diff options
71 files changed, 11408 insertions, 1465 deletions
@@ -1,4 +1,3 @@ -.gitignore *.*~* TAGS lib/doc @@ -14,5 +13,9 @@ config.status configure aclocal.m4 *.lo +*.la obs/ - +Makefile.in +Makefile +stamp-h1 +libtool diff --git a/lib/HACKING b/lib/HACKING index 793ac72..824cb77 100644 --- a/lib/HACKING +++ b/lib/HACKING @@ -18,7 +18,6 @@ examples/client -r examples/client.conf blocking-tls; echo $? - Application runs its own event loop, using fd's for select and performs I/O using the libradsec send/receive calls (a.k.a. on-your-own mode) -- Fully reentrant (FIXME: issues with libfreeradius-radius?) - User chooses allocation regime Note that as of 0.0.2.dev libradsec suffers from way too much focus on @@ -32,8 +31,6 @@ failing certificate validation (TLS). * Dependencies Details apply to Ubuntu 10.10. -- libfreeradius-radius (2.1.9+dfsg-1ubuntu1) - sudo apt-get install libfreeradius-dev libfreeradius2 - libconfuse (2.7-1) sudo apt-get install libconfuse-dev libconfuse0 - libevent from source (release-2.0.10-stable) diff --git a/lib/Makefile.am b/lib/Makefile.am index 6b31435..9a74a7f 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -17,7 +17,7 @@ ACLOCAL_AMFLAGS = -I m4 # library interface is _changed_. -SUBDIRS = . examples include +SUBDIRS = radius . include examples INCLUDES = -I$(srcdir)/include AM_CFLAGS = -Wall -g @@ -25,6 +25,7 @@ AM_CFLAGS = -Wall -g lib_LTLIBRARIES = libradsec.la libradsec_la_SOURCES = \ + avp.c \ compat.c \ conf.c \ conn.c \ @@ -52,5 +53,6 @@ libradsec_la_SOURCES += \ rsp_tlscommon.c endif +libradsec_la_LIBADD = radius/libradsec-radius.la libradsec_la_LDFLAGS = -version-info 0:0:0 -export-symbols radsec.sym -libradsec_la_CFLAGS = $(AM_CFLAGS) -DDEBUG -DDEBUG_LEVENT +libradsec_la_CFLAGS = $(AM_CFLAGS) -DHAVE_CONFIG_H -Werror # -DDEBUG -DDEBUG_LEVENT @@ -7,7 +7,7 @@ #include <config.h> #endif -#include <freeradius/libradius.h> +#include <radius/client.h> #include <radsec/radsec.h> #include <radsec/radsec-impl.h> diff --git a/lib/avp.c b/lib/avp.c new file mode 100644 index 0000000..80c6a9d --- /dev/null +++ b/lib/avp.c @@ -0,0 +1,540 @@ +/* Copyright 2011 JANET(UK). All rights reserved. + See the file COPYING for licensing information. */ + +#if defined HAVE_CONFIG_H +#include <config.h> +#endif + +#include <stdio.h> +#include <stdlib.h> +#include <stdint.h> +#include <string.h> +#include <assert.h> + +#include <radsec/radsec.h> +#include <radius/client.h> + +#define RS_ERR(err) ((err) < 0 ? -err : RSE_OK) + +void +rs_avp_free (rs_avp **vps) +{ + nr_vp_free (vps); +} + +size_t +rs_avp_length (rs_const_avp *vp) +{ + if (vp == NULL) + return 0; + + return vp->length; +} + +rs_attr_type_t +rs_avp_typeof (rs_const_avp *vp) +{ + if (vp == NULL) + return RS_TYPE_INVALID; + + return vp->da->type; +} + +void +rs_avp_attrid (rs_const_avp *vp, + unsigned int *attr, + unsigned int *vendor) +{ + assert (vp != NULL); + + *attr = vp->da->attr; + *vendor = vp->da->vendor; +} + +const char * +rs_avp_name (rs_const_avp *vp) +{ + return (vp != NULL) ? vp->da->name : NULL; +} + +void +rs_avp_append (rs_avp **head, rs_avp *tail) +{ + nr_vps_append (head, tail); +} + +rs_avp * +rs_avp_find (rs_avp *vp, unsigned int attr, unsigned int vendor) +{ + if (vp == NULL) + return NULL; + + return nr_vps_find (vp, attr, vendor); +} + +rs_const_avp * +rs_avp_find_const (rs_const_avp *vp, + unsigned int attr, unsigned int vendor) +{ + if (vp == NULL) + return NULL; + + return nr_vps_find ((rs_avp *)vp, attr, vendor); +} + +rs_avp * +rs_avp_alloc (unsigned int attr, unsigned int vendor) +{ + const DICT_ATTR *da; + VALUE_PAIR *vp; + + da = nr_dict_attr_byvalue (attr, vendor); + if (da == NULL) { + vp = nr_vp_alloc_raw (attr, vendor); + } else { + vp = nr_vp_alloc (da); + } + + if (vp == NULL) + return NULL; + + return vp; +} + +rs_avp * +rs_avp_dup (rs_const_avp *vp) +{ + rs_avp *vp2; + + if (vp->da->flags.unknown) + vp2 = nr_vp_alloc_raw (vp->da->attr, vp->da->vendor); + else + vp2 = nr_vp_alloc (vp->da); + if (vp2 == NULL) + return NULL; + + vp2->length = vp->length; + vp2->tag = vp->tag; + vp2->next = NULL; + +#ifdef RS_TYPE_TLV + if (rs_avp_is_tlv (vp)) { + vp2->vp_tlv = malloc (vp->length); + if (vp2->vp_tlv == NULL) { + rs_avp_free (vp2); + return NULL; + } + memcpy (vp2->vp_tlv, vp->vp_tlv, vp->length); + return vp2; + } +#endif + + memcpy (vp2->vp_strvalue, vp->vp_strvalue, vp->length); + if (rs_avp_is_string (vp)) + vp2->vp_strvalue[vp->length] = '\0'; + + return vp2; +} + +rs_avp * +rs_avp_next (rs_avp *vp) +{ + return (vp != NULL) ? vp->next : NULL; +} + +rs_const_avp * +rs_avp_next_const (rs_const_avp *vp) +{ + return (vp != NULL) ? vp->next : NULL; +} + +int +rs_avp_delete (rs_avp **first, + unsigned int attr, unsigned int vendor) +{ + int found = 0; + rs_avp **p; + + for (p = first; *p != NULL; p++) { + if ((*p)->da->attr == attr && + (*p)->da->vendor == vendor) { + rs_avp *next = (*p)->next; + + (*p)->next = NULL; + rs_avp_free (p); + + *p = next; + found++; + } + } + + return found ? RSE_OK : RSE_ATTR_UNKNOWN; +} + +const char * +rs_avp_string_value (rs_const_avp *vp) +{ + if (!rs_avp_is_string (vp)) + return NULL; + + return vp->vp_strvalue; +} + +int +rs_avp_string_set (rs_avp *vp, const char *str) +{ + int err; + + if (vp == NULL) + return RSE_INVAL; + if (!rs_avp_is_string (vp)) + return RSE_ATTR_INVALID; + + err = nr_vp_set_data (vp, str, strlen (str)); + return RS_ERR(err); +} + +uint32_t +rs_avp_integer_value (rs_const_avp *vp) +{ + if (!rs_avp_is_integer (vp)) + return 0; + return vp->vp_integer; +} + +int +rs_avp_integer_set (rs_avp *vp, uint32_t val) +{ + int err; + + if (vp == NULL) + return RSE_INVAL; + if (!rs_avp_is_integer (vp)) + return RSE_ATTR_INVALID; + + err = nr_vp_set_data (vp, &val, sizeof (val)); + return RS_ERR(err); +} + +uint32_t +rs_avp_ipaddr_value (rs_const_avp *vp) +{ + if (!rs_avp_is_ipaddr (vp)) + return 0; + return vp->vp_ipaddr; +} + +int +rs_avp_ipaddr_set (rs_avp *vp, struct in_addr in) +{ + int err; + + if (vp == NULL) + return RSE_INVAL; + if (!rs_avp_is_ipaddr (vp)) + return RSE_ATTR_INVALID; + + err = nr_vp_set_data (vp, &in, sizeof (in)); + return RS_ERR(err); +} + +time_t +rs_avp_date_value (rs_const_avp *vp) +{ + if (!rs_avp_is_date (vp)) + return 0; + return vp->vp_date; +} + +int +rs_avp_date_set (rs_avp *vp, time_t date) +{ + uint32_t date32; + int err; + + if (vp == NULL) + return RSE_INVAL; + if (!rs_avp_is_date (vp)) + return RSE_ATTR_INVALID; + if (date > 0xFFFFFFFF) + return RSE_ATTR_INVALID; + + date32 = (uint32_t)date; + err = nr_vp_set_data (vp, &date32, sizeof (date32)); + + return RS_ERR(err); +} + +const unsigned char * +rs_avp_octets_value_const_ptr (rs_const_avp *vp) +{ + return rs_avp_octets_value_ptr ((rs_avp *)vp); +} + +unsigned char * +rs_avp_octets_value_ptr (rs_avp *vp) +{ + if (vp == NULL) + return NULL; + +#ifdef RS_TYPE_TLV + if (rs_avp_is_tlv (vp)) + return vp->vp_tlv; +#endif + + return vp->vp_octets; +} + +int +rs_avp_octets_value_byref (rs_avp *vp, + unsigned char **p, + size_t *len) +{ + if (vp == NULL) + return RSE_INVAL; + + *len = vp->length; + *p = (unsigned char *)rs_avp_octets_value_ptr (vp); + + return RSE_OK; +} + +int +rs_avp_octets_value (rs_const_avp *vp, + unsigned char *buf, + size_t *len) +{ + if (vp == NULL) + return RSE_INVAL; + + if (vp->length > *len) { + *len = vp->length; + return RSE_ATTR_TOO_SMALL; + } + + *len = vp->length; + +#ifdef RS_TYPE_TLV + if (rs_avp_is_tlv (vp)) + memcpy (buf, vp->vp_tlv, vp->length); + else +#endif + memcpy (buf, vp->vp_octets, vp->length); + + return RSE_OK; +} + +int +rs_avp_fragmented_value (rs_const_avp *vps, + unsigned char *buf, + size_t *len) +{ + size_t total_len = 0; + unsigned char *p; + rs_const_avp *vp; + + if (vps == NULL) + return RSE_INVAL; + + if (!rs_avp_is_octets (vps) && + !rs_avp_is_string (vps)) + return RSE_ATTR_INVALID; + + for (vp = vps; + vp != NULL; + vp = rs_avp_find_const (vp->next, vp->da->attr, vp->da->vendor)) + total_len += vp->length; + + if (*len < total_len) { + *len = total_len; + return RSE_ATTR_TOO_SMALL; + } + + for (vp = vps, p = buf; + vp != NULL; + vp = rs_avp_find_const (vp->next, vp->da->attr, vp->da->vendor)) { + memcpy (p, vp->vp_octets, vp->length); + p += vp->length; + } + + *len = total_len; + + return RSE_OK; +} + +int +rs_avp_octets_set (rs_avp *vp, + const unsigned char *buf, + size_t len) +{ + int err; + + if (!rs_avp_is_octets (vp)) + return RSE_ATTR_INVALID; + + err = nr_vp_set_data (vp, buf, len); + + return RS_ERR(err); +} + +int +rs_avp_ifid_value (rs_const_avp *vp, uint8_t val[8]) +{ + if (!rs_avp_is_ifid (vp)) + return RSE_ATTR_INVALID; + + memcpy (val, vp->vp_ifid, 8); + + return RSE_OK; +} + +int +rs_avp_ifid_set (rs_avp *vp, const uint8_t val[8]) +{ + int err; + + if (!rs_avp_is_ifid (vp)) + return RSE_ATTR_INVALID; + + err = nr_vp_set_data (vp, val, 8); + return RS_ERR(err); +} + +uint8_t +rs_avp_byte_value (rs_const_avp *vp) +{ + if (!rs_avp_is_byte (vp)) + return 0; + return vp->vp_integer; +} + +int +rs_avp_byte_set (rs_avp *vp, uint8_t val) +{ + int err; + + if (!rs_avp_is_byte (vp)) + return RSE_ATTR_INVALID; + + err = nr_vp_set_data (vp, &val, sizeof (val)); + return RS_ERR(err); +} + +uint16_t +rs_avp_short_value (rs_const_avp *vp) +{ + if (!rs_avp_is_short (vp)) + return 0; + return vp->vp_integer; +} + +int +rs_avp_short_set (rs_avp *vp, uint16_t val) +{ + int err; + + if (!rs_avp_is_short (vp)) + return RSE_ATTR_INVALID; + + err = nr_vp_set_data (vp, &val, sizeof (val)); + return RS_ERR(err); +} + +int +rs_attr_find (const char *name, + unsigned int *attr, + unsigned int *vendor) +{ + const DICT_ATTR *da; + + da = nr_dict_attr_byname (name); + if (da == NULL) + return RSE_ATTR_UNKNOWN; + + *attr = da->attr; + *vendor = da->vendor; + + return RSE_OK; +} + +int +rs_attr_display_name (unsigned int attr, + unsigned int vendor, + char *buffer, + size_t bufsize, + int canonical) +{ + const DICT_ATTR *da = NULL; + DICT_ATTR da2; + int err; + + if (!canonical) { + da = nr_dict_attr_byvalue (attr, vendor); + } + if (da == NULL) { + err = nr_dict_attr_2struct(&da2, attr, vendor, + buffer, bufsize); + if (err < 0) + return -err; + } else { + snprintf(buffer, bufsize, "%s", da->name); + } + + return RSE_OK; +} + +int +rs_attr_parse_name (const char *name, + unsigned int *attr, + unsigned int *vendor) +{ + const DICT_ATTR *da; + + if (strncmp(name, "Attr-", 5) == 0) { + char *s = (char *)&name[5]; + unsigned int tmp; + + tmp = strtoul(s, &s, 10); + if (*s == '.') { + s++; + + switch (tmp) { + case PW_VENDOR_SPECIFIC: + *vendor = strtoul(s, &s, 10); + if (*s != '.') + return RSE_ATTR_BAD_NAME; + + s++; + + *attr = strtoul(s, &s, 10); + if (*s != '\0') + return RSE_ATTR_BAD_NAME; + + break; + default: + return