[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
New version of PKINIT
Hello all,
there's a new version of the PKINIT patch at
http://meta.cesnet.cz/software/heimdal/pkinit.en.html.
The main change is support of GSI (www.globus.org) and small cleanups and
fixes of the code.
If you want to enable the GLOBUS support you must pass appropriate CPFFLAGS
to configure:
CPPFLAGS="-DPKINIT -DGLOBUS -I/software/globus-2.0/include/gcc32dbg" \
../configure --with-openssl=/software/openssl-0.9.6
You will also have to add the following line to almost all Makefiles (to the
LDADD variable):
-L/software/globus-2.0/lib -lglobus_gss_assist_gcc32dbg
I've also written some support for autotools (adding configure options
--with-globus and --enable-pkinit), hovewer, it's very premature and is not
included in the patch. You can find it in the attachement, if you want to use
it you have to generate a new configure script and Makefile.in's (note that
you need autoconf v. 2.53).
If the GLOBUS support is enabled, KDC can verify client's proxies in the same
way how GSI applications do (ie. checking CA-signing policies, CRLs). Also,
system gridmap-file is used for user mapping verification (instead of
checking list given in pki-allowed-principals).
--
Dan
Index: heimdal/include/config.h.in
diff -u heimdal/include/config.h.in:1.1.1.1 heimdal/include/config.h.in:1.1.1.1.2.2
--- heimdal/include/config.h.in:1.1.1.1 Tue Feb 26 16:42:03 2002
+++ heimdal/include/config.h.in Wed Jun 5 15:20:16 2002
@@ -65,6 +65,9 @@
struct sockaddr*, socklen_t*) */
#undef GETSOCKNAME_PROTO_COMPATIBLE
+/* Define if you want support for Globus. */
+#undef GLOBUS
+
/* Define if you have the <arpa/ftp.h> header file. */
#undef HAVE_ARPA_FTP_H
@@ -1113,6 +1116,9 @@
/* Name of package */
#undef PACKAGE
+
+/* Define if you want support for PKI authentication. */
+#undef PKINIT
/* Define if getlogin has POSIX flavour (and not BSD). */
#undef POSIX_GETLOGIN
Index: heimdal/configure.in
diff -u heimdal/configure.in:1.1.1.1 heimdal/configure.in:1.1.1.1.2.4
--- heimdal/configure.in:1.1.1.1 Tue Feb 26 16:42:02 2002
+++ heimdal/configure.in Wed Jun 5 17:02:43 2002
@@ -525,6 +525,38 @@
KRB_CRYPTO
+AC_ARG_ENABLE(pkinit,
+ [--enable-pkinit if you want support for PKI authentication])
+if test "$enable_pkinit" = "yes"; then
+ if test "$with_openssl" = "no" -o "X$with_openssl" = "X"; then
+ AC_MSG_ERROR([OpenSSL is required for PKINIT])
+ fi
+ AC_DEFINE(PKINIT, 1, [Define if you want support for PKI authentication.])
+fi
+AM_CONDITIONAL(PKINIT, test "$enable_pkinit" = "yes")
+
+AC_ARG_WITH(globus-flavor,
+ AC_HELP_STRING([--with-globus-flavor=flavor],
+ [specify Globus flavor to use]))
+
+AC_ARG_WITH(globus,
+ AC_HELP_STRING([--with-globus=dir],
+ [use Globus routines for PKI checking]))
+if test "$with_globus" != ""; then
+ if test "$enable_pkinit" != "yes"; then
+ AC_MSG_ERROR([Globus can be used only together with PKINIT])
+ fi
+ if test "$with_globus_flavor" = ""; then
+ AC_MSG_ERROR([Flavor must be specified])
+ fi
+ INCLUDE_globus="-I${with_globus}/include -I${with_globus}/include/${with_globus_flavor}"
+ LIB_globus="-L${with_globus}/lib -lglobus_gss_assist_${with_globus_flavor}"
+ AC_DEFINE(GLOBUS, 1, [Define if you want support for Globus.])
