diff -urNp heimdal-0.8.1/admin/genpatreply.8 heimdal-0.8.1-epak/admin/genpatreply.8 --- heimdal-0.8.1/admin/genpatreply.8 1969-12-31 17:00:00.000000000 -0700 +++ heimdal-0.8.1-epak/admin/genpatreply.8 2007-05-08 17:03:43.000000000 -0600 @@ -0,0 +1,59 @@ +.\" Copyright (c) 2007 Phillip Hellewell +.\" (Brigham Young University, Utah, USA). +.\" All rights reserved. +.\" +.\" $Id$ +.\" +.Dd May 8, 2007 +.Dt GENPATREPLY 8 +.Os genpatreply 0.1 +.Sh NAME +.Nm genpatreply +.Nd create EPAK-REPLY message from EPAK-REQUEST message +.Sh SYNOPSIS +.Nm genpatreply +.Op Fl -version +.Op Fl -help +.Ar reqfile +.Ar repfile +.Sh DESCRIPTION +.Nm +creates an ASN.1 encoded EPAK-Reply message in +.Ar repfile , +given the ASN.1 encoded EPAK-Request message in +.Ar reqfile . +The EPAK-Reply includes an EPAK Ticket which is used to pre-authenticate +to a Kerberos 5 Authentication Server (AS). +.Pp +.Nm +is invoked by an Pre-Authentication Server after a successful +authentication for a given principal. +.Pp +The EPAK Ticket inside the EPAK-Reply is encrypted with the EPAK key, +which corresponds to the epakt/REALM service principal and resides in +the krb5.keytab file, which should always be kept secure and readable only +by root. As such, +.Nm +will only work when invoked by root. +.Pp +The EPAK-Reply also contains a session key which is sensitive and must only be +made accessible to the client who performed the successful trust negotiation. +To keep the session key secure, the +.Ar repfile +will be created with permission 600, and the contents of +.Ar repfile +must be transmitted to the client in a secure manner (e.g. via TLS). +.\".Sh ENVIRONMENT +.\".Sh FILES +.\".Sh EXAMPLES +.\".Sh DIAGNOSTICS +.Sh SEE ALSO +.Xr genpatrequest 1 , +.Xr savepat 1 , +.Xr kinit 1 , +.Xr klist 1 , +.Xr kdestroy 1 , +.\".Sh HISTORY +.Sh AUTHOR +Written by Phillip Hellewell, Brigham Young University +.\".Sh BUGS diff -urNp heimdal-0.8.1/admin/genpatreply.c heimdal-0.8.1-epak/admin/genpatreply.c --- heimdal-0.8.1/admin/genpatreply.c 1969-12-31 17:00:00.000000000 -0700 +++ heimdal-0.8.1-epak/admin/genpatreply.c 2007-06-07 11:44:02.000000000 -0600 @@ -0,0 +1,245 @@ +/* + * Copyright (c) 2007 Phillip Hellewell + * Brigham Young University + * All rights reserved. + */ + +#include "ktutil_locl.h" +RCSID("$Id$"); + +#undef ALLOC +#define ALLOC(X) ((X) = malloc(sizeof(*(X)))) + +int g_version_flag = 0; +int g_help_flag = 0; + +static struct getargs args[] = { + { "version", 0, arg_flag, &g_version_flag }, + { "help", 0, arg_flag, &g_help_flag } +}; + +static void +usage(int ret) +{ + arg_printusage(args, sizeof(args)/sizeof(*args), NULL, "reqfile repfile"); + exit(ret); +} + +/* Create EPAK-REPLY given EPAK-REQUEST. + * Request will be verified for correctness. + * Return value: 0 for succes; nonzero for failure. */ +static epak_error_code +create_epak_reply(krb5_context context, + const EPAK_REQ* epak_req, + EPAK_REP* epak_rep) +{ + krb5_error_code ret; + epak_error_code epakret = 0; + krb5_realm pasrealm; + time_t now; + krb5_deltat maxlife; + KerberosTime starttime; + KerberosTime endtime; + EPAKTicket ticket; + krb5_keyblock sesskey; + krb5_crypto crypto; + krb5_keyblock* epakkey; + unsigned char* ticketbuf; + size_t ticketbuflen; + size_t len; + + /* Verify version number is valid. */ + if( epak_req->epakvno != epakvno ) + return EPAK_ERR_REQUEST_BAD_VERSION; + + /* Realm in request does not have to match my (PAS) realm. */ + ret = krb5_get_default_realm(context, &pasrealm); + if( ret ) + krb5_err(context, EPAK_ERR_KRB5, ret, "krb5_get_default_realm"); + /*if( strcmp(pasrealm, epak_req->epakdata.cprinc.realm) != 0 ) + return EPAK_ERR_REQUEST_REALM_MISMATCH;*/ + + /* Note: Don't verify that principal exists here. + * 1. PreAuth Server may not be on same computer as Kerberos AS + * 2. Principal name existance can be verified during AS-REQ */ + + /* Get current time (number of seconds since the epoch). */ + now = time(NULL); + if( now == (time_t)-1 ) + errx(EPAK_ERR_GENERIC, "get current time failed"); + + /* Read max lifetime from krb5.conf, or use hard-coded default if not found */ + maxlife = krb5_config_get_time_default(context, NULL, + EPAK_TICKET_DEFAULT_LIFETIME, + "libdefaults", + EPAK_TICKET_LIFETIME_NAME, + NULL); + + /* Set start/end time based on request and allowed range. + * Note: It is ok to create a ticket with starttime > endtime; + * it will just be a useless ticket */ + if( epak_req->epakdata.starttime ) { + starttime = *epak_req->epakdata.starttime; + if( starttime < now ) + starttime = now; + } else { + starttime = now; + } + endtime = epak_req->epakdata.endtime; + if( endtime > now + maxlife ) + endtime = now + maxlife; + + /* Create a random session key K(c,as). + * The kdc will use this session key (inside the EPAK Ticket) to + * encrypt the AS-REPLY, which normally would be encrypted with K(c) */ + ret = krb5_generate_random_keyblock(context, EPAK_ENCTYPE, &sesskey); + if( ret ) + krb5_err(context, EPAK_ERR_KRB5, ret, "krb5_generate_random_keyblock"); + + /* Setup EPAK Ticket. */ + krb5_copy_keyblock_contents(context, &sesskey, &ticket.key); + copy_Principal(&epak_req->epakdata.cprinc, &ticket.epakdata.cprinc); + ALLOC(ticket.epakdata.starttime); + *ticket.epakdata.starttime = starttime; + ticket.epakdata.endtime = endtime; + + /* Setup EPAK-REPLY, except for encrypted EPAK Ticket. */ + epak_rep->epakvno = epakvno; + copy_EPAKData(&ticket.epakdata, &epak_rep->epakdata); + copy_Realm(&pasrealm, &epak_rep->pasrealm); + krb5_copy_keyblock_contents(context, &sesskey, &epak_rep->key); + + /* Obtain EPAK key which will be used to encrypt the EPAK Ticket. */ + ret = read_epak_key(context, epak_req->epakdata.cprinc.realm, + pasrealm, &epakkey); + if( ret ) + krb5_err(context, EPAK_ERR_KRB5, ret, "read_epak_key"); + + /* Initialize crypto object with EPAK key. */ + ret = krb5_crypto_init(context, epakkey, EPAK_ENCTYPE, &crypto); + if( ret ) + krb5_err(context, EPAK_ERR_KRB5, ret, "krb5_crypto_init"); + + /* Create ASN.1 encoded EPAK Ticket buffer. */ + ASN1_MALLOC_ENCODE(EPAKTicket, ticketbuf, ticketbuflen, &ticket, &len, ret); + if( ret ) + krb5_err(context, EPAK_ERR_KRB5, ret, "Failed to encode EPAK Ticket"); + if( ticketbuflen != len ) + errx(EPAK_ERR_GENERIC, "Internal error in ASN.1 encoder"); + + /* Encrypt EPAK Ticket into EPAK-REPLY. */ + ret = krb5_encrypt_EncryptedData(context, crypto, + 0, /* usage not used */ + ticketbuf, ticketbuflen, + 0, /* kvno not used */ + &epak_rep->epakticket + ); + if( ret ) + krb5_err(context, EPAK_ERR_KRB5, ret, "krb5_encrypt_EncryptedData"); + + /* Cleanup. TODO: Zero out sensitive data before calling free. */ + free(ticketbuf); + krb5_free_keyblock(context, epakkey); + krb5_crypto_destroy(context, crypto); + free(pasrealm); + free_EPAKTicket(&ticket); + krb5_free_keyblock_contents(context, &sesskey); + + return epakret; +} + +/* Write EPAK-REPLY to ASN.1 encoded file. */ +static void +write_epak_reply(krb5_context context, const char* repfile, const EPAK_REP* epak_rep) +{ + krb5_error_code ret; + epak_error_code epakret; + unsigned char* buf; + size_t buf_size; + size_t len; + + /* Encode EPAK_REP stucture to ASN.1 buffer. */ + ASN1_MALLOC_ENCODE(EPAK_REP, buf, buf_size, epak_rep, &len, ret); + if( ret ) + krb5_err(context, EPAK_ERR_KRB5, ret, "Failed to encode EPAK-REPLY"); + if( buf_size != len ) + errx(EPAK_ERR_GENERIC, "Internal error in ASN.1 encoder"); + + /* Write ASN.1 buffer to file. */ + epakret = save_buf_to_file(buf, buf_size, repfile); + if( epakret ) + errx(epakret, "Error writing epak reply file: %s", repfile); + + EPAKDEBUG2("write_epak_reply: SUCCESS: Created file: %s\n", repfile); + + free(buf); +} + +int main(int argc, char **argv) +{ + krb5_context context; + krb5_error_code ret; + int optind = 0; + char* reqfile = NULL; + char* repfile = NULL; + EPAK_REQ epak_req; /* EPAK-REQUEST */ + EPAK_REP epak_rep; /* EPAK-REPLY */ + + setprogname(argv[0]); + + EPAKDEBUG_SHOW_CMDLINE(); + + if( getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind) ) + usage(EPAK_ERR_CMDLINE); + + if( g_help_flag ) + usage(0); + + if( g_version_flag ) { + printf("genpatreply version %d, (Heimdal version 0.8.1)\n", epakvno); + printf("Copyright (c) 2007 Phillip Hellewell\n"); + exit(0); + } + + argc -= optind; + argv += optind; + + /* Set input (request) and output (reply) files. Both are required args. */ + if( argc < 2 ) + usage(EPAK_ERR_CMDLINE); + reqfile = argv[0]; + repfile = argv[1]; + + /* Initialize Kerberos 5. */ + ret = krb5_init_context(&context); + if( ret ) + errx(EPAK_ERR_KRB5, "krb5_context"); + + /* Read and decode request file which contains a EPAK-REQUEST. */ + read_epak_request(context, reqfile, &epak_req); + +#ifdef EPAKDEBUG + EPAKDEBUG1("Read EPAK-REQUEST:\n"); + show_epak_request(context, &epak_req); +#endif + + /* Create EPAK-REPLY given EPAK-REQUEST. */ + ret = create_epak_reply(context, &epak_req, &epak_rep); + if( ret ) + errx(ret, "create_epak_reply failed with error: %d", ret); + +#ifdef EPAKDEBUG + EPAKDEBUG1("Prepared EPAK-REPLY:\n"); + show_epak_reply(context, &epak_rep); +#endif + + /* Write EPAK-REPLY to output file */ + write_epak_reply(context, repfile, &epak_rep); + + /* Cleanup. */ + free_EPAK_REQ(&epak_req); + free_EPAK_REP(&epak_rep); + krb5_free_context(context); + return 0; +} + diff -urNp heimdal-0.8.1/admin/genpatreply.cat8 heimdal-0.8.1-epak/admin/genpatreply.cat8 --- heimdal-0.8.1/admin/genpatreply.cat8 1969-12-31 17:00:00.000000000 -0700 +++ heimdal-0.8.1-epak/admin/genpatreply.cat8 2007-06-07 12:11:15.000000000 -0600 @@ -0,0 +1,35 @@ +GENPATREPLY(8) BSD System Manager's Manual GENPATREPLY(8) + +NNAAMMEE + ggeennppaattrreeppllyy -- create EPAK-REPLY message from EPAK-REQUEST message + +SSYYNNOOPPSSIISS + ggeennppaattrreeppllyy [----vveerrssiioonn] [----hheellpp] _r_e_q_f_i_l_e _r_e_p_f_i_l_e + +DDEESSCCRRIIPPTTIIOONN + ggeennppaattrreeppllyy creates an ASN.1 encoded EPAK-Reply message in _r_e_p_f_i_l_e, given + the ASN.1 encoded EPAK-Request message in _r_e_q_f_i_l_e. The EPAK-Reply + includes an EPAK Ticket which is used to pre-authenticate to a Kerberos 5 + Authentication Server (AS). + + ggeennppaattrreeppllyy is invoked by an Pre-Authentication Server after a successful + authentication for a given principal. + + The EPAK Ticket inside the EPAK-Reply is encrypted with the EPAK key, + which corresponds to the epakt/REALM service principal and resides in the + krb5.keytab file, which should always be kept secure and readable only by + root. As such, ggeennppaattrreeppllyy will only work when invoked by root. + + The EPAK-Reply also contains a session key which is sensitive and must + only be made accessible to the client who performed the successful trust + negotiation. To keep the session key secure, the _r_e_p_f_i_l_e will be created + with permission 600, and the contents of _r_e_p_f_i_l_e must be transmitted to + the client in a secure manner (e.g. via TLS). + +SSEEEE AALLSSOO + genpatrequest(1), savepat(1), kinit(1), klist(1), kdestroy(1), + +AAUUTTHHOORR + Written by Phillip Hellewell, Brigham Young University + +genpatreply 0.1 May 8, 2007 genpatreply 0.1 diff -urNp heimdal-0.8.1/admin/ktutil_locl.h heimdal-0.8.1-epak/admin/ktutil_locl.h --- heimdal-0.8.1/admin/ktutil_locl.h 2007-04-23 10:24:38.000000000 -0600 +++ heimdal-0.8.1-epak/admin/ktutil_locl.h 2007-05-08 16:03:25.000000000 -0600 @@ -63,6 +63,10 @@ #include #include +#ifdef EPAK +#include +#endif + extern krb5_context context; extern int verbose_flag; diff -urNp heimdal-0.8.1/admin/Makefile.am heimdal-0.8.1-epak/admin/Makefile.am --- heimdal-0.8.1/admin/Makefile.am 2007-04-23 10:24:38.000000000 -0600 +++ heimdal-0.8.1-epak/admin/Makefile.am 2007-05-08 15:07:44.000000000 -0600 @@ -6,9 +6,14 @@ AM_CPPFLAGS += $(INCLUDE_readline) $(INC SLC = $(top_builddir)/lib/sl/slc -man_MANS = ktutil.8 +if EPAK +genpatreply_man = genpatreply.8 +genpatreply_prog = genpatreply +endif -sbin_PROGRAMS = ktutil +man_MANS = ktutil.8 $(genpatreply_man) + +sbin_PROGRAMS = ktutil $(genpatreply_prog) dist_ktutil_SOURCES = \ add.c \ @@ -32,6 +37,15 @@ CLEANFILES = ktutil-commands.h ktutil-co ktutil-commands.c ktutil-commands.h: ktutil-commands.in $(SLC) $(srcdir)/ktutil-commands.in +if EPAK +genpatreply_SOURCES = genpatreply.c +genpatreply_LDADD = \ + $(top_builddir)/lib/krb5/libkrb5.la \ + $(top_builddir)/lib/asn1/libasn1.la \ + $(top_builddir)/lib/epak/libepak.la \ + $(LIB_roken) +endif + LDADD = \ $(top_builddir)/lib/kadm5/libkadm5clnt.la \ $(top_builddir)/lib/krb5/libkrb5.la \ diff -urNp heimdal-0.8.1/admin/Makefile.in heimdal-0.8.1-epak/admin/Makefile.in --- heimdal-0.8.1/admin/Makefile.in 2007-04-23 10:25:50.000000000 -0600 +++ heimdal-0.8.1-epak/admin/Makefile.in 2007-06-07 12:10:55.000000000 -0600 @@ -45,7 +45,7 @@ host_triplet = @host@ DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \ $(top_srcdir)/Makefile.am.common \ $(top_srcdir)/cf/Makefile.am.common ChangeLog -sbin_PROGRAMS = ktutil$(EXEEXT) +sbin_PROGRAMS = ktutil$(EXEEXT) $(am__EXEEXT_1) subdir = admin ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ @@ -93,16 +93,25 @@ am__configure_deps = $(am__aclocal_m4_de mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/include/config.h CONFIG_CLEAN_FILES = +@EPAK_TRUE@am__EXEEXT_1 = genpatreply$(EXEEXT) am__installdirs = "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(man8dir)" sbinPROGRAMS_INSTALL = $(INSTALL_PROGRAM) PROGRAMS = $(sbin_PROGRAMS) +am__genpatreply_SOURCES_DIST = genpatreply.c +@EPAK_TRUE@am_genpatreply_OBJECTS = genpatreply.$(OBJEXT) +genpatreply_OBJECTS = $(am_genpatreply_OBJECTS) +am__DEPENDENCIES_1 = +@EPAK_TRUE@genpatreply_DEPENDENCIES = \ +@EPAK_TRUE@ $(top_builddir)/lib/krb5/libkrb5.la \ +@EPAK_TRUE@ $(top_builddir)/lib/asn1/libasn1.la \ +@EPAK_TRUE@ $(top_builddir)/lib/epak/libepak.la \ +@EPAK_TRUE@ $(am__DEPENDENCIES_1) dist_ktutil_OBJECTS = add.$(OBJEXT) change.$(OBJEXT) copy.$(OBJEXT) \ get.$(OBJEXT) ktutil.$(OBJEXT) list.$(OBJEXT) purge.$(OBJEXT) \ remove.$(OBJEXT) rename.$(OBJEXT) nodist_ktutil_OBJECTS = ktutil-commands.$(OBJEXT) ktutil_OBJECTS = $(dist_ktutil_OBJECTS) $(nodist_ktutil_OBJECTS) ktutil_LDADD = $(LDADD) -am__DEPENDENCIES_1 = ktutil_DEPENDENCIES = $(top_builddir)/lib/kadm5/libkadm5clnt.la \ $(top_builddir)/lib/krb5/libkrb5.la $(am__DEPENDENCIES_1) \ $(top_builddir)/lib/asn1/libasn1.la \ @@ -119,8 +128,9 @@ LTCOMPILE = $(LIBTOOL) --tag=CC --mode=c CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(AM_LDFLAGS) $(LDFLAGS) -o $@ -SOURCES = $(dist_ktutil_SOURCES) $(nodist_ktutil_SOURCES) -DIST_SOURCES = $(dist_ktutil_SOURCES) +SOURCES = $(genpatreply_SOURCES) $(dist_ktutil_SOURCES) \ + $(nodist_ktutil_SOURCES) +DIST_SOURCES = $(am__genpatreply_SOURCES_DIST) $(dist_ktutil_SOURCES) man8dir = $(mandir)/man8 MANS = $(man_MANS) ETAGS = etags @@ -170,6 +180,10 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ ENABLE_SHARED_FALSE = @ENABLE_SHARED_FALSE@ ENABLE_SHARED_TRUE = @ENABLE_SHARED_TRUE@ +EPAKDEBUG_FALSE = @EPAKDEBUG_FALSE@ +EPAKDEBUG_TRUE = @EPAKDEBUG_TRUE@ +EPAK_FALSE = @EPAK_FALSE@ +EPAK_TRUE = @EPAK_TRUE@ EXEEXT = @EXEEXT@ EXTRA_LIB45 = @EXTRA_LIB45@ F77 = @F77@ @@ -399,7 +413,9 @@ LIB_kafs = $(top_builddir)/lib/kafs/libk @KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la @DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la SLC = $(top_builddir)/lib/sl/slc -man_MANS = ktutil.8 +@EPAK_TRUE@genpatreply_man = genpatreply.8 +@EPAK_TRUE@genpatreply_prog = genpatreply +man_MANS = ktutil.8 $(genpatreply_man) dist_ktutil_SOURCES = \ add.c \ change.c \ @@ -416,6 +432,13 @@ nodist_ktutil_SOURCES = \ ktutil-commands.c CLEANFILES = ktutil-commands.h ktutil-commands.c +@EPAK_TRUE@genpatreply_SOURCES = genpatreply.c +@EPAK_TRUE@genpatreply_LDADD = \ +@EPAK_TRUE@ $(top_builddir)/lib/krb5/libkrb5.la \ +@EPAK_TRUE@ $(top_builddir)/lib/asn1/libasn1.la \ +@EPAK_TRUE@ $(top_builddir)/lib/epak/libepak.la \ +@EPAK_TRUE@ $(LIB_roken) + LDADD = \ $(top_builddir)/lib/kadm5/libkadm5clnt.la \ $(top_builddir)/lib/krb5/libkrb5.la \ @@ -487,6 +510,9 @@ clean-sbinPROGRAMS: echo " rm -f $$p $$f"; \ rm -f $$p $$f ; \ done +genpatreply$(EXEEXT): $(genpatreply_OBJECTS) $(genpatreply_DEPENDENCIES) + @rm -f genpatreply$(EXEEXT) + $(LINK) $(genpatreply_LDFLAGS) $(genpatreply_OBJECTS) $(genpatreply_LDADD) $(LIBS) ktutil$(EXEEXT): $(ktutil_OBJECTS) $(ktutil_DEPENDENCIES) @rm -f ktutil$(EXEEXT) $(LINK) $(ktutil_LDFLAGS) $(ktutil_OBJECTS) $(ktutil_LDADD) $(LIBS) diff -urNp heimdal-0.8.1/appl/afsutil/Makefile.in heimdal-0.8.1-epak/appl/afsutil/Makefile.in --- heimdal-0.8.1/appl/afsutil/Makefile.in 2007-04-23 10:25:51.000000000 -0600 +++ heimdal-0.8.1-epak/appl/afsutil/Makefile.in 2007-06-07 12:10:56.000000000 -0600 @@ -175,6 +175,10 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ ENABLE_SHARED_FALSE = @ENABLE_SHARED_FALSE@ ENABLE_SHARED_TRUE = @ENABLE_SHARED_TRUE@ +EPAKDEBUG_FALSE = @EPAKDEBUG_FALSE@ +EPAKDEBUG_TRUE = @EPAKDEBUG_TRUE@ +EPAK_FALSE = @EPAK_FALSE@ +EPAK_TRUE = @EPAK_TRUE@ EXEEXT = @EXEEXT@ EXTRA_LIB45 = @EXTRA_LIB45@ F77 = @F77@ diff -urNp heimdal-0.8.1/appl/dceutils/Makefile.in heimdal-0.8.1-epak/appl/dceutils/Makefile.in --- heimdal-0.8.1/appl/dceutils/Makefile.in 2007-04-23 10:25:51.000000000 -0600 +++ heimdal-0.8.1-epak/appl/dceutils/Makefile.in 2007-06-07 12:10:56.000000000 -0600 @@ -168,6 +168,10 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ ENABLE_SHARED_FALSE = @ENABLE_SHARED_FALSE@ ENABLE_SHARED_TRUE = @ENABLE_SHARED_TRUE@ +EPAKDEBUG_FALSE = @EPAKDEBUG_FALSE@ +EPAKDEBUG_TRUE = @EPAKDEBUG_TRUE@ +EPAK_FALSE = @EPAK_FALSE@ +EPAK_TRUE = @EPAK_TRUE@ EXEEXT = @EXEEXT@ EXTRA_LIB45 = @EXTRA_LIB45@ F77 = @F77@ diff -urNp heimdal-0.8.1/appl/ftp/common/Makefile.in heimdal-0.8.1-epak/appl/ftp/common/Makefile.in --- heimdal-0.8.1/appl/ftp/common/Makefile.in 2007-04-23 10:25:51.000000000 -0600 +++ heimdal-0.8.1-epak/appl/ftp/common/Makefile.in 2007-06-07 12:10:56.000000000 -0600 @@ -158,6 +158,10 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ ENABLE_SHARED_FALSE = @ENABLE_SHARED_FALSE@ ENABLE_SHARED_TRUE = @ENABLE_SHARED_TRUE@ +EPAKDEBUG_FALSE = @EPAKDEBUG_FALSE@ +EPAKDEBUG_TRUE = @EPAKDEBUG_TRUE@ +EPAK_FALSE = @EPAK_FALSE@ +EPAK_TRUE = @EPAK_TRUE@ EXEEXT = @EXEEXT@ EXTRA_LIB45 = @EXTRA_LIB45@ F77 = @F77@ diff -urNp heimdal-0.8.1/appl/ftp/ftp/Makefile.in heimdal-0.8.1-epak/appl/ftp/ftp/Makefile.in --- heimdal-0.8.1/appl/ftp/ftp/Makefile.in 2007-04-23 10:25:52.000000000 -0600 +++ heimdal-0.8.1-epak/appl/ftp/ftp/Makefile.in 2007-06-07 12:10:57.000000000 -0600 @@ -178,6 +178,10 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ ENABLE_SHARED_FALSE = @ENABLE_SHARED_FALSE@ ENABLE_SHARED_TRUE = @ENABLE_SHARED_TRUE@ +EPAKDEBUG_FALSE = @EPAKDEBUG_FALSE@ +EPAKDEBUG_TRUE = @EPAKDEBUG_TRUE@ +EPAK_FALSE = @EPAK_FALSE@ +EPAK_TRUE = @EPAK_TRUE@ EXEEXT = @EXEEXT@ EXTRA_LIB45 = @EXTRA_LIB45@ F77 = @F77@ diff -urNp heimdal-0.8.1/appl/ftp/ftpd/Makefile.in heimdal-0.8.1-epak/appl/ftp/ftpd/Makefile.in --- heimdal-0.8.1/appl/ftp/ftpd/Makefile.in 2007-04-23 10:25:52.000000000 -0600 +++ heimdal-0.8.1-epak/appl/ftp/ftpd/Makefile.in 2007-06-07 12:10:57.000000000 -0600 @@ -185,6 +185,10 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ ENABLE_SHARED_FALSE = @ENABLE_SHARED_FALSE@ ENABLE_SHARED_TRUE = @ENABLE_SHARED_TRUE@ +EPAKDEBUG_FALSE = @EPAKDEBUG_FALSE@ +EPAKDEBUG_TRUE = @EPAKDEBUG_TRUE@ +EPAK_FALSE = @EPAK_FALSE@ +EPAK_TRUE = @EPAK_TRUE@ EXEEXT = @EXEEXT@ EXTRA_LIB45 = @EXTRA_LIB45@ F77 = @F77@ diff -urNp heimdal-0.8.1/appl/ftp/Makefile.in heimdal-0.8.1-epak/appl/ftp/Makefile.in --- heimdal-0.8.1/appl/ftp/Makefile.in 2007-04-23 10:25:51.000000000 -0600 +++ heimdal-0.8.1-epak/appl/ftp/Makefile.in 2007-06-07 12:10:56.000000000 -0600 @@ -149,6 +149,10 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ ENABLE_SHARED_FALSE = @ENABLE_SHARED_FALSE@ ENABLE_SHARED_TRUE = @ENABLE_SHARED_TRUE@ +EPAKDEBUG_FALSE = @EPAKDEBUG_FALSE@ +EPAKDEBUG_TRUE = @EPAKDEBUG_TRUE@ +EPAK_FALSE = @EPAK_FALSE@ +EPAK_TRUE = @EPAK_TRUE@ EXEEXT = @EXEEXT@ EXTRA_LIB45 = @EXTRA_LIB45@ F77 = @F77@ diff -urNp heimdal-0.8.1/appl/gssmask/Makefile.in heimdal-0.8.1-epak/appl/gssmask/Makefile.in --- heimdal-0.8.1/appl/gssmask/Makefile.in 2007-04-23 10:25:52.000000000 -0600 +++ heimdal-0.8.1-epak/appl/gssmask/Makefile.in 2007-06-07 