RSE_ATTR_BAD_NAME; + } + } else { + *attr = tmp; + *vendor = 0; + } + } else { + da = nr_dict_attr_byname (name); + if (da == NULL) + return RSE_ATTR_UNKNOWN; + + *attr = da->attr; + *vendor = da->vendor; + } + + return RSE_OK; +} + +size_t +rs_avp_display_value (rs_const_avp *vp, + char *buffer, + size_t buflen) +{ + return nr_vp_snprintf_value (buffer, buflen, vp); +} + diff --git a/lib/build-aux/config.guess b/lib/build-aux/config.guess index c2246a4..dc84c68 100755 --- a/lib/build-aux/config.guess +++ b/lib/build-aux/config.guess @@ -1,10 +1,10 @@ #! /bin/sh # Attempt to guess a canonical system name. # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, -# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 +# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 # Free Software Foundation, Inc. -timestamp='2009-12-30' +timestamp='2009-11-20' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -56,9 +56,8 @@ version="\ GNU config.guess ($timestamp) Originally written by Per Bothner. -Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, -2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free -Software Foundation, Inc. +Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, +2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." diff --git a/lib/build-aux/config.sub b/lib/build-aux/config.sub index c2d1257..2a55a50 100755 --- a/lib/build-aux/config.sub +++ b/lib/build-aux/config.sub @@ -1,10 +1,10 @@ #! /bin/sh # Configuration validation subroutine script. # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, -# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 +# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 # Free Software Foundation, Inc. -timestamp='2010-01-22' +timestamp='2009-11-20' # This file is (in principle) common to ALL GNU software. # The presence of a machine in this file suggests that SOME GNU software @@ -75,9 +75,8 @@ Report bugs and patches to <config-patches@gnu.org>." version="\ GNU config.sub ($timestamp) -Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, -2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free -Software Foundation, Inc. +Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, +2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -381,8 +380,7 @@ case $basic_machine in | sparclite-* \ | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | strongarm-* | sv1-* | sx?-* \ | tahoe-* | thumb-* \ - | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \ - | tile-* | tilegx-* \ + | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* | tile-* \ | tron-* \ | ubicom32-* \ | v850-* | v850e-* | vax-* \ @@ -1087,11 +1085,6 @@ case $basic_machine in basic_machine=tic6x-unknown os=-coff ;; - # This must be matched before tile*. - tilegx*) - basic_machine=tilegx-unknown - os=-linux-gnu - ;; tile*) basic_machine=tile-unknown os=-linux-gnu @@ -1442,8 +1435,6 @@ case $os in -dicos*) os=-dicos ;; - -nacl*) - ;; -none) ;; *) diff --git a/lib/build-aux/depcomp b/lib/build-aux/depcomp index df8eea7..aeba4e8 100755 --- a/lib/build-aux/depcomp +++ b/lib/build-aux/depcomp @@ -17,7 +17,9 @@ scriptversion=2009-04-28.21; # UTC # GNU General Public License for more details. # You should have received a copy of the GNU General Public License -# along with this program. If not, see <http://www.gnu.org/licenses/>. +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +# 02110-1301, USA. # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a diff --git a/lib/build-aux/ltmain.sh b/lib/build-aux/ltmain.sh index 7ed280b..04eaea4 100755 --- a/lib/build-aux/ltmain.sh +++ b/lib/build-aux/ltmain.sh @@ -1,9 +1,10 @@ # Generated from ltmain.m4sh. -# ltmain.sh (GNU libtool) 2.2.6b +# libtool (GNU libtool) 2.2.10 # Written by Gordon Matzigkeit <gord@gnu.ai.mit.edu>, 1996 -# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, 2006, 2007 2008 Free Software Foundation, Inc. +# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, 2006, +# 2007, 2008, 2009, 2010 Free Software Foundation, Inc. # This is free software; see the source for copying conditions. There is NO # warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. @@ -32,50 +33,54 @@ # # Provide generalized library-building support services. # -# --config show all configuration variables -# --debug enable verbose shell tracing -# -n, --dry-run display commands without modifying any files -# --features display basic configuration information and exit -# --mode=MODE use operation mode MODE -# --preserve-dup-deps don't remove duplicate dependency libraries -# --quiet, --silent don't print informational messages -# --tag=TAG use configuration variables from tag TAG -# -v, --verbose print informational messages (default) -# --version print version information -# -h, --help print short or long help message +# --config show all configuration variables +# --debug enable verbose shell tracing +# -n, --dry-run display commands without modifying any files +# --features display basic configuration information and exit +# --mode=MODE use operation mode MODE +# --preserve-dup-deps don't remove duplicate dependency libraries +# --quiet, --silent don't print informational messages +# --no-quiet, --no-silent +# print informational messages (default) +# --tag=TAG use configuration variables from tag TAG +# -v, --verbose print more informational messages than default +# --no-verbose don't print the extra informational messages +# --version print version information +# -h, --help, --help-all print short, long, or detailed help message # # MODE must be one of the following: # -# clean remove files from the build directory -# compile compile a source file into a libtool object -# execute automatically set library path, then run a program -# finish complete the installation of libtool libraries -# install install libraries or executables -# link create a library or an executable -# uninstall remove libraries from an installed directory +# clean remove files from the build directory +# compile compile a source file into a libtool object +# execute automatically set library path, then run a program +# finish complete the installation of libtool libraries +# install install libraries or executables +# link create a library or an executable +# uninstall remove libraries from an installed directory # -# MODE-ARGS vary depending on the MODE. +# MODE-ARGS vary depending on the MODE. When passed as first option, +# `--mode=MODE' may be abbreviated as `MODE' or a unique abbreviation of that. # Try `$progname --help --mode=MODE' for a more detailed description of MODE. # # When reporting a bug, please describe a test case to reproduce it and # include the following information: # -# host-triplet: $host -# shell: $SHELL -# compiler: $LTCC -# compiler flags: $LTCFLAGS -# linker: $LD (gnu? $with_gnu_ld) -# $progname: (GNU libtool) 2.2.6b Debian-2.2.6b-2ubuntu1 -# automake: $automake_version -# autoconf: $autoconf_version +# host-triplet: $host +# shell: $SHELL +# compiler: $LTCC +# compiler flags: $LTCFLAGS +# linker: $LD (gnu? $with_gnu_ld) +# $progname: (GNU libtool) 2.2.10 +# automake: $automake_version +# autoconf: $autoconf_version # # Report bugs to <bug-libtool@gnu.org>. -PROGRAM=ltmain.sh +PROGRAM=libtool PACKAGE=libtool -VERSION="2.2.6b Debian-2.2.6b-2ubuntu1" +VERSION=2.2.10 TIMESTAMP="" -package_revision=1.3017 +package_revision=1.3175 # Be Bourne compatible if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then @@ -91,10 +96,15 @@ fi BIN_SH=xpg4; export BIN_SH # for Tru64 DUALCASE=1; export DUALCASE # for MKS sh +# A function that is used when there is no print builtin or printf. +func_fallback_echo () +{ + eval 'cat <<_LTECHO_EOF +$1 +_LTECHO_EOF' +} + # NLS nuisances: We save the old values to restore during execute mode. -# Only set LANG and LC_ALL to C if already set. -# These must not be set unconditionally because not all systems understand -# e.g. LANG=C (notably SCO). lt_user_locale= lt_safe_locale= for lt_var in LANG LANGUAGE LC_ALL LC_CTYPE LC_COLLATE LC_MESSAGES @@ -107,24 +117,33 @@ do lt_safe_locale=\"$lt_var=C; \$lt_safe_locale\" fi" done +LC_ALL=C +LANGUAGE=C +export LANGUAGE LC_ALL $lt_unset CDPATH +# Work around backward compatibility issue on IRIX 6.5. On IRIX 6.4+, sh +# is ksh but when the shell is invoked as "sh" and the current value of +# the _XPG environment variable is not equal to 1 (one), the special +# positional parameter $0, within a function call, is the name of the +# function. +progpath="$0" : ${CP="cp -f"} -: ${ECHO="echo"} -: ${EGREP="/bin/grep -E"} -: ${FGREP="/bin/grep -F"} -: ${GREP="/bin/grep"} +test "${ECHO+set}" = set || ECHO=${as_echo-'printf %s\n'} +: ${EGREP="grep -E"} +: ${FGREP="grep -F"} +: ${GREP="grep"} : ${LN_S="ln -s"} : ${MAKE="make"} : ${MKDIR="mkdir"} : ${MV="mv -f"} : ${RM="rm -f"} -: ${SED="/bin/sed"} +: ${SED="sed"} : ${SHELL="${CONFIG_SHELL-/bin/sh}"} : ${Xsed="$SED -e 1s/^X//"} @@ -159,32 +178,168 @@ basename="s,^.*/,," func_dirname_and_basename () { # Extract subdirectory from the argument. - func_dirname_result=`$ECHO "X${1}" | $Xsed -e "$dirname"` + func_dirname_result=`$ECHO "${1}" | $SED -e "$dirname"` if test "X$func_dirname_result" = "X${1}"; then func_dirname_result="${3}" else func_dirname_result="$func_dirname_result${2}" fi - func_basename_result=`$ECHO "X${1}" | $Xsed -e "$basename"` + func_basename_result=`$ECHO "${1}" | $SED -e "$basename"` } # Generated shell functions inserted here. -# Work around backward compatibility issue on IRIX 6.5. On IRIX 6.4+, sh -# is ksh but when the shell is invoked as "sh" and the current value of -# the _XPG environment variable is not equal to 1 (one), the special -# positional parameter $0, within a function call, is the name of the -# function. -progpath="$0" +# These SED scripts presuppose an absolute path with a trailing slash. +pathcar='s,^/\([^/]*\).*$,\1,' +pathcdr='s,^/[^/]*,,' +removedotparts=':dotsl + s@/\./@/@g + t dotsl + s,/\.$,/,' +collapseslashes='s@/\{1,\}@/@g' +finalslash='s,/*$,/,' + +# func_normal_abspath PATH +# Remove doubled-up and trailing slashes, "." path components, +# and cancel out any ".." path components in PATH after making +# it an absolute path. +# value returned in "$func_normal_abspath_result" +func_normal_abspath () +{ + # Start from root dir and reassemble the path. + func_normal_abspath_result= + func_normal_abspath_tpath=$1 + func_normal_abspath_altnamespace= + case $func_normal_abspath_tpath in + "") + # Empty path, that just means $cwd. + func_stripname '' '/' "`pwd`" + func_normal_abspath_result=$func_stripname_result + return + ;; + # The next three entries are used to spot a run of precisely + # two leading slashes without using negated character classes; + # we take advantage of case's first-match