+ AC_SUBST(INCLUDE_globus)
+ AC_SUBST(LIB_globus)
+fi
+AM_CONDITIONAL(GLOBUS, test "$with_globus" = "yes")
+
KRB_READLINE
dnl telnet muck --------------------------------------------------
Index: heimdal/admin/Makefile.am
diff -u heimdal/admin/Makefile.am:1.1.1.1 heimdal/admin/Makefile.am:1.1.1.1.2.1
--- heimdal/admin/Makefile.am:1.1.1.1 Tue Feb 26 16:42:02 2002
+++ heimdal/admin/Makefile.am Wed Jun 5 16:29:21 2002
@@ -26,4 +26,5 @@
$(top_builddir)/lib/asn1/libasn1.la \
$(top_builddir)/lib/sl/libsl.la \
$(LIB_readline) \
- $(LIB_roken)
+ $(LIB_roken) \
+ $(LIB_globus)
Index: heimdal/appl/ftp/ftp/Makefile.am
diff -u heimdal/appl/ftp/ftp/Makefile.am:1.1.1.1 heimdal/appl/ftp/ftp/Makefile.am:1.1.1.1.2.1
--- heimdal/appl/ftp/ftp/Makefile.am:1.1.1.1 Tue Feb 26 16:42:03 2002
+++ heimdal/appl/ftp/ftp/Makefile.am Wed Jun 5 16:29:21 2002
@@ -43,4 +43,5 @@
$(LIB_krb4) \
$(LIB_des) \
$(LIB_roken) \
- $(LIB_readline)
+ $(LIB_readline) \
+ $(LIB_globus)
Index: heimdal/appl/ftp/ftpd/Makefile.am
diff -u heimdal/appl/ftp/ftpd/Makefile.am:1.1.1.1 heimdal/appl/ftp/ftpd/Makefile.am:1.1.1.1.2.1
--- heimdal/appl/ftp/ftpd/Makefile.am:1.1.1.1 Tue Feb 26 16:42:03 2002
+++ heimdal/appl/ftp/ftpd/Makefile.am Wed Jun 5 16:29:21 2002
@@ -52,4 +52,5 @@
$(LIB_kafs) \
$(LIB_krb4) \
$(LIB_des) \
- $(LIB_roken)
+ $(LIB_roken) \
+ $(LIB_globus)
Index: heimdal/appl/kf/Makefile.am
diff -u heimdal/appl/kf/Makefile.am:1.1.1.1 heimdal/appl/kf/Makefile.am:1.1.1.1.2.1
--- heimdal/appl/kf/Makefile.am:1.1.1.1 Tue Feb 26 16:42:02 2002
+++ heimdal/appl/kf/Makefile.am Wed Jun 5 16:29:21 2002
@@ -15,4 +15,5 @@
LDADD = $(top_builddir)/lib/krb5/libkrb5.la \
$(LIB_des) \
$(top_builddir)/lib/asn1/libasn1.la \
- $(LIB_roken)
+ $(LIB_roken) \
+ $(LIB_globus)
Index: heimdal/appl/kx/Makefile.am
diff -u heimdal/appl/kx/Makefile.am:1.1.1.1 heimdal/appl/kx/Makefile.am:1.1.1.1.2.1
--- heimdal/appl/kx/Makefile.am:1.1.1.1 Tue Feb 26 16:42:03 2002
+++ heimdal/appl/kx/Makefile.am Wed Jun 5 16:29:21 2002
@@ -70,4 +70,5 @@
$(LIB_krb4) \
$(LIB_des) \
$(LIB_roken) \
- $(X_LIBS) $(LIB_XauReadAuth) $(X_PRE_LIBS) $(X_EXTRA_LIBS)
+ $(X_LIBS) $(LIB_XauReadAuth) $(X_PRE_LIBS) $(X_EXTRA_LIBS) \
+ $(LIB_globus)
Index: heimdal/appl/login/Makefile.am
diff -u heimdal/appl/login/Makefile.am:1.1.1.1 heimdal/appl/login/Makefile.am:1.1.1.1.2.1
--- heimdal/appl/login/Makefile.am:1.1.1.1 Tue Feb 26 16:42:03 2002
+++ heimdal/appl/login/Makefile.am Wed Jun 5 16:29:21 2002
@@ -29,7 +29,8 @@
$(top_builddir)/lib/asn1/libasn1.la \
$(LIB_roken) \
$(LIB_security) \
- $(DBLIB)
+ $(DBLIB) \
+ $(LIB_globus)
$(srcdir)/login_protos.h:
cd $(srcdir); perl ../../cf/make-proto.pl -o login_protos.h $(login_SOURCES) || rm -f login_protos.h
Index: heimdal/appl/popper/Makefile.am
