Annotation of embedaddon/rsync/patches/kerberos.diff, revision 1.1
1.1 ! misho 1: This patch adds a kerberos authentication method to daemon mode.
! 2:
! 3: NOTE: minimally munged to work with 3.1.1, but as yet untested!
! 4:
! 5: To use this patch, run these commands for a successful build:
! 6:
! 7: patch -p1 <patches/kerberos.diff
! 8: ./prepare-source
! 9: ./configure
! 10: make
! 11:
! 12: based-on: e94bad1c156fc3910f24e2b3b71a81b0b0bdeb70
! 13: diff --git a/Makefile.in b/Makefile.in
! 14: --- a/Makefile.in
! 15: +++ b/Makefile.in
! 16: @@ -44,7 +44,7 @@ OBJS1=flist.o rsync.o generator.o receiver.o cleanup.o sender.o exclude.o \
! 17: util.o util2.o main.o checksum.o match.o syscall.o log.o backup.o delete.o
! 18: OBJS2=options.o io.o compat.o hlink.o token.o uidlist.o socket.o hashtable.o \
! 19: usage.o fileio.o batch.o clientname.o chmod.o acls.o xattrs.o
! 20: -OBJS3=progress.o pipe.o @ASM@
! 21: +OBJS3=progress.o pipe.o gss-auth.o @ASM@
! 22: DAEMON_OBJ = params.o loadparm.o clientserver.o access.o connection.o authenticate.o
! 23: popt_OBJS=popt/findme.o popt/popt.o popt/poptconfig.o \
! 24: popt/popthelp.o popt/poptparse.o
! 25: diff --git a/clientserver.c b/clientserver.c
! 26: --- a/clientserver.c
! 27: +++ b/clientserver.c
! 28: @@ -140,7 +140,7 @@ int start_socket_client(char *host, int remote_argc, char *remote_argv[],
! 29: setup_iconv();
! 30: #endif
! 31:
! 32: - ret = start_inband_exchange(fd, fd, user, remote_argc, remote_argv);
! 33: + ret = start_inband_exchange(fd, fd, user, host, remote_argc, remote_argv);
! 34:
! 35: return ret ? ret : client_run(fd, fd, -1, argc, argv);
! 36: }
! 37: @@ -217,7 +217,7 @@ static int exchange_protocols(int f_in, int f_out, char *buf, size_t bufsiz, int
! 38: return 0;
! 39: }
! 40:
! 41: -int start_inband_exchange(int f_in, int f_out, const char *user, int argc, char *argv[])
! 42: +int start_inband_exchange(int f_in, int f_out, const char *user, const char *host, int argc, char *argv[])
! 43: {
! 44: int i, modlen;
! 45: char line[BIGPATHBUFLEN];
! 46: @@ -328,6 +328,17 @@ int start_inband_exchange(int f_in, int f_out, const char *user, int argc, char
! 47: continue;
! 48: }
! 49:
! 50: + if (strcmp(line, "@RSYNCD: GSS") == 0) {
! 51: +#ifdef GSSAPI_OPTION
! 52: + if (auth_gss_client(f_out, host) < 0)
! 53: + return -1;
! 54: + continue;
! 55: +#else
! 56: + rprintf(FERROR, "GSSAPI is not supported\n");
! 57: + return -1;
! 58: +#endif
! 59: + }
! 60: +
! 61: if (strcmp(line,"@RSYNCD: OK") == 0)
! 62: break;
! 63:
! 64: @@ -685,7 +696,12 @@ static int rsync_module(int f_in, int f_out, int i, const char *addr, const char
! 65: }
! 66:
! 67: read_only = lp_read_only(i); /* may also be overridden by auth_server() */
! 68: - auth_user = auth_server(f_in, f_out, i, host, addr, "@RSYNCD: AUTHREQD ");
! 69: +#ifdef GSSAPI_OPTION
! 70: + if (lp_use_gssapi(i))
! 71: + auth_user = auth_gss_server(f_in, f_out, i, host, addr, "@RSYNCD: GSS");
! 72: + else
! 73: +#endif
! 74: + auth_user = auth_server(f_in, f_out, i, host, addr, "@RSYNCD: AUTHREQD ");
! 75:
! 76: if (!auth_user) {
! 77: io_printf(f_out, "@ERROR: auth failed on module %s\n", name);
! 78: diff --git a/configure.ac b/configure.ac
! 79: --- a/configure.ac
! 80: +++ b/configure.ac
! 81: @@ -950,6 +950,31 @@ if test x"$enable_iconv" != x"no"; then
! 82: AC_DEFINE(UTF8_CHARSET, "UTF-8", [String to pass to iconv() for the UTF-8 charset.])
