buffer != NULL) { free(*p_buffer); *p_buffer = NULL; } return -1; } /* * Check and make sure token looks right */ if (((header[flag] < 20) || (header[flag] > 26)) || (header[major_version] != 3)) { if (*p_buffer != NULL) { free(*p_buffer); *p_buffer = NULL; } errno = EINVAL; return -1; } data_len = (header[length_high_byte] << 8) + header[length_low_byte]; buffer_len = data_len + sizeof(header); if (max_token_len > 0 && (tot_buffer_len+buffer_len) > max_token_len) { if (*p_buffer != NULL) { free(*p_buffer); *p_buffer = NULL; } verror_put_string("max_token_len (%d) exceeded", max_token_len); errno = ENOMEM; return -1; } bufferp = *p_buffer = realloc(*p_buffer, tot_buffer_len+buffer_len); if (bufferp == NULL) { if (*p_buffer != NULL) { free(*p_buffer); *p_buffer = NULL; } return -1; } bufferp += tot_buffer_len; tot_buffer_len += buffer_len; memcpy(bufferp, header, sizeof(header)); bufferp += sizeof(header); if (read_all(sock, bufferp, data_len) < 0) { free(*p_buffer); *p_buffer = NULL; return -1; } /* Check for more data on the socket. We want the entire message and SSL may have fragmented it. */ FD_ZERO(&rfds); FD_SET(sock, &rfds); retval = select(sock + 1, &rfds, NULL, NULL, &tv); if (retval < 0) { free(*p_buffer); *p_buffer = NULL; return -1; } } while (retval == 1); done: return tot_buffer_len; } /* * write_token() * * Write a token to the the given socket. * * Returns 0 on success, -1 on error. */ static int write_token(const int sock, const char *buffer, const size_t buffer_size) { int return_value; assert(buffer != NULL); return_value = write_all(sock, buffer, buffer_size); return (return_value == -1 ? -1 : 0); } static int assist_write_token(void *sock, void *buffer, size_t buffer_size) { assert(sock != NULL); assert(buffer != NULL); return write_token(*((int *) sock), (char *) buffer, buffer_size); } /* * GSI_SOCKET_set_error_from_verror() * * Set the given GSI_SOCKET's error state from verror. */ static void GSI_SOCKET_set_error_from_verror(GSI_SOCKET *self) { char *string; if (verror_is_error() == 0) { return; } string = verror_get_string(); if (string != NULL) { if (self->error_string) { free(self->error_string); } self->error_string = strdup(string); } self->error_number = verror_get_errno(); } /********************************************************************* * * API Functions * */ GSI_SOCKET * GSI_SOCKET_new(int sock) { GSI_SOCKET *self = NULL; self = malloc(sizeof(GSI_SOCKET)); if (self == NULL) { return NULL; } memset(self, 0, sizeof(GSI_SOCKET)); self->gss_context = GSS_C_NO_CONTEXT; self->sock = sock; globus_module_activate(GLOBUS_GSI_GSS_ASSIST_MODULE); globus_module_activate(GLOBUS_GSI_SYSCONFIG_MODULE); return self; } void GSI_SOCKET_destroy(GSI_SOCKET *self) { if (self == NULL) { return; } if (self->gss_context != GSS_C_NO_CONTEXT) { gss_buffer_desc output_token_desc = GSS_C_EMPTY_BUFFER; gss_delete_sec_context(&self->minor_status, &self->gss_context, &output_token_desc); /* XXX Should deal with output_token_desc here */ gss_release_buffer(&self->minor_status, &output_token_desc); } if (self->peer_name != NULL) { free(self->peer_name); } if (self->error_string) { free(self->error_string); } if (self->certreq) { free(self->certreq); } free(self); #if 0 /* http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=6909 */ globus_module_deactivate(GLOBUS_GSI_GSS_ASSIST_MODULE); globus_module_deactivate(GLOBUS_GSI_SYSCONFIG_MODULE); #endif } int GSI_SOCKET_get_error_string(GSI_SOCKET *self, char *buffer, int bufferlen) { int total_chars = 0; int chars; if ((buffer == NULL) || (bufferlen == 0)) { /* Punt */ return -1; } if (self == NULL) { return my_strncpy(buffer, "GSI SOCKET not initialized", bufferlen); } if (self->error_string != NULL) { chars = my_strncpy(buffer, self->error_string, bufferlen); if (chars == -1) { goto truncated; } total_chars += chars; buffer = &buffer[chars]; bufferlen -= chars; } if (self->error_number != 0) { if (total_chars && bufferlen && *(buffer - 1) != '\n') { *buffer = '\n'; buffer++; total_chars++; bufferlen--; } chars = my_strncpy(buffer, strerror(self->error_number), bufferlen); if (chars == -1) { goto truncated; } total_chars += chars; buffer = &buffer[chars]; bufferlen -= chars; } if (self->major_status) { if (total_chars && bufferlen && *(buffer - 1) != '\n') { *buffer = '\n'; buffer++; total_chars++; bufferlen--; } /* Parse errors from gss-assist routines */ switch(self->major_status) { case GSS_S_DEFECTIVE_TOKEN | GSS_S_CALL_INACCESSIBLE_READ: case GSS_S_DEFECTIVE_TOKEN | GSS_S_CALL_INACCESSIBLE_WRITE: chars = my_strncpy(buffer, "Connection closed.", bufferlen); break; default: chars = append_gss_status(buffer, bufferlen, self->major_status, GSS_C_GSS_CODE); if (chars == -1) { goto truncated; } total_chars += chars; buffer = &buffer[chars]; bufferlen -= chars; chars = append_gss_status(buffer, bufferlen, self->minor_status, GSS_C_MECH_CODE); if (chars == -1) { goto truncated; } } total_chars += chars; buffer = &buffer[chars]; bufferlen -= chars; } if (total_chars == 0) { /* No error */ buffer[0] = '\0'; } return total_chars; truncated: return -1; } void GSI_SOCKET_clear_error(GSI_SOCKET *self) { if (self == NULL) { return; } if (self->error_string != NULL) { free(self->error_string); self->error_string = NULL; } self->error_number = 0; self->major_status = 0; self->minor_status = 0; } int GSI_SOCKET_allow_anonymous(GSI_SOCKET *self, const int value) { if (self == NULL) { return GSI_SOCKET_ERROR; } self->allow_anonymous = value; return GSI_SOCKET_SUCCESS; } int GSI_SOCKET_peer_used_limited_proxy(GSI_SOCKET *self) { if (self == NULL) { return GSI_SOCKET_ERROR; } return self->limited_proxy; } int GSI_SOCKET_set_peer_limited_proxy(GSI_SOCKET *self, int flag) { if (self == NULL) { return GSI_SOCKET_ERROR; } self->limited_proxy = flag; return 0; } int GSI_SOCKET_set_max_token_len(GSI_SOCKET *self, int bytes) { if (self == NULL) { return GSI_SOCKET_ERROR; } self->max_token_len = bytes; return 0; } int GSI_SOCKET_context_established(GSI_SOCKET *self) { if (self->gss_context == GSS_C_NO_CONTEXT) { return 0; } return 1; } /* XXX This routine really needs a complete overhaul */ int GSI_SOCKET_use_creds(GSI_SOCKET *self, const char *creds) { int return_code = GSI_SOCKET_ERROR; if (creds == NULL) { /* XXX Do nothing for now */ return_code = GSI_SOCKET_SUCCESS; } else { unsetenv("X509_USER_CERT"); unsetenv("X509_USER_KEY"); return_code = (setenv("X509_USER_PROXY", creds, 1) == -1) ? GSI_SOCKET_ERROR : GSI_SOCKET_SUCCESS; } return return_code; } int GSI_SOCKET_check_creds(GSI_SOCKET *self) { gss_cred_id_t creds = GSS_C_NO_CREDENTIAL; int return_value = GSI_SOCKET_ERROR; if (self == NULL) { return GSI_SOCKET_ERROR; } self->major_status = globus_gss_assist_acquire_cred(&self->minor_status, GSS_C_BOTH, &creds); if (self->major_status != GSS_S_COMPLETE) { goto error; } /* Success */ return_value = GSI_SOCKET_SUCCESS; error: if (creds != GSS_C_NO_CREDENTIAL) { OM_uint32 minor_status; gss_release_cred(&minor_status, &creds); } return return_value; } int GSI_SOCKET_authentication_init(GSI_SOCKET *self, gss_name_t accepted_peer_names[]) { int token_status; gss_cred_id_t creds = GSS_C_NO_CREDENTIAL; gss_name_t server_gss_name = GSS_C_NO_NAME; OM_uint32 req_flags = 0, ret_flags = 0; int return_value = GSI_SOCKET_ERROR; gss_buffer_desc gss_buffer = { 0 }; int i, rc = 0, sock; FILE *fp = NULL; char *cert_dir = NULL; globus_result_t res; if (self == NULL) { return GSI_SOCKET_ERROR; } if (accepted_peer_names == NULL || accepted_peer_names[0] == GSS_C_NO_NAME) { return GSI_SOCKET_ERROR; } if (self->gss_context != GSS_C_NO_CONTEXT) { GSI_SOCKET_set_error_string(self, "GSI_SOCKET already authenticated"); goto error; } res = GLOBUS_GSI_SYSCONFIG_GET_CERT_DIR(&cert_dir); if (res == GLOBUS_SUCCESS) { myproxy_debug("using trusted certificates directory %s", cert_dir); } else { verror_put_string("error getting trusted certificates directory"); globus_error_to_verror(res); goto error; } self->major_status = globus_gss_assist_acquire_cred(&self->minor_status, GSS_C_INITIATE, &creds); if (self->major_status != GSS_S_COMPLETE) { if (self->allow_anonymous) { req_flags |= GSS_C_ANON_FLAG; myproxy_debug("no valid credentials found -- " "performing anonymous authentication"); } else { goto error; } } req_flags |= GSS_C_REPLAY_FLAG; req_flags |= GSS_C_MUTUAL_FLAG; req_flags |= GSS_C_CONF_FLAG; req_flags |= GSS_C_INTEG_FLAG; if ((sock = dup(self->sock)) < 0) { GSI_SOCKET_set_error_string(self, "dup() of socket fd failed"); self->error_number = errno; goto error; } if ((fp = fdopen(sock, "r")) == NULL) { GSI_SOCKET_set_error_string(self, "fdopen() of socket failed"); self->error_number = errno; goto error; } if (setvbuf(fp, NULL, _IONBF, 0) != 0) { GSI_SOCKET_set_error_string(self, "setvbuf() for socket failed"); self->error_number = errno; goto error; } self->major_status = globus_gss_assist_init_sec_context(&self->minor_status, creds, &self->gss_context, "GSI-NO-TARGET", req_flags, &ret_flags, &token_status, globus_gss_assist_token_get_fd, (void *)fp, assist_write_token, (void *)&self->sock); if (self->major_status != GSS_S_COMPLETE) { goto error; } /* Verify that all service requests were honored. */ req_flags &= ~(GSS_C_ANON_FLAG); /* GSI GSSAPI doesn't set this flag */ if ((req_flags & ret_flags) != req_flags) { GSI_SOCKET_set_error_string(self, "requested GSSAPI service not supported"); goto error; } if (ret_flags & GSS_C_GLOBUS_LIMITED_PROXY_FLAG) { self->limited_proxy = 1; } /* Check the authenticated identity of the server. */ self->major_status = gss_inquire_context(&self->minor_status, self->gss_context, NULL, &server_gss_name, NULL, NULL, NULL, NULL, NULL); if (self->major_status != GSS_S_COMPLETE) { GSI_SOCKET_set_error_string(self, "gss_inquire_context() failed"); goto error; } self->major_status = gss_display_name(&self->minor_status, server_gss_name, &gss_buffer, NULL); if (self->major_status != GSS_S_COMPLETE) { GSI_SOCKET_set_error_string(self, "gss_display_name() failed"); goto error; } self->peer_name = strdup(gss_buffer.value); myproxy_debug("server name: %s", self->peer_name); myproxy_debug("checking that server name is acceptable..."); /* We told gss_assist_init_sec_context() not to check the server name so we can check it manually here. */ for (i = 0; accepted_peer_names[i] != GSS_C_NO_NAME; i++) { gss_buffer_desc apn_gss_buffer = { 0 }; self->major_status = gss_compare_name(&self->minor_status, server_gss_name, accepted_peer_names[i], &rc); if (self->major_status != GSS_S_COMPLETE) { OM_uint32 stM, stm; gss_buffer_desc errbuf = {0}; char error_string[1050]; stM = gss_display_status(&stm, self->minor_status, GSS_C_MECH_CODE, GSS_C_NO_OID, NULL, &errbuf); if (stM == GSS_S_COMPLETE && errbuf.length > 0) { strncpy(error_string, errbuf.value, sizeof error_string); error_string[1049] = '\0'; gss_release_buffer(&stm, &errbuf); } else { strncpy(error_string, "gss_compare_name failed", sizeof error_string); error_string[1049] = '\0'; } GSI_SOCKET_set_error_string(self, error_string); goto error; } self->major_status = gss_display_name(&self->minor_status, accepted_peer_names[i], &apn_gss_buffer, NULL); if (self->major_status != GSS_S_COMPLETE) { GSI_SOCKET_set_error_string(self, "gss_display_name() failed"); goto error; } if (rc) { myproxy_debug("server name matches \"%s\"", apn_gss_buffer.value); break; } else { myproxy_debug("server name does not match \"%s\"", apn_gss_buffer.value); } gss_release_buffer(&self->minor_status, &apn_gss_buffer); } if (!rc) { /* no match with acceptable target names */ GSI_SOCKET_set_error_string(self, "authenticated peer name does not match"); return_value = GSI_SOCKET_UNAUTHORIZED; goto error; } myproxy_debug("authenticated server name is acceptable"); /* Success */ return_value = GSI_SOCKET_SUCCESS; error: { OM_uint32 minor_status; gss_release_cred(&minor_status, &creds); gss_release_buffer(&minor_status, &gss_buffer); gss_release_name(&minor_status, &server_gss_name); } if (cert_dir) free(cert_dir); if (fp) fclose(fp); return return_value; } int GSI_SOCKET_authentication_accept(GSI_SOCKET *self) { gss_cred_id_t creds = GSS_C_NO_CREDENTIAL; int token_status; int return_value = GSI_SOCKET_ERROR; OM_uint32 gss_flags = 0; int sock; FILE *fp = NULL; char *cert_dir = NULL; globus_result_t res; if (self == NULL) { return GSI_SOCKET_ERROR; } if (self->gss_context != GSS_C_NO_CONTEXT) { GSI_SOCKET_set_error_string(self, "GSI_SOCKET already authenticated"); goto error; } res = GLOBUS_GSI_SYSCONFIG_GET_CERT_DIR(&cert_dir); if (res == GLOBUS_SUCCESS) { myproxy_debug("using trusted certificates directory %s", cert_dir); } else { verror_put_string("error getting trusted certificates directory"); globus_error_to_verror(res); goto error; } self->major_status = globus_gss_assist_acquire_cred(&self->minor_status, GSS_C_ACCEPT, &creds); if (self->major_status != GSS_S_COMPLETE) { goto error; } /* These are supposed to be return flags only, according to RFC 2774, but GSI helpfully uses them as request flags too. */ gss_flags |= GSS_C_REPLAY_FLAG; gss_flags |= GSS_C_MUTUAL_FLAG; gss_flags |= GSS_C_CONF_FLAG; gss_flags |= GSS_C_INTEG_FLAG; if ((sock = dup(self->sock)) < 0) { GSI_SOCKET_set_error_string(self, "dup() of socket fd failed"); self->error_number = errno; goto error; } if ((fp = fdopen(sock, "r")) == NULL) { GSI_SOCKET_set_error_string(self, "fdopen() of socket failed"); self->error_number = errno; goto error; } if (setvbuf(fp, NULL, _IONBF, 0) != 0) { GSI_SOCKET_set_error_string(self, "setvbuf() for socket failed"); self->error_number = errno; goto error; } self->major_status = globus_gss_assist_accept_sec_context(&self->minor_status, &self->gss_context, creds, &self->peer_name, &gss_flags, NULL, /* u2u flag */ &token_status, NULL, /* Delegated creds * added in Globus 1.1.3 */ globus_gss_assist_token_get_fd, (void *)fp, assist_write_token, (void *)&self->sock); if (self->major_status != GSS_S_COMPLETE) { goto error; } if (!(gss_flags & GSS_C_CONF_FLAG)) { GSI_SOCKET_set_error_string(self, "requested confidentiality GSSAPI service" " but it is not available"); goto error; } if (gss_flags & GSS_C_GLOBUS_LIMITED_PROXY_FLAG) { self->limited_proxy = 1; } /* Success */ return_value = GSI_SOCKET_SUCCESS; error: if (creds != GSS_C_NO_CREDENTIAL) { OM_uint32 minor_status; gss_release_cred(&minor_status, &creds); } if (cert_dir) free(cert_dir); if (fp) fclose(fp); return return_value; } int GSI_SOCKET_get_peer_name(GSI_SOCKET *self, char *buffer, const int buffer_len) { int return_value = GSI_SOCKET_ERROR; if (self == NULL) { return GSI_SOCKET_ERROR; } if (buffer == NULL) { self->error_number = EINVAL; return GSI_SOCKET_ERROR; } if (self->peer_name == NULL) { GSI_SOCKET_set_error_string(self, "Client not authenticated"); goto error; } return_value = my_strncpy(buffer, self->peer_name, buffer_len); if (return_value == -1) { return_value = GSI_SOCKET_TRUNCATED; goto error; } /* SUCCESS */ return_value = GSI_SOCKET_SUCCESS; error: return return_value; } char * GSI_SOCKET_get_peer_hostname(GSI_SOCKET *self) { struct sockaddr_storage addr; socklen_t addr_len = sizeof(addr); char host [NI_MAXHOST]; int loopback = 0; if (getpeername(self->sock, (struct sockaddr *) &addr, &addr_len) < 0) { self->error_number = errno; GSI_SOCKET_set_error_string(self, "Could not get peer address"); return NULL; } if (getnameinfo((struct sockaddr *) &addr, addr_len, host, sizeof(host), NULL, 0, NI_NAMEREQD)) { self->error_number = errno; GSI_SOCKET_set_error_string(self, "Could not get peer hostname"); return NULL; } /* check for localhost / loopback */ if (addr.ss_family == AF_INET) { struct sockaddr_in sadder; memcpy(&sadder, &addr, sizeof(sadder)); if (ntohl(sadder.sin_addr.s_addr) == INADDR_LOOPBACK) { loopback = 1; } } #ifdef AF_INET6 else if (addr.ss_family == AF_INET6) { struct sockaddr_in6 saddr6; memcpy(&saddr6, &addr, sizeof(saddr6)); if (IN6_IS_ADDR_LOOPBACK(&saddr6.sin6_addr)) { loopback = 1; } } #endif if (loopback) { char buf[MAXHOSTNAMELEN]; if (gethostname(buf, sizeof(buf)) < 0) { self->error_number = errno; GSI_SOCKET_set_error_string(self, "gethostname() failed"); return NULL; } return strdup(buf); } return strdup(host); } int GSI_SOCKET_get_peer_fqans(GSI_SOCKET *self, char ***fqans) { static int once = 1; static void *myproxy_voms_handle = 0; static int (*myproxy_voms_get_peer_fqans)() = 0; if (once) { once = 0; myproxy_voms_handle = dlopen("libmyproxy_voms.so", RTLD_LAZY|RTLD_LOCAL); if (myproxy_voms_handle != NULL) { myproxy_voms_get_peer_fqans = dlsym(myproxy_voms_handle, "GSI_SOCKET_get_peer_fqans"); } } *fqans = NULL; if (myproxy_voms_get_peer_fqans != NULL) { return myproxy_voms_get_peer_fqans(self, fqans); } else { return 0; } } int GSI_SOCKET_write_buffer(GSI_SOCKET *self, const char *buffer, const size_t buffer_len) { int return_value = GSI_SOCKET_ERROR; if (self == NULL) { return GSI_SOCKET_ERROR; } #if 0 if (buffer[buffer_len - 1] == '\0') { myproxy_debug("writing a null-terminated message"); } else { myproxy_debug("writing a non-null-terminated message"); } #endif if ((buffer == NULL) || (buffer_len == 0)) { return 0; } if (self->gss_context == GSS_C_NO_CONTEXT) { /* No context established, just send in the clear */ return_value = write_token(self->sock, buffer, buffer_len); if (return_value == -1) { self->error_number = errno; GSI_SOCKET_set_error_string(self, "failed to write token"); goto error; } } else { /* Encrypt buffer before sending */ gss_buffer_desc unwrapped_buffer; gss_buffer_desc wrapped_buffer; int conf_state; unwrapped_buffer.value = (char *) buffer; unwrapped_buffer.length = buffer_len; self->major_status = gss_wrap(&self->minor_status, self->gss_context, 1 /* encrypt */, GSS_C_QOP_DEFAULT, &unwrapped_buffer, &conf_state, &wrapped_buffer); if (self->major_status != GSS_S_COMPLETE) { goto error; } if (!conf_state) { GSI_SOCKET_set_error_string(self, "GSI_SOCKET failed to encrypt"); goto error; } return_value = write_token(self->sock, wrapped_buffer.value, wrapped_buffer.length); if (return_value == -1) { self->error_number = errno; GSI_SOCKET_set_error_string(self, "failed to write token"); gss_release_buffer(&self->minor_status, &wrapped_buffer); goto error; } gss_release_buffer(&self->minor_status, &wrapped_buffer); } /* fprintf(stderr, "\nwrote:\n%s\n", buffer); */ error: return return_value; } static size_t safe_strlen(const char s[], size_t bufsiz) { int i; for (i = 0; i < bufsiz; i++) { if (s[i] == '\0') { return i; } } return i; } int GSI_SOCKET_read_token(GSI_SOCKET *self, unsigned char **pbuffer, size_t *pbuffer_len) { int bytes_read; static unsigned char *saved_buffer = NULL; /* not thread safe! */ static int saved_buffer_len = 0; unsigned char *buffer; int return_status = GSI_SOCKET_ERROR; if (saved_buffer) { buffer = saved_buffer; bytes_read = saved_buffer_len; saved_buffer = NULL; saved_buffer_len = 0; } else { bytes_read = read_token(self->sock, (char **) &buffer, self->max_token_len); if (bytes_read == -1) { self->error_number = errno; GSI_SOCKET_set_error_string(self, "failed to read token"); goto error; } if (bytes_read == 0) { self->error_number = errno; GSI_SOCKET_set_error_string(self, "connection closed"); goto error; } if (self->gss_context != GSS_C_NO_CONTEXT) { /* Need to unwrap read data */ gss_buffer_desc unwrapped_buffer; gss_buffer_desc wrapped_buffer; int conf_state; gss_qop_t qop_state; wrapped_buffer.value = buffer; wrapped_buffer.length = bytes_read; self->major_status = gss_unwrap(&self->minor_status, self->gss_context, &wrapped_buffer, &unwrapped_buffer, &conf_state, &qop_state); free(buffer); if (self->major_status != GSS_S_COMPLETE) { goto error; } buffer = unwrapped_buffer.value; bytes_read = unwrapped_buffer.length; } } if (bytes_read == 0) { self->error_number = errno; GSI_SOCKET_set_error_string(self, "connection closed"); goto error; } /* HACK: We may have multiple tokens concatenated together here. Unfortunately, our protocol doesn't do a good job of message framing. Still, we can find the start/end of some messages by looking for the standard VERSION string at the start. */ if (strncmp((const char *)buffer, "VERSION", strlen("VERSION")) == 0) { size_t token_len = safe_strlen((const char *)buffer, bytes_read) + 1; if (bytes_read > token_len) { /* Our buffer is bigger than one message. Just return the one message here and save the rest for later. */ char *old_buffer; old_buffer = (char *)buffer; saved_buffer_len = bytes_read - token_len; buffer = malloc(token_len); memcpy(buffer, old_buffer, token_len); saved_buffer = malloc(saved_buffer_len); memcpy(saved_buffer, old_buffer+token_len, saved_buffer_len); bytes_read = token_len; free(old_buffer); } } /* Success */ *pbuffer = buffer; *pbuffer_len = bytes_read; return_status = GSI_SOCKET_SUCCESS; /* fprintf(stderr, "\nread:\n%s\n", buffer); */ #if 0 if (buffer[bytes_read - 1] == '\0') { myproxy_debug("read a null-terminated message"); } else { myproxy_debug("read a non-null-terminated message"); } #endif error: return return_status; } void GSI_SOCKET_free_token(unsigned char *buffer) { if (buffer != NULL) { free(buffer); } } int GSI_SOCKET_delegation_init_ext(GSI_SOCKET *self, const char *source_credentials, int lifetime, const char *passphrase) { int return_value = GSI_SOCKET_ERROR; SSL_CREDENTIALS *creds = NULL; SSL_PROXY_RESTRICTIONS *proxy_restrictions = NULL; unsigned char *input_buffer = NULL; size_t input_buffer_length; unsigned char *output_buffer = NULL; int output_buffer_length; if (self == NULL) { goto error; } if (self->gss_context == GSS_C_NO_CONTEXT) { GSI_SOCKET_set_error_string(self, "GSI_SOCKET not authenticated"); goto error; } /* * Load proxy we are going to use to sign delegation */ creds = ssl_credentials_new(); if (creds == NULL) { GSI_SOCKET_set_error_from_verror(self); goto error; } if (passphrase && passphrase[0] == '\0') { passphrase = NULL; } if (ssl_proxy_load_from_file(creds, source_credentials, passphrase) == SSL_ERROR) { GSI_SOCKET_set_error_from_verror(self); goto error; } /* * Read the certificate request from the client */ if (GSI_SOCKET_read_token(self, &input_buffer, &input_buffer_length) == GSI_SOCKET_ERROR) { goto error; } /* HACK: We may get an error message rather than a certreq... */ if (strncmp((const char *)input_buffer, "VERSION", strlen("VERSION")) == 0) { myproxy_response_t *response; response = malloc(sizeof(*response)); memset(response, 0, sizeof(*response)); myproxy_handle_response((const char *)input_buffer, input_buffer_length, response); myproxy_free(NULL, NULL, response); GSI_SOCKET_set_error_string(self, "server-side error: check server logs"); goto error; } /* * Set up the restrictions on the proxy */ proxy_restrictions = ssl_proxy_restrictions_new(); if (proxy_restrictions == NULL) { goto error; } if (ssl_proxy_restrictions_set_lifetime(proxy_restrictions, (long) lifetime) == SSL_ERROR) { goto error; } if (GSI_SOCKET_peer_used_limited_proxy(self)) { ssl_proxy_restrictions_set_limited(proxy_restrictions, 1); } /* * Sign the request */ if (ssl_proxy_delegation_sign(creds, proxy_restrictions, input_buffer, input_buffer_length, &output_buffer, &output_buffer_length) == SSL_ERROR) { GSI_SOCKET_set_error_from_verror(self); goto error; } /* * Write the proxy certificate back to user */ if (GSI_SOCKET_write_buffer(self, (const char *)output_buffer, output_buffer_length) == GSI_SOCKET_ERROR) { goto error; } /* Success */ return_value = GSI_SOCKET_SUCCESS; error: if (input_buffer != NULL) { GSI_SOCKET_free_token(input_buffer); } if (output_buffer != NULL) { ssl_free_buffer(output_buffer); } if (creds != NULL) { ssl_credentials_destroy(creds); } if (proxy_restrictions != NULL) { ssl_proxy_restrictions_destroy(proxy_restrictions); } return return_value; } int GSI_SOCKET_delegation_accept(GSI_SOCKET *self, unsigned char **delegated_credentials, int *delegated_credentials_len, char *passphrase) { int return_value = GSI_SOCKET_ERROR; SSL_CREDENTIALS *creds = NULL; unsigned char *output_buffer = NULL; int output_buffer_len; unsigned char *input_buffer = NULL; size_t input_buffer_len; unsigned char *fmsg; int i; if (self == NULL) { return GSI_SOCKET_ERROR; } if ((delegated_credentials == NULL) || (delegated_credentials_len == 0)) { self->error_number = EINVAL; goto error; } if (self->gss_context == GSS_C_NO_CONTEXT) { GSI_SOCKET_set_error_string(self, "GSI_SOCKET not authenticated"); return GSI_SOCKET_ERROR; } if (self->certreq) { creds = ssl_credentials_new(); if (ssl_certreq_pem_to_der(self->certreq, &output_buffer, &output_buffer_len) == SSL_ERROR) { GSI_SOCKET_set_error_from_verror(self); goto error; } } else { /* Generate proxy certificate request and send */ if (ssl_proxy_delegation_init(&creds, &output_buffer, &output_buffer_len, 0 /* default number of bits */, NULL /* No callback */) == SSL_ERROR) { GSI_SOCKET_set_error_from_verror(self); goto error; } } if (GSI_SOCKET_write_buffer(self, (const char *)output_buffer, output_buffer_len) == GSI_SOCKET_ERROR) { goto error; } /* Now read the signed certificate */ if (GSI_SOCKET_read_token(self, &input_buffer, &input_buffer_len) == GSI_SOCKET_ERROR) { goto error; } /* HACK: We may get just an error message rather than a cert... */ if (strncmp((const char *)input_buffer, "VERSION", strlen("VERSION")) == 0) { myproxy_response_t *response; response = malloc(sizeof(*response)); memset(response, 0, sizeof(*response)); myproxy_handle_response((const char *)input_buffer, input_buffer_len, response); myproxy_free(NULL, NULL, response); GSI_SOCKET_set_error_string(self, "server-side error: check server logs"); goto error; } /* MAJOR HACK: We don't have application-level framing in our protocol. We can't separate the certificate chain easily from the final protocol message, so just discard it. */ fmsg = input_buffer; for (i = 0; i < input_buffer_len-strlen("VERSION"); i++, fmsg++) { if (strncmp((const char *)fmsg, "VERSION", strlen("VERSION")) == 0) { input_buffer_len = fmsg-input_buffer; break; } } if (ssl_proxy_delegation_finalize(creds, input_buffer, input_buffer_len) == SSL_ERROR) { GSI_SOCKET_set_error_from_verror(self); goto error; } if (passphrase && passphrase[0] == '\0') { passphrase = NULL; } if (ssl_proxy_to_pem(creds, delegated_credentials, delegated_credentials_len, passphrase) == SSL_ERROR) { GSI_SOCKET_set_error_from_verror(self); goto error; } /* Success */ return_value = GSI_SOCKET_SUCCESS; error: if (creds != NULL) { ssl_credentials_destroy(creds); } if (input_buffer != NULL) { GSI_SOCKET_free_token(input_buffer); } if (output_buffer != NULL) { ssl_free_buffer(output_buffer); } return return_value; } int GSI_SOCKET_delegation_accept_ext(GSI_SOCKET *self, char *delegated_credentials, int delegated_credentials_len, char *passphrase) { int return_value = GSI_SOCKET_ERROR; unsigned char *output_buffer = NULL; int output_buffer_len; char *filename = NULL; int fd = -1; if (GSI_SOCKET_delegation_accept(self, &output_buffer, &output_buffer_len, passphrase) != GSI_SOCKET_SUCCESS) { goto error; } /* Now store the credentials */ filename = myproxy_creds_path_template(); if (filename == NULL) { /* should never happen */ verror_put_string("myproxy_creds_path_template() failed"); goto error; } fd = mkstemp(filename); if (fd == -1) { verror_put_string("Error creating temporary file (%s)", filename); verror_put_errno(errno); goto error; } if (write(fd, output_buffer, output_buffer_len) == -1) { verror_put_errno(errno); verror_put_string("Error writing proxy to %s", filename); goto error; } if (delegated_credentials != NULL) { if (my_strncpy(delegated_credentials, filename, delegated_credentials_len) < 0) { verror_put_string("credential path too long"); goto error; } } /* Success */ return_value = GSI_SOCKET_SUCCESS; error: if (output_buffer != NULL) { ssl_free_buffer(output_buffer); } if (fd >= 0) close(fd); if (return_value != GSI_SOCKET_SUCCESS && fd >= 0) { ssl_proxy_file_destroy(filename); } if (filename) free(filename); return return_value; } int GSI_SOCKET_delegation_set_certreq(GSI_SOCKET *self, char *certreq) { if (self->certreq) { free(self->certreq); self->certreq = NULL; } self->certreq = strdup(certreq); return GSI_SOCKET_SUCCESS; } int GSI_SOCKET_credentials_accept_ext(GSI_SOCKET *self, char *credentials, int credentials_len) { int return_value = GSI_SOCKET_ERROR; SSL_CREDENTIALS *creds = NULL; SSL_PROXY_RESTRICTIONS *proxy_restrictions = NULL; unsigned char *input_buffer = NULL; size_t input_buffer_length; unsigned char *fmsg; int i; char *filename = NULL; char *certstart; int rval, fd = 0; int size; if (self == NULL) { goto error; } if (self->gss_context == GSS_C_NO_CONTEXT) { GSI_SOCKET_set_error_string(self, "GSI_SOCKET not authenticated"); goto error; } /* Read the Cred sent from the client. */ if (GSI_SOCKET_read_token(self, &input_buffer, &input_buffer_length) == GSI_SOCKET_ERROR) { goto error; } myproxy_debug( "Read credentials" ); /* MAJOR HACK: We don't have application-level framing in our protocol. We can't separate the certificate chain easily from the final protocol message, so just discard it. */ fmsg = input_buffer; for (i = 0; i < input_buffer_length-strlen("VERSION"); i++, fmsg++) { if (strncmp((const char *)fmsg, "VERSION", strlen("VERSION")) == 0) { input_buffer_length = fmsg-input_buffer; break; } } /* Now store the credentials */ filename = myproxy_creds_path_template(); if (filename == NULL) { /* should never happen */ verror_put_string("myproxy_creds_path_template() failed"); goto error; } fd = mkstemp(filename); if (fd == -1) { verror_put_string("Error creating temporary file (%s)", filename); verror_put_errno(errno); goto error; } size = strlen( (char *)input_buffer ); certstart = (char *)input_buffer; while (size) { if ((rval = write(fd, certstart, size)) < 0) { perror("write"); goto error; } size -= rval; certstart += rval; } if (write(fd, "\n\0", 1) < 0) { perror("write"); goto error; } if (my_strncpy(credentials, filename, credentials_len) < 0) { verror_put_string("credential path too long"); goto error; } /* Success */ return_value = GSI_SOCKET_SUCCESS; error: if (input_buffer != NULL) { GSI_SOCKET_free_token(input_buffer); } if (creds != NULL) { ssl_credentials_destroy(creds); } if (proxy_restrictions != NULL) { ssl_proxy_restrictions_destroy(proxy_restrictions); } if (fd >= 0) { close(fd); } if (return_value != GSI_SOCKET_SUCCESS && fd >= 0) { ssl_proxy_file_destroy(filename); } if (filename) free(filename); return return_value; } int GSI_SOCKET_credentials_init_ext(GSI_SOCKET *self, const char *source_credentials) { int return_value = GSI_SOCKET_ERROR; SSL_PROXY_RESTRICTIONS *proxy_restrictions = NULL; unsigned char *output_buffer = NULL; if (self == NULL) { goto error; } if (self->gss_context == GSS_C_NO_CONTEXT) { GSI_SOCKET_set_error_string(self, "GSI_SOCKET not authenticated"); goto error; } if (GSI_SOCKET_write_buffer(self, source_credentials, strlen(source_credentials) + 1) == GSI_SOCKET_ERROR) { goto error; } /* Success */ return_value = GSI_SOCKET_SUCCESS; error: if (output_buffer != NULL) { ssl_free_buffer(output_buffer); } if (proxy_restrictions != NULL) { ssl_proxy_restrictions_destroy(proxy_restrictions); } return return_value; } int GSI_SOCKET_get_creds(GSI_SOCKET *self, const char *source_credentials) { int return_value = GSI_SOCKET_ERROR; unsigned char *output_buffer = NULL; int output_buffer_length; if (self == NULL) { goto error; } if (self->gss_context == GSS_C_NO_CONTEXT) { GSI_SOCKET_set_error_string(self, "GSI_SOCKET not authenticated"); goto error; } if (buffer_from_file(source_credentials, &output_buffer, &output_buffer_length) < 0) { GSI_SOCKET_set_error_from_verror(self); goto error; } /* * Write the proxy certificate back to user */ myproxy_debug( "Sending credential" ); if (GSI_SOCKET_write_buffer(self, (const char *)output_buffer, output_buffer_length) == GSI_SOCKET_ERROR) { goto error; } /* Success */ return_value = GSI_SOCKET_SUCCESS; error: if (output_buffer != NULL) { free(output_buffer); } return return_value; } int GSI_SOCKET_get_errno(GSI_SOCKET *self) { if (self) return self->error_number; return 0; } myproxy-6.2.16/plugin_common.h0000644000175100017510000002000514557142036013303 00000000000000 /* Generic SASL plugin utility functions * Rob Siemborski * $Id: plugin_common.h,v 1.20 2004/06/23 18:43:37 rjs3 Exp $ */ /* * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The name "Carnegie Mellon University" must not be used to * endorse or promote products derived from this software without * prior written permission. For permission or any other legal * details, please contact * Office of Technology Transfer * Carnegie Mellon University * 5000 Forbes Avenue * Pittsburgh, PA 15213-3890 * (412) 268-4387, fax: (412) 268-7395 * tech-transfer@andrew.cmu.edu * * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Computing Services * at Carnegie Mellon University (http://www.cmu.edu/computing/)." * * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #ifndef _PLUGIN_COMMON_H_ #define _PLUGIN_COMMON_H_ #ifndef macintosh #ifdef WIN32 # include #else # include # include # include # include #endif /* WIN32 */ #endif /* macintosh */ #include #include #include #ifdef WIN32 #define PLUG_API __declspec(dllexport) #else #define PLUG_API extern #endif #define SASL_CLIENT_PLUG_INIT( x ) \ extern sasl_client_plug_init_t x##_client_plug_init; \ PLUG_API int sasl_client_plug_init(const sasl_utils_t *utils, \ int maxversion, int *out_version, \ sasl_client_plug_t **pluglist, \ int *plugcount) { \ return x##_client_plug_init(utils, maxversion, out_version, \ pluglist, plugcount); \ } #define SASL_SERVER_PLUG_INIT( x ) \ extern sasl_server_plug_init_t x##_server_plug_init; \ PLUG_API int sasl_server_plug_init(const sasl_utils_t *utils, \ int maxversion, int *out_version, \ sasl_server_plug_t **pluglist, \ int *plugcount) { \ return x##_server_plug_init(utils, maxversion, out_version, \ pluglist, plugcount); \ } #define SASL_AUXPROP_PLUG_INIT( x ) \ extern sasl_auxprop_init_t x##_auxprop_plug_init; \ PLUG_API int sasl_auxprop_plug_init(const sasl_utils_t *utils, \ int maxversion, int *out_version, \ sasl_auxprop_plug_t **plug, \ const char *plugname) {\ return x##_auxprop_plug_init(utils, maxversion, out_version, \ plug, plugname); \ } #define SASL_CANONUSER_PLUG_INIT( x ) \ extern sasl_canonuser_init_t x##_canonuser_plug_init; \ PLUG_API int sasl_canonuser_init(const sasl_utils_t *utils, \ int maxversion, int *out_version, \ sasl_canonuser_plug_t **plug, \ const char *plugname) {\ return x##_canonuser_plug_init(utils, maxversion, out_version, \ plug, plugname); \ } /* note: msg cannot include additional variables, so if you want to * do a printf-format string, then you need to call seterror yourself */ #define SETERROR( utils, msg ) (utils)->seterror( (utils)->conn, 0, "%s", (msg) ) #ifndef MEMERROR #define MEMERROR( utils ) \ (utils)->seterror( (utils)->conn, 0, \ "Out of Memory in " __FILE__ " near line %d", __LINE__ ) #endif #ifndef PARAMERROR #define PARAMERROR( utils ) \ (utils)->seterror( (utils)->conn, 0, \ "Parameter Error in " __FILE__ " near line %d", __LINE__ ) #endif #ifndef SASLINT_H typedef struct buffer_info { char *data; unsigned curlen; /* Current length of data in buffer */ unsigned reallen; /* total length of buffer (>= curlen) */ } buffer_info_t; #endif #ifdef __cplusplus extern "C" { #endif int _plug_ipfromstring(const sasl_utils_t *utils, const char *addr, struct sockaddr *out, socklen_t outlen); int _plug_iovec_to_buf(const sasl_utils_t *utils, const struct iovec *vec, unsigned numiov, buffer_info_t **output); int _plug_buf_alloc(const sasl_utils_t *utils, char **rwbuf, unsigned *curlen, unsigned newlen); int _plug_strdup(const sasl_utils_t * utils, const char *in, char **out, int *outlen); void _plug_free_string(const sasl_utils_t *utils, char **str); void _plug_free_secret(const sasl_utils_t *utils, sasl_secret_t **secret); #define _plug_get_userid(utils, result, prompt_need) \ _plug_get_simple(utils, SASL_CB_USER, 0, result, prompt_need) #define _plug_get_authid(utils, result, prompt_need) \ _plug_get_simple(utils, SASL_CB_AUTHNAME, 1, result, prompt_need) int _plug_get_simple(const sasl_utils_t *utils, unsigned int id, int required, const char **result, sasl_interact_t **prompt_need); int _plug_get_password(const sasl_utils_t *utils, sasl_secret_t **secret, unsigned int *iscopy, sasl_interact_t **prompt_need); int _plug_challenge_prompt(const sasl_utils_t *utils, unsigned int id, const char *challenge, const char *promptstr, const char **result, sasl_interact_t **prompt_need); int _plug_get_realm(const sasl_utils_t *utils, const char **availrealms, const char **realm, sasl_interact_t **prompt_need); int _plug_make_prompts(const sasl_utils_t *utils, sasl_interact_t **prompts_res, const char *user_prompt, const char *user_def, const char *auth_prompt, const char *auth_def, const char *pass_prompt, const char *pass_def, const char *echo_chal, const char *echo_prompt, const char *echo_def, const char *realm_chal, const char *realm_prompt, const char *realm_def); typedef struct decode_context { const sasl_utils_t *utils; unsigned int needsize; /* How much of the 4-byte size do we need? */ char sizebuf[4]; /* Buffer to accumulate the 4-byte size */ unsigned int size; /* Absolute size of the encoded packet */ char *buffer; /* Buffer to accumulate an encoded packet */ unsigned int cursize; /* Amount of packet data in the buffer */ unsigned int in_maxbuf; /* Maximum allowed size of an encoded packet */ } decode_context_t; void _plug_decode_init(decode_context_t *text, const sasl_utils_t *utils, unsigned int in_maxbuf); int _plug_decode(decode_context_t *text, const char *input, unsigned inputlen, char **output, unsigned *outputsize, unsigned *outputlen, int (*decode_pkt)(void *rock, const char *input, unsigned inputlen, char **output, unsigned *outputlen), void *rock); void _plug_decode_free(decode_context_t *text); int _plug_parseuser(const sasl_utils_t *utils, char **user, char **realm, const char *user_realm, const char *serverFQDN, const char *input); int _plug_make_fulluser(const sasl_utils_t *utils, char **fulluser, const char * useronly, const char *realm); char * _plug_get_error_message (const sasl_utils_t *utils, #ifdef WIN32 DWORD error #else int error #endif ); void _plug_snprintf_os_info (char * osbuf, int osbuf_len); #ifdef __cplusplus } #endif #endif /* _PLUGIN_COMMON_H_ */ myproxy-6.2.16/port_getopt.h0000644000175100017510000000575414557142036013021 00000000000000/* $NetBSD: getopt.h,v 1.7 2005/02/03 04:39:32 perry Exp $ */ /*- * Copyright (c) 2000 The NetBSD Foundation, Inc. * All rights reserved. * * This code is derived from software contributed to The NetBSD Foundation * by Dieter Baron and Thomas Klausner. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the NetBSD * Foundation, Inc. and its contributors. * 4. Neither the name of The NetBSD Foundation nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ /* * modified May 12, 2005 by Jim Basney * * removed #include of non-POSIX and * removed references to _NETBSD_SOURCE and HAVE_NBTOOL_CONFIG_H * added #if !HAVE_GETOPT_LONG * removed __BEGIN_DECLS and __END_DECLS */ #ifndef _MYPROXY_GETOPT_H_ #define _MYPROXY_GETOPT_H_ #if !HAVE_GETOPT_LONG #include /* * Gnu like getopt_long() and BSD4.4 getsubopt()/optreset extensions */ #define no_argument 0 #define required_argument 1 #define optional_argument 2 struct option { /* name of long option */ const char *name; /* * one of no_argument, required_argument, and optional_argument: * whether option takes an argument */ int has_arg; /* if not NULL, set *flag to val when option found */ int *flag; /* if flag not NULL, value to set *flag to; else return value */ int val; }; int getopt_long(int, char * const *, const char *, const struct option *, int *); #endif /* !HAVE_GETOPT_LONG */ #endif /* !_MYPROXY_GETOPT_H_ */ myproxy-6.2.16/myproxy-cert-checker0000755000175100017510000000045314557142036014303 00000000000000#!/bin/sh # example certificate_issuer_checker script # pull cert from stdin to shell variable cert=`openssl x509 -text` # check for MD5 signatures echo "$cert" | grep 'Algorithm: md5' > /dev/null 2>&1 if [ $? = "0" ]; then echo "MD5 signature detected" 1>&2 exit 1 fi # all done exit 0 myproxy-6.2.16/certauth_resolveuser.c0000644000175100017510000003145114557142036014714 00000000000000#include "myproxy_common.h" #ifdef HAVE_LIBLDAP #include #endif #define DN_BUFFER_SIZE 512 #define USERNAME_BUFFER_SIZE 256 int resolve_via_mapfile ( char * username, char ** dn ) { int return_value = 0; char * userdn = NULL; myproxy_debug("resolve_via_mapfile()"); if ( globus_gss_assist_map_local_user( username, &userdn ) ) { return_value = 1; goto end; } *dn = userdn; end: if (return_value) { if (userdn) { free(userdn); userdn = NULL; } } return return_value; } int resolve_via_mapapp ( char * app_string, char * username, char ** dn ) { pid_t childpid; int fds[3]; int return_value = 0; char * userdn = NULL; FILE * app_stream = NULL; int exit_status; myproxy_debug("resolve_via_mapapp(%s, %s)", app_string, username); userdn = malloc(DN_BUFFER_SIZE); if (userdn == NULL) { verror_put_string("malloc() failed."); goto end; } memset(userdn, '\0', DN_BUFFER_SIZE); if ((childpid = myproxy_popen(fds, app_string, username, NULL)) < 0) { return -1; /* myproxy_popen will set verror */ } close(fds[0]); /* wait for child */ if (waitpid(childpid, &exit_status, 0) == -1) { verror_put_string("wait() failed for mapapp child"); verror_put_errno(errno); return -1; } if (exit_status != 0) { FILE *fp = NULL; char buf[100]; verror_put_string("Mapping call-out returned error"); fp = fdopen(fds[1], "r"); if (fp) { while (fgets(buf, 100, fp) != NULL) { verror_put_string("%s", buf); } fclose(fp); } else { close(fds[1]); } fp = fdopen(fds[2], "r"); if (fp) { while (fgets(buf, 100, fp) != NULL) { verror_put_string("%s", buf); } fclose(fp); } else { close(fds[2]); } return_value = 1; goto end; } close(fds[2]); app_stream = fdopen(fds[1], "r"); if (fgets(userdn, DN_BUFFER_SIZE, app_stream) == NULL) { fclose(app_stream); verror_put_string("Error reading from mapping application."); return_value = 1; goto end; } fclose(app_stream); app_stream = NULL; /* Chop trailing newline if present */ if (userdn[strlen(userdn) - 1] == '\n') { userdn[strlen(userdn) - 1] = '\0'; } if (strlen(userdn) == 0) { verror_put_string("Got zero-length DN from mapping application."); return_value = 1; goto end; } *dn = userdn; end: if (return_value) { if (userdn) { free(userdn); userdn = NULL; } *dn = NULL; } return return_value; } #ifdef HAVE_LIBLDAP int resolve_via_ldap ( char * username, char ** dn, myproxy_server_context_t *server_context ) { int return_value = 0; char * userdn = NULL; LDAP *ld = NULL; int rc; int ldap_version = LDAP_VERSION3; char * binduser = NULL; struct berval cred; struct berval *servcred; LDAPMessage *results = NULL; LDAPMessage *entry = NULL; char * dnbuffer = NULL; char * searchfilter = NULL; char * attr; BerElement *ber = NULL; struct berval **vals = NULL; int found_attribute; LDAPDN tmpDN; int dn_set = 0; size_t filterlen; myproxy_debug("resolve_via_ldap()"); /* check directives to make sure all is in order.... */ if ( server_context->ca_ldap_uid_attribute == NULL ) { verror_put_string("Required directive ca_ldap_uid_attribute not set."); return_value = 1; goto end; } if ( server_context->ca_ldap_searchbase == NULL ) { verror_put_string("Required directive ca_ldap_searchbase not set."); return_value = 1; goto end; } if (server_context->ca_ldap_server) myproxy_debug("ca_ldap_server: %s", server_context->ca_ldap_server); if (server_context->ca_ldap_uid_attribute) myproxy_debug("ca_ldap_uid_attribute: %s", server_context->ca_ldap_uid_attribute); if (server_context->ca_ldap_searchbase) myproxy_debug("ca_ldap_searchbase: %s", server_context->ca_ldap_searchbase); if (server_context->ca_ldap_connect_dn) myproxy_debug("ca_ldap_connect_dn: %s", server_context->ca_ldap_connect_dn); if (server_context->ca_ldap_connect_passphrase) myproxy_debug("ca_ldap_connect_passphase: %s", server_context->ca_ldap_connect_passphrase); if (server_context->ca_ldap_dn_attribute) myproxy_debug("ca_ldap_dn_attribute: %s", server_context->ca_ldap_dn_attribute); /* prodeed with the connection */ rc = ldap_initialize( &ld, server_context->ca_ldap_server ); if ( rc != LDAP_SUCCESS ) { verror_put_string("ldap_initialize() failed"); verror_put_string("ldap_initialize(): %s", ldap_err2string( rc ) ); return_value = 1; goto end; } else { myproxy_debug("LDAP initialized"); } rc = ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &ldap_version); if ( rc != LDAP_SUCCESS ) { verror_put_string("ldap_set_option() failed"); verror_put_string("ldap_set_option(): %s", ldap_err2string( rc ) ); return_value = 1; goto end; } else { myproxy_debug("LDAP version set to V.3"); } if ( server_context->ca_ldap_start_tls ) { rc = ldap_start_tls_s(ld, NULL, NULL); if ( rc != LDAP_SUCCESS ) { verror_put_string("ldap_start_tls_s() failed"); verror_put_string("ldap_start_tls_s(): %s", ldap_err2string( rc ) ); return_value = 1; goto end; } else { myproxy_debug("LDAP StartTLS completed"); } } if ( server_context->ca_ldap_connect_passphrase != NULL ) { cred.bv_val = server_context->ca_ldap_connect_passphrase; cred.bv_len = strlen(server_context->ca_ldap_connect_passphrase); } else { cred.bv_val = ""; cred.bv_len = 0; } if ( server_context->ca_ldap_connect_dn != NULL ) { binduser = strdup( server_context->ca_ldap_connect_dn ); } else { binduser = strdup(""); } /* NOTE: the other bind functions have been deprecated out of the current openldap api. Even though this has the rather misleading name of _sasl_bind_, this is the function currently in favor and it is only performing a vanilla ldap simple authentication - mmg */ rc = ldap_sasl_bind_s(ld, binduser, LDAP_SASL_SIMPLE, &cred, NULL, NULL, &servcred); if ( rc != LDAP_SUCCESS ) { verror_put_string("ldap_sasl_bind() failed"); verror_put_string("ldap_sasl_bind(): %s", ldap_err2string( rc ) ); return_value = 1; goto end; } else { myproxy_debug("Bind to %s successful", server_context->ca_ldap_server ); } /* set up query filter strings and run the search */ filterlen = strlen( server_context->ca_ldap_uid_attribute ) \ + strlen( username ) + 4; searchfilter = malloc( filterlen ); memset( searchfilter, '\0', filterlen ); sprintf(searchfilter, "(%s=%s)", server_context->ca_ldap_uid_attribute, username); myproxy_debug("Using search filter: %s", searchfilter); rc = ldap_search_ext_s(ld, server_context->ca_ldap_searchbase, LDAP_SCOPE_SUBTREE, searchfilter, NULL, 0, NULL, NULL, NULL, 0, &results); if ( rc != LDAP_SUCCESS ) { verror_put_string("ldap_search_ext_s() failed"); verror_put_string("ldap_search_ext_s(): %s", ldap_err2string( rc ) ); return_value = 1; goto end; } else { myproxy_debug("Search on base %s successful", server_context->ca_ldap_searchbase ); } /* look at what we got back.... */ if ( ldap_count_entries(ld, results) != 1 ) { verror_put_string("LDAP search returned %d results - resolution failed", ldap_count_entries(ld, results)); return_value = 1; goto end; } else { myproxy_debug("LDAP query returned one result - processing"); } entry = ldap_first_entry( ld, results ); if ( entry == NULL ) { verror_put_string("Error getting ldap entry from search results"); return_value = 1; goto end; } else { myproxy_debug("Obtained LDAP entry from search results"); } /* extract and process the DN - the default is to use the dn of the retrieved record. If ca_ldap_dn_attribute is specified, attempt to retrieve a value from the specified attribute */ if ( server_context->ca_ldap_dn_attribute != NULL ) { myproxy_debug("Pulling DN from attribute"); found_attribute = 0; for ( attr = ldap_first_attribute( ld, entry, &ber ) ; attr != NULL ; attr = ldap_next_attribute( ld, entry, ber ) ) { if ( strcmp( attr, server_context->ca_ldap_dn_attribute ) == 0 ) { myproxy_debug("Found attribute: %s", attr ); if ( ( vals = ldap_get_values_len( ld, entry, attr ) ) == NULL ) { myproxy_debug("No value found for attribute %s", attr); break; } else { myproxy_debug("Attribute value: %s", vals[0]->bv_val ); dnbuffer = strdup( vals[0]->bv_val ); found_attribute = 1; break; } } } if ( !found_attribute ) { verror_put_string("DN Attribute Error"); verror_put_string("Could not find attribute/value pair"); return_value = 1; goto end; } } else { myproxy_debug("Using record DN"); dnbuffer = ldap_get_dn(ld, entry); } if ( dnbuffer == NULL ) { verror_put_string("Could not obtain DN from search entry"); return_value = 1; goto end; } else { myproxy_debug("Obtained DN: %s", dnbuffer); } /* attempt to parse and load the dn input */ if ( ldap_str2dn( dnbuffer, &tmpDN, LDAP_DN_FORMAT_LDAPV3 ) == LDAP_SUCCESS ) { myproxy_debug("LDAP V3 Style DN"); } else if ( ldap_str2dn( dnbuffer, &tmpDN, LDAP_DN_FORMAT_LDAPV2 ) == LDAP_SUCCESS ) { myproxy_debug("LDAP V2 Style DN"); } else if ( ldap_str2dn( dnbuffer, &tmpDN, LDAP_DN_FORMAT_DCE ) == LDAP_SUCCESS ) { myproxy_debug("DCE Style DN"); } else { /* give up then */ verror_put_string("Could not parse DN: %s", dnbuffer); return_value = 1; goto end; } dn_set = 1; /* recover the DN in DCE format */ if ( ldap_dn2str(tmpDN, &userdn, LDAP_DN_FORMAT_DCE) != LDAP_SUCCESS ) { verror_put_string("Error formatting DN to DCE format"); return_value = 1; goto end; } else { myproxy_debug("Fomatted DN: %s", userdn); } *dn = userdn; end: if (return_value) { if (userdn) { free(userdn); userdn = NULL; } } /* also free()s the ld pointer */ ldap_unbind_ext_s( ld, NULL, NULL ); if (binduser != NULL) { free(binduser); binduser = NULL; } if (searchfilter != NULL) { free(searchfilter); searchfilter = NULL; } if (results != NULL) { ldap_msgfree(results); results = NULL; } if (dnbuffer != NULL) { free(dnbuffer); dnbuffer = NULL; } if ( servcred != NULL ) { ldap_memfree( servcred ); } if ( dn_set ) { ldap_dnfree( tmpDN ); } if ( ber != NULL ) { ber_free( ber, 0 ); } if ( server_context->ca_ldap_dn_attribute != NULL ) { if ( vals != NULL ) { ber_bvecfree( vals ); } } return return_value; } #else /* ldap resolution configured but server not built with ldap support */ int resolve_via_ldap ( char * username, char ** dn, myproxy_server_context_t *server_context ) { verror_put_string("CA NOT build with LDAP support"); verror_put_string("Can not do user -> DN resolution via ldap"); return(1); } #endif /* HAVE_LIBLDAP */ /* not thread safe. uses static buffers. */ int user_dn_lookup( char * username, char ** dn, myproxy_server_context_t *server_context ) { int return_value = 0; char * userdn = NULL; static char cached_username[USERNAME_BUFFER_SIZE] = ""; static char cached_dn[DN_BUFFER_SIZE] = ""; myproxy_debug("user_dn_lookup()"); if (username && strcmp(username, cached_username) == 0) { myproxy_debug("using cached value"); *dn = strdup(cached_dn); goto end; } else if ( server_context->ca_ldap_server != NULL ) { if ( resolve_via_ldap( username, &userdn, server_context ) ) { myproxy_log("Failed to map username %s to DN via LDAP", username); return_value = 1; goto end; } } else if (server_context->certificate_mapapp != NULL) { if (resolve_via_mapapp( server_context->certificate_mapapp, username, &userdn ) ) { myproxy_log("Failed to map username %s to DN via call-out", username); return_value = 1; goto end; } } else { if ( resolve_via_mapfile( username, &userdn ) ) { myproxy_log("Failed to map username %s to DN via grid-mapfile", username); return_value = 1; goto end; } } myproxy_debug("username \"%s\" mapped to DN \"%s\"", username, userdn); *dn = userdn; /* keep cache of last result so we don't need to call-out multiple times */ if (username && strlen(username) < USERNAME_BUFFER_SIZE && userdn && strlen(userdn) < DN_BUFFER_SIZE) { strcpy(cached_username, username); strcpy(cached_dn, userdn); } end: if (return_value) { if (userdn) { free(userdn); userdn = NULL; } } return return_value; } myproxy-6.2.16/myproxy_get_delegation.c0000644000175100017510000004035514557142036015223 00000000000000/* * myproxy-get-delegation * * Webserver program to retrieve a delegated credential from a myproxy-server */ #include "myproxy_common.h" /* all needed headers included here */ static char usage[] = \ "\n" "Syntax: myproxy-logon [-t hours] [-l username] ...