bug-cvs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] move GSSAPI parts of client (and partially server) to separa


From: Derek Robert Price
Subject: Re: [PATCH] move GSSAPI parts of client (and partially server) to separate file
Date: Wed, 30 Apr 2003 10:47:18 -0400
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.2) Gecko/20030208 Netscape/7.02

Anyone have any opinions on the four reorganization patches Alexey Mahotkin has sent? I'll probably check them in soon, provided I can get them to work, if not. Patch 2 included.

Derek

Alexey Mahotkin wrote:

[ NOTE: even if you do not like that patch, you will probably want to apply
the very first change, which replaces "yes" with "xyes".  This is a real
bug in configure, though small one. ]


This patch depends on previous one.


2003-04-24  Alexey Mahotkin  <address@hidden>


Move GSSAPI client stuff to gssapi-client.[ch]


acinclude.m4 | 4 configure | 8 + configure.in | 3 src/Makefile.am | 5 src/Makefile.in | 51 ++++----
src/client.c        |  163 ---------------------------
src/client.h        |   15 --
src/gssapi-client.c |  305 ++++++++++++++++++++++++++++++++++++++++++++++++++++
src/gssapi-client.h |   32 +++++
src/server.c        |  135 -----------------------
10 files changed, 387 insertions(+), 334 deletions(-)

--- ccvs/acinclude.m4~gssapi-client     Thu Apr 24 02:34:58 2003
+++ ccvs-alexm/acinclude.m4     Thu Apr 24 02:34:58 2003
@@ -85,7 +85,7 @@ AC_MSG_RESULT([$acx_gssapi_cv_gssapi])
# Set up GSSAPI includes for later use.  We don't bother to check for
# $acx_gssapi_cv_gssapi=no here since that will be caught later.
#
-if test x$acx_gssapi_cv_gssapi = yes; then
+if test x$acx_gssapi_cv_gssapi = xyes; then
  # no special includes necessary
  GSSAPI_INCLUDES=""
else
@@ -101,6 +101,8 @@ if test x$acx_gssapi_cv_gssapi != xno; t
  AC_DEFINE([HAVE_GSSAPI], ,
[Define if you have GSSAPI with Kerberos version 5 available.])
  includeopt=$includeopt$GSSAPI_INCLUDES
+
+  client_objects="$client_objects gssapi-client.o"

  # locate any other headers
  acx_gssapi_save_CPPFLAGS=$CPPFLAGS
--- ccvs/configure~gssapi-client        Thu Apr 24 02:34:58 2003
+++ ccvs-alexm/configure        Thu Apr 24 02:39:25 2003
@@ -7131,6 +7131,9 @@ fi



+
+
+
KRB4=/usr/kerberos


@@ -8024,7 +8027,7 @@ echo "${ECHO_T}$acx_gssapi_cv_gssapi" >&
# Set up GSSAPI includes for later use.  We don't bother to check for
# $acx_gssapi_cv_gssapi=no here since that will be caught later.
#
-if test x$acx_gssapi_cv_gssapi = yes; then
+if test x$acx_gssapi_cv_gssapi = xyes; then
  # no special includes necessary
  GSSAPI_INCLUDES=""
else
@@ -8044,6 +8047,8 @@ _ACEOF

  includeopt=$includeopt$GSSAPI_INCLUDES

+  client_objects="$client_objects gssapi-client.o"
+
  # locate any other headers
  acx_gssapi_save_CPPFLAGS=$CPPFLAGS
  CPPFLAGS=$CPPFLAGS$GSSAPI_INCLUDES
@@ -10835,6 +10840,7 @@ s,@MAKE_TARGETS_IN_VPATH_TRUE@,$MAKE_TAR
s,@MAKE_TARGETS_IN_VPATH_FALSE@,$MAKE_TARGETS_IN_VPATH_FALSE,;t t
s,@LIBOBJS@,$LIBOBJS,;t t
s,@HAVE_PUTENV@,$HAVE_PUTENV,;t t
+s,@client_objects@,$client_objects,;t t
s,@KRB4@,$KRB4,;t t
s,@includeopt@,$includeopt,;t t
s,@with_default_rsh@,$with_default_rsh,;t t
--- ccvs/configure.in~gssapi-client     Thu Apr 24 02:34:58 2003
+++ ccvs-alexm/configure.in     Thu Apr 24 02:34:58 2003
@@ -312,6 +312,9 @@ dnl just added libnsl above if we found AC_SEARCH_LIBS(gethostbyname, netinet)


+AC_SUBST(client_objects)
+
+
dnl
dnl begin --with-*
dnl
--- ccvs/src/client.c~gssapi-client     Thu Apr 24 02:34:58 2003
+++ ccvs-alexm/src/client.c     Thu Apr 24 02:34:58 2003
@@ -28,6 +28,8 @@