! 83: fi
! 84:
! 85: +AC_ARG_WITH([gssapi],
! 86: + [AS_HELP_STRING([--with-gssapi],
! 87: + [support GSSAPI authentication @<:@default=check@:>@])],
! 88: + [],
! 89: + [with_gssapi=check])
! 90: +
! 91: +AH_TEMPLATE([GSSAPI_OPTION],
! 92: +[Define if you want GSSAPI authentication. Specifing a value will set the search path.])
! 93: +
! 94: +AS_IF([test "x$with_gssapi" != xno],
! 95: + [AC_SEARCH_LIBS([gss_import_name], gss gssapi_krb5 ,
! 96: + [AC_CHECK_HEADERS(gssapi/gssapi_generic.h gssapi/gssapi.h) ]
! 97: + [ AC_DEFINE([GSSAPI_OPTION], [1]) ]
! 98: + ,
! 99: + [if test "x$with_gssapi" = xcheck; then
! 100: + AC_MSG_FAILURE(
! 101: + [--with-gssapi was given, but test for function failed])
! 102: + fi
! 103: + ])
! 104: + ])
! 105: +
! 106: +if test x"$enable_gssapi" != x"no"; then
! 107: + AC_DEFINE(GSSAPI_OPTION, 1)
! 108: +fi
! 109: +
! 110: AC_CACHE_CHECK([whether chown() modifies symlinks],rsync_cv_chown_modifies_symlink,[
! 111: AC_RUN_IFELSE([AC_LANG_SOURCE([[
! 112: #if HAVE_UNISTD_H
! 113: diff --git a/daemon-parm.txt b/daemon-parm.txt
! 114: --- a/daemon-parm.txt
! 115: +++ b/daemon-parm.txt
! 116: @@ -61,6 +61,7 @@ BOOL reverse_lookup True
! 117: BOOL strict_modes True
! 118: BOOL transfer_logging False
! 119: BOOL use_chroot True
! 120: +BOOL use_gssapi False
! 121: BOOL write_only False
! 122:
! 123: BOOL3 munge_symlinks Unset
! 124: diff --git a/gss-auth.c b/gss-auth.c
! 125: new file mode 100644
! 126: --- /dev/null
! 127: +++ b/gss-auth.c
! 128: @@ -0,0 +1,334 @@
! 129: +/*
! 130: + * GSSAPI authentication.
! 131: + *
! 132: + * Copyright (C) 1998-2001 Andrew Tridgell <tridge@samba.org>
! 133: + * Copyright (C) 2001-2002 Martin Pool <mbp@samba.org>
! 134: + * Copyright (C) 2002-2008 Wayne Davison
! 135: + *
! 136: + * This program is free software; you can redistribute it and/or modify
! 137: + * it under the terms of the GNU General Public License as published by
! 138: + * the Free Software Foundation; either version 3 of the License, or
! 139: + * (at your option) any later version.
! 140: + *
! 141: + * This program is distributed in the hope that it will be useful,
! 142: + * but WITHOUT ANY WARRANTY; without even the implied warranty of
! 143: + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
! 144: + * GNU General Public License for more details.
