From fedora-directory-commits at redhat.com Wed Aug 2 15:14:49 2006 From: fedora-directory-commits at redhat.com (Robert Crittenden (rcritten)) Date: Wed, 2 Aug 2006 08:14:49 -0700 Subject: [Fedora-directory-commits] mod_nss nss.conf.in, 1.8, 1.9 nss_engine_init.c, 1.20, 1.21 Message-ID: <200608021514.k72FEnA3021084@cvs-int.fedora.redhat.com> Author: rcritten Update of /cvs/dirsec/mod_nss In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv21001 Modified Files: nss.conf.in nss_engine_init.c Log Message: 200855 Defer loading the server certificates until the 2nd module load. Otherwise any problems with said certificate(s) will not be displayed because the VirtualHost logging hasn't been turned on yet. Switch a slew of APLOG_INFO to APLOG_ERR. And add a default LogLevel to nss.conf.in. This is not inherited from httpd.conf. Index: nss.conf.in =================================================================== RCS file: /cvs/dirsec/mod_nss/nss.conf.in,v retrieving revision 1.8 retrieving revision 1.9 diff -u -r1.8 -r1.9 --- nss.conf.in 2 Mar 2006 19:21:54 -0000 1.8 +++ nss.conf.in 2 Aug 2006 15:14:47 -0000 1.9 @@ -76,8 +76,10 @@ #ServerAdmin you at example.com # mod_nss can log to separate log files, you can choose to do that if you'd like +# LogLevel is not inherited from httpd.conf. #ErrorLog @apache_prefix@/logs/error_log #TransferLog @apache_prefix@/logs/access_log +LogLevel warn # SSL Engine Switch: # Enable/Disable SSL for this virtual host. Index: nss_engine_init.c =================================================================== RCS file: /cvs/dirsec/mod_nss/nss_engine_init.c,v retrieving revision 1.20 retrieving revision 1.21 diff -u -r1.20 -r1.21 --- nss_engine_init.c 21 Jun 2006 14:25:51 -0000 1.20 +++ nss_engine_init.c 2 Aug 2006 15:14:47 -0000 1.21 @@ -831,7 +831,7 @@ } } } else { - ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, + ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "Certificate not found: '%s'", nickname); nss_die(); } @@ -848,7 +848,7 @@ * Slot not found. This should never happen because we * already found the cert. */ - ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, + ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "Slot not found"); nss_log_nss_error(APLOG_MARK, APLOG_ERR, s); free(token); @@ -866,7 +866,7 @@ PK11_FreeSlot(slot); if (*serverkey == NULL) { - ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, + ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "Key not found for: '%s'", nickname); nss_log_nss_error(APLOG_MARK, APLOG_ERR, s); nss_die(); @@ -889,21 +889,21 @@ /* ok */ break; case secCertTimeExpired: - ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, + ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "Server certificate is expired: '%s'", nickname); break; case secCertTimeNotValidYet: - ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, + ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "Certificate is not valid yet '%s'", nickname); default: - ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, + ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "Unhandled Certificate time type %d for: '%s'", certtimestatus, nickname); break; } secstatus = SSL_ConfigSecureServer(model, *servercert, *serverkey, *KEAtype); if (secstatus != SECSuccess) { - ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, + ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "SSL error configuring server: '%s'", nickname); nss_log_nss_error(APLOG_MARK, APLOG_ERR, s); nss_die(); @@ -945,7 +945,7 @@ secstatus = (SECStatus)SSL_SetPKCS11PinArg(mctx->model, NULL); if (secstatus != SECSuccess) { - ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, + ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "Error setting PKCS11 pin argument: '%s'", mctx->nickname); nss_die(); } @@ -953,7 +953,7 @@ secstatus = (SECStatus)SSL_HandshakeCallback(mctx->model, (SSLHandshakeCallback)NSSHandshakeCallback, NULL); if (secstatus != SECSuccess) { - ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, + ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "SSL error configuring handshake callback: '%s'", mctx->nickname); nss_log_nss_error(APLOG_MARK, APLOG_ERR, s); nss_die(); @@ -965,9 +965,13 @@ apr_pool_t *ptemp, SSLSrvConfigRec *sc) { + SSLModConfigRec *mc = myModConfig(s); + nss_init_ctx(s, p, ptemp, sc->proxy); - nss_init_server_certs(s, p, ptemp, sc->proxy); + /* Only try to load the certificates once the server is up */ + if (mc->nInitCount < 2) + nss_init_server_certs(s, p, ptemp, sc->proxy); } static void nss_init_server_ctx(server_rec *s, @@ -975,11 +979,15 @@ apr_pool_t *ptemp, SSLSrvConfigRec *sc) { + SSLModConfigRec *mc = myModConfig(s); + nss_init_server_check(s, p, ptemp, sc->server); nss_init_ctx(s, p, ptemp, sc->server); - nss_init_server_certs(s, p, ptemp, sc->server); + /* Only try to load the certificates once the server is up */ + if (mc->nInitCount < 2) + nss_init_server_certs(s, p, ptemp, sc->server); } /* From fedora-directory-commits at redhat.com Wed Aug 2 18:59:15 2006 From: fedora-directory-commits at redhat.com (Robert Crittenden (rcritten)) Date: Wed, 2 Aug 2006 11:59:15 -0700 Subject: [Fedora-directory-commits] mod_nss nss_engine_init.c,1.21,1.22 Message-ID: <200608021859.k72IxFw8031553@cvs-int.fedora.redhat.com> Author: rcritten Update of /cvs/dirsec/mod_nss In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv31536 Modified Files: nss_engine_init.c Log Message: 200855 Turns out I didn't need to defer startup at all, the LogLevel in nss.conf was enough. I actually had the compare reversed anyway, but that was the least of the problem. 30% of the time the server would core during shutdown due to a race condition. Index: nss_engine_init.c =================================================================== RCS file: /cvs/dirsec/mod_nss/nss_engine_init.c,v retrieving revision 1.21 retrieving revision 1.22 diff -u -r1.21 -r1.22 --- nss_engine_init.c 2 Aug 2006 15:14:47 -0000 1.21 +++ nss_engine_init.c 2 Aug 2006 18:59:12 -0000 1.22 @@ -969,9 +969,7 @@ nss_init_ctx(s, p, ptemp, sc->proxy); - /* Only try to load the certificates once the server is up */ - if (mc->nInitCount < 2) - nss_init_server_certs(s, p, ptemp, sc->proxy); + nss_init_server_certs(s, p, ptemp, sc->proxy); } static void nss_init_server_ctx(server_rec *s, @@ -985,9 +983,7 @@ nss_init_ctx(s, p, ptemp, sc->server); - /* Only try to load the certificates once the server is up */ - if (mc->nInitCount < 2) - nss_init_server_certs(s, p, ptemp, sc->server); + nss_init_server_certs(s, p, ptemp, sc->server); } /* From fedora-directory-commits at redhat.com Thu Aug 3 13:29:08 2006 From: fedora-directory-commits at redhat.com (Robert Crittenden (rcritten)) Date: Thu, 3 Aug 2006 06:29:08 -0700 Subject: [Fedora-directory-commits] mod_nss mod_nss.c, 1.12, 1.13 mod_nss.h, 1.12, 1.13 nss_engine_vars.c, 1.6, 1.7 Message-ID: <200608031329.k73DT8to029666@cvs-int.fedora.redhat.com> Author: rcritten Update of /cvs/dirsec/mod_nss In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv29645 Modified Files: mod_nss.c mod_nss.h nss_engine_vars.c Log Message: 200610 Change the kludge for determining the current version of Apache we're building against. Claim to be building against 2.0.55 if not told otherwise. The exact version matters less than knowing which API to use. Index: mod_nss.c =================================================================== RCS file: /cvs/dirsec/mod_nss/mod_nss.c,v retrieving revision 1.12 retrieving revision 1.13 diff -u -r1.12 -r1.13 --- mod_nss.c 20 Jun 2006 20:25:20 -0000 1.12 +++ mod_nss.c 3 Aug 2006 13:29:05 -0000 1.13 @@ -399,7 +399,7 @@ ap_hook_pre_connection(nss_hook_pre_connection,NULL,NULL, APR_HOOK_MIDDLE); ap_hook_post_config (nss_init_Module, NULL,NULL, APR_HOOK_MIDDLE); -#ifndef AP_SERVER_MAJORVERSION_NUMBER +#if AP_SERVER_MINORVERSION_NUMBER < 2 /* See comment in mod_nss.h */ ap_hook_http_method (nss_hook_http_scheme, NULL,NULL, APR_HOOK_MIDDLE); #else ap_hook_http_scheme (nss_hook_http_scheme, NULL,NULL, APR_HOOK_MIDDLE); Index: mod_nss.h =================================================================== RCS file: /cvs/dirsec/mod_nss/mod_nss.h,v retrieving revision 1.12 retrieving revision 1.13 diff -u -r1.12 -r1.13 --- mod_nss.h 20 Jun 2006 20:25:20 -0000 1.12 +++ mod_nss.h 3 Aug 2006 13:29:05 -0000 1.13 @@ -327,8 +327,17 @@ } cipher_properties; /* Compatibility between Apache 2.0.x and 2.2.x. The numeric version of - * the version first appeared in Apache 2.2.0 */ + * the version first appeared in Apache 2.0.56-dev. I picked 2.0.55 as it + * is the last version without this define. This is used for more than just + * the below defines. It also determines which API is used. + */ #ifndef AP_SERVER_MAJORVERSION_NUMBER +#define AP_SERVER_MAJORVERSION_NUMBER 2 +#define AP_SERVER_MINORVERSION_NUMBER 0 +#define AP_SERVER_PATCHLEVEL_NUMBER 55 +#endif + +#if AP_SERVER_MINORVERSION_NUMBER < 2 typedef struct regex_t ap_regex_t; #define AP_REG_EXTENDED REG_EXTENDED #define AP_REG_NOSUB REG_NOSUB Index: nss_engine_vars.c =================================================================== RCS file: /cvs/dirsec/mod_nss/nss_engine_vars.c,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- nss_engine_vars.c 7 Apr 2006 20:17:12 -0000 1.6 +++ nss_engine_vars.c 3 Aug 2006 13:29:05 -0000 1.7 @@ -101,7 +101,7 @@ else if (strcEQ(var, "REQUEST_METHOD")) result = (char *)(r->method); else if (strcEQ(var, "REQUEST_SCHEME")) -#ifndef AP_SERVER_MAJORVERSION_NUMBER +#if AP_SERVER_MINORVERSION_NUMBER < 2 /* See comment in mod_nss.h */ result = (char *)ap_http_method(r); #else result = (char *)ap_http_scheme(r); From fedora-directory-commits at redhat.com Thu Aug 3 19:39:53 2006 From: fedora-directory-commits at redhat.com (Robert Crittenden (rcritten)) Date: Thu, 3 Aug 2006 12:39:53 -0700 Subject: [Fedora-directory-commits] mod_revocator - Imported sources Message-ID: <200608031939.k73Jdr9n015500@cvs-int.fedora.redhat.com> Author: rcritten Update of /cvs/dirsec/mod_revocator In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv15477 Log Message: Initial import of mod_revocator Status: Vendor Tag: mod_revocator Release Tags: start N mod_revocator/config.guess N mod_revocator/install-sh N mod_revocator/Makefile.in N mod_revocator/pkcs11layer.h N mod_revocator/constants.c N mod_revocator/aclocal.m4 N mod_revocator/rev_core.h N mod_revocator/rsession.cpp N mod_revocator/ltmain.sh N mod_revocator/client.h N mod_revocator/rslot.cpp N mod_revocator/mod_rev.c N mod_revocator/README N mod_revocator/nsprstub.cpp N mod_revocator/AUTHORS N mod_revocator/client.cpp N mod_revocator/encode.h N mod_revocator/anchor.cpp N mod_revocator/revocator.conf N mod_revocator/exec-client.cpp N mod_revocator/depcomp N mod_revocator/revhelper.cpp N mod_revocator/ldaptest.cpp N mod_revocator/INSTALL N mod_revocator/crlmanager.cpp N mod_revocator/crlmanager.h N mod_revocator/ChangeLog N mod_revocator/LICENSE N mod_revocator/mod_rev.h N mod_revocator/http-client.cpp N mod_revocator/robject.cpp N mod_revocator/revocation.cpp N mod_revocator/reverror.h N mod_revocator/missing N mod_revocator/revocation.h N mod_revocator/rinst.cpp N mod_revocator/rtoken.cpp N mod_revocator/rev_core.cpp N mod_revocator/configure.in N mod_revocator/ldap-client.cpp N mod_revocator/rfind.cpp N mod_revocator/encode.cpp N mod_revocator/NEWS N mod_revocator/status.h N mod_revocator/unescape.h N mod_revocator/ldapget.cpp N mod_revocator/Makefile.am N mod_revocator/mkinstalldirs N mod_revocator/revprivate.h N mod_revocator/unescape.cpp N mod_revocator/configure N mod_revocator/COPYING N mod_revocator/download.h N mod_revocator/config.sub N mod_revocator/client_err.h N mod_revocator/autom4te.cache/traces.0 N mod_revocator/autom4te.cache/output.0 N mod_revocator/autom4te.cache/requests N mod_revocator/mozilla/README N mod_revocator/mozilla/security/nss/lib/base/baset.h N mod_revocator/mozilla/security/nss/lib/base/nssbase.h N mod_revocator/mozilla/security/nss/lib/base/nssbaset.h N mod_revocator/mozilla/security/nss/lib/base/base.h N mod_revocator/mozilla/security/nss/lib/ckfw/ckfwm.h N mod_revocator/mozilla/security/nss/lib/ckfw/ckmd.h N mod_revocator/mozilla/security/nss/lib/ckfw/ckapi.perl N mod_revocator/mozilla/security/nss/lib/ckfw/ckfwtm.h N mod_revocator/mozilla/security/nss/lib/ckfw/nssckfwc.h N mod_revocator/mozilla/security/nss/lib/ckfw/nssckfwt.h N mod_revocator/mozilla/security/nss/lib/ckfw/nssck.api N mod_revocator/mozilla/security/nss/lib/ckfw/nssckt.h N mod_revocator/mozilla/security/nss/lib/ckfw/nssckmdt.h N mod_revocator/mozilla/security/nss/lib/ckfw/ckt.h N mod_revocator/mozilla/security/nss/lib/ckfw/nssckepv.h N mod_revocator/mozilla/security/nss/lib/ckfw/nssckfw.h N mod_revocator/mozilla/security/nss/lib/ckfw/ck.api N mod_revocator/mozilla/security/nss/lib/ckfw/ckfw.h N mod_revocator/mozilla/security/nss/lib/ckfw/nssckft.h N mod_revocator/mozilla/security/nss/lib/ckfw/ck.h N mod_revocator/mozilla/security/nss/lib/ckfw/nssckg.h No conflicts created by this import From fedora-directory-commits at redhat.com Fri Aug 4 18:53:13 2006 From: fedora-directory-commits at redhat.com (Robert Crittenden (rcritten)) Date: Fri, 4 Aug 2006 11:53:13 -0700 Subject: [Fedora-directory-commits] mod_revocator README, 1.1.1.1, 1.2 anchor.cpp, 1.1.1.1, 1.2 client.cpp, 1.1.1.1, 1.2 client.h, 1.1.1.1, 1.2 client_err.h, 1.1.1.1, 1.2 constants.c, 1.1.1.1, 1.2 crlmanager.cpp, 1.1.1.1, 1.2 crlmanager.h, 1.1.1.1, 1.2 download.h, 1.1.1.1, 1.2 encode.cpp, 1.1.1.1, 1.2 encode.h, 1.1.1.1, 1.2 exec-client.cpp, 1.1.1.1, 1.2 http-client.cpp, 1.1.1.1, 1.2 ldap-client.cpp, 1.1.1.1, 1.2 ldapget.cpp, 1.1.1.1, 1.2 ldaptest.cpp, 1.1.1.1, 1.2 mod_rev.c, 1.1.1.1, 1.2 mod_rev.h, 1.1.1.1, 1.2 nsprstub.cpp, 1.1.1.1, 1.2 pkcs11layer.h, 1.1.1.1, 1.2 rev_core.cpp, 1.1.1.1, 1.2 rev_core.h, 1.1.1.1, 1.2 reverror.h, 1.1.1.1, 1.2 revhelper.cpp, 1.1.1.1, 1.2 revocation.cpp, 1.1.1.1, 1.2 revocation.h, 1.1.1.1, 1.2 revprivate.h, 1.1.1.1, 1.2 rfind.cpp, 1.1.1.1, 1.2 rinst.cpp, 1.1.1.1, 1.2 robject.cpp, 1.1.1.1, 1.2 rsession.cpp, 1.1.1.1, 1.2 rslot.cpp, 1.1.1.1, 1.2 rtoken.cpp, 1.1.1.1, 1.2 status.h, 1.1.1.1, 1.2 unescape.cpp, 1.1.1.1, 1.2 unescape.h, 1.1.1.1, 1.2 Message-ID: <200608041853.k74IrD4Z022342@cvs-int.fedora.redhat.com> Author: rcritten Update of /cvs/dirsec/mod_revocator In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv22284 Modified Files: README anchor.cpp client.cpp client.h client_err.h constants.c crlmanager.cpp crlmanager.h download.h encode.cpp encode.h exec-client.cpp http-client.cpp ldap-client.cpp ldapget.cpp ldaptest.cpp mod_rev.c mod_rev.h nsprstub.cpp pkcs11layer.h rev_core.cpp rev_core.h reverror.h revhelper.cpp revocation.cpp revocation.h revprivate.h rfind.cpp rinst.cpp robject.cpp rsession.cpp rslot.cpp rtoken.cpp status.h unescape.cpp unescape.h Log Message: Replace funky copyright character with "(c)" Index: README =================================================================== RCS file: /cvs/dirsec/mod_revocator/README,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- README 3 Aug 2006 19:39:12 -0000 1.1.1.1 +++ README 4 Aug 2006 18:53:09 -0000 1.2 @@ -1,6 +1,6 @@ LICENSE -Copyright ?? 2006 Red Hat, Inc. All rights reserved. +Copyright (c) 2006 Red Hat, Inc. All rights reserved. This copyrighted material is made available to anyone wishing to use, modify, copy, or redistribute it subject to the terms and conditions of Index: anchor.cpp =================================================================== RCS file: /cvs/dirsec/mod_revocator/anchor.cpp,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- anchor.cpp 3 Aug 2006 19:39:16 -0000 1.1.1.1 +++ anchor.cpp 4 Aug 2006 18:53:09 -0000 1.2 @@ -1,5 +1,5 @@ /** BEGIN COPYRIGHT BLOCK - * Copyright ?? 2006 Red Hat, Inc. All rights reserved. + * Copyright (c) 2006 Red Hat, Inc. All rights reserved. * * This copyrighted material is made available to anyone wishing to use, * modify, copy, or redistribute it subject to the terms and conditions of Index: client.cpp =================================================================== RCS file: /cvs/dirsec/mod_revocator/client.cpp,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- client.cpp 3 Aug 2006 19:39:16 -0000 1.1.1.1 +++ client.cpp 4 Aug 2006 18:53:09 -0000 1.2 @@ -1,5 +1,5 @@ /** BEGIN COPYRIGHT BLOCK - * Copyright ?? 2006 Red Hat, Inc. All rights reserved. + * Copyright (c) 2006 Red Hat, Inc. All rights reserved. * * This copyrighted material is made available to anyone wishing to use, * modify, copy, or redistribute it subject to the terms and conditions of Index: client.h =================================================================== RCS file: /cvs/dirsec/mod_revocator/client.h,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- client.h 3 Aug 2006 19:39:16 -0000 1.1.1.1 +++ client.h 4 Aug 2006 18:53:09 -0000 1.2 @@ -1,5 +1,5 @@ /** BEGIN COPYRIGHT BLOCK - * Copyright ?? 2006 Red Hat, Inc. All rights reserved. + * Copyright (c) 2006 Red Hat, Inc. All rights reserved. * * This copyrighted material is made available to anyone wishing to use, * modify, copy, or redistribute it subject to the terms and conditions of Index: client_err.h =================================================================== RCS file: /cvs/dirsec/mod_revocator/client_err.h,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- client_err.h 3 Aug 2006 19:39:16 -0000 1.1.1.1 +++ client_err.h 4 Aug 2006 18:53:09 -0000 1.2 @@ -1,5 +1,5 @@ /** BEGIN COPYRIGHT BLOCK - * Copyright ?? 2006 Red Hat, Inc. All rights reserved. + * Copyright (c) 2006 Red Hat, Inc. All rights reserved. * * This copyrighted material is made available to anyone wishing to use, * modify, copy, or redistribute it subject to the terms and conditions of Index: constants.c =================================================================== RCS file: /cvs/dirsec/mod_revocator/constants.c,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- constants.c 3 Aug 2006 19:39:29 -0000 1.1.1.1 +++ constants.c 4 Aug 2006 18:53:09 -0000 1.2 @@ -1,5 +1,5 @@ /** BEGIN COPYRIGHT BLOCK - * Copyright ?? 2006 Red Hat, Inc. All rights reserved. + * Copyright (c) 2006 Red Hat, Inc. All rights reserved. * * This copyrighted material is made available to anyone wishing to use, * modify, copy, or redistribute it subject to the terms and conditions of Index: crlmanager.cpp =================================================================== RCS file: /cvs/dirsec/mod_revocator/crlmanager.cpp,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- crlmanager.cpp 3 Aug 2006 19:39:29 -0000 1.1.1.1 +++ crlmanager.cpp 4 Aug 2006 18:53:09 -0000 1.2 @@ -1,5 +1,5 @@ /** BEGIN COPYRIGHT BLOCK - * Copyright ?? 2006 Red Hat, Inc. All rights reserved. + * Copyright (c) 2006 Red Hat, Inc. All rights reserved. * * This copyrighted material is made available to anyone wishing to use, * modify, copy, or redistribute it subject to the terms and conditions of Index: crlmanager.h =================================================================== RCS file: /cvs/dirsec/mod_revocator/crlmanager.h,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- crlmanager.h 3 Aug 2006 19:39:29 -0000 1.1.1.1 +++ crlmanager.h 4 Aug 2006 18:53:09 -0000 1.2 @@ -1,5 +1,5 @@ /** BEGIN COPYRIGHT BLOCK - * Copyright ?? 2006 Red Hat, Inc. All rights reserved. + * Copyright (c) 2006 Red Hat, Inc. All rights reserved. * * This copyrighted material is made available to anyone wishing to use, * modify, copy, or redistribute it subject to the terms and conditions of Index: download.h =================================================================== RCS file: /cvs/dirsec/mod_revocator/download.h,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- download.h 3 Aug 2006 19:39:30 -0000 1.1.1.1 +++ download.h 4 Aug 2006 18:53:09 -0000 1.2 @@ -1,5 +1,5 @@ /** BEGIN COPYRIGHT BLOCK - * Copyright ?? 2006 Red Hat, Inc. All rights reserved. + * Copyright (c) 2006 Red Hat, Inc. All rights reserved. * * This copyrighted material is made available to anyone wishing to use, * modify, copy, or redistribute it subject to the terms and conditions of Index: encode.cpp =================================================================== RCS file: /cvs/dirsec/mod_revocator/encode.cpp,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- encode.cpp 3 Aug 2006 19:39:30 -0000 1.1.1.1 +++ encode.cpp 4 Aug 2006 18:53:09 -0000 1.2 @@ -1,5 +1,5 @@ /** BEGIN COPYRIGHT BLOCK - * Copyright ?? 2006 Red Hat, Inc. All rights reserved. + * Copyright (c) 2006 Red Hat, Inc. All rights reserved. * * This copyrighted material is made available to anyone wishing to use, * modify, copy, or redistribute it subject to the terms and conditions of Index: encode.h =================================================================== RCS file: /cvs/dirsec/mod_revocator/encode.h,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- encode.h 3 Aug 2006 19:39:30 -0000 1.1.1.1 +++ encode.h 4 Aug 2006 18:53:09 -0000 1.2 @@ -1,5 +1,5 @@ /** BEGIN COPYRIGHT BLOCK - * Copyright ?? 2006 Red Hat, Inc. All rights reserved. + * Copyright (c) 2006 Red Hat, Inc. All rights reserved. * * This copyrighted material is made available to anyone wishing to use, * modify, copy, or redistribute it subject to the terms and conditions of Index: exec-client.cpp =================================================================== RCS file: /cvs/dirsec/mod_revocator/exec-client.cpp,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- exec-client.cpp 3 Aug 2006 19:39:30 -0000 1.1.1.1 +++ exec-client.cpp 4 Aug 2006 18:53:09 -0000 1.2 @@ -1,5 +1,5 @@ /** BEGIN COPYRIGHT BLOCK - * Copyright ?? 2006 Red Hat, Inc. All rights reserved. + * Copyright (c) 2006 Red Hat, Inc. All rights reserved. * * This copyrighted material is made available to anyone wishing to use, * modify, copy, or redistribute it subject to the terms and conditions of Index: http-client.cpp =================================================================== RCS file: /cvs/dirsec/mod_revocator/http-client.cpp,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- http-client.cpp 3 Aug 2006 19:39:30 -0000 1.1.1.1 +++ http-client.cpp 4 Aug 2006 18:53:09 -0000 1.2 @@ -1,5 +1,5 @@ /** BEGIN COPYRIGHT BLOCK - * Copyright ?? 2006 Red Hat, Inc. All rights reserved. + * Copyright (c) 2006 Red Hat, Inc. All rights reserved. * * This copyrighted material is made available to anyone wishing to use, * modify, copy, or redistribute it subject to the terms and conditions of Index: ldap-client.cpp =================================================================== RCS file: /cvs/dirsec/mod_revocator/ldap-client.cpp,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- ldap-client.cpp 3 Aug 2006 19:39:30 -0000 1.1.1.1 +++ ldap-client.cpp 4 Aug 2006 18:53:09 -0000 1.2 @@ -1,5 +1,5 @@ /** BEGIN COPYRIGHT BLOCK - * Copyright ?? 2006 Red Hat, Inc. All rights reserved. + * Copyright (c) 2006 Red Hat, Inc. All rights reserved. * * This copyrighted material is made available to anyone wishing to use, * modify, copy, or redistribute it subject to the terms and conditions of Index: ldapget.cpp =================================================================== RCS file: /cvs/dirsec/mod_revocator/ldapget.cpp,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- ldapget.cpp 3 Aug 2006 19:39:30 -0000 1.1.1.1 +++ ldapget.cpp 4 Aug 2006 18:53:09 -0000 1.2 @@ -1,5 +1,5 @@ /** BEGIN COPYRIGHT BLOCK - * Copyright ?? 2006 Red Hat, Inc. All rights reserved. + * Copyright (c) 2006 Red Hat, Inc. All rights reserved. * * This copyrighted material is made available to anyone wishing to use, * modify, copy, or redistribute it subject to the terms and conditions of Index: ldaptest.cpp =================================================================== RCS file: /cvs/dirsec/mod_revocator/ldaptest.cpp,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- ldaptest.cpp 3 Aug 2006 19:39:30 -0000 1.1.1.1 +++ ldaptest.cpp 4 Aug 2006 18:53:09 -0000 1.2 @@ -1,5 +1,5 @@ /** BEGIN COPYRIGHT BLOCK - * Copyright ?? 2006 Red Hat, Inc. All rights reserved. + * Copyright (c) 2006 Red Hat, Inc. All rights reserved. * * This copyrighted material is made available to anyone wishing to use, * modify, copy, or redistribute it subject to the terms and conditions of Index: mod_rev.c =================================================================== RCS file: /cvs/dirsec/mod_revocator/mod_rev.c,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- mod_rev.c 3 Aug 2006 19:39:33 -0000 1.1.1.1 +++ mod_rev.c 4 Aug 2006 18:53:09 -0000 1.2 @@ -1,5 +1,5 @@ /** BEGIN COPYRIGHT BLOCK - * Copyright ?? 2006 Red Hat, Inc. All rights reserved. + * Copyright (c) 2006 Red Hat, Inc. All rights reserved. * * This copyrighted material is made available to anyone wishing to use, * modify, copy, or redistribute it subject to the terms and conditions of Index: mod_rev.h =================================================================== RCS file: /cvs/dirsec/mod_revocator/mod_rev.h,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- mod_rev.h 3 Aug 2006 19:39:33 -0000 1.1.1.1 +++ mod_rev.h 4 Aug 2006 18:53:09 -0000 1.2 @@ -1,5 +1,5 @@ /** BEGIN COPYRIGHT BLOCK - * Copyright ?? 2006 Red Hat, Inc. All rights reserved. + * Copyright (c) 2006 Red Hat, Inc. All rights reserved. * * This copyrighted material is made available to anyone wishing to use, * modify, copy, or redistribute it subject to the terms and conditions of Index: nsprstub.cpp =================================================================== RCS file: /cvs/dirsec/mod_revocator/nsprstub.cpp,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- nsprstub.cpp 3 Aug 2006 19:39:33 -0000 1.1.1.1 +++ nsprstub.cpp 4 Aug 2006 18:53:09 -0000 1.2 @@ -1,5 +1,5 @@ /** BEGIN COPYRIGHT BLOCK - * Copyright ?? 2006 Red Hat, Inc. All rights reserved. + * Copyright (c) 2006 Red Hat, Inc. All rights reserved. * * This copyrighted material is made available to anyone wishing to use, * modify, copy, or redistribute it subject to the terms and conditions of Index: pkcs11layer.h =================================================================== RCS file: /cvs/dirsec/mod_revocator/pkcs11layer.h,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- pkcs11layer.h 3 Aug 2006 19:39:33 -0000 1.1.1.1 +++ pkcs11layer.h 4 Aug 2006 18:53:09 -0000 1.2 @@ -1,5 +1,5 @@ /** BEGIN COPYRIGHT BLOCK - * Copyright ?? 2006 Red Hat, Inc. All rights reserved. + * Copyright (c) 2006 Red Hat, Inc. All rights reserved. * * This copyrighted material is made available to anyone wishing to use, * modify, copy, or redistribute it subject to the terms and conditions of Index: rev_core.cpp =================================================================== RCS file: /cvs/dirsec/mod_revocator/rev_core.cpp,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- rev_core.cpp 3 Aug 2006 19:39:33 -0000 1.1.1.1 +++ rev_core.cpp 4 Aug 2006 18:53:09 -0000 1.2 @@ -1,5 +1,5 @@ /** BEGIN COPYRIGHT BLOCK - * Copyright ?? 2006 Red Hat, Inc. All rights reserved. + * Copyright (c) 2006 Red Hat, Inc. All rights reserved. * * This copyrighted material is made available to anyone wishing to use, * modify, copy, or redistribute it subject to the terms and conditions of Index: rev_core.h =================================================================== RCS file: /cvs/dirsec/mod_revocator/rev_core.h,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- rev_core.h 3 Aug 2006 19:39:33 -0000 1.1.1.1 +++ rev_core.h 4 Aug 2006 18:53:09 -0000 1.2 @@ -1,5 +1,5 @@ /** BEGIN COPYRIGHT BLOCK - * Copyright ?? 2006 Red Hat, Inc. All rights reserved. + * Copyright (c) 2006 Red Hat, Inc. All rights reserved. * * This copyrighted material is made available to anyone wishing to use, * modify, copy, or redistribute it subject to the terms and conditions of Index: reverror.h =================================================================== RCS file: /cvs/dirsec/mod_revocator/reverror.h,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- reverror.h 3 Aug 2006 19:39:33 -0000 1.1.1.1 +++ reverror.h 4 Aug 2006 18:53:09 -0000 1.2 @@ -1,5 +1,5 @@ /** BEGIN COPYRIGHT BLOCK - * Copyright ?? 2006 Red Hat, Inc. All rights reserved. + * Copyright (c) 2006 Red Hat, Inc. All rights reserved. * * This copyrighted material is made available to anyone wishing to use, * modify, copy, or redistribute it subject to the terms and conditions of Index: revhelper.cpp =================================================================== RCS file: /cvs/dirsec/mod_revocator/revhelper.cpp,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- revhelper.cpp 3 Aug 2006 19:39:33 -0000 1.1.1.1 +++ revhelper.cpp 4 Aug 2006 18:53:09 -0000 1.2 @@ -1,5 +1,5 @@ /** BEGIN COPYRIGHT BLOCK - * Copyright ?? 2006 Red Hat, Inc. All rights reserved. + * Copyright (c) 2006 Red Hat, Inc. All rights reserved. * * This copyrighted material is made available to anyone wishing to use, * modify, copy, or redistribute it subject to the terms and conditions of Index: revocation.cpp =================================================================== RCS file: /cvs/dirsec/mod_revocator/revocation.cpp,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- revocation.cpp 3 Aug 2006 19:39:33 -0000 1.1.1.1 +++ revocation.cpp 4 Aug 2006 18:53:09 -0000 1.2 @@ -1,5 +1,5 @@ /** BEGIN COPYRIGHT BLOCK - * Copyright ?? 2006 Red Hat, Inc. All rights reserved. + * Copyright (c) 2006 Red Hat, Inc. All rights reserved. * * This copyrighted material is made available to anyone wishing to use, * modify, copy, or redistribute it subject to the terms and conditions of Index: revocation.h =================================================================== RCS file: /cvs/dirsec/mod_revocator/revocation.h,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- revocation.h 3 Aug 2006 19:39:33 -0000 1.1.1.1 +++ revocation.h 4 Aug 2006 18:53:09 -0000 1.2 @@ -1,5 +1,5 @@ /** BEGIN COPYRIGHT BLOCK - * Copyright ?? 2006 Red Hat, Inc. All rights reserved. + * Copyright (c) 2006 Red Hat, Inc. All rights reserved. * * This copyrighted material is made available to anyone wishing to use, * modify, copy, or redistribute it subject to the terms and conditions of Index: revprivate.h =================================================================== RCS file: /cvs/dirsec/mod_revocator/revprivate.h,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- revprivate.h 3 Aug 2006 19:39:33 -0000 1.1.1.1 +++ revprivate.h 4 Aug 2006 18:53:09 -0000 1.2 @@ -1,5 +1,5 @@ /** BEGIN COPYRIGHT BLOCK - * Copyright ?? 2006 Red Hat, Inc. All rights reserved. + * Copyright (c) 2006 Red Hat, Inc. All rights reserved. * * This copyrighted material is made available to anyone wishing to use, * modify, copy, or redistribute it subject to the terms and conditions of Index: rfind.cpp =================================================================== RCS file: /cvs/dirsec/mod_revocator/rfind.cpp,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- rfind.cpp 3 Aug 2006 19:39:34 -0000 1.1.1.1 +++ rfind.cpp 4 Aug 2006 18:53:09 -0000 1.2 @@ -1,5 +1,5 @@ /** BEGIN COPYRIGHT BLOCK - * Copyright ?? 2006 Red Hat, Inc. All rights reserved. + * Copyright (c) 2006 Red Hat, Inc. All rights reserved. * * This copyrighted material is made available to anyone wishing to use, * modify, copy, or redistribute it subject to the terms and conditions of Index: rinst.cpp =================================================================== RCS file: /cvs/dirsec/mod_revocator/rinst.cpp,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- rinst.cpp 3 Aug 2006 19:39:34 -0000 1.1.1.1 +++ rinst.cpp 4 Aug 2006 18:53:09 -0000 1.2 @@ -1,5 +1,5 @@ /** BEGIN COPYRIGHT BLOCK - * Copyright ?? 2006 Red Hat, Inc. All rights reserved. + * Copyright (c) 2006 Red Hat, Inc. All rights reserved. * * This copyrighted material is made available to anyone wishing to use, * modify, copy, or redistribute it subject to the terms and conditions of Index: robject.cpp =================================================================== RCS file: /cvs/dirsec/mod_revocator/robject.cpp,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- robject.cpp 3 Aug 2006 19:39:34 -0000 1.1.1.1 +++ robject.cpp 4 Aug 2006 18:53:09 -0000 1.2 @@ -1,5 +1,5 @@ /** BEGIN COPYRIGHT BLOCK - * Copyright ?? 2006 Red Hat, Inc. All rights reserved. + * Copyright (c) 2006 Red Hat, Inc. All rights reserved. * * This copyrighted material is made available to anyone wishing to use, * modify, copy, or redistribute it subject to the terms and conditions of Index: rsession.cpp =================================================================== RCS file: /cvs/dirsec/mod_revocator/rsession.cpp,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- rsession.cpp 3 Aug 2006 19:39:34 -0000 1.1.1.1 +++ rsession.cpp 4 Aug 2006 18:53:09 -0000 1.2 @@ -1,5 +1,5 @@ /** BEGIN COPYRIGHT BLOCK - * Copyright ?? 2006 Red Hat, Inc. All rights reserved. + * Copyright (c) 2006 Red Hat, Inc. All rights reserved. * * This copyrighted material is made available to anyone wishing to use, * modify, copy, or redistribute it subject to the terms and conditions of Index: rslot.cpp =================================================================== RCS file: /cvs/dirsec/mod_revocator/rslot.cpp,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- rslot.cpp 3 Aug 2006 19:39:34 -0000 1.1.1.1 +++ rslot.cpp 4 Aug 2006 18:53:09 -0000 1.2 @@ -1,5 +1,5 @@ /** BEGIN COPYRIGHT BLOCK - * Copyright ?? 2006 Red Hat, Inc. All rights reserved. + * Copyright (c) 2006 Red Hat, Inc. All rights reserved. * * This copyrighted material is made available to anyone wishing to use, * modify, copy, or redistribute it subject to the terms and conditions of Index: rtoken.cpp =================================================================== RCS file: /cvs/dirsec/mod_revocator/rtoken.cpp,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- rtoken.cpp 3 Aug 2006 19:39:34 -0000 1.1.1.1 +++ rtoken.cpp 4 Aug 2006 18:53:09 -0000 1.2 @@ -1,5 +1,5 @@ /** BEGIN COPYRIGHT BLOCK - * Copyright ?? 2006 Red Hat, Inc. All rights reserved. + * Copyright (c) 2006 Red Hat, Inc. All rights reserved. * * This copyrighted material is made available to anyone wishing to use, * modify, copy, or redistribute it subject to the terms and conditions of Index: status.h =================================================================== RCS file: /cvs/dirsec/mod_revocator/status.h,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- status.h 3 Aug 2006 19:39:34 -0000 1.1.1.1 +++ status.h 4 Aug 2006 18:53:09 -0000 1.2 @@ -1,5 +1,5 @@ /** BEGIN COPYRIGHT BLOCK - * Copyright ?? 2006 Red Hat, Inc. All rights reserved. + * Copyright (c) 2006 Red Hat, Inc. All rights reserved. * * This copyrighted material is made available to anyone wishing to use, * modify, copy, or redistribute it subject to the terms and conditions of Index: unescape.cpp =================================================================== RCS file: /cvs/dirsec/mod_revocator/unescape.cpp,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- unescape.cpp 3 Aug 2006 19:39:34 -0000 1.1.1.1 +++ unescape.cpp 4 Aug 2006 18:53:09 -0000 1.2 @@ -1,5 +1,5 @@ /** BEGIN COPYRIGHT BLOCK - * Copyright ?? 