diff -u heimdal/appl/popper/Makefile.am:1.1.1.1 heimdal/appl/popper/Makefile.am:1.1.1.1.2.1
--- heimdal/appl/popper/Makefile.am:1.1.1.1 Tue Feb 26 16:42:03 2002
+++ heimdal/appl/popper/Makefile.am Wed Jun 5 16:29:21 2002
@@ -26,6 +26,7 @@
$(LIB_krb4) \
$(LIB_des) \
$(LIB_roken) \
- $(DBLIB)
+ $(DBLIB) \
+ $(LIB_globus)
man_MANS = popper.8
Index: heimdal/appl/push/Makefile.am
diff -u heimdal/appl/push/Makefile.am:1.1.1.1 heimdal/appl/push/Makefile.am:1.1.1.1.2.1
--- heimdal/appl/push/Makefile.am:1.1.1.1 Tue Feb 26 16:42:03 2002
+++ heimdal/appl/push/Makefile.am Wed Jun 5 16:29:21 2002
@@ -24,4 +24,5 @@
$(LIB_krb4) \
$(LIB_des) \
$(LIB_roken) \
- $(LIB_hesiod)
+ $(LIB_hesiod) \
+ $(LIB_globus)
Index: heimdal/appl/rcp/Makefile.am
diff -u heimdal/appl/rcp/Makefile.am:1.1.1.1 heimdal/appl/rcp/Makefile.am:1.2
--- heimdal/appl/rcp/Makefile.am:1.1.1.1 Tue Feb 26 16:42:03 2002
+++ heimdal/appl/rcp/Makefile.am Tue Feb 26 17:08:19 2002
@@ -9,3 +9,5 @@
rcp_SOURCES = rcp.c util.c
LDADD = $(LIB_roken)
+
+DEFS += -DHEIMDAL_PREFIX=\"$(prefix)\"
Index: heimdal/appl/rsh/Makefile.am
diff -u heimdal/appl/rsh/Makefile.am:1.1.1.1 heimdal/appl/rsh/Makefile.am:1.1.1.1.2.1
--- heimdal/appl/rsh/Makefile.am:1.1.1.1 Tue Feb 26 16:42:03 2002
+++ heimdal/appl/rsh/Makefile.am Wed Jun 5 16:29:21 2002
@@ -22,4 +22,5 @@
$(LIB_krb4) \
$(LIB_des) \
$(LIB_roken) \
- $(LIB_kdfs)
+ $(LIB_kdfs) \
+ $(LIB_globus)
Index: heimdal/appl/su/Makefile.am
diff -u heimdal/appl/su/Makefile.am:1.1.1.1 heimdal/appl/su/Makefile.am:1.1.1.1.2.1
--- heimdal/appl/su/Makefile.am:1.1.1.1 Tue Feb 26 16:42:03 2002
+++ heimdal/appl/su/Makefile.am Wed Jun 5 16:29:21 2002
@@ -13,4 +13,5 @@
$(LIB_krb4) \
$(LIB_des) \
$(top_builddir)/lib/asn1/libasn1.la \
- $(LIB_roken)
+ $(LIB_roken) \
+ $(LIB_globus)
Index: heimdal/appl/telnet/telnet/Makefile.am
diff -u heimdal/appl/telnet/telnet/Makefile.am:1.1.1.1 heimdal/appl/telnet/telnet/Makefile.am:1.1.1.1.2.1
--- heimdal/appl/telnet/telnet/Makefile.am:1.1.1.1 Tue Feb 26 16:42:03 2002
+++ heimdal/appl/telnet/telnet/Makefile.am Wed Jun 5 16:29:21 2002
@@ -20,4 +20,5 @@
$(LIB_des) \
$(LIB_tgetent) \
$(LIB_kdfs) \
- $(LIB_roken)
+ $(LIB_roken) \
+ $(LIB_globus)
Index: heimdal/appl/telnet/telnetd/Makefile.am
diff -u heimdal/appl/telnet/telnetd/Makefile.am:1.1.1.1 heimdal/appl/telnet/telnetd/Makefile.am:1.1.1.1.2.1
--- heimdal/appl/telnet/telnetd/Makefile.am:1.1.1.1 Tue Feb 26 16:42:03 2002
+++ heimdal/appl/telnet/telnetd/Makefile.am Wed Jun 5 16:29:22 2002
@@ -23,4 +23,5 @@
$(LIB_logout) \
$(LIB_openpty) \
$(LIB_kdfs) \
- $(LIB_roken)
+ $(LIB_roken) \
+ $(LIB_globus)
Index: heimdal/appl/test/Makefile.am
diff -u heimdal/appl/test/Makefile.am:1.1.1.1 heimdal/appl/test/Makefile.am:1.1.1.1.2.1
--- heimdal/appl/test/Makefile.am:1.1.1.1 Tue Feb 26 16:42:03 2002