#include "socket-client.h"

+#include "gssapi-client.h"
+
# if HAVE_KERBEROS

#   include <krb.h>
@@ -43,17 +45,6 @@ static Key_schedule sched;

# endif /* HAVE_KERBEROS */

-# ifdef HAVE_GSSAPI
-
-#   include "xgssapi.h"
-
-/* This is needed for GSSAPI encryption.  */
-static gss_ctx_id_t gcontext;
-
-static int connect_to_gserver PROTO((cvsroot_t *, int, struct hostent *));
-
-# endif /* HAVE_GSSAPI */
-
static void add_prune_candidate PROTO((char *));

/* All the commands.  */
@@ -3969,156 +3960,6 @@ start_tcp_server (root, to_server, from_

#endif /* HAVE_KERBEROS */

-#ifdef HAVE_GSSAPI
-
-/* Receive a given number of bytes.  */
-
-static void
-recv_bytes (sock, buf, need)
-     int sock;
-     char *buf;
-     int need;
-{
-    while (need > 0)
-    {
-       int got;
-
-       got = recv (sock, buf, need, 0);
-       if (got <= 0)
-           error (1, 0, "recv() from server %s: %s", 
current_parsed_root->hostname,
-                  got == 0 ? "EOF" : SOCK_STRERROR (SOCK_ERRNO));
-
-       buf += got;
-       need -= got;
-    }
-}
-
-/* Connect to the server using GSSAPI authentication.  */
-
-/* FIXME
- *
- * This really needs to be rewritten to use a buffer and not a socket.
- * This would enable gserver to work with the SSL code I'm about to commit
- * since the SSL connection is going to look like a FIFO and not a socket.
- *
- * I think, basically, it will need to use buf_output and buf_read directly
- * since I don't think there is a read_bytes function - only read_line.
- *
- * recv_bytes could then be removed too.
- *
- * Besides, I added some cruft to reenable the socket which shouldn't be
- * there.  This would also enable its removal.
- */
-#define BUFSIZE 1024
-static int
-connect_to_gserver (root, sock, hostinfo)
-    cvsroot_t *root;
-    int sock;
-    struct hostent *hostinfo;
-{
-    char *str;
-    char buf[BUFSIZE];
-    gss_buffer_desc *tok_in_ptr, tok_in, tok_out;
-    OM_uint32 stat_min, stat_maj;
-    gss_name_t server_name;
-
-    str = "BEGIN GSSAPI REQUEST\012";
-
-    if (send (sock, str, strlen (str), 0) < 0)
-       error (1, 0, "cannot send: %s", SOCK_STRERROR (SOCK_ERRNO));
-
-    if (strlen (hostinfo->h_name) > BUFSIZE - 5)
-       error (1, 0, "Internal error: hostname exceeds length of buffer");
-    sprintf (buf, "address@hidden", hostinfo->h_name);
-    tok_in.length = strlen (buf);
-    tok_in.value = buf;
-    gss_import_name (&stat_min, &tok_in, GSS_C_NT_HOSTBASED_SERVICE,
-                    &server_name);
-
-    tok_in_ptr = GSS_C_NO_BUFFER;
-    gcontext = GSS_C_NO_CONTEXT;
-
-    do
-    {
-       stat_maj = gss_init_sec_context (&stat_min, GSS_C_NO_CREDENTIAL,
-                                        &gcontext, server_name,
-                                        GSS_C_NULL_OID,
-                                        (GSS_C_MUTUAL_FLAG
-                                         | GSS_C_REPLAY_FLAG),
-                                        0, NULL, tok_in_ptr, NULL, &tok_out,
-                                        NULL, NULL);
-       if (stat_maj != GSS_S_COMPLETE && stat_maj != GSS_S_CONTINUE_NEEDED)
-       {
-           OM_uint32 message_context;
-           OM_uint32 new_stat_min;
-
-           message_context = 0;
-           gss_display_status (&new_stat_min, stat_maj, GSS_C_GSS_CODE,
-                                GSS_C_NULL_OID, &message_context, &tok_out);
-           error (0, 0, "GSSAPI authentication failed: %s",
-                  (char *) tok_out.value);
-
-           message_context = 0;
-           gss_display_status (&new_stat_min, stat_min, GSS_C_MECH_CODE,
-                               GSS_C_NULL_OID, &message_context, &tok_out);
-           error (1, 0, "GSSAPI authentication failed: %s",
-                  (char *) tok_out.value);
-       }
-
-       if (tok_out.length == 0)
-       {
-           tok_in.length = 0;
-       }
-       else
-       {
-           char cbuf[2];
-           int need;
-
-           cbuf[0] = (tok_out.length >> 8) & 0xff;
-           cbuf[1] = tok_out.length & 0xff;
-           if (send (sock, cbuf, 2, 0) < 0)
-               error (1, 0, "cannot send: %s", SOCK_STRERROR (SOCK_ERRNO));
-           if (send (sock, tok_out.value, tok_out.length, 0) < 0)
-               error (1, 0, "cannot send: %s", SOCK_STRERROR (SOCK_ERRNO));
-
-           recv_bytes (sock, cbuf, 2);
-           need = ((cbuf[0] & 0xff) << 8) | (cbuf[1] & 0xff);
-
-           if (need > sizeof buf)
-           {
-               int got;
-
-               /* This usually means that the server sent us an error
-                  message.  Read it byte by byte and print it out.
-                  FIXME: This is a terrible error handling strategy.
-                  However, even if we fix the server, we will still
-                  want to do this to work with older servers.  */
-               buf[0] = cbuf[0];
-               buf[1] = cbuf[1];
-               got = recv (sock, buf + 2, sizeof buf - 2, 0);
-               if (got < 0)
-                   error (1, 0, "recv() from server %s: %s",
-                          root->hostname, SOCK_STRERROR (SOCK_ERRNO));
-               buf[got + 2] = '\0';
-               if (buf[got + 1] == '\n')
-                   buf[got + 1] = '\0';
-               error (1, 0, "error from server %s: %s", root->hostname,
-                      buf);
-           }
-
-           recv_bytes (sock, buf, need);
-           tok_in.length = need;
-       }
-
-       tok_in.value = buf;
-       tok_in_ptr = &tok_in;
-    }
-    while (stat_maj == GSS_S_CONTINUE_NEEDED);
-
-    return 1;
-}
-
-#endif /* HAVE_GSSAPI */