2006 Red Hat, Inc. All rights reserved. + * Copyright (c) 2006 Red Hat, Inc. All rights reserved. * * This copyrighted material is made available to anyone wishing to use, * modify, copy, or redistribute it subject to the terms and conditions of Index: unescape.h =================================================================== RCS file: /cvs/dirsec/mod_revocator/unescape.h,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- unescape.h 3 Aug 2006 19:39:34 -0000 1.1.1.1 +++ unescape.h 4 Aug 2006 18:53:09 -0000 1.2 @@ -1,5 +1,5 @@ /** BEGIN COPYRIGHT BLOCK - * Copyright ?? 2006 Red Hat, Inc. All rights reserved. + * Copyright (c) 2006 Red Hat, Inc. All rights reserved. * * This copyrighted material is made available to anyone wishing to use, * modify, copy, or redistribute it subject to the terms and conditions of From fedora-directory-commits at redhat.com Fri Aug 4 18:54:49 2006 From: fedora-directory-commits at redhat.com (Robert Crittenden (rcritten)) Date: Fri, 4 Aug 2006 11:54:49 -0700 Subject: [Fedora-directory-commits] mod_revocator/autom4te.cache output.0, 1.1.1.1, NONE requests, 1.1.1.1, NONE traces.0, 1.1.1.1, NONE Message-ID: <200608041854.k74IsnOl022407@cvs-int.fedora.redhat.com> Author: rcritten Update of /cvs/dirsec/mod_revocator/autom4te.cache In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv22392/autom4te.cache Removed Files: output.0 requests traces.0 Log Message: This shouldn't be in the tree --- output.0 DELETED --- --- requests DELETED --- --- traces.0 DELETED --- From fedora-directory-commits at redhat.com Mon Aug 7 20:27:58 2006 From: fedora-directory-commits at redhat.com (Robert Crittenden (rcritten)) Date: Mon, 7 Aug 2006 13:27:58 -0700 Subject: [Fedora-directory-commits] mod_revocator Makefile.am, 1.1.1.1, 1.2 configure.in, 1.1.1.1, 1.2 aclocal.m4, 1.1.1.1, 1.2 Makefile.in, 1.1.1.1, 1.2 configure, 1.1.1.1, 1.2 Message-ID: <200608072027.k77KRwU7021353@cvs-int.fedora.redhat.com> Author: rcritten Update of /cvs/dirsec/mod_revocator In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv21305 Modified Files: Makefile.am configure.in aclocal.m4 Makefile.in configure Log Message: - Remove unused variables nss_dir and nspr_dir - Fix error message if LDAPSDK is not found. - If using pkg-config for NSS configuration and nss_lib is empty, populate nss_dir with /usr/lib/and set nss_lib_dir as well. - Fix test for libnssb.a Index: configure.in =================================================================== RCS file: /cvs/dirsec/mod_revocator/configure.in,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- configure.in 3 Aug 2006 19:39:29 -0000 1.1.1.1 +++ configure.in 7 Aug 2006 20:27:55 -0000 1.2 @@ -231,6 +231,11 @@ if $PKG_CONFIG --exists nss; then nss_inc=`$PKG_CONFIG --cflags-only-I nss` nss_lib=`$PKG_CONFIG --libs-only-L nss` + nss_lib_dir=$nss_lib + if test "$nss_lib" = " "; then + nss_lib=-L"/usr/lib" + nss_lib_dir="/usr/lib" + fi else AC_MSG_ERROR([NSS not found, specify with --with-nss.]) fi @@ -258,7 +263,7 @@ # check for --with-ldapsdk-inc AC_MSG_CHECKING(for --with-ldapsdk-inc) -AC_ARG_WITH(ldapsdk-inc, [ --with-ldapsdk-inc=PATH LDAP SDK include directory], +AC_ARG_WITH(ldapsdk-inc, [ --with-ldapsdk-inc=PATH Mozilla LDAP SDK include directory], [ if test -e "$withval"/ldap.h then @@ -273,7 +278,7 @@ # check for --with-ldapsdk-lib AC_MSG_CHECKING(for --with-ldapsdk-lib) -AC_ARG_WITH(ldapsdk-lib, [ --with-ldapsdk-lib=PATH LDAP SDK library directory], +AC_ARG_WITH(ldapsdk-lib, [ --with-ldapsdk-lib=PATH Mozilla LDAP SDK library directory], [ if test -d "$withval" then @@ -300,10 +305,7 @@ fi fi -nspr_dir=`echo "$nspr_lib" | sed 's/\/lib[[/]]*$//' | sed 's/-L//'` -nss_dir=`echo "$nss_lib" | sed 's/\/lib[[/]]*$//' | sed 's/-L//'` - -if ! test -e "$nss_dir"/libnssb.a +if ! test -e "$nss_lib_dir"/libnssb.a then AC_MSG_ERROR([NSS is installed but the PKCS11 development package is missing. Need libnssb.a]) fi @@ -322,8 +324,6 @@ AC_SUBST(nss_inc) AC_SUBST(nss_lib) AC_SUBST(nss_lib_dir) -AC_SUBST(nspr_dir) -AC_SUBST(nss_dir) AC_SUBST(ldapsdk_inc) AC_SUBST(ldapsdk_lib) Index: Makefile.in =================================================================== RCS file: /cvs/dirsec/mod_revocator/Makefile.in,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- Makefile.in 3 Aug 2006 19:39:12 -0000 1.1.1.1 +++ Makefile.in 7 Aug 2006 20:27:55 -0000 1.2 @@ -107,10 +107,8 @@ install_sh = @install_sh@ ldapsdk_inc = @ldapsdk_inc@ ldapsdk_lib = @ldapsdk_lib@ -nspr_dir = @nspr_dir@ nspr_inc = @nspr_inc@ nspr_lib = @nspr_lib@ -nss_dir = @nss_dir@ nss_inc = @nss_inc@ nss_lib = @nss_lib@ nss_lib_dir = @nss_lib_dir@ Index: configure =================================================================== RCS file: /cvs/dirsec/mod_revocator/configure,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- configure 3 Aug 2006 19:39:29 -0000 1.1.1.1 +++ configure 7 Aug 2006 20:27:55 -0000 1.2 @@ -462,7 +462,7 @@ # include #endif" -ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA PACKAGE VERSION ACLOCAL AUTOCONF AUTOMAKE AUTOHEADER MAKEINFO AMTAR install_sh STRIP ac_ct_STRIP INSTALL_STRIP_PROGRAM AWK SET_MAKE CXX CXXFLAGS LDFLAGS CPPFLAGS ac_ct_CXX EXEEXT OBJEXT DEPDIR am__include am__quote AMDEP_TRUE AMDEP_FALSE AMDEPBACKSLASH CXXDEPMODE CC CFLAGS ac_ct_CC CCDEPMODE build build_cpu build_vendor build_os host host_cpu host_vendor host_os EGREP LN_S ECHO AR ac_ct_AR RANLIB ac_ct_RANLIB CPP CXXCPP F77 FFLAGS ac_ct_F77 LIBTOOL YACC LEX LEXLIB LEX_OUTPUT_ROOT APR_CONFIG APXS PKG_CONFIG SHARED_LINK apr_inc apache_inc apache_conf apache_prefix apache_bin extra_cppflags nspr_! inc nspr_lib nss_inc nss_lib nss_lib_dir nspr_dir nss_dir ldapsdk_inc ldapsdk_lib LIBOBJS LTLIBOBJS' +ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA PACKAGE VERSION ACLOCAL AUTOCONF AUTOMAKE AUTOHEADER MAKEINFO AMTAR install_sh STRIP ac_ct_STRIP INSTALL_STRIP_PROGRAM AWK SET_MAKE CXX CXXFLAGS LDFLAGS CPPFLAGS ac_ct_CXX EXEEXT OBJEXT DEPDIR am__include am__quote AMDEP_TRUE AMDEP_FALSE AMDEPBACKSLASH CXXDEPMODE CC CFLAGS ac_ct_CC CCDEPMODE build build_cpu build_vendor build_os host host_cpu host_vendor host_os EGREP LN_S ECHO AR ac_ct_AR RANLIB ac_ct_RANLIB CPP CXXCPP F77 FFLAGS ac_ct_F77 LIBTOOL YACC LEX LEXLIB LEX_OUTPUT_ROOT APR_CONFIG APXS PKG_CONFIG SHARED_LINK apr_inc apache_inc apache_conf apache_prefix apache_bin extra_cppflags nspr_! inc nspr_lib nss_inc nss_lib nss_lib_dir ldapsdk_inc ldapsdk_lib LIBOBJS LTLIBOBJS' ac_subst_files='' # Initialize some variables set by options. @@ -1049,8 +1049,8 @@ --with-nss-inc=PATH Network Security Services (NSS) include directory --with-nss-lib=PATH Network Security Services (NSS) library directory --with-ldapsdk=PATH LDAP SDK directory - --with-ldapsdk-inc=PATH LDAP SDK include directory - --with-ldapsdk-lib=PATH LDAP SDK library directory + --with-ldapsdk-inc=PATH Mozilla LDAP SDK include directory + --with-ldapsdk-lib=PATH Mozilla LDAP SDK library directory Some influential environment variables: CXX C++ compiler command @@ -20704,6 +20704,11 @@ if $PKG_CONFIG --exists nss; then nss_inc=`$PKG_CONFIG --cflags-only-I nss` nss_lib=`$PKG_CONFIG --libs-only-L nss` + nss_lib_dir=$nss_lib + if test "$nss_lib" = " "; then + nss_lib=-L"/usr/lib" + nss_lib_dir="/usr/lib" + fi else { { echo "$as_me:$LINENO: error: NSS not found, specify with --with-nss." >&5 echo "$as_me: error: NSS not found, specify with --with-nss." >&2;} @@ -20847,10 +20852,7 @@ fi fi -nspr_dir=`echo "$nspr_lib" | sed 's/\/lib[/]*$//' | sed 's/-L//'` -nss_dir=`echo "$nss_lib" | sed 's/\/lib[/]*$//' | sed 's/-L//'` - -if ! test -e "$nss_dir"/libnssb.a +if ! test -e "$nss_lib_dir"/libnssb.a then { { echo "$as_me:$LINENO: error: NSS is installed but the PKCS11 development package is missing. Need libnssb.a" >&5 echo "$as_me: error: NSS is installed but the PKCS11 development package is missing. Need libnssb.a" >&2;} @@ -20874,8 +20876,6 @@ - - # Write config.status and the Makefile ac_config_files="$ac_config_files Makefile" cat >confcache <<\_ACEOF @@ -21607,8 +21607,6 @@ s, at nss_inc@,$nss_inc,;t t s, at nss_lib@,$nss_lib,;t t s, at nss_lib_dir@,$nss_lib_dir,;t t -s, at nspr_dir@,$nspr_dir,;t t -s, at nss_dir@,$nss_dir,;t t s, at ldapsdk_inc@,$ldapsdk_inc,;t t s, at ldapsdk_lib@,$ldapsdk_lib,;t t s, at LIBOBJS@,$LIBOBJS,;t t From fedora-directory-commits at redhat.com Tue Aug 8 20:04:46 2006 From: fedora-directory-commits at redhat.com (Robert Crittenden (rcritten)) Date: Tue, 8 Aug 2006 13:04:46 -0700 Subject: [Fedora-directory-commits] mod_admserv mod_admserv.c,1.26,1.27 Message-ID: <200608082004.k78K4kNc000331@cvs-int.fedora.redhat.com> Author: rcritten Update of /cvs/dirsec/mod_admserv In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv32710 Modified Files: mod_admserv.c Log Message: 200988 Use a macro so HP/ux can use their own setresuid() call instead of seteuid. apxs provides the define we need via: apxs -q EXTRA_CPPFLAGS Index: mod_admserv.c =================================================================== RCS file: /cvs/dirsec/mod_admserv/mod_admserv.c,v retrieving revision 1.26 retrieving revision 1.27 diff -u -r1.26 -r1.27 --- mod_admserv.c 17 Jul 2006 19:01:29 -0000 1.26 +++ mod_admserv.c 8 Aug 2006 20:04:43 -0000 1.27 @@ -65,6 +65,12 @@ #include "mod_admserv.h" +#if defined(HPUX) || defined(HPUX10) || defined(HPUX11) +#define SETEUID(id) setresuid((uid_t) -1, id, (uid_t) -1) +#else +#define SETEUID(id) seteuid(id) +#endif + /* * These are keys for items we store in r->notes to pass data from one stage * in the request to another. They must be unique. If necessary, prefix @@ -2031,7 +2037,7 @@ #ifdef CHANGE_EUID /* make sure pset creates the cache file owned by the server uid, not root */ if (geteuid() == 0) { - seteuid(unixd_config.user_id); + SETEUID(unixd_config.user_id); reseteuid = 1; } #endif /* CHANGE_EUID */ @@ -2044,7 +2050,7 @@ #ifdef CHANGE_EUID if (reseteuid) { - seteuid(0); + SETEUID(0); } #endif /* CHANGE_EUID */ From fedora-directory-commits at redhat.com Wed Aug 9 19:17:59 2006 From: fedora-directory-commits at redhat.com (Robert Crittenden (rcritten)) Date: Wed, 9 Aug 2006 12:17:59 -0700 Subject: [Fedora-directory-commits] mod_nss nss_engine_kernel.c, 1.5, 1.6 mod_nss.c, 1.13, 1.14 mod_nss.h, 1.13, 1.14 Message-ID: <200608091917.k79JHxLC029548@cvs-int.fedora.redhat.com> Author: rcritten Update of /cvs/dirsec/mod_nss In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv29483 Modified Files: nss_engine_kernel.c mod_nss.c mod_nss.h Log Message: Merge in changes from http://svn.apache.org/viewvc?view=rev&revision=161958 The issue was that mod_ssl wasn't always picking up ssl-unclean-shutdown settings. This isn't an issue for mod_nss since it doesn't support separate shutdown modes, but this does simplify the code a bit. * mod_nss.h: Remove nss_hook_Translate. * nss_engine_kernel.c (nss_hook_ReadReq): Merge in nss_hook_Translate. (nss_hook_Translate): Remove. * mod_nss.c (nss_register_hooks): Ensure that _ReadReq hook runs after mod_setenvif.c; don't register translate_name hook. Index: nss_engine_kernel.c =================================================================== RCS file: /cvs/dirsec/mod_nss/nss_engine_kernel.c,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- nss_engine_kernel.c 7 Apr 2006 20:17:12 -0000 1.5 +++ nss_engine_kernel.c 9 Aug 2006 19:17:56 -0000 1.6 @@ -23,6 +23,7 @@ int nss_hook_ReadReq(request_rec *r) { SSLConnRec *sslconn = myConnConfig(r->connection); + PRFileDesc *ssl = sslconn ? sslconn->ssl : NULL; if (!sslconn) { return DECLINED; @@ -62,19 +63,13 @@ return HTTP_BAD_REQUEST; } - return DECLINED; -} - -/* - * URL Translation Handler - */ -int nss_hook_Translate(request_rec *r) -{ - SSLConnRec *sslconn = myConnConfig(r->connection); - - if (!(sslconn && sslconn->ssl)) { + /* Get the SSL connection structure and perform the + * delayed interlinking from SSL back to request_rec + */ + if (!ssl) { return DECLINED; } + /* * Log information about incoming HTTPS requests */ @@ -92,7 +87,6 @@ return DECLINED; } - /* * Access Handler */ Index: mod_nss.c =================================================================== RCS file: /cvs/dirsec/mod_nss/mod_nss.c,v retrieving revision 1.13 retrieving revision 1.14 diff -u -r1.13 -r1.14 --- mod_nss.c 3 Aug 2006 13:29:05 -0000 1.13 +++ mod_nss.c 9 Aug 2006 19:17:56 -0000 1.14 @@ -395,6 +395,10 @@ static void nss_register_hooks(apr_pool_t *p) { + /* nss_hook_ReadReq needs to use the BrowserMatch settings so must + * run after mod_setenvif's post_read_request hook. */ + static const char *pre_prr[] = { "mod_setenvif.c", NULL }; + nss_io_filter_register(p); ap_hook_pre_connection(nss_hook_pre_connection,NULL,NULL, APR_HOOK_MIDDLE); @@ -407,12 +411,11 @@ ap_hook_default_port (nss_hook_default_port, NULL,NULL, APR_HOOK_MIDDLE); ap_hook_pre_config (nss_hook_pre_config, NULL,NULL, APR_HOOK_MIDDLE); ap_hook_child_init (nss_init_Child, NULL,NULL, APR_HOOK_MIDDLE); - ap_hook_translate_name(nss_hook_Translate, NULL,NULL, APR_HOOK_MIDDLE); ap_hook_check_user_id (nss_hook_UserCheck, NULL,NULL, APR_HOOK_FIRST); ap_hook_fixups (nss_hook_Fixup, NULL,NULL, APR_HOOK_MIDDLE); ap_hook_access_checker(nss_hook_Access, NULL,NULL, APR_HOOK_MIDDLE); ap_hook_auth_checker (nss_hook_Auth, NULL,NULL, APR_HOOK_MIDDLE); - ap_hook_post_read_request(nss_hook_ReadReq, NULL,NULL, APR_HOOK_MIDDLE); + ap_hook_post_read_request(nss_hook_ReadReq, pre_prr,NULL, APR_HOOK_MIDDLE); nss_var_register(); Index: mod_nss.h =================================================================== RCS file: /cvs/dirsec/mod_nss/mod_nss.h,v retrieving revision 1.13 retrieving revision 1.14 diff -u -r1.13 -r1.14 --- mod_nss.h 3 Aug 2006 13:29:05 -0000 1.13 +++ mod_nss.h 9 Aug 2006 19:17:56 -0000 1.14 @@ -403,7 +403,6 @@ int nss_parse_ciphers(server_rec *s, char *ciphers, PRBool cipher_list[ciphernum]); /* Apache API hooks */ -int nss_hook_Translate(request_rec *r); int nss_hook_UserCheck(request_rec *r); int nss_hook_Fixup(request_rec *r); int nss_hook_Access(request_rec *r); From fedora-directory-commits at redhat.com Wed Aug 9 19:31:20 2006 From: fedora-directory-commits at redhat.com (Robert Crittenden (rcritten)) Date: Wed, 9 Aug 2006 12:31:20 -0700 Subject: [Fedora-directory-commits] mod_nss nss_engine_vars.c, 1.7, 1.8 nss_engine_kernel.c, 1.6, 1.7 Message-ID: <200608091931.k79JVKAf029619@cvs-int.fedora.redhat.com> Author: rcritten Update of /cvs/dirsec/mod_nss In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv29576 Modified Files: nss_engine_vars.c nss_engine_kernel.c Log Message: Merge in changes from http://svn.apache.org/viewvc?view=rev&revision=104700 * nss_engine_vars.c (nss_var_lookup_ssl_cert_remain): New function. (nss_var_lookup_nss_cert): Support _V_REMAIN suffix for SSL_{SERVER,CLIENT} as number of days until certificate expires. * nss_engine_kernel.c: Export SSL_CLIENT_V_REMAIN if +StdEnvVars is configured. Index: nss_engine_vars.c =================================================================== RCS file: /cvs/dirsec/mod_nss/nss_engine_vars.c,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- nss_engine_vars.c 3 Aug 2006 13:29:05 -0000 1.7 +++ nss_engine_vars.c 9 Aug 2006 19:31:18 -0000 1.8 @@ -32,6 +32,7 @@ static char *nss_var_lookup_nss_cert(apr_pool_t *p, CERTCertificate *xs, char *var, conn_rec *c); static char *nss_var_lookup_nss_cert_dn(apr_pool_t *p, CERTName *cert, char *var); static char *nss_var_lookup_nss_cert_valid(apr_pool_t *p, CERTCertificate *xs, int type); +static char *ssl_var_lookup_ssl_cert_remain(apr_pool_t *p, CERTCertificate *xs); static char *nss_var_lookup_nss_cert_chain(apr_pool_t *p, CERTCertificate *cert,char *var); static char *nss_var_lookup_nss_cert_PEM(apr_pool_t *p, CERTCertificate *xs); static char *nss_var_lookup_nss_cert_verify(apr_pool_t *p, conn_rec *c); @@ -314,6 +315,10 @@ else if (strcEQ(var, "V_END")) { result = nss_var_lookup_nss_cert_valid(p, xs, CERT_NOTAFTER); } + else if (strcEQ(var, "V_REMAIN")) { + result = ssl_var_lookup_ssl_cert_remain(p, xs); + resdup = FALSE; + } else if (strcEQ(var, "S_DN")) { xsname = CERT_NameToAscii(&xs->subject); result = apr_pstrdup(p, xsname); @@ -441,6 +446,29 @@ return result; } +/* Return a string giving the number of days remaining until the cert + * expires "0" if this can't be determined. + * + * In mod_ssl this is more generic, passing in a time to calculate against, + * but I see no point in converting the end date into a string and back again. + */ +static char *ssl_var_lookup_ssl_cert_remain(apr_pool_t *p, CERTCertificate *xs) +{ + PRTime notBefore, notAfter; + PRTime now, diff; + + CERT_GetCertTimes(xs, ¬Before, ¬After); + now = PR_Now(); + + /* Both times are relative to the epoch, so no TZ calcs are needed */ + diff = notAfter - now; + + /* PRTime is in microseconds so convert to seconds before days */ + diff = (diff / PR_USEC_PER_SEC) / (60*60*24); + + return (diff > 0) ? apr_itoa(p, diff) : apr_pstrdup(p, "0"); +} + static char *nss_var_lookup_nss_cert_chain(apr_pool_t *p, CERTCertificate *cert, char *var) { char *result; Index: nss_engine_kernel.c =================================================================== RCS file: /cvs/dirsec/mod_nss/nss_engine_kernel.c,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- nss_engine_kernel.c 9 Aug 2006 19:17:56 -0000 1.6 +++ nss_engine_kernel.c 9 Aug 2006 19:31:18 -0000 1.7 @@ -732,6 +732,7 @@ "SSL_CLIENT_M_SERIAL", "SSL_CLIENT_V_START", "SSL_CLIENT_V_END", + "SSL_CLIENT_V_REMAIN", "SSL_CLIENT_S_DN", "SSL_CLIENT_S_DN_C", "SSL_CLIENT_S_DN_ST", From fedora-directory-commits at redhat.com Wed Aug 9 20:11:48 2006 From: fedora-directory-commits at redhat.com (Robert Crittenden (rcritten)) Date: Wed, 9 Aug 2006 13:11:48 -0700 Subject: [Fedora-directory-commits] mod_nss mod_nss.h, 1.14, 1.15 nss_engine_io.c, 1.6, 1.7 nss_engine_kernel.c, 1.7, 1.8 Message-ID: <200608092011.k79KBmWm001107@cvs-int.fedora.redhat.com> Author: rcritten Update of /cvs/dirsec/mod_nss In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv903 Modified Files: mod_nss.h nss_engine_io.c nss_engine_kernel.c Log Message: Merge in changes from http://svn.apache.org/viewvc?view=rev&revision=290965 Implement a (bounded) buffer of request body data to provide a limited but safe fix for the mod_nss renegotiation-vs-requests-with-bodies bug: * mod_nss.h (nss_io_buffer_fill): Add prototype. * nss_engine_io.c (nss_io_buffer_fill, nss_io_filter_buffer): New functions. * nss_engine_kernel.c (nss_hook_Access): If a renegotiation is needed, and the request has a non-zero content-length, or a t-e header (and 100-continue was not requested), call nss_io_buffer_fill to set aside the request body data if possible, then proceed with the negotiation. PR: 12355 Index: mod_nss.h =================================================================== RCS file: /cvs/dirsec/mod_nss/mod_nss.h,v retrieving revision 1.14 retrieving revision 1.15 diff -u -r1.14 -r1.15 --- mod_nss.h 9 Aug 2006 19:17:56 -0000 1.14 +++ mod_nss.h 9 Aug 2006 20:11:45 -0000 1.15 @@ -447,6 +447,10 @@ void nss_util_ppclose(server_rec *, apr_pool_t *, apr_file_t *); char *nss_util_readfilter(server_rec *, apr_pool_t *, const char *, const char * const *); +/* ssl_io_buffer_fill fills the setaside buffering of the HTTP request + * to allow an SSL renegotiation to take place. */ +int nss_io_buffer_fill(request_rec *r); + int nss_rand_seed(server_rec *s, apr_pool_t *p, ssl_rsctx_t nCtx, char *prefix); /* Pass Phrase Handling */ Index: nss_engine_io.c =================================================================== RCS file: /cvs/dirsec/mod_nss/nss_engine_io.c,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- nss_engine_io.c 7 Apr 2006 20:17:12 -0000 1.6 +++ nss_engine_io.c 9 Aug 2006 20:11:45 -0000 1.7 @@ -602,6 +602,7 @@ } static const char nss_io_filter[] = "NSS SSL/TLS Filter"; +static const char nss_io_buffer[] = "NSS SSL/TLS Buffer"; static apr_status_t nss_filter_io_shutdown(nss_filter_ctx_t *filter_ctx, conn_rec *c, @@ -916,6 +917,180 @@ return; } +/* 128K maximum buffer size by default. */ +#ifndef SSL_MAX_IO_BUFFER +#define SSL_MAX_IO_BUFFER (128 * 1024) +#endif + +struct modnss_buffer_ctx { + apr_bucket_brigade *bb; +}; + +int nss_io_buffer_fill(request_rec *r) +{ + conn_rec *c = r->connection; + struct modnss_buffer_ctx *ctx; + apr_bucket_brigade *tempb; + apr_off_t total = 0; /* total length buffered */ + int eos = 0; /* non-zero once EOS is seen */ + + /* Create the context which will be passed to the input filter. */ + ctx = apr_palloc(r->pool, sizeof *ctx); + ctx->bb = apr_brigade_create(r->pool, c->bucket_alloc); + + /* ... and a temporary brigade. */ + tempb = apr_brigade_create(r->pool, c->bucket_alloc); + + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "filling buffer"); + + do { + apr_status_t rv; + apr_bucket *e, *next; + + /* The request body is read from the protocol-level input + * filters; the buffering filter will reinject it from that + * level, allowing content/resource filters to run later, if + * necessary. */ + + rv = ap_get_brigade(r->proto_input_filters, tempb, AP_MODE_READBYTES, + APR_BLOCK_READ, 8192); + if (rv) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, + "could not read request body for SSL buffer"); + return HTTP_INTERNAL_SERVER_ERROR; + } + + /* Iterate through the returned brigade: setaside each bucket + * into the context's pool and move it into the brigade. */ + for (e = APR_BRIGADE_FIRST(tempb); + e != APR_BRIGADE_SENTINEL(tempb) && !eos; e = next) { + const char *data; + apr_size_t len; + + next = APR_BUCKET_NEXT(e); + + if (APR_BUCKET_IS_EOS(e)) { + eos = 1; + } else if (!APR_BUCKET_IS_METADATA(e)) { + rv = apr_bucket_read(e, &data, &len, APR_BLOCK_READ); + if (rv != APR_SUCCESS) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, + "could not read bucket for SSL buffer"); + return HTTP_INTERNAL_SERVER_ERROR; + } + total += len; + } + + rv = apr_bucket_setaside(e, r->pool); + if (rv != APR_SUCCESS) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, + "could not setaside bucket for SSL buffer"); + return HTTP_INTERNAL_SERVER_ERROR; + } + + APR_BUCKET_REMOVE(e); + APR_BRIGADE_INSERT_TAIL(ctx->bb, e); + } + + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, + "total of %" APR_OFF_T_FMT " bytes in buffer, eos=%d", + total, eos); + + /* Fail if this exceeds the maximum buffer size. */ + if (total > SSL_MAX_IO_BUFFER) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + "request body exceeds maximum size for SSL buffer"); + return HTTP_REQUEST_ENTITY_TOO_LARGE; + } + + } while (!eos); + + apr_brigade_destroy(tempb); + + /* Insert the filter which will supply the buffered data. */ + ap_add_input_filter(nss_io_buffer, ctx, r, c); + + return 0; +} + +/* This input filter supplies the buffered request body to the caller + * from the brigade stored in f->ctx. */ +static apr_status_t nss_io_filter_buffer(ap_filter_t *f, + apr_bucket_brigade *bb, + ap_input_mode_t mode, + apr_read_type_e block, + apr_off_t bytes) +{ + struct modnss_buffer_ctx *ctx = f->ctx; + apr_status_t rv; + + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, f->r, + "read from buffered SSL brigade, mode %d, " + "%" APR_OFF_T_FMT " bytes", + mode, bytes); + + if (mode != AP_MODE_READBYTES && mode != AP_MODE_GETLINE) { + return APR_ENOTIMPL; + } + + if (mode == AP_MODE_READBYTES) { + apr_bucket *e; + + /* Partition the buffered brigade. */ + rv = apr_brigade_partition(ctx->bb, bytes, &e); + if (rv && rv != APR_INCOMPLETE) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, f->r, + "could not partition buffered SSL brigade"); + ap_remove_input_filter(f); + return rv; + } + + /* If the buffered brigade contains less then the requested + * length, just pass it all back. */ + if (rv == APR_INCOMPLETE) { + APR_BRIGADE_CONCAT(bb, ctx->bb); + } else { + apr_bucket *d = APR_BRIGADE_FIRST(ctx->bb); + + e = APR_BUCKET_PREV(e); + + /* Unsplice the partitioned segment and move it into the + * passed-in brigade; no convenient way to do this with + * the APR_BRIGADE_* macros. */ + APR_RING_UNSPLICE(d, e, link); + APR_RING_SPLICE_HEAD(&bb->list, d, e, apr_bucket, link); + } + } + else { + /* Split a line into the passed-in brigade. */ + rv = apr_brigade_split_line(bb, ctx->bb, mode, bytes); + + if (rv) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, f->r, + "could not split line from buffered SSL brigade"); + ap_remove_input_filter(f); + return rv; + } + } + + if (APR_BRIGADE_EMPTY(ctx->bb)) { + apr_bucket *e = APR_BRIGADE_LAST(bb); + + /* Ensure that the brigade is terminated by an EOS if the + * buffered request body has been entirely consumed. */ + if (e == APR_BRIGADE_SENTINEL(bb) || !APR_BUCKET_IS_EOS(e)) { + e = apr_bucket_eos_create(f->c->bucket_alloc); + APR_BRIGADE_INSERT_TAIL(bb, e); + } + + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, f->r, + "buffered SSL brigade now exhausted; removing filter"); + ap_remove_input_filter(f); + } + + return APR_SUCCESS; +} + static void nss_io_input_add_filter(nss_filter_ctx_t *filter_ctx, conn_rec *c, PRFileDesc *ssl) { @@ -962,6 +1137,7 @@ { ap_register_input_filter (nss_io_filter, nss_io_filter_input, NULL, AP_FTYPE_CONNECTION + 5); ap_register_output_filter (nss_io_filter, nss_io_filter_output, NULL, AP_FTYPE_CONNECTION + 5); + ap_register_input_filter (nss_io_buffer, nss_io_filter_buffer, NULL, AP_FTYPE_PROTOCOL - 1); return; } Index: nss_engine_kernel.c =================================================================== RCS file: /cvs/dirsec/mod_nss/nss_engine_kernel.c,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- nss_engine_kernel.c 9 Aug 2006 19:31:18 -0000 1.7 +++ nss_engine_kernel.c 9 Aug 2006 20:11:45 -0000 1.8 @@ -312,73 +312,35 @@ } } - /* - * SSL renegotiations in conjunction with HTTP - * requests using the POST method are not supported. - * - * Background: - * - * 1. When the client sends a HTTP/HTTPS request, Apache's core code - * reads only the request line ("METHOD /path HTTP/x.y") and the - * attached MIME headers ("Foo: bar") up to the terminating line ("CR - * LF"). An attached request body (for instance the data of a POST - * method) is _NOT_ read. Instead it is read by mod_cgi's content - * handler and directly passed to the CGI script. - * - * 2. mod_ssl supports per-directory re-configuration of SSL parameters. - * This is implemented by performing an SSL renegotiation of the - * re-configured parameters after the request is read, but before the - * response is sent. In more detail: the renegotiation happens after the - * request line and MIME headers were read, but _before_ the attached - * request body is read. The reason simply is that in the HTTP protocol - * usually there is no acknowledgment step between the headers and the - * body (there is the 100-continue feature and the chunking facility - * only), so Apache has no API hook for this step. - * - * 3. the problem now occurs when the client sends a POST request for - * URL /foo via HTTPS the server and the server has SSL parameters - * re-configured on a per-URL basis for /foo. Then mod_ssl has to - * perform an SSL renegotiation after the request was read and before - * the response is sent. But the problem is the pending POST body data - * in the receive buffer of SSL (which Apache still has not read - it's - * pending until mod_cgi sucks it in). When mod_ssl now tries to perform - * the renegotiation the pending data leads to an I/O error. - * - * Solution Idea: - * - * There are only two solutions: Either to simply state that POST - * requests to URLs with SSL re-configurations are not allowed, or to - * renegotiate really after the _complete_ request (i.e. including - * the POST body) was read. Obviously the latter would be preferred, - * but it cannot be done easily inside Apache, because as already - * mentioned, there is no API step between the body reading and the body - * processing. And even when we mod_ssl would hook directly into the - * loop of mod_cgi, we wouldn't solve the problem for other handlers, of - * course. So the only general solution is to suck in the pending data - * of the request body from the OpenSSL BIO into the Apache BUFF. Then - * the renegotiation can be done and after this step Apache can proceed - * processing the request as before. + /* If a renegotiation is now required for this location, and the + * request includes a message body (and the client has not + * requested a "100 Continue" response), then the client will be + * streaming the request body over the wire already. In that + * case, it is not possible to stop and perform a new SSL + * handshake immediately; once the SSL library moves to the + * "accept" state, it will reject the SSL packets which the client + * is sending for the request body. * - * Solution Implementation: - * - * We cannot simply suck in the data via an SSL_read-based loop because of - * HTTP chunking. Instead we _have_ to use the Apache API for this step which - * is aware of HTTP chunking. So the trick is to suck in the pending request - * data via the Apache API (which uses Apache's BUFF code and in the - * background mod_ssl's I/O glue code) and re-inject it later into the Apache - * BUFF code again. This way the data flows twice through the Apache BUFF, of - * course. But this way the solution doesn't depend on any Apache specifics - * and is fully transparent to Apache modules. - * - * !! BUT ALL THIS IS STILL NOT RE-IMPLEMENTED FOR APACHE 2.0 !! - */ - if (renegotiate && !renegotiate_quick && (r->method_number == M_POST)) { - ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server, - "SSL Re-negotiation in conjunction " - "with POST method not supported!" - "hint: try NSSOptions +OptRenegotiate"); + * To allow authentication to complete in this auth hook, the + * solution used here is to fill a (bounded) buffer with the + * request body, and then to reinject that request body later. + */ + if (renegotiate && !renegotiate_quick + && (apr_table_get(r->headers_in, "transfer-encoding") + || (apr_table_get(r->headers_in, "content-length") + && strcmp(apr_table_get(r->headers_in, "content-length"), "0"))) + && !r->expecting_100) { + int rv; - return HTTP_METHOD_NOT_ALLOWED; + /* Fill the I/O buffer with the request body if possible. */ + rv = nss_io_buffer_fill(r); + + if (rv) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + "could not buffer message body to allow " + "SSL renegotiation to proceed"); + return rv; + } } /* From fedora-directory-commits at redhat.com Wed Aug 9 20:32:50 2006 From: fedora-directory-commits at redhat.com (Robert Crittenden (rcritten)) Date: Wed, 9 Aug 2006 13:32:50 -0700 Subject: [Fedora-directory-commits] mod_nss nss_engine_kernel.c,1.8,1.9 Message-ID: <200608092032.k79KWokK002006@cvs-int.fedora.redhat.com> Author: rcritten Update of /cvs/dirsec/mod_nss In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv1959 Modified Files: nss_engine_kernel.c Log Message: Merge in http://svn.apache.org/viewvc?view=rev&revision=354394 * nss_engine_kernel.c (nss_hook_Access): Omit further access control checks if SSL is not in use regardless of vhost settings. Index: nss_engine_kernel.c =================================================================== RCS file: /cvs/dirsec/mod_nss/nss_engine_kernel.c,v retrieving revision 1.8 retrieving revision 1.9 diff -u -r1.8 -r1.9 --- nss_engine_kernel.c 9 Aug 2006 20:11:45 -0000 1.8 +++ nss_engine_kernel.c 9 Aug 2006 20:32:47 -0000 1.9 @@ -126,11 +126,14 @@ } /* - * Check to see if SSL protocol is on + * Check to see if SSL protocol is enabled. If it's not then + * no further access control checks are relevant. The test for + * sc->enabled is probably strictly unnecessary */ - if (!(sc->enabled || ssl)) { + if (!