12:10:57.000000000 -0600 @@ -165,6 +165,10 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ ENABLE_SHARED_FALSE = @ENABLE_SHARED_FALSE@ ENABLE_SHARED_TRUE = @ENABLE_SHARED_TRUE@ +EPAKDEBUG_FALSE = @EPAKDEBUG_FALSE@ +EPAKDEBUG_TRUE = @EPAKDEBUG_TRUE@ +EPAK_FALSE = @EPAK_FALSE@ +EPAK_TRUE = @EPAK_TRUE@ EXEEXT = @EXEEXT@ EXTRA_LIB45 = @EXTRA_LIB45@ F77 = @F77@ diff -urNp heimdal-0.8.1/appl/kf/Makefile.in heimdal-0.8.1-epak/appl/kf/Makefile.in --- heimdal-0.8.1/appl/kf/Makefile.in 2007-04-23 10:25:52.000000000 -0600 +++ heimdal-0.8.1-epak/appl/kf/Makefile.in 2007-06-07 12:10:57.000000000 -0600 @@ -175,6 +175,10 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ ENABLE_SHARED_FALSE = @ENABLE_SHARED_FALSE@ ENABLE_SHARED_TRUE = @ENABLE_SHARED_TRUE@ +EPAKDEBUG_FALSE = @EPAKDEBUG_FALSE@ +EPAKDEBUG_TRUE = @EPAKDEBUG_TRUE@ +EPAK_FALSE = @EPAK_FALSE@ +EPAK_TRUE = @EPAK_TRUE@ EXEEXT = @EXEEXT@ EXTRA_LIB45 = @EXTRA_LIB45@ F77 = @F77@ diff -urNp heimdal-0.8.1/appl/kx/Makefile.in heimdal-0.8.1-epak/appl/kx/Makefile.in --- heimdal-0.8.1/appl/kx/Makefile.in 2007-04-23 10:25:52.000000000 -0600 +++ heimdal-0.8.1-epak/appl/kx/Makefile.in 2007-06-07 12:10:58.000000000 -0600 @@ -196,6 +196,10 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ ENABLE_SHARED_FALSE = @ENABLE_SHARED_FALSE@ ENABLE_SHARED_TRUE = @ENABLE_SHARED_TRUE@ +EPAKDEBUG_FALSE = @EPAKDEBUG_FALSE@ +EPAKDEBUG_TRUE = @EPAKDEBUG_TRUE@ +EPAK_FALSE = @EPAK_FALSE@ +EPAK_TRUE = @EPAK_TRUE@ EXEEXT = @EXEEXT@ EXTRA_LIB45 = @EXTRA_LIB45@ F77 = @F77@ diff -urNp heimdal-0.8.1/appl/login/Makefile.in heimdal-0.8.1-epak/appl/login/Makefile.in --- heimdal-0.8.1/appl/login/Makefile.in 2007-04-23 10:25:53.000000000 -0600 +++ heimdal-0.8.1-epak/appl/login/Makefile.in 2007-06-07 12:10:58.000000000 -0600 @@ -174,6 +174,10 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ ENABLE_SHARED_FALSE = @ENABLE_SHARED_FALSE@ ENABLE_SHARED_TRUE = @ENABLE_SHARED_TRUE@ +EPAKDEBUG_FALSE = @EPAKDEBUG_FALSE@ +EPAKDEBUG_TRUE = @EPAKDEBUG_TRUE@ +EPAK_FALSE = @EPAK_FALSE@ +EPAK_TRUE = @EPAK_TRUE@ EXEEXT = @EXEEXT@ EXTRA_LIB45 = @EXTRA_LIB45@ F77 = @F77@ diff -urNp heimdal-0.8.1/appl/Makefile.in heimdal-0.8.1-epak/appl/Makefile.in --- heimdal-0.8.1/appl/Makefile.in 2007-04-23 10:25:50.000000000 -0600 +++ heimdal-0.8.1-epak/appl/Makefile.in 2007-06-07 12:10:56.000000000 -0600 @@ -150,6 +150,10 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ ENABLE_SHARED_FALSE = @ENABLE_SHARED_FALSE@ ENABLE_SHARED_TRUE = @ENABLE_SHARED_TRUE@ +EPAKDEBUG_FALSE = @EPAKDEBUG_FALSE@ +EPAKDEBUG_TRUE = @EPAKDEBUG_TRUE@ +EPAK_FALSE = @EPAK_FALSE@ +EPAK_TRUE = @EPAK_TRUE@ EXEEXT = @EXEEXT@ EXTRA_LIB45 = @EXTRA_LIB45@ F77 = @F77@ diff -urNp heimdal-0.8.1/appl/otp/Makefile.in heimdal-0.8.1-epak/appl/otp/Makefile.in --- heimdal-0.8.1/appl/otp/Makefile.in 2007-04-23 10:25:53.000000000 -0600 +++ heimdal-0.8.1-epak/appl/otp/Makefile.in 2007-06-07 12:10:58.000000000 -0600 @@ -169,6 +169,10 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ ENABLE_SHARED_FALSE = @ENABLE_SHARED_FALSE@ ENABLE_SHARED_TRUE = @ENABLE_SHARED_TRUE@ +EPAKDEBUG_FALSE = @EPAKDEBUG_FALSE@ +EPAKDEBUG_TRUE = @EPAKDEBUG_TRUE@ +EPAK_FALSE = @EPAK_FALSE@ +EPAK_TRUE = @EPAK_TRUE@ EXEEXT = @EXEEXT@ EXTRA_LIB45 = @EXTRA_LIB45@ F77 = @F77@ diff -urNp heimdal-0.8.1/appl/popper/Makefile.in heimdal-0.8.1-epak/appl/popper/Makefile.in --- heimdal-0.8.1/appl/popper/Makefile.in 2007-04-23 10:25:53.000000000 -0600 +++ heimdal-0.8.1-epak/appl/popper/Makefile.in 2007-06-07 12:10:58.000000000 -0600 @@ -184,6 +184,10 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ ENABLE_SHARED_FALSE = @ENABLE_SHARED_FALSE@ ENABLE_SHARED_TRUE = @ENABLE_SHARED_TRUE@ +EPAKDEBUG_FALSE = @EPAKDEBUG_FALSE@ +EPAKDEBUG_TRUE = @EPAKDEBUG_TRUE@ +EPAK_FALSE = @EPAK_FALSE@ +EPAK_TRUE = @EPAK_TRUE@ EXEEXT = @EXEEXT@ EXTRA_LIB45 = @EXTRA_LIB45@ F77 = @F77@ diff -urNp heimdal-0.8.1/appl/push/Makefile.in heimdal-0.8.1-epak/appl/push/Makefile.in --- heimdal-0.8.1/appl/push/Makefile.in 2007-04-23 10:25:53.000000000 -0600 +++ heimdal-0.8.1-epak/appl/push/Makefile.in 2007-06-07 12:10:58.000000000 -0600 @@ -172,6 +172,10 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ ENABLE_SHARED_FALSE = @ENABLE_SHARED_FALSE@ ENABLE_SHARED_TRUE = @ENABLE_SHARED_TRUE@ +EPAKDEBUG_FALSE = @EPAKDEBUG_FALSE@ +EPAKDEBUG_TRUE = @EPAKDEBUG_TRUE@ +EPAK_FALSE = @EPAK_FALSE@ +EPAK_TRUE = @EPAK_TRUE@ EXEEXT = @EXEEXT@ EXTRA_LIB45 = @EXTRA_LIB45@ F77 = @F77@ diff -urNp heimdal-0.8.1/appl/rcp/Makefile.in heimdal-0.8.1-epak/appl/rcp/Makefile.in --- heimdal-0.8.1/appl/rcp/Makefile.in 2007-04-23 10:25:54.000000000 -0600 +++ heimdal-0.8.1-epak/appl/rcp/Makefile.in 2007-06-07 12:10:59.000000000 -0600 @@ -161,6 +161,10 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ ENABLE_SHARED_FALSE = @ENABLE_SHARED_FALSE@ ENABLE_SHARED_TRUE = @ENABLE_SHARED_TRUE@ +EPAKDEBUG_FALSE = @EPAKDEBUG_FALSE@ +EPAKDEBUG_TRUE = @EPAKDEBUG_TRUE@ +EPAK_FALSE = @EPAK_FALSE@ +EPAK_TRUE = @EPAK_TRUE@ EXEEXT = @EXEEXT@ EXTRA_LIB45 = @EXTRA_LIB45@ F77 = @F77@ diff -urNp heimdal-0.8.1/appl/rsh/Makefile.in heimdal-0.8.1-epak/appl/rsh/Makefile.in --- heimdal-0.8.1/appl/rsh/Makefile.in 2007-04-23 10:25:54.000000000 -0600 +++ heimdal-0.8.1-epak/appl/rsh/Makefile.in 2007-06-07 12:10:59.000000000 -0600 @@ -180,6 +180,10 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ ENABLE_SHARED_FALSE = @ENABLE_SHARED_FALSE@ ENABLE_SHARED_TRUE = @ENABLE_SHARED_TRUE@ +EPAKDEBUG_FALSE = @EPAKDEBUG_FALSE@ +EPAKDEBUG_TRUE = @EPAKDEBUG_TRUE@ +EPAK_FALSE = @EPAK_FALSE@ +EPAK_TRUE = @EPAK_TRUE@ EXEEXT = @EXEEXT@ EXTRA_LIB45 = @EXTRA_LIB45@ F77 = @F77@ diff -urNp heimdal-0.8.1/appl/su/Makefile.in heimdal-0.8.1-epak/appl/su/Makefile.in --- heimdal-0.8.1/appl/su/Makefile.in 2007-04-23 10:25:54.000000000 -0600 +++ heimdal-0.8.1-epak/appl/su/Makefile.in 2007-06-07 12:10:59.000000000 -0600 @@ -168,6 +168,10 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ ENABLE_SHARED_FALSE = @ENABLE_SHARED_FALSE@ ENABLE_SHARED_TRUE = @ENABLE_SHARED_TRUE@ +EPAKDEBUG_FALSE = @EPAKDEBUG_FALSE@ +EPAKDEBUG_TRUE = @EPAKDEBUG_TRUE@ +EPAK_FALSE = @EPAK_FALSE@ +EPAK_TRUE = @EPAK_TRUE@ EXEEXT = @EXEEXT@ EXTRA_LIB45 = @EXTRA_LIB45@ F77 = @F77@ diff -urNp heimdal-0.8.1/appl/telnet/libtelnet/Makefile.in heimdal-0.8.1-epak/appl/telnet/libtelnet/Makefile.in --- heimdal-0.8.1/appl/telnet/libtelnet/Makefile.in 2007-04-23 10:25:54.000000000 -0600 +++ heimdal-0.8.1-epak/appl/telnet/libtelnet/Makefile.in 2007-06-07 12:11:00.000000000 -0600 @@ -160,6 +160,10 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ ENABLE_SHARED_FALSE = @ENABLE_SHARED_FALSE@ ENABLE_SHARED_TRUE = @ENABLE_SHARED_TRUE@ +EPAKDEBUG_FALSE = @EPAKDEBUG_FALSE@ +EPAKDEBUG_TRUE = @EPAKDEBUG_TRUE@ +EPAK_FALSE = @EPAK_FALSE@ +EPAK_TRUE = @EPAK_TRUE@ EXEEXT = @EXEEXT@ EXTRA_LIB45 = @EXTRA_LIB45@ F77 = @F77@ diff -urNp heimdal-0.8.1/appl/telnet/Makefile.in heimdal-0.8.1-epak/appl/telnet/Makefile.in --- heimdal-0.8.1/appl/telnet/Makefile.in 2007-04-23 10:25:54.000000000 -0600 +++ heimdal-0.8.1-epak/appl/telnet/Makefile.in 2007-06-07 12:10:59.000000000 -0600 @@ -149,6 +149,10 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ ENABLE_SHARED_FALSE = @ENABLE_SHARED_FALSE@ ENABLE_SHARED_TRUE = @ENABLE_SHARED_TRUE@ +EPAKDEBUG_FALSE = @EPAKDEBUG_FALSE@ +EPAKDEBUG_TRUE = @EPAKDEBUG_TRUE@ +EPAK_FALSE = @EPAK_FALSE@ +EPAK_TRUE = @EPAK_TRUE@ EXEEXT = @EXEEXT@ EXTRA_LIB45 = @EXTRA_LIB45@ F77 = @F77@ diff -urNp heimdal-0.8.1/appl/telnet/telnet/Makefile.in heimdal-0.8.1-epak/appl/telnet/telnet/Makefile.in --- heimdal-0.8.1/appl/telnet/telnet/Makefile.in 2007-04-23 10:25:55.000000000 -0600 +++ heimdal-0.8.1-epak/appl/telnet/telnet/Makefile.in 2007-06-07 12:11:00.000000000 -0600 @@ -172,6 +172,10 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ ENABLE_SHARED_FALSE = @ENABLE_SHARED_FALSE@ ENABLE_SHARED_TRUE = @ENABLE_SHARED_TRUE@ +EPAKDEBUG_FALSE = @EPAKDEBUG_FALSE@ +EPAKDEBUG_TRUE = @EPAKDEBUG_TRUE@ +EPAK_FALSE = @EPAK_FALSE@ +EPAK_TRUE = @EPAK_TRUE@ EXEEXT = @EXEEXT@ EXTRA_LIB45 = @EXTRA_LIB45@ F77 = @F77@ diff -urNp heimdal-0.8.1/appl/telnet/telnetd/Makefile.in heimdal-0.8.1-epak/appl/telnet/telnetd/Makefile.in --- heimdal-0.8.1/appl/telnet/telnetd/Makefile.in 2007-04-23 10:25:55.000000000 -0600 +++ heimdal-0.8.1-epak/appl/telnet/telnetd/Makefile.in 2007-06-07 12:11:00.000000000 -0600 @@ -172,6 +172,10 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ ENABLE_SHARED_FALSE = @ENABLE_SHARED_FALSE@ ENABLE_SHARED_TRUE = @ENABLE_SHARED_TRUE@ +EPAKDEBUG_FALSE = @EPAKDEBUG_FALSE@ +EPAKDEBUG_TRUE = @EPAKDEBUG_TRUE@ +EPAK_FALSE = @EPAK_FALSE@ +EPAK_TRUE = @EPAK_TRUE@ EXEEXT = @EXEEXT@ EXTRA_LIB45 = @EXTRA_LIB45@ F77 = @F77@ diff -urNp heimdal-0.8.1/appl/test/Makefile.in heimdal-0.8.1-epak/appl/test/Makefile.in --- heimdal-0.8.1/appl/test/Makefile.in 2007-04-23 10:25:55.000000000 -0600 +++ heimdal-0.8.1-epak/appl/test/Makefile.in 2007-06-07 12:11:00.000000000 -0600 @@ -218,6 +218,10 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ ENABLE_SHARED_FALSE = @ENABLE_SHARED_FALSE@ ENABLE_SHARED_TRUE = @ENABLE_SHARED_TRUE@ +EPAKDEBUG_FALSE = @EPAKDEBUG_FALSE@ +EPAKDEBUG_TRUE = @EPAKDEBUG_TRUE@ +EPAK_FALSE = @EPAK_FALSE@ +EPAK_TRUE = @EPAK_TRUE@ EXEEXT = @EXEEXT@ EXTRA_LIB45 = @EXTRA_LIB45@ F77 = @F77@ diff -urNp heimdal-0.8.1/appl/xnlock/Makefile.in heimdal-0.8.1-epak/appl/xnlock/Makefile.in --- heimdal-0.8.1/appl/xnlock/Makefile.in 2007-04-23 10:25:55.000000000 -0600 +++ heimdal-0.8.1-epak/appl/xnlock/Makefile.in 2007-06-07 12:11:01.000000000 -0600 @@ -170,6 +170,10 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ ENABLE_SHARED_FALSE = @ENABLE_SHARED_FALSE@ ENABLE_SHARED_TRUE = @ENABLE_SHARED_TRUE@ +EPAKDEBUG_FALSE = @EPAKDEBUG_FALSE@ +EPAKDEBUG_TRUE = @EPAKDEBUG_TRUE@ +EPAK_FALSE = @EPAK_FALSE@ +EPAK_TRUE = @EPAK_TRUE@ EXEEXT = @EXEEXT@ EXTRA_LIB45 = @EXTRA_LIB45@ F77 = @F77@ diff -urNp heimdal-0.8.1/configure heimdal-0.8.1-epak/configure --- heimdal-0.8.1/configure 2007-04-23 10:25:31.000000000 -0600 +++ heimdal-0.8.1-epak/configure 2007-06-07 12:11:15.000000000 -0600 @@ -995,6 +995,10 @@ LIB_getpwnam_r LIB_door_create KCM_TRUE KCM_FALSE +EPAK_TRUE +EPAK_FALSE +EPAKDEBUG_TRUE +EPAKDEBUG_FALSE LIB_el_init el_compat_TRUE el_compat_FALSE @@ -1637,6 +1641,8 @@ Optional Features: --disable-dynamic-afs do not use loaded AFS library with AIX --enable-netinfo enable netinfo for configuration lookup --enable-kcm enable Kerberos Credentials Manager + --enable-epak if you want support for extensible pre-auth + --enable-epakdebug show EPAK debug information Optional Packages: --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] @@ -6018,7 +6024,7 @@ ia64-*-hpux*) ;; *-*-irix6*) # Find out which ABI we are using. - echo '#line 6021 "configure"' > conftest.$ac_ext + echo '#line 6027 "configure"' > conftest.$ac_ext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? @@ -8615,11 +8621,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:8618: $lt_compile\"" >&5) + (eval echo "\"\$as_me:8624: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:8622: \$? = $ac_status" >&5 + echo "$as_me:8628: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -8883,11 +8889,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:8886: $lt_compile\"" >&5) + (eval echo "\"\$as_me:8892: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:8890: \$? = $ac_status" >&5 + echo "$as_me:8896: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -8987,11 +8993,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:8990: $lt_compile\"" >&5) + (eval echo "\"\$as_me:8996: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:8994: \$? = $ac_status" >&5 + echo "$as_me:9000: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -11439,7 +11445,7 @@ else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext < conftest.$ac_ext <&5) + (eval echo "\"\$as_me:13916: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:13914: \$? = $ac_status" >&5 + echo "$as_me:13920: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -14011,11 +14017,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:14014: $lt_compile\"" >&5) + (eval echo "\"\$as_me:14020: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:14018: \$? = $ac_status" >&5 + echo "$as_me:14024: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -15581,11 +15587,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:15584: $lt_compile\"" >&5) + (eval echo "\"\$as_me:15590: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:15588: \$? = $ac_status" >&5 + echo "$as_me:15594: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -15685,11 +15691,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:15688: $lt_compile\"" >&5) + (eval echo "\"\$as_me:15694: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:15692: \$? = $ac_status" >&5 + echo "$as_me:15698: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -17915,11 +17921,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:17918: $lt_compile\"" >&5) + (eval echo "\"\$as_me:17924: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:17922: \$? = $ac_status" >&5 + echo "$as_me:17928: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -18183,11 +18189,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:18186: $lt_compile\"" >&5) + (eval echo "\"\$as_me:18192: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:18190: \$? = $ac_status" >&5 + echo "$as_me:18196: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -18287,11 +18293,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:18290: $lt_compile\"" >&5) + (eval echo "\"\$as_me:18296: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:18294: \$? = $ac_status" >&5 + echo "$as_me:18300: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -59744,6 +59750,52 @@ _ACEOF fi +# Check whether --enable-epak was given. +if test "${enable_epak+set}" = set; then + enableval=$enable_epak; +fi + +if test "$enable_epak" = yes; then + +cat >>confdefs.h <<\_ACEOF +#define EPAK 1 +_ACEOF + +fi + + +if test "$enable_epak" = "yes"; then + EPAK_TRUE= + EPAK_FALSE='#' +else + EPAK_TRUE='#' + EPAK_FALSE= +fi + + +# Check whether --enable-epakdebug was given. +if test "${enable_epakdebug+set}" = set; then + enableval=$enable_epakdebug; +fi + +if test "$enable_epakdebug" = yes; then + +cat >>confdefs.h <<\_ACEOF +#define EPAKDEBUG 1 +_ACEOF + +fi + + +if test "$enable_epakdebug" = "yes"; then + EPAKDEBUG_TRUE= + EPAKDEBUG_FALSE='#' +else + EPAKDEBUG_TRUE='#' + EPAKDEBUG_FALSE= +fi + + @@ -60692,7 +60744,7 @@ _ACEOF -ac_config_files="$ac_config_files Makefile include/Makefile include/gssapi/Makefile include/hcrypto/Makefile include/kadm5/Makefile lib/Makefile lib/45/Makefile lib/auth/Makefile lib/auth/afskauthlib/Makefile lib/auth/pam/Makefile lib/auth/sia/Makefile lib/asn1/Makefile lib/com_err/Makefile lib/des/Makefile lib/editline/Makefile lib/hx509/Makefile lib/gssapi/Makefile lib/ntlm/Makefile lib/hdb/Makefile lib/kadm5/Makefile lib/kafs/Makefile lib/kdfs/Makefile lib/krb5/Makefile lib/otp/Makefile lib/roken/Makefile lib/sl/Makefile lib/vers/Makefile kuser/Makefile kpasswd/Makefile kadmin/Makefile admin/Makefile kcm/Makefile kdc/Makefile appl/Makefile appl/afsutil/Makefile appl/ftp/Makefile appl/ftp/common/Makefile appl/ftp/ftp/Makefile appl/ftp/ftpd/Makefile appl/gssmask/Makefile appl/kx/Makefile appl/login/Makefile appl/otp/Makefile appl/popper/Makefile appl/push/Makefile appl/rsh/Makefile appl/rcp/Makefile appl/su/Makefile appl/xnlock/Makefile appl/telnet/Makefile appl/telnet/libtelnet/Makefile appl/telnet/telnet/Makefile appl/telnet/telnetd/Makefile appl/test/Makefile appl/kf/Makefile appl/dceutils/Makefile tests/Makefile tests/db/Makefile tests/kdc/Makefile tests/gss/Makefile tests/plugin/Makefile packages/Makefile packages/mac/Makefile doc/Makefile tools/Makefile" +ac_config_files="$ac_config_files Makefile include/Makefile include/gssapi/Makefile include/hcrypto/Makefile include/kadm5/Makefile lib/Makefile lib/45/Makefile lib/auth/Makefile lib/auth/afskauthlib/Makefile lib/auth/pam/Makefile lib/auth/sia/Makefile lib/asn1/Makefile lib/com_err/Makefile lib/des/Makefile lib/editline/Makefile lib/hx509/Makefile lib/gssapi/Makefile lib/ntlm/Makefile lib/hdb/Makefile lib/kadm5/Makefile lib/kafs/Makefile lib/kdfs/Makefile lib/krb5/Makefile lib/otp/Makefile lib/roken/Makefile lib/sl/Makefile lib/epak/Makefile lib/vers/Makefile kuser/Makefile kpasswd/Makefile kadmin/Makefile admin/Makefile kcm/Makefile kdc/Makefile appl/Makefile appl/afsutil/Makefile appl/ftp/Makefile appl/ftp/common/Makefile appl/ftp/ftp/Makefile appl/ftp/ftpd/Makefile appl/gssmask/Makefile appl/kx/Makefile appl/login/Makefile appl/otp/Makefile appl/popper/Makefile appl/push/Makefile appl/rsh/Makefile appl/rcp/Makefile appl/su/Makefile appl/xnlock/Makefile appl/telnet/Makefile appl/telnet/libtelnet/Makefile appl/telnet/telnet/Makefile appl/telnet/telnetd/Makefile appl/test/Makefile appl/kf/Makefile appl/dceutils/Makefile tests/Makefile tests/db/Makefile tests/kdc/Makefile tests/gss/Makefile tests/plugin/Makefile packages/Makefile packages/mac/Makefile doc/Makefile tools/Makefile" cat >confcache <<\_ACEOF @@ -61001,6 +61053,20 @@ echo "$as_me: error: conditional \"KCM\" Usually this means the macro was only invoked conditionally." >&2;} { (exit 1); exit 1; }; } fi +if test -z "${EPAK_TRUE}" && test -z "${EPAK_FALSE}"; then + { { echo "$as_me:$LINENO: error: conditional \"EPAK\" was never defined. +Usually this means the macro was only invoked conditionally." >&5 +echo "$as_me: error: conditional \"EPAK\" was never defined. +Usually this means the macro was only invoked conditionally." >&2;} + { (exit 1); exit 1; }; } +fi +if test -z "${EPAKDEBUG_TRUE}" && test -z "${EPAKDEBUG_FALSE}"; then + { { echo "$as_me:$LINENO: error: conditional \"EPAKDEBUG\" was never defined. +Usually this means the macro was only invoked conditionally." >&5 +echo "$as_me: error: conditional \"EPAKDEBUG\" was never defined. +Usually this means the macro was only invoked conditionally." >&2;} + { (exit 1); exit 1; }; } +fi if test -z "${el_compat_TRUE}" && test -z "${el_compat_FALSE}"; then { { echo "$as_me:$LINENO: error: conditional \"el_compat\" was never defined. Usually this means the macro was only invoked conditionally." >&5 @@ -61486,6 +61552,7 @@ do "lib/otp/Makefile") CONFIG_FILES="$CONFIG_FILES lib/otp/Makefile" ;; "lib/roken/Makefile") CONFIG_FILES="$CONFIG_FILES lib/roken/Makefile" ;; "lib/sl/Makefile") CONFIG_FILES="$CONFIG_FILES lib/sl/Makefile" ;; + "lib/epak/Makefile") CONFIG_FILES="$CONFIG_FILES lib/epak/Makefile" ;; "lib/vers/Makefile") CONFIG_FILES="$CONFIG_FILES lib/vers/Makefile" ;; "kuser/Makefile") CONFIG_FILES="$CONFIG_FILES kuser/Makefile" ;; "kpasswd/Makefile") CONFIG_FILES="$CONFIG_FILES kpasswd/Makefile" ;; @@ -61907,6 +61974,10 @@ LIB_getpwnam_r!$LIB_getpwnam_r$ac_delim LIB_door_create!$LIB_door_create$ac_delim KCM_TRUE!$KCM_TRUE$ac_delim KCM_FALSE!$KCM_FALSE$ac_delim +EPAK_TRUE!$EPAK_TRUE$ac_delim +EPAK_FALSE!$EPAK_FALSE$ac_delim +EPAKDEBUG_TRUE!$EPAKDEBUG_TRUE$ac_delim +EPAKDEBUG_FALSE!$EPAKDEBUG_FALSE$ac_delim LIB_el_init!$LIB_el_init$ac_delim el_compat_TRUE!$el_compat_TRUE$ac_delim el_compat_FALSE!$el_compat_FALSE$ac_delim @@ -61921,7 +61992,7 @@ LIB_AUTH_SUBDIRS!$LIB_AUTH_SUBDIRS$ac_de LTLIBOBJS!