\n" " myproxy-logon [-usage|-help] [-version]\n" "\n" " Options\n" " -h | --help Displays usage\n" " -u | --usage \n" " \n" " -v | --verbose Display debugging messages\n" " -V | --version Displays version\n" " -l | --username Username for the delegated proxy\n" " -t | --proxy_lifetime Lifetime of proxies delegated by\n" " the server (default 12 hours)\n" " -o | --out Location of delegated proxy\n" " (use '-' for stdout)\n" " -s | --pshost Hostname of the myproxy-server\n" " -p | --psport Port of the myproxy-server\n" " -a | --authorization Specify credential to renew\n" " -d | --dn_as_username Use subject of the authorization\n" " credential (or default credential\n" " if -a not used) as the default\n" " username instead of $LOGNAME\n" " -k | --credname Specify credential name\n" " -S | --stdin_pass Read passphrase from stdin\n" " -T | --trustroots Manage trust roots\n" " -b | --bootstrap Bootstrap trust in myproxy-server\n" " -n | --no_passphrase Don't prompt for passphrase\n" " -N | --no_credentials Authenticate only. Don't retrieve\n" " credentials.\n" " -q | --quiet Only output on error\n" " -m | --voms Include VOMS attributes\n" " -Q | --certreq Use provided certificate request\n" "\n"; struct option long_options[] = { {"help", no_argument, NULL, 'h'}, {"pshost", required_argument, NULL, 's'}, {"psport", required_argument, NULL, 'p'}, {"proxy_lifetime", required_argument, NULL, 't'}, {"out", required_argument, NULL, 'o'}, {"usage", no_argument, NULL, 'u'}, {"username", required_argument, NULL, 'l'}, {"verbose", no_argument, NULL, 'v'}, {"version", no_argument, NULL, 'V'}, {"authorization", required_argument, NULL, 'a'}, {"dn_as_username", no_argument, NULL, 'd'}, {"credname", required_argument, NULL, 'k'}, {"stdin_pass", no_argument, NULL, 'S'}, {"trustroots", no_argument, NULL, 'T'}, {"bootstrap", no_argument, NULL, 'b'}, {"no_passphrase", no_argument, NULL, 'n'}, {"no_passphrase", no_argument, NULL, 'N'}, {"quiet", no_argument, NULL, 'q'}, {"voms", required_argument, NULL, 'm'}, {"certreq", required_argument, NULL, 'Q'}, {0, 0, 0, 0} }; static char short_options[] = "hus:p:l:t:o:vVa:dk:SnNTbqm:Q:"; static char version[] = "myproxy-logon version " MYPROXY_VERSION " (" MYPROXY_VERSION_DATE ") " "\n"; void init_arguments(int argc, char *argv[], myproxy_socket_attrs_t *attrs, myproxy_request_t *request); int voms_proxy_init(); /* * Use setvbuf() instead of setlinebuf() since cygwin doesn't support * setlinebuf(). */ #define my_setlinebuf(stream) setvbuf((stream), (char *) NULL, _IOLBF, 0) /* location of delegated proxy */ static char *outputfile = NULL; static int dn_as_username = 0; static int read_passwd_from_stdin = 0; static int use_empty_passwd = 0; static int quiet = 0; static int bootstrap = 0; static int no_credentials = 0; static char **voms = NULL; static char **vomses = NULL; static int debug = 0; int main(int argc, char *argv[]) { myproxy_socket_attrs_t *socket_attrs; myproxy_request_t *client_request; myproxy_response_t *server_response; int return_value = 1; /* check library version */ if (myproxy_check_version()) { fprintf(stderr, "MyProxy library version mismatch.\n" "Expecting %s. Found %s.\n", MYPROXY_VERSION_DATE, myproxy_version(0,0,0)); exit(1); } myproxy_log_use_stream (stderr); my_setlinebuf(stdout); my_setlinebuf(stderr); socket_attrs = malloc(sizeof(*socket_attrs)); memset(socket_attrs, 0, sizeof(*socket_attrs)); client_request = malloc(sizeof(*client_request)); memset(client_request, 0, sizeof(*client_request)); server_response = malloc(sizeof(*server_response)); memset(server_response, 0, sizeof(*server_response)); /* Setup defaults */ myproxy_set_delegation_defaults(socket_attrs, client_request); /* Initialize client arguments and create client request object */ init_arguments(argc, argv, socket_attrs, client_request); if (!outputfile && !no_credentials) { globus_module_activate(GLOBUS_GSI_SYSCONFIG_MODULE); GLOBUS_GSI_SYSCONFIG_GET_PROXY_FILENAME(&outputfile, GLOBUS_PROXY_FILE_OUTPUT); } /* Connect to server and authenticate. Bootstrap trust roots as needed. */ if (myproxy_bootstrap_client(socket_attrs, client_request->want_trusted_certs, bootstrap) < 0) { verror_print_error(stderr); goto cleanup; } if (!use_empty_passwd) { /* Allow user to provide a passphrase */ int rval; if (read_passwd_from_stdin) { rval = myproxy_read_passphrase_stdin( client_request->passphrase, sizeof(client_request->passphrase), NULL); } else { rval = myproxy_read_passphrase(client_request->passphrase, sizeof(client_request->passphrase), NULL); } if (rval == -1) { verror_print_error(stderr); goto cleanup; } } if (client_request->username == NULL) { /* set default username */ if (dn_as_username) { if (client_request->authzcreds) { if (ssl_get_base_subject_file(client_request->authzcreds, &client_request->username)) { fprintf(stderr, "Cannot get subject name from %s.\n", client_request->authzcreds); goto cleanup; } } else { if (ssl_get_base_subject_file(NULL, &client_request->username)) { fprintf(stderr, "Cannot get subject name from your certificate.\n"); goto cleanup; } } } else { char *username = NULL; if (!(username = getenv("LOGNAME"))) { fprintf(stderr, "Please specify a username.\n"); goto cleanup; } client_request->username = strdup(username); } } if (myproxy_get_delegation(socket_attrs, client_request, NULL, server_response, outputfile)!=0) { fprintf(stderr, "Failed to receive credentials.\n"); verror_print_error(stderr); goto cleanup; } if (outputfile) { if (voms && (! has_voms_extension(outputfile)) ) { if (voms_proxy_init() != 0) { fprintf(stderr, "Failed to add VOMS attributes.\n"); verror_print_error(stderr); goto cleanup; } } if (!quiet) printf("A credential has been received for user %s in %s.\n", client_request->username, outputfile); free(outputfile); outputfile = NULL; verror_clear(); } /* Store file in trusted directory if requested and returned */ if (client_request->want_trusted_certs) { if (server_response->trusted_certs != NULL) { if (myproxy_install_trusted_cert_files(server_response->trusted_certs) != 0) { verror_print_error(stderr); goto cleanup; } else { char *path; path = get_trusted_certs_path(); if (path) { if (!quiet) { printf("Trust roots have been installed in %s.\n", path); } free(path); } } } else { myproxy_debug("Requested trusted certs but didn't get any.\n"); } } return_value = 0; cleanup: /* free memory allocated */ myproxy_free(socket_attrs, client_request, server_response); if (voms) free_array_list(&voms); if (vomses) free_array_list(&vomses); return return_value; } void init_arguments(int argc, char *argv[], myproxy_socket_attrs_t *attrs, myproxy_request_t *request) { extern char *optarg; int arg; while((arg = getopt_long(argc, argv, short_options, long_options, NULL)) != EOF) { switch(arg) { case 't': /* Specify proxy lifetime in seconds */ request->proxy_lifetime = 60*60*atoi(optarg); if (request->proxy_lifetime < 0) { fprintf(stderr, "Requested lifetime (-t option) out of bounds.\n"); exit(1); } break; case 's': /* pshost name */ attrs->pshost = strdup(optarg); break; case 'p': /* psport */ attrs->psport = atoi(optarg); break; case 'h': /* print help and exit */ case 'u': /* print help and exit */ printf("%s", usage); exit(0); break; case 'l': /* username */ request->username = strdup(optarg); break; case 'o': /* output file */ outputfile = strdup(optarg); if (outputfile[0] == '-' && outputfile[1] == '\0') { if (voms) { fprintf(stderr, "-voms is not compatible with -o -\n"); exit(1); } quiet = 1; } break; case 'a': /* special authorization */ request->authzcreds = strdup(optarg); use_empty_passwd = 1; break; case 'n': /* no passphrase */ use_empty_passwd = 1; break; case 'N': no_credentials = 1; break; case 'q': quiet = 1; break; case 'Q': request->certreq = strdup(optarg); break; case 'b': bootstrap = 1; request->want_trusted_certs = 1; /* -b implies -T */ myproxy_debug("Requesting trusted certificates.\n"); break; case 'v': debug = 1; myproxy_debug_set_level(1); break; case 'V': /* print version and exit */ printf("%s", version); exit(0); break; case 'd': /* use the certificate subject (DN) as the default username instead of LOGNAME */ dn_as_username = 1; break; case 'k': /* credential name */ request->credname = strdup (optarg); break; case 'S': read_passwd_from_stdin = 1; break; case 'T': request->want_trusted_certs = 1; myproxy_debug("Requesting trusted certificates.\n"); break; case 'm': if (outputfile && outputfile[0] == '-' && outputfile[1] == '\0') { fprintf(stderr, "-voms is not compatible with -o -\n"); exit(1); } voms = add_entry(voms, optarg); break; default: /* print usage and exit */ fprintf(stderr, "%s", usage); exit(1); break; } } if (optind != argc) { fprintf(stderr, "%s: invalid option -- %s\n", argv[0], argv[optind]); fprintf(stderr, "%s", usage); exit(1); } /* Check to see if myproxy-server specified */ if (attrs->pshost == NULL) { fprintf(stderr, "Unspecified myproxy-server. Please set the MYPROXY_SERVER environment variable\nor set the myproxy-server hostname via the -s flag.\n"); exit(1); } if (voms) { int i; char * voms_userconf = NULL; for (i = 0; voms[i] != NULL; i++) { myproxy_request_add_voname(request, voms[i]); } voms_userconf = getenv("VOMS_USERCONF"); if (voms_userconf != NULL) { vomses = get_vomses(voms_userconf); if (vomses != NULL) { for (i = 0; vomses[i]; i++) { myproxy_request_add_vomses(request, vomses[i]); } } } } return; } int voms_proxy_init() { int i, hours, minutes, cred_lifetime, wstatus; int rc = 0; time_t cred_expiration; const char *argv[40]; char bits[11], vomslife[14]; int argc = 0; pid_t childpid; const char *command = "voms-proxy-init"; X509 *cert = NULL; FILE *cert_file = NULL; globus_result_t local_result; globus_gsi_cert_utils_cert_type_t cert_type; char *keybitsenv = NULL; int keybits = MYPROXY_DEFAULT_KEYBITS; if (ssl_get_times(outputfile, NULL, &cred_expiration) != 0) { verror_put_string("ssl_get_times(%s) failed", outputfile); return -1; } cred_lifetime = cred_expiration-time(0); if (cred_lifetime <= 0) { verror_put_string("Error: Credential expired!"); return -1; } hours = (int)(cred_lifetime/(60*60)); minutes = (int)(cred_lifetime/60)%60; if (minutes) { minutes--; } else { hours--; minutes = 59; } /* what type of proxy certificate do we have? */ cert_file = fopen(outputfile, "r"); if (cert_file == NULL) { verror_put_string("Failure opening file \"%s\"", outputfile); verror_put_errno(errno); return -1; } cert = PEM_read_X509(cert_file, NULL, NULL, NULL); fclose(cert_file); cert_file = NULL; if (cert == NULL) { verror_put_string("PEM_read_X509(%s) failed.", outputfile); return -1; } local_result = globus_gsi_cert_utils_get_cert_type(cert, &cert_type); X509_free(cert); cert = NULL; if (local_result != GLOBUS_SUCCESS) { verror_put_string("globus_gsi_cert_utils_get_cert_type() failed"); globus_error_to_verror(local_result); return -1; } if ((keybitsenv = getenv("MYPROXY_KEYBITS")) != NULL) { keybits = atoi(keybitsenv); } /* Setup the environment for voms-proxy-init. */ unsetenv("X509_USER_CERT"); unsetenv("X509_USER_KEY"); setenv("X509_USER_PROXY", outputfile, 1); argv[argc++] = command; argv[argc++] = "-valid"; snprintf(vomslife, sizeof(vomslife), "%d:%d", hours, minutes); argv[argc++] = vomslife; argv[argc++] = "-vomslife"; argv[argc++] = vomslife; for (i=0; voms[i] && i < 10; i++) { argv[argc++] = "-voms"; argv[argc++] = voms[i]; } argv[argc++] = "-cert"; argv[argc++] = outputfile; argv[argc++] = "-key"; argv[argc++] = outputfile; argv[argc++] = "-out"; argv[argc++] = outputfile; argv[argc++] = "-bits"; snprintf(bits, sizeof(bits), "%d", keybits); argv[argc++] = bits; argv[argc++] = "-noregen"; if (GLOBUS_GSI_CERT_UTILS_IS_GSI_3_PROXY(cert_type)) { argv[argc++] = "-proxyver=3"; #if defined(GLOBUS_GSI_CERT_UTILS_IS_RFC_PROXY) } else if (GLOBUS_GSI_CERT_UTILS_IS_RFC_PROXY(cert_type)) { argv[argc++] = "-proxyver=4"; #endif } else if (GLOBUS_GSI_CERT_UTILS_IS_GSI_2_PROXY(cert_type)) { argv[argc++] = "-proxyver=2"; } if (GLOBUS_GSI_CERT_UTILS_IS_LIMITED_PROXY(cert_type)) { argv[argc++] = "-limited"; } argv[argc++] = NULL; if (debug) { char *cmdbuf = NULL; join_array(&cmdbuf, (char **)argv, " "); myproxy_debug("running: %s", cmdbuf); free(cmdbuf); } if ((childpid = fork()) < 0) { verror_put_string("fork() failed"); verror_put_errno(errno); return -1; } if (childpid == 0) { /* child */ execvp(command, (char *const *)argv); fprintf(stderr, "failed to run %s: %s\n", command, strerror(errno)); exit(1); } if (waitpid(childpid,&wstatus,0) == -1) { verror_put_string("wait() failed for voms-proxy-init child"); verror_put_errno(errno); return -1; } else { if (WIFEXITED(wstatus) == 1) rc = WEXITSTATUS(wstatus); if (WIFSIGNALED(wstatus) == 1) rc = 128 + WTERMSIG(wstatus); } return rc; } myproxy-6.2.16/myproxy_acp.c0000644000175100017510000001103314557142036013003 00000000000000/* * myproxy-admin-change-pass * * Change credential passphrase directly on MyProxy server. */ #include "myproxy_common.h" /* all needed headers included here */ static char usage[] = \ "\n" "Syntax: myproxy-admin-change-pass [-l username] [-k credname] ... \n" " myproxy-admin-change-pass [-usage|-help] [-version]\n" "\n" " Options\n" " -h | --help Displays usage\n" " -u | --usage \n" " \n" " -v | --verbose Display debugging messages\n" " -V | --version Displays version\n" " -s | --storage Specifies the credential storage directory\n" " -l | --username Username for the target proxy\n" " -k | --credname Specify credential name\n" " -S | --stdin_pass Read pass phrase from stdin\n" "\n"; struct option long_options[] = { {"help", no_argument, NULL, 'h'}, {"usage", no_argument, NULL, 'u'}, {"storage", required_argument, NULL, 's'}, {"username", required_argument, NULL, 'l'}, {"verbose", no_argument, NULL, 'v'}, {"version", no_argument, NULL, 'V'}, {"credname", required_argument, NULL, 'k'}, {"stdin_pass", no_argument, NULL, 'S'}, {0, 0, 0, 0} }; static char short_options[] = "hus:l:vVk:S"; static char version[] = "myproxy-admin-change-pass version " MYPROXY_VERSION " (" MYPROXY_VERSION_DATE ") " "\n"; void init_arguments(int argc, char *argv[]); struct myproxy_creds cred = {0}; static int read_passwd_from_stdin = 0; int main(int argc, char *argv[]) { char passphrase[MAX_PASS_LEN+1] = {0}; char new_passphrase[MAX_PASS_LEN+1] = {0}; int rval = 0; /* check library version */ if (myproxy_check_version()) { fprintf(stderr, "MyProxy library version mismatch.\n" "Expecting %s. Found %s.\n", MYPROXY_VERSION_DATE, myproxy_version(0,0,0)); exit(1); } myproxy_log_use_stream (stderr); /* Initialize arguments*/ init_arguments(argc, argv); if (cred.username == NULL) { /* set default username */ if (!(cred.username = getenv("LOGNAME"))) { fprintf(stderr, "Please specify a username.\n"); return 1; } } /*Accept credential passphrase*/ if (read_passwd_from_stdin) { rval = myproxy_read_passphrase_stdin(passphrase, sizeof(passphrase), "Enter (current) MyProxy pass phrase:"); } else if (myproxy_creds_encrypted(&cred)) { rval = myproxy_read_passphrase(passphrase, sizeof(passphrase), "Enter (current) MyProxy pass phrase:"); } if (rval == -1) { verror_print_error(stderr); return 1; } cred.passphrase = passphrase; /* Accept new passphrase */ if (read_passwd_from_stdin) { rval = myproxy_read_passphrase_stdin(new_passphrase, sizeof(new_passphrase), "Enter new MyProxy pass phrase:"); } else { rval = myproxy_read_verified_passphrase(new_passphrase, sizeof(new_passphrase), "Enter new MyProxy pass phrase:"); } if (rval == -1) { verror_print_error(stderr); return 1; } if (myproxy_creds_change_passphrase(&cred, new_passphrase) < 0) { verror_print_error(stderr); exit(1); } printf("Pass phrase changed.\n"); return 0; } void init_arguments(int argc, char *argv[]) { extern char *optarg; int arg; while((arg = getopt_long(argc, argv, short_options, long_options, NULL)) != EOF) { switch(arg) { case 'h': /* print help and exit */ case 'u': /* print help and exit */ printf("%s", usage); exit(0); break; case 's': /* set the credential storage directory */ myproxy_set_storage_dir(optarg); break; case 'l': /* username */ cred.username = strdup(optarg); break; case 'k': /* credname */ cred.credname = strdup(optarg); break; case 'v': /* verbose */ myproxy_debug_set_level(1); break; case 'V': /* print version and exit */ printf("%s", version); exit(0); break; case 'S': read_passwd_from_stdin = 1; break; default: /* print usage and exit */ fprintf(stderr, "%s", usage); exit(1); break; } } if (optind != argc) { fprintf(stderr, "%s: invalid option -- %s\n", argv[0], argv[optind]); fprintf(stderr, "%s", usage); exit(1); } return; } myproxy-6.2.16/myproxy_server_config.c0000644000175100017510000012217214557142036015102 00000000000000/* * myproxy_server_config.c * * Routines from reading and parsing the server configuration. * * See myproxy_server.h for documentation. */ #define SYSLOG_NAMES /* for facilitynames */ #include "myproxy_common.h" /* all needed headers included here */ #if defined(HAVE_REGCOMP) && defined(HAVE_REGEX_H) #include #elif defined(HAVE_COMPILE) && defined(HAVE_REGEXPR_H) #include #else #define NO_REGEX_SUPPORT #endif #define REGULAR_EXP 1 #define NON_REGULAR_EXP 0 /********************************************************************** * * Internal Functions * */ static void free_ptr(char **p) { if (!p) return; if (!*p) return; free(*p); *p = NULL; } struct config_directives { char *name; /* Directive name */ size_t minargs; /* Minimal number of arguments */ size_t maxargs; /* Maximal number of arguments */ }; /* * Specify this constant for 'minargs' and 'maxargs' if you * don't want to check the given limit. * * And yes, I can't make it static variable because it is * used in the file-scope variable initialization ;(( */ #define NARGS_DONTCHECK SIZE_MAX static struct config_directives our_conf[] = { {"allowed_clients", 0, NARGS_DONTCHECK}, {"accepted_credentials", 0, NARGS_DONTCHECK}, {"allowed_services", 0, NARGS_DONTCHECK}, {"authorized_retrievers", 0, NARGS_DONTCHECK}, {"default_retrievers", 0, NARGS_DONTCHECK}, {"authorized_renewers", 0, NARGS_DONTCHECK}, {"default_renewers", 0, NARGS_DONTCHECK}, {"authorized_key_retrievers", 0, NARGS_DONTCHECK}, {"default_key_retrievers", 0, NARGS_DONTCHECK}, {"trusted_retrievers", 0, NARGS_DONTCHECK}, {"default_trusted_retrievers", 0, NARGS_DONTCHECK}, {"passphrase_policy_program", 1, 1}, {"max_proxy_lifetime", 1, 1}, {"max_cred_lifetime", 1, 1}, {"ignore_globus_limited_proxy_flag", 1, 1}, {"allow_self_authorization", 1, 1}, {"cert_dir", 1, 1}, {"pam", 1, 1}, {"pam_id", 1, 1}, {"sasl", 1, 1}, #if defined(HAVE_LIBSASL2) {"sasl_mech", 1, 1}, {"sasl_serverFQDN", 1, 1}, {"sasl_user_realm", 1, 1}, #endif {"certificate_issuer_program", 1, 1}, {"certificate_issuer_cert", 1, 1}, {"certificate_issuer_key", 1, 1}, {"certificate_issuer_hashalg", 1, 1}, {"certificate_request_checker", 1, 1}, {"certificate_issuer_checker", 1, 1}, {"certificate_issuer_key_passphrase", 1, 1}, {"certificate_issuer_subca_certfile", 1, 1}, {"certificate_openssl_engine_id", 1, 1}, {"certificate_openssl_engine_lockfile", 1, 1}, {"certificate_openssl_engine_pre", 0, NARGS_DONTCHECK}, {"certificate_openssl_engine_post", 0, NARGS_DONTCHECK}, {"certificate_issuer_email_domain", 1, 1}, {"certificate_extfile", 1, 1}, {"certificate_extapp", 1, 1}, {"certificate_mapfile", 1, 1}, {"certificate_mapap", 1, 1}, {"max_cert_lifetime", 1, 1}, {"min_keylen", 1, 1}, {"certificate_serialfile", 1, 1}, {"certificate_serial_skip", 1, 1}, {"certificate_out_dir", 1, 1}, {"ca_ldap_server", 1, 1}, {"ca_ldap_searchbase", 1, 1}, {"ca_ldap_connect_dn", 1, 1}, {"ca_ldap_connect_passphrase", 1, 1}, {"ca_ldap_uid_attribute", 1, 1}, {"ca_ldap_dn_attribute", 1, 1}, {"ca_ldap_start_tls", 1, 1}, {"accepted_credentials_mapfile", 1, 1}, {"accepted_credentials_mapapp", 1, 1}, {"check_multiple_credentials", 1, 1}, #if defined(HAVE_OCSP) {"ocsp_policy", 1, 1}, {"ocsp_responder_url", 1, 1}, {"ocsp_responder_cert", 1, 1}, #endif /* defined(HAVE_OCSP) */ {"syslog_ident", 1, 1}, {"syslog_facility", 1, 1}, {"slave_servers", 0, NARGS_DONTCHECK}, {"request_timeout", 1, 1}, {"request_size_limit", 1, 1}, {"proxy_extfile", 1, 1}, {"proxy_extapp", 1, 1}, #ifdef HAVE_VOMS {"voms_userconf", 1, 1}, {"allow_voms_attribute_requests", 1, 1}, #endif /* Terminating entity */ {NULL, 0, 0} }; /* * plural_args() * * Returns the right form for the verb 'arguments' for the * provided number of arguments. */ static const char * plural_args(int n) { if (n == 1) return "argument"; else return "arguments"; } /* * check_config_line() * * Verifies that the splitted line tokens are appropriate for the * given directive. Just now it checks minimal and maximal number * of arguments -- this enables other code to safely use 'token[n]' * without overflowing the array index. * * This function prints warnings via myproxy_log(). */ static int check_config_line(struct config_directives *conf_dirs, const char **tokens) { size_t i, nargs; const char *d; struct config_directives *e = NULL; if (tokens == NULL || tokens[0] == NULL) { return 0; } d = tokens[0]; /* * Search for the directive, exit silently if it wasn't found: * we check only those directives that were provided to us * and aren't going to warn about the extra ones -- this is * up to other layers. */ for (e = NULL, i = 0; conf_dirs[i].name != NULL; i++) { if (strcmp(d, conf_dirs[i].name) == 0) { e = conf_dirs + i; break; } } if (e == NULL) return 0; /* Do we need to check anything? */ if (e->minargs == NARGS_DONTCHECK && e->maxargs == NARGS_DONTCHECK) return 0; for (i = 1; tokens[i] != NULL && tokens[i][0] != '#'; i++); nargs = i - 1; if ((e->minargs != NARGS_DONTCHECK && nargs < e->minargs) || (e->maxargs != NARGS_DONTCHECK && nargs > e->maxargs)) { char expl[1024]; if (e->minargs == e->maxargs) { snprintf(expl, sizeof(expl), "takes exactly %d %s", (int)e->minargs, plural_args(e->minargs)); } else if (e->minargs == NARGS_DONTCHECK) { snprintf(expl, sizeof(expl), "wants no more than %d %s", (int)e->maxargs, plural_args(e->maxargs)); } else if (e->maxargs == NARGS_DONTCHECK) { snprintf(expl, sizeof(expl), "wants no less than %d %s", (int)e->minargs, plural_args(e->minargs)); } else { snprintf(expl, sizeof(expl), "takes from %d to %d arguments", (int)e->minargs, (int)e->maxargs); } myproxy_log("Directive '%s': supplied %d %s, %s.\n", d, nargs, plural_args(nargs), expl); return -1; } return 0; } /* * clear_server_context() * * Initialize the server context before filling in the configuration * values. Enables myproxy_server_config_read() to be called * multiple times on changes to the config file. */ static void clear_server_context(myproxy_server_context_t *context) { free_array_list(&context->accepted_credential_dns); free_array_list(&context->authorized_retriever_dns); free_array_list(&context->default_retriever_dns); free_array_list(&context->authorized_renewer_dns); free_array_list(&context->default_renewer_dns); free_array_list(&context->authorized_key_retrievers_dns); free_array_list(&context->default_key_retrievers_dns); free_array_list(&context->trusted_retriever_dns); free_array_list(&context->default_trusted_retriever_dns); free_ptr(&context->passphrase_policy_pgm); context->max_proxy_lifetime = 0; context->max_cred_lifetime = 0; context->limited_proxy = 0; context->request_size_limit = 0x100000; /* 1MB default */ free_ptr(&context->cert_dir); free_ptr(&context->pam_policy); free_ptr(&context->pam_id); free_ptr(&context->sasl_policy); free_ptr(&context->certificate_issuer_program); free_ptr(&context->certificate_issuer_cert); free_ptr(&context->certificate_issuer_key); context->certificate_hashalg = EVP_sha256(); free_ptr(&context->certificate_request_checker); free_ptr(&context->certificate_issuer_checker); free_ptr(&context->certificate_issuer_key_passphrase); free_ptr(&context->certificate_issuer_subca_certfile); free_ptr(&context->certificate_openssl_engine_id); free_ptr(&context->certificate_openssl_engine_lockfile); free_array_list(&context->certificate_openssl_engine_pre); free_array_list(&context->certificate_openssl_engine_post); free_ptr(&context->certificate_issuer_email_domain); free_ptr(&context->certificate_extfile); free_ptr(&context->certificate_extapp); free_ptr(&context->certificate_mapfile); free_ptr(&context->certificate_mapapp); context->max_cert_lifetime = 0; context->min_keylen = 0; free_ptr(&context->certificate_serialfile); context->certificate_serial_skip = 1; free_ptr(&context->certificate_out_dir); free_ptr(&context->ca_ldap_server); free_ptr(&context->ca_ldap_searchbase); free_ptr(&context->ca_ldap_connect_dn); free_ptr(&context->ca_ldap_connect_passphrase); free_ptr(&context->ca_ldap_uid_attribute); free_ptr(&context->ca_ldap_dn_attribute); context->ca_ldap_start_tls = 0; free_ptr(&context->accepted_credentials_mapfile); free_ptr(&context->accepted_credentials_mapapp); context->check_multiple_credentials = 0; free_ptr(&context->syslog_ident); context->syslog_facility = LOG_DAEMON; #if defined(HAVE_LIBSASL2) free_ptr(&myproxy_sasl_mech); free_ptr(&myproxy_sasl_serverFQDN); free_ptr(&myproxy_sasl_user_realm); #endif memset(&context->usage, 0, sizeof(context->usage)); free_ptr(&context->voms_userconf); context->allow_voms_attribute_requests = 0; } void myproxy_server_clear_context(myproxy_server_context_t *context) { clear_server_context(context); } /* * decode_facility() * * Return the syslog facility number given a facility string. */ static int decode_facility(const char *name) { #if HAVE_DECL_FACILITYNAMES CODE *c; #endif if (isdigit(*name)) return (atoi(name)); #if HAVE_DECL_FACILITYNAMES for (c = facilitynames; c->c_name; c++) if (!strcasecmp(name, c->c_name)) return (c->c_val); #else myproxy_log("warning: operating system facilitynames declaration not found. syslog_facility can support only numeric values."); #endif myproxy_log("warning: unknown syslog_facility (%s) in myproxy-server.config. defaulting to LOG_DAEMON.", name); return (LOG_DAEMON); } /* * line_parse_callback() * * Callback for vparse_stream(). * * This function should return 0 unless it wants parsing to stop * which should only happen on fatal error - e.g. malloc() failing. */ static int line_parse_callback(void *context_arg, int line_number, const char **tokens) { myproxy_server_context_t *context = context_arg; const char *directive; int return_code = -1; int index; assert(context != NULL); if ((tokens == NULL) || (*tokens == NULL) || (**tokens == '#')) { return 0; /* Blank line or comment */ } /* Check basic sanity */ if (check_config_line(our_conf, tokens) != 0) return -1; directive = tokens[0]; /* allowed_clients is the old name for accepted_credentials */ if ((strcmp(directive, "allowed_clients") == 0) || (strcmp(directive, "accepted_credentials") == 0)) { for (index=1; tokens[index] != NULL; index++) { context->accepted_credential_dns = add_entry(context->accepted_credential_dns, tokens[index]); if (context->accepted_credential_dns == NULL) { goto error; } } } /* allowed_services is the old name for authorized_retrievers */ else if ((strcmp(directive, "allowed_services") == 0) || (strcmp(directive, "authorized_retrievers") == 0)) { for (index=1; tokens[index] != NULL; index++) { context->authorized_retriever_dns = add_entry(context->authorized_retriever_dns, tokens[index]); if (context->authorized_retriever_dns == NULL) { goto error; } } } else if((strcmp(directive, "default_retrievers") == 0)) { for (index=1; tokens[index] != NULL; index++) { context->default_retriever_dns = add_entry(context->default_retriever_dns, tokens[index]); if (context->default_retriever_dns == NULL) { goto error; } } } else if (strcmp(directive, "authorized_renewers") == 0) { for (index=1; tokens[index] != NULL; index++) { context->authorized_renewer_dns = add_entry(context->authorized_renewer_dns, tokens[index]); if (context->authorized_renewer_dns == NULL) { goto error; } } } else if (strcmp(directive, "default_renewers") == 0) { for (index=1; tokens[index] != NULL; index++) { context->default_renewer_dns = add_entry(context->default_renewer_dns, tokens[index]); if (context->default_renewer_dns == NULL) { goto error; } } } else if (strcmp(directive, "authorized_key_retrievers") == 0) { for (index=1; tokens[index] != NULL; index++) { context->authorized_key_retrievers_dns = add_entry(context->authorized_key_retrievers_dns, tokens[index]); if (context->authorized_key_retrievers_dns == NULL) { goto error; } } } else if (strcmp(directive, "default_key_retrievers") == 0) { for (index=1; tokens[index] != NULL; index++) { context->default_key_retrievers_dns = add_entry(context->default_key_retrievers_dns, tokens[index]); if (context->default_key_retrievers_dns == NULL) { goto error; } } } else if (strcmp(directive, "trusted_retrievers") == 0) { for (index=1; tokens[index] != NULL; index++) { context->trusted_retriever_dns = add_entry(context->trusted_retriever_dns, tokens[index]); if (context->trusted_retriever_dns == NULL) { goto error; } } } else if (strcmp(directive, "default_trusted_retrievers") == 0) { for (index=1; tokens[index] != NULL; index++) { context->default_trusted_retriever_dns = add_entry(context->default_trusted_retriever_dns, tokens[index]); if (context->default_trusted_retriever_dns == NULL) { goto error; } } } else if (strcmp(directive, "passphrase_policy_program") == 0) { context->passphrase_policy_pgm = strdup(tokens[1]); } else if (strcmp(directive, "max_proxy_lifetime") == 0) { context->max_proxy_lifetime = 60*60*atoi(tokens[1]); } else if (strcmp(directive, "max_cred_lifetime") == 0) { context->max_cred_lifetime = 60*60*atoi(tokens[1]); } else if (strcmp(directive, "ignore_globus_limited_proxy_flag") == 0) { if ((!strcasecmp(tokens[1], "true")) || (!strcasecmp(tokens[1], "enabled")) || (!strcasecmp(tokens[1], "yes")) || (!strcasecmp(tokens[1], "on")) || (!strcmp(tokens[1], "1"))) { context->limited_proxy = -1; } } else if (strcmp(directive, "allow_self_authorization") == 0) { if ((!strcasecmp(tokens[1], "true")) || (!strcasecmp(tokens[1], "enabled")) || (!strcasecmp(tokens[1], "yes")) || (!strcasecmp(tokens[1], "on")) || (!strcmp(tokens[1], "1"))) { context->allow_self_authz = 1; } } else if (strcmp(directive, "cert_dir") == 0) { context->cert_dir = strdup(tokens[1]); } else if (strcmp(directive, "pam") == 0) { context->pam_policy = strdup(tokens[1]); } else if (strcmp(directive, "pam_id") == 0) { context->pam_id = strdup(tokens[1]); } else if (strcmp(directive, "sasl") == 0) { context->sasl_policy = strdup(tokens[1]); } #if defined(HAVE_LIBSASL2) else if (strcmp(directive, "sasl_mech") == 0) { myproxy_sasl_mech = strdup(tokens[1]); } else if (strcmp(directive, "sasl_serverFQDN") == 0) { myproxy_sasl_serverFQDN = strdup(tokens[1]); } else if (strcmp(directive, "sasl_user_realm") == 0) { myproxy_sasl_user_realm = strdup(tokens[1]); } #endif /* these were added to support the online CA functionality */ else if (strcmp(directive, "certificate_issuer_program") == 0) { context->certificate_issuer_program = strdup(tokens[1]); } else if (strcmp(directive, "certificate_issuer_cert") == 0) { context->certificate_issuer_cert = strdup(tokens[1]); } else if (strcmp(directive, "certificate_issuer_key") == 0) { context->certificate_issuer_key = strdup(tokens[1]); } else if (strcmp(directive, "certificate_issuer_hashalg") == 0) { OpenSSL_add_all_digests(); context->certificate_hashalg = EVP_get_digestbyname(tokens[1]); if (context->certificate_hashalg == NULL) { verror_put_string("Unknown or unsupported certificate_issuer_hashalg (%s)", tokens[1]); goto error; } myproxy_debug("certificate_issuer_hashalg is %s\n", OBJ_nid2ln(EVP_MD_type((const EVP_MD *)context->certificate_hashalg))); } else if (strcmp(directive, "certificate_request_checker") == 0) { context->certificate_request_checker = strdup(tokens[1]); } else if (strcmp(directive, "certificate_issuer_checker") == 0) { context->certificate_issuer_checker = strdup(tokens[1]); } else if (strcmp(directive, "certificate_issuer_key_passphrase") == 0) { context->certificate_issuer_key_passphrase = strdup(tokens[1]); } else if (strcmp(directive, "certificate_issuer_subca_certfile") == 0) { context->certificate_issuer_subca_certfile = strdup(tokens[1]); } else if (strcmp(directive, "certificate_openssl_engine_id") == 0) { context->certificate_openssl_engine_id = strdup(tokens[1]); } else if (strcmp(directive, "certificate_openssl_engine_lockfile") == 0) { context->certificate_openssl_engine_lockfile = strdup(tokens[1]); } else if (strcmp(directive, "certificate_openssl_engine_pre") == 0) { for (index=1; tokens[index] != NULL; index++) { context->certificate_openssl_engine_pre = add_entry(context->certificate_openssl_engine_pre, tokens[index]); if (context->certificate_openssl_engine_pre == NULL) { goto error; } } } else if (strcmp(directive, "certificate_openssl_engine_post") == 0) { for (index=1; tokens[index] != NULL; index++) { context->certificate_openssl_engine_post = add_entry(context->certificate_openssl_engine_post, tokens[index]); if (context->certificate_openssl_engine_post == NULL) { goto error; } } } else if (strcmp(directive, "certificate_issuer_email_domain") == 0) { context->certificate_issuer_email_domain = strdup(tokens[1]); } else if (strcmp(directive, "certificate_extfile") == 0) { context->certificate_extfile = strdup(tokens[1]); } else if (strcmp(directive, "certificate_extapp") == 0) { context->certificate_extapp = strdup(tokens[1]); } else if (strcmp(directive, "certificate_mapfile") == 0) { context->certificate_mapfile = strdup(tokens[1]); } else if (strcmp(directive, "certificate_mapapp") == 0) { context->certificate_mapapp = strdup(tokens[1]); } else if (strcmp(directive, "max_cert_lifetime") == 0) { context->max_cert_lifetime = 60*60*atoi(tokens[1]); } else if (strcmp(directive, "min_keylen") == 0) { context->min_keylen = atoi(tokens[1]); } else if (strcmp(directive, "certificate_serialfile") == 0) { context->certificate_serialfile = strdup(tokens[1]); } else if (strcmp(directive, "certificate_serial_skip") == 0) { context->certificate_serial_skip = atoi(tokens[1]); } else if (strcmp(directive, "certificate_out_dir") == 0) { context->certificate_out_dir = strdup(tokens[1]); } /* added for username-to-dn ldap support for internal CA */ else if (strcmp(directive, "ca_ldap_server") == 0) { context->ca_ldap_server = strdup(tokens[1]); } else if (strcmp(directive, "ca_ldap_searchbase") == 0) { context->ca_ldap_searchbase = strdup(tokens[1]); } else if (strcmp(directive, "ca_ldap_connect_dn") == 0) { context->ca_ldap_connect_dn = strdup(tokens[1]); } else if (strcmp(directive, "ca_ldap_connect_passphrase") == 0) { context->ca_ldap_connect_passphrase = strdup(tokens[1]); } else if (strcmp(directive, "ca_ldap_uid_attribute") == 0) { context->ca_ldap_uid_attribute = strdup(tokens[1]); } else if (strcmp(directive, "ca_ldap_dn_attribute") == 0) { context->ca_ldap_dn_attribute = strdup(tokens[1]); } else if (strcmp(directive, "ca_ldap_start_tls") == 0) { if ((!strcasecmp(tokens[1], "true")) || (!strcasecmp(tokens[1], "enabled")) || (!strcasecmp(tokens[1], "yes")) || (!strcasecmp(tokens[1], "on")) || (!strcmp(tokens[1], "1"))) { context->ca_ldap_start_tls = 1; } } /* added by Terry Fleury to support web portal security */ else if (strcmp(directive, "accepted_credentials_mapfile") == 0) { context->accepted_credentials_mapfile = strdup(tokens[1]); } else if (strcmp(directive, "accepted_credentials_mapapp") == 0) { context->accepted_credentials_mapapp = strdup(tokens[1]); } else if (strcmp(directive, "check_multiple_credentials") == 0) { context->check_multiple_credentials = 0; if ((!strcasecmp(tokens[1], "true")) || (!strcasecmp(tokens[1], "enabled")) || (!strcasecmp(tokens[1], "yes")) || (!strcasecmp(tokens[1], "on")) || (!strcmp(tokens[1], "1"))) { context->check_multiple_credentials = 1; } } /* OCSP stuff */ else if (strcmp(directive, "ocsp_policy") == 0) { #if defined(HAVE_OCSP) myproxy_ocsp_set_policy(tokens[1]); #else verror_put_string("OCSP is configured in myproxy-server.config but the myproxy-server is linked with OpenSSL without OCSP support."); goto error; #endif } else if (strcmp(directive, "ocsp_responder_url") == 0) { #if defined(HAVE_OCSP) myproxy_ocsp_set_responder(tokens[1]); #else verror_put_string("OCSP is configured in myproxy-server.config but the myproxy-server is linked with OpenSSL without OCSP support."); goto error; #endif } else if (strcmp(directive, "ocsp_responder_cert") == 0) { #if defined(HAVE_OCSP) myproxy_ocsp_set_responder_cert(tokens[1]); #else verror_put_string("OCSP is configured in myproxy-server.config but the myproxy-server is linked with OpenSSL without OCSP support."); goto error; #endif } /* added by Terry Fleury for enhanced logging */ else if (strcmp(directive, "syslog_ident") == 0) { context->syslog_ident = strdup(tokens[1]); } else if (strcmp(directive, "syslog_facility") == 0) { context->syslog_facility = decode_facility(tokens[1]); } else if (strcmp(directive, "slave_servers") == 0) { /* ignore. used by myproxy-replicate. */ } else if (strcmp(directive, "request_timeout") == 0) { context->request_timeout = atoi(tokens[1]); } else if (strcmp(directive, "request_size_limit") == 0) { context->request_size_limit = atoi(tokens[1]); } else if (strcmp(directive, "proxy_extfile") == 0) { #if defined(HAVE_GLOBUS_GSI_PROXY_HANDLE_SET_EXTENSIONS) context->proxy_extfile = strdup(tokens[1]); #else verror_put_string("proxy_extfile is configured in myproxy-server.config but the myproxy-server is linked with GSI libraries (prior to GT 4.2.0) without extension support."); goto error; #endif } else if (strcmp(directive, "proxy_extapp") == 0) { #if defined(HAVE_GLOBUS_GSI_PROXY_HANDLE_SET_EXTENSIONS) context->proxy_extapp = strdup(tokens[1]); #else verror_put_string("proxy_extapp is configured in myproxy-server.config but the myproxy-server is linked with GSI libraries (prior to GT 4.2.0) without extension support."); goto error; #endif } else if ((strcmp(directive, "disable_usage_stats") == 0) || (strcmp(directive, "usage_stats_target") == 0)) { myproxy_log("warning: usage statistics collection is no longer supported. Directive (%s) in myproxy-server.config will be ignored.", directive); } #ifdef HAVE_VOMS else if (strcmp(directive, "voms_userconf") == 0) { context->voms_userconf = strdup(tokens[1]); } else if (strcmp(directive, "allow_voms_attribute_requests") == 0) { if ((!strcasecmp(tokens[1], "true")) || (!strcasecmp(tokens[1], "enabled")) || (!strcasecmp(tokens[1], "yes")) || (!strcasecmp(tokens[1], "on")) || (!strcmp(tokens[1], "1"))) { context->allow_voms_attribute_requests = 1; } } #endif else { myproxy_log("warning: unknown directive (%s) in myproxy-server.config", directive); } return_code = 0; error: return return_code; } /* * regex_compare() * * Does string match regex? * * Returns 1 if match, 0 if they don't and -1 on error setting verror. */ static int regex_compare(const char *regex, const char *string) { int result; #ifndef NO_REGEX_SUPPORT char *buf; char *bufp; int escaped = 0; myproxy_debug("REGEX (%s), STRING (%s)", regex?:"NULL", string?:"NULL"); /* * First we convert the regular expression from the human-readable * form (e.g. *.domain.com) to the machine-readable form * (e.g. ^.*\.domain\.com$). * * Make a buffer large enough to hold the largest possible converted * regex from the string plus our extra characters (two at the * beginning, two at the end, plus a NULL). */ buf = (char *) malloc(2 * strlen(regex) + 5); if (!buf) { verror_put_errno(errno); verror_put_string("malloc() failed"); return -1; } bufp = buf; *bufp++ = '^'; *bufp++ = '('; while (*regex) { switch(*regex) { case '*': /* unescaped '*' turns into '.