(sc->enabled || !ssl)) { return DECLINED; } + /* * Support for per-directory reconfigured SSL connection parameters. * From fedora-directory-commits at redhat.com Fri Aug 18 00:40:28 2006 From: fedora-directory-commits at redhat.com (Robert Relyea (rrelyea)) Date: Thu, 17 Aug 2006 17:40:28 -0700 Subject: [Fedora-directory-commits] coolkey/src/libckyapplet Makefile.in, 1.3, 1.4 Message-ID: <200608180040.k7I0eSO2024536@cvs-int.fedora.redhat.com> Author: rrelyea Update of /cvs/dirsec/coolkey/src/libckyapplet In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv24515 Modified Files: Makefile.in Log Message: Add -no-undefines so that Windows will actually build a shared library. Index: Makefile.in =================================================================== RCS file: /cvs/dirsec/coolkey/src/libckyapplet/Makefile.in,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- Makefile.in 10 Jun 2006 00:51:09 -0000 1.3 +++ Makefile.in 18 Aug 2006 00:40:25 -0000 1.4 @@ -238,7 +238,7 @@ dynlink.c quote = \" -libckyapplet_la_LDFLAGS = -version-info 1:0:0 +libckyapplet_la_LDFLAGS = -version-info 1:0:0 -no-undefined libckyapplet_la_CFLAGS = $(CFLAGS) -DSCARD_LIB_NAME=$(quote)$(SCARD_LIB_NAME)$(quote) $(PCSC_CFLAGS) nobase_include_HEADERS = \ cky_base.h \ From fedora-directory-commits at redhat.com Fri Aug 18 00:41:44 2006 From: fedora-directory-commits at redhat.com (Robert Relyea (rrelyea)) Date: Thu, 17 Aug 2006 17:41:44 -0700 Subject: [Fedora-directory-commits] coolkey/src/coolkey Makefile.am,1.2,1.3 Message-ID: <200608180041.k7I0fiGA024568@cvs-int.fedora.redhat.com> Author: rrelyea Update of /cvs/dirsec/coolkey/src/coolkey In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv24551 Modified Files: Makefile.am Log Message: Windows build changes. Index: Makefile.am =================================================================== RCS file: /cvs/dirsec/coolkey/src/coolkey/Makefile.am,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- Makefile.am 9 Jun 2006 21:56:34 -0000 1.2 +++ Makefile.am 18 Aug 2006 00:41:42 -0000 1.3 @@ -48,10 +48,10 @@ slot.h \ $(NULL) -libcoolkeypk11_la_LDFLAGS = -module -avoid-version -export-symbols coolkeypk11.sym -libcoolkeypk11_la_CPPFLAGS = $(CPPFLAGS) -DNSS_HIDE_NONSTANDARD_OBJECTS=1 -I$(top_srcdir)/src/libckyapplet $(PCSC_CFLAGS) +libcoolkeypk11_la_LDFLAGS = -module -avoid-version -export-symbols coolkeypk11.sym -no-undefined +libcoolkeypk11_la_CPPFLAGS = $(CPPFLAGS) -DNSS_HIDE_NONSTANDARD_OBJECTS=1 -I$(top_srcdir)/src/libckyapplet $(PCSC_CFLAGS) $(ZLIB_CFLAGS) libcoolkeypk11_la_DEPENDENCIES = coolkeypk11.sym -libcoolkeypk11_la_LIBADD = @LIBCKYAPPLET@ +libcoolkeypk11_la_LIBADD = @LIBCKYAPPLET@ $(ZLIB_LIBRARY) # From fedora-directory-commits at redhat.com Fri Aug 18 00:54:46 2006 From: fedora-directory-commits at redhat.com (Robert Relyea (rrelyea)) Date: Thu, 17 Aug 2006 17:54:46 -0700 Subject: [Fedora-directory-commits] coolkey/src/libckyapplet Makefile.in, 1.4, 1.5 Message-ID: <200608180054.k7I0skgL024654@cvs-int.fedora.redhat.com> Author: rrelyea Update of /cvs/dirsec/coolkey/src/libckyapplet In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv24612/libckyapplet Modified Files: Makefile.in Log Message: Checking autobuild Makefiles with Windows build changes. Index: Makefile.in =================================================================== RCS file: /cvs/dirsec/coolkey/src/libckyapplet/Makefile.in,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- Makefile.in 18 Aug 2006 00:40:25 -0000 1.4 +++ Makefile.in 18 Aug 2006 00:54:39 -0000 1.5 @@ -238,7 +238,7 @@ dynlink.c quote = \" -libckyapplet_la_LDFLAGS = -version-info 1:0:0 -no-undefined +libckyapplet_la_LDFLAGS = -version-info 1:0:0 libckyapplet_la_CFLAGS = $(CFLAGS) -DSCARD_LIB_NAME=$(quote)$(SCARD_LIB_NAME)$(quote) $(PCSC_CFLAGS) nobase_include_HEADERS = \ cky_base.h \ From fedora-directory-commits at redhat.com Fri Aug 18 00:54:41 2006 From: fedora-directory-commits at redhat.com (Robert Relyea (rrelyea)) Date: Thu, 17 Aug 2006 17:54:41 -0700 Subject: [Fedora-directory-commits] coolkey/src/coolkey Makefile.in,1.2,1.3 Message-ID: <200608180055.k7I0tB0l024662@cvs-int.fedora.redhat.com> Author: rrelyea Update of /cvs/dirsec/coolkey/src/coolkey In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv24612/coolkey Modified Files: Makefile.in Log Message: Checking autobuild Makefiles with Windows build changes. Index: Makefile.in =================================================================== RCS file: /cvs/dirsec/coolkey/src/coolkey/Makefile.in,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- Makefile.in 9 Jun 2006 21:56:34 -0000 1.2 +++ Makefile.in 18 Aug 2006 00:54:38 -0000 1.3 @@ -253,10 +253,10 @@ slot.h \ $(NULL) -libcoolkeypk11_la_LDFLAGS = -module -avoid-version -export-symbols coolkeypk11.sym -libcoolkeypk11_la_CPPFLAGS = $(CPPFLAGS) -DNSS_HIDE_NONSTANDARD_OBJECTS=1 -I$(top_srcdir)/src/libckyapplet $(PCSC_CFLAGS) +libcoolkeypk11_la_LDFLAGS = -module -avoid-version -export-symbols coolkeypk11.sym -no-undefined +libcoolkeypk11_la_CPPFLAGS = $(CPPFLAGS) -DNSS_HIDE_NONSTANDARD_OBJECTS=1 -I$(top_srcdir)/src/libckyapplet $(PCSC_CFLAGS) $(ZLIB_CFLAGS) libcoolkeypk11_la_DEPENDENCIES = coolkeypk11.sym -libcoolkeypk11_la_LIBADD = @LIBCKYAPPLET@ +libcoolkeypk11_la_LIBADD = @LIBCKYAPPLET@ $(ZLIB_LIBRARY) all: all-recursive .SUFFIXES: From fedora-directory-commits at redhat.com Fri Aug 18 02:57:17 2006 From: fedora-directory-commits at redhat.com (Warren Togami (wtogami)) Date: Thu, 17 Aug 2006 22:57:17 -0400 Subject: [Fedora-directory-commits] test Message-ID: <44E52C8D.6010102@redhat.com> test From fedora-directory-commits at redhat.com Fri Aug 18 16:03:43 2006 From: fedora-directory-commits at redhat.com (Robert Relyea (rrelyea)) Date: Fri, 18 Aug 2006 09:03:43 -0700 Subject: [Fedora-directory-commits] coolkey configure.in,1.3,1.4 Message-ID: <200608181603.k7IG3hGS008273@cvs-int.fedora.redhat.com> Author: rrelyea Update of /cvs/dirsec/coolkey In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv8249 Modified Files: configure.in Log Message: Windows build Index: configure.in =================================================================== RCS file: /cvs/dirsec/coolkey/configure.in,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- configure.in 10 Jun 2006 00:51:08 -0000 1.3 +++ configure.in 18 Aug 2006 16:03:31 -0000 1.4 @@ -41,134 +41,85 @@ AC_DEFINE(DEBUG, 1, [Define to 1 if you want to include debugging code.]) fi -# Checks for programs. -AC_PROG_CC -AC_PROG_CXX -AC_PROG_LIBTOOL -AC_PROG_INSTALL -AC_PROG_LN_S - -# Checks for libraries. -AC_CHECK_LIB(z, uncompress, , AC_MSG_ERROR(could not locate libz compression library)) -AC_CHECK_LIB(dl, dlopen, , AC_MSG_ERROR(could not locate dynamic library services library)) - -# add our compiled static libraries -AC_SUBST(LIBCKYAPPLET) -LIBCKYAPPLET="\${top_builddir}/src/libckyapplet/libckyapplet.la" - -PCSC_MSG=no -pcsc_path=/usr -AC_SUBST(PCSC_CFLAGS) -AC_SUBST(PCSC_LIBS) -AC_SUBST(SCARD_LIB_NAME) +# +# ./config does a poor job of dealing with native OS stuff other than +# unix, detect Windows and mac and do something a little more OS +# friendly +WINDOWS=0 +MAC=0 +UNIX=0 +AC_MSG_CHECKING([platform type: ]) case "$host" in -*-*-win*) +*-*-win*|*-*-cygwin*) + AC_MSG_RESULT([Windows]) + WINDOWS=1 + ZLIB_CFLAGS=-Ic:/zlib + ZLIB_LIB=c:/zlib/zlib.dll + #OS_FLAGS=`echo $INCLUDE | tr '[[:upper:]]' '[[:lower:]]' | sed -e 's;\\\\;/;g' -e 's;.:;/cygdrive/&/;g' -e 's;:;;g' -e 's;//;/;g' -e 's/;/\" -I\"/g' -e 's;^;-I\";' -e 's;$;\";'` + CPPFLAGS="$CPPFLAGS $OS_FLAGS -DWIN32" + LDFLAGS="$LDFLAGS" + AC_MSG_WARN([changing CPPFLAGS = $CPPFLAGS ] ); SCARD_LIB_NAME="winscard.dll" + # override config defaults for windows + CC=cl + CXX=cl + CXXFLAGS="$CXXFLAGS /EHsc" ;; *-*-darwin*) + AC_MSG_RESULT([MAC]) + MAC=1 SCARD_LIB_NAME="PCSC.Framework/PCSC" PCSC_MSG=yes PCSC_CFLAGS="" PCSC_LIBS="-Wl,-framework,PCSC" ;; *) + AC_MSG_RESULT([UNIX/LINUX]) + UNIX=1 # should look it up on the local system SCARD_LIB_NAME="libpcsclite.so.1" ;; esac -saved_LIBS="$LIBS" -saved_CFLAGS="$CFLAGS" -saved_LDFLAGS="$LDFLAGS" -saved_CPPFLAGS="$CPPFLAGS" -AC_ARG_WITH(pcsclite, - [ --with-pcsclite=PATH use PC/SC Lite in PATH], - [pcsc_path=$withval]) -if test "x$pcsc_path" = "xno"; then - PCSC_MSG="no" -fi -if test "x$pcsc_path" != "xno" -a "x$PCSC_MSG" != "xyes"; then - PKG_CHECK_MODULES(PCSC, libpcsclite, [ - PCSC_MSG="yes" - AC_MSG_RESULT($PCSC_MSG) - ],[ - AC_MSG_CHECKING(for PC/SC Lite support (old style)) - for pcscdir in "" /PCSC; do - CPPFLAGS="$saved_CPPFLAGS" - LDFLAGS="$saved_LDFLAGS" - LIBS="-lpcsclite $saved_LIBS" - PCSC_CFLAGS="" - - for pcsc_libdir in $pcsc_path/lib$pcscdir \ - $pcsc_path$pcscdir/lib \ - $pcsc_path$pcscdir; do - if test -d $pcsc_libdir; then - if test -n "${need_dash_r}"; then - LDFLAGS="-R${pcsc_libdir}/ ${LDFLAGS}" - fi - LDFLAGS="-L${pcsc_libdir} ${LDFLAGS}" - fi - done - - for pcsc_incdir in $pcsc_path/include$pcscdir \ - $pcsc_path$pcscdir/include \ - $pcsc_path$pcscdir; do - if test -d $pcsc_incdir; then - PCSC_CFLAGS="-I${pcsc_incdir}" - break; - fi - done - - CPPFLAGS="${PCSC_CFLAGS} ${CPPFLAGS}" - AC_TRY_LINK([#include -#include ],[SCardEstablishContext(0, NULL, NULL, NULL);], ac_cv_lib_pcsclite_SCardEstablishContext=yes) - if test "x$ac_cv_lib_pcsclite_SCardEstablishContext" = "xyes"; then - PCSC_MSG=yes - break; - fi - CPPFLAGS="$saved_CPPFLAGS" - LDFLAGS="$saved_LDFLAGS" - LIBS="$saved_LIBS" - PCSC_CFLAGS="" - done - AC_MSG_RESULT($PCSC_MSG) - if test "x$PCSC_MSG" = "xyes" ; then - PCSC_LIBS="-lpcsclite" - CPPFLAGS="$saved_CPPFLAGS" - LIBS="$saved_LIBS" - fi - ]) -fi -AM_CONDITIONAL(HAVE_PCSC, test "x$PCSC_MSG" = "xyes") -if test "x$PCSC_MSG" = "xyes"; then - AC_DEFINE(HAVE_PCSC, 1, [Have PC/SC implementation]) -else - PCSC_LIBS="" - PCSC_CFLAGS="" +# Checks for programs. +AC_PROG_CC +AC_PROG_CXX +AC_PROG_LIBTOOL +AC_PROG_INSTALL +AC_PROG_LN_S + +# Checks for libraries. +if test $WINDOWS -ne 1; then +AC_CHECK_LIB(z, uncompress, , AC_MSG_ERROR(could not locate libz compression library)) +AC_CHECK_LIB(dl, dlopen, , AC_MSG_ERROR(could not locate dynamic library services library)) fi -if test "x$PCSC_MSG" = "xyes"; then - CPPFLAGS="${PCSC_CFLAGS} $saved_CPPFLAGS" - CFLAGS="$PCSC_CFLAGS $saved_CFLAGS" - LIBS="$PCSC_LIBS $saved_LIBS" - AC_TRY_LINK([ -#include -#ifdef __APPLE__ -#include -#include -#else -#include -#endif - ], [ -SCardControl(NULL, NULL, 0, NULL, NULL); - ], [ - AC_DEFINE(HAVE_PCSC_OLD, 1, [old version of pc/sc-lite]) - ]) - CPPFLAGS="$saved_CPPFLAGS" - CFLAGS="$saved_CFLAGS" - LIBS="$saved_LIBS" +# add our compiled static libraries +AC_SUBST(LIBCKYAPPLET) +LIBCKYAPPLET="\${top_builddir}/src/libckyapplet/libckyapplet.la" + +AC_ARG_WITH(pcsclite, + [ --with-pcsclite Use pcsc-lite (default=yes)]) +if test "$with_pcsclite" = "no" -o "$with_pcsclite" = "false" +then + with_pcsclite=no +else + PKG_CHECK_MODULES(PCSC, libpcsclite, [ with_pcsclite=yes ], + [ if test -f /usr/local/lib/pkgconfig/libpcsclite.pc ; then + AC_MSG_ERROR([use PKG_CONFIG_PATH=/usr/local/lib/pkgconfig ./configure]) + else + AC_MSG_WARN([pcsc-lite not found]) + with_pcsclite=no + fi + ]) fi +AC_SUBST(ZLIB_CFLAGS) +AC_SUBST(ZLIB_LIBS) +AC_SUBST(PCSC_CFLAGS) +AC_SUBST(PCSC_LIBS) +AC_SUBST(SCARD_LIB_NAME) +AM_CONDITIONAL(HAVE_PCSC, test x$with_pcsclite = xyes) AC_DEFINE(DEBUG, 1, [Define to 1 if you want to include debugging code.]) # Checks for header files. From fedora-directory-commits at redhat.com Fri Aug 18 16:04:45 2006 From: fedora-directory-commits at redhat.com (Robert Relyea (rrelyea)) Date: Fri, 18 Aug 2006 09:04:45 -0700 Subject: [Fedora-directory-commits] coolkey/src/coolkey Makefile.in,1.3,1.4 Message-ID: <200608181604.k7IG4jXW008406@cvs-int.fedora.redhat.com> Author: rrelyea Update of /cvs/dirsec/coolkey/src/coolkey In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv8350/src/coolkey Modified Files: Makefile.in Log Message: Windows build stuff Index: Makefile.in =================================================================== RCS file: /cvs/dirsec/coolkey/src/coolkey/Makefile.in,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- Makefile.in 18 Aug 2006 00:54:38 -0000 1.3 +++ Makefile.in 18 Aug 2006 16:04:43 -0000 1.4 @@ -177,6 +177,8 @@ SHELL = @SHELL@ STRIP = @STRIP@ VERSION = @VERSION@ +ZLIB_CFLAGS = @ZLIB_CFLAGS@ +ZLIB_LIBS = @ZLIB_LIBS@ ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ ac_ct_CXX = @ac_ct_CXX@ From fedora-directory-commits at redhat.com Fri Aug 18 16:04:45 2006 From: fedora-directory-commits at redhat.com (Robert Relyea (rrelyea)) Date: Fri, 18 Aug 2006 09:04:45 -0700 Subject: [Fedora-directory-commits] coolkey Makefile.in, 1.3, 1.4 config.status, 1.3, 1.4 coolkey.spec, 1.5, 1.6 Message-ID: <200608181604.k7IG4j36008399@cvs-int.fedora.redhat.com> Author: rrelyea Update of /cvs/dirsec/coolkey In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv8350 Modified Files: Makefile.in config.status coolkey.spec Log Message: Windows build stuff Index: Makefile.in =================================================================== RCS file: /cvs/dirsec/coolkey/Makefile.in,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- Makefile.in 10 Jun 2006 00:51:08 -0000 1.3 +++ Makefile.in 18 Aug 2006 16:04:42 -0000 1.4 @@ -157,6 +157,8 @@ SHELL = @SHELL@ STRIP = @STRIP@ VERSION = @VERSION@ +ZLIB_CFLAGS = @ZLIB_CFLAGS@ +ZLIB_LIBS = @ZLIB_LIBS@ ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ ac_ct_CXX = @ac_ct_CXX@ Index: config.status =================================================================== RCS file: /cvs/dirsec/coolkey/config.status,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- config.status 10 Jun 2006 00:51:08 -0000 1.3 +++ config.status 18 Aug 2006 16:04:42 -0000 1.4 @@ -303,8 +303,8 @@ Report bugs to ." ac_cs_version="\ coolkey config.status "1.1.0" -configured by configure, generated by GNU Autoconf 2.59, - with options \"'--disable-dependency-tracking'\" +configured by ./configure, generated by GNU Autoconf 2.59, + with options \"\" Copyright (C) 2003 Free Software Foundation, Inc. This config.status script is free software; the Free Software Foundation @@ -383,15 +383,15 @@ fi if $ac_cs_recheck; then - echo "running /bin/sh configure " '--disable-dependency-tracking' $ac_configure_extra_args " --no-create --no-recursion" >&6 - exec /bin/sh configure '--disable-dependency-tracking' $ac_configure_extra_args --no-create --no-recursion + echo "running /bin/sh ./configure " $ac_configure_extra_args " --no-create --no-recursion" >&6 + exec /bin/sh ./configure $ac_configure_extra_args --no-create --no-recursion fi # # INIT-COMMANDS section. # -AMDEP_TRUE="#" ac_aux_dir="." +AMDEP_TRUE="" ac_aux_dir="." for ac_config_target in $ac_config_targets do @@ -532,18 +532,18 @@ s, at DEPDIR@,.deps,;t t s, at am__include@,include,;t t s, at am__quote@,,;t t -s, at AMDEP_TRUE@,#,;t t -s, at AMDEP_FALSE@,,;t t -s, at AMDEPBACKSLASH@,,;t t -s, at CCDEPMODE@,depmode=none,;t t -s, at am__fastdepCC_TRUE@,#,;t t -s, at am__fastdepCC_FALSE@,,;t t +s, at AMDEP_TRUE@,,;t t +s, at AMDEP_FALSE@,#,;t t +s, at AMDEPBACKSLASH@,\,;t t +s, at CCDEPMODE@,depmode=gcc3,;t t +s, at am__fastdepCC_TRUE@,,;t t +s, at am__fastdepCC_FALSE@,#,;t t s, at CXX@,g++,;t t s, at CXXFLAGS@,-g -O2,;t t s, at ac_ct_CXX@,g++,;t t -s, at CXXDEPMODE@,depmode=none,;t t -s, at am__fastdepCXX_TRUE@,#,;t t -s, at am__fastdepCXX_FALSE@,,;t t +s, at CXXDEPMODE@,depmode=gcc3,;t t +s, at am__fastdepCXX_TRUE@,,;t t +s, at am__fastdepCXX_FALSE@,#,;t t s, at EGREP@,grep -E,;t t s, at LN_S@,ln -s,;t t s, at ECHO@,echo,;t t Index: coolkey.spec =================================================================== RCS file: /cvs/dirsec/coolkey/coolkey.spec,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- coolkey.spec 13 Jul 2006 21:32:39 -0000 1.5 +++ coolkey.spec 18 Aug 2006 16:04:42 -0000 1.6 @@ -19,7 +19,7 @@ Name: coolkey Version: 1.0.1 -Release: 1 +Release: 2 Summary: CoolKey PKCS #11 module License: LGPL URL: http://directory.fedora.redhat.com/wiki/CoolKey @@ -33,7 +33,8 @@ Requires: ccid Provides: CoolKey Openkey Obsoletes: CoolKey Openkey -ExcludeArch: s390 s390x # 390 does not have libusb or smartCards +# 390 does not have libusb or smartCards +ExcludeArch: s390 s390x %description Linux Driver support for the CoolKey and CAC products. @@ -83,6 +84,9 @@ %changelog +* Sun Jul 16 2006 Florian La Roche - 1.0.1-2 +- fix excludearch line + * Mon Jul 10 2006 Bob Relyea - 1.0.1-1 - Don't require pthread library in coolkey From fedora-directory-commits at redhat.com Fri Aug 18 16:04:46 2006 From: fedora-directory-commits at redhat.com (Robert Relyea (rrelyea)) Date: Fri, 18 Aug 2006 09:04:46 -0700 Subject: [Fedora-directory-commits] coolkey/src/libckyapplet Makefile.in, 1.5, 1.6 Message-ID: <200608181604.k7IG4k8m008413@cvs-int.fedora.redhat.com> Author: rrelyea Update of /cvs/dirsec/coolkey/src/libckyapplet In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv8350/src/libckyapplet Modified Files: Makefile.in Log Message: Windows build stuff Index: Makefile.in =================================================================== RCS file: /cvs/dirsec/coolkey/src/libckyapplet/Makefile.in,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- Makefile.in 18 Aug 2006 00:54:39 -0000 1.5 +++ Makefile.in 18 Aug 2006 16:04:43 -0000 1.6 @@ -177,6 +177,8 @@ SHELL = @SHELL@ STRIP = @STRIP@ VERSION = @VERSION@ +ZLIB_CFLAGS = @ZLIB_CFLAGS@ +ZLIB_LIBS = @ZLIB_LIBS@ ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ ac_ct_CXX = @ac_ct_CXX@ From fedora-directory-commits at redhat.com Fri Aug 18 16:09:02 2006 From: fedora-directory-commits at redhat.com (Robert Relyea (rrelyea)) Date: Fri, 18 Aug 2006 09:09:02 -0700 Subject: [Fedora-directory-commits] coolkey/src/libckyapplet Makefile.am, 1.2, 1.3 Message-ID: <200608181609.k7IG92JX008456@cvs-int.fedora.redhat.com> Author: rrelyea Update of /cvs/dirsec/coolkey/src/libckyapplet In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv8438 Modified Files: Makefile.am Log Message: Windows build changes. Index: Makefile.am =================================================================== RCS file: /cvs/dirsec/coolkey/src/libckyapplet/Makefile.am,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- Makefile.am 10 Jun 2006 00:51:09 -0000 1.2 +++ Makefile.am 18 Aug 2006 16:08:59 -0000 1.3 @@ -35,7 +35,7 @@ quote=\" -libckyapplet_la_LDFLAGS = -version-info 1:0:0 +libckyapplet_la_LDFLAGS = -version-info 1:0:0 -no-undefined libckyapplet_la_CFLAGS = $(CFLAGS) -DSCARD_LIB_NAME=$(quote)$(SCARD_LIB_NAME)$(quote) $(PCSC_CFLAGS) nobase_include_HEADERS = \ From fedora-directory-commits at redhat.com Fri Aug 18 16:11:12 2006 From: fedora-directory-commits at redhat.com (Robert Relyea (rrelyea)) Date: Fri, 18 Aug 2006 09:11:12 -0700 Subject: [Fedora-directory-commits] coolkey/src/libckyapplet Makefile.in, 1.6, 1.7 Message-ID: <200608181611.k7IGBC3B008508@cvs-int.fedora.redhat.com> Author: rrelyea Update of /cvs/dirsec/coolkey/src/libckyapplet In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv8489/src/libckyapplet Modified Files: Makefile.in Log Message: windows build Index: Makefile.in =================================================================== RCS file: /cvs/dirsec/coolkey/src/libckyapplet/Makefile.in,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- Makefile.in 18 Aug 2006 16:04:43 -0000 1.6 +++ Makefile.in 18 Aug 2006 16:11:09 -0000 1.7 @@ -240,7 +240,7 @@ dynlink.c quote = \" -libckyapplet_la_LDFLAGS = -version-info 1:0:0 +libckyapplet_la_LDFLAGS = -version-info 1:0:0 -no-undefined libckyapplet_la_CFLAGS = $(CFLAGS) -DSCARD_LIB_NAME=$(quote)$(SCARD_LIB_NAME)$(quote) $(PCSC_CFLAGS) nobase_include_HEADERS = \ cky_base.h \ From fedora-directory-commits at redhat.com Fri Aug 18 18:34:16 2006 From: fedora-directory-commits at redhat.com (Robert Relyea (rrelyea)) Date: Fri, 18 Aug 2006 11:34:16 -0700 Subject: [Fedora-directory-commits] coolkey/applet - New directory Message-ID: <200608181834.k7IIYGQc014333@cvs-int.fedora.redhat.com> Author: rrelyea Update of /cvs/dirsec/coolkey/applet In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14318/applet Log Message: Directory /cvs/dirsec/coolkey/applet added to the repository From fedora-directory-commits at redhat.com Fri Aug 18 18:34:50 2006 From: fedora-directory-commits at redhat.com (Robert Relyea (rrelyea)) Date: Fri, 18 Aug 2006 11:34:50 -0700 Subject: [Fedora-directory-commits] coolkey/applet/src - New directory Message-ID: <200608181834.k7IIYocD014354@cvs-int.fedora.redhat.com> Author: rrelyea Update of /cvs/dirsec/coolkey/applet/src In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14339/src Log Message: Directory /cvs/dirsec/coolkey/applet/src added to the repository From fedora-directory-commits at redhat.com Fri Aug 18 18:35:02 2006 From: fedora-directory-commits at redhat.com (Robert Relyea (rrelyea)) Date: Fri, 18 Aug 2006 11:35:02 -0700 Subject: [Fedora-directory-commits] coolkey/applet/src/com - New directory Message-ID: <200608181835.k7IIZ2OH014375@cvs-int.fedora.redhat.com> Author: rrelyea Update of /cvs/dirsec/coolkey/applet/src/com In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14360/com Log Message: Directory /cvs/dirsec/coolkey/applet/src/com added to the repository From fedora-directory-commits at redhat.com Fri Aug 18 18:35:15 2006 From: fedora-directory-commits at redhat.com (Robert Relyea (rrelyea)) Date: Fri, 18 Aug 2006 11:35:15 -0700 Subject: [Fedora-directory-commits] coolkey/applet/src/com/redhat - New directory Message-ID: <200608181835.k7IIZFTg014396@cvs-int.fedora.redhat.com> Author: rrelyea Update of /cvs/dirsec/coolkey/applet/src/com/redhat In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14381/redhat Log Message: Directory /cvs/dirsec/coolkey/applet/src/com/redhat added to the repository From fedora-directory-commits at redhat.com Fri Aug 18 18:35:33 2006 From: fedora-directory-commits at redhat.com (Robert Relyea (rrelyea)) Date: Fri, 18 Aug 2006 11:35:33 -0700 Subject: [Fedora-directory-commits] coolkey/applet/src/com/redhat/ckey - New directory Message-ID: <200608181835.k7IIZXQY014417@cvs-int.fedora.redhat.com> Author: rrelyea Update of /cvs/dirsec/coolkey/applet/src/com/redhat/ckey In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14402/ckey Log Message: Directory /cvs/dirsec/coolkey/applet/src/com/redhat/ckey added to the repository From fedora-directory-commits at redhat.com Fri Aug 18 18:35:46 2006 From: fedora-directory-commits at redhat.com (Robert Relyea (rrelyea)) Date: Fri, 18 Aug 2006 11:35:46 -0700 Subject: [Fedora-directory-commits] coolkey/applet/src/com/redhat/ckey/applet - New directory Message-ID: <200608181835.k7IIZksw014438@cvs-int.fedora.redhat.com> Author: rrelyea Update of /cvs/dirsec/coolkey/applet/src/com/redhat/ckey/applet In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14423/applet Log Message: Directory /cvs/dirsec/coolkey/applet/src/com/redhat/ckey/applet added to the repository From fedora-directory-commits at redhat.com Fri Aug 18 18:37:15 2006 From: fedora-directory-commits at redhat.com (Robert Relyea (rrelyea)) Date: Fri, 18 Aug 2006 11:37:15 -0700 Subject: [Fedora-directory-commits] coolkey/applet AUTHORS, NONE, 1.1 COPYING, NONE, 1.1 Makefile, NONE, 1.1 README, NONE, 1.1 applet.pmf, NONE, 1.1 Message-ID: <200608181837.k7IIbF5V014495@cvs-int.fedora.redhat.com> Author: rrelyea Update of /cvs/dirsec/coolkey/applet In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14460 Added Files: AUTHORS COPYING Makefile README applet.pmf Log Message: Coolkey applet --- NEW FILE AUTHORS --- Tommaso Cucinotta Title: Computer Engineer, PhD student Real Title: The Body Org: Scuola Superiore di Studi Universitari e Perfezionamento S.Anna (Pisa, Italy) E-mail: cucinotta at sssup.it Home Page: http://gandalf.sssup.it/~cucinotta David Corcoran Title: Smartcard technical consultant Org: M.U.S.C.L.E. Project E-mail: corcoran at linuxnet.com Home Page: http://www.linuxnet.com Ludovic Rousseau E-mail: ludovic.rousseau at free.fr Home page: http://ludovic.rousseau.free.fr Modified by: Eirik Herskedal Title: Computer Science, Masters student Org: Purdue University E-mail: ehersked at cs.purdue.edu Jamie Nicolson Title: Senior Software Engineer Org: America Online, Inc. --- NEW FILE COPYING --- Copyright (c) 1999-2002 David Corcoran All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. The name of the author may not be used to endorse or promote products derived from this software without specific prior written permission. Changes to this license can be made only by the copyright author with explicit written consent. THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. Alternatively, the contents of this file may be used under the terms of the GNU Lesser General Public License Version 2.1 (the "LGPL"), in which case the provisions of the LGPL are applicable instead of those above. If you wish to allow use of your version of this file only under the terms of the LGPL, and not to allow others to use your version of this file under the terms of the BSD license, indicate your decision by deleting the provisions above and replace them with the notice and other provisions required by the LGPL. If you do not delete the provisions above, a recipient may use your version of this file under the terms of either the BSD license or the LGPL. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA --- NEW FILE Makefile --- # BEGIN LICENSE BLOCK # Copyright (c) 1999-2002 David Corcoran # All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # 3. The name of the author may not be used to endorse or promote products # derived from this software without specific prior written permission. # # Changes to this license can be made only by the copyright author with # explicit written consent. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR # IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES # OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. # IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, # INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT # NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF # THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # # Alternatively, the contents of this file may be used under the terms of # the GNU Lesser General Public License Version 2.1 (the "LGPL"), in which # case the provisions of the LGPL are applicable instead of those above. If # you wish to allow use of your version of this file only under the terms # of the LGPL, and not to allow others to use your version of this file # under the terms of the BSD license, indicate your decision by deleting # the provisions above and replace them with the notice and other # provisions required by the LGPL. If you do not delete the provisions # above, a recipient may use your version of this file under the terms of # either the BSD license or the LGPL. # # You should have received a copy of the GNU Lesser General Public # License along with this library; if not, write to the Free Software # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA # END LICENSE BLOCK CORE_DEPTH = .. include ../coreconf/config.mk ############################################################################# # Locations of toolkits. # # # The Javacard kit, version 2.2. Version 2.1 should also work. # # The following need to be set in environment variables or in custom.mk. # Examples : # #JAVACARD_KIT_DIR=c:/hack/java_card_kit-2_2 # # The JDK. You need to use version 1.3.x; other versions aren't supported # by the converter classes. # #JAVA_HOME=/cygdrive/c/jdk1.3.1_07/ # # The top-level directory of Schlumberger's Cyberflex SDK. # #SLB_DIR=c:\Program Files\Schlumberger -include custom.mk ############################################################################# # Build Constants # # The Applet Identification Number. # AID=0x62:0x76:0x01:0xFF:0x00:0x00:0x00 # # The Package Identification Number. # PID=0x62:0x76:0x01:0xFF:0x00:0x00 # # The Java package to which the applet belongs. # PACKAGE=com.redhat.nkey.applet # # The unqualified name of the applet class. # APPLET_CLASS_NAME=CardEdge # # The directory into which output will be generated. # OUTPUT_DIR=output ############################################################################# # Generated build variables. PACKAGE_DIR=$(subst .,/,$(PACKAGE)) JAVA_SRC_FILES=$(wildcard src/$(PACKAGE_DIR)/*.java) APPLET_QUALIFIED_CLASS_NAME=$(PACKAGE).$(APPLET_CLASS_NAME) CONVERTER_OUTPUT_DIR=$(OUTPUT_DIR)/$(PACKAGE_DIR)/javacard JAVAC=$(JAVA_HOME)/bin/javac JAVA=$(JAVA_HOME)/bin/java JAVA_SRC_FILENAMES=$(notdir $(JAVA_SRC_FILES)) JAVA_CLASS_FILES=$(patsubst %.java,$(OUTPUT_DIR)/$(PACKAGE_DIR)/%.class, $(JAVA_SRC_FILENAMES)) ############################################################################# # The ultimate output of the build is applet.ijc. This file is ready to # be loaded onto a token. all: $(CONVERTER_OUTPUT_DIR)/applet.ijc clobber: clean clean: touch $(JAVA_SRC_FILES) ############################################################################# # The first step in the build is to compile the Java source files (*.java) # into class files (*.class). These class files are regular Java class files; # they aren't specially formatted for Javacard yet. # # The classpath needed to compile the Java source code. # BUILD_CLASSPATH="$(JAVACARD_KIT_DIR)/lib/javacardframework.jar;$(JAVACARD_KIT_DIR)/lib/api.jar;jars/visaop20.jar" # # build rule # $(JAVA_CLASS_FILES): $(JAVA_SRC_FILES) mkdir -p $(CONVERTER_OUTPUT_DIR) perl ./update_buildid.pl $(JAVA_SRC_FILES) $(JAVAC) -classpath ${BUILD_CLASSPATH} -d $(OUTPUT_DIR) $(JAVA_SRC_FILES) ############################################################################# # The next step is to convert the regular Java class files into the Javacard # format, using the converter program included with the Javacard Kit. # The output from the converter is applet.cap, but the next step expects # applet.jar, so we rename it. # # Classpath for the converter. # CONVERT_CLASSPATH="$(JAVACARD_KIT_DIR)/lib/converter.jar;$(JAVACARD_KIT_DIR)/lib/offcardverifier.jar;$(SLB_DIR)/Smart Cards and Terminals/Cyberflex Access Kits/v4/Classlibrary/jc_api_212.jar" # # Location of the .exp files, used for "linking" Javacard code. # EXPORT_PATH="$(SLB_DIR)\Smart Cards and Terminals\Cyberflex Access Kits\v4\Toolkit\PRGMaker\Export Files" # # build rule # $(CONVERTER_OUTPUT_DIR)/applet.jar: $(JAVA_CLASS_FILES) $(JAVA) -classpath ${CONVERT_CLASSPATH} com.sun.javacard.converter.Converter -classdir $(OUTPUT_DIR) -out EXP JCA CAP -exportpath $(EXPORT_PATH) -applet $(AID) $(APPLET_QUALIFIED_CLASS_NAME) -d $(OUTPUT_DIR) $(PACKAGE) $(PID) 1.0 mv $(CONVERTER_OUTPUT_DIR)/applet.cap $@ ############################################################################### # Finally, we must prepare the applet.jar file to be loaded onto a Schlumberger # token. This means preparing it to be verified by the on-card verifier, using # TrustedLogic's "CodeShield" technology. The Schlumberger SDK provides # a 'makeijc' program to do this. The output is applet.ijc, which is ready to # be loaded onto a token. # # Classpath for the IJC converter. # IJC_CLASSPATH="$(SLB_DIR)\Smart Cards and Terminals\Cyberflex Access Kits\v4\Toolkit\PRGMaker\makeijc.jar" # # build rule # $(CONVERTER_OUTPUT_DIR)/applet.ijc: $(CONVERTER_OUTPUT_DIR)/applet.jar $(JAVA) -classpath $(IJC_CLASSPATH) com.slb.javacard.jctools.ijc.MakeIJC -verbose -expFileDir $(EXPORT_PATH) -type onCardVerifier $(CONVERTER_OUTPUT_DIR)/applet.jar mkdir -p ../dist/$(OBJDIR)/bin cp $@ ../dist/$(OBJDIR)/bin/CardEdge.$(shell cat .buildid).ijc export: libs: all --- NEW FILE README --- /************************************************************ MUSCLE SmartCard Development Package: CardEdgeApplet Type: Java precompiled binaries Description: CardEdge implementation with JavaCard Authors: Tommaso Cucinotta David Corcoran Ludovic Rousseau Modified: Eirik Herskedal See AUTHORS file for further details Date: October 2001 - October 2002 License: See COPYING file ************************************************************/ HISTORY ============================================================ 0.9.10: 20 Sep 2002 Correct a security bug: When importing a certificate (from Mozilla) the keys were created with read, write and use set to ALWAYS. 0.9.9: 8 Sep 2002 Include Java source code 0.9.8: Jul 2002 Include the converted CAP file 0.9.7: Mar 2002 Inclusion of GemXpressoRADIII support 0.9.6: Nov 2001 Split the packages 0.9.5: First release REQUIREMENTS ============================================================ In order to use this program, you must have a JavaCard 2.1.1 compliant smart card and a supported smart card reader. You must also have all the software required to load a Java Card Applet on your smartcard. Different smart card vendors provide emulators for their own smart cards. You can also try loading this program into an emulated card. In this case you don't need cards nor readers to be connected to your system. DESCRIPTION ============================================================ This package contains source code and precompiled binaries for the Card Edge Applet, a free implementation of the Cryptographic Card Edge Definition for Java Enabled Smartcards. http://www.musclecard.com/musclecard/ Note that different versions of this Applet could be released, with different features disabled, in order to let you save space on the card if your application does not require those features at all. ADDITIONAL FEATURES ============================================================ This Applet actually supports some pin policy enforcement. Checks are made on the pin size, character set and mix of characters. The exact pin policy depends on parameters provided at instantiation time. KNOWN LIMITATIONS ============================================================ This Applet has been tested with Schlumberger Cyberflex Access 32K cards, Gemplus Gxp 211 PK, Gemplus GemXploreXpresso v3 and is known to work with most cryptographic features involving RSA and DES keys. DSA testing still needs to be done with cards supporting it. KNOWN BUGS ============================================================ None at the moment (02-Oct-2002) SUPPORT ============================================================ If you need any further information, please contact us using the public mailing list for the M.U.S.C.L.E. project. --- NEW FILE applet.pmf --- [PrgMaker] Package=com.redhat.nkey.applet PackageAID=627601FF0000 OutputDir=C:\hack\netkey\applet ExportDir=C:\PROGRA~1\SCHLUM~1\SMARTC~1\CYBERF~1\v4\Toolkit\prgmaker\Export Files Version=1.0 ClassDir=C:\hack\netkey\applet\src [Applets] NumApplets=1 Applet1=CardEdge.class Applet1AID=627601FF000000 From fedora-directory-commits at redhat.com Fri Aug 18 18:37:16 2006 From: fedora-directory-commits at redhat.com (Robert Relyea (rrelyea)) Date: Fri, 18 Aug 2006 11:37:16 -0700 Subject: [Fedora-directory-commits] coolkey/applet/src/com/redhat/ckey/applet ASN1.java, NONE, 1.1 CardEdge.java, NONE, 1.1 MemoryManager.java, NONE, 1.1 ObjectManager.java, NONE, 1.1 Message-ID: <200608181837.k7IIbGeo014500@cvs-int.fedora.redhat.com> Author: rrelyea Update of /cvs/dirsec/coolkey/applet/src/com/redhat/ckey/applet In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14460/src/com/redhat/ckey/applet Added Files: ASN1.java CardEdge.java MemoryManager.java ObjectManager.java Log Message: Coolkey applet --- NEW FILE ASN1.java --- // SmartCard Applet // Authors: Robert Relyea // Package: CardEdgeApplet // Description: CardEdge implementation with JavaCard // // BEGIN LICENSE BLOCK // Copyright (C) 2006 Red Hat, Inc. // All rights reserved. // // Redistribution and use in source and binary forms, with or without // modification, are permitted provided that the following conditions // are met: // // 1. Redistributions of source code must retain the above copyright // notice, this list of conditions and the following disclaimer. // 2. Redistributions in binary form must reproduce the above copyright // notice, this list of conditions and the following disclaimer in the // documentation and/or other materials provided with the distribution. // 3. The name of the author may not be used to endorse or promote products // derived from this software without specific prior written permission. // // Changes to this license can be made only by the copyright author with // explicit written consent. // // THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR // IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES // OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. // IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, // INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT // NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, // DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY // THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF // THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. // Alternatively, the contents of this file may be used under the terms of // the GNU Lesser General Public License Version 2.1 (the "LGPL"), in which // case the provisions of the LGPL are applicable instead of those above. If // you wish to allow use of your version of this file only under the terms // of the LGPL, and not to allow others to use your version of this file // under the terms of the BSD license, indicate your decision by deleting // the provisions above and replace them with the notice and other // provisions required by the LGPL. If you do not delete the provisions // above, a recipient may use your version of this file under the terms of // either the BSD license or the LGPL. // // You should have received a copy of the GNU Lesser General Public // License along with this library; if not, write to the Free Software // Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA // END LICENSE_BLOCK package com.redhat.nkey.applet; import javacard.framework.ISOException; import javacard.framework.JCSystem; import javacard.framework.Util; /** * ASN1 parser Class * *