$LTLIBOBJS$ac_delim _ACEOF - if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 57; then + if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 61; then break elif $ac_last_try; then { { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5 diff -urNp heimdal-0.8.1/configure.in heimdal-0.8.1-epak/configure.in --- heimdal-0.8.1/configure.in 2007-04-23 10:24:47.000000000 -0600 +++ heimdal-0.8.1-epak/configure.in 2007-05-08 13:08:25.000000000 -0600 @@ -507,6 +507,20 @@ AC_CHECK_TYPES([int8_t, int16_t, int32_t #endif ]) +AC_ARG_ENABLE(epak, + AC_HELP_STRING([--enable-epak], [if you want support for extensible pre-auth])) +if test "$enable_epak" = yes; then + AC_DEFINE(EPAK, 1, [Define if you want support for extensible pre-authentication.]) +fi +AM_CONDITIONAL(EPAK, test "$enable_epak" = "yes") + +AC_ARG_ENABLE(epakdebug, + AC_HELP_STRING([--enable-epakdebug], [show EPAK debug information])) +if test "$enable_epakdebug" = yes; then + AC_DEFINE(EPAKDEBUG, 1, [Define for EPAK debug information.]) +fi +AM_CONDITIONAL(EPAKDEBUG, test "$enable_epakdebug" = "yes") + KRB_READLINE rk_TELNET @@ -548,6 +562,7 @@ AC_CONFIG_FILES(Makefile \ lib/otp/Makefile \ lib/roken/Makefile \ lib/sl/Makefile \ + lib/epak/Makefile \ lib/vers/Makefile \ kuser/Makefile \ kpasswd/Makefile \ diff -urNp heimdal-0.8.1/doc/Makefile.in heimdal-0.8.1-epak/doc/Makefile.in --- heimdal-0.8.1/doc/Makefile.in 2007-04-23 10:25:56.000000000 -0600 +++ heimdal-0.8.1-epak/doc/Makefile.in 2007-06-07 12:11:01.000000000 -0600 @@ -152,6 +152,10 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ ENABLE_SHARED_FALSE = @ENABLE_SHARED_FALSE@ ENABLE_SHARED_TRUE = @ENABLE_SHARED_TRUE@ +EPAKDEBUG_FALSE = @EPAKDEBUG_FALSE@ +EPAKDEBUG_TRUE = @EPAKDEBUG_TRUE@ +EPAK_FALSE = @EPAK_FALSE@ +EPAK_TRUE = @EPAK_TRUE@ EXEEXT = @EXEEXT@ EXTRA_LIB45 = @EXTRA_LIB45@ F77 = @F77@ diff -urNp heimdal-0.8.1/include/config.h.in heimdal-0.8.1-epak/include/config.h.in --- heimdal-0.8.1/include/config.h.in 2007-04-23 10:25:40.000000000 -0600 +++ heimdal-0.8.1-epak/include/config.h.in 2007-05-08 13:08:16.000000000 -0600 @@ -66,6 +66,12 @@ static /**/const char *const rcsid[] = { /* Define this if you want support for broken ENV_{VAR,VAL} telnets. */ #undef ENV_HACK +/* Define if you want support for extensible pre-authentication. */ +#undef EPAK + +/* Define for EPAK debug information. */ +#undef EPAKDEBUG + /* define if prototype of gethostbyaddr is compatible with struct hostent *gethostbyaddr(const void *, size_t, int) */ #undef GETHOSTBYADDR_PROTO_COMPATIBLE diff -urNp heimdal-0.8.1/include/gssapi/Makefile.in heimdal-0.8.1-epak/include/gssapi/Makefile.in --- heimdal-0.8.1/include/gssapi/Makefile.in 2007-04-23 10:25:56.000000000 -0600 +++ heimdal-0.8.1-epak/include/gssapi/Makefile.in 2007-06-07 12:11:01.000000000 -0600 @@ -140,6 +140,10 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ ENABLE_SHARED_FALSE = @ENABLE_SHARED_FALSE@ ENABLE_SHARED_TRUE = @ENABLE_SHARED_TRUE@ +EPAKDEBUG_FALSE = @EPAKDEBUG_FALSE@ +EPAKDEBUG_TRUE = @EPAKDEBUG_TRUE@ +EPAK_FALSE = @EPAK_FALSE@ +EPAK_TRUE = @EPAK_TRUE@ EXEEXT = @EXEEXT@ EXTRA_LIB45 = @EXTRA_LIB45@ F77 = @F77@ diff -urNp heimdal-0.8.1/include/hcrypto/Makefile.in heimdal-0.8.1-epak/include/hcrypto/Makefile.in --- heimdal-0.8.1/include/hcrypto/Makefile.in 2007-04-23 10:25:56.000000000 -0600 +++ heimdal-0.8.1-epak/include/hcrypto/Makefile.in 2007-06-07 12:11:01.000000000 -0600 @@ -140,6 +140,10 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ ENABLE_SHARED_FALSE = @ENABLE_SHARED_FALSE@ ENABLE_SHARED_TRUE = @ENABLE_SHARED_TRUE@ +EPAKDEBUG_FALSE = @EPAKDEBUG_FALSE@ +EPAKDEBUG_TRUE = @EPAKDEBUG_TRUE@ +EPAK_FALSE = @EPAK_FALSE@ +EPAK_TRUE = @EPAK_TRUE@ EXEEXT = @EXEEXT@ EXTRA_LIB45 = @EXTRA_LIB45@ F77 = @F77@ diff -urNp heimdal-0.8.1/include/kadm5/Makefile.in heimdal-0.8.1-epak/include/kadm5/Makefile.in --- heimdal-0.8.1/include/kadm5/Makefile.in 2007-04-23 10:25:57.000000000 -0600 +++ heimdal-0.8.1-epak/include/kadm5/Makefile.in 2007-06-07 12:11:01.000000000 -0600 @@ -140,6 +140,10 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ ENABLE_SHARED_FALSE = @ENABLE_SHARED_FALSE@ ENABLE_SHARED_TRUE = @ENABLE_SHARED_TRUE@ +EPAKDEBUG_FALSE = @EPAKDEBUG_FALSE@ +EPAKDEBUG_TRUE = @EPAKDEBUG_TRUE@ +EPAK_FALSE = @EPAK_FALSE@ +EPAK_TRUE = @EPAK_TRUE@ EXEEXT = @EXEEXT@ EXTRA_LIB45 = @EXTRA_LIB45@ F77 = @F77@ diff -urNp heimdal-0.8.1/include/krb5-types.h heimdal-0.8.1-epak/include/krb5-types.h --- heimdal-0.8.1/include/krb5-types.h 2007-04-23 10:28:11.000000000 -0600 +++ heimdal-0.8.1-epak/include/krb5-types.h 1969-12-31 17:00:00.000000000 -0700 @@ -1,16 +0,0 @@ -/* krb5-types.h -- this file was generated for i686-apple-darwin8.9.1 by - $Id: bits.c 18703 2006-10-20 20:33:58Z lha $ */ - -#ifndef __krb5_types_h__ -#define __krb5_types_h__ - -#include -#include -#include - - -typedef socklen_t krb5_socklen_t; -#include -typedef ssize_t krb5_ssize_t; - -#endif /* __krb5_types_h__ */ diff -urNp heimdal-0.8.1/include/Makefile.am heimdal-0.8.1-epak/include/Makefile.am --- heimdal-0.8.1/include/Makefile.am 2007-04-23 10:24:34.000000000 -0600 +++ heimdal-0.8.1-epak/include/Makefile.am 2007-05-08 12:51:29.000000000 -0600 @@ -18,6 +18,10 @@ krb5-types.h: bits$(EXEEXT) crypto-headers.h: make_crypto$(EXEEXT) ./make_crypto$(EXEEXT) crypto-headers.h +if EPAK +clean_epak = epak.h epak_asn1.h +endif + CLEANFILES = \ cms_asn1.h \ der-protos.h \ @@ -78,7 +82,8 @@ CLEANFILES = \ sl.h \ windc_plugin.h \ locate_plugin.h \ - xdbm.h + xdbm.h \ + $(clean_epak) DISTCLEANFILES = \ version.h \ diff -urNp heimdal-0.8.1/include/Makefile.in heimdal-0.8.1-epak/include/Makefile.in --- heimdal-0.8.1/include/Makefile.in 2007-04-23 10:25:56.000000000 -0600 +++ heimdal-0.8.1-epak/include/Makefile.in 2007-06-07 12:11:01.000000000 -0600 @@ -178,6 +178,10 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ ENABLE_SHARED_FALSE = @ENABLE_SHARED_FALSE@ ENABLE_SHARED_TRUE = @ENABLE_SHARED_TRUE@ +EPAKDEBUG_FALSE = @EPAKDEBUG_FALSE@ +EPAKDEBUG_TRUE = @EPAKDEBUG_TRUE@ +EPAK_FALSE = @EPAK_FALSE@ +EPAK_TRUE = @EPAK_TRUE@ EXEEXT = @EXEEXT@ EXTRA_LIB45 = @EXTRA_LIB45@ F77 = @F77@ @@ -410,6 +414,7 @@ SUBDIRS = kadm5 hcrypto gssapi CHECK_LOCAL = include_HEADERS = krb5-types.h nodist_noinst_HEADERS = crypto-headers.h +@EPAK_TRUE@clean_epak = epak.h epak_asn1.h CLEANFILES = \ cms_asn1.h \ der-protos.h \ @@ -470,7 +475,8 @@ CLEANFILES = \ sl.h \ windc_plugin.h \ locate_plugin.h \ - xdbm.h + xdbm.h \ + $(clean_epak) DISTCLEANFILES = \ version.h \ diff -urNp heimdal-0.8.1/kadmin/Makefile.in heimdal-0.8.1-epak/kadmin/Makefile.in --- heimdal-0.8.1/kadmin/Makefile.in 2007-04-23 10:25:57.000000000 -0600 +++ heimdal-0.8.1-epak/kadmin/Makefile.in 2007-06-07 12:11:02.000000000 -0600 @@ -202,6 +202,10 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ ENABLE_SHARED_FALSE = @ENABLE_SHARED_FALSE@ ENABLE_SHARED_TRUE = @ENABLE_SHARED_TRUE@ +EPAKDEBUG_FALSE = @EPAKDEBUG_FALSE@ +EPAKDEBUG_TRUE = @EPAKDEBUG_TRUE@ +EPAK_FALSE = @EPAK_FALSE@ +EPAK_TRUE = @EPAK_TRUE@ EXEEXT = @EXEEXT@ EXTRA_LIB45 = @EXTRA_LIB45@ F77 = @F77@ diff -urNp heimdal-0.8.1/kcm/Makefile.in heimdal-0.8.1-epak/kcm/Makefile.in --- heimdal-0.8.1/kcm/Makefile.in 2007-04-23 10:25:57.000000000 -0600 +++ heimdal-0.8.1-epak/kcm/Makefile.in 2007-06-07 12:11:02.000000000 -0600 @@ -170,6 +170,10 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ ENABLE_SHARED_FALSE = @ENABLE_SHARED_FALSE@ ENABLE_SHARED_TRUE = @ENABLE_SHARED_TRUE@ +EPAKDEBUG_FALSE = @EPAKDEBUG_FALSE@ +EPAKDEBUG_TRUE = @EPAKDEBUG_TRUE@ +EPAK_FALSE = @EPAK_FALSE@ +EPAK_TRUE = @EPAK_TRUE@ EXEEXT = @EXEEXT@ EXTRA_LIB45 = @EXTRA_LIB45@ F77 = @F77@ diff -urNp heimdal-0.8.1/kdc/kdc_locl.h heimdal-0.8.1-epak/kdc/kdc_locl.h --- heimdal-0.8.1/kdc/kdc_locl.h 2007-04-23 10:24:42.000000000 -0600 +++ heimdal-0.8.1-epak/kdc/kdc_locl.h 2007-05-08 16:03:25.000000000 -0600 @@ -69,4 +69,8 @@ loop(krb5_context context, krb5_kdc_conf krb5_kdc_configuration * configure(krb5_context context, int argc, char **argv); +#ifdef EPAK +#include +#endif + #endif /* __KDC_LOCL_H__ */ diff -urNp heimdal-0.8.1/kdc/kerberos5.c heimdal-0.8.1-epak/kdc/kerberos5.c --- heimdal-0.8.1/kdc/kerberos5.c 2007-04-23 10:24:42.000000000 -0600 +++ heimdal-0.8.1-epak/kdc/kerberos5.c 2007-06-07 11:44:02.000000000 -0600 @@ -817,6 +817,160 @@ _kdc_check_flags(krb5_context context, return 0; } +#ifdef EPAK +static krb5_error_code +epak_set_ckey(krb5_context context, + krb5_kdc_configuration *config, + const krb5_keyblock* sesskey, + Key **ckey, + krb5_enctype *cetype) +{ + krb5_error_code ret; + + if( ckey ) { + PA_EPAK_AS_REP pa_rep; + unsigned char *buf; + size_t buf_size; + size_t len; + + ALLOC(*ckey); + (*ckey)->mkvno = NULL; /* Not used. */ + + /* Set (*ckey)->key to the session key K(c,as) from pre-auth data. + * It will be used to encrypt the part of the as-reply containing + * the K(c,tgs) session key, etc. */ + copy_EncryptionKey(sesskey, &(*ckey)->key); + + /* Create ASN.1 encoded EPAK pre-auth reply. */ + pa_rep.epakvno = epakvno; + pa_rep.result = 0; /* 0 == success */ + ASN1_MALLOC_ENCODE(PA_EPAK_AS_REP, buf, buf_size, &pa_rep, &len, ret); + if( ret ){ + kdc_log(context, config, 0, "Failed to encode EPAK pre-auth reply: %s", + krb5_get_err_text(context, ret)); + return KRB5KRB_ERR_GENERIC; + } + if( buf_size != len ) { + free(buf); + kdc_log(context, config, 0, "Internal error in ASN.1 encoder"); + return KRB5KRB_ERR_GENERIC; + } + + /* Set (*ckey)->salt to the pre-auth reply PA-EPAK-AS-REP, which + * will indicate to the client that pre-auth succeeded. */ + ALLOC((*ckey)->salt); + (*ckey)->salt->type = KRB5_PADATA_EPAK_AS_REP; + (*ckey)->salt->salt.length = buf_size; + (*ckey)->salt->salt.data = buf; + } + + /* Set key type. Currently this is hard-coded. */ + if( cetype ) + *cetype = EPAK_ENCTYPE; + + return 0; +} + +static krb5_error_code +verify_PA_EPAK_AS_REQ(krb5_context context, + krb5_kdc_configuration *config, + const PA_EPAK_AS_REQ *pa_req, + krb5_principal client_princ, + Key **ckey, + krb5_enctype *cetype) +{ + krb5_error_code ret; + char *client_name; + krb5_keyblock* epakkey; + krb5_crypto crypto; + krb5_data ticketdata; + EPAKTicket ticket; + size_t len; + + krb5_unparse_name(context, client_princ, &client_name); + + /* Verify version number is valid. */ + if( pa_req->epakvno != epakvno ) { + kdc_log(context, config, 5, "verify_PA_EPAK_AS_REQ: invalid version -- %s", client_name); + return KRB5KDC_ERR_PREAUTH_FAILED; + } + + /* TODO: Verify client by checking EPAK Authenticator. */ + + /* Obtain EPAK key which is needed to decrypt the EPAK Ticket. */ + ret = read_epak_key(context, client_princ->realm, pa_req->pasrealm, &epakkey); + if( ret ) { + kdc_log(context, config, 5, "verify_PA_EPAK_AS_REQ: read_epak_key failed: %d -- %s", ret, client_name); + return ret; + } + + /* Initialize crypto object with EPAK key. */ + ret = krb5_crypto_init(context, epakkey, EPAK_ENCTYPE, &crypto); + if( ret ) { + kdc_log(context, config, 5, "verify_PA_EPAK_AS_REQ: krb5_crypto_init failed: %d -- %s", ret, client_name); + return ret; + } + + /* Decrypt EPAK Ticket. */ + ret = krb5_decrypt_EncryptedData(context, crypto, + 0, /* usage not used */ + &pa_req->epakticket, + &ticketdata); + if( ret ) { + kdc_log(context, config, 5, "verify_PA_EPAK_AS_REQ: krb5_crypto_init failed: %d -- %s", ret, client_name); + return ret; + } + + /* Decode EPAK Ticket. */ + ret = decode_EPAKTicket(ticketdata.data, ticketdata.length, &ticket, &len); + if( ret ) { + kdc_log(context, config, 5, "verify_PA_EPAK_AS_REQ: decode_EPAKTicket failed: %d -- %s", ret, client_name); + return ret; + } + + /* Verify client principal (name and realm) matches. + * You can't authenticate with someone else's pre-authentication data! */ + if( krb5_principal_compare(context, &ticket.epakdata.cprinc, client_princ) != TRUE ) { + kdc_log(context, config, 5, "verify_PA_EPAK_AS_REQ: principal mismatch -- %s", client_name); + return KRB5KDC_ERR_PREAUTH_FAILED; + } + + /* Note: No need to verify client exists. as_rep would have caught that + * already when it called db_fetch(client_princ, &client). */ + + /* Verify times. Must be starttime <= NOW < endtime. */ + if( ! ticket.epakdata.starttime ) { + kdc_log(context, config, 5, "verify_PA_EPAK_AS_REQ: missing start time -- %s", client_name); + return KRB5KDC_ERR_PREAUTH_FAILED; + } + if( *ticket.epakdata.starttime > kdc_time ) { + kdc_log(context, config, 5, "verify_PA_EPAK_AS_REQ: start time in future -- %s", client_name); + return KRB5KDC_ERR_PREAUTH_FAILED; + } + if( ticket.epakdata.endtime <= kdc_time ) { + kdc_log(context, config, 5, "verify_PA_EPAK_AS_REQ: EPAK ticket expired -- %s", client_name); + return KRB5KDC_ERR_PREAUTH_FAILED; + } + + /* Success! Pre-auth data was valid. */ + + /* Set client key to session key. */ + ret = epak_set_ckey(context, config, &ticket.key, ckey, cetype); + if( ret ) { + kdc_log(context, config, 5, "verify_PA_EPAK_AS_REQ: epak_set_ckey failed: %d -- %s", ret, client_name); + return ret; + } + + /* Cleanup. TODO: Zero out sensitive data before calling free. */ + free(client_name); + krb5_free_keyblock(context, epakkey); + krb5_crypto_destroy(context, crypto); + krb5_data_free(&ticketdata); + free_EPAKTicket(&ticket); + return 0; +} +#endif + /* * Return TRUE if `from' is part of `addresses' taking into consideration * the configuration variables that tells us how strict we should be about @@ -924,6 +1078,9 @@ _kdc_as_rep(krb5_context context, #ifdef PKINIT pk_client_params *pkp = NULL; #endif +#ifdef EPAK + int preauth_ckey = 0; +#endif memset(&rep, 0, sizeof(rep)); @@ -1053,6 +1210,46 @@ _kdc_as_rep(krb5_context context, if (pkp) goto preauth_done; } +#endif +#ifdef EPAK + i = 0; + if( (pa = _kdc_find_padata(req, &i, KRB5_PADATA_EPAK_AS_REQ)) ) { + size_t len; + PA_EPAK_AS_REQ pa_req; + + found_pa = 1; + + /* Decode EPAK pre-authentication data. */ + ret = decode_PA_EPAK_AS_REQ(pa->padata_value.data, + pa->padata_value.length, + &pa_req, + &len); + if( ret ) { + ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; + kdc_log(context, config, 5, "Failed to decode PA-DATA -- %s", client_name); + goto ts_enc; + } + + /* Verify EPAK pre-authentication data. */ + /* If successful, set client key to session key from pre-auth. */ + ret = verify_PA_EPAK_AS_REQ(context, config, &pa_req, client_princ, + &ckey, &cetype); + if( ret ) { + kdc_log(context, config, 5, "EPAK pre-authentication failed: %d", ret); + ret = KRB5KDC_ERR_PREAUTH_FAILED; + goto ts_enc; + } + + /* Indicate that client key was obtained from pre-auth data. */ + preauth_ckey = 1; + + /* Pre-authentication success! */ + et.flags.pre_authent = 1; + kdc_log(context, config, 2, "EPAK Pre-authentication succeded -- %s", client_name); + goto preauth_done; + } +#endif +#if defined(PKINIT) || defined(EPAK) ts_enc: #endif kdc_log(context, config, 5, "Looking for ENC-TS pa-data -- %s", @@ -1197,13 +1394,13 @@ _kdc_as_rep(krb5_context context, free(str); break; } -#ifdef PKINIT +#if defined(PKINIT) || defined(EPAK) preauth_done: #endif if(found_pa == 0 && config->require_preauth) goto use_pa; - /* We come here if we found a pa-enc-timestamp, but if there - was some problem with it, other than too large skew */ + /* We come here if we found pre-authentication, + but there was some problem with it. */ if(found_pa && et.flags.pre_authent == 0){ kdc_log(context, config, 0, "%s -- %s", e_text, client_name); e_text = NULL; @@ -1262,7 +1459,7 @@ _kdc_as_rep(krb5_context context, ret = KRB5KDC_ERR_PREAUTH_REQUIRED; krb5_mk_error(context, ret, - "Need to use PA-ENC-TIMESTAMP/PA-PK-AS-REQ", + "Need to use PA-ENC-TIMESTAMP/PA-PK-AS-REQ/PA-EPAK-AS-REQ", &foo_data, client_princ, server_princ, @@ -1284,8 +1481,11 @@ _kdc_as_rep(krb5_context context, * KDC runtime enctypes. */ - ret = _kdc_find_etype(context, client, b->etype.val, b->etype.len, - &ckey, &cetype); +#ifdef EPAK + if( !preauth_ckey ) +#endif + ret = _kdc_find_etype(context, client, b->etype.val, b->etype.len, + &ckey, &cetype); if (ret) { kdc_log(context, config, 0, "Client (%s) has no support for etypes", client_name); @@ -1648,6 +1848,10 @@ out2: if (pkp) _kdc_pk_free_client_param(context, pkp); #endif +#ifdef EPAK + if (preauth_ckey) + free_Key(ckey); +#endif if (client_princ) krb5_free_principal(context, client_princ); free(client_name); diff -urNp heimdal-0.8.1/kdc/Makefile.am heimdal-0.8.1-epak/kdc/Makefile.am --- heimdal-0.8.1/kdc/Makefile.am 2007-04-23 10:24:42.000000000 -0600 +++ heimdal-0.8.1-epak/kdc/Makefile.am 2007-05-08 12:51:29.000000000 -0600 @@ -105,6 +105,10 @@ LDADD = $(top_builddir)/lib/hdb/libhdb.l kdc_LDADD = libkdc.la $(LDADD) $(LIB_pidfile) +if EPAK +kdc_LDADD += $(top_builddir)/lib/epak/libepak.la +endif + include_HEADERS = kdc.h kdc-protos.h krb5dir = $(includedir)/krb5 diff -urNp heimdal-0.8.1/kdc/Makefile.in heimdal-0.8.1-epak/kdc/Makefile.in --- heimdal-0.8.1/kdc/Makefile.in 2007-04-23 10:25:57.000000000 -0600 +++ heimdal-0.8.1-epak/kdc/Makefile.in 2007-06-07 12:11:02.000000000 -0600 @@ -50,6 +50,7 @@ DIST_COMMON = $(include_HEADERS) $(krb5_ bin_PROGRAMS = string2key$(EXEEXT) sbin_PROGRAMS = kstash$(EXEEXT) libexec_PROGRAMS = hprop$(EXEEXT) hpropd$(EXEEXT) kdc$(EXEEXT) +@EPAK_TRUE@am__append_1 = $(top_builddir)/lib/epak/libepak.la subdir = kdc ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ @@ -148,8 +149,9 @@ am__DEPENDENCIES_3 = $(top_builddir)/lib $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_2) \ $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_2) \ $(am__DEPENDENCIES_2) +@EPAK_TRUE@am__DEPENDENCIES_4 = $(top_builddir)/lib/epak/libepak.la kdc_DEPENDENCIES = libkdc.la $(am__DEPENDENCIES_3) \ - $(am__DEPENDENCIES_2) + $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_4) am_kstash_OBJECTS = kstash.$(OBJEXT) kstash_OBJECTS = $(am_kstash_OBJECTS) kstash_LDADD = $(LDADD) @@ -233,6 +235,10 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ ENABLE_SHARED_FALSE = @ENABLE_SHARED_FALSE@ ENABLE_SHARED_TRUE = @ENABLE_SHARED_TRUE@ +EPAKDEBUG_FALSE = @EPAKDEBUG_FALSE@ +EPAKDEBUG_TRUE = @EPAKDEBUG_TRUE@ +EPAK_FALSE = @EPAK_FALSE@ +EPAK_TRUE = @EPAK_TRUE@ EXEEXT = @EXEEXT@ EXTRA_LIB45 = @EXTRA_LIB45@ F77 = @F77@ @@ -534,7 +540,7 @@ LDADD = $(top_builddir)/lib/hdb/libhdb.l $(LIB_roken) \ $(DBLIB) -kdc_LDADD = libkdc.la $(LDADD) $(LIB_pidfile) +kdc_LDADD = libkdc.la $(LDADD) $(LIB_pidfile) $(am__append_1) include_HEADERS = kdc.h kdc-protos.h krb5dir = $(includedir)/krb5 krb5_HEADERS = windc_plugin.h diff -urNp heimdal-0.8.1/kpasswd/Makefile.in heimdal-0.8.1-epak/kpasswd/Makefile.in --- heimdal-0.8.1/kpasswd/Makefile.in 2007-04-23 10:25:58.000000000 -0600 +++ heimdal-0.8.1-epak/kpasswd/Makefile.in 2007-06-07 12:11:03.000000000 -0600 @@ -186,6 +186,10 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ ENABLE_SHARED_FALSE = @ENABLE_SHARED_FALSE@ ENABLE_SHARED_TRUE = @ENABLE_SHARED_TRUE@ +EPAKDEBUG_FALSE = @EPAKDEBUG_FALSE@ +EPAKDEBUG_TRUE = @EPAKDEBUG_TRUE@ +EPAK_FALSE = @EPAK_FALSE@ +EPAK_TRUE = @EPAK_TRUE@ EXEEXT = @EXEEXT@ EXTRA_LIB45 = @EXTRA_LIB45@ F77 = @F77@ diff -urNp heimdal-0.8.1/krb5-types.h heimdal-0.8.1-epak/krb5-types.h --- heimdal-0.8.1/krb5-types.h 1969-12-31 17:00:00.000000000 -0700 +++ heimdal-0.8.1-epak/krb5-types.h 2007-06-07 12:11:15.000000000 -0600 @@ -0,0 +1,16 @@ +/* krb5-types.h -- this file was generated for i686-apple-darwin8.9.1 by + $Id: bits.c 18703 2006-10-20 20:33:58Z lha $ */ + +#ifndef __krb5_types_h__ +#define __krb5_types_h__ + +#include +#include +#include + + +typedef socklen_t krb5_socklen_t; +#include +typedef ssize_t krb5_ssize_t; + +#endif /* __krb5_types_h__ */ diff -urNp heimdal-0.8.1/kuser/genpatrequest.1 heimdal-0.8.1-epak/kuser/genpatrequest.1 --- heimdal-0.8.1/kuser/genpatrequest.1 1969-12-31 17:00:00.000000000 -0700 +++ heimdal-0.8.1-epak/kuser/genpatrequest.1 2007-05-08 17:03:43.000000000 -0600 @@ -0,0 +1,68 @@ +.\" Copyright (c) 2007 Phillip Hellewell +.\" (Brigham Young University, Utah, USA). +.\" All rights reserved. +.\" +.\" $Id$ +.\" +.Dd May 8, 2007 +.Dt GENPATREQUEST 1 +.Os genpatrequest 0.1 +.Sh NAME +.Nm genpatrequest +.Nd create EPAK-REQUEST message +.Sh SYNOPSIS +.Nm genpatrequest +.Oo Fl l Ar time \*(Ba Xo +.Fl -lifetime= Ns Ar time +.Xc +.Oc +.Oo Fl s Ar time \*(Ba Xo +.Fl -start-time= Ns Ar time +.Xc +.Oc +.Op Fl -version +.Op Fl -help +.Ar file +.Op Ar principal +.Sh DESCRIPTION +.Nm +creates an ASN.1 encoded EPAK-Request, which is a message that is sent to +a Pre-Authentication Server to obtain an EPAK Ticket for the given +.Ar principal , +or if none is given, a system generated default (typically your login +name at the default realm). The EPAK-Request is saved to +.Ar file . +.Pp +Supported options: +.Bl -tag -width Ds +.It Xo +.Fl l Ar time , +.Fl -lifetime= Ns Ar time +.Xc +Specifies the lifetime of the ticket. The argument can either be in +seconds, or a more human readable string like +.Sq 1h . +.It Xo +.Fl s Ar time , +.Fl -start-time= Ns Ar time +.Xc +Obtain a ticket that starts to be valid +.Ar time +(which can really be a generic time specification, like +.Sq 1h ) +seconds into the future. +.El +.\".Sh ENVIRONMENT +.\".Sh FILES +.\".Sh EXAMPLES +.\".Sh DIAGNOSTICS +.Sh SEE ALSO +.Xr genpatreply 8 , +.Xr savepat 1 , +.Xr kinit 1 , +.Xr klist 1 , +.Xr kdestroy 1 , +.\".Sh HISTORY +.Sh AUTHOR +Written by Phillip Hellewell, Brigham Young University +.