static int send_variable_proc PROTO ((Node *, void *));

--- ccvs/src/client.h~gssapi-client     Thu Apr 24 02:34:58 2003
+++ ccvs-alexm/src/client.h     Thu Apr 24 02:34:58 2003
@@ -29,22 +29,7 @@ extern struct buffer *krb_encrypt_buffer

#   endif /* HAVE_KERBEROS */

-#   ifdef HAVE_GSSAPI
-
-/* Set this to turn on GSSAPI encryption.  */
-extern int cvs_gssapi_encrypt;
-
-#   endif /* HAVE_GSSAPI */
-
# endif /* ENCRYPTION */
-
-# ifdef HAVE_GSSAPI
-
-/* We can't declare the arguments without including gssapi.h, and I
-   don't want to do that in every file.  */
-extern struct buffer *cvs_gssapi_wrap_buffer_initialize ();
-
-# endif /* HAVE_GSSAPI */

#endif /* defined (CLIENT_SUPPORT) || defined (SERVER_SUPPORT) */

--- /dev/null   Wed Jan  1 02:48:46 2003
+++ ccvs-alexm/src/gssapi-client.c      Thu Apr 24 02:42:34 2003
@@ -0,0 +1,305 @@
+/* CVS GSSAPI client stuff.
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2, or (at your option)
+   any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.  */
+
+
+#include <config.h>
+
+#include "cvs.h"
+
+#include "buffer.h"
+#include "socket-client.h"
+#include "gssapi-client.h"
+
+/* This is needed for GSSAPI encryption.  */
+gss_ctx_id_t gcontext;
+
+#   ifdef ENCRYPTION
+/* Whether to encrypt GSSAPI communication.  We use a global variable
+   like this because we use the same buffer type (gssapi_wrap) to
+   handle both authentication and encryption, and we don't want
+   multiple instances of that buffer in the communication stream.  */
+int cvs_gssapi_encrypt;
+#   endif
+
+
+#ifdef HAVE_GSSAPI
+
+/* Receive a given number of bytes.  */
+
+static void
+recv_bytes (sock, buf, need)
+     int sock;
+     char *buf;
+     int need;
+{
+    while (need > 0)
+    {
+       int got;
+
+       got = recv (sock, buf, need, 0);
+       if (got <= 0)
+           error (1, 0, "recv() from server %s: %s", 
current_parsed_root->hostname,
+                  got == 0 ? "EOF" : SOCK_STRERROR (SOCK_ERRNO));
+
+       buf += got;
+       need -= got;
+    }
+}
+
+/* Connect to the server using GSSAPI authentication.  */
+
+/* FIXME
+ *
+ * This really needs to be rewritten to use a buffer and not a socket.
+ * This would enable gserver to work with the SSL code I'm about to commit
+ * since the SSL connection is going to look like a FIFO and not a socket.
+ *
+ * I think, basically, it will need to use buf_output and buf_read directly
+ * since I don't think there is a read_bytes function - only read_line.
+ *
+ * recv_bytes could then be removed too.
+ *
+ * Besides, I added some cruft to reenable the socket which shouldn't be
+ * there.  This would also enable its removal.
+ */
+#define BUFSIZE 1024
+int
+connect_to_gserver (root, sock, hostinfo)
+    cvsroot_t *root;
+    int sock;
+    struct hostent *hostinfo;
+{
+    char *str;
+    char buf[BUFSIZE];
+    gss_buffer_desc *tok_in_ptr, tok_in, tok_out;
+    OM_uint32 stat_min, stat_maj;
+    gss_name_t server_name;
+
+    str = "BEGIN GSSAPI REQUEST\012";
+
+    if (send (sock, str, strlen (str), 0) < 0)
+       error (1, 0, "cannot send: %s", SOCK_STRERROR (SOCK_ERRNO));
+
+    if (strlen (hostinfo->h_name) > BUFSIZE - 5)
+       error (1, 0, "Internal error: hostname exceeds length of buffer");
+    sprintf (buf, "address@hidden", hostinfo->h_name);
+    tok_in.length = strlen (buf);
+    tok_in.value = buf;
+    gss_import_name (&stat_min, &tok_in, GSS_C_NT_HOSTBASED_SERVICE,
+                    &server_name);
+
+    tok_in_ptr = GSS_C_NO_BUFFER;
+    gcontext = GSS_C_NO_CONTEXT;
+
+    do
+    {