This Simplistic ASN.1 parser does not interpret tags, it simply finds * elements based on where their fields are supposed to wind up at.

* * * Object fields: * 
 *    short[] newSize; // way to get around java's restrictions on pass by ref. 
 *    byte[] data
 *
* * @author Robert Relyea * @version 0.0.1 * */ public class ASN1 { public static final short SW_BAD_DER_DATA = (short)0x9cd0; private final short NEXT = 0; private final short SIZE = 1; private final short END = 2; private short[] params; public ASN1() { params=JCSystem.makeTransientShortArray((short)3, JCSystem.CLEAR_ON_DESELECT); } public short GetEnd() { return params[END]; } public short GetSize() { return params[SIZE]; } public short GetNext() { return params[NEXT]; } public byte GetTag(byte buf[], short offset, short end) { if (end <= offset) { ISOException.throwIt(SW_BAD_DER_DATA); } return buf[offset]; } public short Unwrap(byte buf[], short offset, short end, short dbg) { byte tag; byte len; short length = 0; if (end < (short)(offset+2)) { ISOException.throwIt(SW_BAD_DER_DATA); } tag = buf[offset++]; if (tag == 0) { ISOException.throwIt(SW_BAD_DER_DATA); } len = buf[offset++]; length = Util.makeShort((byte)0,len); if ((len & 0x80) != 0) { short count = Util.makeShort((byte)0,(byte)(len & 0x7f)); if (end < (short)(offset+count)) { ISOException.throwIt(SW_BAD_DER_DATA); } if (count > 2) { ISOException.throwIt(SW_BAD_DER_DATA); } length = 0; while (count-- > 0) { length = (short)((length << 8) | Util.makeShort((byte)0,buf[offset++])); } } params[SIZE] = length; params[NEXT] = ((short)(offset+length)); params[END] = ((short)(offset+length)); return offset; } public short Skip(byte buf[], short offset, short end, short dbg) { Unwrap(buf,offset,end,dbg); return params[NEXT]; } public short UnwrapBitString(byte buf[], short offset, short end, short dbg) { if (buf[offset] != 0) { ISOException.throwIt(SW_BAD_DER_DATA); } if (end < (short)(offset+1)) { ISOException.throwIt(SW_BAD_DER_DATA); } params[SIZE]--; return (short)(offset+1); } public short Signed2Unsigned(byte buf[], short offset, short end, short dbg) { short startOffset = offset; short startSize=params[SIZE]; for (; offset < end && buf[offset] == 0 ; offset++){ params[SIZE]--; } if (offset >= end) { ISOException.throwIt(SW_BAD_DER_DATA); } return offset; } } --- NEW FILE CardEdge.java --- // MUSCLE SmartCard Development // Authors: Tommaso Cucinotta // David Corcoran // Ludovic Rousseau // Jamie Nicolson // Robert Relyea // Nelson Bolyard // Package: CardEdgeApplet // Description: CardEdge implementation with JavaCard // Protocol Authors: Tommaso Cucinotta // David Corcoran // Modified: // Eirik Herskedal // // BEGIN LICENSE BLOCK // Copyright (C) 1999-2002 David Corcoran // Copyright (C) 2006 Red Hat, Inc. // All rights reserved. // // Redistribution and use in source and binary forms, with or without // modification, are permitted provided that the following conditions // are met: // // 1. Redistributions of source code must retain the above copyright // notice, this list of conditions and the following disclaimer. // 2. Redistributions in binary form must reproduce the above copyright // notice, this list of conditions and the following disclaimer in the // documentation and/or other materials provided with the distribution. // 3. The name of the author may not be used to endorse or promote products // derived from this software without specific prior written permission. // // Changes to this license can be made only by the copyright author with // explicit written consent. // // THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR // IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES // OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. // IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, // INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT // NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, // DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY // THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF // THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. // Alternatively, the contents of this file may be used under the terms of // the GNU Lesser General Public License Version 2.1 (the "LGPL"), in which // case the provisions of the LGPL are applicable instead of those above. If // you wish to allow use of your version of this file only under the terms // of the LGPL, and not to allow others to use your version of this file // under the terms of the BSD license, indicate your decision by deleting // the provisions above and replace them with the notice and other // provisions required by the LGPL. If you do not delete the provisions // above, a recipient may use your version of this file under the terms of // either the BSD license or the LGPL. // // You should have received a copy of the GNU Lesser General Public // License along with this library; if not, write to the Free Software // Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA // END LICENSE_BLOCK package com.redhat.nkey.applet; import javacard.framework.*; import javacard.security.*; import javacardx.crypto.Cipher; import visa.openplatform.ProviderSecurityDomain; import visa.openplatform.OPSystem; // Referenced classes of package com.redhat.nkey.applet: // MemoryManager, ObjectManager, ASN1 /** * Implements MUSCLE's Card Edge Specification. * *