\".Sh BUGS diff -urNp heimdal-0.8.1/kuser/genpatrequest.c heimdal-0.8.1-epak/kuser/genpatrequest.c --- heimdal-0.8.1/kuser/genpatrequest.c 1969-12-31 17:00:00.000000000 -0700 +++ heimdal-0.8.1-epak/kuser/genpatrequest.c 2007-06-07 10:37:33.000000000 -0600 @@ -0,0 +1,193 @@ +/* + * Copyright (c) 2007 Phillip Hellewell + * Brigham Young University + * All rights reserved. + */ + +#include "kuser_locl.h" +RCSID("$Id$"); + +#undef ALLOC +#define ALLOC(X) ((X) = malloc(sizeof(*(X)))) + +char* g_lifetime = NULL; +char* g_starttime = NULL; +int g_version_flag = 0; +int g_help_flag = 0; + +static struct getargs args[] = { + { "lifetime", 'l', arg_string, &g_lifetime, "lifetime of tickets", "time"}, + { "start-time", 's', arg_string, &g_starttime, "when ticket gets valid", "time" }, + { "version", 0, arg_flag, &g_version_flag }, + { "help", 0, arg_flag, &g_help_flag } +}; + +static void +usage(int ret) +{ + arg_printusage(args, sizeof(args)/sizeof(*args), NULL, "file [principal]"); + exit(ret); +} + +#ifdef EPAKDEBUG +static void +show_epak_request2(krb5_context context, + krb5_principal principal, + krb5_deltat lifetime, + krb5_deltat starttime) +{ + char* p; + char life[64]; + char start[64]; + krb5_unparse_name(context, principal, &p); + unparse_time(lifetime, life, sizeof(life)); + unparse_time(starttime, start, sizeof(start) - 10); + if( starttime == 0 ) + strcpy(start, "now"); + else + strcat(start, " from now"); + fprintf(stderr, "\tPrincipal: %s\n", p); + fprintf(stderr, "\tLifetime: %s\n", life); + fprintf(stderr, "\tStart time: %s\n", start); + free(p); +} +#endif + +static void +create_epak_request(krb5_context context, + char* reqfile, + krb5_principal principal, + krb5_deltat lifetime, + krb5_deltat starttime) +{ + krb5_error_code ret; + epak_error_code epakret; + time_t now; + EPAK_REQ epak_req = { 0 }; + unsigned char* buf; + size_t buf_size; + size_t len; + + /* Get current time (number of seconds since the epoch). */ + now = time(NULL); + if( now == (time_t)-1 ) + errx(EPAK_ERR_GENERIC, "get current time failed"); + + /* Set lifetime to default value if not specified. */ + if( lifetime == 0 ) { + /* Read from krb5.conf, or use hard-coded default if not found */ + lifetime = krb5_config_get_time_default(context, NULL, + EPAK_TICKET_DEFAULT_LIFETIME, + "libdefaults", + EPAK_TICKET_LIFETIME_NAME, + NULL); + } + +#ifdef EPAKDEBUG + EPAKDEBUG1("Creating EPAK-REQUEST with:\n"); + show_epak_request2(context, principal, lifetime, starttime); +#endif + + /* Setup EPAK-Request object. */ + epak_req.epakvno = epakvno; + copy_Principal(principal, &epak_req.epakdata.cprinc); + if( starttime == 0 ) { + epak_req.epakdata.starttime = NULL; + epak_req.epakdata.endtime = now + lifetime; + } else { + ALLOC(epak_req.epakdata.starttime); + *epak_req.epakdata.starttime = now + starttime; + epak_req.epakdata.endtime = *epak_req.epakdata.starttime + lifetime; + } + + /* Create ASN.1 encoded EPAK-REQUEST buffer. */ + ASN1_MALLOC_ENCODE(EPAK_REQ, buf, buf_size, &epak_req, &len, ret); + if( ret ) + krb5_err(context, EPAK_ERR_KRB5, ret, "Failed to encode EPAK-REQUEST"); + if( buf_size != len ) + errx(EPAK_ERR_GENERIC, "Internal error in ASN.1 encoder"); + + /* Save EPAK-REQUEST to reqfile. */ + if( (epakret = save_buf_to_file(buf, buf_size, reqfile)) != 0 ) + errx(epakret, "Error creating epak request file %s", reqfile); + + EPAKDEBUG2("Created EPAK-REQUEST file: %s\n", reqfile); + + /* Cleanup. */ + free(buf); + free_EPAK_REQ(&epak_req); +} + +int +main(int argc, char **argv) +{ + krb5_error_code ret; + krb5_context context; + krb5_principal principal; + krb5_deltat lifetime = 0; + krb5_deltat starttime = 0; + int optind = 0; + char* reqfile = NULL; + + setprogname(argv[0]); + + EPAKDEBUG_SHOW_CMDLINE(); + + if( getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind) ) + usage(EPAK_ERR_CMDLINE); + + if( g_help_flag ) + usage(0); + + if( g_version_flag ) { + printf("genpatrequest version %d, (Heimdal version 0.8.1)\n", epakvno); + printf("Copyright (c) 2007 Phillip Hellewell\n"); + exit(0); + } + + argc -= optind; + argv += optind; + + /* Initialize Kerberos 5 */ + ret = krb5_init_context(&context); + if( ret ) + errx(EPAK_ERR_KRB5, "krb5_init_context failed: %d", ret); + + /* Set lifetime. */ + if( g_lifetime ) { + lifetime = parse_time(g_lifetime, "s"); + if( lifetime < 0 ) + errx(EPAK_ERR_PARSE_TIME, "unparsable lifetime: %s", g_lifetime); + } + + /* Set start-time. */ + if( g_starttime ) { + starttime = parse_time(g_starttime, "s"); + if( starttime < 0 ) + errx(EPAK_ERR_PARSE_TIME, "unparsable start-time: %s", g_starttime); + } + + /* Set output file. This is a required argument */ + if( argc < 1 ) + usage(EPAK_ERR_CMDLINE); + reqfile = argv[0]; + + /* Set principal (name and realm). */ + if( argc >= 2 && argv[1] ) { + ret = krb5_parse_name(context, argv[1], &principal); + if (ret) + krb5_err(context, EPAK_ERR_KRB5, ret, "krb5_parse_name"); + } else { + ret = krb5_get_default_principal(context, &principal); + if (ret) + krb5_err(context, EPAK_ERR_KRB5, ret, "krb5_get_default_principal"); + } + + /* Create EPAK-REQUEST as ASN.1 encoded message, and save to file. */ + create_epak_request(context, reqfile, principal, lifetime, starttime); + + /* Cleanup. */ + krb5_free_principal(context, principal); + krb5_free_context(context); + return 0; +} diff -urNp heimdal-0.8.1/kuser/genpatrequest.cat1 heimdal-0.8.1-epak/kuser/genpatrequest.cat1 --- heimdal-0.8.1/kuser/genpatrequest.cat1 1969-12-31 17:00:00.000000000 -0700 +++ heimdal-0.8.1-epak/kuser/genpatrequest.cat1 2007-06-07 12:11:15.000000000 -0600 @@ -0,0 +1,33 @@ +GENPATREQUEST(1) BSD General Commands Manual GENPATREQUEST(1) + +NNAAMMEE + ggeennppaattrreeqquueesstt -- create EPAK-REQUEST message + +SSYYNNOOPPSSIISS + ggeennppaattrreeqquueesstt [--ll _t_i_m_e | ----lliiffeettiimmee==_t_i_m_e] [--ss _t_i_m_e | ----ssttaarrtt--ttiimmee==_t_i_m_e] + [----vveerrssiioonn] [----hheellpp] _f_i_l_e [_p_r_i_n_c_i_p_a_l] + +DDEESSCCRRIIPPTTIIOONN + ggeennppaattrreeqquueesstt creates an ASN.1 encoded EPAK-Request, which is a message + that is sent to a Pre-Authentication Server to obtain an EPAK Ticket for + the given _p_r_i_n_c_i_p_a_l, or if none is given, a system generated default + (typically your login name at the default realm). The EPAK-Request is + saved to _f_i_l_e. + + Supported options: + + --ll _t_i_m_e, ----lliiffeettiimmee==_t_i_m_e + Specifies the lifetime of the ticket. The argument can either be + in seconds, or a more human readable string like `1h'. + + --ss _t_i_m_e, ----ssttaarrtt--ttiimmee==_t_i_m_e + Obtain a ticket that starts to be valid _t_i_m_e (which can really be + a generic time specification, like `1h') seconds into the future. + +SSEEEE AALLSSOO + genpatreply(8), savepat(1), kinit(1), klist(1), kdestroy(1), + +AAUUTTHHOORR + Written by Phillip Hellewell, Brigham Young University + +genpatrequest 0.1 May 8, 2007 genpatrequest 0.1 diff -urNp heimdal-0.8.1/kuser/kinit.1 heimdal-0.8.1-epak/kuser/kinit.1 --- heimdal-0.8.1/kuser/kinit.1 2007-04-23 10:24:39.000000000 -0600 +++ heimdal-0.8.1-epak/kuser/kinit.1 2007-05-08 16:03:25.000000000 -0600 @@ -85,6 +85,7 @@ .Op Fl -fcache-version= Ns Ar version-number .Op Fl A | Fl -no-addresses .Op Fl -anonymous +.Op Fl -epak .Op Fl -version .Op Fl -help .Op Ar principal Op Ar command @@ -223,6 +224,10 @@ Request a ticket with no addresses. Request an anonymous ticket (which means that the ticket will be issued to an anonymous principal, typically .Dq anonymous@REALM ) . +.It Xo +.Fl -epak +.Xc +Authenticate with extensible pre-authentication. .El .Pp The following options are only available if diff -urNp heimdal-0.8.1/kuser/kinit.c heimdal-0.8.1-epak/kuser/kinit.c --- heimdal-0.8.1/kuser/kinit.c 2007-04-23 10:24:39.000000000 -0600 +++ heimdal-0.8.1-epak/kuser/kinit.c 2007-06-07 11:44:02.000000000 -0600 @@ -58,6 +58,7 @@ int help_flag = 0; int addrs_flag = -1; struct getarg_strings extra_addresses; int anonymous_flag = 0; +int epak_flag = 0; char *lifetime = NULL; char *renew_life = NULL; char *server_str = NULL; @@ -165,6 +166,11 @@ static struct getargs args[] = { "Use RSA encrypted reply (instead of DH)" }, #endif +#ifdef EPAK + { "epak", 0, arg_flag, &epak_flag, + "Use EPAK pre-authentication" }, + +#endif { "version", 0, arg_flag, &version_flag }, { "help", 0, arg_flag, &help_flag } }; @@ -361,6 +367,50 @@ do_524init(krb5_context context, krb5_cc return ret; } +#ifdef EPAK +/* Detect expired credential */ +static int +is_expired(krb5_creds cred) +{ + /* Get current time (number of seconds since the epoch). */ + time_t now = time(NULL); + if( now == (time_t)-1 ) + errx(EPAK_ERR_GENERIC, "get current time failed"); + + return now > cred.times.endtime; +} + +/* Get epakt service credential (which includes EPAK Ticket + * and session key K(c,as)) from credential cache. */ +static krb5_error_code +get_epakt_cred(krb5_context context, + krb5_ccache ccache, + krb5_creds* out_cred) +{ + krb5_error_code ret; + krb5_principal princ; + krb5_creds in_cred; + + /* Clear in_cred so it can be used with krb5_cc_retrieve_cred */ + krb5_cc_clear_mcred(&in_cred); + + /* Get realm of credential cache principal. */ + ret = krb5_cc_get_principal(context, ccache, &princ); + if( ret ) + return ret; + + /* Search for epak service credential (epakt/REALM@REALM). */ + /* FIXME: Need to use pasrealm not princ->realm for 2nd param. */ + in_cred.server = make_epak_principal(context, princ->realm, princ->realm); + ret = krb5_cc_retrieve_cred(context, ccache, 0, &in_cred, out_cred); + + /* Cleanup. */ + krb5_free_principal(context, princ); + + return ret; +} +#endif + static int renew_validate(krb5_context context, int renew, @@ -571,6 +621,33 @@ get_new_tickets(krb5_context context, etype_str.num_strings); } +#ifdef EPAK + if(epak_flag) { + /* Get epakt service from credential cache. */ + krb5_creds epak_cred; + ret = get_epakt_cred(context, ccache, &epak_cred); + if( ret ) + krb5_err(context, 1, ret, "get_epakt_cred"); + + /* Detect expired credential. If we don't catch it here, + * the server (AS) would catch it and return an error */ + if( is_expired(epak_cred) ) + errx(EPAK_ERROR_TICKET_EXPIRED, "EPAK Ticket expired! Redo pre-authentication."); + + /* Perform AS-REQ using pre-auth data (EPAK Ticket) obtained from + * custom pre-authentication (such as tnkinit or sawkinit). */ + ret = krb5_get_init_creds_epak(context, + &cred, + principal, + &epak_cred, + start_time, + server_str, + opt); + + krb5_free_cred_contents(context, &epak_cred); + } else +#endif + if(use_keytab || keytab_str) { krb5_keytab kt; if(keytab_str) diff -urNp heimdal-0.8.1/kuser/kuser_locl.h heimdal-0.8.1-epak/kuser/kuser_locl.h --- heimdal-0.8.1/kuser/kuser_locl.h 2007-04-23 10:24:39.000000000 -0600 +++ heimdal-0.8.1-epak/kuser/kuser_locl.h 2007-05-08 16:03:25.000000000 -0600 @@ -87,4 +87,8 @@ #include #include "crypto-headers.h" /* for des_read_pw_string */ +#ifdef EPAK +#include +#endif + #endif /* __KUSER_LOCL_H__ */ diff -urNp heimdal-0.8.1/kuser/Makefile.am heimdal-0.8.1-epak/kuser/Makefile.am --- heimdal-0.8.1/kuser/Makefile.am 2007-04-23 10:24:39.000000000 -0600 +++ heimdal-0.8.1-epak/kuser/Makefile.am 2007-05-09 09:51:24.000000000 -0600 @@ -4,11 +4,18 @@ include $(top_srcdir)/Makefile.am.common AM_CPPFLAGS += $(INCLUDE_krb4) $(INCLUDE_des) -I$(srcdir)/../lib/krb5 -man_MANS = kinit.1 klist.1 kdestroy.1 kgetcred.1 kimpersonate.1 +if EPAK +genpatrequest_man = genpatrequest.1 +genpatrequest_prog = genpatrequest +savepat_man = savepat.1 +savepat_prog = savepat +endif + +man_MANS = kinit.1 klist.1 kdestroy.1 kgetcred.1 kimpersonate.1 $(genpatrequest_man) $(savepat_man) SLC = $(top_builddir)/lib/sl/slc -bin_PROGRAMS = kinit klist kdestroy kgetcred +bin_PROGRAMS = kinit klist kdestroy kgetcred $(genpatrequest_prog) $(savepat_prog) libexec_PROGRAMS = kdigest kimpersonate noinst_PROGRAMS = kverify kdecode_ticket generate-requests copy_cred_cache @@ -46,6 +53,21 @@ CLEANFILES = kdigest-commands.h kdigest- kdigest-commands.c kdigest-commands.h: kdigest-commands.in $(SLC) $(srcdir)/kdigest-commands.in +if EPAK +kinit_LDADD += \ + $(top_builddir)/lib/epak/libepak.la +genpatrequest_LDADD = \ + $(top_builddir)/lib/krb5/libkrb5.la \ + $(top_builddir)/lib/asn1/libasn1.la \ + $(top_builddir)/lib/epak/libepak.la \ + $(LIB_roken) +savepat_LDADD = \ + $(top_builddir)/lib/krb5/libkrb5.la \ + $(top_builddir)/lib/asn1/libasn1.la \ + $(top_builddir)/lib/epak/libepak.la \ + $(LIB_roken) +endif + LDADD = \ $(top_builddir)/lib/krb5/libkrb5.la \ $(LIB_des) \ diff -urNp heimdal-0.8.1/kuser/Makefile.in heimdal-0.8.1-epak/kuser/Makefile.in --- heimdal-0.8.1/kuser/Makefile.in 2007-04-23 10:25:58.000000000 -0600 +++ heimdal-0.8.1-epak/kuser/Makefile.in 2007-06-07 12:11:03.000000000 -0600 @@ -46,10 +46,13 @@ DIST_COMMON = $(srcdir)/Makefile.am $(sr $(top_srcdir)/Makefile.am.common \ $(top_srcdir)/cf/Makefile.am.common bin_PROGRAMS = kinit$(EXEEXT) klist$(EXEEXT) kdestroy$(EXEEXT) \ - kgetcred$(EXEEXT) + kgetcred$(EXEEXT) $(am__EXEEXT_1) $(am__EXEEXT_2) libexec_PROGRAMS = kdigest$(EXEEXT) kimpersonate$(EXEEXT) noinst_PROGRAMS = kverify$(EXEEXT) kdecode_ticket$(EXEEXT) \ generate-requests$(EXEEXT) copy_cred_cache$(EXEEXT) +@EPAK_TRUE@am__append_1 = \ +@EPAK_TRUE@ $(top_builddir)/lib/epak/libepak.la + subdir = kuser ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ @@ -97,6 +100,8 @@ am__configure_deps = $(am__aclocal_m4_de mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/include/config.h CONFIG_CLEAN_FILES = +@EPAK_TRUE@am__EXEEXT_1 = genpatrequest$(EXEEXT) +@EPAK_TRUE@am__EXEEXT_2 = savepat$(EXEEXT) am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(libexecdir)" \ "$(DESTDIR)$(man1dir)" binPROGRAMS_INSTALL = $(INSTALL_PROGRAM) @@ -115,6 +120,13 @@ generate_requests_LDADD = $(LDADD) generate_requests_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \ $(am__DEPENDENCIES_1) $(top_builddir)/lib/asn1/libasn1.la \ $(am__DEPENDENCIES_1) +genpatrequest_SOURCES = genpatrequest.c +genpatrequest_OBJECTS = genpatrequest.$(OBJEXT) +@EPAK_TRUE@genpatrequest_DEPENDENCIES = \ +@EPAK_TRUE@ $(top_builddir)/lib/krb5/libkrb5.la \ +@EPAK_TRUE@ $(top_builddir)/lib/asn1/libasn1.la \ +@EPAK_TRUE@ $(top_builddir)/lib/epak/libepak.la \ +@EPAK_TRUE@ $(am__DEPENDENCIES_1) kdecode_ticket_SOURCES = kdecode_ticket.c kdecode_ticket_OBJECTS = kdecode_ticket.$(OBJEXT) kdecode_ticket_LDADD = $(LDADD) @@ -125,11 +137,12 @@ kdestroy_SOURCES = kdestroy.c kdestroy_OBJECTS = kdestroy.$(OBJEXT) am__DEPENDENCIES_2 = $(top_builddir)/lib/kafs/libkafs.la \ $(am__DEPENDENCIES_1) -am__DEPENDENCIES_3 = $(am__DEPENDENCIES_2) \ +@EPAK_TRUE@am__DEPENDENCIES_3 = $(top_builddir)/lib/epak/libepak.la +am__DEPENDENCIES_4 = $(am__DEPENDENCIES_2) \ $(top_builddir)/lib/krb5/libkrb5.la $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(top_builddir)/lib/asn1/libasn1.la \ - $(am__DEPENDENCIES_1) -kdestroy_DEPENDENCIES = $(am__DEPENDENCIES_3) + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_3) +kdestroy_DEPENDENCIES = $(am__DEPENDENCIES_4) dist_kdigest_OBJECTS = kdigest.$(OBJEXT) nodist_kdigest_OBJECTS = kdigest-commands.$(OBJEXT) kdigest_OBJECTS = $(dist_kdigest_OBJECTS) $(nodist_kdigest_OBJECTS) @@ -145,22 +158,28 @@ kgetcred_DEPENDENCIES = $(top_builddir)/ $(am__DEPENDENCIES_1) kimpersonate_SOURCES = kimpersonate.c kimpersonate_OBJECTS = kimpersonate.$(OBJEXT) -kimpersonate_DEPENDENCIES = $(am__DEPENDENCIES_3) +kimpersonate_DEPENDENCIES = $(am__DEPENDENCIES_4) kinit_SOURCES = kinit.c kinit_OBJECTS = kinit.$(OBJEXT) kinit_DEPENDENCIES = $(am__DEPENDENCIES_2) \ $(top_builddir)/lib/krb5/libkrb5.la $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(top_builddir)/lib/asn1/libasn1.la \ - $(am__DEPENDENCIES_1) + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_3) klist_SOURCES = klist.c klist_OBJECTS = klist.$(OBJEXT) -klist_DEPENDENCIES = $(am__DEPENDENCIES_3) +klist_DEPENDENCIES = $(am__DEPENDENCIES_4) kverify_SOURCES = kverify.c kverify_OBJECTS = kverify.$(OBJEXT) kverify_LDADD = $(LDADD) kverify_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \ $(am__DEPENDENCIES_1) $(top_builddir)/lib/asn1/libasn1.la \ $(am__DEPENDENCIES_1) +savepat_SOURCES = savepat.c +savepat_OBJECTS = savepat.$(OBJEXT) +@EPAK_TRUE@savepat_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \ +@EPAK_TRUE@ $(top_builddir)/lib/asn1/libasn1.la \ +@EPAK_TRUE@ $(top_builddir)/lib/epak/libepak.la \ +@EPAK_TRUE@ $(am__DEPENDENCIES_1) DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include depcomp = am__depfiles_maybe = @@ -172,12 +191,13 @@ LTCOMPILE = $(LIBTOOL) --tag=CC --mode=c CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(AM_LDFLAGS) $(LDFLAGS) -o $@ -SOURCES = copy_cred_cache.c generate-requests.c kdecode_ticket.c \ - kdestroy.c $(dist_kdigest_SOURCES) $(nodist_kdigest_SOURCES) \ - kgetcred.c kimpersonate.c kinit.c klist.c kverify.c -DIST_SOURCES = copy_cred_cache.c generate-requests.c kdecode_ticket.c \ - kdestroy.c $(dist_kdigest_SOURCES) kgetcred.c kimpersonate.c \ - kinit.c klist.c kverify.c +SOURCES = copy_cred_cache.c generate-requests.c genpatrequest.c \ + kdecode_ticket.c kdestroy.c $(dist_kdigest_SOURCES) \ + $(nodist_kdigest_SOURCES) kgetcred.c kimpersonate.c kinit.c \ + klist.c kverify.c savepat.c +DIST_SOURCES = copy_cred_cache.c generate-requests.c genpatrequest.c \ + kdecode_ticket.c kdestroy.c $(dist_kdigest_SOURCES) kgetcred.c \ + kimpersonate.c kinit.c klist.c kverify.c savepat.c man1dir = $(mandir)/man1 MANS = $(man_MANS) ETAGS = etags @@ -227,6 +247,10 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ ENABLE_SHARED_FALSE = @ENABLE_SHARED_FALSE@ ENABLE_SHARED_TRUE = @ENABLE_SHARED_TRUE@ +EPAKDEBUG_FALSE = @EPAKDEBUG_FALSE@ +EPAKDEBUG_TRUE = @EPAKDEBUG_TRUE@ +EPAK_FALSE = @EPAK_FALSE@ +EPAK_TRUE = @EPAK_TRUE@ EXEEXT = @EXEEXT@ EXTRA_LIB45 = @EXTRA_LIB45@ F77 = @F77@ @@ -455,17 +479,16 @@ LIB_kafs = $(top_builddir)/lib/kafs/libk @KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la @KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la @DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la -man_MANS = kinit.1 klist.1 kdestroy.1 kgetcred.1 kimpersonate.1 +@EPAK_TRUE@genpatrequest_man = genpatrequest.1 +@EPAK_TRUE@genpatrequest_prog = genpatrequest +@EPAK_TRUE@savepat_man = savepat.1 +@EPAK_TRUE@savepat_prog = savepat +man_MANS = kinit.1 klist.1 kdestroy.1 kgetcred.1 kimpersonate.1 $(genpatrequest_man) $(savepat_man) SLC = $(top_builddir)/lib/sl/slc noinst_MANS = copy_cred_cache.1 -kinit_LDADD = \ - $(LIB_kafs) \ - $(top_builddir)/lib/krb5/libkrb5.la \ - $(LIB_krb4) \ - $(LIB_des) \ - $(top_builddir)/lib/asn1/libasn1.la \ - $(LIB_roken) - +kinit_LDADD = $(LIB_kafs) $(top_builddir)/lib/krb5/libkrb5.la \ + $(LIB_krb4) $(LIB_des) $(top_builddir)/lib/asn1/libasn1.la \ + $(LIB_roken) $(am__append_1) kdestroy_LDADD = $(kinit_LDADD) klist_LDADD = $(kinit_LDADD) kimpersonate_LDADD = $(kinit_LDADD) @@ -480,6 +503,18 @@ kdigest_LDADD = \ $(LIB_roken) CLEANFILES = kdigest-commands.h kdigest-commands.c +@EPAK_TRUE@genpatrequest_LDADD = \ +@EPAK_TRUE@ $(top_builddir)/lib/krb5/libkrb5.la \ +@EPAK_TRUE@ $(top_builddir)/lib/asn1/libasn1.la \ +@EPAK_TRUE@ $(top_builddir)/lib/epak/libepak.la \ +@EPAK_TRUE@ $(LIB_roken) + +@EPAK_TRUE@savepat_LDADD = \ +@EPAK_TRUE@ $(top_builddir)/lib/krb5/libkrb5.la \ +@EPAK_TRUE@ $(top_builddir)/lib/asn1/libasn1.la \ +@EPAK_TRUE@ $(top_builddir)/lib/epak/libepak.la \ +@EPAK_TRUE@ $(LIB_roken) + LDADD = \ $(top_builddir)/lib/krb5/libkrb5.la \ $(LIB_des) \ @@ -589,6 +624,9 @@ copy_cred_cache$(EXEEXT): $(copy_cred_ca generate-requests$(EXEEXT): $(generate_requests_OBJECTS) $(generate_requests_DEPENDENCIES) @rm -f generate-requests$(EXEEXT) $(LINK) $(generate_requests_LDFLAGS) $(generate_requests_OBJECTS) $(generate_requests_LDADD) $(LIBS) +genpatrequest$(EXEEXT): $(genpatrequest_OBJECTS) $(genpatrequest_DEPENDENCIES) + @rm -f genpatrequest$(EXEEXT) + $(LINK) $(genpatrequest_LDFLAGS) $(genpatrequest_OBJECTS) $(genpatrequest_LDADD) $(LIBS) kdecode_ticket$(EXEEXT): $(kdecode_ticket_OBJECTS) $(kdecode_ticket_DEPENDENCIES) @rm -f kdecode_ticket$(EXEEXT) $(LINK) $(kdecode_ticket_LDFLAGS) $(kdecode_ticket_OBJECTS) $(kdecode_ticket_LDADD) $(LIBS) @@ -613,6 +651,9 @@ klist$(EXEEXT): $(klist_OBJECTS) $(klist kverify$(EXEEXT): $(kverify_OBJECTS) $(kverify_DEPENDENCIES) @rm -f kverify$(EXEEXT) $(LINK) $(kverify_LDFLAGS) $(kverify_OBJECTS) $(kverify_LDADD) $(LIBS) +savepat$(EXEEXT): $(savepat_OBJECTS) $(savepat_DEPENDENCIES) + @rm -f savepat$(EXEEXT) + $(LINK) $(savepat_LDFLAGS) $(savepat_OBJECTS) $(savepat_LDADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) diff -urNp heimdal-0.8.1/kuser/savepat.1 heimdal-0.8.1-epak/kuser/savepat.1 --- heimdal-0.8.1/kuser/savepat.1 1969-12-31 17:00:00.000000000 -0700 +++ heimdal-0.8.1-epak/kuser/savepat.1 2007-05-08 17:03:43.000000000 -0600 @@ -0,0 +1,63 @@ +.