+       stat_maj = gss_init_sec_context (&stat_min, GSS_C_NO_CREDENTIAL,
+                                        &gcontext, server_name,
+                                        GSS_C_NULL_OID,
+                                        (GSS_C_MUTUAL_FLAG
+                                         | GSS_C_REPLAY_FLAG),
+                                        0, NULL, tok_in_ptr, NULL, &tok_out,
+                                        NULL, NULL);
+       if (stat_maj != GSS_S_COMPLETE && stat_maj != GSS_S_CONTINUE_NEEDED)
+       {
+           OM_uint32 message_context;
+           OM_uint32 new_stat_min;
+
+           message_context = 0;
+           gss_display_status (&new_stat_min, stat_maj, GSS_C_GSS_CODE,
+                                GSS_C_NULL_OID, &message_context, &tok_out);
+           error (0, 0, "GSSAPI authentication failed: %s",
+                  (char *) tok_out.value);
+
+           message_context = 0;
+           gss_display_status (&new_stat_min, stat_min, GSS_C_MECH_CODE,
+                               GSS_C_NULL_OID, &message_context, &tok_out);
+           error (1, 0, "GSSAPI authentication failed: %s",
+                  (char *) tok_out.value);
+       }
+
+       if (tok_out.length == 0)
+       {
+           tok_in.length = 0;
+       }
+       else
+       {
+           char cbuf[2];
+           int need;
+
+           cbuf[0] = (tok_out.length >> 8) & 0xff;
+           cbuf[1] = tok_out.length & 0xff;
+           if (send (sock, cbuf, 2, 0) < 0)
+               error (1, 0, "cannot send: %s", SOCK_STRERROR (SOCK_ERRNO));
+           if (send (sock, tok_out.value, tok_out.length, 0) < 0)
+               error (1, 0, "cannot send: %s", SOCK_STRERROR (SOCK_ERRNO));
+
+           recv_bytes (sock, cbuf, 2);
+           need = ((cbuf[0] & 0xff) << 8) | (cbuf[1] & 0xff);
+
+           if (need > sizeof buf)
+           {
+               int got;
+
+               /* This usually means that the server sent us an error
+                  message.  Read it byte by byte and print it out.
+                  FIXME: This is a terrible error handling strategy.
+                  However, even if we fix the server, we will still
+                  want to do this to work with older servers.  */
+               buf[0] = cbuf[0];
+               buf[1] = cbuf[1];
+               got = recv (sock, buf + 2, sizeof buf - 2, 0);
+               if (got < 0)
+                   error (1, 0, "recv() from server %s: %s",
+                          root->hostname, SOCK_STRERROR (SOCK_ERRNO));
+               buf[got + 2] = '\0';
+               if (buf[got + 1] == '\n')
+                   buf[got + 1] = '\0';
+               error (1, 0, "error from server %s: %s", root->hostname,
+                      buf);
+           }
+
+           recv_bytes (sock, buf, need);
+           tok_in.length = need;
+       }
+
+       tok_in.value = buf;
+       tok_in_ptr = &tok_in;
+    }
+    while (stat_maj == GSS_S_CONTINUE_NEEDED);
+
+    return 1;
+}
+
+
+/* An buffer interface using GSSAPI.  This is built on top of a
+   packetizing buffer.  */
+
+/* This structure is the closure field of the GSSAPI translation
+   routines.  */
+
+struct cvs_gssapi_wrap_data
+{
+    /* The GSSAPI context.  */
+    gss_ctx_id_t gcontext;
+};
+
+static int cvs_gssapi_wrap_input PROTO((void *, const char *, char *, int));
+static int cvs_gssapi_wrap_output PROTO((void *, const char *, char *, int,
+                                        int *));
+
+/* Create a GSSAPI wrapping buffer.  We use a packetizing buffer with
+   GSSAPI wrapping routines.  */
+
+struct buffer *