TODO: * *

    *
  • Allows maximum number of keys and PINs and total mem to be specified at the instantiation moment.
    • * *
  • How do transactions fit in the methods?
    • *
  • Where should we issue begin/end transaction?
    • *
  • Should we ever abort transaction? Where?
    • *
  • Everytime there is an "if (avail < )" check, call ThrowDeleteObjects().
    • *
*

* *

NOTES: * *

    *
  • C preprocessor flags: *
      *
    • Encryption algorithms: WITH_RSA, WITH_DSA, WITH_DES, WITH_3DES
      • *
    • ComputeCrypt directions: WITH_ENCRYPT, WITH_DECRYPT, WITH_SIGN
      • *
    • Enable/Disable External Authenticate: WITH_EXT_AUTH
      • *
    • Enable/Disable PIN Policy enforcement: WITH_PIN_POLICY
      • *
    *
    • *
  • C preprocessor defines: *
      *
    • JAVA_PACKAGE: The name of Java package for this Applet
      • *
    • CardEdge: The name of Java class for the Applet
      • *
    *
    • *
*

* * @author Tommaso Cucinotta * @author David Corcoran * @author Ludovic Rousseau * @version 0.9.10 */ public class CardEdge extends Applet { private static final byte ZEROB = 0; private static final byte MAX_NUM_KEYS = 8; private static final byte MAX_NUM_PINS = 8; private static final byte VERSION_PROTOCOL_MAJOR = 1; private static final byte VERSION_PROTOCOL_MINOR = 1; private static final byte VERSION_APPLET_MAJOR = 1; private static final byte VERSION_APPLET_MINOR = 3; private static final short BUILDID_MAJOR = (short) 0x4472; private static final short BUILDID_MINOR = (short) 0x4aa7; private static final short ZEROS = 0; // * Enable pin size check private static final byte PIN_POLICY_SIZE = 1; // * Enable pin charset check private static final byte PIN_POLICY_CHARSET = 2; // * Enable charset mixing check private static final byte PIN_POLICY_MIXED = 4; // * Numbers are allowed private static final byte PIN_CHARSET_NUMBERS = 1; // * Upper case letters private static final byte PIN_CHARSET_UC_LETTERS = 2; // * Lower case letters private static final byte PIN_CHARSET_LC_LETTERS = 4; // * Punctuation symbols: , . private static final byte PIN_CHARSET_PUNCT = 8; // * Other binary codes (NUMBERS | OTHERS excludes LETTERS and PUNCT) private static final byte PIN_CHARSET_OTHERS = (byte)0x80; // * PIN must contain chars from at least 2 different char sets private static final byte PIN_MIXED_TWO = 1; // * PIN must at least contain chars from both upper and lower case private static final byte PIN_MIXED_CASE = 2; // * PIN must at least contain 1 char from each char set private static final byte PIN_MIXED_ALL = 4; /** * The User's PIN is pin 0. There is no SO pin. */ private static final byte USER_IDENTITY = 0; private static final byte DEFAULT_IDENTITY = 15; // MUSCLE reserved ID private static final byte RA_IDENTITY = 14; // MUSCLE reserved ID private static final short NONCE_SIZE = (short)8; private static final short ISSUER_INFO_SIZE = (short)0xe0; private static final short USER_ACL = (short)(1 << USER_IDENTITY); private static final short DEFAULT_ACL = (short)(1 << DEFAULT_IDENTITY); private static final short RA_ACL = (short)(1 << RA_IDENTITY); private static final short ANY_ONE_ACL = (short)0xffff; private static final short NO_ONE_ACL = (short)0; private static final byte pinPolicies = 7; private static final byte pinMinSize = 4; private static final byte pinMaxSize = 16; private static final byte MAX_KEY_TRIES = 5; private static final short IN_OBJECT_CLA = -1; private static final short IN_OBJECT_ID = -2; private static final short OUT_OBJECT_CLA = -1; private static final short OUT_OBJECT_ID = -1; private static final byte KEY_ACL_SIZE = 6; private static final byte CardEdge_CLA = (byte)0xB0; private static final byte CardManager_CLA = (byte)0x80; private static final byte SECURE_CLA = (byte)0x84; /** * Instruction codes */ /* Deprecated */ private static final byte INS_SETUP = (byte)0x2A; private static final byte INS_GEN_KEYPAIR = (byte)0x30; private static final byte INS_EXPORT_KEY = (byte)0x34; [...2435 lines suppressed...] case INS_CHANGE_PIN: ChangePIN(apdu, buffer); break; case INS_CREATE_OBJ: CreateObject(apdu, buffer); break; case INS_DELETE_OBJ: DeleteObject(apdu, buffer); break; case INS_READ_OBJ: ReadObject(apdu, buffer); break; case INS_WRITE_OBJ: WriteObject(apdu, buffer); break; case INS_LOGOUT: Logout(apdu,buffer); break; case INS_LIST_PINS: ListPINs(apdu, buffer); break; case INS_LIST_OBJECTS: ListObjects(apdu, buffer); break; case INS_LIST_KEYS: ListKeys(apdu, buffer); break; case INS_GET_STATUS: GetStatus(apdu, buffer); break; case INS_GET_ISSUER_INFO: getIssuerInfo(apdu, buffer); break; case INS_GET_RANDOM: getRandom(apdu, buffer); break; case INS_SEED_RANDOM: seedRandom(apdu, buffer); break; case INS_GET_LIFECYCLE: getLifeCycle(apdu, buffer); break; case INS_GET_BUILDID: getBuildID(apdu, buffer); break; case INS_GET_BUILTIN_ACL: getBuiltInACL(apdu, buffer); break; case INS_NOP: break; // case INS_SETUP: // case INS_GEN_KEYPAIR: // case INS_EXPORT_KEY: // case INS_LOGOUT_ALL: // case INS_GET_CHALLENGE: // case INS_CAC_EXT_AUTH: // case INS_UNBLOCK_PIN: default: ISOException.throwIt(ISO7816.SW_INS_NOT_SUPPORTED); break; } } // // handle non-secure standard commands. Called from process. // private void processSecureAPDU(APDU apdu, byte buffer[]) { byte ins = buffer[ISO7816.OFFSET_INS]; if (ins != INS_SEC_EXT_AUTH) { verifySecureChannel(apdu, buffer); } switch (ins) { case INS_SEC_EXT_AUTH: externalAuthenticate(apdu, buffer); break; case INS_SEC_SET_PIN: resetPIN(apdu, buffer); break; case INS_SEC_START_ENROLLMENT: startEnrollment(apdu, buffer); break; case INS_SEC_IMPORT_KEY_ENCRYPTED: importKeyEncrypted(apdu, buffer); break; case INS_SEC_READ_IOBUF: readIOBuf(apdu, buffer); break; case INS_SEC_SET_LIFECYCLE: setLifeCycle(apdu, buffer); break; case INS_SEC_SET_ISSUER_INFO: setIssuerInfo(apdu, buffer); break; case INS_CREATE_OBJ: CreateObject(apdu, buffer); break; case INS_WRITE_OBJ: WriteObject(apdu, buffer); break; case INS_IMPORT_KEY: ImportKey(apdu, buffer); break; case INS_COMPUTE_CRYPT: ComputeCrypt(apdu, buffer); break; case INS_CREATE_PIN: CreatePIN(apdu, buffer); break; case INS_DELETE_OBJ: DeleteObject(apdu, buffer); break; case INS_READ_OBJ: ReadObject(apdu, buffer); break; case INS_SEC_SET_BUILTIN_ACL: setBuiltInACL(apdu, buffer); break; default: ISOException.throwIt(ISO7816.SW_INS_NOT_SUPPORTED); } } // // **** Most processing starts here!! // public void process(APDU apdu) { if (selectingApplet()) ISOException.throwIt(ISO7816.SW_NO_ERROR); if (!transientInit) { initTransient(); } if ( !cardResetProcessed[0] ) { processCardReset(); } authenticated_id = 0; byte buffer[] = apdu.getBuffer(); byte cla = buffer[ISO7816.OFFSET_CLA]; switch (cla) { case ISO7816.CLA_ISO7816: case ISO7816.INS_SELECT: // right value, but right define? return; case CardEdge_CLA: processCardEdgeAPDU(apdu,buffer); break; case CardManager_CLA: initializeUpdate(apdu, buffer); break; case SECURE_CLA: processSecureAPDU(apdu,buffer); break; default: ISOException.throwIt(ISO7816.SW_CLA_NOT_SUPPORTED); } } } --- NEW FILE MemoryManager.java --- // MUSCLE SmartCard Development // Authors: Tommaso Cucinotta // David Corcoran // Ludovic Rousseau // Jamie Nicolson // Package: CardEdgeApplet // Description: CardEdge implementation with JavaCard // Protocol Authors: Tommaso Cucinotta // David Corcoran // Modified: // Eirik Herskedal // // BEGIN LICENSE BLOCK // Copyright (c) 1999-2002 David Corcoran // All rights reserved. // // Redistribution and use in source and binary forms, with or without // modification, are permitted provided that the following conditions // are met: // // 1. Redistributions of source code must retain the above copyright // notice, this list of conditions and the following disclaimer. // 2. Redistributions in binary form must reproduce the above copyright // notice, this list of conditions and the following disclaimer in the // documentation and/or other materials provided with the distribution. // 3. The name of the author may not be used to endorse or promote products // derived from this software without specific prior written permission. // // Changes to this license can be made only by the copyright author with // explicit written consent. // // THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR // IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES // OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. // IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, // INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT // NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, // DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY // THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF // THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. // Alternatively, the contents of this file may be used under the terms of // the GNU Lesser General Public License Version 2.1 (the "LGPL"), in which // case the provisions of the LGPL are applicable instead of those above. If // you wish to allow use of your version of this file only under the terms // of the LGPL, and not to allow others to use your version of this file // under the terms of the BSD license, indicate your decision by deleting // the provisions above and replace them with the notice and other // provisions required by the LGPL. If you do not delete the provisions // above, a recipient may use your version of this file under the terms of // either the BSD license or the LGPL. // // You should have received a copy of the GNU Lesser General Public // License along with this library; if not, write to the Free Software // Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA // END LICENSE_BLOCK package com.redhat.nkey.applet; import javacard.framework.Util; /** * Memory Manager class. * *

An instance of this class is capable of handling allocation and * deallocation of chunks in a large Java byte array that is allocated * once during the object instantiation.

* *

The Memory Manager allocates or frees memory chunks in the * preallocated byte array on demand.

* *

No defragmentation is done, actually.

* *

Consecutive freed memory chunks are recompacted.

* *

Every allocation takes 2 more bytes to store the allocated block * size, just before the allocated offset.

* *

A free memory block starts with a node (NODE_SIZE bytes):

* * 
 *   short size;
 *   short next;
 *
* * @author Tommaso Cucinotta * @author David Corcoran * @author Ludovic Rousseau * @version 0.9.9 */ public class MemoryManager { /** * Special offset value used as invalid offset */ public static final short NULL_OFFSET = -1; private static final byte NODE_SIZE = 4; private byte ptr[]; private short free_head; /** * Constructor for the MemoryManager class * * @param mem_size Size of the memory are to be allocated */ public MemoryManager(short mem_size) { ptr = null; free_head = NULL_OFFSET; Init(mem_size); } private void Init(short mem_size) { if(ptr != null) { return; } else { ptr = new byte[mem_size]; Util.setShort(ptr, (short)0, mem_size); Util.setShort(ptr, (short)2, (short)NULL_OFFSET); free_head = 0; return; } } /** * Allocate memory * * Each allocation takes actually a 2 bytes overhead. * * @param size Size of the memory block * @return The offset at which allocated memory starts or * NULL_OFFSET if an error occurred. * @see #alloc(short) * @see #freemem() */ public short alloc(short size) { short offset = free_head; short prev = NULL_OFFSET; size += 2; if(size < NODE_SIZE) size = NODE_SIZE; short next_offset; for(; offset != NULL_OFFSET; offset = next_offset) { short free_size = Util.getShort(ptr, offset); next_offset = Util.getShort(ptr, (short)(offset + 2)); if(free_size >= size) { short remain = (short)(free_size - size); if(remain >= NODE_SIZE) { Util.setShort(ptr, offset, remain); } else { size = free_size; remain = 0; if(prev == NULL_OFFSET) free_head = next_offset; else Util.setShort(ptr, (short)(prev + 2), next_offset); } Util.setShort(ptr, (short)(offset + remain), size); return (short)(offset + remain + 2); } prev = offset; } return NULL_OFFSET; } /** * Free a memory block * *

Consecutive free blocks are recompacted. Recompaction happens on * free(). 4 cases are considered: don't recompact, recompact with * next only, with previous only and with both of them.

* * @param offset The offset at which the memory block starts; it was * returned from a previous call to {@link #alloc(short)} * * @see #alloc(short) * @see #freemem() */ public void free(short offset) { offset -= 2; short size = Util.getShort(ptr, offset); short prev = NULL_OFFSET; short base = free_head; boolean found = false; short node_next = 0; for(; base != NULL_OFFSET; base = node_next) { node_next = Util.getShort(ptr, (short)(base + 2)); if(offset < base) { found = true; break; } prev = base; } if(found && (short)(offset + size) == base) { size += Util.getShort(ptr, base); Util.setShort(ptr, offset, size); if(prev != NULL_OFFSET) Util.setShort(ptr, (short)(prev + 2), node_next); else free_head = node_next; base = node_next; } if(prev != NULL_OFFSET) { short prev_size = Util.getShort(ptr, prev); if((short)(prev + prev_size) == offset) { Util.setShort(ptr, prev, (short)(prev_size + size)); } else { Util.setShort(ptr, (short)(offset + 2), base); Util.setShort(ptr, (short)(prev + 2), offset); } } else { Util.setShort(ptr, (short)(offset + 2), base); free_head = offset; } } /** * Get available free memory * * @return The total amount of available free memory, equal to the * sum of all free fragments' sizes. * * @see #free(short) * @see #alloc(short) */ public short freemem() { short offset = free_head; short total = 0; for(; offset != NULL_OFFSET; offset = Util.getShort(ptr, (short)(offset + 2))) total = (short)((total + Util.getShort(ptr, offset)) - 2); return total; } /** * Get the size of a memory block * * @param offset The offset at which the memory block starts */ public short getBlockSize(short offset) { return (short)(Util.getShort(ptr, (short)(offset - 2)) - 2); } /** * Retrieve the Java byte array containing all the memory contents. * *

To optimize, we don't use external buffers, but we directly * copy from the memory array.

* *

Use this function only if really required.

* * @return The Java byte array containing all memory contents */ public byte[] getBuffer() { return ptr; } /** * Read a byte value from memory * * @param base The complete memory location (offset) of the byte to * read * @return The byte value */ public byte getByte(short base) { return ptr[base]; } /** * Read a byte value from memory * * @param base The base memory location (offset) of the byte to read * @param offset The offset of the byte (is added to the base * parameter) * @return The byte value */ public byte getByte(short base, short offset) { return ptr[(short)(base + offset)]; } /** * Copy a byte sequence from memory * * @param dst_bytes[] The destination byte array * @param dst_offset The offset at which the sequence will be copied * in dst_bytes[] * @param src_base The base memory location (offset) of the source * byte sequence * @param src_offset The offset of the source byte sequence (is * added to the src_base parameter) * @param size The number of bytes to be copied */ public void getBytes(byte dst_bytes[], short dst_offset, short src_base, short src_offset, short size) { Util.arrayCopy(ptr, (short)(src_base + src_offset), dst_bytes, dst_offset, size); } /** * Gets the size of the greatest chunk of available memory * * @return The size of the greatest free memory chunk, or zero if * there is no free mem left */ public short getMaxSize() { short max_size = 2; for(short base = free_head; base != NULL_OFFSET; base = Util.getShort(ptr, (short)(base + 2))) { short size = Util.getShort(ptr, base); if(size > max_size) max_size = size; } return (short)(max_size - 2); } /** * Read a short value from memory * * @param base The base memory location (offset) of the short to * read * @return The short value */ public short getShort(short base) { return Util.getShort(ptr, base); } /** * Read a short value from memory * * @param base The base memory location (offset) of the short to * read * @param offset The offset of the short (is added to the base * parameter) * @return The short value */ public short getShort(short base, short offset) { return Util.getShort(ptr, (short)(base + offset)); } /** * Resize (only clamping is supported) a previously allocated memory * chunk * * @param offset Memory offset as returned by alloc() * @param new_size ew size of the memory block * @return True if it was possible to realloc(), False otherwise * * @see #alloc(short) * @see #free(short) * @see #freemem() */ public boolean realloc(short offset, short new_size) { short actual_size = Util.getShort(ptr, (short)(offset - 2)); new_size += 2; if(new_size < 3 || (short)(actual_size - new_size) < NODE_SIZE) { return false; } else { Util.setShort(ptr, (short)(offset - 2), new_size); Util.setShort(ptr, (short)((offset + new_size) - 2), (short)(actual_size - new_size)); free((short)(offset + new_size)); return true; } } /** * Set a byte value into memory * * @param base The complete memory location (offset) of the byte to * set * @param b The new byte value */ public void setByte(short base, byte b) { ptr[base] = b; } /** * Set a byte value into memory * * @param base The base memory location (offset) of the byte to set * @param offset The offset of the byte (is added to the base * parameter) * @param b The new byte value */ public void setByte(short base, short offset, byte b) { ptr[(short)(base + offset)] = b; } /** * Copy a byte sequence into memory * * @param dst_base The base memory location (offset) of the * destination byte sequence * @param dst_offset The offset of the destination byte sequence (is * added to the dst_base parameter) * @param src_bytes[] The source byte array * @param src_offset The offset at which the source sequence starts * in src_bytes[] * @param size The number of bytes to be copied */ public void setBytes(short dst_base, short dst_offset, byte src_bytes[], short src_offset, short size) { Util.arrayCopy(src_bytes, src_offset, ptr, (short)(dst_base + dst_offset), size); } /** * Set a short value into memory * * @param base The complete memory location (offset) of the short to * set * @param b The short value */ public void setShort(short base, short b) { Util.setShort(ptr, base, b); } /** * Set a short value into memory */ public void setShort(short base, short offset, short b) { Util.setShort(ptr, (short)(base + offset), b); } } --- NEW FILE ObjectManager.java --- // MUSCLE SmartCard Development // Authors: Tommaso Cucinotta // David Corcoran // Ludovic Rousseau // Jamie Nicolson // Package: CardEdgeApplet // Description: CardEdge implementation with JavaCard // Protocol Authors: Tommaso Cucinotta // David Corcoran // Modified: // Eirik Herskedal // // BEGIN LICENSE BLOCK // Copyright (C) 1999-2002 David Corcoran // Copyright (C) 2006 Red Hat, Inc. // All rights reserved. // // Redistribution and use in source and binary forms, with or without // modification, are permitted provided that the following conditions // are met: // // 1. Redistributions of source code must retain the above copyright // notice, this list of conditions and the following disclaimer. // 2. Redistributions in binary form must reproduce the above copyright // notice, this list of conditions and the following disclaimer in the // documentation and/or other materials provided with the distribution. // 3. The name of the author may not be used to endorse or promote products // derived from this software without specific prior written permission. // // Changes to this license can be made only by the copyright author with // explicit written consent. // // THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR // IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES // OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. // IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, // INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT // NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, // DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY // THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF // THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. // Alternatively, the contents of this file may be used under the terms of // the GNU Lesser General Public License Version 2.1 (the "LGPL"), in which // case the provisions of the LGPL are applicable instead of those above. If // you wish to allow use of your version of this file only under the terms // of the LGPL, and not to allow others to use your version of this file // under the terms of the BSD license, indicate your decision by deleting // the provisions above and replace them with the notice and other // provisions required by the LGPL. If you do not delete the provisions // above, a recipient may use your version of this file under the terms of // either the BSD license or the LGPL. // // You should have received a copy of the GNU Lesser General Public // License along with this library; if not, write to the Free Software // Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA // END LICENSE_BLOCK package com.redhat.nkey.applet; import javacard.framework.ISOException; import javacard.framework.Util; // Referenced classes of package com.redhat.nkey.applet: // MemoryManager /** * Object Manager Class * *

Objects are linked in a list in the dynamic memory. No smart search * is done at the moment.

* *

TODO - Could we definitively avoid a map enforcing the ID (equal to * the memory address, i.e.) - security implications ?