! 145: + *
! 146: + * You should have received a copy of the GNU General Public License along
! 147: + * with this program; if not, visit the http://fsf.org website.
! 148: + */
! 149: +
! 150: +#include "rsync.h"
! 151: +
! 152: +#ifdef GSSAPI_OPTION
! 153: +
! 154: +#define RSYNC_GSS_SERVICE "host"
! 155: +
! 156: +struct init_context_data {
! 157: + gss_cred_id_t initiator_cred_handle;
! 158: + gss_ctx_id_t *context_handle;
! 159: + gss_name_t target_name;
! 160: + gss_OID mech_type;
! 161: + OM_uint32 req_flags;
! 162: + OM_uint32 time_req;
! 163: + gss_channel_bindings_t input_chan_bindings;
! 164: + gss_OID *actual_mech_type;
! 165: + OM_uint32 *ret_flags;
! 166: + OM_uint32 *time_rec;
! 167: +};
! 168: +
! 169: +struct accept_context_data {
! 170: + gss_ctx_id_t *context_handle;
! 171: + gss_cred_id_t acceptor_cred_handle;
! 172: + gss_channel_bindings_t input_chan_bindings;
! 173: + gss_name_t *src_name;
! 174: + gss_OID *mech_type;
! 175: + OM_uint32 *ret_flags;
! 176: + OM_uint32 *time_rec;
! 177: + gss_cred_id_t *delegated_cred_handle;
! 178: +};
! 179: +
! 180: +int auth_gss_client(int fd, const char *host)
! 181: +{
! 182: + gss_ctx_id_t ctxt = GSS_C_NO_CONTEXT;
! 183: + gss_name_t target_name = GSS_C_NO_NAME;
! 184: + struct init_context_data cb_data;
! 185: + char *buffer;
! 186: + int status;
! 187: + OM_uint32 min_stat;
! 188: +
! 189: + buffer = new_array(char, (strlen(host) + 2 + strlen(RSYNC_GSS_SERVICE)));
! 190: +
! 191: + sprintf(buffer, "%s@%s", RSYNC_GSS_SERVICE, host);
! 192: +
! 193: + import_gss_name(&target_name, buffer, GSS_C_NT_HOSTBASED_SERVICE);
! 194: + free(buffer);
! 195: +
! 196: + cb_data.initiator_cred_handle = GSS_C_NO_CREDENTIAL;
! 197: + cb_data.context_handle = &ctxt;
! 198: + cb_data.target_name = target_name;
! 199: + cb_data.mech_type = GSS_C_NO_OID;
! 200: + cb_data.req_flags = GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG;
! 201: + cb_data.time_req = 0;
! 202: + cb_data.input_chan_bindings = GSS_C_NO_CHANNEL_BINDINGS;
! 203: + cb_data.actual_mech_type = NULL;
! 204: + cb_data.ret_flags = NULL;
! 205: + cb_data.time_rec = NULL;
! 206: +
! 207: + status = do_gss_dialog(fd, fd, 0, &cb_init_sec_context, (void *)&cb_data);
! 208: + if (ctxt != GSS_C_NO_CONTEXT)
! 209: + gss_delete_sec_context(&min_stat, &ctxt, GSS_C_NO_BUFFER);
! 210: + free_gss_name(&target_name);
! 211: +
! 212: + return status;
! 213: +}
! 214: +
! 215: +/*
! 216: + * The call back function for a gss_init_sec_context dialog
! 217: + */
! 218: +OM_uint32 cb_init_sec_context(OM_uint32 *min_statp, gss_buffer_t in_token, gss_buffer_t out_token, void *cb_data)
! 219: +{
! 220: + struct init_context_data *context_data;
! 221: +
! 222: + context_data = (struct init_context_data *) cb_data;
! 223: + return gss_init_sec_context(min_statp, context_data->initiator_cred_handle, context_data->context_handle, context_data->target_name, context_data->mech_type, context_data->req_flags, context_data->time_req, context_data->input_chan_bindings, in_token, context_data->actual_mech_type, out_token, context_data->ret_flags, context_data->time_rec);
! 224: +}
! 225: +
! 226: +/* Possibly negotiate authentication with the client. Use "leader" to
! 227: + * start off the auth if necessary.