+cvs_gssapi_wrap_buffer_initialize (buf, input, gcontext, memory)
+     struct buffer *buf;
+     int input;
+     gss_ctx_id_t gcontext;
+     void (*memory) PROTO((struct buffer *));
+{
+    struct cvs_gssapi_wrap_data *gd;
+
+    gd = (struct cvs_gssapi_wrap_data *) xmalloc (sizeof *gd);
+    gd->gcontext = gcontext;
+
+    return (packetizing_buffer_initialize
+           (buf,
+            input ? cvs_gssapi_wrap_input : NULL,
+            input ? NULL : cvs_gssapi_wrap_output,
+            gd,
+            memory));
+}
+
+/* Unwrap data using GSSAPI.  */
+
+static int
+cvs_gssapi_wrap_input (fnclosure, input, output, size)
+     void *fnclosure;
+     const char *input;
+     char *output;
+     int size;
+{
+    struct cvs_gssapi_wrap_data *gd =
+       (struct cvs_gssapi_wrap_data *) fnclosure;
+    gss_buffer_desc inbuf, outbuf;
+    OM_uint32 stat_min;
+    int conf;
+
+    inbuf.value = (void *) input;
+    inbuf.length = size;
+
+    if (gss_unwrap (&stat_min, gd->gcontext, &inbuf, &outbuf, &conf, NULL)
+       != GSS_S_COMPLETE)
+    {
+       error (1, 0, "gss_unwrap failed");
+    }
+
+    if (outbuf.length > size)
+       abort ();
+
+    memcpy (output, outbuf.value, outbuf.length);
+
+    /* The real packet size is stored in the data, so we don't need to
+       remember outbuf.length.  */
+
+    gss_release_buffer (&stat_min, &outbuf);
+
+    return 0;
+}
+
+/* Wrap data using GSSAPI.  */
+
+static int
+cvs_gssapi_wrap_output (fnclosure, input, output, size, translated)
+     void *fnclosure;
+     const char *input;
+     char *output;
+     int size;
+     int *translated;
+{
+    struct cvs_gssapi_wrap_data *gd =
+       (struct cvs_gssapi_wrap_data *) fnclosure;
+    gss_buffer_desc inbuf, outbuf;
+    OM_uint32 stat_min;
+    int conf_req, conf;
+
+    inbuf.value = (void *) input;
+    inbuf.length = size;
+
+#ifdef ENCRYPTION
+    conf_req = cvs_gssapi_encrypt;
+#else
+    conf_req = 0;
+#endif
+
+    if (gss_wrap (&stat_min, gd->gcontext, conf_req, GSS_C_QOP_DEFAULT,
+                 &inbuf, &conf, &outbuf) != GSS_S_COMPLETE)
+       error (1, 0, "gss_wrap failed");
+
+    /* The packetizing buffer only permits us to add 100 bytes.
+       FIXME: I don't know what, if anything, is guaranteed by GSSAPI.
+       This may need to be increased for a different GSSAPI
+       implementation, or we may need a different algorithm.  */
+    if (outbuf.length > size + 100)
+       abort ();
+
+    memcpy (output, outbuf.value, outbuf.length);
+
+    *translated = outbuf.length;
+
+    gss_release_buffer (&stat_min, &outbuf);
+
+    return 0;
+}
+
+#endif /* HAVE_GSSAPI */
--- /dev/null   Wed Jan  1 02:48:46 2003
+++ ccvs-alexm/src/gssapi-client.h      Thu Apr 24 02:43:43 2003
@@ -0,0 +1,32 @@
+/* CVS GSSAPI client stuff.
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2, or (at your option)
+   any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.  */
+
+
+#ifndef GSSAPI_CLIENT_H__
+#define GSSAPI_CLIENT_H__
+
+#include "xgssapi.h"
+
+#include "socket-client.h"
+
+/* Set this to turn on GSSAPI encryption.  */
+extern int cvs_gssapi_encrypt;
+
+extern gss_ctx_id_t gcontext;
+
+/* We can't declare the arguments without including gssapi.h, and I
+   don't want to do that in every file.  */
+extern struct buffer *cvs_gssapi_wrap_buffer_initialize ();
+
+int connect_to_gserver PROTO((cvsroot_t *, int, struct hostent *));
+
+#endif
--- ccvs/src/Makefile.am~gssapi-client  Thu Apr 24 02:34:58 2003
+++ ccvs-alexm/src/Makefile.am  Thu Apr 24 02:34:58 2003
@@ -98,7 +98,10 @@ cvs_SOURCES = \
        update.h \
        watch.h