* * Object fields: * 
 *    short next
 *    short obj_class
 *    short obj_id
 *    short obj_size
 *    byte[] data
 *
* * @author Tommaso Cucinotta * @author David Corcoran * @author Ludovic Rousseau * @version 0.9.9 * */ public class ObjectManager { public static final byte OBJ_ACL_SIZE = 6; private static final byte OBJ_HEADER_SIZE = 14; private static final byte OBJ_H_NEXT = 0; private static final byte OBJ_H_CLASS = 2; private static final byte OBJ_H_ID = 4; private static final byte OBJ_H_ACL = 6; private static final short OBJ_ACL_READ = 6; private static final short OBJ_ACL_WRITE = 8; private static final short OBJ_ACL_DELETE = 10; private static final byte OBJ_H_SIZE = 12; private static final byte OBJ_H_DATA = 14; /** * There have been memory problems on the card */ public static final short SW_NO_MEMORY_LEFT = (short)0x9C01; public static final short SW_OBJECT_NOT_FOUND = (short)0x9C07; public static final short SW_OBJECT_EXISTS = (short)0x9C08; /** * Size of an Object Record filled by getFirstRecord() or * getNextRecord(): ID, Size, ACL */ public static final short RECORD_SIZE = 14; /** * Iterator on objects. */ private short it; /** * The Memory Manager object */ private MemoryManager mem; /** * Head of the objects' list */ private short obj_list_head; /** * Constructor for the ObjectManager class. * * @param mem_ref The MemoryManager object to be used to allocate * objects' memory. */ public ObjectManager(MemoryManager mem_ref) { mem = null; obj_list_head = -1; mem = mem_ref; obj_list_head = -1; } /** * Check if logged in identities satisfy requirements for an * operation * * @param required_ids The required identities as from an ACL short * @param logged_ids The current logged in identities as stored in * CardEdge.logged_ids */ private boolean authorizeOp(short base, short logged_ids, short offset) { short required_ids = mem.getShort((short)(base - OBJ_H_DATA), offset); return (required_ids & logged_ids) != 0; } /** * Allow or unallow delete on object given the logged identities */ public boolean authorizeDeleteFromAddress(short base, short logged_ids) { return authorizeOp(base, logged_ids, OBJ_ACL_DELETE); } /** * Allow or unallow read on object given the logged identities * * @param base The object base address as returned from * getBaseAddress() * @param logged_ids The current logged in identities as stored in * CardEdge.logged_ids */ public boolean authorizeReadFromAddress(short base, short logged_ids) { return authorizeOp(base, logged_ids, OBJ_ACL_READ); } /** * Allow or unallow write on object given the logged identities * * @param base The object base address as returned from * getBaseAddress() * @param logged_ids The current logged in identities as stored in * CardEdge.logged_ids */ public boolean authorizeWriteFromAddress(short base, short logged_ids) { return authorizeOp(base, logged_ids, OBJ_ACL_WRITE); } /** * Clamps an object freeing the unused memory * * @throws SW_NO_MEMORY_LEFT exception if cannot allocate the * memory. Does not check if object exists. * * @param type Object Type * @param id Object ID (Type and ID form a generic 4 bytes * identifier) * @param new_size The new object size (must be less than current * size) * * @return True if clamp was possible, false otherwise */ public boolean clampObject(short type, short id, short new_size) { short base = getEntry(type, id); if(base == -1) ISOException.throwIt((short)SW_OBJECT_NOT_FOUND); if(mem.realloc(base, (short)(new_size + RECORD_SIZE))) { mem.setShort(base, (short)OBJ_H_SIZE, new_size); return true; } else { return false; } } /** * Compare an object's ACL with the provided ACL. * * @param base The object base address, as returned from * getBaseAddress() * @param acl The buffer containing the ACL * * @return True if the ACLs are equal */ public boolean compareACLFromAddress(short base, byte acl[]) { return Util.arrayCompare(mem.getBuffer(), (short)((base - OBJ_HEADER_SIZE) + OBJ_H_ACL), acl, (short)0, (short)OBJ_ACL_SIZE) == 0; } /** * Creates an object with specified parameters. * * @throws SW_NO_MEMORY_LEFT exception if cannot allocate the * memory. Does not check if object exists. * * @param type Object Type * @param id Object ID (Type and ID form a generic 4 bytes * identifier) * @param acl_buf Java byte array containing the ACL for the new object * @param acl_offset Offset at which the ACL starts in acl_buf[] * * @return The memory base address for the object. It can be used in * successive calls to xxxFromAddress() methods. * */ public short createObject(short type, short id, short size, byte acl_buf[], short acl_offset) { if (exists(type, id)) ISOException.throwIt(SW_OBJECT_EXISTS); short base = mem.alloc((short)(size + OBJ_HEADER_SIZE)); if(base == -1) ISOException.throwIt((short)SW_NO_MEMORY_LEFT); mem.setShort(base, (short)OBJ_H_NEXT, obj_list_head); mem.setShort(base, (short)OBJ_H_CLASS, type); mem.setShort(base, (short)OBJ_H_ID, id); mem.setShort(base, (short)OBJ_H_SIZE, size); mem.setBytes(base, (short)OBJ_H_ACL, acl_buf, acl_offset, (short)OBJ_ACL_SIZE); obj_list_head = base; return (short)(base + OBJ_H_DATA); } /** * Creates an object with the maximum available size */ public short createObjectMax(short type, short id, byte acl_buf[], short acl_offset) { short obj_size = mem.getMaxSize(); if(obj_size == 0) ISOException.throwIt((short)SW_NO_MEMORY_LEFT); return createObject(type, id, (short)(obj_size - OBJ_H_DATA), acl_buf, acl_offset); } /** * Destroy the specified object * * @param type Object Type * @param id Object ID (Type and ID form a generic 4 bytes * identifier) * @param secure If true, object memory is zeroed before being * released. */ public void destroyObject(short type, short id, boolean secure) { boolean found; do { short curr = obj_list_head; short prev = -1; for (found = false; !found && curr != -1; ) { if(mem.getShort(curr, (short)OBJ_H_CLASS) == type && mem.getShort(curr, (short)OBJ_H_ID) == id) { found = true; } else { prev = curr; curr = mem.getShort(curr, (short)0); } } if(found) { if(prev != -1) mem.setShort(prev, (short)0, mem.getShort(curr, (short)0)); else obj_list_head = mem.getShort(curr, (short)0); if(secure) { Util.arrayFillNonAtomic(mem.getBuffer(), (short)(curr + OBJ_H_DATA), mem.getShort(curr, (short)OBJ_H_SIZE), (byte)0); } mem.free(curr); } } while (found); } /** * Checks if an object exists * * @param type The object type * @param id The object ID * * @return true if object exists */ public boolean exists(short type, short id) { short base = getEntry(type, id); return base != -1; } /** * Returns the data base address (offset) for an object. * *

The base address can be used for further calls to * xxxFromAddress() methods

* *

This function should only be used if performance issue arise. * setObjectData() and getObjectData() should be used, instead.

* * @param type Object Type * @param id Object ID (Type and ID form a generic 4 bytes * identifier) * * @return The starting offset of the object. At this location */ public short getBaseAddress(short type, short id) { short base = getEntry(type, id); if(base == -1) return -1; else return (short)(base + OBJ_H_DATA); } /** * Returns the header base address (offset) for the specified * object. * *

Object header is found at the returned offset, while object * data starts right after the header.

* *

This performs a linear search, so performance issues could * arise as the number of objects grows If object is not found, * then returns NULL_OFFSET.