! 228: + *
! 229: + * Return NULL if authentication failed. Return "" if anonymous access.
! 230: + * Otherwise return username.
! 231: + */
! 232: +char *auth_gss_server(int fd_in, int fd_out, int module, const char *host, const char *addr, const char *leader)
! 233: +{
! 234: + struct accept_context_data cb_data;
! 235: + gss_cred_id_t server_creds = GSS_C_NO_CREDENTIAL;
! 236: + gss_ctx_id_t context = GSS_C_NO_CONTEXT;
! 237: + OM_uint32 ret_flags;
! 238: + char *users = lp_auth_users(module);
! 239: + OM_uint32 maj_stat, min_stat;
! 240: + gss_name_t server_name = GSS_C_NO_NAME;
! 241: + gss_name_t client_name = GSS_C_NO_NAME;
! 242: + gss_OID doid = GSS_C_NO_OID;
! 243: + char *user = NULL;
! 244: +
! 245: + /* if no auth list then allow anyone in! */
! 246: + if (!users || !*users)
! 247: + return "";
! 248: +
! 249: + import_gss_name(&server_name, "host", GSS_C_NT_HOSTBASED_SERVICE);
! 250: +
! 251: + maj_stat = gss_acquire_cred(&min_stat, server_name, GSS_C_INDEFINITE, GSS_C_NULL_OID_SET, GSS_C_ACCEPT, &server_creds, NULL, NULL);
! 252: + if (maj_stat != GSS_S_COMPLETE) {
! 253: + error_gss(maj_stat, min_stat, "error acquiring credentials on module %s from %s (%s)", lp_name(module), host, addr);
! 254: + return NULL;
! 255: + }
! 256: +
! 257: + io_printf(fd_out, "%s\n", leader);
! 258: +
! 259: + cb_data.context_handle = &context;
! 260: + cb_data.acceptor_cred_handle = server_creds;
! 261: + cb_data.input_chan_bindings = GSS_C_NO_CHANNEL_BINDINGS;
! 262: + cb_data.src_name = &client_name;
! 263: + cb_data.mech_type = &doid;
! 264: + cb_data.ret_flags = &ret_flags;
! 265: + cb_data.time_rec = NULL;
! 266: + cb_data.delegated_cred_handle = NULL;
! 267: +
! 268: + if (do_gss_dialog(fd_in, fd_out, -1, &cb_accept_sec_context, (void *)&cb_data) < 0)
! 269: + return NULL;
! 270: +
! 271: + user = get_cn(client_name, doid);
! 272: +
! 273: + free_gss_name(&server_name);
! 274: + free_gss_name(&client_name);
! 275: +
! 276: + return user;
! 277: +}
! 278: +
! 279: +/*
! 280: + * The call back function for a gss_accept_sec_context dialog
! 281: + */
! 282: +OM_uint32 cb_accept_sec_context(OM_uint32 *min_statp, gss_buffer_t in_token, gss_buffer_t out_token, void *cb_data)
! 283: +{
! 284: + struct accept_context_data *context_data;
! 285: +
! 286: + context_data = (struct accept_context_data *) cb_data;
! 287: + return gss_accept_sec_context(min_statp, context_data->context_handle, context_data->acceptor_cred_handle, in_token, context_data->input_chan_bindings, context_data->src_name, context_data->mech_type, out_token, context_data->ret_flags, context_data->time_rec, context_data->delegated_cred_handle);
! 288: +}
! 289: +
! 290: +void free_gss_buffer(gss_buffer_t gss_buffer)
! 291: +{
! 292: + OM_uint32 maj_stat, min_stat;
! 293: +
! 294: + if (gss_buffer->length > 0) {
! 295: + maj_stat = gss_release_buffer(&min_stat, gss_buffer);
! 296: + if (maj_stat != GSS_S_COMPLETE) {