-cvs_LDADD = \
+EXTRA_cvs_SOURCES = gssapi-client.c gssapi-client.h
+
+cvs_DEPENDENCIES = @client_objects@
+cvs_LDADD = @client_objects@ \
        ../diff/libdiff.a \
        ../lib/libcvs.a \
        ../zlib/libz.a
--- ccvs/src/Makefile.in~gssapi-client  Thu Apr 24 02:34:58 2003
+++ ccvs-alexm/src/Makefile.in  Thu Apr 24 02:34:58 2003
@@ -104,6 +104,7 @@ VERSION = @VERSION@
YACC = @YACC@
am__include = @am__include@
am__quote = @am__quote@
+client_objects = @client_objects@
includeopt = @includeopt@
install_sh = @install_sh@
with_default_rsh = @with_default_rsh@
@@ -190,7 +191,10 @@ cvs_SOURCES = \
        watch.h


-cvs_LDADD = \
+EXTRA_cvs_SOURCES = gssapi-client.c gssapi-client.h
+
+cvs_DEPENDENCIES = @client_objects@
+cvs_LDADD = @client_objects@ \
        ../diff/libdiff.a \
        ../lib/libcvs.a \
        ../zlib/libz.a
@@ -232,7 +236,6 @@ am_cvs_OBJECTS = add.$(OBJEXT) admin.$(O
        vers_ts.$(OBJEXT) watch.$(OBJEXT) wrapper.$(OBJEXT) \
        zlib.$(OBJEXT)
cvs_OBJECTS = $(am_cvs_OBJECTS)
-cvs_DEPENDENCIES = ../diff/libdiff.a ../lib/libcvs.a ../zlib/libz.a
cvs_LDFLAGS =
SCRIPTS = $(bin_SCRIPTS)