*' */ if (!escaped) *bufp++ = '.'; *bufp++ = '*'; escaped = 0; break; case '?': /* unescaped '?' turns into '.' */ if (!escaped) *bufp++ = '.'; else *bufp++ = '?'; escaped = 0; break; case '\\': /* '\' escapes the succeeding character */ if (!escaped) escaped = 1; else { *bufp++ = '\\'; escaped = 0; } break; case '.': /* unescaped '.' turns into '\.' */ if (!escaped) *bufp++ = '\\'; *bufp++ = '.'; escaped = 0; break; default: if (escaped) *bufp++ = '\\'; *bufp++ = *regex; escaped = 0; } regex++; } *bufp++ = ')'; *bufp++ = '$'; *bufp++ = '\0'; myproxy_debug("TRANSLATED ERE (%s)", buf); #ifdef HAVE_REGCOMP { regex_t preg = { 0 }; if (regcomp(&preg, buf, REG_EXTENDED)) { verror_put_string("Error parsing string \"%s\"", regex); /* Non-fatal error, just indicate failure to match */ result = 0; } else { result = (regexec(&preg, string, 0, NULL, 0) == 0); regfree(&preg); } } #elif HAVE_COMPILE { char *expbuf; expbuf = compile(buf, NULL, NULL); if (!expbuf) { verror_put_string("Error parsing string \"%s\"", regex); /* Non-fatal error, just indicate failure to match */ result = 0; } else { result = step(string, expbuf); free(expbuf); } } #else /* * If we've gotten here then there is an error in the configuration * process or this file's #ifdefs */ error - No regular expression support found. #endif if (buf) free(buf); #else /* NOREGEX_SUPPORT */ /* No regular expression support */ result = (strcmp(regex, string) == 0); #endif /* NO_REGEX_SUPPORT */ return result; } /* * name_in_list_matches_policy() * * Is there a name in the given list that matches a regular expression. * * Returns 1 if there is, 0 if there isn't, -1 on error setting verror. */ static int name_in_list_matches_policy(const char **list, const char *policy) { int return_code = -1; assert(policy != NULL); if (list == NULL) { /* Empty list */ return_code = 0; goto done; } while (*list != NULL) { int rc; rc = regex_compare(policy, *list); if (rc != 0) { return_code = rc; goto done; } list++; } /* If we got here we failed to find the name in the list */ return_code = 0; done: return return_code; } static int check_config(myproxy_server_context_t *context) { int rval = 0; if (!context->accepted_credential_dns) { myproxy_debug("accepted_credentials not set."); myproxy_debug("server will not allow clients to store credentials."); } if (!context->authorized_retriever_dns) { myproxy_debug("authorized_retrievers not set."); myproxy_debug("server will not allow clients to retrieve credentials."); } if (!context->authorized_renewer_dns) { myproxy_debug("authorized_renewers not set."); myproxy_debug("server will not allow clients to renew credentials."); } if (!context->authorized_key_retrievers_dns) { myproxy_debug("authorized_key_retrievers not set."); myproxy_debug("server will not allow clients to retrieve keys."); } if (context->allow_self_authz) { myproxy_debug("allow_self_authorization is enabled"); } #ifdef HAVE_VOMS if (context->allow_voms_attribute_requests) { myproxy_debug("allow_voms_attribute_requests is set."); myproxy_debug("VOMS attributes will be included on request."); } else { myproxy_debug("allow_voms_attribute_requests is not set."); myproxy_debug("VOMS attribute requests will be ignored."); } #endif if (context->trusted_retriever_dns && !strcmp(context->trusted_retriever_dns[0], "*")) { if (!context->default_trusted_retriever_dns) { verror_put_string("unsafe policy: trusted_retrievers is * but default_trusted_retrievers is not set."); verror_put_string("please consult myproxy-server.config(5) man page."); rval = -1; } else if (!strcmp(context->default_trusted_retriever_dns[0], "*")) { verror_put_string("unsafe policy: trusted_retrievers and default_trusted_retrievers are both *."); verror_put_string("please consult myproxy-server.config(5) man page."); rval = -1; } } if (context->passphrase_policy_pgm) { if (access(context->passphrase_policy_pgm, X_OK) < 0) { verror_put_string("passphrase_policy_pgm %s not executable", context->passphrase_policy_pgm); verror_put_errno(errno); rval = -1; } else { myproxy_log("passphrase policy checking enabled: %s", context->passphrase_policy_pgm); } } if (context->max_proxy_lifetime) { myproxy_log("max_proxy_lifetime: %d seconds", context->max_proxy_lifetime); } if (context->max_cred_lifetime) { myproxy_log("max_cred_lifetime: %d seconds", context->max_cred_lifetime); } if (context->pam_policy && (!strcmp(context->pam_policy, "required") || (strcmp(context->pam_policy, "sufficient")))) { #if defined(HAVE_LIBPAM) myproxy_log("PAM enabled, policy %s", context->pam_policy); if (geteuid()) { myproxy_log("warning: PAM is enabled in myproxy-server.config but the myproxy-server is running as non-root. Some PAM modules won't work as non-root."); } #else verror_put_string("PAM is configured in myproxy-server.config but the myproxy-server is not linked with PAM libraries."); rval = -1; #endif } if (context->sasl_policy && (!strcmp(context->sasl_policy, "required") || (strcmp(context->sasl_policy, "sufficient")))) { #if defined(HAVE_LIBSASL2) myproxy_log("SASL enabled, policy %s", context->sasl_policy); #else verror_put_string("SASL is configured in myproxy-server.config but the myproxy-server is not linked with SASL libraries."); rval = -1; #endif } if (context->certificate_issuer_program && context->certificate_issuer_cert) { verror_put_string("both certificate_issuer_program and certificate_issuer_cert defined"); rval = -1; } if (context->certificate_issuer_program) { if (access(context->certificate_issuer_program, X_OK) < 0) { verror_put_string("certificate_issuer_program %s not executable", context->certificate_issuer_program); verror_put_errno(errno); rval = -1; } else { myproxy_log("CA enabled: %s", context->certificate_issuer_program); } } if (context->certificate_issuer_cert) { if (access(context->certificate_issuer_cert, R_OK) < 0) { verror_put_string("certificate_issuer_cert %s unreadable", context->certificate_issuer_cert); verror_put_errno(errno); rval = -1; } if (context->certificate_openssl_engine_id) { if (!context->certificate_issuer_key) { verror_put_string("certificate_issuer_key not set"); verror_put_errno(errno); rval = -1; } } else { if (access(context->certificate_issuer_key, R_OK) < 0) { verror_put_string("certificate_issuer_key %s unreadable", context->certificate_issuer_key); verror_put_errno(errno); rval = -1; } } if (context->certificate_extfile && context->certificate_extapp) { verror_put_string("either certificate_extfile or certificate_extapp can be specified but not both"); rval = -1; } if (context->certificate_extfile && access(context->certificate_extfile, R_OK) < 0) { verror_put_string("certificate_extfile %s not readable", context->certificate_extfile); verror_put_errno(errno); rval = -1; } if (context->certificate_extapp && access(context->certificate_extapp, X_OK) < 0) { verror_put_string("certificate_extapp %s not executable", context->certificate_extapp); verror_put_errno(errno); rval = -1; } if (context->certificate_mapfile && access(context->certificate_mapfile, R_OK) < 0) { verror_put_string("certificate_mapfile %s not readable", context->certificate_mapfile); verror_put_errno(errno); rval = -1; } if (context->certificate_mapapp && access(context->certificate_mapapp, X_OK) < 0) { verror_put_string("certificate_mapapp %s not executable", context->certificate_mapapp); verror_put_errno(errno); rval = -1; } if (context->certificate_serialfile) { int fd; fd = open(context->certificate_serialfile, O_RDWR|O_CREAT, 0600); if (fd < 0) { verror_put_string("certificate_serialfile %s not writeable", context->certificate_serialfile); verror_put_errno(errno); rval = -1; } else { close(fd); } } if (context->certificate_serial_skip <= 0) { verror_put_string("certificate_serial_skip (%s) <= 0", context->certificate_serial_skip); verror_put_errno(errno); rval = -1; } if (context->certificate_out_dir && access(context->certificate_out_dir, W_OK) < 0) { verror_put_string("certificate_out_dir %s not writeable", context->certificate_out_dir); verror_put_errno(errno); rval = -1; } if (!rval) { myproxy_log("CA enabled"); if (context->max_cert_lifetime) { myproxy_log("max certificate lifetime: %d seconds", context->max_cert_lifetime); } if (context->min_keylen) { myproxy_log("minimum key length: %d bits", context->min_keylen); } if (context->ca_ldap_server) { if (!context->ca_ldap_searchbase) { verror_put_string("ca_ldap_server requires ca_ldap_searchbase"); rval = -1; } if (!context->ca_ldap_uid_attribute) { verror_put_string("ca_ldap_server requires ca_ldap_uid_attribute"); rval = -1; } } } if (context->certificate_request_checker && access(context->certificate_request_checker, X_OK) < 0) { verror_put_string("certificate_request_checker %s not executable", context->certificate_request_checker); verror_put_errno(errno); rval = -1; } if (context->certificate_issuer_checker && access(context->certificate_issuer_checker, X_OK) < 0) { verror_put_string("certificate_issuer_checker %s not executable", context->certificate_issuer_checker); verror_put_errno(errno); rval = -1; } } if (context->accepted_credentials_mapfile) { if (access(context->accepted_credentials_mapfile, R_OK) < 0) { verror_put_string("accepted_credentials_mapfile %s not readable", context->accepted_credentials_mapfile); verror_put_errno(errno); rval = -1; } else { myproxy_log("using accepted_credentials_mapfile %s", context->accepted_credentials_mapfile); } } if (context->accepted_credentials_mapapp && access(context->accepted_credentials_mapapp, X_OK) < 0) { verror_put_string("accepted_credentials_mapapp %s not executable", context->accepted_credentials_mapapp); verror_put_errno(errno); rval = -1; } if (context->check_multiple_credentials) { myproxy_log("Checking multiple credentials during authorization"); } if (context->proxy_extfile && context->proxy_extapp) { verror_put_string("either proxy_extfile or proxy_extapp can be specified but not both"); rval = -1; } if (context->proxy_extfile && access(context->proxy_extfile, R_OK) < 0) { verror_put_string("proxy_extfile %s not readable", context->proxy_extfile); verror_put_errno(errno); rval = -1; } if (context->proxy_extapp && access(context->proxy_extapp, X_OK) < 0) { verror_put_string("proxy_extapp %s not executable", context->proxy_extapp); verror_put_errno(errno); rval = -1; } if (context->cert_dir == NULL) myproxy_log("cert_dir not specified in config file, so " "no trustroots will be provided to clients"); else if (!myproxy_check_cert_dir(context->cert_dir)) { verror_put_string("The trustroots directory %s has failed sanity" " checks.", context->cert_dir); rval = -1; } return rval; } /********************************************************************** * * API Functions * */ static const char default_config_file[] = "/etc/myproxy-server.config"; int myproxy_server_config_read(myproxy_server_context_t *context) { FILE *config_stream = NULL; const char *config_open_mode = "r"; int rc; int return_code = -1; if (context == NULL) { verror_put_errno(EINVAL); return -1; } if (context->config_file == NULL) { if (access(default_config_file, R_OK) == 0) { context->config_file = strdup(default_config_file); if (context->config_file == NULL) { verror_put_string("strdup() failed"); return -1; } } else { char *conf, *GL; GL = getenv("GLOBUS_LOCATION"); if (!GL) { verror_put_string("$GLOBUS_LOCATION undefined. " "myproxy-server.config not found.\n"); return -1; } conf = (char *)malloc(strlen(GL)+strlen(default_config_file)+1); if (!conf) { perror("malloc()"); exit(1); } sprintf(conf, "%s%s", GL, default_config_file); if (access(conf, R_OK) < 0) { fprintf(stderr, "%s not found.\n", conf); exit(1); } context->config_file = conf; } } config_stream = fopen(context->config_file, config_open_mode); if (config_stream == NULL) { verror_put_errno(errno); verror_put_string("opening configuration file \"%s\"", context->config_file); goto error; } myproxy_log("reading configuration file %s", context->config_file); /* Clear any outstanding error */ verror_clear(); /* Clear any existing configuration */ clear_server_context(context); rc = vparse_stream(config_stream, NULL /* Default vparse options */, line_parse_callback, context); if (rc == -1) { verror_put_string("Error parsing configuration file %s", context->config_file); goto error; } if (verror_is_error()) { /* Some sort of error occurred during parsing */ goto error; } return_code = check_config(context); error: if (config_stream != NULL) { fclose(config_stream); } return return_code; } int myproxy_server_check_policy_list_ext(const char **policy_list, myproxy_server_peer_t *client) { const char *policy; int ret; if ((policy_list == NULL) || (client == NULL)) { return 0; } while ((policy = *policy_list++) != NULL) { ret = myproxy_server_check_policy_ext(policy, client); if (ret == 1) return 1; } return 0; } int myproxy_server_check_policy_list(const char **dn_list, const char *client) { myproxy_server_peer_t peer; memset(&peer, 0, sizeof(peer)); strncpy(peer.name, client, sizeof(peer.name)-1); return myproxy_server_check_policy_list_ext(dn_list, &peer); } int myproxy_server_check_policy_ext(const char *policy, myproxy_server_peer_t *client) { if ((policy == NULL) || (client == NULL)) { return 0; } if (strncasecmp(policy, MYPROXY_SERVER_POLICY_TYPE_FQAN, strlen(MYPROXY_SERVER_POLICY_TYPE_FQAN)) == 0) { if (client->fqans == NULL) return 0; policy += strlen(MYPROXY_SERVER_POLICY_TYPE_FQAN); return name_in_list_matches_policy((const char **)client->fqans, policy); } else if (strncasecmp(policy, MYPROXY_SERVER_POLICY_TYPE_SUBJECT, strlen(MYPROXY_SERVER_POLICY_TYPE_SUBJECT)) == 0) { policy += strlen(MYPROXY_SERVER_POLICY_TYPE_SUBJECT); } return regex_compare(policy, client->name); } int myproxy_server_check_policy(const char *dn_regex, const char *client) { myproxy_server_peer_t peer; memset(&peer, 0, sizeof(peer)); strncpy(peer.name, client, sizeof(peer.name)-1); return myproxy_server_check_policy_ext(dn_regex, &peer); } myproxy-6.2.16/man/0000755000175100017510000000000014557145304011123 500000000000000myproxy-6.2.16/man/myproxy-admin-addservice.80000644000175100017510000001235314557142036016063 00000000000000.TH myproxy-admin-adduser 8 "2011-09-05" "MyProxy" "MyProxy" .SH NAME myproxy-admin-adduser \- add a user or service credential .SH SYNOPSIS .B myproxy-admin-adduser [ .I options ] .P .B myproxy-admin-addservice [ .I options ] .SH DESCRIPTION The .B myproxy-admin-adduser and .B myproxy-admin-addservice commands create a new credential for a user or service and load it into the MyProxy repository. They are .BR perl (1) scripts that run .B grid-cert-request (a standard Grid Community Toolkit program) and .B grid-ca-sign (from the Globus Simple CA package) to create the credential and then run .BR myproxy-admin-load-credential (8) to load the credential into the MyProxy repository. .PP The command prompts for the common name to be included in the new certificate (if the .B -c argument is not specified), the Globus Simple CA key password for signing the certificate, the MyProxy username (if the .B -l or .B -d arguments are not specified), and the MyProxy passphrase for the credential. Most of the command-line options for this command are passed directly to the .BR myproxy-admin-load-credential (8) command. .PP The .B grid-ca-sign program is not provided in the MyProxy distribution. It must be installed separately, from the Globus Simple CA package. .SH OPTIONS .TP .B -h Displays command usage text and exits. .TP .B -u Displays command usage text and exits. .TP .B -v Enables verbose debugging output to the terminal. .TP .BI -c " cn" Specifies the Common Name for the new credential (for example: "Jim Basney"). .TP .BI -s " dir" Specifies the location of the credential storage directory. The directory must be accessible only by the user running the .B myproxy-server process for security reasons. Default: /var/lib/myproxy or /var/myproxy or $GLOBUS_LOCATION/var/myproxy .TP .BI -l " username" Specifies the MyProxy account under which the credential should be stored. .TP .BI -t " hours" Specifies the maximum lifetime of credentials retrieved from the .BR myproxy-server (8) using the stored credential. Default: 12 hours .TP .BI -p " CA-password" Specifies the password for the CA's private key using the format documented in the PASS PHRASE ARGUMENTS section of .BR openssl (1). .TP .B -n Disables passphrase authentication for the stored credential. If specified, the command will not prompt for a passphrase, the credential will not be encrypted by a passphrase in the repository, and the credential will not be retrievable using passphrase authentication with .BR myproxy-logon (1). This option is used for storing renewable credentials and is implied by .BR -R . .TP .B -d Use the certificate subject (DN) as the username. .TP .B -a Allow credentials to be retrieved with just pass phrase authentication. By default, only entities with credentials that match the .BR myproxy-server.config (5) default retriever policy may retrieve credentials. This option allows entities without existing credentials to retrieve a credential using pass phrase authentication by including "anonymous" in the set of allowed retrievers. The .BR myproxy-server.config (5) server-wide policy must also allow "anonymous" clients for this option to have an effect. .TP .B -A Allow credentials to be renewed by any client. Any client with a valid credential with a subject name that matches the stored credential may retrieve a new credential from the MyProxy repository if this option is given. Since this effectively defeats the purpose of proxy credential lifetimes, it is not recommended. It is included only for sake of completeness. .TP .BI -r " name" Allow the specified entity to retrieve credentials. See .B -x and .B -X options for controlling name matching behavior. .TP .BI -R " name" Allow the specified entity to renew credentials. See .B -x and .B -X options for controlling name matching behavior. This option implies .B -n since passphrase authentication is not used for credential renewal. .TP .BI -Z " name, " --retrievable_by_cert " name" Allow the specified entity to retrieve credentials without a passphrase. See .B -x and .B -X options for controlling name matching behavior. This option implies .BR -n . .TP .B -x Specifies that names used with following options .BR -r , .BR -R , and .B -Z will be matched against the full certificate subject distinguished name (DN) according to .B REGULAR EXPRESSIONS in .BR myproxy-server.config (5). .TP .B -X Specifies that names used with following options .BR -r , .BR -R , and .B -Z will be matched against the certificate subject common name (CN) according to .B REGULAR EXPRESSIONS in .BR myproxy-server.config (5). For example, if an argument of .B -r "Jim Basney" is specified, then the resulting policy will be "*/CN=Jim Basney". This is the default behavior. .TP .BI -k " name" Specifies the credential name. .TP .BI -K " description" Specifies credential description. .SH "EXIT STATUS" 0 on success, >0 on error .SH AUTHORS See .B http://grid.ncsa.illinois.edu/myproxy/about for the list of MyProxy authors. .SH "SEE ALSO" .BR myproxy-change-pass-phrase (1), .BR myproxy-destroy (1), .BR myproxy-info (1), .BR myproxy-init (1), .BR myproxy-logon (1), .BR myproxy-retrieve (1), .BR myproxy-store (1), .BR myproxy-server.config (5), .BR myproxy-admin-change-pass (8), .BR myproxy-admin-load-credential (8), .BR myproxy-admin-query (8), .BR myproxy-server (8) myproxy-6.2.16/man/myproxy-admin-query.80000644000175100017510000000646414557142036015125 00000000000000.TH myproxy-admin-query 8 "2011-09-19" "MyProxy" "MyProxy" .SH NAME myproxy-admin-query \- query MyProxy repository contents .SH SYNOPSIS .B myproxy-admin-query [ .I options ] .SH DESCRIPTION The .B myproxy-admin-query command displays information about the credentials stored in the MyProxy repository. It can also be used to remove credentials from the repository, by combining query options with .BR --remove . It accesses the repository directly and must be run on the machine where the .BR myproxy-server (8) is installed from the account that owns the repository. .P An example cron job for running .B myproxy-admin-query periodically to remove invalid (expired, revoked, etc.) credentials from the repository is provided at .IR $GLOBUS_LOCATION/share/myproxy/myproxy.cron . .SH OPTIONS .TP .B -h, --help Displays command usage text and exits. .TP .B -u, --usage Displays command usage text and exits. .TP .B -v, --verbose Enables verbose debugging output to the terminal. .TP .B -V, --version Displays version information and exits. .TP .BI -l " username, " --username " username" Return information on credentials for a single username. By default, the command returns information on all credentials for all usernames. .TP .BI -k " name, " --credname " name" Return information on the credentials with the specified name. .TP .BI -o " DN, " --owner " DN" Return information on the credentials owned by the specified distinguished name. .TP .BI -e " hours, " --expiring_in " hours" Return information on credentials with remaining lifetime less than the specified number of hours. For example, .BI -e " 0" will return all expired credentials. .TP .BI -t " hours, " --time_left " hours" Return information on credentials with remaining lifetime greater than the specified number of hours. .TP .B -i, --invalid Return information on invalid (expired, revoked, etc.) credentials. .TP .BI -s " dir, " --storage " dir" Specifies the location of the credential storage directory. The directory must be accessible only by the user running the .B myproxy-server process for security reasons. Default: /var/lib/myproxy or /var/myproxy or $GLOBUS_LOCATION/var/myproxy .TP .BI -c " file, " --config " file" Specifies the location of the .B myproxy-server configuration file, for OCSP options. Default: /etc/myproxy-server.config or $GLOBUS_LOCATION/etc/myproxy-server.config .TP .B -r, --remove Remove the credentials matching the query from the repository. For example, .I myproxy-admin-query -e 0 -r will remove all expired credentials from the repository. .TP .BI -L " 'msg', " --lock " 'msg'" Places the credentials matching the query under an administrative lock and specifies a message to be returned on access attempts. Be sure to put the message in quotes so it is captured as one argument to the command. .TP .B -U, --unlock Removes any administrative locks for the credentials matching the query. .SH "EXIT STATUS" 0 on success, >0 on error .SH AUTHORS See .B http://grid.ncsa.illinois.edu/myproxy/about for the list of MyProxy authors. .SH "SEE ALSO" .BR myproxy-change-pass-phrase (1), .BR myproxy-destroy (1), .BR myproxy-init (1), .BR myproxy-logon (1), .BR myproxy-retrieve (1), .BR myproxy-store (1), .BR myproxy-server.config (5), .BR myproxy-admin-adduser (8), .BR myproxy-admin-change-pass (8), .BR myproxy-admin-load-credential (8), .BR myproxy-server (8) myproxy-6.2.16/man/Makefile.in0000644000175100017510000004640614557142526013125 00000000000000# Makefile.in generated by automake 1.13.4 from Makefile.am. # @configure_input@ # Copyright (C) 1994-2013 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ VPATH = @srcdir@ am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ *) echo "am__make_running_with_option: internal error: invalid" \ "target option '$${target_option-}' specified" >&2; \ exit 1;; \ esac; \ has_opt=no; \ sane_makeflags=$$MAKEFLAGS; \ if $(am__is_gnu_make); then \ sane_makeflags=$$MFLAGS; \ else \ case $$MAKEFLAGS in \ *\\[\ \ ]*) \ bs=\\; \ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ esac; \ fi; \ skip_next=no; \ strip_trailopt () \ { \ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ }; \ for flg in $$sane_makeflags; do \ test $$skip_next = yes && { skip_next=no; continue; }; \ case $$flg in \ *=*|--*) continue;; \ -*I) strip_trailopt 'I'; skip_next=yes;; \ -*I?*) strip_trailopt 'I';; \ -*O) strip_trailopt 'O'; skip_next=yes;; \ -*O?*) strip_trailopt 'O';; \ -*l) strip_trailopt 'l'; skip_next=yes;; \ -*l?*) strip_trailopt 'l';; \ -[dEDm]) skip_next=yes;; \ -[JT]) skip_next=yes;; \ esac; \ case $$flg in \ *$$target_option*) has_opt=yes; break;; \ esac; \ done; \ test $$has_opt = yes am__make_dryrun = (target_option=n; $(am__make_running_with_option)) am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = man DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ $(top_srcdir)/myproxy-date.inc $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = AM_V_P = $(am__v_P_@AM_V@) am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) am__v_P_0 = false am__v_P_1 = : AM_V_GEN = $(am__v_GEN_@AM_V@) am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) am__v_GEN_0 = @echo " GEN " $@; am__v_GEN_1 = AM_V_at = $(am__v_at_@AM_V@) am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) am__v_at_0 = @ am__v_at_1 = SOURCES = DIST_SOURCES = am__can_run_installinfo = \ case $$AM_UPDATE_INFO_DIR in \ n|no|NO) false;; \ *) (install-info --version) >/dev/null 2>&1;; \ esac am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; am__install_max = 40 am__nobase_strip_setup = \ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` am__nobase_strip = \ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" am__nobase_list = $(am__nobase_strip_setup); \ for p in $$list; do echo "$$p $$p"; done | \ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ if (++n[$$2] == $(am__install_max)) \ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ END { for (dir in files) print dir, files[dir] }' am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__uninstall_files_from_dir = { \ test -z "$$files" \ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ $(am__cd) "$$dir" && rm -f $$files; }; \ } man1dir = $(mandir)/man1 am__installdirs = "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man5dir)" \ "$(DESTDIR)$(man8dir)" man5dir = $(mandir)/man5 man8dir = $(mandir)/man8 NROFF = nroff MANS = $(man_MANS) am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AGE_VERSION = @AGE_VERSION@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ AS = @AS@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DLLTOOL = @DLLTOOL@ DSYMUTIL = @DSYMUTIL@ DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GLOBUS_CFLAGS = @GLOBUS_CFLAGS@ GLOBUS_LIBS = @GLOBUS_LIBS@ GREP = @GREP@ GSI_CERT_UTILS_PATH = @GSI_CERT_UTILS_PATH@ GSI_PROXY_UTILS_PATH = @GSI_PROXY_UTILS_PATH@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ KRB5CPPFLAGS = @KRB5CPPFLAGS@ LD = @LD@ LDFLAGS = @LDFLAGS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAJOR_VERSION = @MAJOR_VERSION@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MICRO_VERSION = @MICRO_VERSION@ MINOR_VERSION = @MINOR_VERSION@ MKDIR_P = @MKDIR_P@ MYPROXY_DATE = @MYPROXY_DATE@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ OPENSSL = @OPENSSL@ OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ OPENSSL_LIBS = @OPENSSL_LIBS@ OTOOL = @OTOOL@ OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_DEPS = @PACKAGE_DEPS@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ RANLIB = @RANLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ SYSLIBS = @SYSLIBS@ VERSION = @VERSION@ VOMS_LIBS = @VOMS_LIBS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ man_MANS = myproxy-admin-adduser.8 \ myproxy-admin-addservice.8 \ myproxy-admin-change-pass.8 \ myproxy-admin-load-credential.8 \ myproxy-admin-query.8 \ myproxy-change-pass-phrase.1 \ myproxy-destroy.1 \ myproxy-get-delegation.1 \ myproxy-get-trustroots.1 \ myproxy-info.1 \ myproxy-init.1 \ myproxy-logon.1 \ myproxy-replicate.8 \ myproxy-retrieve.1 \ myproxy-server.8 \ myproxy-server.config.5 \ myproxy-store.1 EXTRA_DIST = $(man_MANS) all: all-am .SUFFIXES: $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign man/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --foreign man/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs install-man1: $(man_MANS) @$(NORMAL_INSTALL) @list1=''; \ list2='$(man_MANS)'; \ test -n "$(man1dir)" \ && test -n "`echo $$list1$$list2`" \ || exit 0; \ echo " $(MKDIR_P) '$(DESTDIR)$(man1dir)'"; \ $(MKDIR_P) "$(DESTDIR)$(man1dir)" || exit 1; \ { for i in $$list1; do echo "$$i"; done; \ if test -n "$$list2"; then \ for i in $$list2; do echo "$$i"; done \ | sed -n '/\.1[a-z]*$$/p'; \ fi; \ } | while read p; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; echo "$$p"; \ done | \ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ sed 'N;N;s,\n, ,g' | { \ list=; while read file base inst; do \ if test "$$base" = "$$inst"; then list="$$list $$file"; else \ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst" || exit $$?; \ fi; \ done; \ for i in $$list; do echo "$$i"; done | $(am__base_list) | \ while read files; do \ test -z "$$files" || { \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man1dir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(man1dir)" || exit $$?; }; \ done; } uninstall-man1: @$(NORMAL_UNINSTALL) @list=''; test -n "$(man1dir)" || exit 0; \ files=`{ for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.1[a-z]*$$/p'; \ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ dir='$(DESTDIR)$(man1dir)'; $(am__uninstall_files_from_dir) install-man5: $(man_MANS) @$(NORMAL_INSTALL) @list1=''; \ list2='$(man_MANS)'; \ test -n "$(man5dir)" \ && test -n "`echo $$list1$$list2`" \ || exit 0; \ echo " $(MKDIR_P) '$(DESTDIR)$(man5dir)'"; \ $(MKDIR_P) "$(DESTDIR)$(man5dir)" || exit 1; \ { for i in $$list1; do echo "$$i"; done; \ if test -n "$$list2"; then \ for i in $$list2; do echo "$$i"; done \ | sed -n '/\.5[a-z]*$$/p'; \ fi; \ } | while read p; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; echo "$$p"; \ done | \ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ sed 'N;N;s,\n, ,g' | { \ list=; while read file base inst; do \ if test "$$base" = "$$inst"; then list="$$list $$file"; else \ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man5dir)/$$inst'"; \ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man5dir)/$$inst" || exit $$?; \ fi; \ done; \ for i in $$list; do echo "$$i"; done | $(am__base_list) | \ while read files; do \ test -z "$$files" || { \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man5dir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(man5dir)" || exit $$?; }; \ done; } uninstall-man5: @$(NORMAL_UNINSTALL) @list=''; test -n "$(man5dir)" || exit 0; \ files=`{ for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.5[a-z]*$$/p'; \ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ dir='$(DESTDIR)$(man5dir)'; $(am__uninstall_files_from_dir) install-man8: $(man_MANS) @$(NORMAL_INSTALL) @list1=''; \ list2='$(man_MANS)'; \ test -n "$(man8dir)" \ && test -n "`echo $$list1$$list2`" \ || exit 0; \ echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \ $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \ { for i in $$list1; do echo "$$i"; done; \ if test -n "$$list2"; then \ for i in $$list2; do echo "$$i"; done \ | sed -n '/\.8[a-z]*$$/p'; \ fi; \ } | while read p; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; echo "$$p"; \ done | \ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ sed 'N;N;s,\n, ,g' | { \ list=; while read file base inst; do \ if test "$$base" = "$$inst"; then list="$$list $$file"; else \ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \ fi; \ done; \ for i in $$list; do echo "$$i"; done | $(am__base_list) | \ while read files; do \ test -z "$$files" || { \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \ done; } uninstall-man8: @$(NORMAL_UNINSTALL) @list=''; test -n "$(man8dir)" || exit 0; \ files=`{ for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.8[a-z]*$$/p'; \ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir) tags TAGS: ctags CTAGS: cscope cscopelist: distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile $(MANS) installdirs: for dir in "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man5dir)" "$(DESTDIR)$(man8dir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: if test -z '$(STRIP)'; then \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ install; \ else \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ fi mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-am clean-am: clean-generic clean-libtool mostlyclean-am distclean: distclean-am -rm -f Makefile distclean-am: clean-am distclean-generic dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-man install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-man1 install-man5 install-man8 install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-generic mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-man uninstall-man: uninstall-man1 uninstall-man5 uninstall-man8 .MAKE: install-am install-strip .PHONY: all all-am check check-am clean clean-generic clean-libtool \ cscopelist-am ctags-am distclean distclean-generic \ distclean-libtool distdir dvi dvi-am html html-am info info-am \ install install-am install-data install-data-am install-dvi \ install-dvi-am install-exec install-exec-am install-html \ install-html-am install-info install-info-am install-man \ install-man1 install-man5 install-man8 install-pdf \ install-pdf-am install-ps install-ps-am install-strip \ installcheck installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-generic \ mostlyclean-libtool pdf pdf-am ps ps-am tags-am uninstall \ uninstall-am uninstall-man uninstall-man1 uninstall-man5 \ uninstall-man8 myproxy-logon.1: myproxy-get-delegation.1 rm -f myproxy-logon.1 $(LN_S) $(srcdir)/myproxy-get-delegation.1 myproxy-logon.1 myproxy-admin-addservice.8: myproxy-admin-adduser.8 rm -f myproxy-admin-addservice.8 $(LN_S) $(srcdir)/myproxy-admin-adduser.8 myproxy-admin-addservice.8 # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: myproxy-6.2.16/man/myproxy-replicate.80000644000175100017510000001371214557142036014634 00000000000000.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 .\" .\" Standard preamble: .\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp .ne 5 .PP \fB\\$1\fR .PP .. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a .\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to .\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' .\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' 'br\} .\" .\" If the F register is turned on, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . nr % 0 . rr F .\} .\" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "MYPROXY-REPLICATE 8" .TH MYPROXY-REPLICATE 8 "2005-05-3" "perl v5.8.4" "User Contributed Perl Documentation" .SH "NAME" \&\fBmyproxy\-replicate\fR \- Stores data from the MyProxy master repository to all the slave servers. .SH "SYNOPSIS" .IX Header "SYNOPSIS" \&\fBmyproxy-replicate\fR [options] ... .PP .Vb 7 \& Options: \& [\-verbose|\-v] Print copious output \& [\-help|\-h] Print usage \& [\-storage|\-r]= Directory of the MyProxy repository. \& [\-config|\-c]= Directory of the MyProxy Server \& configuration file. \& [\-debug|\-d] Run in debug mode .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBmyproxy-replicate\fR Replicates data. .PP This utility will read a specified MyProxy repository and send any new or changed data to a slave MyProxy server. The slave servers are specified in the \fB\f(BImyproxy\-server.config\fB\|(5)\fR file. .PP This utility will need to run at some specified interval in order to keep the slave repositories semi current with the Master repository. This can best be accomplished using cron, or some similar mechanism. .SH "OPTIONS" .IX Header "OPTIONS" .IP "\fB\-v\fR, \fB\-verbose\fR" 8 .IX Item "-v, -verbose" Enables verbose debugging output to the terminal. .IP "\fB\-h\fR, \fB\-help\fR" 8 .IX Item "-h, -help" Displays command usage text and exits. .IP "\fB\-u\fR, \fB\-usage\fR" 8 .IX Item "-u, -usage" Displays command usage text and exits. .IP "\fB\-r\fR \fIdir\fR, \fB\-storage\fR \fIdir\fR" 8 .IX Item "-r dir, -storage dir" Specifies the location of the credential storage directory. The directory must be accessible only by the user running the \&\fBmyproxy-server\fR process for security reasons. Default: /var/lib/myproxy or /var/myproxy or \f(CW$GLOBUS_LOCATION\fR/var/myproxyA .IP "\fB\-c\fR \fIfile\fR, \fB\-config\fR \fIfile\fR" 8 .IX Item "-c file, -config file" Specifies the location of the myproxy-server configuration file. Default: /etc/myproxy\-server.config or \f(CW$GLOBUS_LOCA\fR\-TION/etc/myproxy\-server.config .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fImyproxy\-init\fR\|(1) \fImyproxy\-store\fR\|(1) \fImyproxy\-retrieve\fR\|(1) \fImyproxy\-delegate\fR\|(1) \&\fImyproxy\-server\fR\|(8) \fImyproxy\-server.config\fR\|(5) .SH "AUTHOR" .IX Header "AUTHOR" myproxy-6.2.16/man/myproxy-change-pass-phrase.10000644000175100017510000001242614557142036016327 00000000000000.TH myproxy-change-pass-phrase 1 "2009-12-1" "MyProxy" "MyProxy" .SH NAME myproxy-change-pass-phrase \- change MyProxy passphrase .SH SYNOPSIS .B myproxy-change-pass-phrase [ .I options ] .SH DESCRIPTION The .B myproxy-change-pass-phrase command changes the passphrase under which a credential is protected in the MyProxy repository. The command first prompts for the current passphrase for the credential, then prompts twice for the new passphrase. Only the credential owner can change a credential's passphrase. The user must have a valid proxy credential as generated by .B grid-proxy-init or retrieved by .BR myproxy-logon (1) when running this command. .SH OPTIONS .TP .B -h, --help Displays command usage text and exits. .TP .B -u, --usage Displays command usage text and exits. .TP .B -v, --verbose Enables verbose debugging output to the terminal. .TP .B -V, --version Displays version information and exits. .TP .BI -s " hostname[:port], " --pshost " hostname[:port]" Specifies the hostname(s) of the myproxy-server(s). Multiple hostnames, each hostname optionally followed by a ':' and port number, may be specified in a comma-separated list. This option is required if the .B MYPROXY_SERVER environment variable is not defined. If specified, this option overrides the .B MYPROXY_SERVER environment variable. If a port number is specified with a hostname, it will override the -p option as well as the .B MYPROXY_SERVER_PORT environment variable for that host. .TP .BI -p " port, " --psport " port" Specifies the TCP port number of the .BR myproxy-server (8). Default: 7512 .TP .BI -l " username, " --username " username" Specifies the MyProxy account under which the credential should be stored. By default, the command uses the value of the .B LOGNAME environment variable. Use this option to specify a different account username on the MyProxy server. The MyProxy username need not correspond to a real Unix username. .TP .B -d, --dn_as_username Use the certificate subject (DN) as the default username, instead of the .B LOGNAME environment variable. .TP .BI -k " name, " --credname " name" Specifies the credential name. .TP .B -S, --stdin_pass By default, the command prompts for a passphrase and reads the passphrase from the active tty. When running the command non-interactively, there may be no associated tty. Specifying this option tells the command to read passphrases from standard input without prompts or confirmation. .SH "EXIT STATUS" 0 on success, >0 on error .SH ENVIRONMENT .TP .B GLOBUS_GSSAPI_NAME_COMPATIBILITY This client will, by default, perform a reverse-DNS lookup to determine the FQHN (Fully Qualified Host Name) to use in verifying the identity of the server by checking the FQHN against the CN in server's certificate. Setting this variable to .B STRICT_RFC2818 will cause the reverse-DNS lookup to NOT be performed and the user-specified name to be used instead. This variable setting will be ignored if .B MYPROXY_SERVER_DN (described later) is set. .TP .B MYPROXY_SERVER Specifies the hostname(s) where the .BR myproxy-server (8) is running. Multiple hostnames can be specified in a comma separated list with each hostname optionally followed by a ':' and port number. This environment variable can be used in place of the .B -s option. .TP .B MYPROXY_SERVER_PORT Specifies the port where the .BR myproxy-server (8) is running. This environment variable can be used in place of the .B -p option. .TP .B MYPROXY_SERVER_DN Specifies the distinguished name (DN) of the .BR myproxy-server (8). All MyProxy client programs authenticate the server's identity. By default, the MyProxy client programs expect the server to have a distinguished name with "/CN=host/" or "/CN=myproxy/" or "/CN=" (where is the fully-qualified hostname of the server). If the server is running with some other DN, you can set this environment variable to tell the MyProxy clients to accept the alternative DN. Also see .B GLOBUS_GSSAPI_NAME_COMPATIBILITY above. .TP .B MYPROXY_TCP_PORT_RANGE Specifies a range of valid port numbers in the form "min,max" for the client side of the network connection to the server. By default, the client will bind to any available port. Use this environment variable to restrict the ports used to a range allowed by your firewall. If unset, MyProxy will follow the setting of the .B GLOBUS_TCP_PORT_RANGE environment variable. .TP .B X509_USER_CERT Specifies a non-standard location for the certificate to be used for authentication to the .BR myproxy-server (8). .TP .B X509_USER_KEY Specifies a non-standard location for the private key to be used for authentication to the .BR myproxy-server (8). .TP .B X509_USER_PROXY Specifies a non-standard location for the proxy credential to be used for authentication to the .BR myproxy-server (8). .TP .B X509_CERT_DIR Specifies a non-standard location for the CA certificates directory. .SH AUTHORS See .B http://grid.ncsa.illinois.edu/myproxy/about for the list of MyProxy authors. .SH "SEE ALSO" .BR myproxy-destroy (1), .BR myproxy-get-trustroots (1), .BR myproxy-info (1), .BR myproxy-init (1), .BR myproxy-logon (1), .BR myproxy-retrieve (1), .BR myproxy-store (1), .BR myproxy-server.config (5), .BR myproxy-admin-adduser (8), .BR myproxy-admin-change-pass (8), .BR myproxy-admin-load-credential (8), .BR myproxy-admin-query (8), .BR myproxy-server (8) myproxy-6.2.16/man/myproxy-server.config.50000644000175100017510000010170214557142036015430 00000000000000.TH myproxy-server.config 5 "2014-07-12" "MyProxy" "MyProxy" .SH NAME myproxy-server.config \- myproxy-server configuration file .SH DESCRIPTION The .B myproxy-server.config file sets the policy for the .BR myproxy-server (8), specifying what credentials may be stored in the server's repository, who is authorized to retrieve credentials, and other configurable server behaviors. By default, the .BR myproxy-server (8) looks for this file in .I /etc/myproxy-server.config and if it is not found there, it looks in .IR $GLOBUS_LOCATION/etc/myproxy-server.config . A template is provided at .IR $GLOBUS_LOCATION/share/myproxy/myproxy-server.config . The .B myproxy-server -c option can be used to specify an alternative location. .PP The following lines set access control policies according to the client's certificate subject distinguished name (DN). Note that MyProxy uses non-standard regular expressions for distinguished name (DN) matching. See the .B REGULAR EXPRESSIONS section below for details. .TP .BI accepted_credentials " \*(lqDN regex\*(rq" Each of these lines allows any clients whose DNs match the given limited regex to connect to the myproxy-server and store credentials with it for future retrieval. Any number of these lines may appear. For backwards compatibility, these lines can also start with .B allowed_clients instead of .BR accepted_credentials . If no .B accepted_credentials lines are specified, the server will not allow any clients to store credentials. .TP .BI authorized_retrievers " \*(lqDN regex\*(rq" Each of these lines allows the server administrator to set server-wide policies for credential retrievers. If the client DN does not match the given limited regex, the client is not allowed to retrieve credentials from the server. In addition to the server-wide policy, myproxy also provides support for per-credential policy. The user can specify the regex DN of the allowed retrievers of the credential when uploading the credential (using .BR myproxy-init (1) or .BR myproxy-store (1)). The retrieval client DN must also match the user specified regex. In order to retrieve credentials the client also needs to know the name and pass phrase provided by the client when the credentials were stored. Any number of these lines may appear. For backwards compatibility, these lines can also start with .B allowed_services instead of .BR authorized_retrievers . If no .B authorized_retrievers lines are specified, the server will not allow any clients to retrieve credentials. .TP .BI default_retrievers " \*(lqDN regex\*(rq" Each of these lines allows the server administrator to set server-wide default policies. The regex specifies the clients who can access the credentials. The default retriever policy is enforced if a per-credential policy is not specified on upload (using .BR myproxy-init (1) or .BR myproxy-store (1)). In other words, the client can override this policy for a credential on upload. The per-credential policy is enforced in addition to the server-wide policy specified by the authorized_retrievers line (which clients can not override). Any number of these lines may be present. For backwards compatibility, if no .B default_retrievers line is specified, the default policy is "*", which allows any client to pass the per-credential policy check. (The client must still pass the .B authorized_retrievers check.) .TP .BI authorized_renewers " \*(lqDN regex\*(rq" Each of these lines allows the server administrator to set server-wide policies for authorized renewers. If the client DN does not match the given limited regex the client is not allowed to renew the credentials previously stored by a client. See .B allow_self_authorization below for a further restriction on this policy. In addition to the server-wide policy, myproxy also provides support for per-credential policy. The user can specify the regex DN of the allowed renewers of the credential on upload (using .BR myproxy-init (1)). The renewal client DN must match both this regex and the user specified regex. In this case, the client must also already have a credential with a DN matching the DN of the credentials to be retrieved, to be used in a second authorization step (see the .B -a options for .BR myproxy-logon (1) and .BR myproxy-retrieve (1)). .TP .BI default_renewers " \*(lqDN regex\*(rq" Each of these lines allows the server administrator to set server-wide default renewer policies. The regex specifies the clients who can renew the credentials. The default renewer policy is enforced if a per-credential policy is not specified on upload (using .BR myproxy-init (1)). This is enforced in addition to the server-wide policy specified by the .B authorized_renewers line. Any number of these lines may appear. For backwards compatibility, if no default_renewers line is specified, the default policy is "*", which allows any client to pass the per-credential policy check. (The client must still pass the .B authorized_renewers check.) .TP .BI authorized_key_retrievers " \*(lqDN regex\*(rq" This policy controls who can retrieve credentials (certificates and keys) directly from the repository using .BR myproxy-retrieve (1). Clients must also match the .B authorized_retrievers policy. If no .B authorized_key_retrievers lines are specified, the server will not allow any clients to retrieve keys directly from the repository. .TP .BI default_key_retrievers " \*(lqDN regex\*(rq" This policy applies if a per-credential policy is not specified on upload (using .BR myproxy-init (1) or .BR myproxy-store (1)). In other words, the client can override this policy for a credential on upload. The per-credential policy is enforced in addition to the server-wide policy specified by the authorized_key_retrievers line (which clients can not override). Any number of these lines may be present. If no .B default_key_retrievers line is specified, the default policy is "*", which allows any client to pass the per-credential policy check. (The client must still pass the .B authorized_key_retrievers check.) .TP .BI trusted_retrievers " \*(lqDN regex\*(rq" This policy controls who can retrieve credentials without further authentication. By default, clients that match .B authorized_retrievers must perform additional authentication (such as passphrase, PAM, or SASL) to retrieve credentials. However, authenticated clients that match both .B authorized_retrievers and .B trusted_retrievers do not need to perform additional authentication, unless the credentials are protected by a passphrase, in which case the passphrase is still required. Note: The .BR myproxy-server (8) will fail on startup or reconfig with an "unsafe policy" error if a policy of .BI trusted_retrievers " \*(lq*\*(rq" is specified without also specifying a restrictive .B default_trusted_retrievers policy, to avoid an unsafe policy that would release credentials to all clients without additional authentication. See also .B allow_self_authorization below for a further restriction on this policy. .TP .BI default_trusted_retrievers " \*(lqDN regex\*(rq" If a user doesn't set a trusted retrieval policy with the credential on upload (via .B 'myproxy-init .BR -Z' ), the .BR myproxy-server (8) will apply the following policy in addition to the .B trusted_retrievers policy. If no .B default_trusted_retrievers policy is set, then only the .B trusted_retrievers policy is applied. .PP The following lines in the configuration file set other server options. .TP .BI passphrase_policy_program " full-path-to-script" This line specifies a program to run whenever a passphrase is set or changed for implementing a local password policy. The program is passed the new passphrase via stdin and is passed the following arguments: username, distinguished name, credential name (if any), per-credential retriever policy (if any), and per-credential renewal policy (if any). If the passphrase is acceptable, the program should exit with status 0. Otherwise, it should exit with non-zero status, causing the operation in progress (credential load, passphrase change) to fail with the error message provided by the program's stdout. Note: You must specify the full path to the external program. $GLOBUS_LOCATION can't be used in the myproxy-server.config file. A sample program is installed in .I $GLOBUS_LOCATION/share/myproxy/myproxy-passphrase-policy but is not enabled by default. .RS .PP .B Be sure to follow secure coding practices for this call-out: .PD 0 .PP - Don't allow input to overflow fixed-size buffers. .PP - Don't pass unchecked input to a shell command. .PD .RE .TP .BI cert_dir " full-path-to-certificates-directory" Specifies the path to the CA certificates directory to be returned to clients requesting trust roots (such as via the .BR myproxy-logon (1) .B -T option). .TP .BI max_proxy_lifetime " hours" This line specifies a server-wide maximum lifetime for retrieved proxy credentials. By default, no server-wide maximum is enforced. However, if this option is specified, the server will limit the lifetime of any retrieved proxy credentials to the value given. .TP .BI max_cred_lifetime " hours" This line specifies a server-wide maximum lifetime for stored credentials. By default, no server-wide maximum is enforced. However, if this option is specified, the server will limit the lifetime of any stored credentials to the value given. .TP .BI ignore_globus_limited_proxy_flag " boolean" By default, MyProxy will respect the policy of "limited" proxy certificates as follows. If a client authenticates with a limited proxy, the client should only be able to obtain another limited proxy, not a full proxy or end entity certificate. Thus, the MyProxy CA will not accept limited proxies for authentication. However, if this option is set to true, MyProxy will treat limited proxy certificates as if they were full proxy certificates. .TP .BI allow_self_authorization " boolean" By default, MyProxy will disallow .B trusted_retrievers and .B authorized_renewers whose DN matches the identity of the stored credential, so a proxy by itself can not be refreshed or renewed. However, if this option is set to true, this restriction is lifted. .TP .BI syslog_ident " name" You can optionally specify the string to be prepended to every message written to the syslog. If not specified, the name defaults to the the program name, i.e. myproxy-server. .TP .BI syslog_facility " name" By default, the myproxy-server will log to the syslog "daemon" facility. With this option you can specify an alternate syslog facility, such as "auth", "user", "security", or "local0". The facility can also be specified numerically as with the .BR logger (1) command. .TP .BI request_timeout " seconds" Specifies the maximum time a .BR myproxy-server (8) child process should spend servicing a client request before aborting. By default, child processes will abort after 120 seconds. A negative value will disable the timeout. .TP .BI request_size_limit " bytes" Limits the amount of incoming application-level protocol data the .BR myproxy-server (8) will accept from clients, to avoid memory exhaustion under heavy load. Specified in bytes. Defaults to 1MB (1048576 bytes). A zero or negative value disables the limit. .TP .BI proxy_extfile " full-path-to-extension-file" Optionally specifies the full path to a file containing an OpenSSL formatted set of certificate extensions to include in all proxy certificates issued from the MyProxy repository (analogous to .B certificate_extfile for the CA module). .TP .BI proxy_extapp " full-path-to-extension-callout-program" This is the call-out version of proxy_extfile. It optionally specifies the full path to a call-out program for specifying proxy certificate extensions. It will be passed the authenticated username and the proxy credential location as the two command arguments. On success, it should write the OpenSSL formatted set of certificate extensions to stdout and exit with zero status. On error, it should write to stderr and exit with nonzero status. Either .B proxy_extfile or .B proxy_extapp can be specified but not both. .RS .PP .B Be sure to follow secure coding practices for this call-out: .PD 0 .PP - Don't allow input to overflow fixed-size buffers. .PP - Don't pass unchecked input to a shell command. .PD .RE .TP .BI voms_userconf " full-path-to-voms-configuration-file" Optionally specifies the full path to the VOMS configuration file containing VOMS server information. It is usually specified in the environmental variable VOMS_USERCONF. .TP .BI allow_voms_attribute_requests " boolean" If this parameter is set to true and a GET request includes VONAME and (optionally) VOMSES parameters, call-out to VOMS to add the requested attributes to the issued certificate. Requires linking with VOMS libraries. By default, VONAME and VOMSES parameters in requests will be ignored unless this parameter is set to true. .PP The MyProxy server can be optionally configured for authentication based on Pluggable Authentication Modules (PAM) and/or the Simple Authentication and Security Layer (SASL). Kerberos is one of the supported SASL authentication methods. The following options control the use of PAM and SASL. .TP .BI pam " option" This line governs the use of PAM to check passphrases. MyProxy will attempt to authenticate via PAM, with the supplied username and passphrase. Note that PAM will need to be configured externally for the application "myproxy" (usually in /etc/pam.d/), or for the application named by pam_id, below. Accepted values: .RS .TP .B required PAM password authentication is required under all conditions. If the credential is unencrypted (that is, it has no passphrase), a PAM password check is still required for authentication. If the credential is encrypted, its passphrase must match the PAM password. .TP .B sufficient The user's passphrase may match either the credential passphrase or, if the credential is unencrypted, the PAM passphrase. If the credential is encrypted, then the PAM password is not relevant. .TP .BR disabled " (default)" PAM is not used to check passphrases. .RE .TP .BI pam_id " string" The name that myproxy uses to identify itself to PAM. Default is "myproxy". For example, on most Unix-like systems, if pam_id is set to "login", MyProxy will authenticate against the system's own usernames and passwords. .TP .BI sasl " option" This line governs the use of SASL authentication. Accepted values: .RS .TP .B required SASL authentication is required for retrieving credentials. .TP .B sufficient SASL authentication is sufficient for retrieving credentials, but other authentication methods may be used instead. .TP .BR disabled " (default)" SASL authentication isn't used. .RE .TP .BI sasl_mech " mechanism" Forces the use of a single SASL mechanism, overriding the SASL configuration file. (Typically not required.) .TP .BI sasl_serverFQDN " hostname" Configures the SASL server fully-qualified domain name for multi-homed servers. (Typically not required.) .TP .BI sasl_user_realm " realm" Configures the SASL user realm. (Typically not required.) .PP The MyProxy server can also be configured to act as a Certificate Authority (CA) to issue credentials to clients. The following parameters enable and configure the CA functionality. .TP .BI certificate_issuer_cert " full-path-to-certificate" This line specifies the full path to the issuer certificate to optionally configure the myproxy-server to act as an online certificate authority. .TP .BI certificate_issuer_key " full-path-to-key" When specifying .B certificate_issuer_cert above, you must also give the name of the CA private key for signing certificates. This is normally path to a CA private key in PEM format, but if you are using an OpenSSL engine (see .B certificate_openssl_engine_id ) then it can be the key name. .TP .BI certificate_issuer_key_passphrase " \*(lqpassphrase\*(rq" If the .B certificate_issuer_key is encrypted, give the passphrase here. .TP .BI certificate_issuer_subca_certfile " full-path-to-subca-certificate-file" If you would like an intermediate/sub-CA certificate chain to be sent along with the EEC (End Entity Certificate) generated using a local intermediate/sub-CA, specify the file that contains those certificates in PEM format. This is meant to aid scenarios where the CA used is an intermediate CA (i.e. not a root CA) and the client may not have the intermediate CA(s) in its trust store. The client will write out the chain into the same file as the EEC, following the EEC. .TP .BI certificate_issuer_hashalg " algorithm" Specifies the hash algorithm to use when signing end-entity certificates. Defaults to "sha256". .TP .BI certificate_issuer_email_domain " \*(lqdomain\*(rq" If set, specifies the domain part of the X509v3 Subject Alternative Name email address included in issued certificates. .PP .BI certificate_openssl_engine_id " engineId" .PP .BI certificate_openssl_engine_pre " pre-initialization-commands" .TP .BI certificate_openssl_engine_post " post-initialization-commands" These commands can be used to allow any OpenSSL engine to be used with MyProxy. This enables the use of hardware tokens and signing modules to sign certificates. Given the parameters of an OpenSSL "engine" command, the first argument, the identity of the engine becomes the argument to .B certificate_openssl_engine_id and -pre commands are listed in order using .B certificate_openssl_engine_pre and -post commands are listed in order using .B certificate_openssl_engine_post. For example the command-line: .IP openssl engine dynamic -pre SO_PATH:/usr/lib/engines/engine_pkcs11.so -pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre MODULE_PATH:/usr/lib/opensc-pksc11.so .IP becomes: .IP certificate_openssl_engine_id "dynamic" .IP certificate_openssl_engine_pre "SO_PATH:/usr/lib/engines/engine_pkcs11.so" "ID:pkcs11" "LIST_ADD:1" "LOAD" "MODULE_PATH:/usr/lib/opensc-pksc11.so" .IP Please note that any shared library engines loaded through the "dynamic" engine MUST be compiled againt the correct version of OpenSSL. .TP .BI certificate_openssl_engine_lockfile " full-path-to-file" If your hardware token or HSM is unable to handle simultaneous operations, provide a path to a lockfile for synchronizing operations to the engine device. The myproxy-server will create the file if it does not already exist. .TP .BI certificate_issuer_program " full-path-to-script" This line specifies the path to a program to issue certificates for authenticated clients that don't have credentials stored. This optionally configures the myproxy-server to act as an online certificate authority, allowing programmatic control over the certificate issuance process. You can either specify .B certificate_issuer_cert or .BR certificate_issuer_program . .RS .PP .PD 0 .PP .B Be sure to follow secure coding practices for this call-out: .PP - Don't allow input to overflow fixed-size buffers. .PP - Don't pass unchecked input to a shell command. .PD .RE .TP .BI certificate_serialfile " full-path-to-serial-file" Specifies the path to a file to store the serial number counter for issued certificates. Defaults to /var/lib/myproxy/serial. .TP .BI certificate_serial_skip " increment" Specifies the number to add to the serial number each time a certificate is issued. Use this to stagger serial numbers across multiple CA instances to avoid serial number clashes. Defaults to 1. .TP .BI certificate_out_dir " full-path-to-putput-directory" Specifies the path to a directory where new certificates will be archived. .TP .BI max_cert_lifetime " hours" Specifies the maximum lifetime (in hours) for certificates issued by the CA module. Defaults to 12 hours. .TP .BI min_keylen " bits" Specifies the minimum RSA key length (in bits) for certificates issued by the CA module. .TP .BI certificate_extfile " full-path-to-extension-file" Optionally specifies the full path to a file containing an OpenSSL formatted set of certificate extensions to include in all issued certificates. For example: .RS .PD 0 keyUsage=digitalSignature,keyEncipherment,dataEncipherment .PP subjectKeyIdentifier=hash .PP authorityKeyIdentifier=keyid,issuer:always .PP crlDistributionPoints=URI:http://ca.ncsa.uiuc.edu/4a6cd8b1.r0 .PP basicConstraints=CA:FALSE .PD .RE .RS If not set, the MyProxy CA will include a basic set of extensions in issued certificates. .RE .TP .BI certificate_extapp " full-path-to-extension-callout-program" This is the call-out version of certificate_extfile. It optionally specifies the full path to a call-out program for specifying certificate extensions. It will be passed the authenticated username as the single command argument. On success, it should write the OpenSSL formatted set of certificate extensions to stdout and exit with zero status. On error, it should write to stderr and exit with nonzero status. Either .B certificate_extfile or .B certificate_extapp can be specified but not both. .RS .PP .B Be sure to follow secure coding practices for this call-out: .PD 0 .PP - Don't allow input to overflow fixed-size buffers. .PP - Don't pass unchecked input to a shell command. .PD .RE .TP .BI certificate_mapfile " full-path-to-mapfile" When specifying certificate_issuer_cert above, you can map account names to certificate subject distinguished names for the issued certificates using this mapfile, which has the same format as used by other Grid Community Toolkit services. By default, /etc/grid-security/grid-mapfile is used. The Grid Community Toolkit .B grid-mapfile-add-entry and .B grid-mapfile-delete-entry commands can be used to manage the grid-mapfile. .TP .BI certificate_mapapp " full-path-to-mapapp" When specifying certificate_issuer_cert above, you can map account names to certificate subject distinguished names for the issued certificates using this call-out. It will be passed the authenticated username as the single command argument. On success, it should write the distinguished name in OpenSSL one line format (for example, "/C=US/O=National Computational Science Alliance/CN=Jim Basney") to stdout and exit with zero status. On error, it should write to stderr and exit with nonzero status. If it is not defined, then mapfile lookup will be executed instead (see certificate_mapfile above). An example is installed in .IR $GLOBUS_LOCATION/share/myproxy/myproxy-certificate-mapapp . .RS .PP .PD 0 .PP .B Be sure to follow secure coding practices for this call-out: .PP - Don't allow input to overflow fixed-size buffers. .PP - Don't pass unchecked input to a shell command. .PD .RE .TP .BI certificate_request_checker " full-path-to-callout-program" This CA call-out can be used to perform checks on incoming certificate requests. It will be passed the certificate request in PEM format on stdin. If it returns a nonzero exit status, the CA will abort without signing the request. When returning a nonzero exit status, the callout should indicate the problem on stderr. An example is installed in .IR $GLOBUS_LOCATION/share/myproxy/myproxy-certreq-checker . .TP .BI certificate_issuer_checker " full-path-to-callout-program" This CA call-out can be used to perform checks on issued certificates before the certificate is returned to the client. It will be passed the certificate in PEM format on stdin. If it returns a nonzero exit status, the CA will abort without returning the signed certificate to the client. When returning a nonzero exit status, the callout should indicate the problem on stderr. An example is installed in .IR $GLOBUS_LOCATION/share/myproxy/myproxy-cert-checker . .PP If OpenLDAP support is built-in to the .BR myproxy-server (8), the following parameters can be used to configure the CA module to map account names to certificate subject distinguished names via LDAP. .TP .BI ca_ldap_server " \*(lqldap://localhost:389/\*(rq" This parameter specifies the URI to the LDAP server to use for username to DN resolution in the CA module. Both ldap:// and ldaps:// protocols are supported. A port number may optionally be specified as well. Defining this directive is the "trigger" that causes the name resolution module to use LDAP querying. If it is not defined, then mapfile lookup will be executed instead (see .B certificate_mapfile above). .TP .BI ca_ldap_uid_attribute " \*(lquid\*(rq" The name of the record attribute that maps to the MyProxy username. Required for LDAP username to DN resolution. .TP .BI ca_ldap_searchbase " \*(lqou=people,dc=bullwinkle,dc=lbl,dc=gov\*(rq" The DN of the region of the ldap database to be searched. Required for LDAP username to DN resolution. .TP .BI ca_ldap_dn_attribute " \*(lqsubjectDN\*(rq" If this directive is set, the LDAP resolver will pull the DN from the specified attribute in the returned record. If it is not set, the default is to use the DN of the record itself. .TP .BI ca_ldap_connect_dn " \*(lqcn=MyProxy,ou=ldapusers,dc=lbl,dc=gov\*(rq" DN for LDAP basic authentication (optional). .TP .BI ca_ldap_connect_passphrase " \*(lqpassphrase\*(rq" Passphrase for LDAP basic authentication (optional). .PP The following parameters control server replication with the .BR myproxy-replicate (1) utility. .TP .BI slave_servers " server:port;" This value is for use with the .BR myproxy-replicate (1) utility. This tag provides a list of servers that will be used as secondary repositories for the MyProxy database. Each server should be separated by a ";". Also, a port may be provided if the slave server is using a port other then the default. The server name maybe a recognized DNS or an IP address. .PP The following parameters are used primarily when utilizing MyProxy as a delegation service for web portals. .TP .BI accepted_credentials_mapfile " full-path-to-mapfile" This parameter points to a grid-mapfile, which is possibly different from other mapfiles above. When specified, this mapfile is utilized during puts/stores (e.g. with .BR myproxy-init (1) and .BR myproxy-store (1)). A credential is authorized to be put/stored only under the username specified in the mapfile. This prevents storing a user's credential under a different username. Note that the credential checked for the presence of a SubjectDN/Username entry in the mapfile is the credential utilized to secure the connection between client and server, NOT the actual credential being stored. As the credential which secures the TLS connection is typically the same as the credential being stored, this should not be a major issue. The Grid Community Toolkit .B grid-mapfile-add-entry and .B grid-mapfile-delete-entry commands can be used to manage the grid-mapfile. .TP .BI accepted_credentials_mapapp " full-path-to-mapapp" As an alternative to the accepted_credentials_mapfile option above, you can specify a call-out which is passed two parameters: a certificate subject distinguished name and a username (in that order). In essence, the call-out performs a lookup in a 'virtual' accepted_credentials_mapfile. If the SubjectDN/Username line would appear in such a mapfile, then the call-out should exit with zero status indicating that a credential with the given SubjectDN is allowed to be stored under the given Username. Otherwise, the call-out should exit with nonzero status indicating error. An example is installed in .IR $GLOBUS_LOCATION/share/myproxy/myproxy-accepted-credentials-mapapp . .RS .PP .PD 0 .PP .B Be sure to follow secure coding practices for this call-out: .PP - Don't allow input to overflow fixed-size buffers. .PP - Don't pass unchecked input to a shell command. .PD .RE .TP .BI check_multiple_credentials " boolean" Typically when a credential is accessed by a client, the server checks only one credential for possible access authorization, even if there are multiple credentials stored under the given username. If this option is set to "true" AND the client does not specify a credential name for a MyProxy GET operation (i.e., from .BR myproxy-logon (1)), then the server will check multiple credentials with the given username. If a credential is found to be authorized for client access, then that one will be used during processing. The default value for this option is "false". .PP The following parameters enable OCSP status checking of stored credentials in the .BR myproxy-server (8) repository, to avoid use of expired credentials. .TP .BI ocsp_policy " policy" Controls the policy for checking certificate validity via OCSP before credentials may be delegated. Currently, only the status of the end entity certificate is checked via OCSP (and not any proxy certificates or CA certificates). OCSP will not be used unless ocsp_responder_url and/or ocsp_policy are set. Supported policies are: "aia" - use OCSP responder in certificate AIA extension, if present; otherwise use ocsp_responder_url, if set .TP .BI ocsp_responder_url " URL" Specifies the URL of an OCSP responder to use to check the validity of credentials stored in the myproxy-server repository before they may be delegated, so that revoked credentials can not be retrieved and used where their revocation status may not be checked. Currently, only the status of the end entity certificate is checked via OCSP (and not any proxy certificates or CA certificates). In any case, CRL checks are always performed. Both http and https urls are supported. OCSP will not be used unless ocsp_responder_url and/or ocsp_policy are set. .TP .BI ocsp_responder_cert " path" Specifies the path to the certificate of a trusted OCSP responder. This is needed if the OCSP responder must be explicitly trusted in cases where standard path validation fails for the OCSP responder's certificate. .SH REGULAR EXPRESSIONS For matching distinguished names (DNs) in access control policies, MyProxy uses POSIX Extended Regular Expressions (see .BR re_format (7)), with custom processing of '*', '?', and '.' metacharacters to simulate Unix shell style wildcard processing (for backward compatibility and other historical reasons). MyProxy's custom regular expressions are converted to POSIX EREs according to the following rules: [ MyProxy regex ] => [ POSIX ERE ] ---------------------------------- '*' => '.*' '?' => '.' '.' => '\\.' '\\*' => '*' '\\?' => '?' '\\.' => '.' Additionally, MyProxy wraps all regular expressions inside '^(' and ')$' to require full DN matching. Be aware that parentheses are metacharacters according to POSIX, so escaping is required for literal matching. For example: "*/CN=Jim Basney \\(admin\\)" The following examples illustrate how MyProxy regular expressions are converted to POSIX EREs: [ MyProxy regex ] => [ POSIX ERE ] ------------------------------------------------------------ "*/CN=Jim Basney" => "^(.*/CN=Jim Basney)$" "*/CN=Test User ?" => "^(.*/CN=Test User .)$" "*/CN=James A. Basney" => "^(.*/CN=James A\\. Basney)$" "/O=Test/CN=[:alnum:]\\*" => "^(/O=Test/CN=[:alnum:]*)$" "*/CN=Jim Basney|*/CN=James Basney" => "^(.*/CN=Jim Basney|.*/CN=James Basney)$" .SH EXAMPLES The following policy enables all credential repository features. .PP .PD 0 accepted_credentials "*" .PP authorized_retrievers "*" .PP default_retrievers "*" .PP authorized_renewers "*" .PP default_renewers "none" .PP authorized_key_retrievers "*" .PP default_key_retrievers "none" .PP trusted_retrievers "*" .PP default_trusted_retrievers "none" .PP cert_dir /etc/grid-security/certificates .PD .PP The following enables CA functionality using an existing Globus Simple CA configuration. .PP .PD 0 authorized_retrievers "*" .PP pam "sufficient" .PP sasl "sufficient" .PP certificate_issuer_cert /home/globus/.globus/simpleCA/cacert.pem .PP certificate_issuer_key /home/globus/.globus/simpleCA/private/cakey.pem .PP certificate_issuer_key_passphrase "myproxy" .PP certificate_serialfile /home/globus/.globus/simpleCA/serial .PP certificate_mapfile /etc/grid-security/grid-mapfile .PP cert_dir /etc/grid-security/certificates .PD .SH FILES .TP .I /etc/myproxy-server.config Default location for the server configuration file. .TP .I $GLOBUS_LOCATION/etc/myproxy-server.config Alternate location for the server configuration file. A different location can be specified by using the .BR myproxy-server (8) .B -c option. .TP .I $GLOBUS_LOCATION/share/myproxy/myproxy-passphrase-policy A sample program for evaluating passphrase quality for use with the .I passphrase_policy_program option. .TP .I $GLOBUS_LOCATION/share/myproxy/myproxy-certificate-mapapp A sample .I certificate_mapapp program for mapping account names to certificate subject distinguished names. .TP .I $GLOBUS_LOCATION/share/myproxy/myproxy-accepted-credentials-mapapp A sample .I accepted_credentials_mapapp program for authorizing puts/stores (e.g. with .BR myproxy-init (1) and .BR myproxy-store (1)). .SH ENVIRONMENT .TP .B GLOBUS_LOCATION Specifies the root of the MyProxy installation, used to find the default location of the .I myproxy-server.config file. .SH AUTHORS See .B http://grid.ncsa.illinois.edu/myproxy/about for the list of MyProxy authors. .SH "SEE ALSO" .BR myproxy-change-pass-phrase (1), .BR myproxy-destroy (1), .BR myproxy-get-trustroots (1), .BR myproxy-info (1), .BR myproxy-init (1), .BR myproxy-logon (1), .BR myproxy-retrieve (1), .BR myproxy-store (1), .BR myproxy-admin-adduser (8), .BR myproxy-admin-change-pass (8), .BR myproxy-admin-load-credential (8), .BR myproxy-admin-query (8), .BR myproxy-server (8) myproxy-6.2.16/man/myproxy-admin-change-pass.80000644000175100017510000000370114557142036016140 00000000000000.TH myproxy-admin-change-pass 8 "2009-12-1" "MyProxy" "MyProxy" .SH NAME myproxy-admin-change-pass \- change credential passphrase .SH SYNOPSIS .B myproxy-admin-change-pass [ .I options ] .SH DESCRIPTION The .B myproxy-admin-change-pass command changes the passphrase used to encrypt a credential in the MyProxy repository. The command first prompts for the current passphrase for the credential, then prompts twice for the new passphrase. If an empty passphrase is given, the credential will not be encrypted. It accesses the repository directly and must be run on the machine where the .BR myproxy-server (8) is installed from the account that owns the repository. .SH OPTIONS .TP .B -h Displays command usage text and exits. .TP .B -u Displays command usage text and exits. .TP .BI -s " dir" Specifies the location of the credential storage directory. The directory must be accessible only by the user running the .B myproxy-server process for security reasons. Default: /var/lib/myproxy or /var/myproxy or $GLOBUS_LOCATION/var/myproxy .TP .BI -l " username" Specifies the MyProxy account under which the credential should be stored. .TP .BI -k " name" Specifies the credential name. .TP .B -S, --stdin_pass By default, the command prompts for a passphrase and reads the passphrase from the active tty. When running the command non-interactively, there may be no associated tty. Specifying this option tells the command to read passphrases from standard input without prompts or confirmation. .SH "EXIT STATUS" 0 on success, >0 on error .SH AUTHORS See .B http://grid.ncsa.illinois.edu/myproxy/about for the list of MyProxy authors. .SH "SEE ALSO" .BR myproxy-change-pass-phrase (1), .BR myproxy-destroy (1), .BR myproxy-info (1), .BR myproxy-init (1), .BR myproxy-logon (1), .BR myproxy-retrieve (1), .BR myproxy-store (1), .BR myproxy-server.config (5), .BR myproxy-admin-adduser (8), .BR myproxy-admin-load-credential (8), .BR myproxy-admin-query (8), .BR myproxy-server (8) myproxy-6.2.16/man/myproxy-init.10000644000175100017510000003065014557142036013620 00000000000000.TH myproxy-init 1 "2011-09-05" "MyProxy" "MyProxy" .SH NAME myproxy-init \- store a credential for later retrieval .SH SYNOPSIS .B myproxy-init [ .I options ] .SH DESCRIPTION The .B myproxy-init command uploads a credential to a .BR myproxy-server (8) for later retrieval. In the default mode, the command first prompts for the user's Grid pass phrase (if needed), which is used to create a proxy credential. The command then prompts for a MyProxy pass phrase, which will be required to later retrieve the credential. The MyProxy pass phrase must be entered a second time for confirmation. A credential with a lifetime of one week (by default) is then delegated to the .BR myproxy-server (8) and stored with the given MyProxy pass phrase. Proxy credentials with default lifetime of 12 hours can then be retrieved by .BR myproxy-logon (1) using the MyProxy passphrase. The default behavior can be overridden by options specified below. .PP The .B myproxy-init command can also upload a credential to a .BR myproxy-server (8) to support credential renewal. Renewal allows a trusted service (for example, a batch job scheduler) to obtain a new credential for a user before the existing credential it has for that user expires. The .B -R argument to .B myproxy-init configures the credential for renewal by the specified service. Renewal requires two authentications. The renewing service must authenticate with its own credentials, matching the distinquished name specified by the .B -R argument, and must also authenticate with an existing credential that matches the distinguished name of the stored credential, to retrieve a new credential. .PP A credential may be used either for retrieval or renewal but not both. If both are desired, upload a different credential for each use, with a different name using the .B -k option. .PP The hostname where the .BR myproxy-server (8) is running must be specified by either defining the .B MYPROXY_SERVER environment variable or the .B -s option. .PP By default, .B myproxy-init will create a proxy credential from the user's end-entity credentials at .I ~/.globus/usercert.pem and .I ~/.globus/userkey.pem to delegate to the .BR myproxy-server (8). To specify an alternate location for the source certificate and key to delegate, use the .B X509_USER_CERT and .B X509_USER_KEY environment variables. To use a proxy credential as the source of the delegation, set both environment variables to the location of the proxy credential. To delegate a "legacy globus proxy", set the .B GT_PROXY_MODE environment variable to "old". To delegate an "RFC 3820 compliant proxy", set the .B GT_PROXY_MODE environment variable to "rfc". .SH OPTIONS .TP .B -h, --help Displays command usage text and exits. .TP .B -u, --usage Displays command usage text and exits. .TP .B -v, --verbose Enables verbose debugging output to the terminal. .TP .B -V, --version Displays version information and exits. .TP .BI -s " hostname[:port], " --pshost " hostname[:port]" Specifies the hostname(s) of the myproxy-server(s). Multiple hostnames, each hostname optionally followed by a ':' and port number, may be specified in a comma-separated list. This option is required if the .B MYPROXY_SERVER environment variable is not defined. If specified, this option overrides the .B MYPROXY_SERVER environment variable. If a port number is specified with a hostname, it will override the -p option as well as the .B MYPROXY_SERVER_PORT environment variable for that host. .TP .BI -p " port, " --psport " port" Specifies the TCP port number of the .BR myproxy-server (8). Default: 7512 .TP .BI -l " username, " --username " username" Specifies the MyProxy account under which the credential should be stored. By default, the command uses the value of the .B LOGNAME environment variable. Use this option to specify a different account username on the MyProxy server. The MyProxy username need not correspond to a real Unix username. .TP .BI -c " hours, " --cred_lifetime " hours" Specifies the lifetime of the credential stored on the .BR myproxy-server (8) in hours. Specify .I 0 for the maximum possible lifetime, i.e., the lifetime of the original credential. Default: 1 week (168 hours) .TP .BI -t " hours, " --proxy_lifetime " hours" Specifies the maximum lifetime of credentials retrieved from the .BR myproxy-server (8) using the stored credential. Default: 12 hours .TP .BI -C " filename, " --certfile " filename" Specifies the filename of the source certificate. .TP .BI -y " filename, " --keyfile " filename" Specifies the filename of the source private key. .TP .B -d, --dn_as_username Use the certificate subject (DN) as the default username, instead of the .B LOGNAME environment variable. .TP .B -a, --allow_anonymous_retrievers Allow credentials to be retrieved with just pass phrase authentication. By default, only entities with credentials that match the .BR myproxy-server.config (5) default retriever policy may retrieve credentials. This option allows entities without existing credentials to retrieve a credential using pass phrase authentication by including "anonymous" in the set of allowed retrievers. The .BR myproxy-server.config (5) server-wide policy must also allow "anonymous" clients for this option to have an effect. .TP .B -A, --allow_anonymous_renewers Allow credentials to be renewed by any client. Any client with a valid credential with a subject name that matches the stored credential may retrieve a new credential from the MyProxy repository if this option is given. Since this effectively defeats the purpose of proxy credential lifetimes, it is not recommended. It is included only for sake of completeness. .TP .BI -r " name, " --retrievable_by " name" Allow the specified entity to retrieve credentials. See .B -x and .B -X options for controlling name matching behavior. .TP .BI -R " name, " --renewable_by " name" Allow the specified entity to renew credentials. See .B -x and .B -X options for controlling name matching behavior. This option implies .B -n since passphrase authentication is not used for credential renewal. .TP .BI -Z " name, " --retrievable_by_cert " name" Allow the specified entity to retrieve credentials without a passphrase. See .B -x and .B -X options for controlling name matching behavior. This option implies .BR -n . .TP .B -x, --regex_dn_match Specifies that names used with following options .BR -r , .BR -R , and .B -Z will be matched against the full certificate subject distinguished name (DN) according to .B REGULAR EXPRESSIONS in .BR myproxy-server.config (5). .TP .B -X, --match_cn_only Specifies that names used with following options .BR -r , .BR -R , and .B -Z will be matched against the certificate subject common name (CN) according to .B REGULAR EXPRESSIONS in .BR myproxy-server.config (5). For example, if an argument of .B -r "Jim Basney" is specified, then the resulting policy will be "*/CN=Jim Basney". This is the default behavior. .TP .BI -k " name, " --credname " name" Specifies the credential name. .TP .BI -K " description, " --creddesc " description" Specifies credential description. .TP .B -S, --stdin_pass By default, the command prompts for a passphrase and reads the passphrase from the active tty. When running the command non-interactively, there may be no associated tty. Specifying this option tells the command to read passphrases from standard input without prompts or confirmation. .TP .B -L, --local_proxy In addition to storing a proxy credential on the .BR myproxy-server (8) with lifetime set by .B --cred_lifetime (default 1 week), create a local proxy credential with lifetime set by .B --proxy_lifetime (default 12 hours). .TP .B -n, --no_passphrase Don't prompt for a credential passphrase. Store credentials without a credential passphrase, to be protected by other methods, such as PAM, SASL, or certificate-based authentication. This option is implied by .B -R since passphrase authentication is not used for credential renewal. Note that the .BR myproxy-server (8) always requires some type of authentication for retrieving credentials, so if you store a credential with no passphrase and other authentication methods are not configured, the credential will not be accessible. .TP .BI -m " voms, " --voms " voms" Add VOMS attributes to the credential by running .B voms-proxy-init on the client-side before storing the credential on the .BR myproxy-server (8). The VOMS VO name must be provided, as required by .BR "voms-proxy-init -voms" . The .B voms-proxy-init command must be installed and configured to use this option. For example, the .B VOMS_USERCONF environment variable may need to be set for .B voms-proxy-init to run correctly. .SH "EXIT STATUS" 0 on success, >0 on error .SH FILES .TP .I ~/.globus/usercert.pem Default location of the certificate from which the proxy credential is created. Set the .B X509_USER_CERT environment variable to override. .TP .I ~/.globus/userkey.pem Default location of the private key from which the proxy credential is created. Set the .B X509_USER_KEY environment variable to override. .TP .I /tmp/myproxy-proxy.. Location of the temporary proxy credential that is delegated to the .BR myproxy-server (8). It is removed after the delegation is completed. .SH ENVIRONMENT .TP .B GLOBUS_GSSAPI_NAME_COMPATIBILITY This client will, by default, perform a reverse-DNS lookup to determine the FQHN (Fully Qualified Host Name) to use in verifying the identity of the server by checking the FQHN against the CN in server's certificate. Setting this variable to .B STRICT_RFC2818 will cause the reverse-DNS lookup to NOT be performed and the user-specified name to be used instead. This variable setting will be ignored if .B MYPROXY_SERVER_DN (described later) is set. .TP .B MYPROXY_SERVER Specifies the hostname(s) where the .BR myproxy-server (8) is running. Multiple hostnames can be specified in a comma separated list with each hostname optionally followed by a ':' and port number. This environment variable can be used in place of the .B -s option. .TP .B MYPROXY_SERVER_PORT Specifies the port where the .BR myproxy-server (8) is running. This environment variable can be used in place of the .B -p option. .TP .B MYPROXY_SERVER_DN Specifies the distinguished name (DN) of the .BR myproxy-server (8). All MyProxy client programs authenticate the server's identity. By default, MyProxy servers run with host credentials, so the MyProxy client programs expect the server to have a distinguished name with "/CN=host/" or "/CN=myproxy/" or "/CN=" (where is the fully-qualified hostname of the server). If the server is running with some other DN, you can set this environment variable to tell the MyProxy clients to accept the alternative DN. Also see .B GLOBUS_GSSAPI_NAME_COMPATIBILITY above. .TP .B X509_USER_CERT Specifies a non-standard location for the certificate from which the proxy credential is created. The location may be the path to an end-entity certificate (ex. .IR ~/.globus/usercert.pem ) or a proxy (ex. .IR /tmp/x509up_u ). .TP .B X509_USER_KEY Specifies a non-standard location for the private key from which the proxy credential is created. The location may be the path to an end-entity private key (ex. .IR ~/.globus/userkey.pem ) or a proxy (ex. .IR /tmp/x509up_u ). .TP .B X509_CERT_DIR Specifies a non-standard location for the CA certificates directory. .TP .B GT_PROXY_MODE Set to "old" to store a "legacy globus proxy" in the MyProxy repository. Set to "rfc" to store an "RFC 3820 compliant proxy" in the MyProxy repository. .TP .B MYPROXY_TCP_PORT_RANGE Specifies a range of valid port numbers in the form "min,max" for the client side of the network connection to the server. By default, the client will bind to any available port. Use this environment variable to restrict the ports used to a range allowed by your firewall. If unset, MyProxy will follow the setting of the .B GLOBUS_TCP_PORT_RANGE environment variable. .TP .B MYPROXY_KEYBITS Specifies the size for RSA keys generated by MyProxy. By default, MyProxy generates 2048 bit RSA keys. Set this environment variable to "1024" for 1024 bit RSA keys. .SH AUTHORS See .B http://grid.ncsa.illinois.edu/myproxy/about for the list of MyProxy authors. .SH "SEE ALSO" .BR myproxy-change-pass-phrase (1), .BR myproxy-destroy (1), .BR myproxy-get-trustroots (1), .BR myproxy-info (1), .BR myproxy-logon (1), .BR myproxy-retrieve (1), .BR myproxy-store (1), .BR myproxy-server.config (5), .BR myproxy-admin-adduser (8), .BR myproxy-admin-change-pass (8), .BR myproxy-admin-load-credential (8), .BR myproxy-admin-query (8), .BR myproxy-server (8) myproxy-6.2.16/man/myproxy-server.80000644000175100017510000001264214557142036014173 00000000000000.TH myproxy-server 8 "2014-07-12" "MyProxy" "MyProxy" .SH NAME myproxy-server \- store credentials in an online repository .SH SYNOPSIS .B myproxy-server [ .I options ] .SH DESCRIPTION The .B myproxy-server is a server that runs on a trusted, secure host and manages a database of security credentials for use from remote sites. The .BR myproxy-init (1) program stores credentials with associated policies that specify credential lifetimes and who is authorized to retrieve credentials. The .BR myproxy-server.config (5) file sets server-wide policies that are used in conjunction with the policies set by .BR myproxy-init (1) to control who is authorized to store and retrieve credentials. .SH OPTIONS .TP .B -h, --help Displays command usage text and exits. .TP .B -u, --usage Displays command usage text and exits. .TP .B -v, --verbose Enables verbose debugging output to the terminal. .TP .B -V, --version Displays version information and exits. .TP .B -d, --debug Run the server in debug mode. In this mode, the server will run in the foreground, will accept one connection, write log messages to the terminal while processing the incoming request, and exit after completing one request. .TP .BI -l " hostname/ipaddr, " --listen " hostname/ipaddr" Specifies the hostname or IP address that the .B myproxy-server should listen (bind) to. Default: all interfaces on the localhost .TP .BI -p " port, " --port " port" Specifies the TCP port number that the .B myproxy-server should listen on. Default: 7512 .TP .BI -c " file, " --config " file" Specifies the location of the .B myproxy-server configuration file. Default: /etc/myproxy-server.config or $GLOBUS_LOCATION/etc/myproxy-server.config .TP .BI -s " dir, " --storage " dir" Specifies the location of the credential storage directory. The directory must be accessible only by the user running the .B myproxy-server process for security reasons. Default: /var/lib/myproxy or /var/myproxy or $GLOBUS_LOCATION/var/myproxy .SH FILES .TP .I /etc/myproxy-server.config Default location of the server configuration file (see .BR myproxy-server.config (5)). If not found, .I $GLOBUS_LOCATION/etc/myproxy-server.config will be used. An alternate location can be specified by using the .B -c option. .TP .I /var/lib/myproxy Default location of the credential storage directory. If not found, .I /var/myproxy or .I $GLOBUS_LOCATION/var/myproxy will be used. If none of these directories exist, the myproxy-server will first attempt to create .I /var/lib/myproxy and if that fails will attempt to create .I $GLOBUS_LOCATION/var/myproxy and use that. The directory must be accessible only by the user running the .B myproxy-server process for security reasons. An alternate location can be specified by using the .B -s option. .SH ENVIRONMENT .TP .B GLOBUS_LOCATION Specifies the root of the MyProxy installation, used to find the default location of the .I myproxy-server.config file and the credential storage directory. .TP .B LD_LIBRARY_PATH The MyProxy server is typically linked dynamically with Globus security libraries, which must be present in the dynamic linker's search path. This typically requires .I $GLOBUS_LOCATION/lib to be included in the list in the .B LD_LIBRARY_PATH environment variable, which is set by the .I $GLOBUS_LOCATION/libexec/globus-script-initializer script, which should be called from any .B myproxy-server startup script. Alternatively, to set .B LD_LIBRARY_PATH appropriately for the Globus libraries in an interactive shell, source .I $GLOBUS_LOCATION/etc/globus-user-env.sh (for sh shells) or .I $GLOBUS_LOCATION/etc/globus-user.env.csh (for csh shells). .TP .B MYPROXY_SERVER_PORT Specifies the port where the .BR myproxy-server (8) is running. This environment variable can be used in place of the .B -p option. .TP .B X509_USER_CERT Specifies an alternative location for