+++ heimdal/appl/test/Makefile.am Wed Jun 5 16:29:22 2002
@@ -34,4 +34,5 @@
LDADD = $(top_builddir)/lib/krb5/libkrb5.la \
$(LIB_des) \
$(top_builddir)/lib/asn1/libasn1.la \
- $(LIB_roken)
+ $(LIB_roken) \
+ $(LIB_globus)
Index: heimdal/appl/xnlock/Makefile.am
diff -u heimdal/appl/xnlock/Makefile.am:1.1.1.1 heimdal/appl/xnlock/Makefile.am:1.1.1.1.2.1
--- heimdal/appl/xnlock/Makefile.am:1.1.1.1 Tue Feb 26 16:42:03 2002
+++ heimdal/appl/xnlock/Makefile.am Wed Jun 5 16:29:22 2002
@@ -27,4 +27,5 @@
$(LIB_krb4) \
$(LIB_des) \
$(LIB_roken) \
- $(X_LIBS) -lXt $(X_PRE_LIBS) -lX11 $(X_EXTRA_LIBS)
+ $(X_LIBS) -lXt $(X_PRE_LIBS) -lX11 $(X_EXTRA_LIBS) \
+ $(LIB_globus)
Index: heimdal/kadmin/Makefile.am
diff -u heimdal/kadmin/Makefile.am:1.1.1.1 heimdal/kadmin/Makefile.am:1.1.1.1.2.1
--- heimdal/kadmin/Makefile.am:1.1.1.1 Tue Feb 26 16:42:03 2002
+++ heimdal/kadmin/Makefile.am Wed Jun 5 16:29:22 2002
@@ -65,7 +65,8 @@
$(top_builddir)/lib/sl/libsl.la \
$(LIB_readline) \
$(LDADD_common) \
- $(LIB_dlopen)
+ $(LIB_dlopen) \
+ $(LIB_globus)
add_random_users_LDADD = \
$(top_builddir)/lib/kadm5/libkadm5clnt.la \
Index: heimdal/kdc/Makefile.am
diff -u heimdal/kdc/Makefile.am:1.1.1.1 heimdal/kdc/Makefile.am:1.1.1.1.2.2
--- heimdal/kdc/Makefile.am:1.1.1.1 Tue Feb 26 16:42:03 2002
+++ heimdal/kdc/Makefile.am Wed Jun 5 16:29:22 2002
@@ -33,6 +33,7 @@
log.c \
main.c \
misc.c \
+ pkinit.c \
$(krb4_sources)
@@ -44,7 +45,8 @@
$(LIB_des) \
$(top_builddir)/lib/asn1/libasn1.la \
$(LIB_roken) \
- $(DBLIB)
+ $(DBLIB) \
+ $(LIB_globus)
hpropd_LDADD = \
$(top_builddir)/lib/hdb/libhdb.la \
@@ -63,7 +65,8 @@
$(LIB_des) \
$(top_builddir)/lib/asn1/libasn1.la \
$(LIB_roken) \
- $(DBLIB)
+ $(DBLIB) \
+ $(LIB_globus)
kdc_LDADD = $(LDADD) $(LIB_pidfile)
Index: heimdal/kpasswd/Makefile.am
diff -u heimdal/kpasswd/Makefile.am:1.1.1.1 heimdal/kpasswd/Makefile.am:1.1.1.1.2.1
--- heimdal/kpasswd/Makefile.am:1.1.1.1 Tue Feb 26 16:42:03 2002
+++ heimdal/kpasswd/Makefile.am Wed Jun 5 16:29:22 2002
@@ -28,4 +28,5 @@
LDADD = $(top_builddir)/lib/krb5/libkrb5.la \
$(LIB_des) \
$(top_builddir)/lib/asn1/libasn1.la \
- $(LIB_roken)
+ $(LIB_roken) \
+ $(LIB_globus)
Index: heimdal/kuser/Makefile.am
diff -u heimdal/kuser/Makefile.am:1.1.1.1 heimdal/kuser/Makefile.am:1.1.1.1.2.1
--- heimdal/kuser/Makefile.am:1.1.1.1 Tue Feb 26 16:42:04 2002
+++ heimdal/kuser/Makefile.am Wed Jun 5 16:29:22 2002
@@ -16,7 +16,8 @@
$(LIB_krb4) \
$(LIB_des) \
$(top_builddir)/lib/asn1/libasn1.la \
- $(LIB_roken)
+ $(LIB_roken) \
+ $(LIB_globus)
kdestroy_LDADD = $(kinit_LDADD)
@@ -26,7 +27,8 @@
$(top_builddir)/lib/krb5/libkrb5.la \
$(LIB_des) \
$(top_builddir)/lib/asn1/libasn1.la \
- $(LIB_roken)
+ $(LIB_roken) \
+ $(LIB_globus)