! 297: + error_gss(maj_stat, min_stat, "can't release a buffer");
! 298: + }
! 299: + }
! 300: +}
! 301: +
! 302: +void free_gss_name(gss_name_t *gss_buffer)
! 303: +{
! 304: + OM_uint32 maj_stat, min_stat;
! 305: +
! 306: + if (*gss_buffer != GSS_C_NO_NAME) {
! 307: + maj_stat = gss_release_name(&min_stat, gss_buffer);
! 308: + if (maj_stat != GSS_S_COMPLETE) {
! 309: + error_gss(maj_stat, min_stat, "can't release a name");
! 310: + }
! 311: + }
! 312: +}
! 313: +
! 314: +void import_gss_name(gss_name_t *gss_name, const char *name, gss_OID type)
! 315: +{
! 316: + gss_buffer_desc gssname;
! 317: + OM_uint32 maj_stat, min_stat;
! 318: +
! 319: + gssname.value = strdup(name);
! 320: + gssname.length = strlen(name) +1 ;
! 321: +
! 322: + maj_stat = gss_import_name(&min_stat, &gssname, type, gss_name);
! 323: +
! 324: + if (maj_stat != GSS_S_COMPLETE)
! 325: + error_gss(maj_stat, min_stat, "can't resolve %s", name);
! 326: +
! 327: + free_gss_buffer(&gssname);
! 328: +}
! 329: +
! 330: +char *export_name(const gss_name_t input_name)
! 331: +{
! 332: + OM_uint32 maj_stat, min_stat;
! 333: + gss_buffer_desc exported_name;
! 334: + char *exported;
! 335: + gss_OID name_oid;
! 336: +
! 337: + exported = NULL;
! 338: +
! 339: + maj_stat = gss_display_name(&min_stat, input_name, &exported_name, &name_oid);
! 340: + if (maj_stat != GSS_S_COMPLETE) {
! 341: + error_gss(maj_stat, min_stat, "can't get display name");
! 342: + return NULL;
! 343: + }
! 344: +
! 345: + if (exported_name.length > 0)
! 346: + exported = strdup(exported_name.value);
! 347: +
! 348: + free_gss_buffer(&exported_name);
! 349: +
! 350: + return exported;
! 351: +}
! 352: +
! 353: +void error_gss(OM_uint32 major, OM_uint32 minor, const char *format, ...)
! 354: +{
! 355: + OM_uint32 min_stat;
! 356: + gss_buffer_desc gss_msg = GSS_C_EMPTY_BUFFER;
! 357: + OM_uint32 msg_ctx;
! 358: + va_list ap;
! 359: + char message[BIGPATHBUFLEN];
! 360: +
! 361: + va_start(ap, format);
! 362: + vsnprintf(message, sizeof message, format, ap);
! 363: + va_end(ap);
! 364: +
! 365: + msg_ctx = 0;
! 366: + if (major != GSS_S_FAILURE) /* Don't print unspecified failure, the message is useless */
! 367: + do {
! 368: + gss_display_status(&min_stat, major, GSS_C_GSS_CODE, GSS_C_NULL_OID, &msg_ctx, &gss_msg);
! 369: + rprintf(FERROR, "GSS-API error: %s: %s\n", message, (char *) gss_msg.value);
! 370: + free_gss_buffer(&gss_msg);
! 371: + } while (msg_ctx != 0);
! 372: +
! 373: + if (minor != 0) {
! 374: + do {
! 375: + gss_display_status(&min_stat, minor, GSS_C_MECH_CODE, GSS_C_NULL_OID, &msg_ctx, &gss_msg);
! 376: + rprintf(FERROR, "GSS-API error: %s: %s\n",message, (char *) gss_msg.value);
! 377: + free_gss_buffer(&gss_msg);
! 378: + } while (msg_ctx != 0);
! 379: + }
! 380: +}
! 381: +
! 382: +/*
! 383: + * This function manage a gss dialog
! 384: + * gss tokens are eaten by a call-back function and then send by this function.