the server's certificate. By default, the server uses .I /etc/grid-security/hostcert.pem when running as root or .I ~/.globus/usercert.pem when running as non-root. .TP .B X509_USER_KEY Specifies an alternative location for the server's private key. By default, the server uses .I /etc/grid-security/hostkey.pem when running as root or .I ~/.globus/userkey.pem when running as non-root. .TP .B X509_USER_PROXY Specifies an alternative location for the server's certificate and private key (in the same file). Use when running the server with a proxy credential. Note that the proxy will need to be periodically renewed before expiration to allow the .B myproxy-server to keep functioning. When the .B myproxy-server runs with a non-host credential, clients must have the .B MYPROXY_SERVER_DN environment variable set to the distinguished name of the certificate being used by the server. .TP .B X509_CERT_DIR Specifies a non-standard location for the CA certificates directory. .TP .B MYPROXY_KEYBITS Specifies the size for RSA keys generated by MyProxy. By default, MyProxy generates 2048 bit RSA keys. Set this environment variable to "1024" for 1024 bit RSA keys. .SH AUTHORS See .B http://grid.ncsa.illinois.edu/myproxy/about for the list of MyProxy authors. .SH "SEE ALSO" .BR myproxy-change-pass-phrase (1), .BR myproxy-destroy (1), .BR myproxy-get-trustroots (1), .BR myproxy-info (1), .BR myproxy-init (1), .BR myproxy-logon (1), .BR myproxy-retrieve (1), .BR myproxy-store (1), .BR myproxy-server.config (5), .BR myproxy-admin-adduser (8), .BR myproxy-admin-change-pass (8), .BR myproxy-admin-load-credential (8), .BR myproxy-admin-query (8) myproxy-6.2.16/man/myproxy-admin-load-credential.80000644000175100017510000001304514557142036017000 00000000000000.TH myproxy-admin-load-credential 8 "2011-09-05" "MyProxy" "MyProxy" .SH NAME myproxy-admin-load-credential \- directly load repository .SH SYNOPSIS .B myproxy-admin-load-credential [ .I options ] .SH DESCRIPTION The .B myproxy-admin-load-credential command stores a credential directly in the local MyProxy repository. It must be run from the account that owns the repository. Many of the options are similar to .BR myproxy-init (1). However, unlike .BR myproxy-init , .B myproxy-admin-load-credential does not create a proxy from the source credential but instead directly loads a copy of the source credential into the repository. The pass phrase of the source credential is unchanged. Use .BR myproxy-admin-change-pass (8) to change the pass phrase after the credential is stored if desired. Proxy credentials with default lifetime of 12 hours can then be retrieved by .BR myproxy-logon (1) using the MyProxy passphrase. The command's behavior is controlled by the following options. .SH OPTIONS .TP .B -h, --help Displays command usage text and exits. .TP .B -u, --usage Displays command usage text and exits. .TP .B -v, --verbose Enables verbose debugging output to the terminal. .TP .B -V, --version Displays version information and exits. .TP .BI -s " dir, " --storage " dir" Specifies the location of the credential storage directory. The directory must be accessible only by the user running the .B myproxy-server process for security reasons. Default: /var/lib/myproxy or /var/myproxy or $GLOBUS_LOCATION/var/myproxy .TP .BI -c " filename, " --certfile " filename" Specifies the filename of the source certificate. This is a required parameter. .TP .BI -y " filename, " --keyfile " filename" Specifies the filename of the source private key. This is a required parameter. If the private key is encrypted, MyProxy clients will be required to give the encryption passphrase to access the key. When used with .B -R or .BR -Z , it is common for the private key to not be encrypted, so MyProxy clients can access the credentials using only certificate-based authentication and authorization. .TP .BI -l " username, " --username " username" Specifies the MyProxy account under which the credential should be stored. By default, the command uses the value of the .B LOGNAME environment variable. Use this option to specify a different account username on the MyProxy server. The MyProxy username need not correspond to a real Unix username. .TP .BI -t " hours, " --proxy_lifetime " hours" Specifies the maximum lifetime of credentials retrieved from the .BR myproxy-server (8) using the stored credential. Default: 12 hours .TP .B -d, --dn_as_username Use the certificate subject (DN) as the username. .TP .B -a, --allow_anonymous_retrievers Allow credentials to be retrieved with just pass phrase authentication. By default, only entities with credentials that match the .BR myproxy-server.config (5) default retriever policy may retrieve credentials. This option allows entities without existing credentials to retrieve a credential using pass phrase authentication by including "anonymous" in the set of allowed retrievers. The .BR myproxy-server.config (5) server-wide policy must also allow "anonymous" clients for this option to have an effect. .TP .B -A, --allow_anonymous_renewers Allow credentials to be renewed by any client. Any client with a valid credential with a subject name that matches the stored credential may retrieve a new credential from the MyProxy repository if this option is given. Since this effectively defeats the purpose of proxy credential lifetimes, it is not recommended. It is included only for sake of completeness. .TP .BI -r " name, " --retrievable_by " name" Allow the specified entity to retrieve credentials. See .B -x and .B -X options for controlling name matching behavior. .TP .BI -E " name, " --retrieve_key " name" Allow the specified entity to retrieve end-entity credentials. See .B -x and .B -X options for controlling name matching behavior. .TP .BI -R " name, " --renewable_by " name" Allow the specified entity to renew credentials. See .B -x and .B -X options for controlling name matching behavior. .TP .BI -Z " name, " --retrievable_by_cert " name" Allow the specified entity to retrieve credentials without a passphrase. See .B -x and .B -X options for controlling name matching behavior. .TP .B -x, --regex_dn_match Specifies that names used with following options .BR -r , .BR -E , .BR -R , and .B -Z will be matched against the full certificate subject distinguished name (DN) according to .B REGULAR EXPRESSIONS in .BR myproxy-server.config (5). .TP .B -X, --match_cn_only Specifies that names used with following options .BR -r , .BR -E , .BR -R , and .B -Z will be matched against the certificate subject common name (CN) according to .B REGULAR EXPRESSIONS in .BR myproxy-server.config (5). For example, if an argument of .B -r "Jim Basney" is specified, then the resulting policy will be "*/CN=Jim Basney". This is the default behavior. .TP .BI -k " name, " --credname " name" Specifies the credential name. .TP .BI -K " description, " --creddesc " description" Specifies credential description. .SH "EXIT STATUS" 0 on success, >0 on error .SH AUTHORS See .B http://grid.ncsa.illinois.edu/myproxy/about for the list of MyProxy authors. .SH "SEE ALSO" .BR myproxy-change-pass-phrase (1), .BR myproxy-destroy (1), .BR myproxy-info (1), .BR myproxy-init (1), .BR myproxy-logon (1), .BR myproxy-retrieve (1), .BR myproxy-store (1), .BR myproxy-server.config (5), .BR myproxy-admin-adduser (8), .BR myproxy-admin-change-pass (8), .BR myproxy-admin-query (8), .BR myproxy-server (8) myproxy-6.2.16/man/myproxy-get-delegation.10000644000175100017510000002254214557142036015546 00000000000000.TH myproxy-logon 1 "2010-09-09" "MyProxy" "MyProxy" .SH NAME myproxy-logon \- retrieve a credential .SH SYNOPSIS .B myproxy-logon [ .I options ] .P .B myproxy-get-delegation [ .I options ] .SH DESCRIPTION The .B myproxy-logon command retrieves a proxy credential from the .BR myproxy-server (8) that was previously stored using .BR myproxy-init (1) or .BR myproxy-store (1). It can also be used to retrieve short-lived end entity credentials from a .BR myproxy-server (8) configured to act as a Certificate Authority. In the default mode, the command prompts for the MyProxy pass phrase associated with the credential to be retrieved and stores the retrieved credential in the location specified by the .B X509_USER_PROXY environment variable or .I /tmp/x509up_u if that environment variable is not set. .PP The .B myproxy-logon command is also available under the name .B myproxy-get-delegation for backward compatibility. .SH OPTIONS .TP .B -h, --help Displays command usage text and exits. .TP .B -u, --usage Displays command usage text and exits. .TP .B -v, --verbose Enables verbose debugging output to the terminal. .TP .B -V, --version Displays version information and exits. .TP .BI -s " hostname[:port], " --pshost " hostname[:port]" Specifies the hostname(s) of the myproxy-server(s). Multiple hostnames, each hostname optionally followed by a ':' and port number, may be specified in a comma-separated list. This option is required if the .B MYPROXY_SERVER environment variable is not defined. If specified, this option overrides the .B MYPROXY_SERVER environment variable. If a port number is specified with a hostname, it will override the -p option as well as the .B MYPROXY_SERVER_PORT environment variable for that host. .TP .BI -p " port, " --psport " port" Specifies the TCP port number of the .BR myproxy-server (8). Default: 7512 .TP .BI -l " username, " --username " username" Specifies the MyProxy account under which the credential to retrieve is stored. By default, the command uses the value of the .B LOGNAME environment variable. Use this option to specify a different account username on the MyProxy server. The MyProxy username need not correspond to a real Unix username. .TP .B -d, --dn_as_username Use the certificate subject (DN) as the default username, instead of the .B LOGNAME environment variable. When used with the .B -a option, the certificate subject of the authorization credential is used. Otherwise, the certificate subject of the default credential is used. .TP .BI -t " hours, " --proxy_lifetime " hours" Specifies the lifetime of credentials retrieved from the .BR myproxy-server (8) using the stored credential. The resulting lifetime is the shorter of the requested lifetime and the lifetime specified when the credential was stored using .BR myproxy-init (1). Default: 12 hours .TP .BI -o " file, " --out " file" Specifies where the retrieved proxy credential should be stored. If this option is not specified, the proxy credential will be stored in the location specified by the .B X509_USER_PROXY environment variable or .I /tmp/x509up_u if that environment variable is not set. To write the credential to the command's standard output rather than to a file, use .B -o .BR - . .TP .BI -a " file, " --authorization " file" Use this option to specify an existing, valid credential that you want to renew. Renewing a credential generally requires two certificate-based authentications. The client authenticates with its identity, using the credential in the standard location or specified by the .B X509_USER_PROXY or .B X509_USER_CERT and .B X509_USER_KEY environment variables in addition to authenticating with the existing credential, in the location specified by this option, that it wants to renew. .TP .BI -k " name, " --credname " name" Specifies the name of the credential that is to be retrieved or renewed. .TP .B -S, --stdin_pass By default, the command prompts for a passphrase and reads the passphrase from the active tty. When running the command non-interactively, there may be no associated tty. Specifying this option tells the command to read passphrases from standard input without prompts or confirmation. .TP .B -n, --no_passphrase Don't prompt for a credential passphrase. Use other methods for authentication, such as Kerberos ticket or X.509 certificate. This option is implied by .B -a since passphrase authentication is not used for credential renewal. .TP .B -T, --trustroots Retrieve CA certificates directory from server (if available) to store in the location specified by the .B X509_CERT_DIR environment variable if set or .I /etc/grid-security/certificates if running as root or .I ~/.globus/certificates if running as non-root. .TP .B -b, --bootstrap Unless this option is specified, then if the .B X509_CERT_DIR exists and the CA that signed the .BR myproxy-server (8) certificate is not trusted, .B myproxy-logon will fail with an error, to protect against man-in-the-middle attacks. If, however, this option is specified, .B myproxy-logon will accept the CA to bootstrap trust. This option implies .BR -T . .TP .B -q, --quiet Only write output messages on error. .TP .B -N, --no_credentials Authenticate only. Don't retrieve credentials. .TP .BI -m " voms, " --voms " voms" Add VOMS attributes to the credential by running .B voms-proxy-init on the client-side after retrieving the credential from the .BR myproxy-server (8). The VOMS VO name must be provided, as required by .BR "voms-proxy-init -voms" . The .B voms-proxy-init command must also be installed and configured to use this option. For example, the .B VOMS_USERCONF environment variable may need to be set for .B voms-proxy-init to run correctly. .TP .BI -Q " file, " --certreq " file" Specify the path to a PEM formatted certificate request to use when requesting a certificate from the .BR myproxy-server (8), rather than allowing .B myproxy-logon to generate the private key and certificate request itself. In this case, .B myproxy-logon will not output a private key but will only output the signed certificate and (as needed) certificate chain. To read the certificate request from standard input rather than from a file, use .B -Q .BR - . .SH "EXIT STATUS" 0 on success, >0 on error .SH ENVIRONMENT .TP .B GLOBUS_GSSAPI_NAME_COMPATIBILITY This client will, by default, perform a reverse-DNS lookup to determine the FQHN (Fully Qualified Host Name) to use in verifying the identity of the server by checking the FQHN against the CN in server's certificate. Setting this variable to .B STRICT_RFC2818 will cause the reverse-DNS lookup to NOT be performed and the user-specified name to be used instead. This variable setting will be ignored if .B MYPROXY_SERVER_DN (described later) is set. .TP .B MYPROXY_SERVER Specifies the hostname(s) where the .BR myproxy-server (8) is running. Multiple hostnames can be specified in a comma separated list with each hostname optionally followed by a ':' and port number. This environment variable can be used in place of the .B -s option. .TP .B MYPROXY_SERVER_PORT Specifies the port where the .BR myproxy-server (8) is running. This environment variable can be used in place of the .B -p option. .TP .B MYPROXY_SERVER_DN Specifies the distinguished name (DN) of the .BR myproxy-server (8). All MyProxy client programs authenticate the server's identity. By default, MyProxy servers run with host credentials, so the MyProxy client programs expect the server to have a distinguished name with "/CN=host/" or "/CN=myproxy/" or "/CN=" (where is the fully-qualified hostname of the server). If the server is running with some other DN, you can set this environment variable to tell the MyProxy clients to accept the alternative DN. Also see .B GLOBUS_GSSAPI_NAME_COMPATIBILITY above. .TP .B MYPROXY_TCP_PORT_RANGE Specifies a range of valid port numbers in the form "min,max" for the client side of the network connection to the server. By default, the client will bind to any available port. Use this environment variable to restrict the ports used to a range allowed by your firewall. If unset, MyProxy will follow the setting of the .B GLOBUS_TCP_PORT_RANGE environment variable. .TP .B X509_USER_CERT Specifies a non-standard location for the certificate to be used for authentication to the .BR myproxy-server (8). .TP .B X509_USER_KEY Specifies a non-standard location for the private key to be used for authentication to the .BR myproxy-server (8). .TP .B X509_USER_PROXY Specifies a non-standard location for the proxy credential to be used for authentication to the .BR myproxy-server (8). Also specifies the output location for the proxy credential to be retrieved from the .BR myproxy-server (8) unless the .B -o option is given. .TP .B X509_CERT_DIR Specifies a non-standard location for the CA certificates directory. .TP .B MYPROXY_KEYBITS Specifies the size for RSA keys generated by MyProxy. By default, MyProxy generates 2048 bit RSA keys. Set this environment variable to "1024" for 1024 bit RSA keys. .SH AUTHORS See .B http://grid.ncsa.illinois.edu/myproxy/about for the list of MyProxy authors. .SH "SEE ALSO" .BR myproxy-change-pass-phrase (1), .BR myproxy-destroy (1), .BR myproxy-get-trustroots (1), .BR myproxy-info (1), .BR myproxy-init (1), .BR myproxy-retrieve (1), .BR myproxy-server.config (5), .BR myproxy-store (1), .BR myproxy-admin-adduser (8), .BR myproxy-admin-change-pass (8), .BR myproxy-admin-load-credential (8), .BR myproxy-admin-query (8), .BR myproxy-server (8) myproxy-6.2.16/man/myproxy-info.10000644000175100017510000001245314557142036013611 00000000000000.TH myproxy-info 1 "2009-12-1" "MyProxy" "MyProxy" .SH NAME myproxy-info \- display information about MyProxy credentials .SH SYNOPSIS .B myproxy-info [ .I options ] .SH DESCRIPTION The .B myproxy-info command displays information about a user's credentials previously stored on a .BR myproxy-server (8) using .BR myproxy-init (1). The user must have a valid proxy credential as generated by .B grid-proxy-init or retrieved by .BR myproxy-logon (1) when running this command. .PP The .B myproxy-info command provides information only for credentials stored in the .BR myproxy-server (8) credential repository using .BR myproxy-init (1). In the case where the .BR myproxy-server (8) is acting as a Certificate Authority, issuing end entity credentials via the .BR myproxy-logon (1) command, the .B myproxy-info command will return "no credentials found". .SH OPTIONS .TP .B -h, --help Displays command usage text and exits. .TP .B -u, --usage Displays command usage text and exits. .TP .B -v, --verbose Enables verbose debugging output to the terminal. .TP .B -V, --version Displays version information and exits. .TP .BI -s " hostname[:port], " --pshost " hostname[:port]" Specifies the hostname(s) of the myproxy-server(s). Multiple hostnames, each hostname optionally followed by a ':' and port number, may be specified in a comma-separated list. This option is required if the .B MYPROXY_SERVER environment variable is not defined. If specified, this option overrides the .B MYPROXY_SERVER environment variable. If a port number is specified with a hostname, it will override the -p option as well as the .B MYPROXY_SERVER_PORT environment variable for that host. .TP .BI -p " port, " --psport " port" Specifies the TCP port number of the .BR myproxy-server (8). Default: 7512 .TP .BI -l " username, " --username " username" Specifies the MyProxy account to query. By default, the command uses the value of the .B LOGNAME environment variable. Use this option to specify a different account username on the MyProxy server. The MyProxy username need not correspond to a real Unix username. .TP .B -d, --dn_as_username Use the certificate subject (DN) as the default username, instead of the .B LOGNAME environment variable. .TP .BI -k " name, " --credname " name" Specifies name of the credential to query. If not specified, the command displays all credentials associated with the MyProxy username. .SH "EXIT STATUS" 0 on success, >0 on error .SH ENVIRONMENT .TP .B GLOBUS_GSSAPI_NAME_COMPATIBILITY This client will, by default, perform a reverse-DNS lookup to determine the FQHN (Fully Qualified Host Name) to use in verifying the identity of the server by checking the FQHN against the CN in server's certificate. Setting this variable to .B STRICT_RFC2818 will cause the reverse-DNS lookup to NOT be performed and the user-specified name to be used instead. This variable setting will be ignored if .B MYPROXY_SERVER_DN (described later) is set. .TP .B MYPROXY_SERVER Specifies the hostname(s) where the .BR myproxy-server (8) is running. Multiple hostnames can be specified in a comma separated list with each hostname optionally followed by a ':' and port number. This environment variable can be used in place of the .B -s option. .TP .B MYPROXY_SERVER_PORT Specifies the port where the .BR myproxy-server (8) is running. This environment variable can be used in place of the .B -p option. .TP .B MYPROXY_SERVER_DN Specifies the distinguished name (DN) of the .BR myproxy-server (8). All MyProxy client programs authenticate the server's identity. By default, MyProxy servers run with host credentials, so the MyProxy client programs expect the server to have a distinguished name with "/CN=host/" or "/CN=myproxy/" or "/CN=" (where is the fully-qualified hostname of the server). If the server is running with some other DN, you can set this environment variable to tell the MyProxy clients to accept the alternative DN. Also see .B GLOBUS_GSSAPI_NAME_COMPATIBILITY above. .TP .B MYPROXY_TCP_PORT_RANGE Specifies a range of valid port numbers in the form "min,max" for the client side of the network connection to the server. By default, the client will bind to any available port. Use this environment variable to restrict the ports used to a range allowed by your firewall. If unset, MyProxy will follow the setting of the .B GLOBUS_TCP_PORT_RANGE environment variable. .TP .B X509_USER_CERT Specifies a non-standard location for the certificate to be used for authentication to the .BR myproxy-server (8). .TP .B X509_USER_KEY Specifies a non-standard location for the private key to be used for authentication to the .BR myproxy-server (8). .TP .B X509_USER_PROXY Specifies a non-standard location for the proxy credential to be used for authentication to the .BR myproxy-server (8). .TP .B X509_CERT_DIR Specifies a non-standard location for the CA certificates directory. .SH AUTHORS See .B http://grid.ncsa.illinois.edu/myproxy/about for the list of MyProxy authors. .SH "SEE ALSO" .BR myproxy-change-pass-phrase (1), .BR myproxy-destroy (1), .BR myproxy-get-trustroots (1), .BR myproxy-init (1), .BR myproxy-logon (1), .BR myproxy-retrieve (1), .BR myproxy-store (1), .BR myproxy-server.config (5), .BR myproxy-admin-adduser (8), .BR myproxy-admin-change-pass (8), .BR myproxy-admin-load-credential (8), .BR myproxy-admin-query (8), .BR myproxy-server (8) myproxy-6.2.16/man/myproxy-get-trustroots.10000644000175100017510000001163214557142036015701 00000000000000.TH myproxy-get-trustroots 1 "2009-12-1" "MyProxy" "MyProxy" .SH NAME myproxy-get-trustroots \- fetch trustroots from a myproxy-server .SH SYNOPSIS .B myproxy-get-trustroots [ .I options ] .SH DESCRIPTION The .B myproxy-get-trustroots command retrieves the trusted certificates from the .BR myproxy-server (8) and stores them in the location specified by the .B X509_CERT_DIR environment variable if set or .I /etc/grid-security/certificates if running as root or .I ~/.globus/certificates if running as non-root. .P An example cron job for running .B myproxy-get-trustroots periodically to keep the .B X509_CERT_DIR up-to-date is provided at .IR $GLOBUS_LOCATION/share/myproxy/myproxy-get-trustroots.cron . .SH OPTIONS .TP .B -b, --bootstrap Unless this option is specified, then if the .B X509_CERT_DIR exists and the CA that signed the .BR myproxy-server (8) certificate is not trusted, .B myproxy-get-trustroots will fail with an error, to protect against man-in-the-middle attacks. If, however, this option is specified, .B myproxy-get-trustroots will accept the CA to bootstrap trust. .TP .B -h, --help Displays command usage text and exits. .TP .B -u, --usage Displays command usage text and exits. .TP .B -v, --verbose Enables verbose debugging output to the terminal. .TP .B -V, --version Displays version information and exits. .TP .BI -s " hostname[:port], " --pshost " hostname[:port]" Specifies the hostname(s) of the myproxy-server(s). Multiple hostnames, each hostname optionally followed by a ':' and port number, may be specified in a comma-separated list. This option is required if the .B MYPROXY_SERVER environment variable is not defined. If specified, this option overrides the .B MYPROXY_SERVER environment variable. If a port number is specified with a hostname, it will override the -p option as well as the .B MYPROXY_SERVER_PORT environment variable for that host. .TP .BI -p " port, " --psport " port" Specifies the TCP port number of the .BR myproxy-server (8). Default: 7512 .TP .B -q, --quiet Only write output messages on error. .SH ENVIRONMENT .TP .B GLOBUS_GSSAPI_NAME_COMPATIBILITY This client will, by default, perform a reverse-DNS lookup to determine the FQHN (Fully Qualified Host Name) to use in verifying the identity of the server by checking the FQHN against the CN in server's certificate. Setting this variable to .B STRICT_RFC2818 will cause the reverse-DNS lookup to NOT be performed and the user-specified name to be used instead. This variable setting will be ignored if .B MYPROXY_SERVER_DN (described later) is set. .TP .B MYPROXY_SERVER Specifies the hostname(s) where the .BR myproxy-server (8) is running. Multiple hostnames can be specified in a comma separated list with each hostname optionally followed by a ':' and port number. This environment variable can be used in place of the .B -s option. .TP .B MYPROXY_SERVER_PORT Specifies the port where the .BR myproxy-server (8) is running. This environment variable can be used in place of the .B -p option. .TP .B MYPROXY_SERVER_DN Specifies the distinguished name (DN) of the .BR myproxy-server (8). All MyProxy client programs authenticate the server's identity. By default, MyProxy servers run with host credentials, so the MyProxy client programs expect the server to have a distinguished name with "/CN=host/" or "/CN=myproxy/" or "/CN=" (where is the fully-qualified hostname of the server). If the server is running with some other DN, you can set this environment variable to tell the MyProxy clients to accept the alternative DN. Also see .B GLOBUS_GSSAPI_NAME_COMPATIBILITY above. .TP .B MYPROXY_TCP_PORT_RANGE Specifies a range of valid port numbers in the form "min,max" for the client side of the network connection to the server. By default, the client will bind to any available port. Use this environment variable to restrict the ports used to a range allowed by your firewall. If unset, MyProxy will follow the setting of the .B GLOBUS_TCP_PORT_RANGE environment variable. .TP .B X509_USER_CERT Specifies a non-standard location for the certificate to be used for authentication to the .BR myproxy-server (8). .TP .B X509_USER_KEY Specifies a non-standard location for the private key to be used for authentication to the .BR myproxy-server (8). .TP .B X509_USER_PROXY Specifies a non-standard location for the proxy credential to be used for authentication to the .BR myproxy-server (8). .TP .B X509_CERT_DIR Specifies a non-standard location for the CA certificates directory. .SH AUTHORS See .B http://grid.ncsa.illinois.edu/myproxy/about for the list of MyProxy authors. .SH "SEE ALSO" .BR myproxy-change-pass-phrase (1), .BR myproxy-destroy (1), .BR myproxy-info (1), .BR myproxy-init (1), .BR myproxy-logon (1), .BR myproxy-retrieve (1), .BR myproxy-server.config (5), .BR myproxy-store (1), .BR myproxy-admin-adduser (8), .BR myproxy-admin-change-pass (8), .BR myproxy-admin-load-credential (8), .BR myproxy-admin-query (8), .BR myproxy-server (8) myproxy-6.2.16/man/Makefile.am0000644000175100017510000000160414557142036013077 00000000000000myproxy-logon.1: myproxy-get-delegation.1 rm -f myproxy-logon.1 $(LN_S) $(srcdir)/myproxy-get-delegation.1 myproxy-logon.1 myproxy-admin-addservice.8: myproxy-admin-adduser.8 rm -f myproxy-admin-addservice.8 $(LN_S) $(srcdir)/myproxy-admin-adduser.8 myproxy-admin-addservice.8 man_MANS = myproxy-admin-adduser.8 \ myproxy-admin-addservice.8 \ myproxy-admin-change-pass.8 \ myproxy-admin-load-credential.8 \ myproxy-admin-query.8 \ myproxy-change-pass-phrase.1 \ myproxy-destroy.1 \ myproxy-get-delegation.1 \ myproxy-get-trustroots.1 \ myproxy-info.1 \ myproxy-init.1 \ myproxy-logon.1 \ myproxy-replicate.8 \ myproxy-retrieve.1 \ myproxy-server.8 \ myproxy-server.config.5 \ myproxy-store.1 EXTRA_DIST = $(man_MANS) myproxy-6.2.16/man/myproxy-store.10000644000175100017510000002202514557142036014006 00000000000000.TH myproxy-store 1 "2011-09-05" "MyProxy" "MyProxy" .SH NAME myproxy-store \- store end-entity credential for later retrieval .SH SYNOPSIS .B myproxy-store [ .I options ] .SH DESCRIPTION The .B myproxy-store command uploads a credential to a .BR myproxy-server (8) for later retrieval. The user must have a valid proxy credential as generated by .B grid-proxy-init or retrieved by .BR myproxy-logon (1) when running this command. Unlike .BR myproxy-init (1), this command transfers the private key over the network (over a private channel). In the default mode, the command will take the credentials found in .I ~/.globus/usercert.pem and .I ~/.globus/userkey.pem and store them in the .BR myproxy-server (8) repository. Proxy credentials with default lifetime of 12 hours can then be retrieved by .BR myproxy-logon (1) using the credential passphrase. The default behavior can be overridden by options specified below. .PP The hostname where the .BR myproxy-server (8) is running must be specified by either defining the .B MYPROXY_SERVER environment variable or the .B -s option. .SH OPTIONS .TP .B -h, --help Displays command usage text and exits. .TP .B -u, --usage Displays command usage text and exits. .TP .B -v, --verbose Enables verbose debugging output to the terminal. .TP .B -V, --version Displays version information and exits. .TP .BI -s " hostname[:port], " --pshost " hostname[:port]" Specifies the hostname(s) of the myproxy-server(s). Multiple hostnames, each hostname optionally followed by a ':' and port number, may be specified in a comma-separated list. This option is required if the .B MYPROXY_SERVER environment variable is not defined. If specified, this option overrides the .B MYPROXY_SERVER environment variable. If a port number is specified with a hostname, it will override the -p option as well as the .B MYPROXY_SERVER_PORT environment variable for that host. .TP .BI -p " port, " --psport " port" Specifies the TCP port number of the .BR myproxy-server (8). Default: 7512 If specified, this option overrides the .B MYPROXY_SERVER_PORT environment variable. .TP .BI -l " username, " --username " username" Specifies the MyProxy account under which the credential should be stored. By default, the command uses the value of the .B LOGNAME environment variable. Use this option to specify a different account username on the MyProxy server. The MyProxy username need not correspond to a real Unix username. .TP .BI -c " filename, " --certfile " filename" Specifies the filename of the source certificate. .TP .BI -y " filename, " --keyfile " filename" Specifies the filename of the source private key. .TP .BI -t " hours, " --proxy_lifetime " hours" Specifies the maximum lifetime of credentials retrieved from the .BR myproxy-server (8) using the stored credential. Default: 12 hours .TP .B -d, --dn_as_username Use the certificate subject (DN) as the default username, instead of the .B LOGNAME environment variable. .TP .B -a, --allow_anonymous_retrievers Allow credentials to be retrieved with just pass phrase authentication. By default, only entities with credentials that match the .BR myproxy-server.config (5) default retriever policy may retrieve credentials. This option allows entities without existing credentials to retrieve a credential using pass phrase authentication by including "anonymous" in the set of allowed retrievers. The .BR myproxy-server.config (5) server-wide policy must also allow "anonymous" clients for this option to have an effect. .TP .B -A, --allow_anonymous_renewers Allow credentials to be renewed by any client. Any client with a valid credential with a subject name that matches the stored credential may retrieve a new credential from the MyProxy repository if this option is given. Since this effectively defeats the purpose of proxy credential lifetimes, it is not recommended. It is included only for sake of completeness. .TP .BI -r " name, " --retrievable_by " name" Allow the specified entity to retrieve credentials. See .B -x and .B -X options for controlling name matching behavior. .TP .BI -E " name, " --retrieve_key " name" Allow the specified entity to retrieve end-entity credentials. See .B -x and .B -X options for controlling name matching behavior. .TP .BI -R " name, " --renewable_by " name" Allow the specified entity to renew credentials. See .B -x and .B -X options for controlling name matching behavior. .TP .BI -Z " name, " --retrievable_by_cert " name" Allow the specified entity to retrieve credentials without a passphrase. See .B -x and .B -X options for controlling name matching behavior. .TP .B -x, --regex_dn_match Specifies that names used with following options .BR -r , .BR -E , .BR -R , and .B -Z will be matched against the full certificate subject distinguished name (DN) according to .B REGULAR EXPRESSIONS in .BR myproxy-server.config (5). .TP .B -X, --match_cn_only Specifies that names used with following options .BR -r , .BR -E , .BR -R , and .B -Z will be matched against the certificate subject common name (CN) according to .B REGULAR EXPRESSIONS in .BR myproxy-server.config (5). For example, if an argument of .B -r "Jim Basney" is specified, then the resulting policy will be "*/CN=Jim Basney". This is the default behavior. .TP .BI -k " name, " --credname " name" Specifies the credential name. .TP .BI -K " description, " --creddesc " description" Specifies credential description. .TP .SH "EXIT STATUS" 0 on success, >0 on error .SH FILES .TP .I ~/.globus/usercert.pem Default location of the certificate to be stored on the .BR myproxy-server . Use the .B --certfile option to override. .TP .I ~/.globus/userkey.pem Default location of the private key to be stored on the .BR myproxy-server . Use the .B --keyfile option to override. .TP .B -T, --trustroots Retrieve CA certificates directory from server (if available) to store in the location specified by the .B X509_CERT_DIR environment variable if set or .I /etc/grid-security/certificates if running as root or .I ~/.globus/certificates if running as non-root. .SH ENVIRONMENT .TP .B GLOBUS_GSSAPI_NAME_COMPATIBILITY This client will, by default, perform a reverse-DNS lookup to determine the FQHN (Fully Qualified Host Name) to use in verifying the identity of the server by checking the FQHN against the CN in server's certificate. Setting this variable to .B STRICT_RFC2818 will cause the reverse-DNS lookup to NOT be performed and the user-specified name to be used instead. This variable setting will be ignored if .B MYPROXY_SERVER_DN (described later) is set. .TP .B MYPROXY_SERVER Specifies the hostname(s) where the .BR myproxy-server (8) is running. Multiple hostnames can be specified in a comma separated list with each hostname optionally followed by a ':' and port number. This environment variable can be used in place of the .B -s option. .TP .B MYPROXY_SERVER_PORT Specifies the port where the .BR myproxy-server (8) is running. This environment variable can be used in place of the .B -p option. .TP .B MYPROXY_SERVER_DN Specifies the distinguished name (DN) of the .BR myproxy-server (8). All MyProxy client programs authenticate the server's identity. By default, MyProxy servers run with host credentials, so the MyProxy client programs expect the server to have a distinguished name with "/CN=host/" or "/CN=myproxy/" or "/CN=" (where is the fully-qualified hostname of the server). If the server is running with some other DN, you can set this environment variable to tell the MyProxy clients to accept the alternative DN. Also see .B GLOBUS_GSSAPI_NAME_COMPATIBILITY above. .TP .B MYPROXY_TCP_PORT_RANGE Specifies a range of valid port numbers in the form "min,max" for the client side of the network connection to the server. By default, the client will bind to any available port. Use this environment variable to restrict the ports used to a range allowed by your firewall. If unset, MyProxy will follow the setting of the .B GLOBUS_TCP_PORT_RANGE environment variable. .TP .B X509_USER_CERT Specifies a non-standard location for the certificate to be used for authentication to the .BR myproxy-server (8). Also specifies the location for the certificate to be stored unless the .B -c option is given. .TP .B X509_USER_KEY Specifies a non-standard location for the private key to be used for authentication to the .BR myproxy-server (8). Also specifies the location for the private key to be stored unless the .B -y option is given. .TP .B X509_USER_PROXY Specifies a non-standard location for the proxy credential to be used for authentication to the .BR myproxy-server (8). .TP .B X509_CERT_DIR Specifies a non-standard location for the CA certificates directory. .SH AUTHORS See .B http://grid.ncsa.illinois.edu/myproxy/about for the list of MyProxy authors. .SH "SEE ALSO" .BR myproxy-change-pass-phrase (1), .BR myproxy-destroy (1), .BR myproxy-get-trustroots (1), .BR myproxy-info (1), .BR myproxy-logon (1), .BR myproxy-retrieve (1), .BR myproxy-server.config (5), .BR myproxy-admin-adduser (8), .BR myproxy-admin-change-pass (8), .BR myproxy-admin-load-credential (8), .BR myproxy-admin-query (8), .BR myproxy-server (8) .BR myproxy-retrieve (1) myproxy-6.2.16/man/myproxy-admin-adduser.80000644000175100017510000001235314557142036015401 00000000000000.TH myproxy-admin-adduser 8 "2011-09-05" "MyProxy" "MyProxy" .SH NAME myproxy-admin-adduser \- add a user or service credential .SH SYNOPSIS .B myproxy-admin-adduser [ .I options ] .P .B myproxy-admin-addservice [ .I options ] .SH DESCRIPTION The .B myproxy-admin-adduser and .B myproxy-admin-addservice commands create a new credential for a user or service and load it into the MyProxy repository. They are .BR perl (1) scripts that run .B grid-cert-request (a standard Grid Community Toolkit program) and .B grid-ca-sign (from the Globus Simple CA package) to create the credential and then run .BR myproxy-admin-load-credential (8) to load the credential into the MyProxy repository. .PP The command prompts for the common name to be included in the new certificate (if the .B -c argument is not specified), the Globus Simple CA key password for signing the certificate, the MyProxy username (if the .B -l or .B -d arguments are not specified), and the MyProxy passphrase for the credential. Most of the command-line options for this command are passed directly to the .BR myproxy-admin-load-credential (8) command. .PP The .B grid-ca-sign program is not provided in the MyProxy distribution. It must be installed separately, from the Globus Simple CA package. .SH OPTIONS .TP .B -h Displays command usage text and exits. .TP .B -u Displays command usage text and exits. .TP .B -v Enables verbose debugging output to the terminal. .TP .BI -c " cn" Specifies the Common Name for the new credential (for example: "Jim Basney"). .TP .BI -s " dir" Specifies the location of the credential storage directory. The directory must be accessible only by the user running the .B myproxy-server process for security reasons. Default: /var/lib/myproxy or /var/myproxy or $GLOBUS_LOCATION/var/myproxy .TP .BI -l " username" Specifies the MyProxy account under which the credential should be stored. .TP .BI -t " hours" Specifies the maximum lifetime of credentials retrieved from the .BR myproxy-server (8) using the stored credential. Default: 12 hours .TP .BI -p " CA-password" Specifies the password for the CA's private key using the format documented in the PASS PHRASE ARGUMENTS section of .BR openssl (1). .TP .B -n Disables passphrase authentication for the stored credential. If specified, the command will not prompt for a passphrase, the credential will not be encrypted by a passphrase in the repository, and the credential will not be retrievable using passphrase authentication with .BR myproxy-logon (1). This option is used for storing renewable credentials and is implied by .BR -R . .TP .B -d Use the certificate subject (DN) as the username. .TP .B -a Allow credentials to be retrieved with just pass phrase authentication. By default, only entities with credentials that match the .BR myproxy-server.config (5) default retriever policy may retrieve credentials. This option allows entities without existing credentials to retrieve a credential using pass phrase authentication by including "anonymous" in the set of allowed retrievers. The .BR myproxy-server.config (5) server-wide policy must also allow "anonymous" clients for this option to have an effect. .TP .B -A Allow credentials to be renewed by any client. Any client with a valid credential with a subject name that matches the stored credential may retrieve a new credential from the MyProxy repository if this option is given. Since this effectively defeats the purpose of proxy credential lifetimes, it is not recommended. It is included only for sake of completeness. .TP .BI -r " name" Allow the specified entity to retrieve credentials. See .B -x and .B -X options for controlling name matching behavior. .TP .BI -R " name" Allow the specified entity to renew credentials. See .B -x and .B -X options for controlling name matching behavior. This option implies .B -n since passphrase authentication is not used for credential renewal. .TP .BI -Z " name, " --retrievable_by_cert " name" Allow the specified entity to retrieve credentials without a passphrase. See .B -x and .B -X options for controlling name matching behavior. This option implies .BR -n . .TP .B -x Specifies that names used with following options .BR -r , .BR -R , and .B -Z will be matched against the full certificate subject distinguished name (DN) according to .B REGULAR EXPRESSIONS in .BR myproxy-server.config (5). .TP .B -X Specifies that names used with following options .BR -r , .BR -R , and .B -Z will be matched against the certificate subject common name (CN) according to .B REGULAR EXPRESSIONS in .BR myproxy-server.config (5). For example, if an argument of .B -r "Jim Basney" is specified, then the resulting policy will be "*/CN=Jim Basney". This is the default behavior. .TP .BI -k " name" Specifies the credential name. .TP .BI -K " description" Specifies credential description. .SH "EXIT STATUS" 0 on success, >0 on error .SH AUTHORS See .B http://grid.ncsa.illinois.edu/myproxy/about for the list of MyProxy authors. .SH "SEE ALSO" .BR myproxy-change-pass-phrase (1), .BR myproxy-destroy (1), .BR myproxy-info (1), .BR myproxy-init (1), .BR myproxy-logon (1), .BR myproxy-retrieve (1), .BR myproxy-store (1), .BR myproxy-server.config (5), .BR myproxy-admin-change-pass (8), .BR myproxy-admin-load-credential (8), .BR myproxy-admin-query (8), .BR myproxy-server (8) myproxy-6.2.16/man/myproxy-logon.10000644000175100017510000002254214557142036013774 00000000000000.TH myproxy-logon 1 "2010-09-09" "MyProxy" "MyProxy" .SH NAME myproxy-logon \- retrieve a credential .SH SYNOPSIS .B myproxy-logon [ .I options ] .P .B myproxy-get-delegation [ .I options ] .SH DESCRIPTION The .B myproxy-logon command retrieves a proxy credential from the .BR myproxy-server (8) that was previously stored using .BR myproxy-init (1) or .BR myproxy-store (1). It can also be used to retrieve short-lived end entity credentials from a .BR myproxy-server (8) configured to act as a Certificate Authority. In the default mode, the command prompts for the MyProxy pass phrase associated with the credential to be retrieved and stores the retrieved credential in the location specified by the .B X509_USER_PROXY environment variable or .I /tmp/x509up_u if that environment variable is not set. .PP The .B myproxy-logon command is also available under the name .B myproxy-get-delegation for backward compatibility. .SH OPTIONS .TP .B -h, --help Displays command usage text and exits. .TP .B -u, --usage Displays command usage text and exits. .TP .B -v, --verbose Enables verbose debugging output to the terminal. .TP .B -V, --version Displays version information and exits. .TP .BI -s " hostname[:port], " --pshost " hostname[:port]" Specifies the hostname(s) of the myproxy-server(s). Multiple hostnames, each hostname optionally followed by a ':' and port number, may be specified in a comma-separated list. This option is required if the .B MYPROXY_SERVER environment variable is not defined. If specified, this option overrides the .B MYPROXY_SERVER environment variable. If a port number is specified with a hostname, it will override the -p option as well as the .B MYPROXY_SERVER_PORT environment variable for that host. .TP .BI -p " port, " --psport " port" Specifies the TCP port number of the .BR myproxy-server (8). Default: 7512 .TP .BI -l " username, " --username " username" Specifies the MyProxy account under which the credential to retrieve is stored. By default, the command uses the value of the .B LOGNAME environment variable. Use this option to specify a different account username on the MyProxy server. The MyProxy username need not correspond to a real Unix username. .TP .B -d, --dn_as_username Use the certificate subject (DN) as the default username, instead of the .B LOGNAME environment variable. When used with the .B -a option, the certificate subject of the authorization credential is used. Otherwise, the certificate subject of the default credential is used. .TP .BI -t " hours, " --proxy_lifetime " hours" Specifies the lifetime of credentials retrieved from the .BR myproxy-server (8) using the stored credential. The resulting lifetime is the shorter of the requested lifetime and the lifetime specified when the credential was stored using .BR myproxy-init (1). Default: 12 hours .TP .BI -o " file, " --out " file" Specifies where the retrieved proxy credential should be stored. If this option is not specified, the proxy credential will be stored in the location specified by the .B X509_USER_PROXY environment variable or .I /tmp/x509up_u if that environment variable is not set. To write the credential to the command's standard output rather than to a file, use .B -o .BR - . .TP .BI -a " file, " --authorization " file" Use this option to specify an existing, valid credential