@@ -253,34 +256,35 @@ am__depfiles_maybe = depfiles
@AMDEP_TRUE@    ./$(DEPDIR)/edit.Po ./$(DEPDIR)/entries.Po \
@AMDEP_TRUE@    ./$(DEPDIR)/error.Po ./$(DEPDIR)/expand_path.Po \
@AMDEP_TRUE@    ./$(DEPDIR)/fileattr.Po ./$(DEPDIR)/filesubr.Po \
address@hidden@ ./$(DEPDIR)/find_names.Po ./$(DEPDIR)/hardlink.Po \
address@hidden@ ./$(DEPDIR)/hash.Po ./$(DEPDIR)/history.Po \
address@hidden@ ./$(DEPDIR)/ignore.Po ./$(DEPDIR)/import.Po \
address@hidden@ ./$(DEPDIR)/lock.Po ./$(DEPDIR)/log.Po \
address@hidden@ ./$(DEPDIR)/login.Po ./$(DEPDIR)/logmsg.Po \
address@hidden@ ./$(DEPDIR)/main.Po ./$(DEPDIR)/mkmodules.Po \
address@hidden@ ./$(DEPDIR)/modules.Po ./$(DEPDIR)/myndbm.Po \
address@hidden@ ./$(DEPDIR)/no_diff.Po ./$(DEPDIR)/parseinfo.Po \
address@hidden@ ./$(DEPDIR)/patch.Po ./$(DEPDIR)/rcs.Po \
address@hidden@ ./$(DEPDIR)/rcscmds.Po ./$(DEPDIR)/recurse.Po \
address@hidden@ ./$(DEPDIR)/release.Po ./$(DEPDIR)/remove.Po \
address@hidden@ ./$(DEPDIR)/repos.Po ./$(DEPDIR)/root.Po \
address@hidden@ ./$(DEPDIR)/run.Po ./$(DEPDIR)/scramble.Po \
address@hidden@ ./$(DEPDIR)/server.Po ./$(DEPDIR)/socket-client.Po \
address@hidden@ ./$(DEPDIR)/status.Po ./$(DEPDIR)/subr.Po \
address@hidden@ ./$(DEPDIR)/tag.Po ./$(DEPDIR)/update.Po \
address@hidden@ ./$(DEPDIR)/vers_ts.Po ./$(DEPDIR)/version.Po \
address@hidden@ ./$(DEPDIR)/watch.Po ./$(DEPDIR)/wrapper.Po \
address@hidden@ ./$(DEPDIR)/zlib.Po
address@hidden@ ./$(DEPDIR)/find_names.Po \
address@hidden@ ./$(DEPDIR)/gssapi-client.Po \
address@hidden@ ./$(DEPDIR)/hardlink.Po ./$(DEPDIR)/hash.Po \
address@hidden@ ./$(DEPDIR)/history.Po ./$(DEPDIR)/ignore.Po \
address@hidden@ ./$(DEPDIR)/import.Po ./$(DEPDIR)/lock.Po \
address@hidden@ ./$(DEPDIR)/log.Po ./$(DEPDIR)/login.Po \
address@hidden@ ./$(DEPDIR)/logmsg.Po ./$(DEPDIR)/main.Po \
address@hidden@ ./$(DEPDIR)/mkmodules.Po ./$(DEPDIR)/modules.Po \
address@hidden@ ./$(DEPDIR)/myndbm.Po ./$(DEPDIR)/no_diff.Po \
address@hidden@ ./$(DEPDIR)/parseinfo.Po ./$(DEPDIR)/patch.Po \
address@hidden@ ./$(DEPDIR)/rcs.Po ./$(DEPDIR)/rcscmds.Po \
address@hidden@ ./$(DEPDIR)/recurse.Po ./$(DEPDIR)/release.Po \
address@hidden@ ./$(DEPDIR)/remove.Po ./$(DEPDIR)/repos.Po \
address@hidden@ ./$(DEPDIR)/root.Po ./$(DEPDIR)/run.Po \
address@hidden@ ./$(DEPDIR)/scramble.Po ./$(DEPDIR)/server.Po \
address@hidden@ ./$(DEPDIR)/socket-client.Po ./$(DEPDIR)/status.Po \
address@hidden@ ./$(DEPDIR)/subr.Po ./$(DEPDIR)/tag.Po \
address@hidden@ ./$(DEPDIR)/update.Po ./$(DEPDIR)/vers_ts.Po \
address@hidden@ ./$(DEPDIR)/version.Po ./$(DEPDIR)/watch.Po \
address@hidden@ ./$(DEPDIR)/wrapper.Po ./$(DEPDIR)/zlib.Po
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
        $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
CCLD = $(CC)
LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
CFLAGS = @CFLAGS@
-DIST_SOURCES = $(cvs_SOURCES)
+DIST_SOURCES = $(cvs_SOURCES) $(EXTRA_cvs_SOURCES)
DIST_COMMON = ChangeLog Makefile.am Makefile.in cvsbug.in \
        sanity.config.sh.in
-SOURCES = $(cvs_SOURCES)
+SOURCES = $(cvs_SOURCES) $(EXTRA_cvs_SOURCES)

all: all-am

@@ -368,6 +372,7 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @address@hidden/$(DEPDIR)/address@hidden@
@AMDEP_TRUE@@am__include@ @address@hidden/$(DEPDIR)/address@hidden@
@AMDEP_TRUE@@am__include@ @address@hidden/$(DEPDIR)/address@hidden@
address@hidden@@am__include@ @address@hidden/$(DEPDIR)/address@hidden@
@AMDEP_TRUE@@am__include@ @address@hidden/$(DEPDIR)/address@hidden@
@AMDEP_TRUE@@am__include@ @address@hidden/$(DEPDIR)/address@hidden@
@AMDEP_TRUE@@am__include@ @address@hidden/$(DEPDIR)/address@hidden@
--- ccvs/src/server.c~gssapi-client     Thu Apr 24 02:34:58 2003
+++ ccvs-alexm/src/server.c     Thu Apr 24 02:42:26 2003
@@ -17,6 +17,9 @@
#include "buffer.h"

#if defined(SERVER_SUPPORT) || defined(CLIENT_SUPPORT)
+
+#include "gssapi-client.h"
+
# ifdef HAVE_GSSAPI
/* This stuff isn't included solely with SERVER_SUPPORT since some of these
 * functions (encryption & the like) get compiled with or without server
@@ -38,13 +41,6 @@ static void gserver_authenticate_connect
/* Whether we are already wrapping GSSAPI communication.  */
static int cvs_gssapi_wrapping;

-#   ifdef ENCRYPTION
-/* Whether to encrypt GSSAPI communication.  We use a global variable
-   like this because we use the same buffer type (gssapi_wrap) to
-   handle both authentication and encryption, and we don't want
-   multiple instances of that buffer in the communication stream.  */
-int cvs_gssapi_encrypt;
-#   endif
# endif /* HAVE_GSSAPI */
#endif  /* defined(SERVER_SUPPORT) || defined(CLIENT_SUPPORT) */