* * @param type Object Type * @param id Object ID (Type and ID form a generic 4 bytes * identifier) * * @return The starting offset of the object or NULL_OFFSET if the * object is not found. */ private short getEntry(short type, short id) { for(short base = obj_list_head; base != -1; base = mem.getShort(base, (short)0)) { if(mem.getShort(base, (short)OBJ_H_CLASS) == type && mem.getShort(base, (short)OBJ_H_ID) == id) return base; } return -1; } /** * Resets the objects iterator and retrieves the information record * of the first object, if any. * * @param buffer The byte array into which the record will be copied * @param offset The offset in buffer[] at which the record will be * copied * * @return True if an object was found. False if there are no * objects. * * @see #getNextRecord(byte[], short) */ public boolean getFirstRecord(byte buffer[], short offset) { it = obj_list_head; return getNextRecord(buffer, offset); } /** * Retrieves the information record of the next object, if any. * * @param buffer The byte array into which the record will be copied * @param offset The offset in buffer[] at which the record will be * copied * * @return True if an object was found. False if there are no more * objects to inspect. * * @see #getFirstRecord(byte[], short) */ public boolean getNextRecord(byte buffer[], short offset) { if(it == -1) { return false; } else { Util.setShort(buffer, offset, mem.getShort(it, (short)2)); Util.setShort(buffer, (short)(offset + 2), mem.getShort(it, (short)OBJ_H_ID)); Util.setShort(buffer, (short)(offset + 4), (short)0); Util.setShort(buffer, (short)(offset + 6), mem.getShort(it, (short)OBJ_H_SIZE)); Util.arrayCopyNonAtomic(mem.getBuffer(), (short)(it + OBJ_H_ACL), buffer, (short)(offset + 8), (short)OBJ_ACL_SIZE); it = mem.getShort(it, (short)0); return true; } } /** * Returns object size from the base address */ public short getSizeFromAddress(short base) { return mem.getShort((short)((base - OBJ_H_DATA) + OBJ_H_SIZE)); } /** * Set the object's ACL. */ private void setACL(short type, short id, byte acl_buf[], short acl_offset) { short base = getEntry(type, id); mem.setBytes(base, (short)OBJ_H_ACL, acl_buf, acl_offset, (short)OBJ_ACL_SIZE); } } From fedora-directory-commits at redhat.com Thu Aug 24 15:50:23 2006 From: fedora-directory-commits at redhat.com (Robert Crittenden (rcritten)) Date: Thu, 24 Aug 2006 08:50:23 -0700 Subject: [Fedora-directory-commits] mod_nss nss_engine_init.c,1.22,1.23 Message-ID: <200608241550.k7OFoN5c031355@cvs-int.fedora.redhat.com> Author: rcritten Update of /cvs/dirsec/mod_nss In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv31338 Modified Files: nss_engine_init.c Log Message: Initialize the NSS cache before NSS_Init is called. A race condition was being triggered during the first module unload when calling NSS_Shutdown because the cache wasn't finished setting itself up in MP mode. Index: nss_engine_init.c =================================================================== RCS file: /cvs/dirsec/mod_nss/nss_engine_init.c,v retrieving revision 1.22 retrieving revision 1.23 diff -u -r1.22 -r1.23 --- nss_engine_init.c 2 Aug 2006 18:59:12 -0000 1.22 +++ nss_engine_init.c 24 Aug 2006 15:50:20 -0000 1.23 @@ -205,6 +205,14 @@ /* Set the PKCS #11 strings for the internal token. */ PK11_ConfigurePKCS11(NULL,NULL,NULL, INTERNAL_TOKEN_NAME, NULL, NULL,NULL,NULL,8,1); + ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, + "Initializing SSL Session Cache of size %d. SSL2 timeout = %d, SSL3/TLS timeout = %d.", mc->session_cache_size, mc->session_cache_timeout, mc->ssl3_session_cache_timeout); + ap_mpm_query(AP_MPMQ_IS_FORKED, &forked); + if (forked) + SSL_ConfigMPServerSIDCache(mc->session_cache_size, (PRUint32) mc->session_cache_timeout, (PRUint32) mc->ssl3_session_cache_timeout, NULL); + else + SSL_ConfigServerSessionIDCache(mc->session_cache_size, (PRUint32) mc->session_cache_timeout, (PRUint32) mc->ssl3_session_cache_timeout, NULL); + /* We need to be in the same directory as libnssckbi.so to load the * root certificates properly. */ @@ -268,14 +276,6 @@ nss_die(); } - ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, - "Initializing SSL Session Cache of size %d. SSL2 timeout = %d, SSL3/TLS timeout = %d.", mc->session_cache_size, mc->session_cache_timeout, mc->ssl3_session_cache_timeout); - ap_mpm_query(AP_MPMQ_IS_FORKED, &forked); - if (forked) - SSL_ConfigMPServerSIDCache(mc->session_cache_size, (PRUint32) mc->session_cache_timeout, (PRUint32) mc->ssl3_session_cache_timeout, NULL); - else - SSL_ConfigServerSessionIDCache(mc->session_cache_size, (PRUint32) mc->session_cache_timeout, (PRUint32) mc->ssl3_session_cache_timeout, NULL); - if (ocspenabled) { CERT_EnableOCSPChecking(CERT_GetDefaultCertDB()); ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, From fedora-directory-commits at redhat.com Thu Aug 24 21:03:52 2006 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Thu, 24 Aug 2006 14:03:52 -0700 Subject: [Fedora-directory-commits] adminutil/lib/libadminutil Makefile, 1.8, 1.9 Message-ID: <200608242103.k7OL3qJn017174@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/adminutil/lib/libadminutil In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14482 Modified Files: Makefile Log Message: Removed the link arg to link with libCrun.so.1 since there is no C++ code in AdminUtil. Index: Makefile =================================================================== RCS file: /cvs/dirsec/adminutil/lib/libadminutil/Makefile,v retrieving revision 1.8 retrieving revision 1.9 diff -u -r1.8 -r1.9 --- Makefile 11 May 2006 23:30:31 -0000 1.8 +++ Makefile 24 Aug 2006 21:03:44 -0000 1.9 @@ -58,16 +58,6 @@ LDAPLINK=-L$(LDAP_LIBPATH) $(addprefix -l, $(LDAP_SOLIB_NAMES)) $(addprefix -l, $(LDAP_SSLLIB_NAMES)) endif -ifeq ($(ARCH), SOLARIS) -ifeq ($(NS_USE_NATIVE), 1) -ifeq ($(USE_64), 1) -DEPLIBS += -L/opt/SUNWspro/lib/v9 -lCrun -else -DEPLIBS += -L/opt/SUNWspro/lib -lCrun -endif -endif -endif - OBJS=$(addprefix $(OBJDEST)/, psetc.o admutil.o distadm.o srvutil.o \ errRpt.o form_post.o strlist.o \ resource.o uginfo.o $(OSOBJS)) From fedora-directory-commits at redhat.com Fri Aug 25 00:31:42 2006 From: fedora-directory-commits at redhat.com (Robert Relyea (rrelyea)) Date: Thu, 24 Aug 2006 17:31:42 -0700 Subject: [Fedora-directory-commits] coolkey README, NONE, 1.1 aclocal.m4, 1.1.1.1, 1.2 config.h, 1.1.1.1, 1.2 config.status, 1.4, 1.5 configure, 1.3, 1.4 configure.in, 1.4, 1.5 libtool, 1.2, 1.3 ltmain.sh, 1.1.1.1, 1.2 Message-ID: <200608250031.k7P0Vgh4026669@cvs-int.fedora.redhat.com> Author: rrelyea Update of /cvs/dirsec/coolkey In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv26618 Modified Files: aclocal.m4 config.h config.status configure configure.in libtool ltmain.sh Added Files: README Log Message: Complete the windows build. --- NEW FILE README --- Building: Linux/Unix: autoconf ./configure If you need to modify the Makefiles, automake 1.9.6 was used. Makefile.am is included in the source. ------------------------------------------------------------------------------ Mac OS X: ------------------------------------------------------------------------------ Windows: Prereqs - Microsoft Visual C++ and Platform SDK. Install as normal. Make sure INCLUDE and LIB are set appropriately. These are available at (http://msdn.microsoft.com/visualc/) Cygwin Install as normal. You'll need base, the shell, autoconf-2.5x, cvs*... This can be downloaded at (http://www.cygwin.com) ZLib Download ZLib source an binaries from here (http://www.zlib.org) Unzip into a known directory (like c:/zlib) Set ZLIB_INCLUDE to the location of the include files (e.g. c:/zlib/include) and ZLIB_LIB to the location of the export libraries (e.g. c:/zlib/lib) Once everything is installed, start a cygwin shell. 1. checkout the coolkey source 2. Make sure the environment variables INCLUDE, LIB, ZLIB_INCLUDE, and ZLIB_LIB are defined. 3. Make sure the Visual C++ tools are in your path. In the root directory type: autoconf-2.5x ./configure make NOTE: Make install does not work on windows. You'll need to fetch src/libckyapplet/.lib/libckyapplet-1.dll src/coolkeypk11/.lib/libcookeypk11.dll and zlib1.dll from your zlibdirectory and install it in your windows system32 directory. * This may not be a full list. If you discover additional packages which are needed please let us know. Index: aclocal.m4 =================================================================== RCS file: /cvs/dirsec/coolkey/aclocal.m4,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- aclocal.m4 9 Jun 2006 18:31:31 -0000 1.1.1.1 +++ aclocal.m4 25 Aug 2006 00:31:39 -0000 1.2 @@ -3032,7 +3032,7 @@ _LT_AC_TAGVAR(enable_shared_with_static_runtimes, $1)=yes if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then - _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' + _LT_AC_TAGVAR(archive_cmds, $1)='$CC -LD -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker' # If the export-symbols file already is a .def file (1st line # is EXPORTS), use it as is; otherwise, prepend... _LT_AC_TAGVAR(archive_expsym_cmds, $1)='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then @@ -3041,7 +3041,11 @@ echo EXPORTS > $output_objdir/$soname.def; cat $export_symbols >> $output_objdir/$soname.def; fi~ - $CC -shared -nostdlib $output_objdir/$soname.def $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' + # + # Hack... gcc and lc are quite different, we can use either for cygwin + # try to get a line that both are happy with... + # + $CC -LD -shared -nostdlib $output_objdir/$soname.def $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker ' else _LT_AC_TAGVAR(ld_shlibs, $1)=no fi Index: config.h =================================================================== RCS file: /cvs/dirsec/coolkey/config.h,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- config.h 9 Jun 2006 18:31:38 -0000 1.1.1.1 +++ config.h 25 Aug 2006 00:31:39 -0000 1.2 @@ -5,7 +5,7 @@ #define DEBUG 1 /* Define to 1 if you have the header file. */ -#define HAVE_DLFCN_H 1 +/* #undef HAVE_DLFCN_H */ /* Define to 1 if you don't have `vprintf' but do have `_doprnt.' */ /* #undef HAVE_DOPRNT */ @@ -14,7 +14,7 @@ #define HAVE_FCNTL_H 1 /* Define to 1 if you have the header file. */ -#define HAVE_INTTYPES_H 1 +/* #undef HAVE_INTTYPES_H */ /* Define to 1 if your system has a GNU libc compatible `malloc' function, and to 0 otherwise. */ @@ -27,7 +27,7 @@ #define HAVE_MEMSET 1 /* Have PC/SC implementation */ -#define HAVE_PCSC 1 +/* #undef HAVE_PCSC */ /* old version of pc/sc-lite */ /* #undef HAVE_PCSC_OLD */ @@ -41,7 +41,7 @@ /* #undef HAVE_STAT_EMPTY_STRING_BUG */ /* Define to 1 if you have the header file. */ -#define HAVE_STDINT_H 1 +/* #undef HAVE_STDINT_H */ /* Define to 1 if you have the header file. */ #define HAVE_STDLIB_H 1 @@ -53,13 +53,13 @@ #define HAVE_STRERROR 1 /* Define to 1 if you have the header file. */ -#define HAVE_STRINGS_H 1 +/* #undef HAVE_STRINGS_H */ /* Define to 1 if you have the header file. */ #define HAVE_STRING_H 1 /* Define to 1 if you have the header file. */ -#define HAVE_SYSLOG_H 1 +/* #undef HAVE_SYSLOG_H */ /* Define to 1 if you have the header file. */ #define HAVE_SYS_STAT_H 1 @@ -68,14 +68,14 @@ #define HAVE_SYS_TYPES_H 1 /* Define to 1 if you have the header file. */ -#define HAVE_UNISTD_H 1 +/* #undef HAVE_UNISTD_H */ /* Define to 1 if you have the `vprintf' function. */ #define HAVE_VPRINTF 1 /* Define to 1 if `lstat' dereferences a symlink specified with a trailing slash. */ -#define LSTAT_FOLLOWS_SLASHED_SYMLINK 1 +/* #undef LSTAT_FOLLOWS_SLASHED_SYMLINK */ /* Name of package */ #define PACKAGE "coolkey" Index: config.status =================================================================== RCS file: /cvs/dirsec/coolkey/config.status,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- config.status 18 Aug 2006 16:04:42 -0000 1.4 +++ config.status 25 Aug 2006 00:31:39 -0000 1.5 @@ -484,31 +484,31 @@ s, at ECHO_C@,,;t t s, at ECHO_N@,-n,;t t s, at ECHO_T@,,;t t -s, at LIBS@,-ldl -lz ,;t t -s, at build@,i686-redhat-linux-gnu,;t t +s, at LIBS@,,;t t +s, at build@,i686-pc-cygwin,;t t s, at build_cpu@,i686,;t t -s, at build_vendor@,redhat,;t t -s, at build_os@,linux-gnu,;t t -s, at host@,i686-redhat-linux-gnu,;t t +s, at build_vendor@,pc,;t t +s, at build_os@,cygwin,;t t +s, at host@,i686-pc-cygwin,;t t s, at host_cpu@,i686,;t t -s, at host_vendor@,redhat,;t t -s, at host_os@,linux-gnu,;t t -s, at target@,i686-redhat-linux-gnu,;t t +s, at host_vendor@,pc,;t t +s, at host_os@,cygwin,;t t +s, at target@,i686-pc-cygwin,;t t s, at target_cpu@,i686,;t t -s, at target_vendor@,redhat,;t t -s, at target_os@,linux-gnu,;t t +s, at target_vendor@,pc,;t t +s, at target_os@,cygwin,;t t s, at INSTALL_PROGRAM@,${INSTALL},;t t s, at INSTALL_SCRIPT@,${INSTALL},;t t s, at INSTALL_DATA@,${INSTALL} -m 644,;t t -s, at CYGPATH_W@,echo,;t t +s, at CYGPATH_W@,cygpath -w,;t t s, at PACKAGE@,coolkey,;t t s, at VERSION@,1.1.0,;t t -s, at ACLOCAL@,${SHELL} /builds/fedora/coolkey/missing --run aclocal-1.9,;t t -s, at AUTOCONF@,${SHELL} /builds/fedora/coolkey/missing --run autoconf,;t t -s, at AUTOMAKE@,${SHELL} /builds/fedora/coolkey/missing --run automake-1.9,;t t -s, at AUTOHEADER@,${SHELL} /builds/fedora/coolkey/missing --run autoheader,;t t -s, at MAKEINFO@,${SHELL} /builds/fedora/coolkey/missing --run makeinfo,;t t -s, at install_sh@,/builds/fedora/coolkey/install-sh,;t t +s, at ACLOCAL@,${SHELL} /cygdrive/c/builds/fedora/coolkey/missing --run aclocal-1.9,;t t +s, at AUTOCONF@,${SHELL} /cygdrive/c/builds/fedora/coolkey/missing --run autoconf,;t t +s, at AUTOMAKE@,${SHELL} /cygdrive/c/builds/fedora/coolkey/missing --run automake-1.9,;t t +s, at AUTOHEADER@,${SHELL} /cygdrive/c/builds/fedora/coolkey/missing --run autoheader,;t t +s, at MAKEINFO@,${SHELL} /cygdrive/c/builds/fedora/coolkey/missing --run makeinfo,;t t +s, at install_sh@,/cygdrive/c/builds/fedora/coolkey/install-sh,;t t s, at STRIP@,strip,;t t s, at ac_ct_STRIP@,strip,;t t s, at INSTALL_STRIP_PROGRAM@,${SHELL} $(install_sh) -c -s,;t t @@ -516,34 +516,34 @@ s, at AWK@,gawk,;t t s, at SET_MAKE@,,;t t s, at am__leading_dot@,.,;t t -s, at AMTAR@,${SHELL} /builds/fedora/coolkey/missing --run tar,;t t +s, at AMTAR@,${SHELL} /cygdrive/c/builds/fedora/coolkey/missing --run tar,;t t s, at am__tar@,${AMTAR} chof - "$$tardir",;t t s, at am__untar@,${AMTAR} xf -,;t t s, at MAINTAINER_MODE_TRUE@,#,;t t s, at MAINTAINER_MODE_FALSE@,,;t t s, at MAINT@,#,;t t -s, at CC@,gcc,;t t -s, at CFLAGS@,-g -O2,;t t +s, at CC@,cl,;t t +s, at CFLAGS@,-g,;t t s, at LDFLAGS@,,;t t -s, at CPPFLAGS@,,;t t -s, at ac_ct_CC@,gcc,;t t -s, at EXEEXT@,,;t t -s, at OBJEXT@,o,;t t +s, at CPPFLAGS@, -DWIN32,;t t +s, at ac_ct_CC@,cl,;t t +s, at EXEEXT@,.exe,;t t +s, at OBJEXT@,obj,;t t s, at DEPDIR@,.deps,;t t s, at am__include@,include,;t t s, at am__quote@,,;t t s, at AMDEP_TRUE@,,;t t s, at AMDEP_FALSE@,#,;t t s, at AMDEPBACKSLASH@,\,;t t -s, at CCDEPMODE@,depmode=gcc3,;t t -s, at am__fastdepCC_TRUE@,,;t t -s, at am__fastdepCC_FALSE@,#,;t t -s, at CXX@,g++,;t t -s, at CXXFLAGS@,-g -O2,;t t -s, at ac_ct_CXX@,g++,;t t -s, at CXXDEPMODE@,depmode=gcc3,;t t -s, at am__fastdepCXX_TRUE@,,;t t -s, at am__fastdepCXX_FALSE@,#,;t t +s, at CCDEPMODE@,depmode=none,;t t +s, at am__fastdepCC_TRUE@,#,;t t +s, at am__fastdepCC_FALSE@,,;t t +s, at CXX@,cl,;t t +s, at CXXFLAGS@, /EHsc,;t t +s, at ac_ct_CXX@,,;t t +s, at CXXDEPMODE@,depmode=none,;t t +s, at am__fastdepCXX_TRUE@,#,;t t +s, at am__fastdepCXX_FALSE@,,;t t s, at EGREP@,grep -E,;t t s, at LN_S@,ln -s,;t t s, at ECHO@,echo,;t t @@ -551,22 +551,24 @@ s, at ac_ct_AR@,ar,;t t s, at RANLIB@,ranlib,;t t s, at ac_ct_RANLIB@,ranlib,;t t -s, at CPP@,gcc -E,;t t -s, at CXXCPP@,g++ -E,;t t +s, at CPP@,cl -E,;t t +s, at CXXCPP@,cl -E,;t t s, at F77@,,;t t s, at FFLAGS@,,;t t s, at ac_ct_F77@,,;t t s, at LIBTOOL@,$(SHELL) $(top_builddir)/libtool,;t t s, at LIBCKYAPPLET@,${top_builddir}/src/libckyapplet/libckyapplet.la,;t t -s, at PCSC_CFLAGS@,-pthread -I/usr/include/PCSC ,;t t -s, at PCSC_LIBS@,-lpcsclite ,;t t -s, at SCARD_LIB_NAME@,libpcsclite.so.1,;t t s, at PKG_CONFIG@,/usr/bin/pkg-config,;t t s, at ac_pt_PKG_CONFIG@,/usr/bin/pkg-config,;t t -s, at HAVE_PCSC_TRUE@,,;t t -s, at HAVE_PCSC_FALSE@,#,;t t -s, at LIBOBJS@,,;t t -s, at LTLIBOBJS@,,;t t +s, at PCSC_CFLAGS@,,;t t +s, at PCSC_LIBS@,,;t t +s, at ZLIB_CFLAGS@,-Ic:/zlib,;t t +s, at ZLIB_LIBS@,c:/zlib/zlib.dll,;t t +s, at SCARD_LIB_NAME@,winscard.dll,;t t +s, at HAVE_PCSC_TRUE@,#,;t t +s, at HAVE_PCSC_FALSE@,,;t t +s, at LIBOBJS@, ${LIBOBJDIR}lstat$U.obj,;t t +s, at LTLIBOBJS@, ${LIBOBJDIR}lstat$U.lo,;t t CEOF # Split the substitutions into bite-sized pieces for seds with @@ -889,26 +891,14 @@ ${ac_dA}HAVE_STDLIB_H${ac_dB}HAVE_STDLIB_H${ac_dC}1${ac_dD} ${ac_dA}HAVE_STRING_H${ac_dB}HAVE_STRING_H${ac_dC}1${ac_dD} ${ac_dA}HAVE_MEMORY_H${ac_dB}HAVE_MEMORY_H${ac_dC}1${ac_dD} -${ac_dA}HAVE_STRINGS_H${ac_dB}HAVE_STRINGS_H${ac_dC}1${ac_dD} -${ac_dA}HAVE_INTTYPES_H${ac_dB}HAVE_INTTYPES_H${ac_dC}1${ac_dD} -${ac_dA}HAVE_STDINT_H${ac_dB}HAVE_STDINT_H${ac_dC}1${ac_dD} -${ac_dA}HAVE_UNISTD_H${ac_dB}HAVE_UNISTD_H${ac_dC}1${ac_dD} -${ac_dA}HAVE_DLFCN_H${ac_dB}HAVE_DLFCN_H${ac_dC}1${ac_dD} -${ac_dA}HAVE_LIBZ${ac_dB}HAVE_LIBZ${ac_dC}1${ac_dD} -${ac_dA}HAVE_LIBDL${ac_dB}HAVE_LIBDL${ac_dC}1${ac_dD} -${ac_dA}HAVE_PCSC${ac_dB}HAVE_PCSC${ac_dC}1${ac_dD} ${ac_dA}DEBUG${ac_dB}DEBUG${ac_dC}1${ac_dD} ${ac_dA}STDC_HEADERS${ac_dB}STDC_HEADERS${ac_dC}1${ac_dD} ${ac_dA}HAVE_STRING_H${ac_dB}HAVE_STRING_H${ac_dC}1${ac_dD} -${ac_dA}HAVE_SYSLOG_H${ac_dB}HAVE_SYSLOG_H${ac_dC}1${ac_dD} ${ac_dA}HAVE_FCNTL_H${ac_dB}HAVE_FCNTL_H${ac_dC}1${ac_dD} -${ac_dA}HAVE_UNISTD_H${ac_dB}HAVE_UNISTD_H${ac_dC}1${ac_dD} -${ac_dA}HAVE_ZLIB_H${ac_dB}HAVE_ZLIB_H${ac_dC}1${ac_dD} ${ac_dA}HAVE_STDLIB_H${ac_dB}HAVE_STDLIB_H${ac_dC}1${ac_dD} ${ac_dA}HAVE_MALLOC${ac_dB}HAVE_MALLOC${ac_dC}1${ac_dD} ${ac_dA}HAVE_STDLIB_H${ac_dB}HAVE_STDLIB_H${ac_dC}1${ac_dD} ${ac_dA}HAVE_REALLOC${ac_dB}HAVE_REALLOC${ac_dC}1${ac_dD} -${ac_dA}LSTAT_FOLLOWS_SLASHED_SYMLINK${ac_dB}LSTAT_FOLLOWS_SLASHED_SYMLINK${ac_dC}1${ac_dD} ${ac_dA}HAVE_VPRINTF${ac_dB}HAVE_VPRINTF${ac_dC}1${ac_dD} ${ac_dA}HAVE_MEMSET${ac_dB}HAVE_MEMSET${ac_dC}1${ac_dD} ${ac_dA}HAVE_STRDUP${ac_dB}HAVE_STRDUP${ac_dC}1${ac_dD} @@ -939,39 +929,18 @@ ${ac_uA}HAVE_STDLIB_H${ac_uB}HAVE_STDLIB_H${ac_uC}1${ac_uD} ${ac_uA}HAVE_STRING_H${ac_uB}HAVE_STRING_H${ac_uC}1${ac_uD} ${ac_uA}HAVE_MEMORY_H${ac_uB}HAVE_MEMORY_H${ac_uC}1${ac_uD} -${ac_uA}HAVE_STRINGS_H${ac_uB}HAVE_STRINGS_H${ac_uC}1${ac_uD} -${ac_uA}HAVE_INTTYPES_H${ac_uB}HAVE_INTTYPES_H${ac_uC}1${ac_uD} -${ac_uA}HAVE_STDINT_H${ac_uB}HAVE_STDINT_H${ac_uC}1${ac_uD} -${ac_uA}HAVE_UNISTD_H${ac_uB}HAVE_UNISTD_H${ac_uC}1${ac_uD} -${ac_uA}HAVE_DLFCN_H${ac_uB}HAVE_DLFCN_H${ac_uC}1${ac_uD} -${ac_uA}HAVE_LIBZ${ac_uB}HAVE_LIBZ${ac_uC}1${ac_uD} -${ac_uA}HAVE_LIBDL${ac_uB}HAVE_LIBDL${ac_uC}1${ac_uD} -${ac_uA}HAVE_PCSC${ac_uB}HAVE_PCSC${ac_uC}1${ac_uD} ${ac_uA}DEBUG${ac_uB}DEBUG${ac_uC}1${ac_uD} ${ac_uA}STDC_HEADERS${ac_uB}STDC_HEADERS${ac_uC}1${ac_uD} ${ac_uA}HAVE_STRING_H${ac_uB}HAVE_STRING_H${ac_uC}1${ac_uD} -${ac_uA}HAVE_SYSLOG_H${ac_uB}HAVE_SYSLOG_H${ac_uC}1${ac_uD} ${ac_uA}HAVE_FCNTL_H${ac_uB}HAVE_FCNTL_H${ac_uC}1${ac_uD} -${ac_uA}HAVE_UNISTD_H${ac_uB}HAVE_UNISTD_H${ac_uC}1${ac_uD} -${ac_uA}HAVE_ZLIB_H${ac_uB}HAVE_ZLIB_H${ac_uC}1${ac_uD} ${ac_uA}HAVE_STDLIB_H${ac_uB}HAVE_STDLIB_H${ac_uC}1${ac_uD} ${ac_uA}HAVE_MALLOC${ac_uB}HAVE_MALLOC${ac_uC}1${ac_uD} ${ac_uA}HAVE_STDLIB_H${ac_uB}HAVE_STDLIB_H${ac_uC}1${ac_uD} ${ac_uA}HAVE_REALLOC${ac_uB}HAVE_REALLOC${ac_uC}1${ac_uD} -${ac_uA}LSTAT_FOLLOWS_SLASHED_SYMLINK${ac_uB}LSTAT_FOLLOWS_SLASHED_SYMLINK${ac_uC}1${ac_uD} ${ac_uA}HAVE_VPRINTF${ac_uB}HAVE_VPRINTF${ac_uC}1${ac_uD} ${ac_uA}HAVE_MEMSET${ac_uB}HAVE_MEMSET${ac_uC}1${ac_uD} ${ac_uA}HAVE_STRDUP${ac_uB}HAVE_STRDUP${ac_uC}1${ac_uD} ${ac_uA}HAVE_STRERROR${ac_uB}HAVE_STRERROR${ac_uC}1${ac_uD} -CEOF - sed -f $tmp/undefs.sed $tmp/in >$tmp/out - rm -f $tmp/in - mv $tmp/out $tmp/in - - cat >$tmp/undefs.sed <$tmp/out Index: configure =================================================================== RCS file: /cvs/dirsec/coolkey/configure,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- configure 10 Jun 2006 00:51:08 -0000 1.3 +++ configure 25 Aug 2006 00:31:39 -0000 1.4 @@ -463,7 +463,7 @@ # include #endif" -ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS build build_cpu build_vendor build_os host host_cpu host_vendor host_os target target_cpu target_vendor target_os INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA CYGPATH_W PACKAGE VERSION ACLOCAL AUTOCONF AUTOMAKE AUTOHEADER MAKEINFO install_sh STRIP ac_ct_STRIP INSTALL_STRIP_PROGRAM mkdir_p AWK SET_MAKE am__leading_dot AMTAR am__tar am__untar MAINTAINER_MODE_TRUE MAINTAINER_MODE_FALSE MAINT CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT DEPDIR am__include am__quote AMDEP_TRUE AMDEP_FALSE AMDEPBACKSLASH CCDEPMODE am__fastdepCC_TRUE am__fastdepCC_FALSE CXX CXXFLAGS ac_ct_CXX CXXDEPMODE am__fastdepCXX_TRUE am__fastdepCXX_FALSE EGREP LN_S E! CHO AR ac_ct_AR RANLIB ac_ct_RANLIB CPP CXXCPP F77 FFLAGS ac_ct_F77 LIBTOOL LIBCKYAPPLET PCSC_CFLAGS PCSC_LIBS SCARD_LIB_NAME PKG_CONFIG ac_pt_PKG_CONFIG HAVE_PCSC_TRUE HAVE_PCSC_FALSE LIBOBJS LTLIBOBJS' +ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS build build_cpu build_vendor build_os host host_cpu host_vendor host_os target target_cpu target_vendor target_os INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA CYGPATH_W PACKAGE VERSION ACLOCAL AUTOCONF AUTOMAKE AUTOHEADER MAKEINFO install_sh STRIP ac_ct_STRIP INSTALL_STRIP_PROGRAM mkdir_p AWK SET_MAKE am__leading_dot AMTAR am__tar am__untar MAINTAINER_MODE_TRUE MAINTAINER_MODE_FALSE MAINT CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT DEPDIR am__include am__quote AMDEP_TRUE AMDEP_FALSE AMDEPBACKSLASH CCDEPMODE am__fastdepCC_TRUE am__fastdepCC_FALSE CXX CXXFLAGS ac_ct_CXX CXXDEPMODE am__fastdepCXX_TRUE am__fastdepCXX_FALSE EGREP LN_S E! CHO AR ac_ct_AR RANLIB ac_ct_RANLIB CPP CXXCPP F77 FFLAGS ac_ct_F77 LIBTOOL LIBCKYAPPLET PKG_CONFIG ac_pt_PKG_CONFIG PCSC_CFLAGS PCSC_LIBS ZLIB_CFLAGS ZLIB_LIBS SCARD_LIB_NAME HAVE_PCSC_TRUE HAVE_PCSC_FALSE LIBOBJS LTLIBOBJS' ac_subst_files='' # Initialize some variables set by options. @@ -1059,7 +1059,7 @@ both] --with-tags[=TAGS] include additional configurations [automatic] - --with-pcsclite=PATH use PC/SC Lite in PATH + --with-pcsclite Use pcsc-lite (default=yes) Some influential environment variables: CC C compiler command @@ -2092,6 +2092,52 @@ fi + +# +# ./config does a poor job of dealing with native OS stuff other than +# unix, detect Windows and mac and do something a little more OS +# friendly +WINDOWS=0 +MAC=0 +UNIX=0 +echo "$as_me:$LINENO: checking platform type: " >&5 +echo $ECHO_N "checking platform type: ... $ECHO_C" >&6 +case "$host" in +*-*-win*|*-*-cygwin*) + echo "$as_me:$LINENO: result: Windows" >&5 +echo "${ECHO_T}Windows" >&6 + WINDOWS=1 + ZLIB_CFLAGS=-Ic:/zlib + ZLIB_LIBS=c:/zlib/zlib.dll + #OS_FLAGS=`echo $INCLUDE | tr '[[:upper:]]' '[[:lower:]]' | sed -e 's;\\\\;/;g' -e 's;.:;/cygdrive/&/;g' -e 's;:;;g' -e 's;//;/;g' -e 's/;/\" -I\"/g' -e 's;^;-I\";' -e 's;$;\";'` + CPPFLAGS="$CPPFLAGS $OS_FLAGS -DWIN32" + LDFLAGS="$LDFLAGS" + { echo "$as_me:$LINENO: WARNING: changing CPPFLAGS = $CPPFLAGS " >&5 +echo "$as_me: WARNING: changing CPPFLAGS = $CPPFLAGS " >&2;}; + SCARD_LIB_NAME="winscard.dll" + # override config defaults for windows + CC=cl + CXX=cl + CXXFLAGS="$CXXFLAGS /EHsc" + ;; +*-*-darwin*) + echo "$as_me:$LINENO: result: MAC" >&5 +echo "${ECHO_T}MAC" >&6 + MAC=1 + SCARD_LIB_NAME="PCSC.Framework/PCSC" + PCSC_MSG=yes + PCSC_CFLAGS="" + PCSC_LIBS="-Wl,-framework,PCSC" + ;; +*) + echo "$as_me:$LINENO: result: UNIX/LINUX" >&5 +echo "${ECHO_T}UNIX/LINUX" >&6 + UNIX=1 + # should look it up on the local system + SCARD_LIB_NAME="libpcsclite.so.1" + ;; +esac + # Checks for programs. ac_ext=c ac_cpp='$CPP $CPPFLAGS' @@ -4227,7 +4273,7 @@ ;; *-*-irix6*) # Find out which ABI we are using. - echo '#line 4230 "configure"' > conftest.$ac_ext + echo '#line 4276 "configure"' > conftest.$ac_ext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? @@ -5362,7 +5408,7 @@ # Provide some information about the compiler. -echo "$as_me:5365:" \ +echo "$as_me:5411:" \ "checking for Fortran 77 compiler version" >&5 ac_compiler=`set X $ac_compile; echo $2` { (eval echo "$as_me:$LINENO: \"$ac_compiler --version &5\"") >&5 @@ -6425,11 +6471,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:6428: $lt_compile\"" >&5) + (eval echo "\"\$as_me:6474: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:6432: \$? = $ac_status" >&5 + echo "$as_me:6478: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -6693,11 +6739,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:6696: $lt_compile\"" >&5) + (eval echo "\"\$as_me:6742: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:6700: \$? = $ac_status" >&5 + echo "$as_me:6746: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -6797,11 +6843,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:6800: $lt_compile\"" >&5) + (eval echo "\"\$as_me:6846: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:6804: \$? = $ac_status" >&5 + echo "$as_me:6850: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -8266,7 +8312,7 @@ libsuff= case "$host_cpu" in x86_64*|s390x*|powerpc64*) - echo '#line 8269 "configure"' > conftest.$ac_ext + echo '#line 8315 "configure"' > conftest.$ac_ext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? @@ -9163,7 +9209,7 @@ lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext < conftest.$ac_ext <&1 | grep 'auto-import' > /dev/null; then - archive_cmds_CXX='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' + archive_cmds_CXX='$CC -LD -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker' # If the export-symbols file already is a .def file (1st line # is EXPORTS), use it as is; otherwise, prepend... archive_expsym_cmds_CXX='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then @@ -10488,7 +10534,11 @@ echo EXPORTS > $output_objdir/$soname.def; cat $export_symbols >> $output_objdir/$soname.def; fi~ - $CC -shared -nostdlib $output_objdir/$soname.def $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' + # + # Hack... gcc and lc are quite different, we can use either for cygwin + # try to get a line that both are happy with... + # + $CC -LD -shared -nostdlib $output_objdir/$soname.def $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker ' else ld_shlibs_CXX=no fi @@ -11603,11 +11653,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:11606: $lt_compile\"" >&5) + (eval echo "\"\$as_me:11656: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:11610: \$? = $ac_status" >&5 + echo "$as_me:11660: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -11707,11 +11757,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:11710: $lt_compile\"" >&5) + (eval echo "\"\$as_me:11760: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:11714: \$? = $ac_status" >&5 + echo "$as_me:11764: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -12243,7 +12293,7 @@ libsuff= case "$host_cpu" in x86_64*|s390x*|powerpc64*) - echo '#line 12246 "configure"' > conftest.$ac_ext + echo '#line 12296 "configure"' > conftest.$ac_ext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? @@ -13298,11 +13348,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:13301: $lt_compile\"" >&5) + (eval echo "\"\$as_me:13351: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:13305: \$? = $ac_status" >&5 + echo "$as_me:13355: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -13402,11 +13452,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:13405: $lt_compile\"" >&5) + (eval echo "\"\$as_me:13455: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:13409: \$? = $ac_status" >&5 + echo "$as_me:13459: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -14851,7 +14901,7 @@ libsuff= case "$host_cpu" in x86_64*|s390x*|powerpc64*) - echo '#line 14854 "configure"' > conftest.$ac_ext + echo '#line 14904 "configure"' > conftest.$ac_ext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? @@ -15626,11 +15676,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:15629: $lt_compile\"" >&5) + (eval echo "\"\$as_me:15679: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:15633: \$? = $ac_status" >&5 + echo "$as_me:15683: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -15894,11 +15944,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:15897: $lt_compile\"" >&5) + (eval echo "\"\$as_me:15947: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:15901: \$? = $ac_status" >&5 + echo "$as_me:15951: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -15998,11 +16048,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:16001: $lt_compile\"" >&5) + (eval echo "\"\$as_me:16051: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:16005: \$? = $ac_status" >&5 + echo "$as_me:16055: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -17467,7 +17517,7 @@ libsuff= case "$host_cpu" in x86_64*|s390x*|powerpc64*) - echo '#line 17470 "configure"' > conftest.$ac_ext + echo '#line 17520 "configure"' > conftest.