that you want to renew. Renewing a credential generally requires two certificate-based authentications. The client authenticates with its identity, using the credential in the standard location or specified by the .B X509_USER_PROXY or .B X509_USER_CERT and .B X509_USER_KEY environment variables in addition to authenticating with the existing credential, in the location specified by this option, that it wants to renew. .TP .BI -k " name, " --credname " name" Specifies the name of the credential that is to be retrieved or renewed. .TP .B -S, --stdin_pass By default, the command prompts for a passphrase and reads the passphrase from the active tty. When running the command non-interactively, there may be no associated tty. Specifying this option tells the command to read passphrases from standard input without prompts or confirmation. .TP .B -n, --no_passphrase Don't prompt for a credential passphrase. Use other methods for authentication, such as Kerberos ticket or X.509 certificate. This option is implied by .B -a since passphrase authentication is not used for credential renewal. .TP .B -T, --trustroots Retrieve CA certificates directory from server (if available) to store in the location specified by the .B X509_CERT_DIR environment variable if set or .I /etc/grid-security/certificates if running as root or .I ~/.globus/certificates if running as non-root. .TP .B -b, --bootstrap Unless this option is specified, then if the .B X509_CERT_DIR exists and the CA that signed the .BR myproxy-server (8) certificate is not trusted, .B myproxy-logon will fail with an error, to protect against man-in-the-middle attacks. If, however, this option is specified, .B myproxy-logon will accept the CA to bootstrap trust. This option implies .BR -T . .TP .B -q, --quiet Only write output messages on error. .TP .B -N, --no_credentials Authenticate only. Don't retrieve credentials. .TP .BI -m " voms, " --voms " voms" Add VOMS attributes to the credential by running .B voms-proxy-init on the client-side after retrieving the credential from the .BR myproxy-server (8). The VOMS VO name must be provided, as required by .BR "voms-proxy-init -voms" . The .B voms-proxy-init command must also be installed and configured to use this option. For example, the .B VOMS_USERCONF environment variable may need to be set for .B voms-proxy-init to run correctly. .TP .BI -Q " file, " --certreq " file" Specify the path to a PEM formatted certificate request to use when requesting a certificate from the .BR myproxy-server (8), rather than allowing .B myproxy-logon to generate the private key and certificate request itself. In this case, .B myproxy-logon will not output a private key but will only output the signed certificate and (as needed) certificate chain. To read the certificate request from standard input rather than from a file, use .B -Q .BR - . .SH "EXIT STATUS" 0 on success, >0 on error .SH ENVIRONMENT .TP .B GLOBUS_GSSAPI_NAME_COMPATIBILITY This client will, by default, perform a reverse-DNS lookup to determine the FQHN (Fully Qualified Host Name) to use in verifying the identity of the server by checking the FQHN against the CN in server's certificate. Setting this variable to .B STRICT_RFC2818 will cause the reverse-DNS lookup to NOT be performed and the user-specified name to be used instead. This variable setting will be ignored if .B MYPROXY_SERVER_DN (described later) is set. .TP .B MYPROXY_SERVER Specifies the hostname(s) where the .BR myproxy-server (8) is running. Multiple hostnames can be specified in a comma separated list with each hostname optionally followed by a ':' and port number. This environment variable can be used in place of the .B -s option. .TP .B MYPROXY_SERVER_PORT Specifies the port where the .BR myproxy-server (8) is running. This environment variable can be used in place of the .B -p option. .TP .B MYPROXY_SERVER_DN Specifies the distinguished name (DN) of the .BR myproxy-server (8). All MyProxy client programs authenticate the server's identity. By default, MyProxy servers run with host credentials, so the MyProxy client programs expect the server to have a distinguished name with "/CN=host/" or "/CN=myproxy/" or "/CN=" (where is the fully-qualified hostname of the server). If the server is running with some other DN, you can set this environment variable to tell the MyProxy clients to accept the alternative DN. Also see .B GLOBUS_GSSAPI_NAME_COMPATIBILITY above. .TP .B MYPROXY_TCP_PORT_RANGE Specifies a range of valid port numbers in the form "min,max" for the client side of the network connection to the server. By default, the client will bind to any available port. Use this environment variable to restrict the ports used to a range allowed by your firewall. If unset, MyProxy will follow the setting of the .B GLOBUS_TCP_PORT_RANGE environment variable. .TP .B X509_USER_CERT Specifies a non-standard location for the certificate to be used for authentication to the .BR myproxy-server (8). .TP .B X509_USER_KEY Specifies a non-standard location for the private key to be used for authentication to the .BR myproxy-server (8). .TP .B X509_USER_PROXY Specifies a non-standard location for the proxy credential to be used for authentication to the .BR myproxy-server (8). Also specifies the output location for the proxy credential to be retrieved from the .BR myproxy-server (8) unless the .B -o option is given. .TP .B X509_CERT_DIR Specifies a non-standard location for the CA certificates directory. .TP .B MYPROXY_KEYBITS Specifies the size for RSA keys generated by MyProxy. By default, MyProxy generates 2048 bit RSA keys. Set this environment variable to "1024" for 1024 bit RSA keys. .SH AUTHORS See .B http://grid.ncsa.illinois.edu/myproxy/about for the list of MyProxy authors. .SH "SEE ALSO" .BR myproxy-change-pass-phrase (1), .BR myproxy-destroy (1), .BR myproxy-get-trustroots (1), .BR myproxy-info (1), .BR myproxy-init (1), .BR myproxy-retrieve (1), .BR myproxy-server.config (5), .BR myproxy-store (1), .BR myproxy-admin-adduser (8), .BR myproxy-admin-change-pass (8), .BR myproxy-admin-load-credential (8), .BR myproxy-admin-query (8), .BR myproxy-server (8) myproxy-6.2.16/man/myproxy-retrieve.10000644000175100017510000001672114557142036014505 00000000000000.TH myproxy-retrieve 1 "2009-12-1" "MyProxy" "MyProxy" .SH NAME myproxy-retrieve \- retrieve an end-entity credential .SH SYNOPSIS .B myproxy-retrieve [ .I options ] .SH DESCRIPTION The .B myproxy-retrieve command retrieves a credential directly from the .BR myproxy-server (8) that was previously stored using .BR myproxy-init (1) or .BR myproxy-store (1). Unlike .BR myproxy-logon (1), this command transfers the private key in the repository over the network (over a private channel). To obtain a proxy credential, we recommend using .BR myproxy-logon (1) instead. .PP In the default mode, the command prompts for the pass phrase associated with the credential to be retrieved and stores the retrieved credential in the standard location ( .I ~/.globus/usercert.pem and .IR ~/.globus/userkey.pem ). You could then run .B grid-proxy-init to create a proxy credential from the retrieved credentials. .SH OPTIONS .TP .B -h, --help Displays command usage text and exits. .TP .B -u, --usage Displays command usage text and exits. .TP .B -v, --verbose Enables verbose debugging output to the terminal. .TP .B -V, --version Displays version information and exits. .TP .BI -s " hostname[:port], " --pshost " hostname[:port]" Specifies the hostname(s) of the myproxy-server(s). Multiple hostnames, each hostname optionally followed by a ':' and port number, may be specified in a comma-separated list. This option is required if the .B MYPROXY_SERVER environment variable is not defined. If specified, this option overrides the .B MYPROXY_SERVER environment variable. If a port number is specified with a hostname, it will override the -p option as well as the .B MYPROXY_SERVER_PORT environment variable for that host. .TP .BI -p " port, " --psport " port" Specifies the TCP port number of the .BR myproxy-server (8). Default: 7512 .TP .BI -l " username, " --username " username" Specifies the MyProxy account under which the credential to retrieve is stored. By default, the command uses the value of the .B LOGNAME environment variable. Use this option to specify a different account username on the MyProxy server. The MyProxy username need not correspond to a real Unix username. .TP .B -d, --dn_as_username Use the certificate subject (DN) as the default username, instead of the .B LOGNAME environment variable. When used with the .B -a option, the certificate subject of the authorization credential is used. Otherwise, the certificate subject of the default credential is used. .TP .BI -t " hours, " --proxy_lifetime " hours" Specifies the lifetime of credentials retrieved from the .BR myproxy-server (8) using the stored credential. The resulting lifetime is the shorter of the requested lifetime and the lifetime specified when the credential was stored using .BR myproxy-init (1). Default: 12 hours .TP .BI -c " filename, " --certfile " filename" Specifies the filename of where the certificate will be stored. .TP .BI -y " filename, " --keyfile " filename" Specifies the filename of where the private key will be stored. .TP .BI -a " file, " --authorization " file" Use this option to specify an existing, valid credential that you want to renew. Renewing a credential generally requires two certificate-based authentications. The client authenticates with its identity, using the credential in the standard location or specified by .B X509_USER_PROXY or .B X509_USER_CERT and .B X509_USER_KEY in addition to authenticating with the existing credential, in the location specified by this option, that it wants to renew. .TP .BI -k " name, " --credname " name" Specifies the name of the credential that is to be retrieved or renewed. .TP .B -S, --stdin_pass By default, the command prompts for a passphrase and reads the passphrase from the active tty. When running the command non-interactively, there may be no associated tty. Specifying this option tells the command to read passphrases from standard input without prompts or confirmation. .TP .B -T, --trustroots Retrieve CA certificates directory from server (if available) to store in the location specified by the .B X509_CERT_DIR environment variable if set or .I /etc/grid-security/certificates if running as root or .I ~/.globus/certificates if running as non-root. .TP .B -n, --no_passphrase Don't prompt for a credential passphrase. Use other methods for authentication, such as Kerberos ticket or X.509 certificate. .SH "EXIT STATUS" 0 on success, >0 on error .SH ENVIRONMENT .TP .B GLOBUS_GSSAPI_NAME_COMPATIBILITY This client will, by default, perform a reverse-DNS lookup to determine the FQHN (Fully Qualified Host Name) to use in verifying the identity of the server by checking the FQHN against the CN in server's certificate. Setting this variable to .B STRICT_RFC2818 will cause the reverse-DNS lookup to NOT be performed and the user-specified name to be used instead. This variable setting will be ignored if .B MYPROXY_SERVER_DN (described later) is set. .TP .B MYPROXY_SERVER Specifies the hostname(s) where the .BR myproxy-server (8) is running. Multiple hostnames can be specified in a comma separated list with each hostname optionally followed by a ':' and port number. This environment variable can be used in place of the .B -s option. .TP .B MYPROXY_SERVER_PORT Specifies the port where the .BR myproxy-server (8) is running. This environment variable can be used in place of the .B -p option. .TP .B MYPROXY_SERVER_DN Specifies the distinguished name (DN) of the .BR myproxy-server (8). All MyProxy client programs authenticate the server's identity. By default, MyProxy servers run with host credentials, so the MyProxy client programs expect the server to have a distinguished name with "/CN=host/" or "/CN=myproxy/" or "/CN=" (where is the fully-qualified hostname of the server). If the server is running with some other DN, you can set this environment variable to tell the MyProxy clients to accept the alternative DN. Also see .B GLOBUS_GSSAPI_NAME_COMPATIBILITY above. .TP .B MYPROXY_TCP_PORT_RANGE Specifies a range of valid port numbers in the form "min,max" for the client side of the network connection to the server. By default, the client will bind to any available port. Use this environment variable to restrict the ports used to a range allowed by your firewall. If unset, MyProxy will follow the setting of the .B GLOBUS_TCP_PORT_RANGE environment variable. .TP .B X509_USER_CERT Specifies a non-standard location for the certificate to be used for authentication to the .BR myproxy-server (8). Also specifies the location for where the retrieved certificate will be stored unless the .B -c option is given. .TP .B X509_USER_KEY Specifies a non-standard location for the private key to be used for authentication to the .BR myproxy-server (8). Also specifies the location for where the retrieved private key will be stored unless the .B -y option is given. .TP .B X509_USER_PROXY Specifies a non-standard location for the proxy credential to be used for authentication to the .BR myproxy-server (8). .TP .B X509_CERT_DIR Specifies a non-standard location for the CA certificates directory. .SH AUTHORS See .B http://grid.ncsa.illinois.edu/myproxy/about for the list of MyProxy authors. .SH "SEE ALSO" .BR myproxy-change-pass-phrase (1), .BR myproxy-destroy (1), .BR myproxy-get-trustroots (1), .BR myproxy-info (1), .BR myproxy-init (1), .BR myproxy-logon (1), .BR myproxy-store (1), .BR myproxy-server.config (5), .BR myproxy-admin-adduser (8), .BR myproxy-admin-change-pass (8), .BR myproxy-admin-load-credential (8), .BR myproxy-admin-query (8), .BR myproxy-server (8) myproxy-6.2.16/man/myproxy-destroy.10000644000175100017510000001153414557142036014346 00000000000000.TH myproxy-destroy 1 "2009-12-1" "MyProxy" "MyProxy" .SH NAME myproxy-destroy \- remove a credential from the repository .SH SYNOPSIS .B myproxy-destroy [ .I options ] .SH DESCRIPTION The .B myproxy-destroy command removes a credential from the .BR myproxy-server (8) that was previously stored using .BR myproxy-init (1). The user must have a valid proxy credential as generated by .B grid-proxy-init or retrieved by .BR myproxy-logon (1) when running this command. .SH OPTIONS .TP .B -h, --help Displays command usage text and exits. .TP .B -u, --usage Displays command usage text and exits. .TP .B -v, --verbose Enables verbose debugging output to the terminal. .TP .B -V, --version Displays version information and exits. .TP .BI -s " hostname[:port], " --pshost " hostname[:port]" Specifies the hostname(s) of the myproxy-server(s). Multiple hostnames, each hostname optionally followed by a ':' and port number, may be specified in a comma-separated list. This option is required if the .B MYPROXY_SERVER environment variable is not defined. If specified, this option overrides the .B MYPROXY_SERVER environment variable. If a port number is specified with a hostname, it will override the -p option as well as the .B MYPROXY_SERVER_PORT environment variable for that host. .TP .BI -p " port, " --psport " port" Specifies the TCP port number of the .BR myproxy-server (8). Default: 7512 .TP .B -l, --username Specifies the MyProxy account under which the credential to destroy is stored. By default, the command uses the value of the .B LOGNAME environment variable. Use this option to specify a different account username on the MyProxy server. The MyProxy username need not correspond to a real Unix username. .TP .B -d, --dn_as_username Use the certificate subject (DN) as the default username, instead of the .B LOGNAME environment variable. .TP .BI -k " name, " --credname " name" Specifies name of the credential to be destroyed. .TP .SH "EXIT STATUS" 0 on success, >0 on error .SH ENVIRONMENT .TP .B GLOBUS_GSSAPI_NAME_COMPATIBILITY This client will, by default, perform a reverse-DNS lookup to determine the FQHN (Fully Qualified Host Name) to use in verifying the identity of the server by checking the FQHN against the CN in server's certificate. Setting this variable to .B STRICT_RFC2818 will cause the reverse-DNS lookup to NOT be performed and the user-specified name to be used instead. This variable setting will be ignored if .B MYPROXY_SERVER_DN (described later) is set. .TP .B MYPROXY_SERVER Specifies the hostname(s) where the .BR myproxy-server (8) is running. Multiple hostnames can be specified in a comma separated list with each hostname optionally followed by a ':' and port number. This environment variable can be used in place of the .B -s option. .TP .B MYPROXY_SERVER_PORT Specifies the port where the .BR myproxy-server (8) is running. This environment variable can be used in place of the .B -p option. .TP .B MYPROXY_SERVER_DN Specifies the distinguished name (DN) of the .BR myproxy-server (8). All MyProxy client programs authenticate the server's identity. By default, MyProxy servers run with host credentials, so the MyProxy client programs expect the server to have a distinguished name with "/CN=host/" or "/CN=myproxy/" or "/CN=" (where is the fully-qualified hostname of the server). If the server is running with some other DN, you can set this environment variable to tell the MyProxy clients to accept the alternative DN. Also see .B GLOBUS_GSSAPI_NAME_COMPATIBILITY above. .TP .B MYPROXY_TCP_PORT_RANGE Specifies a range of valid port numbers in the form "min,max" for the client side of the network connection to the server. By default, the client will bind to any available port. Use this environment variable to restrict the ports used to a range allowed by your firewall. If unset, MyProxy will follow the setting of the .B GLOBUS_TCP_PORT_RANGE environment variable. .TP .B X509_USER_CERT Specifies a non-standard location for the certificate to be used for authentication to the .BR myproxy-server (8). .TP .B X509_USER_KEY Specifies a non-standard location for the private key to be used for authentication to the .BR myproxy-server (8). .TP .B X509_USER_PROXY Specifies a non-standard location for the proxy credential to be used for authentication to the .BR myproxy-server (8). .TP .B X509_CERT_DIR Specifies a non-standard location for the CA certificates directory. .SH AUTHORS See .B http://grid.ncsa.illinois.edu/myproxy/about for the list of MyProxy authors. .SH "SEE ALSO" .BR myproxy-change-pass-phrase (1), .BR myproxy-get-trustroots (1), .BR myproxy-info (1), .BR myproxy-init (1), .BR myproxy-logon (1), .BR myproxy-retrieve (1), .BR myproxy-store (1), .BR myproxy-server.config (5), .BR myproxy-admin-adduser (8), .BR myproxy-admin-change-pass (8), .BR myproxy-admin-load-credential (8), .BR myproxy-admin-query (8), .BR myproxy-server (8) myproxy-6.2.16/LICENSE0000644000175100017510000000332214557142036011274 00000000000000Copyright 2000-2014 The Board of Trustees of the University of Illinois. All rights reserved. Developed by: MyProxy Team National Center for Supercomputing Applications University of Illinois http://grid.ncsa.illinois.edu/myproxy/ Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal with the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimers. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimers in the documentation and/or other materials provided with the distribution. Neither the names of the National Center for Supercomputing Applications, the University of Illinois, nor the names of its contributors may be used to endorse or promote products derived from this Software without specific prior written permission. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE CONTRIBUTORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS WITH THE SOFTWARE. myproxy-6.2.16/etc.init.d.myproxy0000755000175100017510000000637314557142036013713 00000000000000#!/bin/sh # # SysV-style boot script for MyProxy # # chkconfig: 345 99 06 # description: MyProxy online credential repository # Set GLOBUS_LOCATION as appropriate for your installation. GLOBUS_LOCATION="" export GLOBUS_LOCATION if [ -z $GLOBUS_LOCATION ]; then echo "GLOBUS_LOCATION is not set." echo "Please edit $0 to set GLOBUS_LOCATION." exit 1 fi if [ -e ${GLOBUS_LOCATION}/share/globus/globus-script-initializer ]; then . ${GLOBUS_LOCATION}/share/globus/globus-script-initializer elif [ -e ${GLOBUS_LOCATION}/libexec/globus-script-initializer ]; then . ${GLOBUS_LOCATION}/libexec/globus-script-initializer else echo "globus-script-initializer not found in" echo "${GLOBUS_LOCATION}/share/globus or" echo "${GLOBUS_LOCATION}/libexec." exit 1 fi . ${libexecdir}/globus-sh-tools.sh MYPROXY=${GLOBUS_LOCATION}/sbin/myproxy-server PID_FILE=${localstatedir}/myproxy.pid # Optional server configuration arguments follow. # Uncomment and modify to change default settings. #LISTEN="-l myserver.mydomain.com" #PORT="-p 7512" #CONFIG="-c ${GLOBUS_LOCATION}/etc/myproxy-server.config" #STORE="-s ${GLOBUS_LOCATION}/var/lib/myproxy" #VERBOSE="-verbose" # By default, the myproxy-server uses /etc/grid-security/hostcert.pem # and /etc/grid-security/hostkey.pem. Uncomment and modify the # following lines to configure the myproxy-server to find its # certificate and key in alternate locations. #X509_USER_CERT="/usr/local/etc/myproxycert.pem" #X509_USER_KEY="/usr/local/etc/myproxykey.pem" #export X509_USER_CERT X509_USER_KEY do_start() { if [ ! -x $MYPROXY ]; then echo "$MYPROXY is not executable. Skipping MyProxy startup." exit 1 fi if [ ! -d $localstatedir ]; then mkdir -p $localstatedir fi echo -n "Starting up MyProxy server... " $MYPROXY $LISTEN $PORT $CONFIG $STORE $VERBOSE -P $PID_FILE if [ $? -eq 0 ]; then echo "done." else echo "Failed to start MyProxy server!" exit 1 fi } do_stop() { echo -n "Stopping the MyProxy server... " pid=`cat $PID_FILE` kill -TERM $pid rm -f $PID_FILE echo "done." } do_reconfig() { echo -n "Reconfiguring the MyProxy server... " pid=`cat $PID_FILE` kill -HUP $pid echo "done." } case "$1" in start) if [ ! -f $PID_FILE ]; then do_start else pid=`cat $PID_FILE` psout=`ps -A | grep $pid | grep -v grep | awk "{if (\\\$1 == $pid) print}"` if [ "x$psout" = "x" ]; then echo "Found stale myproxy-server pid file... removing it." rm -f $PID_FILE do_start else echo "MyProxy server is already running!" fi fi ;; stop) if [ -f $PID_FILE ] ; then do_stop else echo "The server's pid file does not exist! Are you sure the server is running?" fi ;; reconfig) if [ -f $PID_FILE ] ; then do_reconfig else echo "The server's pid file does not exist! Are you sure the server is running?" fi ;; restart) $0 stop $0 start ;; *) echo "Usage: $0 (start|stop|restart)" exit 1 esac exit 0 myproxy-6.2.16/README.Fedora0000644000175100017510000000036614557142036012353 00000000000000You must install host certificates for myproxy-server. These should be located at /etc/grid-security/myproxy/hostcert.pem , permissions 644 /etc/grid-security/myproxy/hostkey.pem , permission 600 and owned by user/group myproxy/myproxy. myproxy-6.2.16/REPOSITORY0000644000175100017510000000226214557142036011733 00000000000000Credential Data File Format =========================== Every credential stored on the myproxy server has a credential file (with .creds extension) and a data file (with .data extension). The credential file stores the proxy while the data file stores other information about the credential. The credential filename has the format .creds or -.creds and the data filename has the format .data or -.data where, if contains '/', then it's the MD5 digest of the username instead, and '/' characters in are replaced with '-' characters. Unfortunately, may contain '-' making it ambiguous as to where ends and starts, so USERNAME and NAME in the data file must be used to disambiguate. The format of a data file is as follows : OWNER= LIFETIME= The data file may also contain the following optional fields : PASSPHRASE= NAME= DESCRIPTION= RETRIEVERS= RENEWERS= USERNAME= Every data file ends with END_OPTIONS field that marks the end of the data file. myproxy-6.2.16/verror.h0000644000175100017510000000335114557142036011761 00000000000000/* * verror.h * * Simple error-handling interface for MyProxy API. * Won't work with multi-threaded. */ #ifndef __VERROR_H #define __VERROR_H /* * verror_prepend_string() * * Prepend a string to the current error string. Accepts the * same arguments as sprintf(). */ void verror_prepend_string(const char *format, ...); /* * verror_put_string() * * Add a string to the current error. Accepts the same argumnets * as sprintf(). */ void verror_put_string(const char *format, ...); /* * verror_put_errno() * * Associate an error number with the current error. */ void verror_put_errno(int error_number); /* * verror_put_value() * * Associate an arbitrary numeric value with the current error. */ void verror_put_value(int value); /* * verror_is_error() * * Is there an error currently set? Returns 1 if set, 0 otherwise. */ int verror_is_error(); /* * verror_get_string() * * Return the string associated with the current error context. */ char *verror_get_string(); /* * verror_get_errno() * * Return the error number associated with the current error. */ int verror_get_errno(); /* * verror_strerror() * * Return a pointer to the error string associated with the current * error number or a empty string if no error number is currently * set. The string is statically allocated and should not be modified. */ char *verror_strerror(); /* * verror_get_value() * * Return the numeric value associated with the current error. */ int verror_get_value(); /* * verror_clear() * * Clear the current error state. */ void verror_clear(); /* * verror_print_error() * * A helper function to print both the error string and the error * number string. */ void verror_print_error(FILE *stream); #endif /* __VERROR_H */ myproxy-6.2.16/vparse.h0000644000175100017510000000223514557142036011742 00000000000000/* * vparse.h * * Routines for parsing a configuration file. A beefed up strtok(). */ #ifndef __VPARSE_H #define __VPARSE_H #include struct vparse_options { char *whitespace_chars; char *quoting_chars; char *escaping_chars; char *comment_chars; }; /* * Defaults for above */ #define VPARSE_DEFAULT_WHITESPACE_CHARS " \t\n" #define VPARSE_DEFAULT_QUOTING_CHARS "\"" #define VPARSE_DEFAULT_ESCAPING_CHARS "\\" #define VPARSE_DEFAULT_COMMENT_CHARS "#" /* * vparse_stream() * * Parse the given stream using the given options and line parsing function. * options may be NULL indicating that defaults should be used. * The line parsing function will be called with the given argument * (line_parse_arg), the current line number, and a array of strings * holding all the tokens on the line. The function should return -1 * if it wishes parsing to discontinue, 0 otherwise. * * Return -1 on a read error, 0 otherwise. */ int vparse_stream(FILE *stream, const struct vparse_options *options, int (*line_parse)(void *arg, int line_number, const char **tokens), void *line_parse_arg); #endif /* !__VPARSE_H */ myproxy-6.2.16/myproxy_ocsp.c0000644000175100017510000003104014557142036013204 00000000000000/* * Copyright 2003, John Viega and Matt Messier * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are * met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the names of the authors nor the names of the * contributors may be used to endorse or promote products derived from * this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * * Modified from the Secure Programming Cookbook for C and C++ by John * Viega and Matt Messier (http://www.secureprogramming.com/). */ #include "myproxy_common.h" #include "myproxy_ocsp.h" #include "myproxy_ocsp_aia.h" #if defined(HAVE_OCSP) #include #include #include #include #include #endif typedef enum { MYPROXY_OCSPRESULT_ERROR_NOTCONFIGURED = -14, MYPROXY_OCSPRESULT_ERROR_NOAIAOCSPURI = -13, MYPROXY_OCSPRESULT_ERROR_INVALIDRESPONSE = -12, MYPROXY_OCSPRESULT_ERROR_CONNECTFAILURE = -11, MYPROXY_OCSPRESULT_ERROR_SIGNFAILURE = -10, MYPROXY_OCSPRESULT_ERROR_BADOCSPADDRESS = -9, MYPROXY_OCSPRESULT_ERROR_OUTOFMEMORY = -8, MYPROXY_OCSPRESULT_ERROR_UNKNOWN = -7, MYPROXY_OCSPRESULT_ERROR_UNAUTHORIZED = -6, MYPROXY_OCSPRESULT_ERROR_SIGREQUIRED = -5, MYPROXY_OCSPRESULT_ERROR_TRYLATER = -3, MYPROXY_OCSPRESULT_ERROR_INTERNALERROR = -2, MYPROXY_OCSPRESULT_ERROR_MALFORMEDREQUEST = -1, MYPROXY_OCSPRESULT_CERTIFICATE_VALID = 0, MYPROXY_OCSPRESULT_CERTIFICATE_REVOKED = 1 } myproxy_ocspresult_t; static char *responder_url = NULL; static STACK_OF(X509) *responder_cert = NULL; static char *policy = NULL; static X509 *sign_cert = NULL; static EVP_PKEY *sign_key = NULL; static long skew = MYPROXY_DEFAULT_CLOCK_SKEW; static long maxage = -1; static int usenonce = 0; int myproxy_ocsp_set_responder(const char *newurl) { if (responder_url) free(responder_url); responder_url = strdup(newurl); return 0; } int myproxy_ocsp_set_responder_cert(const char *path) { BIO * in = NULL; X509 * x = NULL; int count; int rval = -1; sk_X509_pop_free(responder_cert, X509_free); responder_cert = NULL; in = BIO_new(BIO_s_file()); if (in == NULL || BIO_read_filename(in, path) <= 0) { verror_put_string("error reading %s", path); goto exit; } responder_cert = sk_X509_new_null(); if (!responder_cert) { verror_put_string("sk_X509_new_null() failed in " "myproxy_ocsp_set_responder_cert()"); goto exit; } for (count = 0; ; count++) { x = PEM_read_bio_X509(in, NULL, NULL, NULL); if (x == NULL) { if ((ERR_GET_REASON(ERR_peek_error()) == PEM_R_NO_START_LINE) && (count > 0)) { ERR_clear_error(); break; } else { verror_put_string("error reading %s", path); goto exit; } } sk_X509_insert(responder_cert,x,sk_X509_num(responder_cert)); x = NULL; } rval = 0; /* success */ exit: if (in) BIO_free_all(in); if (x) X509_free(x); return rval; } int myproxy_ocsp_set_policy(const char *newpolicy) { if (policy) free(policy); policy = strdup(newpolicy); return 0; } int myproxy_ocsp_set_signer(X509 *new_sign_cert, EVP_PKEY *new_sign_key) { sign_cert = new_sign_cert; sign_key = new_sign_key; return 0; } int myproxy_ocsp_set_times(long newskew, long newmaxage) { skew = newskew; maxage = newmaxage; return 0; } int myproxy_ocsp_use_nonce(int newusenonce) { usenonce = newusenonce; return 0; } #if !defined(HAVE_OCSP) int myproxy_ocsp_verify(X509 *cert, X509 *issuer) { return MYPROXY_OCSPRESULT_ERROR_NOTCONFIGURED; } #else static int verify_cert_hostname(X509 *cert, char *hostname) { int extcount, i, j, ok = 0; char name[256]; X509_NAME *subj; const char *extstr; CONF_VALUE *nval; const unsigned char *data; X509_EXTENSION *ext; X509V3_EXT_METHOD *meth; STACK_OF(CONF_VALUE) *val; if ((extcount = X509_get_ext_count(cert)) > 0) { for (i = 0; !ok && i < extcount; i++) { ext = X509_get_ext(cert, i); extstr = OBJ_nid2sn(OBJ_obj2nid(X509_EXTENSION_get_object(ext))); if (!strcasecmp(extstr, "subjectAltName")) { if (!(meth = (X509V3_EXT_METHOD *)X509V3_EXT_get(ext))) break; data = X509_EXTENSION_get_data(ext)->data; val = meth->i2v(meth, meth->d2i(0, &data, X509_EXTENSION_get_data(ext)->length), 0); for (j = 0; j < sk_CONF_VALUE_num(val); j++) { nval = sk_CONF_VALUE_value(val, j); if (!strcasecmp(nval->name, "DNS") && !strcasecmp(nval->value, hostname)) { ok = 1; break; } } } } } if (!ok && (subj = X509_get_subject_name(cert)) && X509_NAME_get_text_by_NID(subj, NID_commonName, name, sizeof(name)) > 0) { name[sizeof(name) - 1] = '\0'; if (!strcasecmp(name, hostname)) ok = 1; } return ok; } static BIO * my_connect_ssl(char *host, int port, SSL_CTX **ctx) { BIO *conn = 0; if (!(conn = BIO_new_ssl_connect(*ctx))) goto error_exit; BIO_set_conn_hostname(conn, host); char chport[6]; snprintf(chport, sizeof(chport), "%d", port); BIO_set_conn_port(conn, chport); if (BIO_do_connect(conn) <= 0) goto error_exit; return conn; error_exit: if (conn) BIO_free_all(conn); return 0; } static BIO * my_connect(char *host, int port, int ssl, SSL_CTX **ctx) { BIO *conn; SSL *ssl_ptr; if (ssl) { if (!(conn = my_connect_ssl(host, port, ctx))) goto error_exit; BIO_get_ssl(conn, &ssl_ptr); if (!verify_cert_hostname(SSL_get_peer_certificate(ssl_ptr), host)) goto error_exit; if (SSL_get_verify_result(ssl_ptr) != X509_V_OK) goto error_exit; return conn; } if (!(conn = BIO_new_connect(host))) goto error_exit; char chport[6]; snprintf(chport, sizeof(chport), "%d", port); BIO_set_conn_port(conn, chport); if (BIO_do_connect(conn) <= 0) goto error_exit; return conn; error_exit: if (conn) BIO_free_all(conn); return 0; } int myproxy_ocsp_verify(X509 *cert, X509 *issuer) { BIO *bio = 0; int rc, reason, ssl, status; char *host = 0, *path = 0, *port = 0, *certdir = 0; char *aiaocspurl = 0, *chosenurl = 0; SSL_CTX *ctx = 0; X509_LOOKUP *lookup = NULL; X509_STORE *store = 0; OCSP_CERTID *id; OCSP_REQUEST *req = 0; OCSP_RESPONSE *resp = 0; OCSP_BASICRESP *basic = 0; myproxy_ocspresult_t result; ASN1_GENERALIZEDTIME *producedAt, *thisUpdate, *nextUpdate; globus_result_t res; if (!policy && !responder_url) { result = MYPROXY_OCSPRESULT_ERROR_NOTCONFIGURED; goto end; } result = MYPROXY_OCSPRESULT_ERROR_UNKNOWN; if (policy && strstr(policy, "aia")) { aiaocspurl = myproxy_get_aia_ocsp_uri(cert); } if (!responder_url && !aiaocspurl) { result = MYPROXY_OCSPRESULT_ERROR_NOTCONFIGURED; goto end; } chosenurl = aiaocspurl ? aiaocspurl : responder_url; if (!OCSP_parse_url(chosenurl, &host, &port, &path, &ssl)) { host = port = path = 0; /* may return bad ptrs on failure */ result = MYPROXY_OCSPRESULT_ERROR_BADOCSPADDRESS; goto end; } myproxy_log("querying OCSP responder at %s", chosenurl); if (!(req = OCSP_REQUEST_new())) { result = MYPROXY_OCSPRESULT_ERROR_OUTOFMEMORY; goto end; } id = OCSP_cert_to_id(0, cert, issuer); if (!id || !OCSP_request_add0_id(req, id)) goto end; if (usenonce) OCSP_request_add1_nonce(req, 0, -1); /* sign the request */ if (sign_cert && sign_key && !OCSP_request_sign(req, sign_cert, sign_key, EVP_sha256(), 0, 0)) { result = MYPROXY_OCSPRESULT_ERROR_SIGNFAILURE; goto end; } /* setup GSI context */ store=X509_STORE_new(); lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir()); if (lookup == NULL) { result = MYPROXY_OCSPRESULT_ERROR_OUTOFMEMORY; goto end; } res = GLOBUS_GSI_SYSCONFIG_GET_CERT_DIR(&certdir); if (res != GLOBUS_SUCCESS) { verror_put_string("failed to find GSI CA cert directory"); globus_error_to_verror(res); goto end; } X509_LOOKUP_add_dir(lookup, certdir, X509_FILETYPE_PEM); #if (OPENSSL_VERSION_NUMBER >= 0x10100000L) ctx = SSL_CTX_new(TLS_client_method()); #else ctx = SSL_CTX_new(SSLv23_client_method()); #endif if (ctx == NULL) { result = MYPROXY_OCSPRESULT_ERROR_OUTOFMEMORY; goto end; } #if (OPENSSL_VERSION_NUMBER >= 0x10100000L) SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION); #else SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3); #endif SSL_CTX_set_cert_store(ctx, store); SSL_CTX_set_verify(ctx,SSL_VERIFY_PEER,NULL); /* establish a connection to the OCSP responder */ if (!(bio = my_connect(host, atoi(port), ssl, &ctx))) { result = MYPROXY_OCSPRESULT_ERROR_CONNECTFAILURE; goto end; } /* send the request and get a response */ resp = OCSP_sendreq_bio(bio, path, req); if ((rc = OCSP_response_status(resp)) != OCSP_RESPONSE_STATUS_SUCCESSFUL) { switch (rc) { case OCSP_RESPONSE_STATUS_MALFORMEDREQUEST: result = MYPROXY_OCSPRESULT_ERROR_MALFORMEDREQUEST; break; case OCSP_RESPONSE_STATUS_INTERNALERROR: result = MYPROXY_OCSPRESULT_ERROR_INTERNALERROR; break; case OCSP_RESPONSE_STATUS_TRYLATER: result = MYPROXY_OCSPRESULT_ERROR_TRYLATER; break; case OCSP_RESPONSE_STATUS_SIGREQUIRED: result = MYPROXY_OCSPRESULT_ERROR_SIGREQUIRED; break; case OCSP_RESPONSE_STATUS_UNAUTHORIZED: result = MYPROXY_OCSPRESULT_ERROR_UNAUTHORIZED; break; } goto end; } /* verify the response */ result = MYPROXY_OCSPRESULT_ERROR_INVALIDRESPONSE; if (!(basic = OCSP_response_get1_basic(resp))) goto end; if (usenonce && OCSP_check_nonce(req, basic) <= 0) goto end; if (!responder_cert || (rc = OCSP_basic_verify(basic, responder_cert, store, OCSP_TRUSTOTHER)) <= 0) if ((rc = OCSP_basic_verify(basic, NULL, store, 0)) <= 0) goto end; if (!OCSP_resp_find_status(basic, id, &status, &reason, &producedAt, &thisUpdate, &nextUpdate)) goto end; if (!OCSP_check_validity(thisUpdate, nextUpdate, skew, maxage)) goto end; /* All done. Set the return code based on the status from the response. */ if (status == V_OCSP_CERTSTATUS_REVOKED) { result = MYPROXY_OCSPRESULT_CERTIFICATE_REVOKED; myproxy_log("OCSP status revoked!"); } else { result = MYPROXY_OCSPRESULT_CERTIFICATE_VALID; myproxy_log("OCSP status valid"); } end: if (result < 0 && result != MYPROXY_OCSPRESULT_ERROR_NOTCONFIGURED) { ssl_error_to_verror(); myproxy_log("OCSP check failed"); myproxy_log_verror(); } if (bio) BIO_free_all(bio); if (host) OPENSSL_free(host); if (port) OPENSSL_free(port); if (path) OPENSSL_free(path); if (req) OCSP_REQUEST_free(req); if (resp) OCSP_RESPONSE_free(resp); if (basic) OCSP_BASICRESP_free(basic); if (ctx) SSL_CTX_free(ctx); /* this does X509_STORE_free(store) */ if (certdir) free(certdir); if (aiaocspurl) free(aiaocspurl); return result; } #endif myproxy-6.2.16/myproxy_extensions.h0000644000175100017510000000241114557142036014444 00000000000000/* * myproxy_extensions.h - set extensions in issued proxy certificates */ #ifndef __MYPROXY_EXTENSIONS_H #define __MYPROXY_EXTENSIONS_H /* We need a simple way to define a set of extensions for proxy * certificates using the myproxy-server context, and then add them * when we actually sign the proxy certificates. Since the proxy * certificate signing happens in a low-level API, and we don't want * to change the APIs to push the extensions down to this level, we * stash them here, relying on the fact that the myproxy-server is * multi-process and not multi-threaded, so we're only dealing with * one proxy certificate request in the lifetime of the active * process. It's not pretty and NOT THREAD SAFE but it minimizes * disruptions to the MyProxy APIs. */ /* The following all return 0 on success, -1 on error (setting verror). */ int myproxy_set_extensions_from_file(const char filename[]); int myproxy_set_extensions_from_callout(const char path[], const char username[], const char location[]); int myproxy_add_extension(X509_EXTENSION *extension); int myproxy_get_extensions(STACK_OF(X509_EXTENSION) **extensions); int myproxy_free_extensions(); /* Call this to cleanup! */ #endif myproxy-6.2.16/myproxy_protocol.h0000644000175100017510000002430214557142036014111 00000000000000/* * * MyProxy protocol API * */ #ifndef __MYPROXY_PROTOCOL_H #define __MYPROXY_PROTOCOL_H /* Protocol commands */ typedef enum { MYPROXY_GET_PROXY, MYPROXY_PUT_PROXY, MYPROXY_INFO_PROXY, MYPROXY_DESTROY_PROXY, MYPROXY_CHANGE_CRED_PASSPHRASE, MYPROXY_STORE_CERT, MYPROXY_RETRIEVE_CERT, MYPROXY_GET_TRUSTROOTS } myproxy_proto_request_type_t; /* server response codes */ typedef enum { MYPROXY_OK_RESPONSE, MYPROXY_ERROR_RESPONSE, MYPROXY_AUTHORIZATION_RESPONSE } myproxy_proto_response_type_t; /* client/server socket attributes */ typedef struct myproxy_socket_attrs_s { char *pshost; int psport; int socket_fd; struct _gsi_socket *gsi_socket; } myproxy_socket_attrs_t; /* A client request object */ #define REGULAR_EXP 1 #define MATCH_CN_ONLY 0 typedef struct { char *version; char *username; char passphrase[MAX_PASS_LEN+1]; char new_passphrase[MAX_PASS_LEN+1]; myproxy_proto_request_type_t command_type; int proxy_lifetime; char *retrievers; char *renewers; char *credname; char *creddesc; char *authzcreds; char *keyretrieve; char *trusted_retrievers; int want_trusted_certs; /* 1=yes, 0=no */ char *voname; char *vomses; char *certreq; } myproxy_request_t; /* A server response object */ typedef struct { char *version; myproxy_proto_response_type_t response_type; authorization_data_t **authorization_data; char *error_string; myproxy_creds_t *info_creds; myproxy_certs_t *trusted_certs; } myproxy_response_t; /* * myproxy_init_client() * * Create a generic client by creating a GSI socket and connecting to a a host * * returns the file descriptor of the connected socket or * -1 if an error occurred */ int myproxy_init_client(myproxy_socket_attrs_t *attrs); /* * myproxy_authenticate_init() * * Perform client-side authentication * * returns -1 if unable to authenticate, 0 if authentication successful */ int myproxy_authenticate_init(myproxy_socket_attrs_t *attr, const char *proxyfile); /* * myproxy_authenticate_accept() * * Perform server-side authentication and retrieve the client's DN * * returns -1 if unable to authenticate, 0 if authentication successful */ int myproxy_authenticate_accept(myproxy_socket_attrs_t *attr, char *client_name, const int namelen); /* * myproxy_authenticate_accept_fqans() * * The same as myproxy_authenticate_accept() but also returns a list of FQANs * if suggested by the peer. * */ int myproxy_authenticate_accept_fqans(myproxy_socket_attrs_t *attr, char *client_name, const int namelen, char ***fqans); /* * myproxy_serialize_request() * * Serialize a request object into a buffer to be sent over the network. * Use myproxy_serialize_request_ex() instead. * * Returns the serialized data length or -1 on error. */ int myproxy_serialize_request(const myproxy_request_t *request, char *data, const int datalen); /* * myproxy_serialize_request_ex() * * Serialize a request object into a newly allocated buffer of correct size. * The caller should free() the buffer after use. * * Returns the serialized data length or -1 on error. */ int myproxy_serialize_request_ex(const myproxy_request_t *request, char **data); /* * myproxy_deserialize_request() * * Deserialize a buffer into a request object. * * returns 0 if succesful, otherwise -1 */ int myproxy_deserialize_request(const char *data, const int datalen, myproxy_request_t *request); /* * myproxy_serialize_response() * * Serialize a response object into a buffer to be sent over the network. * Use myproxy_serialize_response_ex() instead. * * returns the number of characters put into the buffer * (not including the trailing NULL) */ int myproxy_serialize_response(const myproxy_response_t *response, char *data, const int datalen); /* * myproxy_serialize_response_ex() * * Serialize a response object into a newly allocated buffer of correct size. * The caller should free() the buffer after use. * * returns the number of characters put into the buffer * (not including the trailing NULL) */ int myproxy_serialize_response_ex(const myproxy_response_t *response, char **data); /* * myproxy_deserialize_response() * * Serialize a a buffer into a response object. * * returns the number of characters put into the buffer * (not including the trailing NULL) */ int myproxy_deserialize_response(myproxy_response_t *response, const char *data, const int datalen); /* * myproxy_send() * * Sends a buffer * * returns 0 on success, -1 on error */ int myproxy_send(myproxy_socket_attrs_t *attrs, const char *data, const int datalen); /* * myproxy_recv() * * Receives a message into the buffer. * Use myproxy_recv_ex() instead. * * returns bytes read on success, -1 on error, -2 on truncated response * */ int myproxy_recv(myproxy_socket_attrs_t *attrs, char *data, const int datalen); /* * myproxy_recv_ex() * * Receives a message into a newly allocated buffer of correct size. * The caller must deallocate the buffer. * * returns bytes read on success, -1 on error * */ int myproxy_recv_ex(myproxy_socket_attrs_t *attrs, char **data); /* * myproxy_init_delegation() * * Delegates a proxy based on the credentials found in file * location delegfile good for lifetime_seconds * * returns 0 on success, -1 on error */ int myproxy_init_delegation(myproxy_socket_attrs_t *attrs, const char *delegfile, const int lifetime_seconds, char *passphrase); /* * myproxy_accept_delegation() * * Accepts delegated credentials into a file, and sets * path in provided buffer. * * returns 0 on success, -1 on error */ int myproxy_accept_delegation(myproxy_socket_attrs_t *attrs, char *delegfile, const int delegfile_len, char *passphrase); /* * myproxy_accept_delegation_ex() * * Accepts delegated credentials into a newly allocated buffer. * The caller must deallocate the buffer. * Private key is encrypted with passphrase, if provided (may be NULL). * * returns 0 on success, -1 on error */ int myproxy_accept_delegation_ex(myproxy_socket_attrs_t *attrs, char **credentials, int *credential_len, char *passphrase); /* * myproxy_request_cert() * * An alternative to myproxy_accept_delegation_ex() that takes the * location of a file containing a PEM-formatted certificate request * (certreq) as input. * Accepts delegated credentials into a newly allocated buffer. * The caller must deallocate the buffer. * * return 0 on success, -1 on error */ int myproxy_request_cert(myproxy_socket_attrs_t *attrs, char *certreq, char **credentials, int *credential_len); /* * myproxy_accept_credentials() * * Accepts credentials into file location data * * returns 0 on success, -1 on error */ int myproxy_accept_credentials(myproxy_socket_attrs_t *attrs, char *delegfile, int delegfile_len); /* * myproxy_init_credentials() * * returns 0 on success, -1 on error */ int myproxy_init_credentials(myproxy_socket_attrs_t *attrs, const char *delegfile); int myproxy_get_credentials(myproxy_socket_attrs_t *attrs, const char *delegfile); /* * myproxy_free() * * Frees up memory used for creating request, response and socket objects */ void myproxy_free(myproxy_socket_attrs_t *attrs, myproxy_request_t *request, myproxy_response_t *response); /* * myproxy_recv_response() * * Helper function that combines myproxy_recv() and * myproxy_deserialize_response() with some error checking. * */ int myproxy_recv_response(myproxy_socket_attrs_t *attrs, myproxy_response_t *response); /* * myproxy_handle_response() * * Helper function that combines * myproxy_deserialize_response() with some error checking. * */ int myproxy_handle_response(const char *response_buffer, int responselen, myproxy_response_t *response); /* * myproxy_recv_response_ex() * * Helper function that combines myproxy_recv(), * myproxy_deserialize_response(), and myproxy_handle_authorization() * with some error checking. * */ int myproxy_recv_response_ex(myproxy_socket_attrs_t *attrs, myproxy_response_t *response, myproxy_request_t *client_request); /* * myproxy_handle_authorization() * * If MYPROXY_AUTHORIZATION_RESPONSE is received, pass it to this * function to be processed. * */ int myproxy_handle_authorization(myproxy_socket_attrs_t *attrs, myproxy_response_t *server_response, myproxy_request_t *client_request); /* * myproxy_bootstrap_trust() * * Get server's CA certificate(s) via the SSL handshake and install * them in the trusted certificates directory. * */ int myproxy_bootstrap_trust(myproxy_socket_attrs_t *attrs); /* * myproxy_bootstrap_client() * * Connect to server and authenticate. * Bootstrap trust roots as needed/requested. * Allows anonymous authentication. * Called by myproxy-logon and myproxy-get-trustroots. * */ int myproxy_bootstrap_client(myproxy_socket_attrs_t *attrs, int bootstrap_if_no_cert_dir, int bootstrap_even_if_cert_dir_exists); /* * myproxy_request_add_voname() * * Adds VONAME parameter to client request. * returns 0 if succesful, otherwise -1 * */ int myproxy_request_add_voname(myproxy_request_t *client_request, const char *voname); /* * myproxy_request_add_vomses() * * Adds VOMSES parameter to client request. * returns 0 if succesful, otherwise -1 * */ int myproxy_request_add_vomses(myproxy_request_t *client_request, const char *vomses); #endif /* __MYPROXY_PROTOCOL_H */ myproxy-6.2.16/myproxy_sasl_client.c0000644000175100017510000002466714557142036014561 00000000000000#if defined(HAVE_LIBSASL2) #include "myproxy_common.h" /* all needed headers included here */ static sasl_conn_t *conn = NULL; static char *prompt = NULL; static int send_response_sasl_data(myproxy_socket_attrs_t *attrs, myproxy_response_t* server_response, const char *data, int data_len) { char client_buffer[SASL_BUFFER_SIZE], buf[SASL_BUFFER_SIZE]; int bufferlen, result; unsigned len; authorization_data_t* auth_data; result = sasl_encode64(data, data_len, buf, SASL_BUFFER_SIZE, &len); assert(len < SASL_BUFFER_SIZE); buf[len] = '\0'; if (result != SASL_OK) { verror_put_string( "Encoding data in base64 failed in send_response_sasl_data"); return -1; } auth_data = authorization_create_response( server_response->authorization_data, AUTHORIZETYPE_SASL, buf, len); if (auth_data == NULL) { verror_put_string( "Cannot create authorization response in send_response_sasl_data"); return -1; } if (auth_data->client_data_len + sizeof(int) > sizeof(client_buffer)) { verror_put_string("Internal buffer too small send_response_sasl_data"); return -1; } (*client_buffer) = AUTHORIZETYPE_SASL; bufferlen = auth_data->client_data_len + sizeof(int); memcpy(client_buffer + sizeof(int), auth_data->client_data, auth_data->client_data_len); if (myproxy_send(attrs, client_buffer, bufferlen) < 0) return -1; return 0; } static int recv_response_sasl_data(myproxy_socket_attrs_t *attrs, myproxy_response_t* server_response, char *data) { char *response_data; int result; unsigned len; authorization_data_t* auth_data; if (myproxy_recv_response(attrs, server_response) < 0) return -1; auth_data = authorization_create_response( server_response->authorization_data, AUTHORIZETYPE_SASL, NULL, 0); response_data = auth_data->server_data; result = sasl_decode64(response_data, strlen(response_data), data, SASL_BUFFER_SIZE, &len); if (result != SASL_OK) { verror_put_string("Decoding data from base64 failed.