\" Copyright (c) 2007 Phillip Hellewell +.\" (Brigham Young University, Utah, USA). +.\" All rights reserved. +.\" +.\" $Id$ +.\" +.Dd May 8, 2007 +.Dt SAVEPAT 1 +.Os savepat 0.1 +.Sh NAME +.Nm savepat +.Nd save EPAK-REPLY information to credential cache +.Sh SYNOPSIS +.Nm savepat +.Oo Fl c Ar cachename \*(Ba Xo +.Fl -cache= Ns Ar cachename +.Xc +.Oc +.Op Fl -fcache-version= Ns Ar integer +.Op Fl -version +.Op Fl -help +.Ar repfile +.Ar reqfile +.Sh DESCRIPTION +.Nm +saves the session key K(c,as) and EPAK ticket from an EPAK-Reply contained +in +.Ar repfile +into your credential cache, which can then be read by tnkinit --epak to be +passed to the kerberos server as pre-authentication data. +.Pp +.Ar reqfile +specifies the file containing the EPAK-Request, and is used to verify that +the EPAK-Reply goes with this specific request (nonce matches, etc.). +.Pp +Supported options: +.Bl -tag -width Ds +.It Xo +.Fl c Ar cachename , +.Fl -cache= Ns Ar cachename +.Xc +The credentials cache to put the acquired ticket in, if other than +default. +.It Xo +.Fl -fcache-version= Ns Ar version +.Xc +Create a credentials cache of version +.Nm version . +.El +.\".Sh ENVIRONMENT +.\".Sh FILES +.\".Sh EXAMPLES +.\".Sh DIAGNOSTICS +.Sh SEE ALSO +.Xr genpatrequest 1 , +.Xr genpatreply 8 , +.Xr kinit 1 , +.Xr klist 1 , +.Xr kdestroy 1 , +.\".Sh HISTORY +.Sh AUTHOR +Written by Phillip Hellewell, Brigham Young University +.\".Sh BUGS diff -urNp heimdal-0.8.1/kuser/savepat.c heimdal-0.8.1-epak/kuser/savepat.c --- heimdal-0.8.1/kuser/savepat.c 1969-12-31 17:00:00.000000000 -0700 +++ heimdal-0.8.1-epak/kuser/savepat.c 2007-06-07 11:44:02.000000000 -0600 @@ -0,0 +1,183 @@ +/* + * Copyright (c) 2007 Phillip Hellewell + * Brigham Young University + * All rights reserved. + */ + +#include "kuser_locl.h" +RCSID("$Id$"); + +char *g_cred_cache = NULL; +int g_fcache_version = 0; +int g_version_flag = 0; +int g_help_flag = 0; + +static struct getargs args[] = { + { "cache", 'c', arg_string, &g_cred_cache, "credentials cache", "cachename" }, + { "fcache-version", 0, arg_integer, &g_fcache_version, "file cache version to create" }, + { "version", 0, arg_flag, &g_version_flag }, + { "help", 0, arg_flag, &g_help_flag } +}; + +static epak_error_code +verify_epak_reply(krb5_context context, + const EPAK_REQ* epak_req, + const EPAK_REP* epak_rep) +{ + /* Verify version number is valid. */ + if( epak_rep->epakvno != epakvno ) + return EPAK_ERR_REPLY_BAD_VERSION; + + /* Verify client principal matches request. */ + if( krb5_principal_compare(context, &epak_rep->epakdata.cprinc, &epak_req->epakdata.cprinc) != TRUE ) + return EPAK_ERR_REPLY_PRINCIPAL_MISMATCH; + + return EPAK_ERR_NONE; +} + +/* Convert EPAKTicket from EPAK-REPLY (which is just an EncryptedData) + * into a Ticket object, suitable for storing in a credential cache. */ +static void +make_epak_ticket(krb5_context context, + krb5_realm crealm, + krb5_realm pasrealm, + const EncryptedData* in_ticket, + Ticket* out_ticket) +{ + krb5_principal epakserver = make_epak_principal(context, crealm, pasrealm); + + out_ticket->tkt_vno = 5; /* Kerberos V5 */ + copy_Realm(&epakserver->realm, &out_ticket->realm); + copy_PrincipalName(&epakserver->name, &out_ticket->sname); + copy_EncryptedData(in_ticket, &out_ticket->enc_part); +} + +/* Save EPAK-REPLY (Ticket, Session Key, etc) to user's credential cache. */ +static void +cache_epak_reply(krb5_context context, + const EPAK_REP* epak_rep) +{ + krb5_error_code ret; + krb5_ccache ccache; + krb5_creds cred; + Ticket ticket; + + /* Set up credential with EPAK-REPLY data (principal, session key, etc.). */ + memset(&cred, 0, sizeof(cred)); + krb5_copy_principal(context, &epak_rep->epakdata.cprinc, &cred.client); + cred.server = make_epak_principal(context, cred.client->realm, epak_rep->pasrealm); + krb5_copy_keyblock_contents(context, &epak_rep->key, &cred.session); + cred.times.starttime = *epak_rep->epakdata.starttime; + cred.times.endtime = epak_rep->epakdata.endtime; + cred.times.authtime = cred.times.starttime; /* N/A. */ + cred.times.renew_till = 0; /* N/A. */ + cred.flags.b.pre_authent = 1; + + /* Set up credential with ticket from EPAK-REPLY. */ + make_epak_ticket(context, cred.client->realm, cred.server->realm, + &epak_rep->epakticket, &ticket); + ASN1_MALLOC_ENCODE(Ticket, cred.ticket.data, cred.ticket.length, + &ticket, &cred.ticket.length, ret); + if(ret) + krb5_err(context, EPAK_ERR_KRB5, ret, "ASN1_MALLOC_ENCODE(Ticket)"); + + /* Set credential cache version. */ + if( g_fcache_version ) + krb5_set_fcache_version(context, g_fcache_version); + + /* Open credential cache. */ + if( g_cred_cache ) + ret = krb5_cc_resolve(context, g_cred_cache, &ccache); + else + ret = krb5_cc_default(context, &ccache); + if( ret ) + krb5_err(context, EPAK_ERR_KRB5, ret, "resolving credentials cache"); + + /* Initialize credential cache. Creates a new/empty credential cache + * (which is what we want). */ + ret = krb5_cc_initialize(context, ccache, cred.client); + if (ret) + krb5_err(context, EPAK_ERR_KRB5, ret, "krb5_cc_initialize"); + + /* Save credential containing EPAK-REPLY data to credential cache. */ + ret = krb5_cc_store_cred(context, ccache, &cred); + if( ret ) + krb5_err(context, EPAK_ERR_KRB5, ret, "krb5_cc_store_cred"); + + EPAKDEBUG1("Saved EPAK-REPLY to credential cache. Use klist to view.\n"); + + /* Cleanup. */ + free_Ticket(&ticket); + krb5_free_cred_contents(context, &cred); + krb5_cc_close(context, ccache); +} + +static void +usage(int ret) +{ + arg_printusage(args, sizeof(args)/sizeof(*args), NULL, "repfile reqfile"); + exit(ret); +} + +int +main(int argc, char **argv) +{ + krb5_error_code ret; + epak_error_code epakret; + krb5_context context; + int optind = 0; + char* reqfile = NULL; + char* repfile = NULL; + EPAK_REQ epak_req; /* EPAK-REQUEST */ + EPAK_REP epak_rep; /* EPAK-REPLY */ + + setprogname (argv[0]); + + EPAKDEBUG_SHOW_CMDLINE(); + + if( getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind) ) + usage(EPAK_ERR_CMDLINE); + + if( g_help_flag ) + usage(0); + + if( g_version_flag ) { + printf("savepat version %d, (Heimdal version 0.8.1)\n", epakvno); + printf("Copyright (c) 2007 Phillip Hellewell\n"); + exit(0); + } + + argc -= optind; + argv += optind; + + /* Set reply and request files. Both are required args. */ + if( argc < 2 ) + usage(EPAK_ERR_CMDLINE); + repfile = argv[0]; + reqfile = argv[1]; + + /* Initialize kerberos. */ + ret = krb5_init_context(&context); + if( ret ) + errx(EPAK_ERR_KRB5, "krb5_init_context failed: %d", ret); + + /* Read and decode EPAK-REQUEST message. */ + read_epak_request(context, reqfile, &epak_req); + + /* Read and decode EPAK-REPLY message. */ + read_epak_reply(context, repfile, &epak_rep); + + /* Verify EPAK-REPLY. */ + epakret = verify_epak_reply(context, &epak_req, &epak_rep); + if( epakret ) + errx(ret, "verify_epak_reply failed with error: %d", ret); + + /* Save EPAK-REPLY to credential cache. */ + cache_epak_reply(context, &epak_rep); + + /* Cleanup. */ + free_EPAK_REQ(&epak_req); + free_EPAK_REP(&epak_rep); + krb5_free_context(context); + return 0; +} diff -urNp heimdal-0.8.1/kuser/savepat.cat1 heimdal-0.8.1-epak/kuser/savepat.cat1 --- heimdal-0.8.1/kuser/savepat.cat1 1969-12-31 17:00:00.000000000 -0700 +++ heimdal-0.8.1-epak/kuser/savepat.cat1 2007-06-07 12:11:15.000000000 -0600 @@ -0,0 +1,35 @@ +SAVEPAT(1) BSD General Commands Manual SAVEPAT(1) + +NNAAMMEE + ssaavveeppaatt -- save EPAK-REPLY information to credential cache + +SSYYNNOOPPSSIISS + ssaavveeppaatt [--cc _c_a_c_h_e_n_a_m_e | ----ccaacchhee==_c_a_c_h_e_n_a_m_e] [----ffccaacchhee--vveerrssiioonn==_i_n_t_e_g_e_r] + [----vveerrssiioonn] [----hheellpp] _r_e_p_f_i_l_e _r_e_q_f_i_l_e + +DDEESSCCRRIIPPTTIIOONN + ssaavveeppaatt saves the session key K(c,as) and EPAK ticket from an EPAK-Reply + contained in _r_e_p_f_i_l_e into your credential cache, which can then be read + by tnkinit --epak to be passed to the kerberos server as pre-authentica- + tion data. + + _r_e_q_f_i_l_e specifies the file containing the EPAK-Request, and is used to + verify that the EPAK-Reply goes with this specific request (nonce + matches, etc.). + + Supported options: + + --cc _c_a_c_h_e_n_a_m_e, ----ccaacchhee==_c_a_c_h_e_n_a_m_e + The credentials cache to put the acquired ticket in, if other + than default. + + ----ffccaacchhee--vveerrssiioonn==_v_e_r_s_i_o_n + Create a credentials cache of version vveerrssiioonn. + +SSEEEE AALLSSOO + genpatrequest(1), genpatreply(8), kinit(1), klist(1), kdestroy(1), + +AAUUTTHHOORR + Written by Phillip Hellewell, Brigham Young University + +savepat 0.1 May 8, 2007 savepat 0.1 diff -urNp heimdal-0.8.1/lib/45/Makefile.in heimdal-0.8.1-epak/lib/45/Makefile.in --- heimdal-0.8.1/lib/45/Makefile.in 2007-04-23 10:25:59.000000000 -0600 +++ heimdal-0.8.1-epak/lib/45/Makefile.in 2007-06-07 12:11:03.000000000 -0600 @@ -166,6 +166,10 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ ENABLE_SHARED_FALSE = @ENABLE_SHARED_FALSE@ ENABLE_SHARED_TRUE = @ENABLE_SHARED_TRUE@ +EPAKDEBUG_FALSE = @EPAKDEBUG_FALSE@ +EPAKDEBUG_TRUE = @EPAKDEBUG_TRUE@ +EPAK_FALSE = @EPAK_FALSE@ +EPAK_TRUE = @EPAK_TRUE@ EXEEXT = @EXEEXT@ EXTRA_LIB45 = @EXTRA_LIB45@ F77 = @F77@ diff -urNp heimdal-0.8.1/lib/asn1/epak.asn1 heimdal-0.8.1-epak/lib/asn1/epak.asn1 --- heimdal-0.8.1/lib/asn1/epak.asn1 1969-12-31 17:00:00.000000000 -0700 +++ heimdal-0.8.1-epak/lib/asn1/epak.asn1 2007-06-07 11:44:02.000000000 -0600 @@ -0,0 +1,99 @@ +-- $Id$ + +EPAK DEFINITIONS ::= +BEGIN + +IMPORTS Realm, Principal, KerberosTime, EncryptionKey, EncryptedData, + Checksum, krb5int32 FROM krb5; + +epakvno INTEGER ::= 1 -- Current EPAK protocol version number. + +-- EPAK Data: Main data including principal names, etc. +EPAKData ::= SEQUENCE { + -- Client principal (name and realm). + cprinc[0] Principal, + + -- Client requests desired start and end time. + -- Server responds with granted start/end time. + -- (EPAKTicket is not renewable). + starttime[1] KerberosTime OPTIONAL, + endtime[2] KerberosTime +} + +-- The EPAK Ticket is always encrypted by the EPAK key, aka K(epak). +EPAKTicket ::= SEQUENCE { + -- Session key K(c,as). (A random session key between client + -- and AS, generated by pre-authentication server). + key[0] EncryptionKey, + + -- Main data including principal names, etc. + epakdata[1] EPAKData +} + +-- The EPAK Authenticator helps prove that this client was recently granted +-- the EPAK Ticket, which help prevent replay. Serves same purpose as +-- authenticators in RFC 4120. +EPAKAuth ::= SEQUENCE { + cprinc[0] Principal, + cksum[2] Checksum OPTIONAL, + cusec[3] krb5int32, + ctime[4] KerberosTime +} + +-- EPAK Request: Used to obtain pre-authentication for a client from a +-- custom pre-authentication server. +EPAK-REQ ::= SEQUENCE { + -- EPAK Version number. + epakvno[0] INTEGER (-2147483648..2147483647), + + -- Main data including principal names, etc. + epakdata[1] EPAKData +} + +-- EPAK Reply: Response from pre-authentication server. +-- Contains pre-authentication data to be used in AS-REQ. +EPAK-REP ::= SEQUENCE { + -- EPAK Version number. + epakvno[0] INTEGER (-2147483648..2147483647), + + -- Main data including principal names, etc. + epakdata[1] EPAKData, + + -- Realm of pre-authentication server (PAS) + pasrealm Realm, + + -- Session Key K(c,as) that will be needed to decode the AS-REP. + -- (Random session key between client and AS). + key[3] EncryptionKey, + + -- Encrypted EPAK Ticket, which is used as the pre-auth data in AS-REQ. + -- The ticket also contains the session key K(c,as). + epakticket[4] EncryptedData +} + +-- EPAK pre-authentication data for AS-REQ. +PA-EPAK-AS-REQ ::= SEQUENCE { + -- EPAK Version number. + epakvno[0] INTEGER (-2147483648..2147483647), + + -- Realm of pre-authentication server (PAS) + pasrealm Realm, + + -- Encrypted EPAK Ticket, which is the pre-auth data. + -- The ticket also contains the session key K(c,as). + epakticket[1] EncryptedData, + + -- Encrypted EPAK Authenticator, to help prevent replay. + epakauth[2] EncryptedData +} + +-- EPAK pre-authentication data for AS-REP. +PA-EPAK-AS-REP ::= SEQUENCE { + -- EPAK Version number. + epakvno[0] INTEGER (-2147483648..2147483647), + + -- Server responds with 0 if pre-auth succeeded. + result[1] INTEGER (-2147483648..2147483647) +} + +END diff -urNp heimdal-0.8.1/lib/asn1/k5.asn1 heimdal-0.8.1-epak/lib/asn1/k5.asn1 --- heimdal-0.8.1/lib/asn1/k5.asn1 2007-04-23 10:23:53.000000000 -0600 +++ heimdal-0.8.1-epak/lib/asn1/k5.asn1 2007-05-08 13:12:13.000000000 -0600 @@ -71,10 +71,12 @@ PADATA-TYPE ::= INTEGER { KRB5-PADATA-TD-REQ-SEQ(108), -- INTEGER KRB5-PADATA-PA-PAC-REQUEST(128), -- jbrezak@exchange.microsoft.com KRB5-PADATA-S4U2SELF(129), - KRB5-PADATA-PK-AS-09-BINDING(132) -- client send this to + KRB5-PADATA-PK-AS-09-BINDING(132), -- client send this to -- tell KDC that is supports -- the asCheckSum in the -- PK-AS-REP + KRB5-PADATA-EPAK-AS-REQ(145), -- (EPAK) + KRB5-PADATA-EPAK-AS-REP(146) -- (EPAK) } AUTHDATA-TYPE ::= INTEGER { diff -urNp heimdal-0.8.1/lib/asn1/Makefile.am heimdal-0.8.1-epak/lib/asn1/Makefile.am --- heimdal-0.8.1/lib/asn1/Makefile.am 2007-04-23 10:23:53.000000000 -0600 +++ heimdal-0.8.1-epak/lib/asn1/Makefile.am 2007-05-08 12:51:29.000000000 -0600 @@ -21,6 +21,7 @@ BUILT_SOURCES = \ $(gen_files_pkcs12:.x=.c) \ $(gen_files_digest:.x=.c) \ $(gen_files_kx509:.x=.c) \ + $(gen_files_epak:.x=.c) \ asn1_err.h \ asn1_err.c @@ -414,6 +415,14 @@ gen_files_kx509 = \ asn1_Kx509Response.x \ asn1_Kx509Request.x +gen_files_epak = \ + asn1_EPAKData.x \ + asn1_EPAKTicket.x \ + asn1_EPAK_REQ.x \ + asn1_EPAK_REP.x \ + asn1_PA_EPAK_AS_REQ.x \ + asn1_PA_EPAK_AS_REP.x + noinst_PROGRAMS = asn1_compile asn1_print asn1_gen TESTS = check-der check-gen check-timegm @@ -489,6 +498,7 @@ CLEANFILES = lex.c parse.c parse.h \ $(gen_files_pkcs12) \ $(gen_files_digest) \ $(gen_files_kx509) \ + $(gen_files_epak) \ $(gen_files_test) $(nodist_check_gen_SOURCES) \ rfc2459_asn1_files rfc2459_asn1.h \ cms_asn1_files cms_asn1.h \ @@ -499,6 +509,7 @@ CLEANFILES = lex.c parse.c parse.h \ pkcs12_asn1_files pkcs12_asn1.h \ digest_asn1_files digest_asn1.h \ kx509_asn1_files kx509_asn1.h \ + epak_asn1_files epak_asn1.h \ test_asn1_files test_asn1.h dist_include_HEADERS = der.h heim_asn1.h der-protos.h @@ -513,6 +524,7 @@ nodist_include_HEADERS += pkcs9_asn1.h nodist_include_HEADERS += pkcs12_asn1.h nodist_include_HEADERS += digest_asn1.h nodist_include_HEADERS += kx509_asn1.h +nodist_include_HEADERS += epak_asn1.h $(asn1_compile_OBJECTS): parse.h parse.c $(srcdir)/der-protos.h $(libasn1_la_OBJECTS): krb5_asn1.h asn1_err.h $(srcdir)/der-protos.h @@ -528,6 +540,7 @@ $(gen_files_pkcs9) pkcs9_asn1.h: pkcs9_a $(gen_files_pkcs12) pkcs12_asn1.h: pkcs12_asn1_files $(gen_files_digest) digest_asn1.h: digest_asn1_files $(gen_files_kx509) kx509_asn1.h: kx509_asn1_files +$(gen_files_epak) epak_asn1.h: epak_asn1_files $(gen_files_rfc2459) rfc2459_asn1.h: rfc2459_asn1_files $(gen_files_cms) cms_asn1.h: cms_asn1_files $(gen_files_test) test_asn1.h: test_asn1_files @@ -559,6 +572,9 @@ digest_asn1_files: asn1_compile$(EXEEXT) kx509_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/kx509.asn1 ./asn1_compile$(EXEEXT) $(srcdir)/kx509.asn1 kx509_asn1 || (rm -f kx509_asn1_files ; exit 1) +epak_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/epak.asn1 + ./asn1_compile$(EXEEXT) $(srcdir)/epak.asn1 epak_asn1 || (rm -f epak_asn1_files ; exit 1) + test_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/test.asn1 ./asn1_compile$(EXEEXT) --sequence=TESTSeqOf $(srcdir)/test.asn1 test_asn1 || (rm -f test_asn1_files ; exit 1) @@ -573,6 +589,7 @@ EXTRA_DIST = \ pkcs8.asn1 \ pkcs9.asn1 \ pkinit.asn1 \ + epak.asn1 \ rfc2459.asn1 $(srcdir)/der-protos.h: diff -urNp heimdal-0.8.1/lib/asn1/Makefile.in heimdal-0.8.1-epak/lib/asn1/Makefile.in --- heimdal-0.8.1/lib/asn1/Makefile.in 2007-04-23 10:25:59.000000000 -0600 +++ heimdal-0.8.1-epak/lib/asn1/Makefile.in 2007-06-07 12:11:04.000000000 -0600 @@ -296,10 +296,13 @@ am__objects_8 = asn1_DigestError.lo asn1 asn1_DigestRequest.lo asn1_DigestResponse.lo asn1_NTLMInit.lo \ asn1_NTLMInitReply.lo asn1_NTLMRequest.lo asn1_NTLMResponse.lo am__objects_9 = asn1_Kx509Response.lo asn1_Kx509Request.lo -am__objects_10 = $(am__objects_1) $(am__objects_2) $(am__objects_3) \ +am__objects_10 = asn1_EPAKData.lo asn1_EPAKTicket.lo asn1_EPAK_REQ.lo \ + asn1_EPAK_REP.lo asn1_PA_EPAK_AS_REQ.lo asn1_PA_EPAK_AS_REP.lo +am__objects_11 = $(am__objects_1) $(am__objects_2) $(am__objects_3) \ $(am__objects_4) $(am__objects_5) $(am__objects_6) \ - $(am__objects_7) $(am__objects_8) $(am__objects_9) asn1_err.lo -nodist_libasn1_la_OBJECTS = $(am__objects_10) + $(am__objects_7) $(am__objects_8) $(am__objects_9) \ + $(am__objects_10) asn1_err.lo +nodist_libasn1_la_OBJECTS = $(am__objects_11) libasn1_la_OBJECTS = $(dist_libasn1_la_OBJECTS) \ $(nodist_libasn1_la_OBJECTS) am__EXEEXT_1 = check-der$(EXEEXT) check-gen$(EXEEXT) \ @@ -324,7 +327,7 @@ am_check_der_OBJECTS = check-der.$(OBJEX check_der_OBJECTS = $(am_check_der_OBJECTS) check_der_DEPENDENCIES = libasn1.la $(am__DEPENDENCIES_1) dist_check_gen_OBJECTS = check-gen.$(OBJEXT) check-common.$(OBJEXT) -am__objects_11 = asn1_TESTAlloc.$(OBJEXT) \ +am__objects_12 = asn1_TESTAlloc.$(OBJEXT) \ asn1_TESTAllocInner.$(OBJEXT) asn1_TESTCONTAINING.$(OBJEXT) \ asn1_TESTCONTAININGENCODEDBY.$(OBJEXT) \ asn1_TESTCONTAININGENCODEDBY2.$(OBJEXT) \ @@ -335,7 +338,7 @@ am__objects_11 = asn1_TESTAlloc.$(OBJEXT asn1_TESTInteger3.$(OBJEXT) asn1_TESTLargeTag.$(OBJEXT) \ asn1_TESTSeq.$(OBJEXT) asn1_TESTUSERCONSTRAINED.$(OBJEXT) \ asn1_TESTSeqOf.