$ac_ext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? @@ -18778,6 +18828,7 @@ # Checks for libraries. +if test $WINDOWS -ne 1; then echo "$as_me:$LINENO: checking for uncompress in -lz" >&5 echo $ECHO_N "checking for uncompress in -lz... $ECHO_C" >&6 @@ -18934,47 +18985,22 @@ { (exit 1); exit 1; }; } fi +fi # add our compiled static libraries LIBCKYAPPLET="\${top_builddir}/src/libckyapplet/libckyapplet.la" -PCSC_MSG=no -pcsc_path=/usr - - - - -case "$host" in -*-*-win*) - SCARD_LIB_NAME="winscard.dll" - ;; -*-*-darwin*) - SCARD_LIB_NAME="PCSC.Framework/PCSC" - PCSC_MSG=yes - PCSC_CFLAGS="" - PCSC_LIBS="-Wl,-framework,PCSC" - ;; -*) - # should look it up on the local system - SCARD_LIB_NAME="libpcsclite.so.1" - ;; -esac - -saved_LIBS="$LIBS" -saved_CFLAGS="$CFLAGS" -saved_LDFLAGS="$LDFLAGS" -saved_CPPFLAGS="$CPPFLAGS" # Check whether --with-pcsclite or --without-pcsclite was given. if test "${with_pcsclite+set}" = set; then withval="$with_pcsclite" - pcsc_path=$withval + fi; -if test "x$pcsc_path" = "xno"; then - PCSC_MSG="no" -fi -if test "x$pcsc_path" != "xno" -a "x$PCSC_MSG" != "xyes"; then +if test "$with_pcsclite" = "no" -o "$with_pcsclite" = "false" +then + with_pcsclite=no +else if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then @@ -19139,297 +19165,52 @@ # Put the nasty error message in config.log where it belongs echo "$PCSC_PKG_ERRORS" >&5 - - echo "$as_me:$LINENO: checking for PC/SC Lite support (old style)" >&5 -echo $ECHO_N "checking for PC/SC Lite support (old style)... $ECHO_C" >&6 - for pcscdir in "" /PCSC; do - CPPFLAGS="$saved_CPPFLAGS" - LDFLAGS="$saved_LDFLAGS" - LIBS="-lpcsclite $saved_LIBS" - PCSC_CFLAGS="" - - for pcsc_libdir in $pcsc_path/lib$pcscdir \ - $pcsc_path$pcscdir/lib \ - $pcsc_path$pcscdir; do - if test -d $pcsc_libdir; then - if test -n "${need_dash_r}"; then - LDFLAGS="-R${pcsc_libdir}/ ${LDFLAGS}" - fi - LDFLAGS="-L${pcsc_libdir} ${LDFLAGS}" - fi - done - - for pcsc_incdir in $pcsc_path/include$pcscdir \ - $pcsc_path$pcscdir/include \ - $pcsc_path$pcscdir; do - if test -d $pcsc_incdir; then - PCSC_CFLAGS="-I${pcsc_incdir}" - break; - fi - done - - CPPFLAGS="${PCSC_CFLAGS} ${CPPFLAGS}" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include -#include -int -main () -{ -SCardEstablishContext(0, NULL, NULL, NULL); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 - (eval $ac_link) 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && - { ac_try='test -z "$ac_c_werror_flag" - || test ! -s conftest.err' - { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 - (eval $ac_try) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; } && - { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 - (eval $ac_try) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then - ac_cv_lib_pcsclite_SCardEstablishContext=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - -fi -rm -f conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - if test "x$ac_cv_lib_pcsclite_SCardEstablishContext" = "xyes"; then - PCSC_MSG=yes - break; - fi - CPPFLAGS="$saved_CPPFLAGS" - LDFLAGS="$saved_LDFLAGS" - LIBS="$saved_LIBS" - PCSC_CFLAGS="" - done - echo "$as_me:$LINENO: result: $PCSC_MSG" >&5 -echo "${ECHO_T}$PCSC_MSG" >&6 - if test "x$PCSC_MSG" = "xyes" ; then - PCSC_LIBS="-lpcsclite" - CPPFLAGS="$saved_CPPFLAGS" - LIBS="$saved_LIBS" - fi + if test -f /usr/local/lib/pkgconfig/libpcsclite.pc ; then + { { echo "$as_me:$LINENO: error: use PKG_CONFIG_PATH=/usr/local/lib/pkgconfig ./configure" >&5 +echo "$as_me: error: use PKG_CONFIG_PATH=/usr/local/lib/pkgconfig ./configure" >&2;} + { (exit 1); exit 1; }; } + else + { echo "$as_me:$LINENO: WARNING: pcsc-lite not found" >&5 +echo "$as_me: WARNING: pcsc-lite not found" >&2;} + with_pcsclite=no + fi elif test $pkg_failed = untried; then - - echo "$as_me:$LINENO: checking for PC/SC Lite support (old style)" >&5 -echo $ECHO_N "checking for PC/SC Lite support (old style)... $ECHO_C" >&6 - for pcscdir in "" /PCSC; do - CPPFLAGS="$saved_CPPFLAGS" - LDFLAGS="$saved_LDFLAGS" - LIBS="-lpcsclite $saved_LIBS" - PCSC_CFLAGS="" - - for pcsc_libdir in $pcsc_path/lib$pcscdir \ - $pcsc_path$pcscdir/lib \ - $pcsc_path$pcscdir; do - if test -d $pcsc_libdir; then - if test -n "${need_dash_r}"; then - LDFLAGS="-R${pcsc_libdir}/ ${LDFLAGS}" - fi - LDFLAGS="-L${pcsc_libdir} ${LDFLAGS}" - fi - done - - for pcsc_incdir in $pcsc_path/include$pcscdir \ - $pcsc_path$pcscdir/include \ - $pcsc_path$pcscdir; do - if test -d $pcsc_incdir; then - PCSC_CFLAGS="-I${pcsc_incdir}" - break; - fi - done - - CPPFLAGS="${PCSC_CFLAGS} ${CPPFLAGS}" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include -#include -int -main () -{ -SCardEstablishContext(0, NULL, NULL, NULL); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 - (eval $ac_link) 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && - { ac_try='test -z "$ac_c_werror_flag" - || test ! -s conftest.err' - { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 - (eval $ac_try) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; } && - { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 - (eval $ac_try) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then - ac_cv_lib_pcsclite_SCardEstablishContext=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - -fi -rm -f conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - if test "x$ac_cv_lib_pcsclite_SCardEstablishContext" = "xyes"; then - PCSC_MSG=yes - break; - fi - CPPFLAGS="$saved_CPPFLAGS" - LDFLAGS="$saved_LDFLAGS" - LIBS="$saved_LIBS" - PCSC_CFLAGS="" - done - echo "$as_me:$LINENO: result: $PCSC_MSG" >&5 -echo "${ECHO_T}$PCSC_MSG" >&6 - if test "x$PCSC_MSG" = "xyes" ; then - PCSC_LIBS="-lpcsclite" - CPPFLAGS="$saved_CPPFLAGS" - LIBS="$saved_LIBS" - fi + if test -f /usr/local/lib/pkgconfig/libpcsclite.pc ; then + { { echo "$as_me:$LINENO: error: use PKG_CONFIG_PATH=/usr/local/lib/pkgconfig ./configure" >&5 +echo "$as_me: error: use PKG_CONFIG_PATH=/usr/local/lib/pkgconfig ./configure" >&2;} + { (exit 1); exit 1; }; } + else + { echo "$as_me:$LINENO: WARNING: pcsc-lite not found" >&5 +echo "$as_me: WARNING: pcsc-lite not found" >&2;} + with_pcsclite=no + fi else PCSC_CFLAGS=$pkg_cv_PCSC_CFLAGS PCSC_LIBS=$pkg_cv_PCSC_LIBS echo "$as_me:$LINENO: result: yes" >&5 echo "${ECHO_T}yes" >&6 - - PCSC_MSG="yes" - echo "$as_me:$LINENO: result: $PCSC_MSG" >&5 -echo "${ECHO_T}$PCSC_MSG" >&6 - + with_pcsclite=yes fi fi -if test "x$PCSC_MSG" = "xyes"; then - HAVE_PCSC_TRUE= - HAVE_PCSC_FALSE='#' -else - HAVE_PCSC_TRUE='#' - HAVE_PCSC_FALSE= -fi - -if test "x$PCSC_MSG" = "xyes"; then - -cat >>confdefs.h <<\_ACEOF -#define HAVE_PCSC 1 -_ACEOF - -else - PCSC_LIBS="" - PCSC_CFLAGS="" -fi - -if test "x$PCSC_MSG" = "xyes"; then - CPPFLAGS="${PCSC_CFLAGS} $saved_CPPFLAGS" - CFLAGS="$PCSC_CFLAGS $saved_CFLAGS" - LIBS="$PCSC_LIBS $saved_LIBS" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -#ifdef __APPLE__ -#include -#include -#else -#include -#endif - -int -main () -{ - -SCardControl(NULL, NULL, 0, NULL, NULL); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 - (eval $ac_link) 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && - { ac_try='test -z "$ac_c_werror_flag" - || test ! -s conftest.err' - { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 - (eval $ac_try) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; } && - { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 - (eval $ac_try) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then -cat >>confdefs.h <<\_ACEOF -#define HAVE_PCSC_OLD 1 -_ACEOF +if test x$with_pcsclite = xyes; then + HAVE_PCSC_TRUE= + HAVE_PCSC_FALSE='#' else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - -fi -rm -f conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - CPPFLAGS="$saved_CPPFLAGS" - CFLAGS="$saved_CFLAGS" - LIBS="$saved_LIBS" + HAVE_PCSC_TRUE='#' + HAVE_PCSC_FALSE= fi + cat >>confdefs.h <<\_ACEOF #define DEBUG 1 _ACEOF @@ -21080,9 +20861,10 @@ # 1. Remove the extension, and $U if already installed. ac_i=`echo "$ac_i" | sed 's/\$U\././;s/\.o$//;s/\.obj$//'` - # 2. Add them. - ac_libobjs="$ac_libobjs $ac_i\$U.$ac_objext" - ac_ltlibobjs="$ac_ltlibobjs $ac_i"'$U.lo' + # 2. Prepend LIBOBJDIR. When used with automake>=1.10 LIBOBJDIR + # will be set to the directory where LIBOBJS objects are built. + ac_libobjs="$ac_libobjs \${LIBOBJDIR}$ac_i\$U.$ac_objext" + ac_ltlibobjs="$ac_ltlibobjs \${LIBOBJDIR}$ac_i"'$U.lo' done LIBOBJS=$ac_libobjs @@ -21732,11 +21514,13 @@ s, at ac_ct_F77@,$ac_ct_F77,;t t s, at LIBTOOL@,$LIBTOOL,;t t s, at LIBCKYAPPLET@,$LIBCKYAPPLET,;t t +s, at PKG_CONFIG@,$PKG_CONFIG,;t t +s, at ac_pt_PKG_CONFIG@,$ac_pt_PKG_CONFIG,;t t s, at PCSC_CFLAGS@,$PCSC_CFLAGS,;t t s, at PCSC_LIBS@,$PCSC_LIBS,;t t +s, at ZLIB_CFLAGS@,$ZLIB_CFLAGS,;t t +s, at ZLIB_LIBS@,$ZLIB_LIBS,;t t s, at SCARD_LIB_NAME@,$SCARD_LIB_NAME,;t t -s, at PKG_CONFIG@,$PKG_CONFIG,;t t -s, at ac_pt_PKG_CONFIG@,$ac_pt_PKG_CONFIG,;t t s, at HAVE_PCSC_TRUE@,$HAVE_PCSC_TRUE,;t t s, at HAVE_PCSC_FALSE@,$HAVE_PCSC_FALSE,;t t s, at LIBOBJS@,$LIBOBJS,;t t Index: configure.in =================================================================== RCS file: /cvs/dirsec/coolkey/configure.in,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- configure.in 18 Aug 2006 16:03:31 -0000 1.4 +++ configure.in 25 Aug 2006 00:31:39 -0000 1.5 @@ -55,7 +55,7 @@ AC_MSG_RESULT([Windows]) WINDOWS=1 ZLIB_CFLAGS=-Ic:/zlib - ZLIB_LIB=c:/zlib/zlib.dll + ZLIB_LIBS=c:/zlib/zlib.dll #OS_FLAGS=`echo $INCLUDE | tr '[[:upper:]]' '[[:lower:]]' | sed -e 's;\\\\;/;g' -e 's;.:;/cygdrive/&/;g' -e 's;:;;g' -e 's;//;/;g' -e 's/;/\" -I\"/g' -e 's;^;-I\";' -e 's;$;\";'` CPPFLAGS="$CPPFLAGS $OS_FLAGS -DWIN32" LDFLAGS="$LDFLAGS" Index: libtool =================================================================== RCS file: /cvs/dirsec/coolkey/libtool,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- libtool 9 Jun 2006 21:56:34 -0000 1.2 +++ libtool 25 Aug 2006 00:31:39 -0000 1.3 @@ -30,10 +30,10 @@ # the same distribution terms that you use for the rest of that program. # A sed program that does not truncate output. -SED="/bin/sed" +SED="/usr/bin/sed" # Sed that helps us avoid accidentally triggering echo(1) options like -n. -Xsed="/bin/sed -e 1s/^X//" +Xsed="/usr/bin/sed -e 1s/^X//" # The HP-UX ksh and POSIX shell print the target directory to stdout # if CDPATH is set. @@ -44,7 +44,7 @@ # ### BEGIN LIBTOOL CONFIG -# Libtool was configured on host jordan.sfbay.redhat.com: +# Libtool was configured on host relyea2: # Shell to use when invoking shell scripts. SHELL="/bin/sh" @@ -56,23 +56,23 @@ build_old_libs=yes # Whether or not to add -lc for building shared libraries. -build_libtool_need_lc=no +build_libtool_need_lc=yes # Whether or not to disallow shared libs when runtime libs are static -allow_libtool_libs_with_static_runtimes=no +allow_libtool_libs_with_static_runtimes=yes # Whether or not to optimize for fast installation. fast_install=yes # The host system. host_alias= -host=i686-redhat-linux-gnu -host_os=linux-gnu +host=i686-pc-cygwin +host_os=cygwin # The build system. build_alias= -build=i686-redhat-linux-gnu -build_os=linux-gnu +build=i686-pc-cygwin +build_os=cygwin # An echo program that does not interpret backslashes. echo="echo" @@ -82,22 +82,22 @@ AR_FLAGS="cru" # A C compiler. -LTCC="gcc" +LTCC="cl" # LTCC compiler flags. -LTCFLAGS="-g -O2" +LTCFLAGS="-g" # A language-specific compiler. -CC="gcc" +CC="cl" # Is the compiler the GNU C compiler? -with_gcc=yes +with_gcc= # An ERE matcher. EGREP="grep -E" # The linker used to build libraries. -LD="/usr/bin/ld" +LD="/bin/ld" # Whether we need hard or soft links. LN_S="ln -s" @@ -128,32 +128,32 @@ reload_cmds="\$LD\$reload_flag -o \$output\$reload_objs" # How to pass a linker flag through the compiler. -wl="-Wl," +wl="" # Object file suffix (normally "o"). -objext="o" +objext="obj" # Old archive suffix (normally "a"). -libext="a" +libext="lib" # Shared library suffix (normally ".so"). -shrext='.so' +shrext='.dll' # Executable file suffix (normally ""). exeext="" # Additional compiler flags for building library objects. -pic_flag=" -fPIC -DPIC" +pic_flag=" -DPIC" pic_mode=default # What is the maximum length of a command? -max_cmd_len=32768 +max_cmd_len=8192 # Does compiler simultaneously support -c and -o options? -compiler_c_o="yes" +compiler_c_o="no" # Must we lock files when doing compilation? -need_locks="no" +need_locks="yes" # Do we need the lib prefix for modules? need_lib_prefix=no @@ -171,36 +171,36 @@ dlopen_self_static=unknown # Compiler flag to prevent dynamic linking. -link_static_flag="-static" +link_static_flag="" # Compiler flag to turn off builtin functions. -no_builtin_flag=" -fno-builtin" +no_builtin_flag="" # Compiler flag to allow reflexive dlopens. -export_dynamic_flag_spec="\${wl}--export-dynamic" +export_dynamic_flag_spec="" # Compiler flag to generate shared objects directly from archives. -whole_archive_flag_spec="\${wl}--whole-archive\$convenience \${wl}--no-whole-archive" +whole_archive_flag_spec="" # Compiler flag to generate thread-safe objects. thread_safe_flag_spec="" # Library versioning type. -version_type=linux +version_type=windows # Format of library name prefix. libname_spec="lib\$name" # List of archive names. First name is the real one, the rest are links. # The last name is the one that the linker finds with -lNAME. -library_names_spec="\${libname}\${release}\${shared_ext}\$versuffix \${libname}\${release}\${shared_ext}\$major \$libname\${shared_ext}" +library_names_spec="\${libname}\`echo \${release} | \$SED -e s/[.]/-/g\`\${versuffix}\${shared_ext} \$libname.lib" # The coded name of the library, if different from the real name. -soname_spec="\${libname}\${release}\${shared_ext}\$major" +soname_spec="" # Commands used to build and install an old-style archive. RANLIB="ranlib" -old_archive_cmds="\$AR \$AR_FLAGS \$oldlib\$oldobjs\$old_deplibs~\$RANLIB \$oldlib" +old_archive_cmds="lib /OUT:\$oldlib\$oldobjs\$old_deplibs" old_postinstall_cmds="chmod 644 \$oldlib~\$RANLIB \$oldlib" old_postuninstall_cmds="" @@ -211,11 +211,8 @@ old_archive_from_expsyms_cmds="" # Commands used to build and install a shared archive. -archive_cmds="\$CC -shared \$libobjs \$deplibs \$compiler_flags \${wl}-soname \$wl\$soname -o \$lib" -archive_expsym_cmds="\$echo \\\"{ global:\\\" > \$output_objdir/\$libname.ver~ - cat \$export_symbols | sed -e \\\"s/\\\\(.*\\\\)/\\\\1;/\\\" >> \$output_objdir/\$libname.ver~ - \$echo \\\"local: *; };\\\" >> \$output_objdir/\$libname.ver~ - \$CC -shared \$libobjs \$deplibs \$compiler_flags \${wl}-soname \$wl\$soname \${wl}-version-script \${wl}\$output_objdir/\$libname.ver -o \$lib" +archive_cmds="\$CC -o \$lib \$libobjs \$compiler_flags \\\`echo \\\"\$deplibs\\\" | \$SED -e 's/ -lc\$//'\\\` -link -dll~linknames=" +archive_expsym_cmds="" postinstall_cmds="" postuninstall_cmds="" @@ -248,25 +245,25 @@ compiler_lib_search_path="" # Method to check whether dependent libraries are shared objects. -deplibs_check_method="pass_all" +deplibs_check_method="file_magic ^x86 archive import|^x86 DLL" # Command to use when deplibs_check_method == file_magic. -file_magic_cmd="\$MAGIC_CMD" +file_magic_cmd="func_win32_libid" # Flag that allows shared libraries with undefined symbols to be built. -allow_undefined_flag="" +allow_undefined_flag="unsupported" # Flag that forces no undefined symbols. no_undefined_flag="" # Commands used to finish a libtool library installation in a directory. -finish_cmds="PATH=\\\"\\\$PATH:/sbin\\\" ldconfig -n \$libdir" +finish_cmds="" # Same as above, but a single script fragment to be evaled but not shown. finish_eval="" # Take the output of nm and produce a listing of raw symbols and C names. -global_symbol_pipe="sed -n -e 's/^.*[ ]\\([ABCDGIRSTW][ABCDGIRSTW]*\\)[ ][ ]*\\([_A-Za-z][_A-Za-z0-9]*\\)\$/\\1 \\2 \\2/p'" +global_symbol_pipe="sed -n -e 's/^.*[ ]\\([ABCDGIRSTW][ABCDGIRSTW]*\\)[ ][ ]*_\\([_A-Za-z][_A-Za-z0-9]*\\)\$/\\1 _\\2 \\2/p'" # Transform the output of nm in a proper C declaration global_symbol_to_cdecl="sed -n -e 's/^. .* \\(.*\\)\$/extern int \\1;/p'" @@ -275,23 +272,23 @@ global_symbol_to_c_name_address="sed -n -e 's/^: \\([^ ]*\\) \$/ {\\\"\\1\\\", (lt_ptr) 0},/p' -e 's/^[BCDEGRST] \\([^ ]*\\) \\([^ ]*\\)\$/ {\"\\2\", (lt_ptr) \\&\\2},/p'" # This is the shared library runtime path variable. -runpath_var=LD_RUN_PATH +runpath_var= # This is the shared library path variable. -shlibpath_var=LD_LIBRARY_PATH +shlibpath_var=PATH # Is shlibpath searched before the hard-coded library search path? -shlibpath_overrides_runpath=no +shlibpath_overrides_runpath=unknown # How to hardcode a shared library path into an executable. hardcode_action=immediate # Whether we should hardcode library paths into libraries. -hardcode_into_libs=yes +hardcode_into_libs=no # Flag to hardcode $libdir into a binary during linking. # This must work even if $libdir does not exist. -hardcode_libdir_flag_spec="\${wl}--rpath \${wl}\$libdir" +hardcode_libdir_flag_spec=" " # If ld is used when linking, flag to hardcode $libdir into # a binary during linking. This must work even if $libdir does @@ -319,19 +316,19 @@ # Variables whose values should be saved in libtool wrapper scripts and # restored at relink time. -variables_saved_for_relink="PATH LD_LIBRARY_PATH LD_RUN_PATH GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH" +variables_saved_for_relink="PATH PATH " # Whether libtool must link a program against all its dependency libraries. link_all_deplibs=unknown # Compile-time system search path for libraries -sys_lib_search_path_spec=" /usr/lib/gcc/i386-redhat-linux/4.1.0/ /usr/lib/gcc/i386-redhat-linux/4.1.0/ /usr/lib/gcc/i386-redhat-linux/4.1.0/../../../../i386-redhat-linux/lib/i386-redhat-linux/4.1.0/ /usr/lib/gcc/i386-redhat-linux/4.1.0/../../../../i386-redhat-linux/lib/ /usr/lib/gcc/i386-redhat-linux/4.1.0/../../../i386-redhat-linux/4.1.0/ /usr/lib/gcc/i386-redhat-linux/4.1.0/../../../ /lib/i386-redhat-linux/4.1.0/ /lib/ /usr/lib/i386-redhat-linux/4.1.0/ /usr/lib/" +sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib" # Run-time system search path for libraries -sys_lib_dlsearch_path_spec="/lib /usr/lib /usr/lib/mysql /usr/lib/mysql /usr/lib/qt-3.3/lib /usr/X11R6/lib /usr/lib/mysql /usr/lib/wine " +sys_lib_dlsearch_path_spec="/lib /usr/lib" # Fix the shell variable $srcfile for the compiler. -fix_srcfile_path="" +fix_srcfile_path="`cygpath -w "$srcfile"`" # Set to yes if exported symbols are required. always_export_symbols=no @@ -1931,6 +1928,12 @@ continue ;; + *$shrext) + # A shared library + deplibs="$deplibs $arg" + continue + ;; + *.la) # A libtool-controlled library. @@ -2263,6 +2266,12 @@ continue ;; *.la) lib="$deplib" ;; + *$shrext) + if test "$pass" = link -a "$shrext" = ".dll"; then + deplib=`echo $deplib | sed -e 's;'$shrext'\$;.'$libext';'` + fi + deplibs="$deplib $deplibs" + continue;; *.$libext) if test "$pass" = conv; then deplibs="$deplib $deplibs" @@ -6651,7 +6660,7 @@ # End: # ### BEGIN LIBTOOL TAG CONFIG: CXX -# Libtool was configured on host jordan.sfbay.redhat.com: +# Libtool was configured on host relyea2: # Shell to use when invoking shell scripts. SHELL="/bin/sh" @@ -6666,20 +6675,20 @@ build_libtool_need_lc=no # Whether or not to disallow shared libs when runtime libs are static -allow_libtool_libs_with_static_runtimes=no +allow_libtool_libs_with_static_runtimes=yes # Whether or not to optimize for fast installation. fast_install=yes # The host system. host_alias= -host=i686-redhat-linux-gnu -host_os=linux-gnu +host=i686-pc-cygwin +host_os=cygwin # The build system. build_alias= -build=i686-redhat-linux-gnu -build_os=linux-gnu +build=i686-pc-cygwin +build_os=cygwin # An echo program that does not interpret backslashes. echo="echo" @@ -6689,22 +6698,22 @@ AR_FLAGS="cru" # A C compiler. -LTCC="gcc" +LTCC="cl" # LTCC compiler flags. -LTCFLAGS="-g -O2" +LTCFLAGS="-g" # A language-specific compiler. -CC="g++" +CC="cl" # Is the compiler the GNU C compiler? -with_gcc=yes +with_gcc=no # An ERE matcher. EGREP="grep -E" # The linker used to build libraries. -LD="/usr/bin/ld" +LD="/bin/ld" # Whether we need hard or soft links. LN_S="ln -s" @@ -6735,32 +6744,32 @@ reload_cmds="\$LD\$reload_flag -o \$output\$reload_objs" # How to pass a linker flag through the compiler. -wl="-Wl," +wl="" # Object file suffix (normally "o"). -objext="o" +objext="obj" # Old archive suffix (normally "a"). -libext="a" +libext="lib" # Shared library suffix (normally ".so"). -shrext='.so' +shrext='.dll' # Executable file suffix (normally ""). exeext="" # Additional compiler flags for building library objects. -pic_flag=" -fPIC -DPIC" +pic_flag=" -DPIC" pic_mode=default # What is the maximum length of a command? -max_cmd_len=32768 +max_cmd_len=8192 # Does compiler simultaneously support -c and -o options? -compiler_c_o="yes" +compiler_c_o="no" # Must we lock files when doing compilation? -need_locks="no" +need_locks="yes" # Do we need the lib prefix for modules? need_lib_prefix=no @@ -6778,36 +6787,36 @@ dlopen_self_static=unknown # Compiler flag to prevent dynamic linking. -link_static_flag="-static" +link_static_flag="" # Compiler flag to turn off builtin functions. -no_builtin_flag=" -fno-builtin" +no_builtin_flag="" # Compiler flag to allow reflexive dlopens. -export_dynamic_flag_spec="\${wl}--export-dynamic" +export_dynamic_flag_spec="" # Compiler flag to generate shared objects directly from archives. -whole_archive_flag_spec="\${wl}--whole-archive\$convenience \${wl}--no-whole-archive" +whole_archive_flag_spec="" # Compiler flag to generate thread-safe objects. thread_safe_flag_spec="" # Library versioning type. -version_type=linux +version_type=windows # Format of library name prefix. libname_spec="lib\$name" # List of archive names. First name is the real one, the rest are links. # The last name is the one that the linker finds with -lNAME. -library_names_spec="\${libname}\${release}\${shared_ext}\$versuffix \${libname}\${release}\${shared_ext}\$major \$libname\${shared_ext}" +library_names_spec="\${libname}\`echo \${release} | \$SED -e s/[.]/-/g\`\${versuffix}\${shared_ext} \$libname.lib" # The coded name of the library, if different from the real name. -soname_spec="\${libname}\${release}\${shared_ext}\$major" +soname_spec="" # Commands used to build and install an old-style archive. RANLIB="ranlib" -old_archive_cmds="\$AR \$AR_FLAGS \$oldlib\$oldobjs\$old_deplibs~\$RANLIB \$oldlib" +old_archive_cmds="lib /OUT:\$oldlib\$oldobjs\$old_deplibs" old_postinstall_cmds="chmod 644 \$oldlib~\$RANLIB \$oldlib" old_postuninstall_cmds="" @@ -6818,8 +6827,18 @@ old_archive_from_expsyms_cmds="" # Commands used to build and install a shared archive. -archive_cmds="\$CC -shared -nostdlib \$predep_objects \$libobjs \$deplibs \$postdep_objects \$compiler_flags \${wl}-soname \$wl\$soname -o \$lib" -archive_expsym_cmds="\$CC -shared -nostdlib \$predep_objects \$libobjs \$deplibs \$postdep_objects \$compiler_flags \${wl}-soname \$wl\$soname \${wl}-retain-symbols-file \$wl\$export_symbols -o \$lib" +archive_cmds="\$CC -LD -shared -nostdlib \$predep_objects \$libobjs \$deplibs \$postdep_objects \$compiler_flags -o \$output_objdir/\$soname \${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker" +archive_expsym_cmds="if test \\\"x\\\`\$SED 1q \$export_symbols\\\`\\\" = xEXPORTS; then + cp \$export_symbols \$output_objdir/\$soname.def; + else + echo EXPORTS > \$output_objdir/\$soname.def; + cat \$export_symbols >> \$output_objdir/\$soname.def; + fi~ + # + # Hack... gcc and lc are quite different, we can use either for cygwin + # try to get a line that both are happy with... + # + \$CC -LD -shared -nostdlib \$output_objdir/\$soname.def \$predep_objects \$libobjs \$deplibs \$postdep_objects \$compiler_flags -o \$output_objdir/\$soname \${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker " postinstall_cmds="" postuninstall_cmds="" @@ -6833,11 +6852,11 @@ # Dependencies to place before the objects being linked to create a # shared library. -predep_objects="/usr/lib/gcc/i386-redhat-linux/4.1.0/../../../crti.o /usr/lib/gcc/i386-redhat-linux/4.1.0/crtbeginS.o" +predep_objects="" # Dependencies to place after the objects being linked to create a # shared library. -postdep_objects="/usr/lib/gcc/i386-redhat-linux/4.1.0/crtendS.o /usr/lib/gcc/i386-redhat-linux/4.1.0/../../../crtn.o" +postdep_objects="" # Dependencies to place before the objects being linked to create a # shared library. @@ -6845,32 +6864,32 @@ # Dependencies to place after the objects being linked to create a # shared library. -postdeps="-lstdc++ -lm -lgcc_s -lc -lgcc_s" +postdeps="" # The library search path used internally by the compiler when linking # a shared library. -compiler_lib_search_path="-L/usr/lib/gcc/i386-redhat-linux/4.1.0 -L/usr/lib/gcc/i386-redhat-linux/4.1.0 -L/usr/lib/gcc/i386-redhat-linux/4.1.0/../../.." +compiler_lib_search_path="" # Method to check whether dependent libraries are shared objects. -deplibs_check_method="pass_all" +deplibs_check_method="file_magic ^x86 archive import|^x86 DLL" # Command to use when deplibs_check_method == file_magic. -file_magic_cmd="\$MAGIC_CMD" +file_magic_cmd="func_win32_libid" # Flag that allows shared libraries with undefined symbols to be built. -allow_undefined_flag="" +allow_undefined_flag="unsupported" # Flag that forces no undefined symbols. no_undefined_flag="" # Commands used to finish a libtool library installation in a directory. -finish_cmds="PATH=\\\"\\\$PATH:/sbin\\\" ldconfig -n \$libdir" +finish_cmds="" # Same as above, but a single script fragment to be evaled but not shown. finish_eval="" # Take the output of nm and produce a listing of raw symbols and C names. -global_symbol_pipe="sed -n -e 's/^.*[ ]\\([ABCDGIRSTW][ABCDGIRSTW]*\\)[ ][ ]*\\([_A-Za-z][_A-Za-z0-9]*\\)\$/\\1 \\2 \\2/p'" +global_symbol_pipe="sed -n -e 's/^.*[ ]\\([ABCDGIRSTW][ABCDGIRSTW]*\\)[ ][ ]*_\\([_A-Za-z][_A-Za-z0-9]*\\)\$/\\1 _\\2 \\2/p'" # Transform the output of nm in a proper C declaration global_symbol_to_cdecl="sed -n -e 's/^. .* \\(.*\\)\$/extern int \\1;/p'" @@ -6879,23 +6898,23 @@ global_symbol_to_c_name_address="sed -n -e 's/^: \\([^ ]*\\) \$/ {\\\"\\1\\\", (lt_ptr) 0},/p' -e 's/^[BCDEGRST] \\([^ ]*\\) \\([^ ]*\\)\$/ {\"\\2\", (lt_ptr) \\&\\2},/p'" # This is the shared library runtime path variable. -runpath_var=LD_RUN_PATH +runpath_var= # This is the shared library path variable. -shlibpath_var=LD_LIBRARY_PATH +shlibpath_var=PATH # Is shlibpath searched before the hard-coded library search path? -shlibpath_overrides_runpath=no +shlibpath_overrides_runpath=unknown # How to hardcode a shared library path into an executable. hardcode_action=immediate # Whether we should hardcode library paths into libraries. -hardcode_into_libs=yes +hardcode_into_libs=no # Flag to hardcode $libdir into a binary during linking. # This must work even if $libdir does not exist. -hardcode_libdir_flag_spec="\${wl}--rpath \${wl}\$libdir" +hardcode_libdir_flag_spec="-L\$libdir" # If ld is used when linking, flag to hardcode $libdir into # a binary during linking. This must work even if $libdir does @@ -6923,16 +6942,16 @@ # Variables whose values should be saved in libtool wrapper scripts and # restored at relink time. -variables_saved_for_relink="PATH LD_LIBRARY_PATH LD_RUN_PATH GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH" +variables_saved_for_relink="PATH PATH " # Whether libtool must link a program against all its dependency libraries. link_all_deplibs=unknown # Compile-time system search path for libraries -sys_lib_search_path_spec=" /usr/lib/gcc/i386-redhat-linux/4.1.0/ /usr/lib/gcc/i386-redhat-linux/4.1.0/ /usr/lib/gcc/i386-redhat-linux/4.1.0/../../../../i386-redhat-linux/lib/i386-redhat-linux/4.1.0/ /usr/lib/gcc/i386-redhat-linux/4.1.0/../../../../i386-redhat-linux/lib/ /usr/lib/gcc/i386-redhat-linux/4.1.0/../../../i386-redhat-linux/4.1.0/ /usr/lib/gcc/i386-redhat-linux/4.1.0/../../../ /lib/i386-redhat-linux/4.1.0/ /lib/ /usr/lib/i386-redhat-linux/4.1.0/ /usr/lib/" +sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib" # Run-time system search path for libraries -sys_lib_dlsearch_path_spec="/lib /usr/lib /usr/lib/mysql /usr/lib/mysql /usr/lib/qt-3.3/lib /usr/X11R6/lib /usr/lib/mysql /usr/lib/wine " +sys_lib_dlsearch_path_spec="/lib /usr/lib" # Fix the shell variable $srcfile for the compiler. fix_srcfile_path="" @@ -6941,7 +6960,7 @@ always_export_symbols=no # The commands to list exported symbols. -export_symbols_cmds="\$NM \$libobjs \$convenience | \$global_symbol_pipe | \$SED 's/.* //' | sort | uniq > \$export_symbols" +export_symbols_cmds="\$NM \$libobjs \$convenience | \$global_symbol_pipe | \$SED -e '/^[BCDGRS] /s/.* \\\\([^ ]*\\\\)/\\\\1 DATA/;/^.* __nm__/s/^.* __nm__\\\\([^ ]*\\\\) [^ ]*/\\\\1 DATA/;/^I /d;/^[AITW] /s/.* //' | sort | uniq > \$export_symbols" # The commands to extract the exported symbol list from a shared archive. extract_expsyms_cmds="" Index: ltmain.sh =================================================================== RCS file: /cvs/dirsec/coolkey/ltmain.sh,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- ltmain.sh 9 Jun 2006 18:31:33 -0000 1.1.1.1 +++ ltmain.sh 25 Aug 2006 00:31:39 -0000 1.2 @@ -1579,6 +1579,12 @@ continue ;; + *$shrext) + # A shared library + deplibs="$deplibs $arg" + continue + ;; + *.la) # A libtool-controlled library. @@ -1911,6 +1917,12 @@ continue ;; *.la) lib="$deplib" ;; + *$shrext) + if test "$pass" = link -a "$shrext" = ".dll"; then + deplib=`echo $deplib | sed -e 's;'$shrext'\$;.'$libext';'` + fi + deplibs="$deplib $deplibs" + continue;; *.$libext) if test "$pass" = conv; then deplibs="$deplib $deplibs" From fedora-directory-commits at redhat.com Fri Aug 25 00:31:42 2006 From: fedora-directory-commits at redhat.com (Robert Relyea (rrelyea)) Date: Thu, 24 Aug 2006 17:31:42 -0700 Subject: [Fedora-directory-commits] coolkey/src/coolkey Makefile.am, 1.3, 1.4 Makefile.in, 1.4, 1.5 Message-ID: <200608250031.k7P0Vgup026678@cvs-int.fedora.redhat.com> Author: rrelyea Update of /cvs/dirsec/coolkey/src/coolkey In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv26618/src/coolkey Modified Files: Makefile.am Makefile.in Log Message: Complete the windows build. Index: Makefile.am =================================================================== RCS file: /cvs/dirsec/coolkey/src/coolkey/Makefile.am,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- Makefile.am 18 Aug 2006 00:41:42 -0000 1.3 +++ Makefile.am 25 Aug 2006 00:31:40 -0000 1.4 @@ -51,7 +51,7 @@ libcoolkeypk11_la_LDFLAGS = -module -avoid-version -export-symbols coolkeypk11.sym -no-undefined libcoolkeypk11_la_CPPFLAGS = $(CPPFLAGS) -DNSS_HIDE_NONSTANDARD_OBJECTS=1 -I$(top_srcdir)/src/libckyapplet $(PCSC_CFLAGS) $(ZLIB_CFLAGS) libcoolkeypk11_la_DEPENDENCIES = coolkeypk11.sym -libcoolkeypk11_la_LIBADD = @LIBCKYAPPLET@ $(ZLIB_LIBRARY) +libcoolkeypk11_la_LIBADD = @LIBCKYAPPLET@ $(ZLIB_LIBS) # Index: Makefile.in =================================================================== RCS file: /cvs/dirsec/coolkey/src/coolkey/Makefile.in,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- Makefile.in 18 Aug 2006 16:04:43 -0000 1.4 +++ Makefile.in 25 Aug 2006 00:31:40 -0000 1.5 @@ -258,7 +258,7 @@ libcoolkeypk11_la_LDFLAGS = -module -avoid-version -export-symbols coolkeypk11.sym -no-undefined libcoolkeypk11_la_CPPFLAGS = $(CPPFLAGS) -DNSS_HIDE_NONSTANDARD_OBJECTS=1 -I$(top_srcdir)/src/libckyapplet $(PCSC_CFLAGS) $(ZLIB_CFLAGS) libcoolkeypk11_la_DEPENDENCIES = coolkeypk11.sym -libcoolkeypk11_la_LIBADD = @LIBCKYAPPLET@ $(ZLIB_LIBRARY) +libcoolkeypk11_la_LIBADD = @LIBCKYAPPLET@ $(ZLIB_LIBS) all: all-recursive .SUFFIXES: From fedora-directory-commits at redhat.com Fri Aug 25 00:55:32 2006 From: fedora-directory-commits at redhat.com (Robert Relyea (rrelyea)) Date: Thu, 24 Aug 2006 17:55:32 -0700 Subject: [Fedora-directory-commits] coolkey configure,1.4,1.5 Message-ID: <200608250055.k7P0tW8X026786@cvs-int.fedora.redhat.com> Author: rrelyea Update of /cvs/dirsec/coolkey In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv26763 Modified Files: configure Log Message: Keep the Linux version as the checked in version of configure Index: configure =================================================================== RCS file: /cvs/dirsec/coolkey/configure,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- configure 25 Aug 2006 00:31:39 -0000 1.4 +++ configure 25 Aug 2006 00:55:29 -0000 1.5 @@ -20861,10 +20861,9 @@ # 1. Remove the extension, and $U if already installed. ac_i=`echo "$ac_i" | sed 's/\$U\././;s/\.o$//;s/\.obj$//'` - # 2. Prepend LIBOBJDIR. When used with automake>=1.10 LIBOBJDIR - # will be set to the directory where LIBOBJS objects are built. - ac_libobjs="$ac_libobjs \${LIBOBJDIR}$ac_i\$U.$ac_objext" - ac_ltlibobjs="$ac_ltlibobjs \${LIBOBJDIR}$ac_i"'$U.lo' + # 2. Add them. + ac_libobjs="$ac_libobjs $ac_i\$U.$ac_objext" + ac_ltlibobjs="$ac_ltlibobjs $ac_i"'$U.lo' done LIBOBJS=$ac_libobjs From fedora-directory-commits at redhat.com Fri Aug 25 20:19:51 2006 From: fedora-directory-commits at redhat.com (Robert Crittenden (rcritten)) Date: Fri, 25 Aug 2006 13:19:51 -0700 Subject: [Fedora-directory-commits] mod_nss mod_nss.h, 1.15, 1.16 nss_engine_config.c, 1.12, 1.13 nss_engine_pphrase.c, 1.6, 1.7 Message-ID: <200608252019.k7PKJpMp023146@cvs-int.fedora.redhat.com> Author: rcritten Update of /cvs/dirsec/mod_nss In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv23125 Modified Files: mod_nss.h nss_engine_config.c nss_engine_pphrase.c Log Message: 204138 Add new NSSPassPhraseDialog method, defer, where only the tokens that are found in the file pointed to by this directive are initialized. Otherwise every token that NSS finds it attempts to authenticate. Syntax is: NSSPassPhraseDialog defer:/path/to/password.conf Index: mod_nss.h =================================================================== RCS file: /cvs/dirsec/mod_nss/mod_nss.h,v retrieving revision 1.15 retrieving revision 1.16 diff -u -r1.15 -r1.16 --- mod_nss.h 9 Aug 2006 20:11:45 -0000 1.15 +++ mod_nss.h 25 Aug 2006 20:19:48 -0000 1.16 @@ -200,6 +200,7 @@ SSL_PPTYPE_UNSET = UNSET, SSL_PPTYPE_BUILTIN = 0, SSL_PPTYPE_FILE = 1, + SSL_PPTYPE_DEFER = 2, } nss_pphrase_t; /* Index: nss_engine_config.c =================================================================== RCS file: /cvs/dirsec/mod_nss/nss_engine_config.c,v retrieving revision 1.12 retrieving revision 1.13 diff -u -r1.12 -r1.13 --- nss_engine_config.c 5 Jul 2006 15:20:00 -0000 1.12 +++ nss_engine_config.c 25 Aug 2006 20:19:48 -0000 1.13 @@ -546,12 +546,18 @@ mc->pphrase_dialog_type = SSL_PPTYPE_BUILTIN; mc->pphrase_dialog_path = NULL; } - else if ((arglen > 5) && strEQn(arg, "file:", 5)) { + else if (((arglen > 5) && strEQn(arg, "file:", 5)) || + ((arglen > 6) && strEQn(arg, "defer:", 6))) { apr_finfo_t finfo; apr_status_t rc; - mc->pphrase_dialog_type = SSL_PPTYPE_FILE; - mc->pphrase_dialog_path = ap_server_root_relative(cmd->pool, arg+5); + if (strEQn(arg, "file:", 5)) { + mc->pphrase_dialog_type = SSL_PPTYPE_FILE; + mc->pphrase_dialog_path = ap_server_root_relative(cmd->pool, arg+5); + } else { + mc->pphrase_dialog_type = SSL_PPTYPE_DEFER; + mc->pphrase_dialog_path = ap_server_root_relative(cmd->pool, arg+6); + } if (!mc->pphrase_dialog_path) return apr_pstrcat(cmd->pool, "Invalid NSSPassPhraseDialog file: path ", @@ -631,6 +637,10 @@ seed->nSrc = SSL_RSSRC_EXEC; seed->cpPath = ap_server_root_relative(mc->pPool, arg2+5); } + else if ((arg2len > 6) && strEQn(arg2, "defer:", 6)) { + seed->nSrc = SSL_RSSRC_FILE; + seed->cpPath = ap_server_root_relative(mc->pPool, arg2+5); + } else if (strcEQ(arg2, "builtin")) { seed->nSrc = SSL_RSSRC_BUILTIN; seed->cpPath = NULL; Index: nss_engine_pphrase.c =================================================================== RCS file: /cvs/dirsec/mod_nss/nss_engine_pphrase.c,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- nss_engine_pphrase.c 20 Jun 2006 20:25:20 -0000 1.6 +++ nss_engine_pphrase.c 25 Aug 2006 20:19:48 -0000 1.7 @@ -74,6 +74,15 @@ continue; } + if (parg->mc->pphrase_dialog_type == SSL_PPTYPE_DEFER) { + char * passwd = nss_get_password(stdin, stdout, slot, nss_check_password, parg); + if (passwd == NULL) { + PK11_FreeSlot(slot); + continue; + } + free(passwd); + } + ret = PK11_Authenticate(slot, PR_TRUE, parg); if (SECSuccess != ret) { status = SECFailure; @@ -209,7 +218,8 @@ token_name = PK11_GetTokenName(slot); - if (parg->mc->pphrase_dialog_type == SSL_PPTYPE_FILE) { + if (parg->mc->pphrase_dialog_type == SSL_PPTYPE_FILE || + parg->mc->pphrase_dialog_type == SSL_PPTYPE_DEFER) { /* Try to get the passwords from the password file if it exists. * THIS IS UNSAFE and is provided for convenience only. Without this * capability the server would have to be started in foreground mode. @@ -235,6 +245,14 @@ } } + /* For SSL_PPTYPE_DEFER we only want to authenticate passwords found + * in the password file. + */ + if ((parg->mc->pphrase_dialog_type == SSL_PPTYPE_DEFER) && + (pwdstr == NULL)) { + return NULL; + } + /* This purposely comes after the file check because that is more * authoritative. */