\n"); verror_put_errno(errno); return -1; } data[len] = '\0'; return len; } static int sasl_string_callback(void *context, int id, const char **result, unsigned *len) { const char *value = (const char *)context; if (! result) return SASL_BADPARAM; *result = value; if (len) *len = value ? strlen(value) : 0; return SASL_OK; } static int sasl_secret_callback(sasl_conn_t *conn, void *context __attribute__((unused)), int id, sasl_secret_t **psecret) { char password[MAX_PASS_LEN]; size_t len; if (! conn || ! psecret || id != SASL_CB_PASS) return SASL_BADPARAM; if (!prompt) prompt = strdup("Password: "); if (myproxy_read_passphrase(password, MAX_PASS_LEN, prompt) < 0){ return SASL_FAIL; } len = strlen(password); *psecret = (sasl_secret_t *) malloc(sizeof(sasl_secret_t) + len); if (! *psecret) { memset(password, 0, len); return SASL_NOMEM; } (*psecret)->len = len; strcpy((char *)(*psecret)->data, password); memset(password, 0, len); return SASL_OK; } static int sasl_prompt_callback(void *context __attribute__((unused)), int id, const char *challenge, const char *prompt, const char *defresult, const char **result, unsigned *len) { char input[MAX_PASS_LEN]; if ((id != SASL_CB_ECHOPROMPT && id != SASL_CB_NOECHOPROMPT) || !prompt || !result || !len) return SASL_BADPARAM; if (! defresult) defresult = ""; fputs(prompt, stdout); if (challenge) printf(" [challenge: %s]", challenge); printf(" [%s]: ", defresult); fflush(stdout); if (id == SASL_CB_NOECHOPROMPT) { if (myproxy_read_passphrase(input, MAX_PASS_LEN, "") < 0) { return SASL_FAIL; } } else { fgets(input, 1024, stdin); } if (input[0]) *result = strdup(input); else *result = strdup(defresult); memset(input, 0L, strlen(input)); if (! *result) return SASL_NOMEM; *len = strlen(*result); return SASL_OK; } int auth_sasl_negotiate_client(myproxy_socket_attrs_t *attrs, myproxy_request_t *client_request) { char server_buffer[SASL_BUFFER_SIZE]; const char *data; int server_len; unsigned len; myproxy_response_t server_response = {0}; sasl_callback_t callbacks[] = { { SASL_CB_USER, (int(*)(void)) (&sasl_string_callback), client_request->username }, { SASL_CB_AUTHNAME, (int(*)(void)) (&sasl_string_callback), client_request->username }, { SASL_CB_PASS, (int(*)(void)) (&sasl_secret_callback), NULL }, { SASL_CB_ECHOPROMPT, (int(*)(void)) (&sasl_prompt_callback), NULL }, { SASL_CB_NOECHOPROMPT, (int(*)(void)) (&sasl_prompt_callback), NULL }, { SASL_CB_LIST_END, NULL, NULL } }; int result; sasl_security_properties_t secprops; const char *chosenmech; char *service = "myproxy", *iplocal = NULL, *ipremote = NULL; char *fqdn = NULL; myproxy_debug("client: begin SASL negotiation..."); if (getenv("SASL_PATH")) { myproxy_debug("$SASL_PATH is %s", getenv("SASL_PATH")); } else { myproxy_debug("$SASL_PATH isn't set. Using /usr/lib/sasl2."); } fqdn = GSI_SOCKET_get_peer_hostname(attrs->gsi_socket); memset(server_buffer, 0, sizeof(*server_buffer)); if (prompt) free(prompt); prompt = malloc(strlen(client_request->username)+strlen(fqdn)+15); if (!prompt) { verror_put_string("malloc() failed in auth_sasl_negotiate_client"); result = SASL_FAIL; goto error; } sprintf(prompt, "%s@%s's password: ", client_request->username, fqdn); result = sasl_client_init(callbacks); if (result != SASL_OK) { verror_put_string("Allocating sasl connection state failed"); result = SASL_FAIL; goto error; } myproxy_debug("SASL service: %s/%s", service, fqdn); result = sasl_client_new(service, fqdn, iplocal, ipremote, NULL, 0, &conn); if (result != SASL_OK) { verror_put_string("Allocating sasl connection state failed"); result = SASL_FAIL; goto error; } /* don't need integrity or privacy, since we're over SSL already. in fact, let's disable them to avoid the overhead. */ memset(&secprops, 0L, sizeof(secprops)); result = sasl_setprop(conn, SASL_SEC_PROPS, &secprops); if (result != SASL_OK) { verror_put_string("Setting security properties failed"); result = SASL_FAIL; goto error; } server_len = recv_response_sasl_data(attrs, &server_response, server_buffer); if (server_len < 0) { verror_put_string("SASL negotiation failed"); result = SASL_FAIL; goto error; } myproxy_debug("Server sent SASL mechs %s.", server_buffer); result = sasl_client_start(conn, server_buffer, NULL, &data, &len, &chosenmech); if (result != SASL_OK && result != SASL_CONTINUE) { verror_put_string("SASL error: %s\n", sasl_errdetail(conn)); result = SASL_FAIL; goto error; } myproxy_debug("Using SASL mechanism %s", chosenmech); strcpy(server_buffer, chosenmech); if (data) { if (SASL_BUFFER_SIZE - strlen(server_buffer) - 1 < len) { verror_put_string("Not enough buffer space for SASL"); result = SASL_FAIL; goto error; } memcpy(server_buffer + strlen(server_buffer) + 1, data, len); len += strlen(server_buffer) + 1; data = NULL; } else { len = strlen(server_buffer); } if (send_response_sasl_data(attrs, &server_response, server_buffer, len) < 0) { result = SASL_FAIL; goto error; } authorization_data_free(server_response.authorization_data); server_response.authorization_data = NULL; while (result == SASL_CONTINUE) { server_len = recv_response_sasl_data(attrs, &server_response, server_buffer); if (server_len < 0) { result = SASL_FAIL; goto error; } result = sasl_client_step(conn, server_buffer, server_len, NULL, &data, &len); if (result != SASL_OK && result != SASL_CONTINUE) { verror_put_string("Performing SASL negotiation failed"); result = SASL_FAIL; goto error; } if (data && len) { if (send_response_sasl_data(attrs, &server_response, data, len) < 0) { result = SASL_FAIL; goto error; } } else /* if (result != SASL_OK) */ { if (send_response_sasl_data(attrs, &server_response, "", 0) < 0) { result = SASL_FAIL; goto error; } } authorization_data_free(server_response.authorization_data); server_response.authorization_data = NULL; } myproxy_debug("SASL negotiation finished."); error: if (fqdn) free(fqdn); if (server_response.authorization_data) { authorization_data_free(server_response.authorization_data); } if (server_response.version) { free(server_response.version); } if (conn) { sasl_dispose(&conn); conn = NULL; } sasl_done(); return result; } #endif /* defined(HAVE_LIBSASL2) */ myproxy-6.2.16/safe_id_range_list.c0000644000175100017510000005610714557142036014245 00000000000000/* * safefile package http://www.cs.wisc.edu/~kupsch/safefile * * Copyright 2007-2008 James A. Kupsch * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "safe_id_range_list.h" /*********************************************************************** * * Initialize global variables * ***********************************************************************/ const id_t safe_err_id = (id_t)-1; /*********************************************************************** * * Initialize global variables * ***********************************************************************/ typedef struct safe_id_range_list_elem { id_t min_value; id_t max_value; } safe_id_range_list_elem; /*********************************************************************** * * Functions for manipulating id range lists * ***********************************************************************/ /* * safe_init_id_range_list * Initialize an id_range_list structure. * parameters * list * pointer to an id range list * returns * 0 for success * -1 on failure (errno == ENOMEM or EINVAL) */ int safe_init_id_range_list(safe_id_range_list *list) { if (list == NULL) { errno = EINVAL; return -1; } list->count = 0; list->capacity = 10; list->list = (safe_id_range_list_elem*)malloc(list->capacity * sizeof(list->list[0])); if (list->list == 0) { errno = ENOMEM; return -1; } return 0; } /* * safe_add_id_range_to_list * Adds a range of ids (all the ids between min_id and max_id inclusive) * to the id_range_list. * parameters * list * pointer to an id range list * min_id * the minimum id of the range to add * max_id * the maximum id of the range to add * returns * 0 for success * -1 on failure (errno == ENOMEM or EINVAL) */ int safe_add_id_range_to_list(safe_id_range_list *list, id_t min_id, id_t max_id) { if (list == NULL || min_id > max_id) { errno = EINVAL; return -1; } if (list->count == list->capacity) { size_t new_capacity = 10 + 11 * list->capacity / 10; safe_id_range_list_elem *new_list = (safe_id_range_list_elem*)malloc(new_capacity * sizeof(new_list[0])); if (new_list == 0) { errno = ENOMEM; return -1; } memcpy(new_list, list->list, list->count * sizeof(new_list[0])); free(list->list); list->list = new_list; list->capacity = new_capacity; } list->list[list->count].min_value = min_id; list->list[list->count++].max_value = max_id; return 0; } /* * safe_add_id_to_list * Add the single id to the list. This is the same as calling * safe_add_id_range_to_list with min_id and max_id set to id. * parameters * list * pointer to an id range list * id * the id to add * returns * 0 for success * -1 on failure (errno == ENOMEM) */ int safe_add_id_to_list(safe_id_range_list *list, id_t id) { return safe_add_id_range_to_list(list, id, id); } /* * safe_destroy_id_range_list * Destroy a id_range_list, including any memory have acquired. * parameters * list * pointer to id range list structure to destroy * returns * nothing */ void safe_destroy_id_range_list(safe_id_range_list *list) { if (list == NULL) { errno = EINVAL; return; } list->capacity = 0; list->count = 0; free(list->list); list->list = 0; } /* * safe_is_id_in_list * Check if the id is in one of the id ranges in the id range list. * parameters * list * pointer to an id range list * id * the id to check * returns * 1 id is in the list * 0 id is not in the list * -1 the list is NULL */ int safe_is_id_in_list(safe_id_range_list *list, id_t id) { size_t i; if (list == NULL) { errno = EINVAL; return -1; } for (i = 0; i < list->count; ++i) { if (list->list[i].min_value <= id && id <= list->list[i].max_value) { return 1; } } return 0; } /* * safe_is_id_list_empty * Returns true if the id_range_list contains 0 ranges. * parameters * list * pointer to an id range list * returns * 1 id is in the list * 0 id is not in the list * -1 the list is NULL */ int safe_is_id_list_empty(safe_id_range_list *list) { if (list == NULL) { errno = EINVAL; return -1; } return (list->count == 0); } /*********************************************************************** * * Functions for parsing ids, id ranges and id lists of numbers, uids and gids * ***********************************************************************/ /* * skip_whitespace_const * Returns a pointer to the first non-whitespace character in the * const string s. * parameters * s * the string to skip whitespace * returns * location of first non-whitespace */ static const char *skip_whitespace_const(const char *s) { while (*s && isspace((unsigned char)*s)) { ++s; } return s; } /* * name_to_error * Always return the err id (-1) and set errno to EINVAL. * parameters * name * unused * returns * safe_err_id and errno = EINVAL */ static id_t name_to_error(const char *name) { (void)name; errno = EINVAL; return safe_err_id; } /* * name_to_uid * Return the uid matching the name if it exists. If the name does * not exist or there was an error in getpwnam, safe_err_id is * returned and errno is set to a non-0 value. If getpwnam fails * with errno unchanged, errno is set to EINVAL. * parameters * name * user name to lookup * returns * The uid corresponding to name if it exists. * safe_err_id if the name does not exist or an error occurs (errno is * set to the value from getpwnam or EINVAL if getpwnam does not set it). */ static id_t name_to_uid(const char *name) { struct passwd *pw = getpwnam(name); errno = 0; if (!pw) { if (errno == 0) { errno = EINVAL; } return safe_err_id; } return pw->pw_uid; } /* * name_to_gid * Return the uid matching the name if it exists. If the name does * not exist or there was an error in getgrnam, safe_err_id is * returned and errno is set to a non-0 value. If getgrnam fails * with errno unchanged, errno is set to EINVAL. * parameters * name * group name to lookup * returns * The uid corresponding to name if it exists. * safe_err_id if the name does not exist or an error occurs (errno is * set to the value from getgrnam or EINVAL if getgrnam does not set it). */ static id_t name_to_gid(const char *name) { struct group *gr = getgrnam(name); errno = 0; if (!gr) { if (errno == 0) { errno = EINVAL; } return safe_err_id; } return gr->gr_gid; } /* * strto_id * Return the id corresponding to the longest sequence of characters * that could form an unsigned integer or a name after skipping leading * whitespace. An unsigned integer begins with 0-9 and continues until a * non-digit character. A name starts with a non-digit character and * continues until a whitespace, end of string or a colon. * * The numeric form is converted to an unsigned integer and the name * form is converted to an unsigned integer using the lookup func. * * If endptr is not NULL *endptr is set to point to the character one past * the end of the parsed value, just as strtoul() does. * * If there is nothing valid to try to convert to an id_t, then *endptr is * set to value. This can only occur if value consists only of whitespace * characters. * * On error errno is set to a non-zero value including EINVAL and ERANGE. * On success errno is set to 0. * parameters * id * a pointer to store the id converted to a id_t * value * pointer to the beginning of the string to find the name or * number * endptr * a pointer to one character past the end the sequence used to, * or NULL if the value is not needed * lookup * function pointer to convert a name to an id * returns * nothing, but sets *id, *endptr, and errno */ typedef id_t (*lookup_func)(const char*); static int strto_id(id_t *id, const char *value, const char **endptr, lookup_func lookup) { const char *endp; const char *id_begin; if (id == NULL || value == NULL || lookup == NULL) { errno = EINVAL; if (id) { *id = safe_err_id; } return -1; } endp = value; id_begin = skip_whitespace_const(value); errno = 0; if (isdigit((unsigned char)*id_begin)) { /* is numeric form, parse as a number */ char *e; *id = strtoul(id_begin, &e, 10); endp = e; } else if (*id_begin) { /* is not numeric, parse as a name using lookup function */ char *id_name; size_t id_len; char small_buf[16]; /* should be big enough to hold most names */ /* find end - name can contain anything except whitespace and colons */ endp = id_begin; while (*endp && !isspace((unsigned char)*endp) && *endp != ':') { ++endp; } id_len = (size_t)(endp - id_begin); if (id_len == 0) { errno = EINVAL; *id = safe_err_id; if (endptr) { *endptr = endp; } return -1; } else if (id_len < sizeof(small_buf)) { /* use small_buf as the id fits */ id_name = small_buf; } else { /* malloc a buffer as id is too large for small_buf */ id_name = (char*)malloc(id_len + 1); if (id_name == NULL) { errno = ENOMEM; *id = safe_err_id; if (endptr) { *endptr = endp; } return -1; } } /* copy the id to the buffer */ memcpy(id_name, id_begin, id_len); id_name[id_len] = '\0'; *id = lookup(id_name); /* free buffer if malloc'd */ if (id_name != small_buf) { free(id_name); } } else { /* value contains nothing parsable */ *id = safe_err_id; errno = EINVAL; } if (endptr) { *endptr = endp; } return 0; } /* * safe_strto_uid * Parse the string value and return the user id of the first id in the * string as a uid_t. This follows the same rules as strto_id with * non-numeric ids converted to the matching user id. * * On error errno is set to a non-zero value including EINVAL and ERANGE. * On success errno is set to 0. * parameters * value * pointer to the beginning of the string to find the name or * number * endptr * a pointer to one character past the end the sequence used to, * or NULL if the value is not needed * returns * the user id, also updates *endptr and errno */ uid_t safe_strto_uid(const char *value, const char **endptr) { id_t id; strto_id(&id, value, endptr, name_to_uid); return (uid_t)id; } /* * safe_strto_gid * Parse the string value and return the group id of the first id in the * string as gid_t. This follows the same rules as strto_id with * non-numeric ids converted to the matching group id. * * On error errno is set to a non-zero value including EINVAL and ERANGE. * On success errno is set to 0. * parameters * value * pointer to the beginning of the string to find the name or * number * endptr * a pointer to one character past the end the sequence used to, * or NULL if the value is not needed * returns * the group id, also updates *endptr and errno */ gid_t safe_strto_gid(const char *value, const char **endptr) { id_t id; strto_id(&id, value, endptr, name_to_gid); return (gid_t)id; } /* * safe_strto_id * Parse the string value and return the the first number in the string as * an id_t. This follows the same rules as strto_id with non-numeric ids * returning an error. * * On error errno is set to a non-zero value including EINVAL and ERANGE. * On success errno is set to 0. * parameters * value * pointer to the beginning of the string to find the name or * number * endptr * a pointer to one character past the end the sequence used to, * or NULL if the value is not needed * returns * the group id, also updates *endptr and errno */ id_t safe_strto_id(const char *value, const char **endptr) { id_t id; strto_id(&id, value, endptr, name_to_error); return id; } /* * strto_id_range * Returns a pair of id's denoting a range of ids. The form of the string * must be * [ * '-' * ( | '*' ) ]? * * is of the form parsed by strto_id. If the option '-' and second * is not present, the first is returned for both the minimum * and maximum value. Since an in a non-numeric form may contain a * '-', a space must preceed the '-' if the first is in a non-numeric * form. The value '*' as the second value specifies the maximum allowed * id (assumes id_t is an unsigned type, if it is unsigned the code will * work correctly, but '*' will not work. * * It is an error if min_id is greater than max_id. * * If endptr is not NULL *endptr is set to point to the character one past * the end of the parsed value, just as strtoul() does. * * On error errno is set to a non-zero value including EINVAL and ERANGE. * On success errno is set to 0. * parameters * min_id * a pointer to store the minimum id converted to a id_t * max_id * a pointer to store the maximum id converted to a id_t * value * pointer to the beginning of the string to find the name or * number * endptr * a pointer to one character past the end the sequence used to, * or NULL if the value is not needed * lookup * function pointer to convert a name to an id * returns * nothing, but sets *min_id, *max_id, *endptr, and errno */ static void strto_id_range(id_t *min_id, id_t *max_id, const char *value, const char **endptr, lookup_func lookup) { const char *endp; strto_id(min_id, value, &endp, lookup); if (errno == 0 && value != endp) { /* parsed min correctly, check for a '-' and max value */ value = skip_whitespace_const(endp); if (*value == '-') { ++value; value = skip_whitespace_const(value); if (*value == '*') { *max_id = UINT_MAX; endp = value + 1; } else { strto_id(max_id, value, &endp, lookup); } } else { *max_id = *min_id; } } else { *max_id = *min_id; } if (endptr) { *endptr = endp; } if (*min_id > *max_id) { errno = EINVAL; } } /* * strto_id_list * Adds the rnages in the value to the list. Ranges are as specified in * strto_id_range, and there may be multiple ranges in value that are * separated by whitespace and a colon of the form: * [ * ':' * ]* * * Each range is of the form required by strto_id_range. * * It is an error if any of the ranges contain an error. * * If endptr is not NULL *endptr is set to point to the character one past * the end of the parsed value, just as strtoul() does. * * On error errno is set to a non-zero value including EINVAL and ERANGE. * On success errno is set to 0. * parameters * list * a pointer to a range list to have the ranges parsed added * value * pointer to the beginning of the string to find the name or * number * endptr * a pointer to one character past the end the sequence used to, * or NULL if the value is not needed * lookup * function pointer to convert a name to an id * returns * nothing, but adds entries to *list, and sets *endptr, and errno */ static void strto_id_list(safe_id_range_list *list, const char *value, const char **endptr, lookup_func lookup) { const char * endp = value; if (list == NULL || value == NULL) { errno = EINVAL; if (endptr) { *endptr = value; } return; } while (1) { id_t min_id; id_t max_id; strto_id_range(&min_id, &max_id, value, &endp, lookup); if (errno != 0 || value == endp) { break; } safe_add_id_range_to_list(list, min_id, max_id); value = skip_whitespace_const(endp); if (*value == ':') { ++value; } else { break; } } if (endptr) { *endptr = endp; } } /* * safe_strto_id_list * Parse the value and store the ranges in the range list in the list * structure. Non-numeric ids are treated as errors. * * The value is parsed as described in strto_id_list. * * It is an error if any of the ranges contain an error. * * If endptr is not NULL *endptr is set to point to the character one past * the end of the parsed value, just as strtoul() does. * * On error errno is set to a non-zero value including EINVAL and ERANGE. * On success errno is set to 0. * parameters * list * a pointer to a range list to have the ranges parsed added * value * pointer to the beginning of the string to find the name or * number * endptr * a pointer to one character past the end the sequence used to, * or NULL if the value is not needed * returns * nothing, but adds entries to *list, and sets *endptr, and errno */ void safe_strto_id_list(safe_id_range_list *list, const char *value, const char **endptr) { strto_id_list(list, value, endptr, name_to_error); } /* * safe_parse_uid_list * Parse the value and store the ranges in the range list in the list * structure. Non-numeric ids are converted to ids by looking the * name as a username and returning its uid. * * The value is parsed as described in strto_id_list. * * It is an error if any of the ranges contain an error. * * If endptr is not NULL *endptr is set to point to the character one past * the end of the parsed value, just as strtoul() does. * * On error errno is set to a non-zero value including EINVAL and ERANGE. * On success errno is set to 0. * parameters * list * a pointer to a range list to have the ranges parsed added * value * pointer to the beginning of the string to find the name or * number * endptr * a pointer to one character past the end the sequence used to, * or NULL if the value is not needed * returns * nothing, but adds entries to *list, and sets *endptr, and errno */ void safe_strto_uid_list(safe_id_range_list *list, const char *value, const char **endptr) { strto_id_list(list, value, endptr, name_to_uid); } /* * safe_parse_gid_list * Parse the value and store the ranges in the range list in the list * structure. Non-numeric ids are converted to ids by looking the * name as a group name and returning its gid. * * The value is parsed as described in strto_id_list. * * It is an error if any of the ranges contain an error. * * If endptr is not NULL *endptr is set to point to the character one past * the end of the parsed value, just as strtoul() does. * * On error errno is set to a non-zero value including EINVAL and ERANGE. * On success errno is set to 0. * parameters * list * a pointer to a range list to have the ranges parsed added * value * pointer to the beginning of the string to find the name or * number * endptr * a pointer to one character past the end the sequence used to, * or NULL if the value is not needed * returns * nothing, but adds entries to *list, and sets *endptr, and errno */ void safe_strto_gid_list(safe_id_range_list *list, const char *value, const char **endptr) { strto_id_list(list, value, endptr, name_to_gid); } /* * parse_id_list * Parse the value and store the ranges in the range list in the list * structure. Non-numeric ids are converted to ids by looking the * name as a group name and returning its gid. * * The value is parsed as described in strto_id_list. * * It is an error if any of the ranges contain an error. * * It is an error if there is non-whitespace after the parsed value. * * On error errno is set to a non-zero value including EINVAL and ERANGE. * On success errno is set to 0. * parameters * list * a pointer to a range list to have the ranges parsed added * value * pointer to the beginning of the string to find the name or * number * returns * 0 on success * -1 on error */ static int parse_id_list(safe_id_range_list *list, const char *value, lookup_func lookup) { const char *endp; strto_id_list(list, value, &endp, lookup); if (errno != 0) { return -1; } /* check if there is non-whitespace after the parse portion of value */ endp = skip_whitespace_const(endp); if (*endp != '\0') { return -1; } return 0; } /* * safe_parse_id_list * Parse the value and store the ranges in the range list in the list * structure. * * The value is parsed as described in strto_id_list. * * It is an error if any of the ranges contain an error. * * It is an error if there is non-whitespace after the parsed value. * * On error errno is set to a non-zero value including EINVAL and ERANGE. * On success errno is set to 0. * parameters * list * a pointer to a range list to have the ranges parsed added * value * pointer to the beginning of the string to find the name or * number * returns * 0 on success * -1 on error */ int safe_parse_id_list(safe_id_range_list *list, const char *value) { return parse_id_list(list, value, name_to_error); } /* * safe_parse_uid_list * Parse the value and store the ranges in the range list in the list * structure. Non-numeric ids are converted to ids by looking the * name as a user name and returning its uid. * * The value is parsed as described in strto_id_list. * * It is an error if any of the ranges contain an error. * * It is an error if there is non-whitespace after the parsed value. * * On error errno is set to a non-zero value including EINVAL and ERANGE. * On success errno is set to 0. * parameters * list * a pointer to a range list to have the ranges parsed added * value * pointer to the beginning of the string to find the name or * number * returns * 0 on success * -1 on error */ int safe_parse_uid_list(safe_id_range_list *list, const char *value) { return parse_id_list(list, value, name_to_uid); } /* * safe_parse_gid_list * Parse the value and store the ranges in the range list in the list * structure. Non-numeric ids are converted to ids by looking the * name as a group name and returning its gid. * * The value is parsed as described in strto_id_list. * * It is an error if any of the ranges contain an error. * * It is an error if there is non-whitespace after the parsed value. * * On error errno is set to a non-zero value including EINVAL and ERANGE. * On success errno is set to 0. * parameters * list * a pointer to a range list to have the ranges parsed added * value * pointer to the beginning of the string to find the name or * number * returns * 0 on success * -1 on error */ int safe_parse_gid_list(safe_id_range_list *list, const char *value) { return parse_id_list(list, value, name_to_gid); } myproxy-6.2.16/INSTALL0000644000175100017510000000015214557142036011316 00000000000000Please see for the latest installation instructions. myproxy-6.2.16/myproxy-get-trustroots.cron0000755000175100017510000000230014557142036015722 00000000000000#!/bin/sh # This cron script fetches trust roots (CA certificates, CRLs) # from a myproxy-server. # Customize the following environment variables as appropriate. GLOBUS_LOCATION="/usr/local/globus" MYPROXY_SERVER="myproxy.example.edu" export GLOBUS_LOCATION MYPROXY_SERVER # set if connecting to a myproxy-server on a non-standard port #MYPROXY_SERVER_PORT=7512 #export MYPROXY_SERVER_PORT # set if using a non-standard trust root directory #X509_CERT_DIR=/etc/grid-security/certificates #export X509_CERT_DIR # set if using credentials in a non-standard location #X509_USER_CERT=/etc/grid-security/hostcert.pem #X509_USER_KEY=/etc/grid-security/hostkey.pem #export X509_USER_CERT X509_USER_KEY # set if using a proxy in a non-standard location #X509_USER_PROXY=/tmp/x509up_u0 #export X509_USER_PROXY # set to force anonymous authentication to the myproxy-server and # avoid using client-side credentials #X509_USER_CERT=/dev/null #X509_USER_KEY=/dev/null #X509_USER_PROXY=/dev/null #export X509_USER_CERT X509_USER_KEY X509_USER_PROXY . ${GLOBUS_LOCATION}/libexec/globus-script-initializer ${GLOBUS_LOCATION}/bin/myproxy-get-trustroots 2>&1 | \ logger -t myproxy-get-trustroots.cron -p cron.info exit 0 myproxy-6.2.16/myproxy_authorization.h0000644000175100017510000000606314557142036015154 00000000000000#ifndef __MYPROXY_AUTHORIZATION_H #define __MYPROXY_AUTHORIZATION_H #include "myproxy_creds.h" #include "myproxy_server.h" typedef enum { AUTHORIZETYPE_NULL = 0, AUTHORIZETYPE_PASSWD, AUTHORIZETYPE_CERT, /* uses SHA1 */ AUTHORIZETYPE_SASL, AUTHORIZETYPE_CERT256, /* uses SHA256 */ AUTHORIZETYPE_NUMMETHODS } author_method_t; typedef enum { AUTHORIZEMETHOD_DISABLED, AUTHORIZEMETHOD_REQUIRED, AUTHORIZEMETHOD_SUFFICIENT } author_status_t; /* client/server authorization data */ typedef struct { char *server_data; /* data sent from the server. It can be arbitrary ASCII string ending with '\0'. */ char *client_data; /* data created by the client according to server_data */ size_t client_data_len; author_method_t method; } authorization_data_t; /* The methods argument should be an array of methods to prompt for, terminated by AUTHORIZETPYE_NULL. */ int authorization_init_server (authorization_data_t ***data, author_method_t methods[]); void authorization_data_free (authorization_data_t **data); void authorization_data_free_contents (authorization_data_t *data); char * authorization_get_name(author_method_t method); author_method_t authorization_get_method(char *name); author_status_t authorization_get_status(author_method_t method, struct myproxy_creds *creds, char *client_name, myproxy_server_context_t* config); /* * Fill in author_data with client's response and return pointer into * author_data to data choosen by the client. No new space is allocated for * the returned pointer. This function is called by the server. * authorization_data_t is supposed to be allocated and (partly) filled in by * the server. */ authorization_data_t * authorization_store_response(char *, size_t, author_method_t, authorization_data_t **); /* * Search a data for the supplied method in the supplied list. Using the extra * data fill in the response and return a pointer into the list to the data * choosen. No special space is allocated for the return value. * Called by the client. */ authorization_data_t * authorization_create_response(authorization_data_t **, author_method_t, void *extra_data, size_t extra_data_len); /* * Verifies that data sent by the client matches the expecting value for the * server's challenge. Returns 1 on success, 0 on failure. */ int authorization_check(authorization_data_t *client_auth_data, struct myproxy_creds *creds, char *client_name); int authorization_check_ex(authorization_data_t *client_auth_data, struct myproxy_creds *creds, char *client_name, myproxy_server_context_t *config); #endif /* __MYPROXY_AUTHORIZATION_H */ myproxy-6.2.16/myproxy_alcf.c0000644000175100017510000004135214557142036013154 00000000000000/* * myproxy_alcf.c * * admin load credential from file * */ #include "myproxy_common.h" /* all needed headers included here */ #define MYPROXY_DEFAULT_PROXY "/tmp/myproxy-proxy" #define SECONDS_PER_HOUR (60 * 60) static int dn_as_username = 0; static char usage[] = \ "\n"\ "Syntax: myproxy-admin-load-credential [-l username] [-r retrievers] [-R renewers] ...\n"\ " myproxy-admin-load-credential [-usage|-help] [-version]\n"\ "\n"\ " Options\n"\ " -h | --help Displays usage\n" " -u | --usage \n" " \n" " -v | --verbose Display debugging messages\n" " -V | --version Displays version\n" " -s | --storage Specifies the credential storage directory\n" " -c | --certfile Certificate file name\n" " -y | --keyfile Key file name\n" " -l | --username Username for the delegated proxy\n" " -t | --proxy_lifetime Lifetime of proxies delegated by\n" " server (default 12 hours)\n" " -a | --allow_anonymous_retrievers Allow credentials to be retrieved\n" " with just username/passphrase\n" " -A | --allow_anonymous_renewers Allow credentials to be renewed by\n" " any client (not recommended)\n" " -x | --regex_dn_match Set regular expression matching mode\n" " for following policy options\n" " -X | --match_cn_only Set CN matching mode (default)\n" " for following policy options\n" " -r | --retrievable_by Allow specified entity to retrieve\n" " credential\n" " -R | --renewable_by Allow specified entity to renew\n" " credential\n" " -Z | --retrievable_by_cert Allow specified entity to retrieve\n" " credential w/o passphrase\n" " -E | --retrieve_key Allow specified entity to retrieve\n" " credential key\n" " -d | --dn_as_username Use the proxy certificate subject\n" " (DN) as the default username,\n" " instead of the LOGNAME env. var.\n" " -k | --credname Specifies credential name\n" " -K | --creddesc Specifies credential description\n" "\n"; struct option long_options[] = { {"help", no_argument, NULL, 'h'}, {"usage", no_argument, NULL, 'u'}, {"certfile", required_argument, NULL, 'c'}, {"keyfile", required_argument, NULL, 'y'}, {"proxy_lifetime", required_argument, NULL, 't'}, {"storage", required_argument, NULL, 's'}, {"username", required_argument, NULL, 'l'}, {"verbose", no_argument, NULL, 'v'}, {"version", no_argument, NULL, 'V'}, {"dn_as_username", no_argument, NULL, 'd'}, {"allow_anonymous_retrievers", no_argument, NULL, 'a'}, {"allow_anonymous_renewers", no_argument, NULL, 'A'}, {"retrievable_by", required_argument, NULL, 'r'}, {"renewable_by", required_argument, NULL, 'R'}, {"regex_dn_match", no_argument, NULL, 'x'}, {"match_cn_only", no_argument, NULL, 'X'}, {"credname", required_argument, NULL, 'k'}, {"creddesc", required_argument, NULL, 'K'}, {"retrievable_by_cert", required_argument, NULL, 'Z'}, {"retrieve_key", required_argument, NULL, 'E'}, {0, 0, 0, 0} }; /*colon following an option indicates option takes an argument */ static char short_options[] = "uhl:vVdr:R:xXaAk:K:t:c:y:s:Z:E:"; static char *certfile = NULL; /* certificate file name */ static char *keyfile = NULL; /* key file name */ static char *storage_dir = NULL; static char version[] = "myproxy-alcf version " MYPROXY_VERSION " (" MYPROXY_VERSION_DATE ") " "\n"; void init_arguments(int argc, char *argv[], myproxy_creds_t *my_creds); int makeproxy(const char certfile[], const char keyfile[], const char proxyfile[]); int get_storage_dir_owner(uid_t *owner); int main(int argc, char *argv[]) { myproxy_creds_t my_creds = {0}; char proxyfile[64] = ""; int rval=1; /* check library version */ if (myproxy_check_version()) { fprintf(stderr, "MyProxy library version mismatch.\n" "Expecting %s. Found %s.\n", MYPROXY_VERSION_DATE, myproxy_version(0,0,0)); exit(1); } myproxy_log_use_stream (stderr); init_arguments (argc, argv, &my_creds); if (certfile == NULL) { fprintf (stderr, "Specify certificate file with -c option\n"); fprintf(stderr, "%s", usage); goto cleanup; } if (keyfile == NULL) { fprintf (stderr, "Specify key file with -y option\n"); fprintf(stderr, "%s", usage); goto cleanup; } sprintf(proxyfile, "%s.%u.%u", MYPROXY_DEFAULT_PROXY, (unsigned)getuid(), (unsigned)getpid()); /* Remove proxyfile if it already exists. */ ssl_proxy_file_destroy(proxyfile); verror_clear(); if (makeproxy(certfile, keyfile, proxyfile) < 0) { fprintf(stderr, "Failed to create temporary credentials file.\n"); goto cleanup; } if (my_creds.username == NULL) { /* set default username */ if (dn_as_username) { if (ssl_get_base_subject_file(proxyfile, &my_creds.username)) { fprintf(stderr, "Cannot get subject name from your certificate\n"); goto cleanup; } } else { char *username = NULL; if (!(username = getenv("LOGNAME"))) { fprintf(stderr, "Please specify a username.\n"); goto cleanup; } my_creds.username = strdup(username); } } if (ssl_get_base_subject_file(proxyfile, &my_creds.owner_name)) { fprintf(stderr, "Cannot get subject name from certificate.\n"); goto cleanup; } my_creds.location = strdup(proxyfile); if (myproxy_creds_store(&my_creds) < 0) { myproxy_log_verror(); fprintf (stderr, "Unable to store credentials. %s\n", verror_get_string()); goto cleanup; } else { fprintf (stdout, "Credential stored successfully\n"); } rval = 0; cleanup: if (proxyfile[0]) ssl_proxy_file_destroy(proxyfile); return rval; } void init_arguments(int argc, char *argv[], myproxy_creds_t *my_creds) { extern char *optarg; int arg; int expr_type = MATCH_CN_ONLY; /*default */ my_creds->lifetime = SECONDS_PER_HOUR * MYPROXY_DEFAULT_DELEG_HOURS; while((arg = getopt_long(argc, argv, short_options, long_options, NULL)) != EOF) { switch(arg) { case 's': /* set the credential storage directory */ myproxy_set_storage_dir(optarg); storage_dir = optarg; break; case 'c': /* credential file name*/ certfile = strdup (optarg); break; case 'y': /* key file name */ keyfile = strdup (optarg); break; case 'u': /* print help and exit */ printf("%s", usage); exit(0); break; case 't': /* Specify proxy lifetime in hours */ my_creds->lifetime = SECONDS_PER_HOUR * atoi(optarg); break; case 'h': /* print help and exit */ printf("%s", usage); exit(0); break; case 'l': /* username */ my_creds->username = strdup (optarg); break; case 'v': /* verbose */ myproxy_debug_set_level(1); break; case 'V': /* print version and exit */ printf("%s", version); exit(0); break; case 'r': /* retrievers list */ if (my_creds->renewers) { fprintf(stderr, "-r is incompatible with -A and -R. A credential may not be used for both\nretrieval and renewal. If both are desired, upload multiple credentials with\ndifferent names, using the -k option.\n"); exit(1); } if (my_creds->retrievers) { fprintf(stderr, "Only one -a or -r option may be specified.\n"); exit(1); } if (expr_type == REGULAR_EXP) /*copy as is */ my_creds->retrievers = strdup (optarg); else { my_creds->retrievers = (char *)malloc(strlen(optarg)+6); strcpy (my_creds->retrievers, "*/CN="); my_creds->retrievers = strcat(my_creds->retrievers, optarg); myproxy_debug("authorized retriever %s", my_creds->retrievers); } break; case 'Z': /* retrievers list */ if (my_creds->trusted_retrievers) { fprintf(stderr, "Only one -Z option may be specified.\n"); exit(1); } if (expr_type == REGULAR_EXP) /*copy as is */ my_creds->trusted_retrievers = strdup (optarg); else { my_creds->trusted_retrievers = (char *)malloc(strlen(optarg)+6); strcpy (my_creds->trusted_retrievers, "*/CN="); my_creds->trusted_retrievers = strcat(my_creds->trusted_retrievers, optarg); myproxy_debug("trusted retriever %s", my_creds->trusted_retrievers); } break; case 'R': /* renewers list */ if (my_creds->retrievers) { fprintf(stderr, "-R is incompatible with -a and -r. A credential may not be used for both\nretrieval and renewal. If both are desired, upload multiple credentials with\ndifferent names, using the -k option.\n"); exit(1); } if (my_creds->renewers) { fprintf(stderr, "Only one -A or -R option may be specified.\n"); exit(1); } if (expr_type == REGULAR_EXP) /*copy as is */ my_creds->renewers = strdup (optarg); else { my_creds->renewers = (char *)malloc(strlen(optarg)+6); strcpy (my_creds->renewers, "*/CN="); my_creds->renewers = strcat (my_creds->renewers,optarg); myproxy_debug("authorized renewer %s", my_creds->renewers); } break; case 'd': /* use the certificate subject (DN) as the default username instead of LOGNAME */ dn_as_username = 1; break; case 'x': /*set expression type to regex*/ expr_type = REGULAR_EXP; myproxy_debug("expr-type = regex"); break; case 'X': /*set expression type to common name*/ expr_type = MATCH_CN_ONLY; myproxy_debug("expr-type = CN"); break; case 'a': /*allow anonymous retrievers*/ if (my_creds->renewers) { fprintf(stderr, "-a is incompatible with -A and -R. A credential may not be used for both\nretrieval and renewal. If both are desired, upload multiple credentials with\ndifferent names, using the -k option.\n"); exit(1); } if (my_creds->retrievers) { fprintf(stderr, "Only one -a or -r option may be specified.\n"); exit(1); } my_creds->retrievers = strdup ("*"); myproxy_debug("anonymous retrievers allowed"); break; case 'A': /*allow anonymous renewers*/ if (my_creds->retrievers) { fprintf(stderr, "-A is incompatible with -a and -r. A credential may not be used for both\nretrieval and renewal. If both are desired, upload multiple credentials with\ndifferent names, using the -k option.\n"); exit(1); } if (my_creds->renewers) { fprintf(stderr, "Only one -A or -R option may be specified.\n"); exit(1); } my_creds->renewers = strdup ("*"); myproxy_debug("anonymous renewers allowed"); break; case 'E' : /* key retriever list */ if (expr_type == REGULAR_EXP) { /* Copy as is */ my_creds->keyretrieve = strdup(optarg); } else { my_creds->keyretrieve = (char *) malloc(strlen(optarg) + 6); strcpy(my_creds->keyretrieve, "*/CN="); my_creds->keyretrieve = strcat(my_creds->keyretrieve, optarg); myproxy_debug("authorized key retriever %s", my_creds->keyretrieve); } break; case 'k': /*credential name*/ my_creds->credname = strdup (optarg); break; case 'K': /*credential description*/ my_creds->creddesc = strdup (optarg); break; default: /* print usage and exit */ fprintf(stderr, "%s", usage); exit(1); break; } } if (optind != argc) { fprintf(stderr, "%s: invalid option -- %s\n", argv[0], argv[optind]); fprintf(stderr, "%s", usage); exit(1); } } int makeproxy(const char certfile[], const char keyfile[], const char proxyfile[]) { static char BEGINCERT[] = "-----BEGIN CERTIFICATE-----"; static char ENDCERT[] = "-----END CERTIFICATE-----"; static char BEGINKEY1[] = "-----BEGIN RSA PRIVATE KEY-----"; static char BEGINKEY2[] = "-----BEGIN PRIVATE KEY-----"; static char BEGINKEY3[] = "-----BEGIN ENCRYPTED PRIVATE KEY-----"; static char ENDKEY1[] = "-----END RSA PRIVATE KEY-----"; static char ENDKEY2[] = "-----END PRIVATE KEY-----"; static char ENDKEY3[] = "-----END ENCRYPTED PRIVATE KEY-----"; unsigned char *certbuf=NULL, *keybuf=NULL; char *certstart, *certend, *keystart, *keyend; int return_value = -1, size, rval, fd=0; uid_t owner; /* Read the certificate(s) into a buffer. */ if (buffer_from_file(certfile, &certbuf, NULL) < 0) { fprintf(stderr, "Failed to read %s\n", certfile); goto cleanup; } /* Read the key into a buffer. */ if (buffer_from_file(keyfile, &keybuf, NULL) < 0) { fprintf(stderr, "Failed to read %s\n", keyfile); goto cleanup; } /* special case: run as root w/ non-root storage dir */ if (getuid() == 0 && get_storage_dir_owner(&owner) == 0 && owner != 0) { seteuid(0); setuid(owner); } /* Open the output file. */ if ((fd = open(proxyfile, O_CREAT | O_EXCL | O_WRONLY, S_IRUSR | S_IWUSR)) < 0) { fprintf(stderr, "open(%s) failed: %s\n", proxyfile, strerror(errno)); goto cleanup; } /* Write the first certificate. */ if ((certstart = strstr((const char *)certbuf, BEGINCERT)) == NULL) { fprintf(stderr, "%s doesn't contain '%s'.\n", certfile, BEGINCERT); goto cleanup; } if ((certend = strstr((const char *)certstart, ENDCERT)) == NULL) { fprintf(stderr, "%s doesn't contain '%s'.