$(OBJEXT) -nodist_check_gen_OBJECTS = $(am__objects_11) +nodist_check_gen_OBJECTS = $(am__objects_12) check_gen_OBJECTS = $(dist_check_gen_OBJECTS) \ $(nodist_check_gen_OBJECTS) check_gen_DEPENDENCIES = $(am__DEPENDENCIES_2) @@ -416,6 +419,10 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ ENABLE_SHARED_FALSE = @ENABLE_SHARED_FALSE@ ENABLE_SHARED_TRUE = @ENABLE_SHARED_TRUE@ +EPAKDEBUG_FALSE = @EPAKDEBUG_FALSE@ +EPAKDEBUG_TRUE = @EPAKDEBUG_TRUE@ +EPAK_FALSE = @EPAK_FALSE@ +EPAK_TRUE = @EPAK_TRUE@ EXEEXT = @EXEEXT@ EXTRA_LIB45 = @EXTRA_LIB45@ F77 = @F77@ @@ -659,6 +666,7 @@ BUILT_SOURCES = \ $(gen_files_pkcs12:.x=.c) \ $(gen_files_digest:.x=.c) \ $(gen_files_kx509:.x=.c) \ + $(gen_files_epak:.x=.c) \ asn1_err.h \ asn1_err.c @@ -1052,6 +1060,14 @@ gen_files_kx509 = \ asn1_Kx509Response.x \ asn1_Kx509Request.x +gen_files_epak = \ + asn1_EPAKData.x \ + asn1_EPAKTicket.x \ + asn1_EPAK_REQ.x \ + asn1_EPAK_REP.x \ + asn1_PA_EPAK_AS_REQ.x \ + asn1_PA_EPAK_AS_REP.x + TESTS = check-der check-gen check-timegm asn1_gen_SOURCES = asn1_gen.c asn1_print_SOURCES = asn1_print.c @@ -1119,6 +1135,7 @@ CLEANFILES = lex.c parse.c parse.h \ $(gen_files_pkcs12) \ $(gen_files_digest) \ $(gen_files_kx509) \ + $(gen_files_epak) \ $(gen_files_test) $(nodist_check_gen_SOURCES) \ rfc2459_asn1_files rfc2459_asn1.h \ cms_asn1_files cms_asn1.h \ @@ -1129,12 +1146,13 @@ CLEANFILES = lex.c parse.c parse.h \ pkcs12_asn1_files pkcs12_asn1.h \ digest_asn1_files digest_asn1.h \ kx509_asn1_files kx509_asn1.h \ + epak_asn1_files epak_asn1.h \ test_asn1_files test_asn1.h dist_include_HEADERS = der.h heim_asn1.h der-protos.h nodist_include_HEADERS = asn1_err.h krb5_asn1.h pkinit_asn1.h \ cms_asn1.h rfc2459_asn1.h pkcs8_asn1.h pkcs9_asn1.h \ - pkcs12_asn1.h digest_asn1.h kx509_asn1.h + pkcs12_asn1.h digest_asn1.h kx509_asn1.h epak_asn1.h EXTRA_DIST = \ asn1_err.et \ CMS.asn1 \ @@ -1146,6 +1164,7 @@ EXTRA_DIST = \ pkcs8.asn1 \ pkcs9.asn1 \ pkinit.asn1 \ + epak.asn1 \ rfc2459.asn1 all: $(BUILT_SOURCES) @@ -1770,6 +1789,7 @@ $(gen_files_pkcs9) pkcs9_asn1.h: pkcs9_a $(gen_files_pkcs12) pkcs12_asn1.h: pkcs12_asn1_files $(gen_files_digest) digest_asn1.h: digest_asn1_files $(gen_files_kx509) kx509_asn1.h: kx509_asn1_files +$(gen_files_epak) epak_asn1.h: epak_asn1_files $(gen_files_rfc2459) rfc2459_asn1.h: rfc2459_asn1_files $(gen_files_cms) cms_asn1.h: cms_asn1_files $(gen_files_test) test_asn1.h: test_asn1_files @@ -1801,6 +1821,9 @@ digest_asn1_files: asn1_compile$(EXEEXT) kx509_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/kx509.asn1 ./asn1_compile$(EXEEXT) $(srcdir)/kx509.asn1 kx509_asn1 || (rm -f kx509_asn1_files ; exit 1) +epak_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/epak.asn1 + ./asn1_compile$(EXEEXT) $(srcdir)/epak.asn1 epak_asn1 || (rm -f epak_asn1_files ; exit 1) + test_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/test.asn1 ./asn1_compile$(EXEEXT) --sequence=TESTSeqOf $(srcdir)/test.asn1 test_asn1 || (rm -f test_asn1_files ; exit 1) diff -urNp heimdal-0.8.1/lib/auth/afskauthlib/Makefile.in heimdal-0.8.1-epak/lib/auth/afskauthlib/Makefile.in --- heimdal-0.8.1/lib/auth/afskauthlib/Makefile.in 2007-04-23 10:26:00.000000000 -0600 +++ heimdal-0.8.1-epak/lib/auth/afskauthlib/Makefile.in 2007-06-07 12:11:04.000000000 -0600 @@ -150,6 +150,10 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ ENABLE_SHARED_FALSE = @ENABLE_SHARED_FALSE@ ENABLE_SHARED_TRUE = @ENABLE_SHARED_TRUE@ +EPAKDEBUG_FALSE = @EPAKDEBUG_FALSE@ +EPAKDEBUG_TRUE = @EPAKDEBUG_TRUE@ +EPAK_FALSE = @EPAK_FALSE@ +EPAK_TRUE = @EPAK_TRUE@ EXEEXT = @EXEEXT@ EXTRA_LIB45 = @EXTRA_LIB45@ F77 = @F77@ diff -urNp heimdal-0.8.1/lib/auth/Makefile.in heimdal-0.8.1-epak/lib/auth/Makefile.in --- heimdal-0.8.1/lib/auth/Makefile.in 2007-04-23 10:25:59.000000000 -0600 +++ heimdal-0.8.1-epak/lib/auth/Makefile.in 2007-06-07 12:11:04.000000000 -0600 @@ -148,6 +148,10 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ ENABLE_SHARED_FALSE = @ENABLE_SHARED_FALSE@ ENABLE_SHARED_TRUE = @ENABLE_SHARED_TRUE@ +EPAKDEBUG_FALSE = @EPAKDEBUG_FALSE@ +EPAKDEBUG_TRUE = @EPAKDEBUG_TRUE@ +EPAK_FALSE = @EPAK_FALSE@ +EPAK_TRUE = @EPAK_TRUE@ EXEEXT = @EXEEXT@ EXTRA_LIB45 = @EXTRA_LIB45@ F77 = @F77@ diff -urNp heimdal-0.8.1/lib/auth/pam/Makefile.in heimdal-0.8.1-epak/lib/auth/pam/Makefile.in --- heimdal-0.8.1/lib/auth/pam/Makefile.in 2007-04-23 10:26:00.000000000 -0600 +++ heimdal-0.8.1-epak/lib/auth/pam/Makefile.in 2007-06-07 12:11:04.000000000 -0600 @@ -150,6 +150,10 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ ENABLE_SHARED_FALSE = @ENABLE_SHARED_FALSE@ ENABLE_SHARED_TRUE = @ENABLE_SHARED_TRUE@ +EPAKDEBUG_FALSE = @EPAKDEBUG_FALSE@ +EPAKDEBUG_TRUE = @EPAKDEBUG_TRUE@ +EPAK_FALSE = @EPAK_FALSE@ +EPAK_TRUE = @EPAK_TRUE@ EXEEXT = @EXEEXT@ EXTRA_LIB45 = @EXTRA_LIB45@ F77 = @F77@ diff -urNp heimdal-0.8.1/lib/auth/sia/Makefile.in heimdal-0.8.1-epak/lib/auth/sia/Makefile.in --- heimdal-0.8.1/lib/auth/sia/Makefile.in 2007-04-23 10:26:00.000000000 -0600 +++ heimdal-0.8.1-epak/lib/auth/sia/Makefile.in 2007-06-07 12:11:05.000000000 -0600 @@ -150,6 +150,10 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ ENABLE_SHARED_FALSE = @ENABLE_SHARED_FALSE@ ENABLE_SHARED_TRUE = @ENABLE_SHARED_TRUE@ +EPAKDEBUG_FALSE = @EPAKDEBUG_FALSE@ +EPAKDEBUG_TRUE = @EPAKDEBUG_TRUE@ +EPAK_FALSE = @EPAK_FALSE@ +EPAK_TRUE = @EPAK_TRUE@ EXEEXT = @EXEEXT@ EXTRA_LIB45 = @EXTRA_LIB45@ F77 = @F77@ diff -urNp heimdal-0.8.1/lib/com_err/Makefile.in heimdal-0.8.1-epak/lib/com_err/Makefile.in --- heimdal-0.8.1/lib/com_err/Makefile.in 2007-04-23 10:26:00.000000000 -0600 +++ heimdal-0.8.1-epak/lib/com_err/Makefile.in 2007-06-07 12:11:05.000000000 -0600 @@ -187,6 +187,10 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ ENABLE_SHARED_FALSE = @ENABLE_SHARED_FALSE@ ENABLE_SHARED_TRUE = @ENABLE_SHARED_TRUE@ +EPAKDEBUG_FALSE = @EPAKDEBUG_FALSE@ +EPAKDEBUG_TRUE = @EPAKDEBUG_TRUE@ +EPAK_FALSE = @EPAK_FALSE@ +EPAK_TRUE = @EPAK_TRUE@ EXEEXT = @EXEEXT@ EXTRA_LIB45 = @EXTRA_LIB45@ F77 = @F77@ diff -urNp heimdal-0.8.1/lib/des/Makefile.in heimdal-0.8.1-epak/lib/des/Makefile.in --- heimdal-0.8.1/lib/des/Makefile.in 2007-04-23 10:26:01.000000000 -0600 +++ heimdal-0.8.1-epak/lib/des/Makefile.in 2007-06-07 12:11:05.000000000 -0600 @@ -241,6 +241,10 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ ENABLE_SHARED_FALSE = @ENABLE_SHARED_FALSE@ ENABLE_SHARED_TRUE = @ENABLE_SHARED_TRUE@ +EPAKDEBUG_FALSE = @EPAKDEBUG_FALSE@ +EPAKDEBUG_TRUE = @EPAKDEBUG_TRUE@ +EPAK_FALSE = @EPAK_FALSE@ +EPAK_TRUE = @EPAK_TRUE@ EXEEXT = @EXEEXT@ EXTRA_LIB45 = @EXTRA_LIB45@ F77 = @F77@ diff -urNp heimdal-0.8.1/lib/editline/Makefile.in heimdal-0.8.1-epak/lib/editline/Makefile.in --- heimdal-0.8.1/lib/editline/Makefile.in 2007-04-23 10:26:01.000000000 -0600 +++ heimdal-0.8.1-epak/lib/editline/Makefile.in 2007-06-07 12:11:05.000000000 -0600 @@ -190,6 +190,10 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ ENABLE_SHARED_FALSE = @ENABLE_SHARED_FALSE@ ENABLE_SHARED_TRUE = @ENABLE_SHARED_TRUE@ +EPAKDEBUG_FALSE = @EPAKDEBUG_FALSE@ +EPAKDEBUG_TRUE = @EPAKDEBUG_TRUE@ +EPAK_FALSE = @EPAK_FALSE@ +EPAK_TRUE = @EPAK_TRUE@ EXEEXT = @EXEEXT@ EXTRA_LIB45 = @EXTRA_LIB45@ F77 = @F77@ diff -urNp heimdal-0.8.1/lib/epak/epak_common.c heimdal-0.8.1-epak/lib/epak/epak_common.c --- heimdal-0.8.1/lib/epak/epak_common.c 1969-12-31 17:00:00.000000000 -0700 +++ heimdal-0.8.1-epak/lib/epak/epak_common.c 2007-06-07 11:44:02.000000000 -0600 @@ -0,0 +1,247 @@ +/* + * Copyright (c) 2007 Phillip Hellewell + * Brigham Young University + * All rights reserved. + */ + +/* $Id$ */ + +#include "epak_locl.h" + +/* Get a temporary filename. */ +/* Returns NULL on error. Must call free() on returned value if non-null. */ +char* +get_temp_filename(const char* template) +{ + char* s = malloc(strlen(template) + 6 + 1); + strcpy(s, template); + strcat(s, "XXXXXX"); + int fd; + if( (fd = mkstemp(s)) == -1 ) { + free(s); + return NULL; + } + close(fd); + return s; +} + +epak_error_code +save_buf_to_file(const unsigned char* buf, + size_t buf_size, + const char* filename) +{ + size_t written; + + /* Create file and make readable by current user only. */ + FILE* f = fopen(filename, "wb"); + if( f == NULL ) + return EPAK_ERR_FILE_OPEN; + if( chmod(filename, 0600) ) { + fclose(f); + return EPAK_ERR_FILE_CHMOD; + } + + /* Write buffer to file. */ + written = fwrite(buf, 1, buf_size, f); + if( written != buf_size ) { + fclose(f); + return EPAK_ERR_FILE_WRITE; + } + + fclose(f); + return 0; +} + +epak_error_code +read_file_to_buf(const char* filename, + unsigned char** buf, + size_t* buf_size) +{ + /* Open file. */ + FILE* f = fopen(filename, "rb"); + if( f == NULL ) + return EPAK_ERR_FILE_OPEN; + + /* Get file size. */ + if( fseek(f, 0, SEEK_END) != 0 ) { + fclose(f); + return EPAK_ERR_FILE_SEEK; + } + *buf_size = (size_t)ftell(f); + if( fseek(f, 0, SEEK_SET) != 0 ) { + fclose(f); + return EPAK_ERR_FILE_SEEK; + } + + /* Sanity check. We won't try to read huge files into memory. */ + if( *buf_size > 100000 ) { + fclose(f); + return EPAK_ERR_FILE_TOO_BIG; + } + + /* Read entire file into memory buffer. */ + *buf = malloc(*buf_size * sizeof(unsigned char)); + if( !*buf ) { + fclose(f); + return EPAK_ERR_MEM; + } + if( fread(*buf, 1, *buf_size, f) != *buf_size ) { + free(*buf); + fclose(f); + return EPAK_ERR_FILE_READ; + } + + fclose(f); + return 0; +} + +void +show_epak_request(krb5_context context, const EPAK_REQ* epak_req) +{ + char* p; + char start[64] = "(default)"; + char end[64]; + + krb5_unparse_name(context, &epak_req->epakdata.cprinc, &p); + + if( epak_req->epakdata.starttime ) + krb5_format_time(context, *epak_req->epakdata.starttime, start, sizeof(start), TRUE); + krb5_format_time(context, epak_req->epakdata.endtime, end, sizeof(end), TRUE); + + fprintf(stderr, "\tVersion: %d\n", epak_req->epakvno); + fprintf(stderr, "\tPrincipal: %s\n", p); + fprintf(stderr, "\tStart time: %s\n", start); + fprintf(stderr, "\tEnd time: %s\n", end); + + free(p); +} + +void +show_epak_reply(krb5_context context, const EPAK_REP* epak_rep) +{ + krb5_error_code ret; + char* p; + char start[64]; + char end[64]; + char* keytypestr; + + krb5_unparse_name(context, &epak_rep->epakdata.cprinc, &p); + + krb5_format_time(context, *epak_rep->epakdata.starttime, start, sizeof(start), TRUE); + krb5_format_time(context, epak_rep->epakdata.endtime, end, sizeof(end), TRUE); + + fprintf(stderr, "\tVersion: %d\n", epak_rep->epakvno); + fprintf(stderr, "\tPrincipal: %s\n", p); + fprintf(stderr, "\tPAS Realm: %s\n", epak_rep->pasrealm); + fprintf(stderr, "\tStart time: %s\n", start); + fprintf(stderr, "\tEnd time: %s\n", end); + fprintf(stderr, "\tEPAK Ticket: (encrypted)\n"); + + ret = krb5_keytype_to_string(context, epak_rep->key.keytype, &keytypestr); + if( ret == KRB5_PROG_KEYTYPE_NOSUPP ) + ret = krb5_enctype_to_string(context, epak_rep->key.keytype, &keytypestr); + if( ret ) { + krb5_warn(context, ret, "warning: session keytype"); + } else { + fprintf(stderr, "\tSession Key Type: %s\n", keytypestr); + free(keytypestr); + } + + free(p); +} + +/* Read ASN.1 encoded EPAK-REQUEST from a file into a EPAK_REQ structure. */ +void +read_epak_request(krb5_context context, const char* reqfile, EPAK_REQ* epak_req) +{ + krb5_error_code ret; + epak_error_code epakret; + unsigned char* buf; + size_t buf_size; + + /* Read ASN.1 encoded buffer from reqfile. */ + epakret = read_file_to_buf(reqfile, &buf, &buf_size); + if( epakret ) + errx(epakret, "Error reading epak request file: %s", reqfile); + + /* Decode from ASN.1 to EPAK_REQ structure.*/ + ret = decode_EPAK_REQ(buf, buf_size, epak_req, NULL); + if( ret ) + krb5_err(context, EPAK_ERR_DECODE, ret, + "Error decoding EPAK-REQUEST from file: %s", reqfile); + free(buf); +} + +/* Read ASN.1 encoded EPAK-REPLY from a file into a EPAK_REP structure. */ +void +read_epak_reply(krb5_context context, const char* repfile, EPAK_REP* epak_rep) +{ + krb5_error_code ret; + epak_error_code epakret; + unsigned char* buf; + size_t buf_size; + + /* Read ASN.1 encoded buffer from repfile. */ + epakret = read_file_to_buf(repfile, &buf, &buf_size); + if( epakret ) + errx(epakret, "Error reading epak reply file: %s", repfile); + + /* Decode from ASN.1 to EPAK_REP structure.*/ + ret = decode_EPAK_REP(buf, buf_size, epak_rep, NULL); + if( ret ) + krb5_err(context, EPAK_ERR_DECODE, ret, + "Error decoding EPAK-REPLY from file: %s", repfile); + free(buf); +} + +/* Create EPAK service principal name, of the form epakt/PASREALM@REALM. */ +/* The REALM is the client realm, which does not have to match the PAS realm. */ +/* You must call krb5_free_principal on the return value when done with it. */ +krb5_principal +make_epak_principal(krb5_context context, krb5_realm crealm, krb5_realm pasrealm) +{ + krb5_error_code ret; + krb5_principal epakserver; + + /* Can't use krb5_sname_to_principal(context, 0, EPAK_PRINCIPAL_NAME, 3, &epakserver) + * because it would give me a principal of the form epakt/hostname@REALM. */ + + /* Could use krb5_build_principal(context, &epakserver, strlen(srealm), + * srealm, EPAK_PRINCIPAL_NAME, srealm, NULL); */ + + ret = krb5_make_principal(context, &epakserver, crealm, + EPAK_PRINCIPAL_NAME, pasrealm, NULL); + if( ret ) + krb5_err(context, EPAK_ERR_KRB5, ret, "make_epak_principal"); + + return epakserver; +} + +/* Obtain EPAK key from keytab file. */ +krb5_error_code +read_epak_key(krb5_context context, + krb5_realm crealm, + krb5_realm pasrealm, + krb5_keyblock** key) +{ + krb5_error_code ret; + krb5_principal epakserver; + + /* Build EPAK principal name, of the form epakt/PASREALM@REALM. */ + epakserver = make_epak_principal(context, crealm, pasrealm); + + /* Retrieve key for EPAK service principal. */ + ret = krb5_kt_read_service_key(context, + NULL, /* use default keytab */ + epakserver, + 0, /* any key version */ + EPAK_ENCTYPE, + key); + if( ret ) + return ret; + + /* Cleanup. */ + krb5_free_principal(context, epakserver); + return 0; +} + diff -urNp heimdal-0.8.1/lib/epak/epak_err.h heimdal-0.8.1-epak/lib/epak/epak_err.h --- heimdal-0.8.1/lib/epak/epak_err.h 1969-12-31 17:00:00.000000000 -0700 +++ heimdal-0.8.1-epak/lib/epak/epak_err.h 2007-06-07 10:37:33.000000000 -0600 @@ -0,0 +1,41 @@ +/* + * Copyright (c) 2007 Phillip Hellewell + * Brigham Young University + * All rights reserved. + */ + +/* $Id$ */ + +#ifndef __EPAK_ERR_H__ +#define __EPAK_ERR_H__ + +typedef enum epak_error_number { + EPAK_ERR_NONE = 0, + EPAK_ERR_GENERIC = 10, /* Generic error; could be anything */ + EPAK_ERR_MEM = 11, /* Out of memory */ + EPAK_ERR_KRB5 = 12, /* Error in krb5 function */ + EPAK_ERR_EXEC = 13, /* Error launching process */ + EPAK_ERR_KRB5CONF = 14, /* Error in krb5.conf file */ + EPAK_ERR_FILE_OPEN = 20, + EPAK_ERR_FILE_READ = 21, + EPAK_ERR_FILE_WRITE = 22, + EPAK_ERR_FILE_SEEK = 23, + EPAK_ERR_FILE_CHMOD = 24, + EPAK_ERR_FILE_MKSTEMP = 25, /* Error creating temp file */ + EPAK_ERR_FILE_TOO_BIG = 26, + EPAK_ERR_REQUEST_BAD_VERSION = 30, /* Invalid version number */ + EPAK_ERR_REQUEST_REALM_MISMATCH = 31, /* Realm doesn't match */ + EPAK_ERR_REQUEST_NO_PRINCIPAL = 32, /* Principal not found */ + EPAK_ERR_REPLY_BAD_VERSION = 40, /* Invalid version number */ + EPAK_ERR_REPLY_PRINCIPAL_INVALID = 41, /* Principal invalid */ + EPAK_ERR_REPLY_PRINCIPAL_MISMATCH = 42, /* Principal doesn't match */ + EPAK_ERR_CMDLINE = 70, /* Invalid command-line parameters */ + EPAK_ERR_PARSE_TIME = 71, /* Error parsing time */ + EPAK_ERR_DECODE = 72, /* Error decoding ASN.1 structure */ + EPAK_ERROR_TICKET_EXPIRED = 73, /* EPAK Ticket has expired */ +} epak_error_number; + +typedef int epak_error_code; + +#endif /* __EPAK_ERR_H__ */ + diff -urNp heimdal-0.8.1/lib/epak/epak.h heimdal-0.8.1-epak/lib/epak/epak.h --- heimdal-0.8.1/lib/epak/epak.h 1969-12-31 17:00:00.000000000 -0700 +++ heimdal-0.8.1-epak/lib/epak/epak.h 2007-06-07 11:44:02.000000000 -0600 @@ -0,0 +1,64 @@ +/* + * Copyright (c) 2007 Phillip Hellewell + * Brigham Young University + * All rights reserved. + */ + +/* $Id$ */ + +#ifndef __EPAK_H__ +#define __EPAK_H__ + +#include +#include + +/* EPAK service principal name; for obtaining EPAK Ticket */ +#define EPAK_PRINCIPAL_NAME "epakt" + +/* Encryption type of EPAK key. TBD: Make this configurable? */ +#define EPAK_ENCTYPE ENCTYPE_DES3_CBC_SHA1 + +/* Default EPAK ticket lifetime, in seconds */ +#define EPAK_TICKET_DEFAULT_LIFETIME (60 * 10) + +/* Defined in krb5.h: +#define EPAK_TICKET_LIFETIME_NAME "epak_ticket_lifetime" +*/ + +#ifdef EPAKDEBUG +#define EPAKDEBUG_LINE() fprintf( stderr, "\n" ) +#define EPAKDEBUG1( a ) fprintf( stderr, "%s: " a, __progname ) +#define EPAKDEBUG2( a, b ) fprintf( stderr, "%s: " a, __progname, b ) +#else +#define EPAKDEBUG_LINE() +#define EPAKDEBUG1( a ) +#define EPAKDEBUG2( a, b ) +#endif + +#ifdef EPAKDEBUG +#define EPAKDEBUG_SHOW_CMDLINE() \ + { \ + int i; \ + EPAKDEBUG2("cmdline = %s ", __progname); \ + for( i = 1; i < argc; i++ ) { \ + fprintf(stderr, "%s ", argv[i]); \ + } \ + fprintf(stderr, "\n"); \ + } +#else +#define EPAKDEBUG_SHOW_CMDLINE() +#endif + +/* Common functions, implemented in epak_common.c */ +char* get_temp_filename(const char* template); +epak_error_code save_buf_to_file(const unsigned char* buf, size_t buf_size, const char* filename); +epak_error_code read_file_to_buf(const char* filename, unsigned char** buf, size_t* buf_size); +void show_epak_request(krb5_context context, const EPAK_REQ* epak_req); +void show_epak_reply(krb5_context context, const EPAK_REP* epak_rep); +void read_epak_request(krb5_context context, const char* reqfile, EPAK_REQ* epak_req); +void read_epak_reply(krb5_context context, const char* repfile, EPAK_REP* epak_rep); +krb5_principal make_epak_principal(krb5_context context, krb5_realm crealm, krb5_realm pasrealm); +krb5_error_code read_epak_key(krb5_context context, krb5_realm crealm, krb5_realm pasrealm, krb5_keyblock** key); + +#endif /* __EPAK_H__ */ + diff -urNp heimdal-0.8.1/lib/epak/epak_locl.h heimdal-0.8.1-epak/lib/epak/epak_locl.h --- heimdal-0.8.1/lib/epak/epak_locl.h 1969-12-31 17:00:00.000000000 -0700 +++ heimdal-0.8.1-epak/lib/epak/epak_locl.h 2007-05-08 12:51:29.000000000 -0600 @@ -0,0 +1,31 @@ +/* + * Copyright (c) 2007 Phillip Hellewell + * Brigham Young University + * All rights reserved. + */ + +/* $Id$ */ + +#ifndef __EPAK_LOCL_H__ +#define __EPAK_LOCL_H__ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include + +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_SYS_STAT_H +#include +#endif + +#include +#include + +#endif /* __EPAK_LOCL_H__ */ diff -urNp heimdal-0.8.1/lib/epak/Makefile.am heimdal-0.8.1-epak/lib/epak/Makefile.am --- heimdal-0.8.1/lib/epak/Makefile.am 1969-12-31 17:00:00.000000000 -0700 +++ heimdal-0.8.1-epak/lib/epak/Makefile.am 2007-05-08 13:03:01.000000000 -0600 @@ -0,0 +1,11 @@ +# $Id$ + +include $(top_srcdir)/Makefile.am.common + +include_HEADERS = epak.h epak_err.h + +lib_LTLIBRARIES = libepak.la + +libepak_la_SOURCES = epak_common.c + +libepak_la_LIBADD = ../krb5/libkrb5.la diff -urNp heimdal-0.8.1/lib/epak/Makefile.in heimdal-0.8.1-epak/lib/epak/Makefile.in --- heimdal-0.8.1/lib/epak/Makefile.in 1969-12-31 17:00:00.000000000 -0700 +++ heimdal-0.8.1-epak/lib/epak/Makefile.in 2007-06-07 12:11:06.000000000 -0600 @@ -0,0 +1,854 @@ +# Makefile.in generated by automake 1.9.6 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005 Free Software Foundation, Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +# $Id$ + +# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $ + +# $Id: Makefile.am.common 18837 2006-10-22 16:48:40Z lha $ + + +srcdir = @srcdir@ +top_srcdir = @top_srcdir@ +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +top_builddir = ../.. +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +INSTALL = @INSTALL@ +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +DIST_COMMON = $(include_HEADERS) $(srcdir)/Makefile.am \ + $(srcdir)/Makefile.in $(top_srcdir)/Makefile.am.common \ + $(top_srcdir)/cf/Makefile.am.common +subdir = lib/epak +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ + $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \ + $(top_srcdir)/cf/broken-getaddrinfo.m4 \ + $(top_srcdir)/cf/broken-glob.m4 \ + $(top_srcdir)/cf/broken-realloc.m4 \ + $(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \ + $(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \ + $(top_srcdir)/cf/capabilities.m4 \ + $(top_srcdir)/cf/check-compile-et.m4 \ + $(top_srcdir)/cf/check-getpwnam_r-posix.m4 \ + $(top_srcdir)/cf/check-man.m4 \ + $(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \ + $(top_srcdir)/cf/check-type-extra.m4 \ + $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \ + $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \ + $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \ + $(top_srcdir)/cf/dlopen.m4 \ + $(top_srcdir)/cf/find-func-no-libs.m4 \ + $(top_srcdir)/cf/find-func-no-libs2.m4 \ + $(top_srcdir)/cf/find-func.m4 \ + $(top_srcdir)/cf/find-if-not-broken.m4 \ + $(top_srcdir)/cf/have-struct-field.m4 \ + $(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \ + $(top_srcdir)/cf/krb-bigendian.m4 \ + $(top_srcdir)/cf/krb-func-getlogin.m4 \ + $(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \ + $(top_srcdir)/cf/krb-readline.m4 \ + $(top_srcdir)/cf/krb-struct-spwd.m4 \ + $(top_srcdir)/cf/krb-struct-winsize.m4 \ + $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \ + $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \ + $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \ + $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \ + $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \ + $(top_srcdir)/cf/roken-frag.m4 \ + $(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \ + $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \ + $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \ + $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \ + $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/include/config.h +CONFIG_CLEAN_FILES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(includedir)" +libLTLIBRARIES_INSTALL = $(INSTALL) +LTLIBRARIES = $(lib_LTLIBRARIES) +libepak_la_DEPENDENCIES = ../krb5/libkrb5.la +am_libepak_la_OBJECTS = epak_common.lo +libepak_la_OBJECTS = $(am_libepak_la_OBJECTS) +DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include +depcomp = +am__depfiles_maybe = +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) \ + $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ + $(AM_CFLAGS) $(CFLAGS) +CCLD = $(CC) +LINK = $(LIBTOOL) --tag=CC --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(AM_LDFLAGS) $(LDFLAGS) -o $@ +SOURCES = $(libepak_la_SOURCES) +DIST_SOURCES = $(libepak_la_SOURCES) +includeHEADERS_INSTALL = $(INSTALL_HEADER) +HEADERS = $(include_HEADERS) +ETAGS = etags +CTAGS = ctags +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +AIX4_FALSE = @AIX4_FALSE@ +AIX4_TRUE = @AIX4_TRUE@ +AIX_DYNAMIC_AFS_FALSE = @AIX_DYNAMIC_AFS_FALSE@ +AIX_DYNAMIC_AFS_TRUE = @AIX_DYNAMIC_AFS_TRUE@ +AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@ +AIX_FALSE = @AIX_FALSE@ +AIX_TRUE = @AIX_TRUE@ +AMTAR = @AMTAR@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +CANONICAL_HOST = @CANONICAL_HOST@ +CATMAN = @CATMAN@ +CATMANEXT = @CATMANEXT@ +CATMAN_FALSE = @CATMAN_FALSE@ +CATMAN_TRUE = @CATMAN_TRUE@ +CC = @CC@ +CFLAGS = @CFLAGS@ +COMPILE_ET = @COMPILE_ET@ +COM_ERR_FALSE = @COM_ERR_FALSE@ +COM_ERR_TRUE = @COM_ERR_TRUE@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CXX = @CXX@ +CXXCPP = @CXXCPP@ +CXXFLAGS = @CXXFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DBLIB = @DBLIB@ +DCE_FALSE = @DCE_FALSE@ +DCE_TRUE = @DCE_TRUE@ +DEFS = @DEFS@ +DIR_com_err = @DIR_com_err@ +DIR_des = @DIR_des@ +DIR_roken = @DIR_roken@ +ECHO = @ECHO@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +ENABLE_SHARED_FALSE = @ENABLE_SHARED_FALSE@ +ENABLE_SHARED_TRUE = @ENABLE_SHARED_TRUE@ +EPAKDEBUG_FALSE = @EPAKDEBUG_FALSE@ +EPAKDEBUG_TRUE = @EPAKDEBUG_TRUE@ +EPAK_FALSE = @EPAK_FALSE@ +EPAK_TRUE = @EPAK_TRUE@ +EXEEXT = @EXEEXT@ +EXTRA_LIB45 = @EXTRA_LIB45@ +F77 = @F77@ +FFLAGS = @FFLAGS@ +GREP = @GREP@ +GROFF = @GROFF@ +HAVE_DB1_FALSE = @HAVE_DB1_FALSE@ +HAVE_DB1_TRUE = @HAVE_DB1_TRUE@ +HAVE_DB3_FALSE = @HAVE_DB3_FALSE@ +HAVE_DB3_TRUE = @HAVE_DB3_TRUE@ +HAVE_DLOPEN_FALSE = @HAVE_DLOPEN_FALSE@ +HAVE_DLOPEN_TRUE = @HAVE_DLOPEN_TRUE@ +HAVE_NDBM_FALSE = @HAVE_NDBM_FALSE@ +HAVE_NDBM_TRUE = @HAVE_NDBM_TRUE@ +HAVE_OPENSSL_FALSE = @HAVE_OPENSSL_FALSE@ +HAVE_OPENSSL_TRUE = @HAVE_OPENSSL_TRUE@ +HAVE_X_FALSE = @HAVE_X_FALSE@ +HAVE_X_TRUE = @HAVE_X_TRUE@ +INCLUDES_roken = @INCLUDES_roken@ +INCLUDE_des = @INCLUDE_des@ +INCLUDE_hesiod = @INCLUDE_hesiod@ +INCLUDE_krb4 = @INCLUDE_krb4@ +INCLUDE_openldap = @INCLUDE_openldap@ +INCLUDE_readline = @INCLUDE_readline@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +IRIX_FALSE = @IRIX_FALSE@ +IRIX_TRUE = @IRIX_TRUE@ +KCM_FALSE = @KCM_FALSE@ +KCM_TRUE = @KCM_TRUE@ +KRB4_FALSE = @KRB4_FALSE@ +KRB4_TRUE = @KRB4_TRUE@ +KRB5_FALSE = @KRB5_FALSE@ +KRB5_TRUE = @KRB5_TRUE@ +LDFLAGS = @LDFLAGS@ +LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@ +LEX = @LEX@ +LEXLIB = @LEXLIB@ +LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBADD_roken = @LIBADD_roken@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@ +LIB_NDBM = @LIB_NDBM@ +LIB_XauFileName = @LIB_XauFileName@ +LIB_XauReadAuth = @LIB_XauReadAuth@ +LIB_XauWriteAuth = @LIB_XauWriteAuth@ +LIB_bswap16 = @LIB_bswap16@ +LIB_bswap32 = @LIB_bswap32@ +LIB_com_err = @LIB_com_err@ +LIB_com_err_a = @LIB_com_err_a@ +LIB_com_err_so = @LIB_com_err_so@ +LIB_crypt = @LIB_crypt@ +LIB_db_create = @LIB_db_create@ +LIB_dbm_firstkey = @LIB_dbm_firstkey@ +LIB_dbopen = @LIB_dbopen@ +LIB_des = @LIB_des@ +LIB_des_a = @LIB_des_a@ +LIB_des_appl = @LIB_des_appl@ +LIB_des_so = @LIB_des_so@ +LIB_dlopen = @LIB_dlopen@ +LIB_dn_expand = @LIB_dn_expand@ +LIB_door_create = @LIB_door_create@ +LIB_el_init = @LIB_el_init@ +LIB_freeaddrinfo = @LIB_freeaddrinfo@ +LIB_gai_strerror = @LIB_gai_strerror@ +LIB_getaddrinfo = @LIB_getaddrinfo@ +LIB_gethostbyname = @LIB_gethostbyname@ +LIB_gethostbyname2 = @LIB_gethostbyname2@ +LIB_getnameinfo = @LIB_getnameinfo@ +LIB_getpwnam_r = @LIB_getpwnam_r@ +LIB_getsockopt = @LIB_getsockopt@ +LIB_hesiod = @LIB_hesiod@ +LIB_hstrerror = @LIB_hstrerror@ +LIB_kdb = @LIB_kdb@ +LIB_krb4 = @LIB_krb4@ +LIB_krb_disable_debug = @LIB_krb_disable_debug@ +LIB_krb_enable_debug = @LIB_krb_enable_debug@ +LIB_krb_get_kdc_time_diff = @LIB_krb_get_kdc_time_diff@ +LIB_krb_get_our_ip_for_realm = @LIB_krb_get_our_ip_for_realm@ +LIB_krb_kdctimeofday = @LIB_krb_kdctimeofday@ +LIB_loadquery = @LIB_loadquery@ +LIB_logout = @LIB_logout@ +LIB_logwtmp = @LIB_logwtmp@ +LIB_openldap = @LIB_openldap@ +LIB_openpty = @LIB_openpty@ +LIB_otp = @LIB_otp@ +LIB_pidfile = @LIB_pidfile@ +LIB_readline = @LIB_readline@ +LIB_res_ndestroy = @LIB_res_ndestroy@ +LIB_res_nsearch = @LIB_res_nsearch@ +LIB_res_search = @LIB_res_search@ +LIB_roken = @LIB_roken@ +LIB_security = @LIB_security@ +LIB_setsockopt = @LIB_setsockopt@ +LIB_socket = @LIB_socket@ +LIB_syslog = @LIB_syslog@ +LIB_tgetent = @LIB_tgetent@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAINT = @MAINT@ +MAINTAINER_MODE_FALSE = @MAINTAINER_MODE_FALSE@ +MAINTAINER_MODE_TRUE = @MAINTAINER_MODE_TRUE@ +MAKEINFO = @MAKEINFO@ +NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@ +NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@ +NROFF = @NROFF@ +OBJEXT = @OBJEXT@ +OPENLDAP_MODULE_FALSE = @OPENLDAP_MODULE_FALSE@ +OPENLDAP_MODULE_TRUE = @OPENLDAP_MODULE_TRUE@ +OTP_FALSE = @OTP_FALSE@ +OTP_TRUE = @OTP_TRUE@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PKINIT_FALSE = @PKINIT_FALSE@ +PKINIT_TRUE = @PKINIT_TRUE@ +PTHREADS_CFLAGS = @PTHREADS_CFLAGS@ +PTHREADS_LIBS = @PTHREADS_LIBS@ +RANLIB = @RANLIB@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +STRIP = @STRIP@ +VERSION = @VERSION@ +VERSIONING = @VERSIONING@ +VOID_RETSIGTYPE = @VOID_RETSIGTYPE@ +WFLAGS = @WFLAGS@ +WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@ +WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@ +XMKMF = @XMKMF@ +X_CFLAGS = @X_CFLAGS@ +X_EXTRA_LIBS = @X_EXTRA_LIBS@ +X_LIBS = @X_LIBS@ +X_PRE_LIBS = @X_PRE_LIBS@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_CXX = @ac_ct_CXX@ +ac_ct_F77 = @ac_ct_F77@ +am__leading_dot = @am__leading_dot@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +datadir = @datadir@ +datarootdir = @datarootdir@ +do_roken_rename_FALSE = @do_roken_rename_FALSE@ +do_roken_rename_TRUE = @do_roken_rename_TRUE@ +docdir = @docdir@ +dpagaix_cflags = @dpagaix_cflags@ +dpagaix_ldadd = @dpagaix_ldadd@ +dpagaix_ldflags = @dpagaix_ldflags@ +dvidir = @dvidir@ +el_compat_FALSE = @el_compat_FALSE@ +el_compat_TRUE = @el_compat_TRUE@ +exec_prefix = @exec_prefix@ +have_cgetent_FALSE = @have_cgetent_FALSE@ +have_cgetent_TRUE = @have_cgetent_TRUE@ +have_err_h_FALSE = @have_err_h_FALSE@ +have_err_h_TRUE = @have_err_h_TRUE@ +have_fnmatch_h_FALSE = @have_fnmatch_h_FALSE@ +have_fnmatch_h_TRUE = @have_fnmatch_h_TRUE@ +have_glob_h_FALSE = @have_glob_h_FALSE@ +have_glob_h_TRUE = @have_glob_h_TRUE@ +have_ifaddrs_h_FALSE = @have_ifaddrs_h_FALSE@ +have_ifaddrs_h_TRUE = @have_ifaddrs_h_TRUE@ +have_socket_wrapper_FALSE = @have_socket_wrapper_FALSE@ +have_socket_wrapper_TRUE = @have_socket_wrapper_TRUE@ +have_vis_h_FALSE = @have_vis_h_FALSE@ +have_vis_h_TRUE = @have_vis_h_TRUE@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +versionscript_FALSE = @versionscript_FALSE@ +versionscript_TRUE = @versionscript_TRUE@ +SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 +AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) +@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME +AM_CFLAGS = $(WFLAGS) +CP = cp +buildinclude = $(top_builddir)/include +LIB_getattr = @LIB_getattr@ +LIB_getpwent_r = @LIB_getpwent_r@ +LIB_odm_initialize = @LIB_odm_initialize@ +LIB_setpcred = @LIB_setpcred@ +HESIODLIB = @HESIODLIB@ +HESIODINCLUDE = @HESIODINCLUDE@ +NROFF_MAN = groff -mandoc -Tascii +LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) +@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ +@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la + +@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la +@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la +@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la +include_HEADERS = epak.h epak_err.h +lib_LTLIBRARIES = libepak.la +libepak_la_SOURCES = epak_common.c +libepak_la_LIBADD = ../krb5/libkrb5.la +all: all-am + +.SUFFIXES: +.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ + && exit 0; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps lib/epak/Makefile'; \ + cd $(top_srcdir) && \ + $(AUTOMAKE) --foreign --ignore-deps lib/epak/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +install-libLTLIBRARIES: $(lib_LTLIBRARIES) + @$(NORMAL_INSTALL) + test -z "$(libdir)" || $(mkdir_p) "$(DESTDIR)$(libdir)" + @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ + if test -f $$p; then \ + f=$(am__strip_dir) \ + echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(libdir)/$$f'"; \ + $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(libdir)/$$f"; \ + else :; fi; \ + done + +uninstall-libLTLIBRARIES: + @$(NORMAL_UNINSTALL) + @set -x; list='$(lib_LTLIBRARIES)'; for p in $$list; do \ + p=$(am__strip_dir) \ + echo " $(LIBTOOL) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$p'"; \ + $(LIBTOOL) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$p"; \ + done + +clean-libLTLIBRARIES: + -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES) + @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done +libepak.la: $(libepak_la_OBJECTS) $(libepak_la_DEPENDENCIES) + $(LINK) -rpath $(libdir) $(libepak_la_LDFLAGS) $(libepak_la_OBJECTS) $(libepak_la_LIBADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +.c.o: + $(COMPILE) -c $< + +.c.obj: + $(COMPILE) -c `$(CYGPATH_W) '$<'` + +.c.lo: + $(LTCOMPILE) -c -o $@ $< + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +distclean-libtool: + -rm -f libtool +uninstall-info-am: +install-includeHEADERS: $(include_HEADERS) + @$(NORMAL_INSTALL) + test -z "$(includedir)" || $(mkdir_p) "$(DESTDIR)$(includedir)" + @list='$(include_HEADERS)'; for p in $$list; do \ + if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ + f=$(am__strip_dir) \ + echo " $(includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(includedir)/$$f'"; \ + $(includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(includedir)/$$f"; \ + done + +uninstall-includeHEADERS: + @$(NORMAL_UNINSTALL) + @list='$(include_HEADERS)'; for p in $$list; do \ + f=$(am__strip_dir) \ + echo " rm -f '$(DESTDIR)$(includedir)/$$f'"; \ + rm -f "$(DESTDIR)$(includedir)/$$f"; \ + done + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) ' { files[$$0] = 1; } \ + END { for (i in files) print i; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + tags=; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) ' { files[$$0] = 1; } \ + END { for (i in files) print i; }'`; \ + if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$tags $$unique; \ + fi +ctags: CTAGS +CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + tags=; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) ' { files[$$0] = 1; } \ + END { for (i in files) print i; }'`; \ + test -z "$(CTAGS_ARGS)$$tags$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$tags $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && cd $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) $$here + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + $(mkdir_p) $(distdir)/../.. $(distdir)/../../cf + @srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's|.|.|g'`; \ + list='$(DISTFILES)'; for file in $$list; do \ + case $$file in \ + $(srcdir)/*) file=`echo "$$file" | sed "s|^$$srcdirstrip/||"`;; \ + $(top_srcdir)/*) file=`echo "$$file" | sed "s|^$$topsrcdirstrip/|$(top_builddir)/|"`;; \ + esac; \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test "$$dir" != "$$file" && test "$$dir" != "."; then \ + dir="/$$dir"; \ + $(mkdir_p) "$(distdir)$$dir"; \ + else \ + dir=''; \ + fi; \ + if test -d $$d/$$file; then \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + fi; \ + cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + else \ + test -f $(distdir)/$$file \ + || cp -p $$d/$$file $(distdir)/$$file \ + || exit 1; \ + fi; \ + done + $(MAKE) $(AM_MAKEFLAGS) \ + top_distdir="$(top_distdir)" distdir="$(distdir)" \ + dist-hook +check-am: all-am + $(MAKE) $(AM_MAKEFLAGS) check-local +check: check-am +all-am: Makefile $(LTLIBRARIES) $(HEADERS) all-local +installdirs: + for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(includedir)"; do \ + test -z "$$dir" || $(mkdir_p) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \ + mostlyclean-am + +distclean: distclean-am + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-libtool distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +info: info-am + +info-am: + +install-data-am: install-includeHEADERS + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-data-hook + +install-exec-am: install-libLTLIBRARIES + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-exec-hook + +install-info: install-info-am + +install-man: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-includeHEADERS uninstall-info-am \ + uninstall-libLTLIBRARIES + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) uninstall-hook + +.PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \ + clean clean-generic clean-libLTLIBRARIES clean-libtool ctags \ + dist-hook distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-data-hook install-exec install-exec-am \ + install-exec-hook install-includeHEADERS install-info \ + install-info-am install-libLTLIBRARIES install-man \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags uninstall uninstall-am uninstall-hook \ + uninstall-includeHEADERS uninstall-info-am \ + uninstall-libLTLIBRARIES + + +install-suid-programs: + @foo='$(bin_SUIDS)'; \ + for file in $$foo; do \ + x=$(DESTDIR)$(bindir)/$$file; \ + if chown 0:0 $$x && chmod u+s $$x; then :; else \ + echo "*"; \ + echo "* Failed to install $$x setuid root"; \ + echo "*"; \ + fi; done + +install-exec-hook: install-suid-programs + +install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS) + @foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \ + for f in $$foo; do \ + f=`basename $$f`; \ + if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \ + else file="$$f"; fi; \ + if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \ + : ; else \ + echo " $(CP) $$file $(buildinclude)/$$f"; \ + $(CP) $$file $(buildinclude)/$$f; \ + fi ; \ + done ; \ + foo='$(nobase_include_HEADERS)'; \ + for f in $$foo; do \ + if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \ + else file="$$f"; fi; \ + $(mkdir_p) $(buildinclude)/`dirname $$f` ; \ + if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \ + : ; else \ + echo " $(CP) $$file $(buildinclude)/$$f"; \ + $(CP) $$file $(buildinclude)/$$f; \ + fi ; \ + done + +all-local: install-build-headers + +check-local:: + @if test '$(CHECK_LOCAL)' = "no-check-local"; then \ + foo=''; elif test '$(CHECK_LOCAL)'; then \ + foo='$(CHECK_LOCAL)'; else \ + foo='$(PROGRAMS)'; fi; \ + if test "$$foo"; then \ + failed=0; all=0; \ + for i in $$foo; do \ + all=`expr $$all + 1`; \ + if ./$$i --version > /dev/null 2>&1; then \ + echo "PASS: $$i"; \ + else \ + echo "FAIL: $$i"; \ + failed=`expr $$failed + 1`; \ + fi; \ + done; \ + if test "$$failed" -eq 0; then \ + banner="All $$all tests passed"; \ + else \ + banner="$$failed of $$all tests failed"; \ + fi; \ + dashes=`echo "$$banner" | sed s/./=/g`; \ + echo "$$dashes"; \ + echo "$$banner"; \ + echo "$$dashes"; \ + test "$$failed" -eq 0; \ + fi ; \ + if test '$(CHECK_SYMBOLS)' != ""; then \ + echo "$$dashes"; \ + echo "Checking symbols"; \ + sh $(top_srcdir)/cf/check-symbols.sh $(CHECK_SYMBOLS) || exit 1; \ + echo "Passed"; \ + echo "$$dashes"; \ + fi + +.x.c: + @cmp -s $< $@ 2> /dev/null || cp $< $@ +#NROFF_MAN = nroff -man +.1.cat1: + $(NROFF_MAN) $< > $@ +.3.cat3: + $(NROFF_MAN) $< > $@ +.5.cat5: + $(NROFF_MAN) $< > $@ +.8.cat8: + $(NROFF_MAN) $< > $@ + +dist-cat1-mans: + @foo='$(man1_MANS)'; \ + bar='$(man_MANS)'; \ + for i in $$bar; do \ + case $$i in \ + *.1) foo="$$foo $$i";; \ + esac; done ;\ + for i in $$foo; do \ + x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \ + echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ + $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ + done + +dist-cat3-mans: + @foo='$(man3_MANS)'; \ + bar='$(man_MANS)'; \ + for i in $$bar; do \ + case $$i in \ + *.3) foo="$$foo $$i";; \ + esac; done ;\ + for i in $$foo; do \ + x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \ + echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ + $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ + done + +dist-cat5-mans: + @foo='$(man5_MANS)'; \ + bar='$(man_MANS)'; \ + for i in $$bar; do \ + case $$i in \ + *.5) foo="$$foo $$i";; \ + esac; done ;\ + for i in $$foo; do \ + x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \ + echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ + $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ + done + +dist-cat8-mans: + @foo='$(man8_MANS)'; \ + bar='$(man_MANS)'; \ + for i in $$bar; do \ + case $$i in \ + *.8) foo="$$foo $$i";; \ + esac; done ;\ + for i in $$foo; do \ + x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \ + echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ + $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ + done + +dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans + +install-cat-mans: + $(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) + +uninstall-cat-mans: + $(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) + +install-data-hook: install-cat-mans +uninstall-hook: uninstall-cat-mans + +.et.h: + $(COMPILE_ET) $< +.et.c: + $(COMPILE_ET) $< + +# +# Useful target for debugging +# + +check-valgrind: + env TESTS_ENVIRONMENT="$(top_builddir)/libtool --mode execute valgrind --leak-check=full --quiet --suppressions=$(top_srcdir)/cf/valgrind-suppressions" make check +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff -urNp heimdal-0.8.1/lib/gssapi/Makefile.in heimdal-0.8.1-epak/lib/gssapi/Makefile.in --- heimdal-0.8.1/lib/gssapi/Makefile.in 2007-04-23 10:26:03.000000000 -0600 +++ heimdal-0.8.1-epak/lib/gssapi/Makefile.in 2007-06-07 12:11:06.000000000 -0600 @@ -319,6 +319,10 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ ENABLE_SHARED_FALSE = @ENABLE_SHARED_FALSE@ ENABLE_SHARED_TRUE = @ENABLE_SHARED_TRUE@ +EPAKDEBUG_FALSE = @EPAKDEBUG_FALSE@ +EPAKDEBUG_TRUE = @EPAKDEBUG_TRUE@ +EPAK_FALSE = @EPAK_FALSE@ +EPAK_TRUE = @EPAK_TRUE@ EXEEXT = @EXEEXT@ EXTRA_LIB45 = @EXTRA_LIB45@ F77 = @F77@ diff -urNp heimdal-0.8.1/lib/hdb/Makefile.in heimdal-0.8.1-epak/lib/hdb/Makefile.in --- heimdal-0.8.1/lib/hdb/Makefile.in 2007-04-23 10:26:03.000000000 -0600 +++ heimdal-0.8.1-epak/lib/hdb/Makefile.in 2007-06-07 12:11:06.000000000 -0600 @@ -196,6 +196,10 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ ENABLE_SHARED_FALSE = @ENABLE_SHARED_FALSE@ ENABLE_SHARED_TRUE = @ENABLE_SHARED_TRUE@ +EPAKDEBUG_FALSE = @EPAKDEBUG_FALSE@ +EPAKDEBUG_TRUE = @EPAKDEBUG_TRUE@ +EPAK_FALSE = @EPAK_FALSE@ +EPAK_TRUE = @EPAK_TRUE@ EXEEXT = @EXEEXT@ EXTRA_LIB45 = @EXTRA_LIB45@ F77 = @F77@ diff -urNp heimdal-0.8.1/lib/hx509/Makefile.in heimdal-0.8.1-epak/lib/hx509/Makefile.in --- heimdal-0.8.1/lib/hx509/Makefile.in 2007-04-23 10:26:04.000000000 -0600 +++ heimdal-0.8.1-epak/lib/hx509/Makefile.in 2007-06-07 12:11:07.000000000 -0600 @@ -222,6 +222,10 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ ENABLE_SHARED_FALSE = @ENABLE_SHARED_FALSE@ ENABLE_SHARED_TRUE = @ENABLE_SHARED_TRUE@ +EPAKDEBUG_FALSE = @EPAKDEBUG_FALSE@ +EPAKDEBUG_TRUE = @EPAKDEBUG_TRUE@ +EPAK_FALSE = @EPAK_FALSE@ +EPAK_TRUE = @EPAK_TRUE@ EXEEXT = @EXEEXT@ EXTRA_LIB45 = @EXTRA_LIB45@ F77 = @F77@ diff -urNp heimdal-0.8.1/lib/kadm5/Makefile.in heimdal-0.8.1-epak/lib/kadm5/Makefile.in --- heimdal-0.8.1/lib/kadm5/Makefile.in 2007-04-23 10:26:05.000000000 -0600 +++ heimdal-0.8.1-epak/lib/kadm5/Makefile.in 2007-06-07 12:11:07.000000000 -0600 @@ -256,6 +256,10 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ ENABLE_SHARED_FALSE = @ENABLE_SHARED_FALSE@ ENABLE_SHARED_TRUE = @ENABLE_SHARED_TRUE@ +EPAKDEBUG_FALSE = @EPAKDEBUG_FALSE@ +EPAKDEBUG_TRUE = @EPAKDEBUG_TRUE@ +EPAK_FALSE = @EPAK_FALSE@ +EPAK_TRUE = @EPAK_TRUE@ EXEEXT = @EXEEXT@ EXTRA_LIB45 = @EXTRA_LIB45@ F77 = @F77@ diff -urNp heimdal-0.8.1/lib/kafs/Makefile.in