@@ -6084,131 +6080,6 @@ int cvsencrypt;
/* This global variable is non-zero if the users requests stream
   authentication on the command line.  */
int cvsauthenticate;
-
-#ifdef HAVE_GSSAPI
-
-/* An buffer interface using GSSAPI.  This is built on top of a
-   packetizing buffer.  */
-
-/* This structure is the closure field of the GSSAPI translation
-   routines.  */
-
-struct cvs_gssapi_wrap_data
-{
-    /* The GSSAPI context.  */
-    gss_ctx_id_t gcontext;
-};
-
-static int cvs_gssapi_wrap_input PROTO((void *, const char *, char *, int));
-static int cvs_gssapi_wrap_output PROTO((void *, const char *, char *, int,
-                                        int *));
-
-/* Create a GSSAPI wrapping buffer.  We use a packetizing buffer with
-   GSSAPI wrapping routines.  */
-
-struct buffer *
-cvs_gssapi_wrap_buffer_initialize (buf, input, gcontext, memory)
-     struct buffer *buf;
-     int input;
-     gss_ctx_id_t gcontext;
-     void (*memory) PROTO((struct buffer *));
-{
-    struct cvs_gssapi_wrap_data *gd;
-
-    gd = (struct cvs_gssapi_wrap_data *) xmalloc (sizeof *gd);
-    gd->gcontext = gcontext;
-
-    return (packetizing_buffer_initialize
-           (buf,
-            input ? cvs_gssapi_wrap_input : NULL,
-            input ? NULL : cvs_gssapi_wrap_output,
-            gd,
-            memory));
-}
-
-/* Unwrap data using GSSAPI.  */
-
-static int
-cvs_gssapi_wrap_input (fnclosure, input, output, size)
-     void *fnclosure;
-     const char *input;
-     char *output;
-     int size;
-{
-    struct cvs_gssapi_wrap_data *gd =
-       (struct cvs_gssapi_wrap_data *) fnclosure;
-    gss_buffer_desc inbuf, outbuf;
-    OM_uint32 stat_min;
-    int conf;
-
-    inbuf.value = (void *) input;
-    inbuf.length = size;
-
-    if (gss_unwrap (&stat_min, gd->gcontext, &inbuf, &outbuf, &conf, NULL)
-       != GSS_S_COMPLETE)
-    {
-       error (1, 0, "gss_unwrap failed");
-    }
-
-    if (outbuf.length > size)
-       abort ();
-
-    memcpy (output, outbuf.value, outbuf.length);
-
-    /* The real packet size is stored in the data, so we don't need to
-       remember outbuf.length.  */
-
-    gss_release_buffer (&stat_min, &outbuf);
-
-    return 0;
-}
-
-/* Wrap data using GSSAPI.  */
-
-static int
-cvs_gssapi_wrap_output (fnclosure, input, output, size, translated)
-     void *fnclosure;
-     const char *input;
-     char *output;
-     int size;
-     int *translated;
-{
-    struct cvs_gssapi_wrap_data *gd =
-       (struct cvs_gssapi_wrap_data *) fnclosure;
-    gss_buffer_desc inbuf, outbuf;
-    OM_uint32 stat_min;
-    int conf_req, conf;
-
-    inbuf.value = (void *) input;
-    inbuf.length = size;
-
-#ifdef ENCRYPTION
-    conf_req = cvs_gssapi_encrypt;
-#else
-    conf_req = 0;
-#endif
-
-    if (gss_wrap (&stat_min, gd->gcontext, conf_req, GSS_C_QOP_DEFAULT,
-                 &inbuf, &conf, &outbuf) != GSS_S_COMPLETE)
-       error (1, 0, "gss_wrap failed");
-
-    /* The packetizing buffer only permits us to add 100 bytes.
-       FIXME: I don't know what, if anything, is guaranteed by GSSAPI.
-       This may need to be increased for a different GSSAPI
-       implementation, or we may need a different algorithm.  */
-    if (outbuf.length > size + 100)
-       abort ();
-
-    memcpy (output, outbuf.value, outbuf.length);
-
-    *translated = outbuf.length;
-
-    gss_release_buffer (&stat_min, &outbuf);
-
-    return 0;
-}
-
-#endif /* HAVE_GSSAPI */

#ifdef ENCRYPTION


_


--alexm


--
               *8^)

Email: address@hidden

Get CVS support at <http://ximbiot.com>!
--
There is not a truth existing which I fear or would wish unknown to the whole
world.
                        - Thomas Jefferson to Henry Lee, 1826







reply via email to

[Prev in Thread] Current Thread [Next in Thread]