\n", certfile, ENDCERT); goto cleanup; } certend += strlen(ENDCERT); size = certend-certstart; while (size) { if ((rval = write(fd, certstart, size)) < 0) { perror("write"); goto cleanup; } size -= rval; certstart += rval; } if (write(fd, "\n", 1) < 0) { perror("write"); goto cleanup; } /* Write the key. */ if ((keystart = strstr((const char *)keybuf, BEGINKEY1)) == NULL && (keystart = strstr((const char *)keybuf, BEGINKEY2)) == NULL && (keystart = strstr((const char *)keybuf, BEGINKEY3)) == NULL) { fprintf(stderr, "%s doesn't contain '%s' nor '%s' nor '%s'.\n", keyfile, BEGINKEY1, BEGINKEY2, BEGINKEY3); goto cleanup; } if ((keyend = strstr((const char *)keystart, ENDKEY1)) != NULL) keyend += strlen(ENDKEY1); else if ((keyend = strstr((const char *)keystart, ENDKEY2)) != NULL) keyend += strlen(ENDKEY2); else if ((keyend = strstr((const char *)keystart, ENDKEY3)) != NULL) keyend += strlen(ENDKEY3); else { fprintf(stderr, "%s doesn't contain '%s' nor '%s' nor '%s'.\n", keyfile, ENDKEY1, ENDKEY2, ENDKEY3); goto cleanup; } size = keyend-keystart; while (size) { if ((rval = write(fd, keystart, size)) < 0) { perror("write"); goto cleanup; } size -= rval; keystart += rval; } if (write(fd, "\n", 1) < 0) { perror("write"); goto cleanup; } /* Write any remaining certificates. */ while ((certstart = strstr((const char *)certstart, BEGINCERT)) != NULL) { if ((certend = strstr((const char *)certstart, ENDCERT)) == NULL) { fprintf(stderr, "Can't find matching '%s' in %s.\n", ENDCERT, certfile); goto cleanup; } certend += strlen(ENDCERT); size = certend-certstart; while (size) { if ((rval = write(fd, certstart, size)) < 0) { perror("write"); goto cleanup; } size -= rval; certstart += rval; } if (write(fd, "\n", 1) < 0) { perror("write"); goto cleanup; } } return_value = 0; cleanup: if (certbuf) free(certbuf); if (keybuf) free(keybuf); if (fd >= 0) close(fd); return return_value; } /* * get_storage_dir_owner * * Used to identify storage directory ownership mismatches before they * become a problem, i.e., myproxy_get_storage_dir() will fail. */ int get_storage_dir_owner(uid_t *owner) { const char *storage_dir = NULL; struct stat s = {0}; int rval = -1; assert(owner); /* Just check a few places for now... */ if (storage_dir) { /* if dir passed on command-line */ if (stat(storage_dir, &s) < 0) { goto cleanup; /* handle errors silently */ } } else if (stat("/var/lib/myproxy", &s) == 0) { } else if (stat("/var/myproxy", &s) == 0) { } else { goto cleanup; } *owner = s.st_uid; rval = 0; cleanup: return rval; } myproxy-6.2.16/ssl_utils.h0000644000175100017510000003241214557142036012463 00000000000000/* * ssl_utils.h * * Functions for interacting with SSL, X509, etc. */ #ifndef _SSL_UTILS_H #define _SSL_UTILS_H #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include /* EVP_MD_CTX_init() and EVP_MD_CTX_cleanup() not in OpenSSL 0.9.6. */ #if !defined(EVP_MD_CTX_FLAG_CLEANED) #define EVP_MD_CTX_init(ctx) #define EVP_MD_CTX_cleanup(ctx) #define X509V3_set_nconf X509V3_set_conf_lhash #define X509V3_EXT_add_nconf X509V3_EXT_add_conf #endif struct _ssl_credentials; typedef struct _ssl_credentials SSL_CREDENTIALS; struct _ssl_proxy_restrictions; typedef struct _ssl_proxy_restrictions SSL_PROXY_RESTRICTIONS; /* * Returns values for functions */ #define SSL_SUCCESS 1 #define SSL_ERROR 0 /* * ssl_credentials_destroy() * * Destroys the given credentials, deallocating all memory * associated with them. */ void ssl_credentials_destroy(SSL_CREDENTIALS *creds); /* * ssl_proxy_file_destroy() * * Fill the proxy file with zeros and unlink. * * Returns SSL_SUCCESS or SSL_ERROR, setting verror. */ int ssl_proxy_file_destroy(const char *path); /* * ssl_certificate_load_from_file() * * Load certificate(s) from the given file into the given set of credentials. * Any existing certificates in the creds structure will be erased. * * Returns SSL_SUCCESS or SSL_ERROR, setting verror. */ int ssl_certificate_load_from_file(SSL_CREDENTIALS *creds, const char *path); /* * ssl_certificate_push() * * Set given certificate as the creds' certificate, pushing any existing * certificate in the creds structure into the constituent certificate chain. * * Returns SSL_SUCCESS or SSL_ERROR, setting verror. */ int ssl_certificate_push(SSL_CREDENTIALS *creds, X509 *cert); /* * ssl_private_key_load_from_file() * * Load a key from the given file and store it in the given credentials * structure. * If pass_phrase_prompt is non-NULL, prompt for the * passphrase to be entered on the tty if needed. * Otherwise, if pass_phrase is non-NULL, use that passphrase * to decrypt the key. * Otherwise, assume the key is unencrypted. * Any existing key in the creds structure will be erased. * * Returns SSL_SUCCESS or SSL_ERROR, setting verror. */ int ssl_private_key_load_from_file(SSL_CREDENTIALS *creds, const char *path, const char *pass_phrase, const char *pass_phrase_prompt); /* * ssl_private_key_store_to_file() * * Returns SSL_SUCCESS or SSL_ERROR, setting verror. */ int ssl_private_key_store_to_file(SSL_CREDENTIALS *creds, const char *path, const char *pass_phrase); /* * ssl_private_key_is_encrypted() * * Returns 1 if the private key is encrypted, 0 if unencrypted, -1 on error. */ int ssl_private_key_is_encrypted(const char *path); /* * ssl_proxy_from_pem() * * Take a buffer generated by ssl_proxy_to_pem() and return a set * of credentials. pass_phrase is used if needed. * * Returns SSL_SUCCESS or SSL_ERROR, setting verror. */ int ssl_proxy_from_pem(SSL_CREDENTIALS *creds, const unsigned char *buffer, int buffer_len, const char *pass_phrase); /* * ssl_proxy_load_from_file() * * Load a proxy certificate and key from the given file, using pass_phrase * if needed, and storing the credentials in the given SSL_CREDENTIALS * structure. pass_phrase may be NULL. Any existing credentials in * the SSL_CREDENTIALS structure will be erased. * * Returns SSL_SUCCESS or SSL_ERROR, setting verror. */ int ssl_proxy_load_from_file(SSL_CREDENTIALS *creds, const char *path, const char *pass_phrase); /* * ssl_proxy_to_pem() * * Return an allocated buffer with the given proxy encoded in PEM format. * The private key is encrypted with pass_phrase if provided (can be NULL). * * Returns SSL_SUCCESS or SSL_ERROR, setting verror. */ int ssl_proxy_to_pem(SSL_CREDENTIALS *creds, unsigned char **pbuffer, int *pbuffer_len, const char *pass_phrase); /* * * ssl_proxy_store_to_file() * * Store the the proxy in the given set of credentials to the give file. * The file must not exist. If pass_phrase is non-NULL it will be used * to encrypt the private key. * * Returns SSL_SUCCESS or SSL_ERROR, setting verror. */ int ssl_proxy_store_to_file(SSL_CREDENTIALS *creds, const char *path, const char *pass_phrase); /* * ssl_new_credentials() * * Return a empty credentials structure for use. * * Returns NULL on error. */ SSL_CREDENTIALS *ssl_credentials_new(); /* * * ssl_certreq_pem_to_der() * * Given the location of a file containing a PEM certificate request * as input (certreq), return a DER encoded certificate request as * output (buffer). * * Returns SSL_SUCCESS or SSL_ERROR, setting verror. */ int ssl_certreq_pem_to_der(char *certreq, unsigned char **buffer, int *buffer_length); /* * * ssl_proxy_delegation_init() * * Generate a request for a proxy delegation in a buffer suitable for shipping * over the network. * * pcreds will be filled in with the private key and should be passed to * ssl_proxy_delegation_finalize() to be filled in with the returned * certificate. * * buffer will be set to point at an allocated buffer containing * data to be passed to the signer to be passed into * ssl_sign_proxy_request(). * * buffer_length will be filled in with the length of buffer. * * requested_bits will be used as the key length for the * new proxy. If 0 then the length of user_certificate key * will be used. * * callback can point to a function that will be called * during key generation - see SSLeay's doc/rsa.doc * RSA_generate_key() function for details. * * Returns SSL_SUCCESS or SSL_ERROR, setting verror. */ int ssl_proxy_delegation_init(SSL_CREDENTIALS **new_creds, unsigned char **buffer, int *buffer_length, int requested_bits, void (*callback)(int,int,void *)); /* * ssl_proxy_delegation_finalize() * * Finalize the process of getting a proxy delegation using * buffers in a form suitable for shipping over the network. * * creds should be the credentials originally obtained from * ssl_proxy_request_init() * * buffer should be the buffer generated by ssl_proxy_request_sign(). * * buffer_len should be the length of buffer. * * Returns SSL_SUCCESS or SSL_ERROR, setting verror. */ int ssl_proxy_delegation_finalize(SSL_CREDENTIALS *creds, unsigned char *buffer, int buffer_length); /* * ssl_proxy_delegation_sign() * * Sign a proxy delegation request and generate a proxy certificate. Input and * output are buffers suitable for shipping over the network. * * creds contains the credentials used the sign the request. * * restrictions contains any restrictions to be placed on the * proxy. May be NULL in which case defaults are used. * * request_buffer contains the buffer as generated by * ssl_generate_proxy_request(). * * request_buffer_len contains the length of request_buffer * in bytes. * * proxy_buffer will be filled in with a pointer to an allocated * buffer that contains the proxy certificate and certificate * chain for feeding into ssl_finish_proxy_request. * * proxy_buffer_length will be filled in to contain the length * of proxy_buffer. * * Returns SSL_SUCCESS or SSL_ERROR, setting verror. */ int ssl_proxy_delegation_sign(SSL_CREDENTIALS *creds, SSL_PROXY_RESTRICTIONS *restrictions, unsigned char *request_buffer, int request_buffer_length, unsigned char **proxy_buffer, int *proxy_buffer_length); /* * ssl_free_buffer() * * Free a buffer allocated by any of the other routines in this library. */ void ssl_free_buffer(unsigned char *buffer); /* * ssl_proxy_restrictions_new() * * Generate a new SSL_PROXY_RESTRICTIONS object. * * Returns object on success, NULL on error setting verror. */ SSL_PROXY_RESTRICTIONS *ssl_proxy_restrictions_new(); /* * ssl_proxy_restrictions_destroy() * * Destroy a SSL_PROXY_RESTRICTIONS object, deallocating all memory * associated with it. */ void ssl_proxy_restrictions_destroy(SSL_PROXY_RESTRICTIONS *restrictions); /* * ssl_proxy_restrictions_set_lifetime() * * Set the lifetime in the given SSL_PROXY_RESTRICTIONS object to * the given number of seconds. A values of zero for seconds means * to use the default. * * Returns SSL_SUCCESS on success, SSL_ERROR otherwise setting verror. */ int ssl_proxy_restrictions_set_lifetime(SSL_PROXY_RESTRICTIONS *restrictions, const long seconds); /* * ssl_proxy_restrictions_set_limited() * * Set whether a limited proxy should be delegated. * A limited flag of 1 indicates yes, a flag of 0 indicates no (default). * * Returns SSL_SUCCESS on success, SSL_ERROR otherwise setting verror. */ int ssl_proxy_restrictions_set_limited(SSL_PROXY_RESTRICTIONS *restrictions, const int limited); /* ssl_get_base_subject_file() * * Get user's subject name from certificate in the supplied filename * * Returns 0 on success or -1 on error */ int ssl_get_base_subject_file(const char *proxyfile, char **subject); /* ssl_get_base_subject() * * Get user's subject name from SSL_CREDENTIALS. * * Returns SSL_SUCCESS or SSL_ERROR */ int ssl_get_base_subject(SSL_CREDENTIALS *creds, char **subject); /* * ssl_creds_to_buffer() * * Encode credentials from SSL_CREDENTIALS struct into buffer. Memory for the * buffer is obtained with malloc(3) and must be freed with free(3). * * Returns SSL_SUCCESS or SSL_ERROR */ int ssl_creds_to_buffer(SSL_CREDENTIALS *chain, unsigned char **buffer, int *buffer_length); /* * ssl_creds_from_buffer() * * Decode credentals from buffer into SSL_CREDENTIALS struct. Caller should * free *creds with ssl_credentials_destroy() * * Returns SSL_SUCCESS or SSL_ERROR */ int ssl_creds_from_buffer(unsigned char *buffer, int buffer_length, SSL_CREDENTIALS **creds); /* * ssl_creds_certificate_is_proxy() * * Returns 1 if certificate is proxy(RFC 3820, GT3, GT2) certificate. * 0 if certificate is not proxy. * -1 on error. */ int ssl_creds_certificate_is_proxy(SSL_CREDENTIALS *creds); /* * ssl_sign() * * Sign data with private key passed in SSL_CREDENTIALS. Memory for the * signature is allocated with malloc(3) and must be freed with free(2) when * no needed. */ int ssl_sign(unsigned char *data, int length, SSL_CREDENTIALS *creds, unsigned char **signature, int *signature_len, const EVP_MD *md); /* * ssl_verify() * * Verify signature */ int ssl_verify(unsigned char *data, int length, SSL_CREDENTIALS *creds, unsigned char *signature, int signature_len, const EVP_MD *md); /* * int ssl_verify_gsi_chain() * * Verify that supplied chain is valid for GSI authentication. * * Returns SSL_SUCCESS or SSL_ERROR */ int ssl_verify_gsi_chain(SSL_CREDENTIALS *chain); /* * int ssl_limited_proxy_chain() * * Return 1 if certificate chain includes a limited proxy, * 0 if not, -1 on error. */ int ssl_limited_proxy_chain(SSL_CREDENTIALS *chain); /* * int ssl_limited_proxy_file() * * Return 1 if certificate chain in path includes a limited proxy, * 0 if not, -1 on error. */ int ssl_limited_proxy_file(const char path[]); /* * ssl_get_times * */ int ssl_get_times(const char *proxyfile, time_t *not_before, time_t *not_after); /* * ssl_error_to_verror() * * Transfer an error description out of the ssl error handler to verror. */ void ssl_error_to_verror(); /* * globus_error_to_verror() * * Transfer an error description out of the Globus error handler to verror. */ void globus_error_to_verror(globus_result_t result); /* * ssl_verify_cred() * * Check the validity of the credentials at the given path: * - check Not Before and Not After fields against current time * - check signature by trusted CA * - check revocation status (CRL, OCSP) * Returns 0 on success, -1 on error (setting verror). */ int ssl_verify_cred(const char path[]); #endif /* _SSL_UTILS_H */ myproxy-6.2.16/myproxy-accepted-credentials-mapapp0000755000175100017510000000107314557142036017262 00000000000000#!/bin/sh if [ $# -ne 2 ]; then # need 2 command line arguments exit 1 fi subjectdn=$1 username=$2 # example 1: verify the DN matches an accepted pattern #if [ "${subjectdn}" != "/O=Grid/OU=MyProxy CA/CN=${username}" ]; then # exit 1 #fi # example 2: check the DN against a blacklist #blacklistfile="/etc/myproxy-server-blacklist" #if [ -r $blacklistfile ]; then # grep "${subjectdn}" $blacklistfile >/dev/null 2>&1 # if [ $? -eq 0 ]; then # logger -t myproxy-server denied blacklisted user: "${subjectdn}" # exit 1; # fi #fi exit 0 myproxy-6.2.16/myproxy-passphrase-policy0000755000175100017510000000067014557142036015413 00000000000000#!/usr/bin/perl -T ($username, $dn, $credname, $retriever_policy, $renewer_policy) = @ARGV; chomp($passphrase = ); use Crypt::Cracklib; # if missing, install with: # perl -MCPAN -e 'install Crypt::Cracklib' if ($passphrase eq "") { exit(0); # allow empty passphrase for other auth methods } $reason = fascist_check($passphrase); if ($reason ne "ok") { print $reason, "\n"; exit(1); } exit(0); myproxy-6.2.16/myproxy_ocsp_aia.h0000644000175100017510000000030714557142036014025 00000000000000/* * myproxy_ocsp_aia.h - OCSP AIA extension handlign */ #ifndef __MYPROXY_OCSP_AIA_H #define __MYPROXY_OCSP_AIA_H #include char *myproxy_get_aia_ocsp_uri(X509 *cert); #endif myproxy-6.2.16/myproxy_popen.h0000644000175100017510000000143214557142036013370 00000000000000/* * myproxy_popen.h * * Provide a safe popen substitute. * */ #ifndef __MYPROXY_POPEN_H #define __MYPROXY_POPEN_H /* * myproxy_popen() * * Run the program at the specified path with the specified arguments * (3rd argument is argv[1], 4th argument is argv[2]). * The final argument must be NULL. * Returns pid of the child process on success. * Returns -1 on failure and sets verror. * On success, fds[0] is a pipe connected to the child's stdin for writing * fds[1] is a pipe connected to the child's stdout for reading * fds[2] is a pipe connected to the child's stderr for reading * The caller should reap the child via waitpid() and close the three pipes. */ pid_t myproxy_popen(int fds[3], const char *path, ...); #endif /* __MYPROXY_POPEN_H */ myproxy-6.2.16/myproxy-revoke0000755000175100017510000000035314557142036013236 00000000000000#!/bin/sh FILENAME="$*" # command-line argument SIMPLECADIR="/home/globus/.globus/simpleCA" PASS="/home/globus/.globus/.simplecapass" CONF="$SIMPLECADIR/grid-ca-ssl.conf" openssl ca -passin file:$PASS -config $CONF -revoke $FILENAME myproxy-6.2.16/LICENSE.sasl0000644000175100017510000000350514557142036012240 00000000000000/* CMU libsasl * Tim Martin * Rob Earhart * Rob Siemborski */ /* * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The name "Carnegie Mellon University" must not be used to * endorse or promote products derived from this software without * prior written permission. For permission or any other legal * details, please contact * Office of Technology Transfer * Carnegie Mellon University * 5000 Forbes Avenue * Pittsburgh, PA 15213-3890 * (412) 268-4387, fax: (412) 268-7395 * tech-transfer@andrew.cmu.edu * * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Computing Services * at Carnegie Mellon University (http://www.cmu.edu/computing/)." * * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ myproxy-6.2.16/myproxy_common.h0000644000175100017510000000467114557142036013547 00000000000000/* * myproxy_common.h * * Internal header file that includes all headers needed for building * MyProxy in one place to ease porting. * */ #ifndef __MYPROXY_COMMON_H #define __MYPROXY_COMMON_H #include /* need to start w/ this to avoid later trouble */ #include #include #include #include #include #include #include #include /* Might be needed before */ #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #if defined(HAVE_STDINT_H) #include #else /* defined(HAVE_STDINT_H) */ #if !defined(SIZE_MAX) #define SIZE_MAX ((size_t)-1) #endif /* !defined(SIZE_MAX) */ #endif /* defined(HAVE_STDINT_H) */ #if defined(HAVE_GETOPT_H) #include #endif #if !defined(HAVE_SOCKLEN_T) typedef int socklen_t; #endif #include #include #include #include #include #include "myproxy.h" /* public headers */ #include "myproxy_extensions.h" #include "myproxy_popen.h" #include "myproxy_ocsp.h" #include "accept_credmap.h" #include "certauth_extensions.h" #include "certauth_resolveuser.h" #include "gsi_socket.h" #include "port_getopt.h" #include "safe_id_range_list.h" #include "safe_is_path_trusted.h" #include "ssl_utils.h" #include "string_funcs.h" #include "vparse.h" #if defined(HAVE_LIBSASL2) #include #include #define SASL_BUFFER_SIZE 20480 #endif #if defined(HAVE_LIBKRB5) #include #endif #if defined(HAVE_VOMS) #include #include #include "vomsclient.h" #endif #include "voms_utils.h" #if defined(HAVE_SECURITY_PAM_APPL_H) # include #elif defined(HAVE_PAM_PAM_APPL_H) # include #endif #ifndef va_copy #define va_copy(a,b) ((a) = (b)) #endif #if defined(HAVE_PIDFILE_DECL) #include "libutil.h" #else struct pidfh; struct pidfh *pidfile_open(const char *path, mode_t mode, pid_t *pidptr); int pidfile_write(struct pidfh *pfh); int pidfile_close(struct pidfh *pfh); int pidfile_remove(struct pidfh *pfh); #endif #endif /* __MYPROXY_COMMON_H */ myproxy-6.2.16/getopt_long.c0000644000175100017510000002750514557142036012765 00000000000000/* $NetBSD: getopt_long.c,v 1.17 2004/06/20 22:20:15 jmc Exp $ */ /*- * Copyright (c) 2000 The NetBSD Foundation, Inc. * All rights reserved. * * This code is derived from software contributed to The NetBSD Foundation * by Dieter Baron and Thomas Klausner. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the NetBSD * Foundation, Inc. and its contributors. * 4. Neither the name of The NetBSD Foundation nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ /* * modified May 12, 2005 by Jim Basney * * removed #include of non-POSIX * removed #include of "namespace.h" * use local "port_getopt.h" instead of * removed REPLACE_GETOPT and HAVE_NBTOOL_CONFIG_H sections * removed __P() from function declarations * use ANSI C function parameter lists * removed optreset support * replace _DIAGASSERT() with assert() * replace non-POSIX warnx(...) with fprintf(stderr, ...) * added extern declarations for optarg, optind, opterr, and optopt */ #if defined(LIBC_SCCS) && !defined(lint) __RCSID("$NetBSD: getopt_long.c,v 1.17 2004/06/20 22:20:15 jmc Exp $"); #endif /* LIBC_SCCS and not lint */ #include #include #include "port_getopt.h" #include #include #include #ifdef __weak_alias __weak_alias(getopt_long,_getopt_long) #endif #if !HAVE_GETOPT_LONG #define IGNORE_FIRST (*options == '-' || *options == '+') #define PRINT_ERROR ((opterr) && ((*options != ':') \ || (IGNORE_FIRST && options[1] != ':'))) #define IS_POSIXLY_CORRECT (getenv("POSIXLY_CORRECT") != NULL) #define PERMUTE (!IS_POSIXLY_CORRECT && !IGNORE_FIRST) /* XXX: GNU ignores PC if *options == '-' */ #define IN_ORDER (!IS_POSIXLY_CORRECT && *options == '-') /* return values */ #define BADCH (int)'?' #define BADARG ((IGNORE_FIRST && options[1] == ':') \ || (*options == ':') ? (int)':' : (int)'?') #define INORDER (int)1 #define EMSG "" extern char *optarg; extern int optind, opterr, optopt; static int getopt_internal (int, char * const *, const char *); static int gcd (int, int); static void permute_args (int, int, int, char * const *); static char *place = EMSG; /* option letter processing */ static int nonopt_start = -1; /* first non option argument (for permute) */ static int nonopt_end = -1; /* first option after non options (for permute) */ /* Error messages */ static const char recargchar[] = "option requires an argument -- %c"; static const char recargstring[] = "option requires an argument -- %s"; static const char ambig[] = "ambiguous option -- %.*s"; static const char noarg[] = "option doesn't take an argument -- %.*s"; static const char illoptchar[] = "unknown option -- %c"; static const char illoptstring[] = "unknown option -- %s"; /* * Compute the greatest common divisor of a and b. */ static int gcd(int a, int b) { int c; c = a % b; while (c != 0) { a = b; b = c; c = a % b; } return b; } /* * Exchange the block from nonopt_start to nonopt_end with the block * from nonopt_end to opt_end (keeping the same order of arguments * in each block). */ static void permute_args(int panonopt_start, int panonopt_end, int opt_end, char * const *nargv) { int cstart, cyclelen, i, j, ncycle, nnonopts, nopts, pos; char *swap; assert(nargv != NULL); /* * compute lengths of blocks and number and size of cycles */ nnonopts = panonopt_end - panonopt_start; nopts = opt_end - panonopt_end; ncycle = gcd(nnonopts, nopts); cyclelen = (opt_end - panonopt_start) / ncycle; for (i = 0; i < ncycle; i++) { cstart = panonopt_end+i; pos = cstart; for (j = 0; j < cyclelen; j++) { if (pos >= panonopt_end) pos -= nnonopts; else pos += nopts; swap = nargv[pos]; /* LINTED const cast */ ((char **) nargv)[pos] = nargv[cstart]; /* LINTED const cast */ ((char **)nargv)[cstart] = swap; } } } /* * getopt_internal -- * Parse argc/argv argument vector. Called by user level routines. * Returns -2 if -- is found (can be long option or end of options marker). */ static int getopt_internal(int nargc, char * const *nargv, const char *options) { char *oli; /* option letter list index */ int optchar; assert(nargv != NULL); assert(options != NULL); optarg = NULL; /* * XXX Some programs (like rsyncd) expect to be able to * XXX re-initialize optind to 0 and have getopt_long(3) * XXX properly function again. Work around this braindamage. */ if (optind == 0) optind = 1; start: if (!*place) { /* update scanning pointer */ if (optind >= nargc) { /* end of argument vector */ place = EMSG; if (nonopt_end != -1) { /* do permutation, if we have to */ permute_args(nonopt_start, nonopt_end, optind, nargv); optind -= nonopt_end - nonopt_start; } else if (nonopt_start != -1) { /* * If we skipped non-options, set optind * to the first of them. */ optind = nonopt_start; } nonopt_start = nonopt_end = -1; return -1; } if ((*(place = nargv[optind]) != '-') || (place[1] == '\0')) { /* found non-option */ place = EMSG; if (IN_ORDER) { /* * GNU extension: * return non-option as argument to option 1 */ optarg = nargv[optind++]; return INORDER; } if (!PERMUTE) { /* * if no permutation wanted, stop parsing * at first non-option */ return -1; } /* do permutation */ if (nonopt_start == -1) nonopt_start = optind; else if (nonopt_end != -1) { permute_args(nonopt_start, nonopt_end, optind, nargv); nonopt_start = optind - (nonopt_end - nonopt_start); nonopt_end = -1; } optind++; /* process next argument */ goto start; } if (nonopt_start != -1 && nonopt_end == -1) nonopt_end = optind; if (place[1] && *++place == '-') { /* found "--" */ place++; return -2; } } if ((optchar = (int)*place++) == (int)':' || (oli = strchr(options + (IGNORE_FIRST ? 1 : 0), optchar)) == NULL) { /* option letter unknown or ':' */ if (!*place) ++optind; if (PRINT_ERROR) fprintf(stderr, illoptchar, optchar); optopt = optchar; return BADCH; } if (optchar == 'W' && oli[1] == ';') { /* -W long-option */ /* XXX: what if no long options provided (called by getopt)? */ if (*place) return -2; if (++optind >= nargc) { /* no arg */ place = EMSG; if (PRINT_ERROR) fprintf(stderr, recargchar, optchar); optopt = optchar; return BADARG; } else /* white space */ place = nargv[optind]; /* * Handle -W arg the same as --arg (which causes getopt to * stop parsing). */ return -2; } if (*++oli != ':') { /* doesn't take argument */ if (!*place) ++optind; } else { /* takes (optional) argument */ optarg = NULL; if (*place) /* no white space */ optarg = place; /* XXX: disable test for :: if PC? (GNU doesn't) */ else if (oli[1] != ':') { /* arg not optional */ if (++optind >= nargc) { /* no arg */ place = EMSG; if (PRINT_ERROR) fprintf(stderr, recargchar, optchar); optopt = optchar; return BADARG; } else optarg = nargv[optind]; } place = EMSG; ++optind; } /* dump back option letter */ return optchar; } /* * getopt_long -- * Parse argc/argv argument vector. */ int getopt_long(int nargc, char * const *nargv, const char *options, const struct option *long_options, int *idx) { int retval; assert(nargv != NULL); assert(options != NULL); assert(long_options != NULL); /* idx may be NULL */ if ((retval = getopt_internal(nargc, nargv, options)) == -2) { char *current_argv, *has_equal; size_t current_argv_len; int i, match; current_argv = place; match = -1; optind++; place = EMSG; if (*current_argv == '\0') { /* found "--" */ /* * We found an option (--), so if we skipped * non-options, we have to permute. */ if (nonopt_end != -1) { permute_args(nonopt_start, nonopt_end, optind, nargv); optind -= nonopt_end - nonopt_start; } nonopt_start = nonopt_end = -1; return -1; } if ((has_equal = strchr(current_argv, '=')) != NULL) { /* argument found (--option=arg) */ current_argv_len = has_equal - current_argv; has_equal++; } else current_argv_len = strlen(current_argv); for (i = 0; long_options[i].name; i++) { /* find matching long option */ if (strncmp(current_argv, long_options[i].name, current_argv_len)) continue; if (strlen(long_options[i].name) == (unsigned)current_argv_len) { /* exact match */ match = i; break; } if (match == -1) /* partial match */ match = i; else { /* ambiguous abbreviation */ if (PRINT_ERROR) fprintf(stderr, ambig, (int)current_argv_len, current_argv); optopt = 0; return BADCH; } } if (match != -1) { /* option found */ if (long_options[match].has_arg == no_argument && has_equal) { if (PRINT_ERROR) fprintf(stderr, noarg, (int)current_argv_len, current_argv); /* * XXX: GNU sets optopt to val regardless of * flag */ if (long_options[match].flag == NULL) optopt = long_options[match].val; else optopt = 0; return BADARG; } if (long_options[match].has_arg == required_argument || long_options[match].has_arg == optional_argument) { if (has_equal) optarg = has_equal; else if (long_options[match].has_arg == required_argument) { /* * optional argument doesn't use * next nargv */ optarg = nargv[optind++]; } } if ((long_options[match].has_arg == required_argument) && (optarg == NULL)) { /* * Missing argument; leading ':' * indicates no error should be generated */ if (PRINT_ERROR) fprintf(stderr, recargstring, current_argv); /* * XXX: GNU sets optopt to val regardless * of flag */ if (long_options[match].flag == NULL) optopt = long_options[match].val; else optopt = 0; --optind; return BADARG; } } else { /* unknown option */ if (PRINT_ERROR) fprintf(stderr, illoptstring, current_argv); optopt = 0; return BADCH; } if (long_options[match].flag) { *long_options[match].flag = long_options[match].val; retval = 0; } else retval = long_options[match].val; if (idx) *idx = match; } return retval; } #endif /* !GETOPT_LONG */ myproxy-6.2.16/myproxy-admin-addservice0000755000175100017510000001450314557142036015144 00000000000000#!/usr/bin/perl # myproxy admin adduser/addservice script # generates a certificate request using grid-cert-request # signs the request using grid-ca-sign # and stores the credential in the repository using # myproxy-admin-load-credential use File::Temp qw(tempdir); use File::Basename; use IPC::Open3; # check for program dependencies chomp($grid_cert_request = `which grid-cert-request 2>/dev/null`); if (!(-x $grid_cert_request)) { print STDERR "Error: grid-cert-request not found.\n"; exit 1; } chomp($grid_ca_sign = `which grid-ca-sign 2>/dev/null`); if (!(-x $grid_ca_sign)) { print STDERR "Error: grid-ca-sign not found.\n"; print STDERR "Is the Simple CA package installed?\n"; exit 1; } chomp($mpalc = `which myproxy-admin-load-credential 2>/dev/null`); if (!(-x $mpalc)) { print STDERR "Error: myproxy-admin-load-credential not found.\n"; print STDERR "Is MyProxy installed in $ENV{GLOBUS_LOCATION}?\n"; exit 1; } chomp($grid_cert_info = `which grid-cert-info 2>/dev/null`); if (!(-x $grid_cert_info)) { print STDERR "Error: grid-cert-info not found.\n"; exit 1; } $cmdname = basename($0); # handle arguments use Getopt::Long; our ($opt_h, $opt_u, $opt_v, $opt_c, $opt_p, $opt_s, $opt_l, $opt_t, $opt_a, $opt_A, $opt_x, $opt_X, $opt_r, $opt_R, $opt_n, $opt_d, $opt_k, $opt_K, $opt_Z, $opt_E); $result = GetOptions('h', 'u', 'v', 'c=s', 'p=s', 'l=s', 't=i', 'a', 'A', 'x', 'X', 'r=s', 'R=s', 'n', 'd', 'k=s', 'K=s', 'Z=s', 'E=s'); if ((!$result) || $opt_h || $opt_u) { print STDERR <<"EOF"; Syntax: $0 [-c cn] [-l username] ... $0 [-usage|-help] Options -h Displays usage -u -v Display debugging messages -c Common Name for new credential -s Credential storage directory -l Credential username -t Max. lifetime of delegated proxies -p Set CA private key password using openssl format (see the PASS PHRASE ARGUMENTS section in the openssl(1) man page) -a Allow credentials to be retrieved with just username/passphrase -A Allow credentials to be renewed by any client (not recommended) -x Set regular expression matching mode for following policy options -X Set CN matching mode (default) for following policy options -r Allow specified entity to retrieve credential -R Allow specified entity to renew credential -Z Allow specified entity to retrieve credential w/o passphrase -E Allow specified entity to retrieve credential key -n Disable passphrase authentication -d Use the proxy certificate subject as username -k Specifies credential name -K Specifies credential description EOF exit(1); } #grid-cert-request if (!$opt_c) { print "Enter common name for the certificate: "; chop($opt_c = ); } $tmp_dir_name = tempdir("myproxy_adduser_XXXXXX", TMPDIR => 1, CLEANUP => 1); $prefix="myproxy_adduser_"; $certfile = "${tmp_dir_name}/${prefix}cert.pem"; $reqfile = "${tmp_dir_name}/${prefix}cert_request.pem"; $keyfile = "${tmp_dir_name}/${prefix}key.pem"; if ($opt_v) { print "temporary directory is: $tmp_dir_name\n"; } @args = ("grid-cert-request", "-cn", $opt_c, "-prefix", $prefix, "-dir", $tmp_dir_name, "-force"); push(@args, "-nopassphrase") if ($opt_n); &runcmd(@args); #grid-ca-sign @args = ("grid-ca-sign", "-in", $reqfile, "-out", $certfile, "-force"); if ($opt_p) { push(@args, "-passin"); push(@args, $opt_p); } if ($opt_v) { print "running command:\n@args\n"; } if (system(@args)) { print STDERR "grid-ca-sign failed.\n"; &cleanup(); exit 1; } #myproxy-alcf if (!$opt_l && !$opt_d) { print "Enter username [use DN by default]: "; chop ($opt_l = ); if (length $opt_l == 0) { $opt_d = 1; } } @args = ("myproxy-admin-load-credential", "-c", $certfile, "-y", $keyfile); if ($opt_s) { push(@args, "-s"); push(@args, $opt_s); } if ($opt_l) { push(@args, "-l"); push(@args, $opt_l); } if ($opt_t) { push(@args, "-t"); push(@args, $opt_t); } push(@args, "-a") if ($opt_a); push(@args, "-A") if ($opt_A); push(@args, "-x") if ($opt_x); push(@args, "-X") if ($opt_X); if ($opt_r) { push(@args, "-r"); push(@args, $opt_r); } if ($opt_R) { push(@args, "-R"); push(@args, $opt_R); } if ($opt_Z) { push(@args, "-Z"); push(@args, $opt_Z); } if ($opt_E) { push(@args, "-E"); push(@args, $opt_E); } elsif ($cmdname eq "myproxy-admin-addservice") { push(@args, "-x"); push(@args, "-E"); push(@args, "\*"); } push(@args, "-d") if ($opt_d); if ($opt_k) { push(@args, "-k"); push(@args, $opt_k); } elsif ($opt_c && $cmdname eq "myproxy-admin-addservice") { push(@args, "-k"); push(@args, $opt_c); } if ($opt_K) { push(@args, "-K"); push(@args, $opt_K); } if ($opt_v) { print "running command:\n@args\n"; } if (system(@args)) { print STDERR "myproxy-admin-load-credential failed.\n"; &cleanup(); exit 1; } print "Certificate subject is:\n"; @args = ("grid-cert-info", "-subject", "-file", $certfile); system(@args); &cleanup(); exit 0; sub cleanup { unlink($certfile) if (defined($certfile)); unlink($reqfile) if (defined($reqfile)); if (defined($keyfile)) { &wipefile($keyfile); unlink($keyfile); } # temporary directory is automatically removed by File::Temp } sub wipefile { local($filename) = @_; $size = (stat($filename))[7]; return if (!defined($size) || !$size); return if (!open(WIPEFILE, '>', $filename)); for ($i = 0; $i < $size; $i++) { print WIPEFILE "\0"; } close(WIPEFILE); } sub runcmd { @args = @_; if ($opt_v) { print "running command:\n@args\n"; } $pid = open3(*Writer, *Reader, '', @args); close(Writer); @output = ; $output = join('', @output); close(Reader); waitpid($pid, 0); if ($?) { print STDERR $args[0], " failed:\n"; print STDERR $output; exit 1; } elsif ($opt_v) { print "command output:\n$output\n"; } } myproxy-6.2.16/myproxy.init0000644000175100017510000000446614557142036012715 00000000000000#!/bin/sh # # myproxy-server - Server for X.509 Public Key Infrastructure (PKI) security credentials # # chkconfig: - 55 25 # description: Server for X.509 Public Key Infrastructure (PKI) security credentials # ### BEGIN INIT INFO # Provides: myproxy-server # Required-Start: $remote_fs $network $syslog # Required-Stop: $remote_fs $syslog # Should-Start: $syslog # Should-Stop: $network $syslog # Default-Stop: # Default-Start: # Short-Description: Startup the MyProxy server daemon # Description: Server for X.509 Public Key Infrastructure (PKI) security credentials ### END INIT INFO # Source function library. . /etc/rc.d/init.d/functions exec="/usr/sbin/myproxy-server" prog=$(basename $exec) # Defaults MYPROXY_USER=myproxy MYPROXY_OPTIONS="-s /var/lib/myproxy" X509_USER_CERT=/etc/grid-security/myproxy/hostcert.pem X509_USER_KEY=/etc/grid-security/myproxy/hostkey.pem # Override defaults here. [ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog # A few sanity checks [ ! -r $X509_USER_KEY ] && echo -n "$prog: No hostkey file" && failure && echo && exit 5 [ ! -r $X509_USER_CERT ] && echo -n "$prog: No hostcert file" && failure && echo && exit 5 lockfile=/var/lock/subsys/$prog start() { status $prog > /dev/null && echo -n $"$prog already running: " && success && echo && exit 0 echo -n $"Starting $prog: " daemon --user $MYPROXY_USER X509_USER_CERT=$X509_USER_CERT X509_USER_KEY=$X509_USER_KEY $exec $MYPROXY_OPTIONS retval=$? echo [ $retval -eq 0 ] && touch $lockfile return $retval } stop() { echo -n $"Stopping $prog: " killproc $prog retval=$? echo [ $retval -eq 0 ] && rm -f $lockfile return $retval } restart() { stop start } case "$1" in start|stop|restart) $1 ;; force-reload) restart ;; status) status $prog ;; try-restart|condrestart) if status $prog >/dev/null ; then restart fi ;; reload) # If config can be reloaded without restarting, implement it here, # remove the "exit", and add "reload" to the usage message below. # For example: status $prog >/dev/null || exit 7 killproc $prog -HUP ;; *) echo $"Usage: $0 {start|stop|status|restart|reload|try-restart|force-reload}" exit 2 esac myproxy-6.2.16/safe_is_path_trusted.h0000644000175100017510000000274714557142036014651 00000000000000#ifndef SAFE_IS_PATH_TRUSTED_H_ #define SAFE_IS_PATH_TRUSTED_H_ /* * safefile package http://www.cs.wisc.edu/~kupsch/safefile * * Copyright 2007-2008 James A. Kupsch * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #include #include struct safe_id_range_list; #ifndef SAFE_IS_PATH_TRUSTED_RETRY_MAX #define SAFE_IS_PATH_TRUSTED_RETRY_MAX 50 #endif enum { SAFE_PATH_ERROR = -1, SAFE_PATH_UNTRUSTED, SAFE_PATH_TRUSTED_STICKY_DIR, SAFE_PATH_TRUSTED, SAFE_PATH_TRUSTED_CONFIDENTIAL }; int safe_is_path_trusted( const char *pathname, struct safe_id_range_list *trusted_uids, struct safe_id_range_list *trusted_gids ); int safe_is_path_trusted_fork( const char *pathname, struct safe_id_range_list *trusted_uids, struct safe_id_range_list *trusted_gids ); int safe_is_path_trusted_r( const char *pathname, struct safe_id_range_list *trusted_uids, struct safe_id_range_list *trusted_gids ); #endif myproxy-6.2.16/myproxy_delegation.c0000644000175100017510000001022014557142036014350 00000000000000#include "myproxy_common.h" /* all needed headers included here */ int myproxy_set_delegation_defaults( myproxy_socket_attrs_t *socket_attrs, myproxy_request_t *client_request) { char *pshost; client_request->version = strdup(MYPROXY_VERSION); client_request->command_type = MYPROXY_GET_PROXY; pshost = getenv("MYPROXY_SERVER"); if (pshost != NULL) { socket_attrs->pshost = strdup(pshost); } client_request->proxy_lifetime = 60*60*MYPROXY_DEFAULT_DELEG_HOURS; if (getenv("MYPROXY_SERVER_PORT")) { socket_attrs->psport = atoi(getenv("MYPROXY_SERVER_PORT")); } else { socket_attrs->psport = MYPROXY_SERVER_PORT; } return 0; } int myproxy_get_delegation( myproxy_socket_attrs_t *socket_attrs, myproxy_request_t *client_request, char *certfile, /* for backward compatibility. use client_request->authzcreds instead. */ myproxy_response_t *server_response, char *outfile) { char *credentials = NULL; char *request_buffer = NULL; int requestlen, credential_len; myproxy_request_t tmp_request = { 0 }; assert(socket_attrs != NULL); assert(client_request != NULL); assert(server_response != NULL); /* Compatibility with older API. Caller's client_request struct may not have the new authzcreds member, so we need a new struct. */ if (certfile != NULL) { tmp_request.version = client_request->version; tmp_request.username = client_request->username; tmp_request.command_type = client_request->command_type; tmp_request.proxy_lifetime = client_request->proxy_lifetime; tmp_request.credname = client_request->credname; tmp_request.authzcreds = certfile; strcpy(tmp_request.passphrase, client_request->passphrase); client_request = &tmp_request; } /* Set up client socket attributes */ if (socket_attrs->gsi_socket == NULL) { if (myproxy_init_client(socket_attrs) < 0) { return(1); } } /* Attempt anonymous-mode credential retrieval if we don't have a credential. */ GSI_SOCKET_allow_anonymous(socket_attrs->gsi_socket, 1); /* Authenticate client to server */ if (GSI_SOCKET_context_established(socket_attrs->gsi_socket) == 0) { if (myproxy_authenticate_init(socket_attrs, NULL) < 0) { return(1); } } /* Serialize client request object */ requestlen = myproxy_serialize_request_ex(client_request, &request_buffer); if (requestlen < 0) { return(1); } /* Send request to the myproxy-server */ if (myproxy_send(socket_attrs, request_buffer, requestlen) < 0) { return(1); } free(request_buffer); request_buffer = 0; /* Continue unless the response is not OK */ if (myproxy_recv_response_ex(socket_attrs, server_response, client_request) != 0) { return(1); } if (!outfile) { return(0); /* if no outfile specified, just do auth */ } if (client_request->certreq) { /* client supplied cert request */ if (myproxy_request_cert(socket_attrs, client_request->certreq, &credentials, &credential_len) < 0) { return 1; } } else { /* Accept delegated credentials from server */ if (myproxy_accept_delegation_ex(socket_attrs, &credentials, &credential_len, NULL) < 0) { return(1); } } #if 0 /* response was lost in myproxy_accept_delegation() */ if (myproxy_recv_response(socket_attrs, server_response) < 0) { return(1); } #endif if (outfile[0] == '-' && outfile[1] == '\0') { printf("%.*s", credential_len, credentials); } else { int fd; unlink(outfile); if ((fd = open(outfile, O_CREAT | O_EXCL | O_WRONLY, S_IRUSR | S_IWUSR)) < 0) { verror_put_string("open(%s) failed: %s\n", outfile, strerror(errno)); return(1); } if (write(fd, credentials, credential_len) == -1) { verror_put_errno(errno); verror_put_string("error writing %s", outfile); close(fd); return(1); } close(fd); } memset(credentials, 0, credential_len); free(credentials); return(0); } myproxy-6.2.16/README.sasl0000644000175100017510000000073514557142036012115 00000000000000./configure --with-sasl2=/usr unset SASL_LIBRARY_PATH Run 'saslauthd -a pam'. Use /etc/init.d/saslauthd. Just change to set MECH=pam. create /usr/lib/sasl2/myproxy.conf containing: mech_list: plain pwcheck_method: saslauthd create /etc/pam.d/myproxy. for example: #%PAM-1.0 auth required pam_stack.so service=system-auth account required pam_stack.so service=system-auth password required pam_stack.so service=system-auth myproxy-get-delegation -n myproxy-6.2.16/pidfile.c0000644000175100017510000001313514557142036012052 00000000000000/*- * Copyright (c) 2005 Pawel Jakub Dawidek * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * modified Feb 28 2012 by Jim Basney * * replace #includes with myproxy_common.h * add struct pidfh definition * replace EDOOFUS with EINVAL * use POSIX open()/fcntl() instead of flopen() * return EINVAL if path==NULL * add #if !defined(HAVE_PIDFILE) wrapper so we only build if needed */ #if !defined(HAVE_PIDFILE) #include "myproxy_common.h" struct pidfh { int pf_fd; char pf_path[MAXPATHLEN + 1]; dev_t pf_dev; ino_t pf_ino; }; static int _pidfile_remove(struct pidfh *pfh, int freeit); static int pidfile_verify(struct pidfh *pfh) { struct stat sb; if (pfh == NULL || pfh->pf_fd == -1) return (EINVAL); /* * Check remembered descriptor. */ if (fstat(pfh->pf_fd, &sb) == -1) return (errno); if (sb.st_dev != pfh->pf_dev || sb.st_ino != pfh->pf_ino) return (EINVAL); return (0); } static int pidfile_read(const char *path, pid_t *pidptr) { char buf[16], *endptr; int error, fd, i; fd = open(path, O_RDONLY); if (fd == -1) return (errno); i = read(fd, buf, sizeof(buf) - 1); error = errno; /* Remember errno in case close() wants to change it. */ close(fd); if (i == -1) return (error); else if (i == 0) return (EAGAIN); buf[i] = '\0'; *pidptr = strtol(buf, &endptr, 10); if (endptr != &buf[i]) return (EINVAL); return (0); } /* Use fcntl() for POSIX file locking. Lock is released when file is closed. */ static int lock_file(int fd) { struct flock fl; fl.l_type = F_WRLCK; fl.l_whence = SEEK_SET; fl.l_start = 0; fl.l_len = 0; if (fcntl(fd, F_SETLK, &fl) < 0 ) { return -1; } return 0; } struct pidfh * pidfile_open(const char *path, mode_t mode, pid_t *pidptr) { struct pidfh *pfh; struct stat sb; int error, fd, len; pfh = malloc(sizeof(*pfh)); if (pfh == NULL) return (NULL); if (path == NULL) { free(pfh); errno = EINVAL; return (NULL); } else len = snprintf(pfh->pf_path, sizeof(pfh->pf_path), "%s", path); if (len >= (int)sizeof(pfh->pf_path)) { free(pfh); errno = ENAMETOOLONG; return (NULL); } /* * Open the PID file and obtain exclusive lock. */ fd = open(pfh->pf_path, O_WRONLY | O_CREAT, mode); if (fd == -1) { free(pfh); return (NULL); } if (lock_file(fd) < 0) { if (errno == 0 || errno == EAGAIN) { pidfile_read(pfh->pf_path, pidptr); errno = EEXIST; } free(pfh); return (NULL); } /* * Remember file information, so in pidfile_write() we are sure we write * to the proper descriptor. */ if (fstat(fd, &sb) == -1) { error = errno; unlink(pfh->pf_path); close(fd); free(pfh); errno = error; return (NULL); } pfh->pf_fd = fd; pfh->pf_dev = sb.st_dev; pfh->pf_ino = sb.st_ino; return (pfh); } int pidfile_write(struct pidfh *pfh) { char pidstr[16]; int error, fd; /* * Check remembered descriptor, so we don't overwrite some other * file if pidfile was closed and descriptor reused. */ errno = pidfile_verify(pfh); if (errno != 0) { /* * Don't close descriptor, because we are not sure if it's ours. */ return (-1); } fd = pfh->pf_fd; /* * Truncate PID file, so multiple calls of pidfile_write() are allowed. */ if (ftruncate(fd, 0) == -1) { error = errno; _pidfile_remove(pfh, 0); errno = error; return (-1); } snprintf(pidstr, sizeof(pidstr), "%u", getpid()); if (pwrite(fd, pidstr, strlen(pidstr), 0) != (ssize_t)strlen(pidstr)) { error = errno; _pidfile_remove(pfh, 0); errno = error; return (-1); } return (0); } int pidfile_close(struct pidfh *pfh) { int error; error = pidfile_verify(pfh); if (error != 0) { errno = error; return (-1); } if (close(pfh->pf_fd) == -1) error = errno; free(pfh); if (error != 0) { errno = error; return (-1); } return (0); } static int _pidfile_remove(struct pidfh *pfh, int freeit) { int error; error = pidfile_verify(pfh); if (error != 0) { errno = error; return (-1); } if (unlink(pfh->pf_path) == -1) error = errno; if (close(pfh->pf_fd) == -1) { if (error == 0) error = errno; } if (freeit) free(pfh); else pfh->pf_fd = -1; if (error != 0) { errno = error; return (-1); } return (0); } int pidfile_remove(struct pidfh *pfh) { return (_pidfile_remove(pfh, 1)); } #endif /* !defined(HAVE_PIDFILE) */ myproxy-6.2.16/myproxy-crl.cron0000755000175100017510000000107014557142036013460 00000000000000#!/bin/sh CRLDAYS=14 SIMPLECADIR="/home/globus/.globus/simpleCA" PASS="/home/globus/.globus/.simplecapass" CONF="$SIMPLECADIR/grid-ca-ssl.conf" CACERT="$SIMPLECADIR/cacert.pem" INDEX="$SIMPLECADIR/index.txt" HASH=`openssl x509 -noout -hash -in $CACERT` PEMCRL="$SIMPLECADIR/$HASH.r0" DERCRL="$SIMPLECADIR/$HASH.crl" if [ ! -e $INDEX ] ; then touch $INDEX fi openssl ca -gencrl -config $CONF -passin file:$PASS \ -crldays $CRLDAYS -out $PEMCRL.$$ && mv $PEMCRL.$$ $PEMCRL && openssl crl -outform DER -in $PEMCRL -out $DERCRL.$$ && mv $DERCRL.$$ $DERCRL exit 0