heimdal-0.8.1-epak/lib/kafs/Makefile.in --- heimdal-0.8.1/lib/kafs/Makefile.in 2007-04-23 10:26:05.000000000 -0600 +++ heimdal-0.8.1-epak/lib/kafs/Makefile.in 2007-06-07 12:11:08.000000000 -0600 @@ -192,6 +192,10 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ ENABLE_SHARED_FALSE = @ENABLE_SHARED_FALSE@ ENABLE_SHARED_TRUE = @ENABLE_SHARED_TRUE@ +EPAKDEBUG_FALSE = @EPAKDEBUG_FALSE@ +EPAKDEBUG_TRUE = @EPAKDEBUG_TRUE@ +EPAK_FALSE = @EPAK_FALSE@ +EPAK_TRUE = @EPAK_TRUE@ EXEEXT = @EXEEXT@ EXTRA_LIB45 = @EXTRA_LIB45@ F77 = @F77@ diff -urNp heimdal-0.8.1/lib/kdfs/Makefile.in heimdal-0.8.1-epak/lib/kdfs/Makefile.in --- heimdal-0.8.1/lib/kdfs/Makefile.in 2007-04-23 10:26:05.000000000 -0600 +++ heimdal-0.8.1-epak/lib/kdfs/Makefile.in 2007-06-07 12:11:08.000000000 -0600 @@ -164,6 +164,10 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ ENABLE_SHARED_FALSE = @ENABLE_SHARED_FALSE@ ENABLE_SHARED_TRUE = @ENABLE_SHARED_TRUE@ +EPAKDEBUG_FALSE = @EPAKDEBUG_FALSE@ +EPAKDEBUG_TRUE = @EPAKDEBUG_TRUE@ +EPAK_FALSE = @EPAK_FALSE@ +EPAK_TRUE = @EPAK_TRUE@ EXEEXT = @EXEEXT@ EXTRA_LIB45 = @EXTRA_LIB45@ F77 = @F77@ diff -urNp heimdal-0.8.1/lib/krb5/get_in_tkt.c heimdal-0.8.1-epak/lib/krb5/get_in_tkt.c --- heimdal-0.8.1/lib/krb5/get_in_tkt.c 2007-04-23 10:24:05.000000000 -0600 +++ heimdal-0.8.1-epak/lib/krb5/get_in_tkt.c 2007-06-07 11:44:02.000000000 -0600 @@ -409,6 +409,67 @@ add_padata(krb5_context context, return 0; } +#ifdef EPAK +static krb5_error_code +add_padata_epak(krb5_context context, + METHOD_DATA *md, + krb5_key_proc key_proc, + krb5_const_pointer keyseed) +{ + krb5_error_code ret; + PA_DATA *pa2; + Ticket ticket; + PA_EPAK_AS_REQ pa_req; + unsigned char *buf; + size_t buf_size; + size_t len; + + /* Allocate space for one more PA-DATA. */ + ++md->len; + pa2 = realloc (md->val, md->len * sizeof(*md->val)); + if (pa2 == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + md->val = pa2; + + /* Extract Ticket from epak service credential. */ + const krb5_creds* cred = (const krb5_creds*)keyseed; + ret = decode_Ticket(cred->ticket.data, cred->ticket.length, &ticket, &len); + if (ret) + return ret; + + /* Set up EPAK pre-auth data with encrypted EPAK Ticket and + * encrypted EPAK Authenticator. */ + pa_req.epakvno = epakvno; + copy_Realm(&cred->server->realm, &pa_req.pasrealm); + copy_EncryptedData(&ticket.enc_part, &pa_req.epakticket); + + /* TODO: Set EPAK Authenticator. */ + pa_req.epakauth.etype = ETYPE_NULL; + pa_req.epakauth.kvno = NULL; + pa_req.epakauth.cipher.length = 0; + pa_req.epakauth.cipher.data = NULL; + + /* Create ASN.1 encoded EPAK pre-auth data buffer. */ + ASN1_MALLOC_ENCODE(PA_EPAK_AS_REQ, buf, buf_size, &pa_req, &len, ret); + if (ret) + return ret; + if (buf_size != len) + krb5_abortx(context, "internal error in ASN.1 encoder"); + + /* Set pre-auth data. */ + md->val->padata_type = KRB5_PADATA_EPAK_AS_REQ; + md->val->padata_value.length = buf_size; + md->val->padata_value.data = buf; + + /* Cleanup. */ + free_Ticket(&ticket); + free_PA_EPAK_AS_REQ(&pa_req); + return 0; +} +#endif + static krb5_error_code init_as_req (krb5_context context, KDCOptions opts, @@ -573,6 +634,21 @@ init_as_req (krb5_context context, add_padata(context, a->padata, creds->client, key_proc, keyseed, a->req_body.etype.val, a->req_body.etype.len, &salt); +#ifdef EPAK + } else if (*ptypes == KRB5_PADATA_EPAK_AS_REQ) { + ALLOC(a->padata, 1); + if (a->padata == NULL) { + ret = ENOMEM; + krb5_set_error_string(context, "malloc: out of memory"); + goto fail; + } + a->padata->len = 0; + a->padata->val = NULL; + + ret = add_padata_epak(context, a->padata, key_proc, keyseed); + if (ret) + goto fail; +#endif } else { krb5_set_error_string (context, "pre-auth type %d not supported", *ptypes); @@ -744,6 +820,14 @@ krb5_get_in_cred(krb5_context context, rep.kdc_rep.padata->len, KRB5_PADATA_AFS3_SALT, &i); } +#ifdef EPAK + if(pa == NULL) { + i = 0; + pa = krb5_find_padata(rep.kdc_rep.padata->val, + rep.kdc_rep.padata->len, + KRB5_PADATA_EPAK_AS_REP, &i); + } +#endif } if(pa) { salt.salttype = pa->padata_type; diff -urNp heimdal-0.8.1/lib/krb5/init_creds_pw.c heimdal-0.8.1-epak/lib/krb5/init_creds_pw.c --- heimdal-0.8.1/lib/krb5/init_creds_pw.c 2007-04-23 10:24:05.000000000 -0600 +++ heimdal-0.8.1-epak/lib/krb5/init_creds_pw.c 2007-05-22 10:57:23.000000000 -0600 @@ -1585,3 +1585,101 @@ krb5_get_init_creds_keyblock(krb5_contex free_init_creds_ctx(context, &ctx); return ret; } + +#ifdef EPAK +krb5_error_code +static krb5_epak_key_proc(krb5_context context, + krb5_enctype type, + krb5_salt salt, + krb5_const_pointer keyseed, + krb5_keyblock **key) +{ + /* This function is called by krb5_get_in_cred to get the key needed to + * decrypt the encrypted part of the AS-REPLY. */ + krb5_error_code ret; + PA_EPAK_AS_REP pa_rep; + size_t len; + + /* The salt holds the pre-auth data from server. + * Verify that the pre-auth data type is what we expect from the server. */ + if( salt.salttype != KRB5_PADATA_EPAK_AS_REP ) + return KRB5_PREAUTH_BAD_TYPE; + if( salt.saltvalue.data == NULL ) + return KRB5_PREAUTH_BAD_TYPE; + + /* Decode salt value, which contains the KRB5_PADATA_EPAK_AS_REP message. */ + ret = decode_PA_EPAK_AS_REP(salt.saltvalue.data, + salt.saltvalue.length, + &pa_rep, &len); + if (ret) + return ret; + + /* See if the server indicates pre-auth failure. */ + if( pa_rep.epakvno != epakvno ) + return KRB5_PREAUTH_BAD_TYPE; + if( pa_rep.result != 0 ) + return KRB5_PREAUTH_FAILED; + + /* Allocate memory for decryption key (session key). */ + *key = malloc(sizeof(**key)); + if( *key == NULL ) { + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + + /* We already have the session key needed to decrypt the AS-REPLY. + * It was given to us by the pre-authentication server. */ + const krb5_creds* epak_cred = (const krb5_creds*)keyseed; + const EncryptionKey* session_key = &epak_cred->session; + copy_EncryptionKey(session_key, *key); + + /* Cleanup. */ + free_PA_EPAK_AS_REP(&pa_rep); + return 0; +} + +krb5_error_code +krb5_get_init_creds_epak(krb5_context context, + krb5_creds *creds, + krb5_principal client, + const krb5_creds *epak_cred, + krb5_deltat start_time, + const char *in_tkt_service, + krb5_get_init_creds_opt *options) +{ + struct krb5_get_init_creds_ctx ctx; + krb5_error_code ret; + krb5_preauthtype epak_pre_auth_types[2] = {KRB5_PADATA_EPAK_AS_REQ, KRB5_PADATA_NONE}; + + ret = get_init_creds_common(context, client, start_time, + in_tkt_service, options, &ctx); + if( ret ) + goto out; + + /* Note: I'm not passing the pre-auth data in the preauth parameter + * because krb5_preauthdata is overly complex and seems to be designed + * specifically for KRB5_PADATA_ENC_TIMESTAMP and KRB5_PADATA_ETYPE_INFO. */ + ret = krb5_get_in_cred(context, + KDCOptions2int(ctx.flags), + ctx.addrs, + ctx.etypes, + epak_pre_auth_types, + NULL, /* not passing pre-auth data here */ + krb5_epak_key_proc, + epak_cred, /* pre-auth data and session key */ + NULL, + NULL, + &ctx.cred, + NULL); + + if (ret == 0 && creds) + *creds = ctx.cred; + else + krb5_free_cred_contents(context, &ctx.cred); + +out: + free_init_creds_ctx(context, &ctx); + return ret; +} +#endif + diff -urNp heimdal-0.8.1/lib/krb5/krb5.h heimdal-0.8.1-epak/lib/krb5/krb5.h --- heimdal-0.8.1/lib/krb5/krb5.h 2007-04-23 10:24:04.000000000 -0600 +++ heimdal-0.8.1-epak/lib/krb5/krb5.h 2007-05-08 16:03:25.000000000 -0600 @@ -556,7 +556,7 @@ typedef struct krb5_auth_context_data { krb5_rcache rcache; krb5_keytype keytype; /* ¿requested key type ? */ - krb5_cksumtype cksumtype; /* ¡requested checksum type! */ + krb5_cksumtype cksumtype; /* ¿requested checksum type! */ }krb5_auth_context_data, *krb5_auth_context; @@ -757,6 +757,11 @@ struct credentials; /* this is to keep t struct getargs; struct sockaddr; +#ifdef EPAK +/* EPAK Ticket lifetime option (goes in krb5.conf libdefaults section) */ +#define EPAK_TICKET_LIFETIME_NAME "epak_ticket_lifetime" +#endif + #include #endif /* __KRB5_H__ */ diff -urNp heimdal-0.8.1/lib/krb5/krb5_locl.h heimdal-0.8.1-epak/lib/krb5/krb5_locl.h --- heimdal-0.8.1/lib/krb5/krb5_locl.h 2007-04-23 10:24:04.000000000 -0600 +++ heimdal-0.8.1-epak/lib/krb5/krb5_locl.h 2007-05-08 16:03:25.000000000 -0600 @@ -166,6 +166,10 @@ enum plugin_type { #include "heim_threads.h" +#ifdef EPAK +#include +#endif + #define ALLOC(X, N) (X) = calloc((N), sizeof(*(X))) #define ALLOC_SEQ(X, N) do { (X)->len = (N); ALLOC((X)->val, (N)); } while(0) diff -urNp heimdal-0.8.1/lib/krb5/krb5-protos.h heimdal-0.8.1-epak/lib/krb5/krb5-protos.h --- heimdal-0.8.1/lib/krb5/krb5-protos.h 2007-04-23 10:28:25.000000000 -0600 +++ heimdal-0.8.1-epak/lib/krb5/krb5-protos.h 2007-05-08 12:51:29.000000000 -0600 @@ -1402,6 +1402,18 @@ krb5_digest_set_uri ( krb5_digest /*digest*/, const char */*uri*/); +#ifdef EPAK +krb5_error_code +krb5_get_init_creds_epak( + krb5_context context, + krb5_creds *creds, + krb5_principal client, + const krb5_creds *epak_cred, + krb5_deltat start_time, + const char *in_tkt_service, + krb5_get_init_creds_opt *options); +#endif + krb5_error_code krb5_digest_set_username ( krb5_context /*context*/, diff -urNp heimdal-0.8.1/lib/krb5/Makefile.in heimdal-0.8.1-epak/lib/krb5/Makefile.in --- heimdal-0.8.1/lib/krb5/Makefile.in 2007-04-23 10:26:07.000000000 -0600 +++ heimdal-0.8.1-epak/lib/krb5/Makefile.in 2007-06-07 12:11:09.000000000 -0600 @@ -402,6 +402,10 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ ENABLE_SHARED_FALSE = @ENABLE_SHARED_FALSE@ ENABLE_SHARED_TRUE = @ENABLE_SHARED_TRUE@ +EPAKDEBUG_FALSE = @EPAKDEBUG_FALSE@ +EPAKDEBUG_TRUE = @EPAKDEBUG_TRUE@ +EPAK_FALSE = @EPAK_FALSE@ +EPAK_TRUE = @EPAK_TRUE@ EXEEXT = @EXEEXT@ EXTRA_LIB45 = @EXTRA_LIB45@ F77 = @F77@ diff -urNp heimdal-0.8.1/lib/krb5/verify_krb5_conf.c heimdal-0.8.1-epak/lib/krb5/verify_krb5_conf.c --- heimdal-0.8.1/lib/krb5/verify_krb5_conf.c 2007-04-23 10:24:04.000000000 -0600 +++ heimdal-0.8.1-epak/lib/krb5/verify_krb5_conf.c 2007-05-08 13:49:50.000000000 -0600 @@ -410,6 +410,9 @@ struct entry libdefaults_entries[] = { { "permitted_enctypes", krb5_config_string, mit_entry }, { "default_tgs_enctypes", krb5_config_string, mit_entry }, { "default_tkt_enctypes", krb5_config_string, mit_entry }, +#ifdef EPAK + { EPAK_TICKET_LIFETIME_NAME, krb5_config_string, check_time }, +#endif { NULL } }; diff -urNp heimdal-0.8.1/lib/Makefile.am heimdal-0.8.1-epak/lib/Makefile.am --- heimdal-0.8.1/lib/Makefile.am 2007-04-23 10:24:31.000000000 -0600 +++ heimdal-0.8.1-epak/lib/Makefile.am 2007-05-08 12:51:29.000000000 -0600 @@ -17,6 +17,10 @@ endif if !HAVE_OPENSSL dir_des = des endif +if EPAK +dir_epak = epak +endif SUBDIRS = roken vers editline $(dir_com_err) sl asn1 $(dir_des) hx509 \ - krb5 ntlm kafs gssapi hdb kadm5 auth $(dir_45) $(dir_otp) $(dir_dce) + krb5 ntlm kafs gssapi hdb kadm5 auth $(dir_45) $(dir_otp) $(dir_dce) \ + $(dir_epak) diff -urNp heimdal-0.8.1/lib/Makefile.in heimdal-0.8.1-epak/lib/Makefile.in --- heimdal-0.8.1/lib/Makefile.in 2007-04-23 10:25:59.000000000 -0600 +++ heimdal-0.8.1-epak/lib/Makefile.in 2007-06-07 12:11:03.000000000 -0600 @@ -104,7 +104,7 @@ RECURSIVE_TARGETS = all-recursive check- ETAGS = etags CTAGS = ctags DIST_SUBDIRS = roken vers editline com_err sl asn1 des hx509 krb5 ntlm \ - kafs gssapi hdb kadm5 auth 45 otp kdfs + kafs gssapi hdb kadm5 auth 45 otp kdfs epak DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AIX4_FALSE = @AIX4_FALSE@ @@ -150,6 +150,10 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ ENABLE_SHARED_FALSE = @ENABLE_SHARED_FALSE@ ENABLE_SHARED_TRUE = @ENABLE_SHARED_TRUE@ +EPAKDEBUG_FALSE = @EPAKDEBUG_FALSE@ +EPAKDEBUG_TRUE = @EPAKDEBUG_TRUE@ +EPAK_FALSE = @EPAK_FALSE@ +EPAK_TRUE = @EPAK_TRUE@ EXEEXT = @EXEEXT@ EXTRA_LIB45 = @EXTRA_LIB45@ F77 = @F77@ @@ -382,8 +386,10 @@ LIB_kafs = $(top_builddir)/lib/kafs/libk @DCE_TRUE@dir_dce = kdfs @COM_ERR_TRUE@dir_com_err = com_err @HAVE_OPENSSL_FALSE@dir_des = des +@EPAK_TRUE@dir_epak = epak SUBDIRS = roken vers editline $(dir_com_err) sl asn1 $(dir_des) hx509 \ - krb5 ntlm kafs gssapi hdb kadm5 auth $(dir_45) $(dir_otp) $(dir_dce) + krb5 ntlm kafs gssapi hdb kadm5 auth $(dir_45) $(dir_otp) $(dir_dce) \ + $(dir_epak) all: all-recursive diff -urNp heimdal-0.8.1/lib/ntlm/Makefile.in heimdal-0.8.1-epak/lib/ntlm/Makefile.in --- heimdal-0.8.1/lib/ntlm/Makefile.in 2007-04-23 10:26:08.000000000 -0600 +++ heimdal-0.8.1-epak/lib/ntlm/Makefile.in 2007-06-07 12:11:09.000000000 -0600 @@ -173,6 +173,10 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ ENABLE_SHARED_FALSE = @ENABLE_SHARED_FALSE@ ENABLE_SHARED_TRUE = @ENABLE_SHARED_TRUE@ +EPAKDEBUG_FALSE = @EPAKDEBUG_FALSE@ +EPAKDEBUG_TRUE = @EPAKDEBUG_TRUE@ +EPAK_FALSE = @EPAK_FALSE@ +EPAK_TRUE = @EPAK_TRUE@ EXEEXT = @EXEEXT@ EXTRA_LIB45 = @EXTRA_LIB45@ F77 = @F77@ diff -urNp heimdal-0.8.1/lib/otp/Makefile.in heimdal-0.8.1-epak/lib/otp/Makefile.in --- heimdal-0.8.1/lib/otp/Makefile.in 2007-04-23 10:26:08.000000000 -0600 +++ heimdal-0.8.1-epak/lib/otp/Makefile.in 2007-06-07 12:11:09.000000000 -0600 @@ -186,6 +186,10 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ ENABLE_SHARED_FALSE = @ENABLE_SHARED_FALSE@ ENABLE_SHARED_TRUE = @ENABLE_SHARED_TRUE@ +EPAKDEBUG_FALSE = @EPAKDEBUG_FALSE@ +EPAKDEBUG_TRUE = @EPAKDEBUG_TRUE@ +EPAK_FALSE = @EPAK_FALSE@ +EPAK_TRUE = @EPAK_TRUE@ EXEEXT = @EXEEXT@ EXTRA_LIB45 = @EXTRA_LIB45@ F77 = @F77@ diff -urNp heimdal-0.8.1/lib/roken/Makefile.in heimdal-0.8.1-epak/lib/roken/Makefile.in --- heimdal-0.8.1/lib/roken/Makefile.in 2007-04-23 10:26:09.000000000 -0600 +++ heimdal-0.8.1-epak/lib/roken/Makefile.in 2007-06-07 12:11:10.000000000 -0600 @@ -301,6 +301,10 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ ENABLE_SHARED_FALSE = @ENABLE_SHARED_FALSE@ ENABLE_SHARED_TRUE = @ENABLE_SHARED_TRUE@ +EPAKDEBUG_FALSE = @EPAKDEBUG_FALSE@ +EPAKDEBUG_TRUE = @EPAKDEBUG_TRUE@ +EPAK_FALSE = @EPAK_FALSE@ +EPAK_TRUE = @EPAK_TRUE@ EXEEXT = @EXEEXT@ EXTRA_LIB45 = @EXTRA_LIB45@ F77 = @F77@ diff -urNp heimdal-0.8.1/lib/sl/Makefile.in heimdal-0.8.1-epak/lib/sl/Makefile.in --- heimdal-0.8.1/lib/sl/Makefile.in 2007-04-23 10:26:10.000000000 -0600 +++ heimdal-0.8.1-epak/lib/sl/Makefile.in 2007-06-07 12:11:11.000000000 -0600 @@ -213,6 +213,10 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ ENABLE_SHARED_FALSE = @ENABLE_SHARED_FALSE@ ENABLE_SHARED_TRUE = @ENABLE_SHARED_TRUE@ +EPAKDEBUG_FALSE = @EPAKDEBUG_FALSE@ +EPAKDEBUG_TRUE = @EPAKDEBUG_TRUE@ +EPAK_FALSE = @EPAK_FALSE@ +EPAK_TRUE = @EPAK_TRUE@ EXEEXT = @EXEEXT@ EXTRA_LIB45 = @EXTRA_LIB45@ F77 = @F77@ diff -urNp heimdal-0.8.1/lib/vers/Makefile.in heimdal-0.8.1-epak/lib/vers/Makefile.in --- heimdal-0.8.1/lib/vers/Makefile.in 2007-04-23 10:26:10.000000000 -0600 +++ heimdal-0.8.1-epak/lib/vers/Makefile.in 2007-06-07 12:11:11.000000000 -0600 @@ -165,6 +165,10 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ ENABLE_SHARED_FALSE = @ENABLE_SHARED_FALSE@ ENABLE_SHARED_TRUE = @ENABLE_SHARED_TRUE@ +EPAKDEBUG_FALSE = @EPAKDEBUG_FALSE@ +EPAKDEBUG_TRUE = @EPAKDEBUG_TRUE@ +EPAK_FALSE = @EPAK_FALSE@ +EPAK_TRUE = @EPAK_TRUE@ EXEEXT = @EXEEXT@ EXTRA_LIB45 = @EXTRA_LIB45@ F77 = @F77@ diff -urNp heimdal-0.8.1/Makefile.in heimdal-0.8.1-epak/Makefile.in --- heimdal-0.8.1/Makefile.in 2007-04-23 10:26:12.000000000 -0600 +++ heimdal-0.8.1-epak/Makefile.in 2007-06-07 12:11:13.000000000 -0600 @@ -164,6 +164,10 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ ENABLE_SHARED_FALSE = @ENABLE_SHARED_FALSE@ ENABLE_SHARED_TRUE = @ENABLE_SHARED_TRUE@ +EPAKDEBUG_FALSE = @EPAKDEBUG_FALSE@ +EPAKDEBUG_TRUE = @EPAKDEBUG_TRUE@ +EPAK_FALSE = @EPAK_FALSE@ +EPAK_TRUE = @EPAK_TRUE@ EXEEXT = @EXEEXT@ EXTRA_LIB45 = @EXTRA_LIB45@ F77 = @F77@ diff -urNp heimdal-0.8.1/packages/mac/Makefile.in heimdal-0.8.1-epak/packages/mac/Makefile.in --- heimdal-0.8.1/packages/mac/Makefile.in 2007-04-23 10:26:10.000000000 -0600 +++ heimdal-0.8.1-epak/packages/mac/Makefile.in 2007-06-07 12:11:11.000000000 -0600 @@ -140,6 +140,10 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ ENABLE_SHARED_FALSE = @ENABLE_SHARED_FALSE@ ENABLE_SHARED_TRUE = @ENABLE_SHARED_TRUE@ +EPAKDEBUG_FALSE = @EPAKDEBUG_FALSE@ +EPAKDEBUG_TRUE = @EPAKDEBUG_TRUE@ +EPAK_FALSE = @EPAK_FALSE@ +EPAK_TRUE = @EPAK_TRUE@ EXEEXT = @EXEEXT@ EXTRA_LIB45 = @EXTRA_LIB45@ F77 = @F77@ diff -urNp heimdal-0.8.1/packages/Makefile.in heimdal-0.8.1-epak/packages/Makefile.in --- heimdal-0.8.1/packages/Makefile.in 2007-04-23 10:26:10.000000000 -0600 +++ heimdal-0.8.1-epak/packages/Makefile.in 2007-06-07 12:11:11.000000000 -0600 @@ -149,6 +149,10 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ ENABLE_SHARED_FALSE = @ENABLE_SHARED_FALSE@ ENABLE_SHARED_TRUE = @ENABLE_SHARED_TRUE@ +EPAKDEBUG_FALSE = @EPAKDEBUG_FALSE@ +EPAKDEBUG_TRUE = @EPAKDEBUG_TRUE@ +EPAK_FALSE = @EPAK_FALSE@ +EPAK_TRUE = @EPAK_TRUE@ EXEEXT = @EXEEXT@ EXTRA_LIB45 = @EXTRA_LIB45@ F77 = @F77@ diff -urNp heimdal-0.8.1/tests/db/Makefile.in heimdal-0.8.1-epak/tests/db/Makefile.in --- heimdal-0.8.1/tests/db/Makefile.in 2007-04-23 10:26:11.000000000 -0600 +++ heimdal-0.8.1-epak/tests/db/Makefile.in 2007-06-07 12:11:12.000000000 -0600 @@ -144,6 +144,10 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ ENABLE_SHARED_FALSE = @ENABLE_SHARED_FALSE@ ENABLE_SHARED_TRUE = @ENABLE_SHARED_TRUE@ +EPAKDEBUG_FALSE = @EPAKDEBUG_FALSE@ +EPAKDEBUG_TRUE = @EPAKDEBUG_TRUE@ +EPAK_FALSE = @EPAK_FALSE@ +EPAK_TRUE = @EPAK_TRUE@ EXEEXT = @EXEEXT@ EXTRA_LIB45 = @EXTRA_LIB45@ F77 = @F77@ diff -urNp heimdal-0.8.1/tests/gss/Makefile.in heimdal-0.8.1-epak/tests/gss/Makefile.in --- heimdal-0.8.1/tests/gss/Makefile.in 2007-04-23 10:26:11.000000000 -0600 +++ heimdal-0.8.1-epak/tests/gss/Makefile.in 2007-06-07 12:11:12.000000000 -0600 @@ -142,6 +142,10 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ ENABLE_SHARED_FALSE = @ENABLE_SHARED_FALSE@ ENABLE_SHARED_TRUE = @ENABLE_SHARED_TRUE@ +EPAKDEBUG_FALSE = @EPAKDEBUG_FALSE@ +EPAKDEBUG_TRUE = @EPAKDEBUG_TRUE@ +EPAK_FALSE = @EPAK_FALSE@ +EPAK_TRUE = @EPAK_TRUE@ EXEEXT = @EXEEXT@ EXTRA_LIB45 = @EXTRA_LIB45@ F77 = @F77@ diff -urNp heimdal-0.8.1/tests/kdc/Makefile.in heimdal-0.8.1-epak/tests/kdc/Makefile.in --- heimdal-0.8.1/tests/kdc/Makefile.in 2007-04-23 10:26:11.000000000 -0600 +++ heimdal-0.8.1-epak/tests/kdc/Makefile.in 2007-06-07 12:11:12.000000000 -0600 @@ -159,6 +159,10 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ ENABLE_SHARED_FALSE = @ENABLE_SHARED_FALSE@ ENABLE_SHARED_TRUE = @ENABLE_SHARED_TRUE@ +EPAKDEBUG_FALSE = @EPAKDEBUG_FALSE@ +EPAKDEBUG_TRUE = @EPAKDEBUG_TRUE@ +EPAK_FALSE = @EPAK_FALSE@ +EPAK_TRUE = @EPAK_TRUE@ EXEEXT = @EXEEXT@ EXTRA_LIB45 = @EXTRA_LIB45@ F77 = @F77@ diff -urNp heimdal-0.8.1/tests/Makefile.in heimdal-0.8.1-epak/tests/Makefile.in --- heimdal-0.8.1/tests/Makefile.in 2007-04-23 10:26:10.000000000 -0600 +++ heimdal-0.8.1-epak/tests/Makefile.in 2007-06-07 12:11:11.000000000 -0600 @@ -150,6 +150,10 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ ENABLE_SHARED_FALSE = @ENABLE_SHARED_FALSE@ ENABLE_SHARED_TRUE = @ENABLE_SHARED_TRUE@ +EPAKDEBUG_FALSE = @EPAKDEBUG_FALSE@ +EPAKDEBUG_TRUE = @EPAKDEBUG_TRUE@ +EPAK_FALSE = @EPAK_FALSE@ +EPAK_TRUE = @EPAK_TRUE@ EXEEXT = @EXEEXT@ EXTRA_LIB45 = @EXTRA_LIB45@ F77 = @F77@ diff -urNp heimdal-0.8.1/tests/plugin/Makefile.in heimdal-0.8.1-epak/tests/plugin/Makefile.in --- heimdal-0.8.1/tests/plugin/Makefile.in 2007-04-23 10:26:11.000000000 -0600 +++ heimdal-0.8.1-epak/tests/plugin/Makefile.in 2007-06-07 12:11:12.000000000 -0600 @@ -166,6 +166,10 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ ENABLE_SHARED_FALSE = @ENABLE_SHARED_FALSE@ ENABLE_SHARED_TRUE = @ENABLE_SHARED_TRUE@ +EPAKDEBUG_FALSE = @EPAKDEBUG_FALSE@ +EPAKDEBUG_TRUE = @EPAKDEBUG_TRUE@ +EPAK_FALSE = @EPAK_FALSE@ +EPAK_TRUE = @EPAK_TRUE@ EXEEXT = @EXEEXT@ EXTRA_LIB45 = @EXTRA_LIB45@ F77 = @F77@ diff -urNp heimdal-0.8.1/tools/Makefile.in heimdal-0.8.1-epak/tools/Makefile.in --- heimdal-0.8.1/tools/Makefile.in 2007-04-23 10:26:12.000000000 -0600 +++ heimdal-0.8.1-epak/tools/Makefile.in 2007-06-07 12:11:12.000000000 -0600 @@ -146,6 +146,10 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ ENABLE_SHARED_FALSE = @ENABLE_SHARED_FALSE@ ENABLE_SHARED_TRUE = @ENABLE_SHARED_TRUE@ +EPAKDEBUG_FALSE = @EPAKDEBUG_FALSE@ +EPAKDEBUG_TRUE = @EPAKDEBUG_TRUE@ +EPAK_FALSE = @EPAK_FALSE@ +EPAK_TRUE = @EPAK_TRUE@ EXEEXT = @EXEEXT@ EXTRA_LIB45 = @EXTRA_LIB45@ F77 = @F77@