! 385: + * Argument to this function can be passed throught the cb_data argument
! 386: + * When told to act as a server, it just begin to wait for a first token before beginning operation
! 387: + * on it
! 388: + */
! 389: +int do_gss_dialog(int fd_in, int fd_out, int isServer, OM_uint32 (*eat_token)(OM_uint32 *,gss_buffer_t, gss_buffer_t, void *), void *cb_data)
! 390: +{
! 391: + OM_uint32 maj_stat, min_stat;
! 392: + gss_buffer_desc in_token = GSS_C_EMPTY_BUFFER;
! 393: + gss_buffer_desc out_token = GSS_C_EMPTY_BUFFER;
! 394: +
! 395: + if (isServer)
! 396: + recv_gss_token(fd_in, &in_token);
! 397: +
! 398: + do {
! 399: + maj_stat = (*eat_token)(&min_stat, &in_token, &out_token, cb_data);
! 400: + free_gss_buffer(&in_token);
! 401: + if (maj_stat != GSS_S_COMPLETE
! 402: + && maj_stat != GSS_S_CONTINUE_NEEDED) {
! 403: + error_gss(maj_stat, min_stat, "error during dialog");
! 404: + return -1;
! 405: + }
! 406: +
! 407: + if (out_token.length != 0) {
! 408: + send_gss_token(fd_out, &out_token);
! 409: + }
! 410: + free_gss_buffer(&out_token);
! 411: +
! 412: + if (maj_stat == GSS_S_CONTINUE_NEEDED) {
! 413: + recv_gss_token(fd_in, &in_token);
! 414: + }
! 415: + } while (maj_stat == GSS_S_CONTINUE_NEEDED);
! 416: +
! 417: + return 0;
! 418: +}
! 419: +
! 420: +char *get_cn(const gss_name_t input_name, const gss_OID mech_type)
! 421: +{
! 422: + OM_uint32 maj_stat, min_stat;
! 423: + gss_name_t output_name;
! 424: + gss_buffer_desc exported_name;
! 425: + char *cn;
! 426: +
! 427: + cn = NULL;
! 428: + maj_stat = gss_canonicalize_name(&min_stat, input_name, mech_type, &output_name);
! 429: + if (maj_stat != GSS_S_COMPLETE) {
! 430: + error_gss(maj_stat, min_stat, "canonizing name");
! 431: + return NULL;
! 432: + }
! 433: +
! 434: + maj_stat = gss_export_name(&min_stat, output_name, &exported_name);
! 435: + if (maj_stat != GSS_S_COMPLETE) {
! 436: + error_gss(maj_stat, min_stat, "canonizing name");
! 437: + return NULL;
! 438: + }
! 439: + if (exported_name.length > 0)
! 440: + cn = strdup(exported_name.value);
! 441: +
! 442: + free_gss_name(&output_name);
! 443: + free_gss_buffer(&exported_name);
! 444: +
! 445: + return cn;
! 446: +}
! 447: +
! 448: +void send_gss_token(int fd, gss_buffer_t token)
! 449: +{
! 450: + write_int(fd, token->length);
! 451: + write_buf(fd, token->value, token->length);
! 452: +}
! 453: +
! 454: +void recv_gss_token(int fd, gss_buffer_t token)
! 455: +{
! 456: + token->length = read_int(fd);
! 457: + if (token->length > 0) {
! 458: + token->value = new_array(char, token->length);
! 459: + read_buf(fd, token->value, token->length);
! 460: + }
! 461: +}
! 462: +#endif /* GSSAPI_OPTION */