# make sure install-exec-hook doesn't have any commands in Makefile.am.common
install-exec-hook:
Index: heimdal/lib/asn1/Makefile.am
diff -u heimdal/lib/asn1/Makefile.am:1.1.1.1 heimdal/lib/asn1/Makefile.am:1.1.1.1.2.2
--- heimdal/lib/asn1/Makefile.am:1.1.1.1 Tue Feb 26 16:42:04 2002
+++ heimdal/lib/asn1/Makefile.am Mon May 6 18:51:40 2002
@@ -2,6 +2,8 @@
include $(top_srcdir)/Makefile.am.common
+INCLUDES += $(INCLUDE_des)
+
YFLAGS = -d
lib_LTLIBRARIES = libasn1.la
@@ -65,6 +67,9 @@
asn1_Ticket.x \
asn1_TicketFlags.x \
asn1_TransitedEncoding.x \
+ asn1_PKAuthenticator.x \
+ asn1_AuthPack.x \
+ asn1_ReplyKeyPack.x \
asn1_UNSIGNED.x
@@ -93,6 +98,7 @@
der_length.c \
der_copy.c \
timegm.c \
+ pkinit_asn1.c \
$(BUILT_SOURCES)
asn1_compile_LDADD = \
@@ -107,7 +113,7 @@
CLEANFILES = lex.c parse.c parse.h krb5_asn1.h $(BUILT_SOURCES) \
$(gen_files) asn1_files
-include_HEADERS = krb5_asn1.h asn1_err.h der.h
+include_HEADERS = krb5_asn1.h asn1_err.h der.h pkinit_asn1.h
$(asn1_compile_OBJECTS): parse.h parse.c
Index: heimdal/lib/kadm5/Makefile.am
diff -u heimdal/lib/kadm5/Makefile.am:1.1.1.1 heimdal/lib/kadm5/Makefile.am:1.1.1.1.2.1
--- heimdal/lib/kadm5/Makefile.am:1.1.1.1 Tue Feb 26 16:42:04 2002
+++ heimdal/lib/kadm5/Makefile.am Wed Jun 5 16:29:22 2002
@@ -106,7 +106,8 @@
$(LIB_des) \
$(LIB_roken) \
$(DBLIB) \
- $(LIB_dlopen)
+ $(LIB_dlopen) \
+ $(LIB_globus)
CLEANFILES = kadm5_err.c kadm5_err.h
Index: heimdal/lib/krb5/Makefile.am
diff -u heimdal/lib/krb5/Makefile.am:1.1.1.1 heimdal/lib/krb5/Makefile.am:1.1.1.1.2.3
--- heimdal/lib/krb5/Makefile.am:1.1.1.1 Tue Feb 26 16:42:04 2002
+++ heimdal/lib/krb5/Makefile.am Wed Jun 5 16:29:22 2002
@@ -2,7 +2,7 @@
include $(top_srcdir)/Makefile.am.common
-INCLUDES += $(INCLUDE_krb4) $(INCLUDE_des) -I../com_err
+INCLUDES += $(INCLUDE_krb4) $(INCLUDE_des) -I../com_err $(INCLUDE_globus)
bin_PROGRAMS = verify_krb5_conf
@@ -120,6 +120,7 @@
version.c \
warn.c \
write_message.c \
+ pkinit.c \
$(ERR_FILES)
libkrb5_la_LDFLAGS = -version-info 18:2:1
@@ -162,7 +163,7 @@
krb5_warn.3 \
verify_krb5_conf.8
-include_HEADERS = krb5.h krb5-protos.h krb5-private.h krb5_err.h heim_err.h k524_err.h
+include_HEADERS = krb5.h krb5-protos.h krb5-private.h krb5_err.h heim_err.h k524_err.h pkinit.h
CLEANFILES = krb5_err.c krb5_err.h heim_err.c heim_err.h k524_err.c k524_err.h
Index: heimdal/lib/vers/Makefile.am
diff -u heimdal/lib/vers/Makefile.am:1.1.1.1 heimdal/lib/vers/Makefile.am:1.2
--- heimdal/lib/vers/Makefile.am:1.1.1.1 Tue Feb 26 16:42:04 2002
+++ heimdal/lib/vers/Makefile.am Tue Feb 26 17:13:00 2002
@@ -14,7 +14,7 @@
if KRB5
## need to link with des here; otherwise, if krb4 is shared the link
## will fail with unresolved references
-make_print_version_LDADD = $(LIB_krb4) -ldes
+make_print_version_LDADD = $(LIB_krb4)
endif
endif