! 463: diff --git a/main.c b/main.c
! 464: --- a/main.c
! 465: +++ b/main.c
! 466: @@ -1572,7 +1572,7 @@ static int start_client(int argc, char *argv[])
! 467: * remote shell command, we need to do the RSYNCD protocol first */
! 468: if (daemon_connection) {
! 469: int tmpret;
! 470: - tmpret = start_inband_exchange(f_in, f_out, shell_user, remote_argc, remote_argv);
! 471: + tmpret = start_inband_exchange(f_in, f_out, shell_user, shell_machine, remote_argc, remote_argv);
! 472: if (tmpret < 0)
! 473: return tmpret;
! 474: }
! 475: diff --git a/rsync.h b/rsync.h
! 476: --- a/rsync.h
! 477: +++ b/rsync.h
! 478: @@ -520,6 +520,15 @@ enum delret {
! 479: #define iconv_t int
! 480: #endif
! 481:
! 482: +#ifdef GSSAPI_OPTION
! 483: +#ifdef HAVE_GSSAPI_GSSAPI_GENERIC_H
! 484: +#include <gssapi/gssapi_generic.h>
! 485: +#endif
! 486: +#ifdef HAVE_GSSAPI_GSSAPI_H
! 487: +#include <gssapi/gssapi.h>
! 488: +#endif
! 489: +#endif
! 490: +
! 491: #include <assert.h>
! 492:
! 493: #include "lib/pool_alloc.h"
! 494: diff -Nurp a/config.h.in b/config.h.in
! 495: --- a/config.h.in
! 496: +++ b/config.h.in
! 497: @@ -36,6 +36,10 @@
! 498: /* Define to 1 if the `getpgrp' function requires zero arguments. */
! 499: #undef GETPGRP_VOID
! 500:
! 501: +/* Define if you want GSSAPI authentication. Specifing a value will set the
! 502: + search path. */
! 503: +#undef GSSAPI_OPTION
! 504: +
! 505: /* Define to 1 if you have the `aclsort' function. */
! 506: #undef HAVE_ACLSORT
! 507:
! 508: @@ -177,6 +181,12 @@
! 509: /* Define to 1 if you have the <grp.h> header file. */
! 510: #undef HAVE_GRP_H
! 511:
! 512: +/* Define to 1 if you have the <gssapi/gssapi_generic.h> header file. */
! 513: +#undef HAVE_GSSAPI_GSSAPI_GENERIC_H
! 514: +
! 515: +/* Define to 1 if you have the <gssapi/gssapi.h> header file. */
! 516: +#undef HAVE_GSSAPI_GSSAPI_H
! 517: +
! 518: /* true if you have HPUX ACLs */
! 519: #undef HAVE_HPUX_ACLS
! 520:
! 521: diff -Nurp a/configure.sh b/configure.sh
! 522: --- a/configure.sh
! 523: +++ b/configure.sh
! 524: @@ -731,6 +731,7 @@ enable_zstd
! 525: enable_lz4
! 526: enable_iconv_open
! 527: enable_iconv
! 528: +with_gssapi
! 529: enable_acl_support
! 530: enable_xattr_support
! 531: '
! 532: @@ -1402,6 +1403,7 @@ Optional Packages:
! 533: --with-nobody-group=GROUP
! 534: set the default unprivileged group (default nobody
! 535: or nogroup)
! 536: + --with-gssapi support GSSAPI authentication [default=check]
! 537:
! 538: Some influential environment variables:
! 539: CC C compiler command
! 540: @@ -9003,6 +9005,105 @@ $as_echo "#define UTF8_CHARSET \"UTF-8\"
! 541:
! 542: fi
! 543:
! 544: +
! 545: +# Check whether --with-gssapi was given.
! 546: +if test "${with_gssapi+set}" = set; then :
! 547: + withval=$with_gssapi;
! 548: +else
! 549: + with_gssapi=check
! 550: +fi
! 551: +
! 552: +
! 553: +
! 554: +
! 555: +if test "x$with_gssapi" != xno; then :
! 556: + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing gss_import_name" >&5
! 557: +$as_echo_n "checking for library containing gss_import_name... " >&6; }
! 558: +if ${ac_cv_search_gss_import_name+:} false; then :
! 559: + $as_echo_n "(cached) " >&6
! 560: +else
! 561: + ac_func_search_save_LIBS=$LIBS
! 562: +cat confdefs.h - <<_ACEOF >conftest.$ac_ext
! 563: +/* end confdefs.h. */
! 564: +
! 565: +/* Override any GCC internal prototype to avoid an error.
! 566: + Use char because int might match the return type of a GCC
! 567: + builtin and then its argument prototype would still apply. */
! 568: +#ifdef __cplusplus
! 569: +extern "C"
! 570: +#endif
! 571: +char gss_import_name ();
! 572: +int
! 573: +main ()
! 574: +{
! 575: +return gss_import_name ();
! 576: + ;
! 577: + return 0;
! 578: +}
! 579: +_ACEOF
! 580: +for ac_lib in '' gss gssapi_krb5 ; do
! 581: + if test -z "$ac_lib"; then
! 582: + ac_res="none required"
! 583: + else
! 584: + ac_res=-l$ac_lib
! 585: + LIBS="-l$ac_lib $ac_func_search_save_LIBS"
! 586: + fi
! 587: + if ac_fn_c_try_link "$LINENO"; then :
! 588: + ac_cv_search_gss_import_name=$ac_res
! 589: +fi
! 590: +rm -f core conftest.err conftest.$ac_objext \
! 591: + conftest$ac_exeext
! 592: + if ${ac_cv_search_gss_import_name+:} false; then :
! 593: + break
! 594: +fi
! 595: +done
! 596: +if ${ac_cv_search_gss_import_name+:} false; then :
! 597: +
! 598: +else
! 599: + ac_cv_search_gss_import_name=no
! 600: +fi
! 601: +rm conftest.$ac_ext
! 602: +LIBS=$ac_func_search_save_LIBS
! 603: +fi
! 604: +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_gss_import_name" >&5
! 605: +$as_echo "$ac_cv_search_gss_import_name" >&6; }
! 606: +ac_res=$ac_cv_search_gss_import_name
! 607: +if test "$ac_res" != no; then :
! 608: + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
! 609: + for ac_header in gssapi/gssapi_generic.h gssapi/gssapi.h
! 610: +do :
! 611: + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
! 612: +ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
! 613: +if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
! 614: + cat >>confdefs.h <<_ACEOF
! 615: +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
! 616: +_ACEOF
! 617: +
! 618: +fi
! 619: +
! 620: +done
! 621: +
! 622: + $as_echo "#define GSSAPI_OPTION 1" >>confdefs.h
! 623: +
! 624: +
! 625: +else
! 626: + if test "x$with_gssapi" = xcheck; then
! 627: + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
! 628: +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
! 629: +as_fn_error $? "--with-gssapi was given, but test for function failed
! 630: +See \`config.log' for more details" "$LINENO" 5; }
! 631: + fi
! 632: +
! 633: +fi
! 634: +
! 635: +
! 636: +fi
! 637: +
! 638: +if test x"$enable_gssapi" != x"no"; then
! 639: + $as_echo "#define GSSAPI_OPTION 1" >>confdefs.h
! 640: +
! 641: +fi
! 642: +
! 643: { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether chown() modifies symlinks" >&5
! 644: $as_echo_n "checking whether chown() modifies symlinks... " >&6; }
! 645: if ${rsync_cv_chown_modifies_symlink+:} false; then :
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to kerberos.diff CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / rsync / patches