behaviour. + ///*) + # Unusual form of absolute path, do nothing. + ;; + //*) + # Not necessarily an ordinary path; POSIX reserves leading '//' + # and for example Cygwin uses it to access remote file shares + # over CIFS/SMB, so we conserve a leading double slash if found. + func_normal_abspath_altnamespace=/ + ;; + /*) + # Absolute path, do nothing. + ;; + *) + # Relative path, prepend $cwd. + func_normal_abspath_tpath=`pwd`/$func_normal_abspath_tpath + ;; + esac + # Cancel out all the simple stuff to save iterations. We also want + # the path to end with a slash for ease of parsing, so make sure + # there is one (and only one) here. + func_normal_abspath_tpath=`$ECHO "$func_normal_abspath_tpath" | $SED \ + -e "$removedotparts" -e "$collapseslashes" -e "$finalslash"` + while :; do + # Processed it all yet? + if test "$func_normal_abspath_tpath" = / ; then + # If we ascended to the root using ".." the result may be empty now. + if test -z "$func_normal_abspath_result" ; then + func_normal_abspath_result=/ + fi + break + fi + func_normal_abspath_tcomponent=`$ECHO "$func_normal_abspath_tpath" | $SED \ + -e "$pathcar"` + func_normal_abspath_tpath=`$ECHO "$func_normal_abspath_tpath" | $SED \ + -e "$pathcdr"` + # Figure out what to do with it + case $func_normal_abspath_tcomponent in + "") + # Trailing empty path component, ignore it. + ;; + ..) + # Parent dir; strip last assembled component from result. + func_dirname "$func_normal_abspath_result" + func_normal_abspath_result=$func_dirname_result + ;; + *) + # Actual path component, append it. + func_normal_abspath_result=$func_normal_abspath_result/$func_normal_abspath_tcomponent + ;; + esac + done + # Restore leading double-slash if one was found on entry. + func_normal_abspath_result=$func_normal_abspath_altnamespace$func_normal_abspath_result +} + +# func_relative_path SRCDIR DSTDIR +# generates a relative path from SRCDIR to DSTDIR, with a trailing +# slash if non-empty, suitable for immediately appending a filename +# without needing to append a separator. +# value returned in "$func_relative_path_result" +func_relative_path () +{ + func_relative_path_result= + func_normal_abspath "$1" + func_relative_path_tlibdir=$func_normal_abspath_result + func_normal_abspath "$2" + func_relative_path_tbindir=$func_normal_abspath_result + + # Ascend the tree starting from libdir + while :; do + # check if we have found a prefix of bindir + case $func_relative_path_tbindir in + $func_relative_path_tlibdir) + # found an exact match + func_relative_path_tcancelled= + break + ;; + $func_relative_path_tlibdir*) + # found a matching prefix + func_stripname "$func_relative_path_tlibdir" '' "$func_relative_path_tbindir" + func_relative_path_tcancelled=$func_stripname_result + if test -z "$func_relative_path_result"; then + func_relative_path_result=. + fi + break + ;; + *) + func_dirname $func_relative_path_tlibdir + func_relative_path_tlibdir=${func_dirname_result} + if test "x$func_relative_path_tlibdir" = x ; then + # Have to descend all the way to the root! + func_relative_path_result=../$func_relative_path_result + func_relative_path_tcancelled=$func_relative_path_tbindir + break + fi + func_relative_path_result=../$func_relative_path_result + ;; + esac + done + + # Now calculate path; take care to avoid doubling-up slashes. + func_stripname '' '/' "$func_relative_path_result" + func_relative_path_result=$func_stripname_result + func_stripname '/' '/' "$func_relative_path_tcancelled" + if test "x$func_stripname_result" != x ; then + func_relative_path_result=${func_relative_path_result}/${func_stripname_result} + fi + + # Normalisation. If bindir is libdir, return empty string, + # else relative path ending with a slash; either way, target + # file name can be directly appended. + if test ! -z "$func_relative_path_result"; then + func_stripname './' '' "$func_relative_path_result/" + func_relative_path_result=$func_stripname_result + fi +} # The name of this program: -# In the unlikely event $progname began with a '-', it would play havoc with -# func_echo (imagine progname=-n), so we prepend ./ in that case: func_dirname_and_basename "$progpath" progname=$func_basename_result -case $progname in - -*) progname=./$progname ;; -esac # Make sure we have an absolute path for reexecution: case $progpath in @@ -258,6 +413,13 @@ func_verbose () : } +# func_echo_all arg... +# Invoke $ECHO with all args, space-separated. +func_echo_all () +{ + $ECHO "$*" +} + # func_error arg... # Echo program name prefixed message to standard error. func_error () @@ -326,9 +488,9 @@ func_mkdir_p () case $my_directory_path in */*) ;; *) break ;; esac # ...otherwise throw away the child directory and loop - my_directory_path=`$ECHO "X$my_directory_path" | $Xsed -e "$dirname"` + my_directory_path=`$ECHO "$my_directory_path" | $SED -e "$dirname"` done - my_dir_list=`$ECHO "X$my_dir_list" | $Xsed -e 's,:*$,,'` + my_dir_list=`$ECHO "$my_dir_list" | $SED 's,:*$,,'` save_mkdir_p_IFS="$IFS"; IFS=':' for my_dir in $my_dir_list; do @@ -378,7 +540,7 @@ func_mktempdir () func_fatal_error "cannot create temporary directory \`$my_tmpdir'" fi - $ECHO "X$my_tmpdir" | $Xsed + $ECHO "$my_tmpdir" } @@ -392,7 +554,7 @@ func_quote_for_eval () { case $1 in *[\\\`\"\$]*) - func_quote_for_eval_unquoted_result=`$ECHO "X$1" | $Xsed -e "$sed_quote_subst"` ;; + func_quote_for_eval_unquoted_result=`$ECHO "$1" | $SED "$sed_quote_subst"` ;; *) func_quote_for_eval_unquoted_result="$1" ;; esac @@ -419,7 +581,7 @@ func_quote_for_expand () { case $1 in *[\\\`\"]*) - my_arg=`$ECHO "X$1" | $Xsed \ + my_arg=`$ECHO "$1" | $SED \ -e "$double_quote_subst" -e "$sed_double_backslash"` ;; *) my_arg="$1" ;; @@ -489,14 +651,19 @@ func_show_eval_locale () } - - - # func_version # Echo version message to standard output and exit. func_version () { - $SED -n '/^# '$PROGRAM' (GNU /,/# warranty; / { + $SED -n '/(C)/!b go + :more + /\./!{ + N + s/\n# / / + b more + } + :go + /^# '$PROGRAM' (GNU /,/# warranty; / { s/^# // s/^# *$// s/\((C)\)[ 0-9,-]*\( [1-9][0-9]*\)/\1\2/ @@ -509,19 +676,20 @@ func_version () # Echo short help message to standard output and exit. func_usage () { - $SED -n '/^# Usage:/,/# -h/ { + $SED -n '/^# Usage:/,/^# *.*--help/ { s/^# // s/^# *$// s/\$progname/'$progname'/ p }' < "$progpath" - $ECHO + echo $ECHO "run \`$progname --help | more' for full usage" exit $? } -# func_help -# Echo long help message to standard output and exit. +# func_help [NOEXIT] +# Echo long help message to standard output and exit, +# unless 'noexit' is passed as argument. func_help () { $SED -n '/^# Usage:/,/# Report bugs to/ { @@ -538,7 +706,10 @@ func_help () s/\$autoconf_version/'"`(autoconf --version) 2>/dev/null |$SED 1q`"'/ p }' < "$progpath" - exit $? + ret=$? + if test -z "$1"; then + exit $ret + fi } # func_missing_arg argname @@ -546,7 +717,7 @@ func_help () # exit_cmd. func_missing_arg () { - func_error "missing argument for $1" + func_error "missing argument for $1." exit_cmd=exit } @@ -556,29 +727,6 @@ exit_cmd=: -# Check that we have a working $ECHO. -if test "X$1" = X--no-reexec; then - # Discard the --no-reexec flag, and continue. - shift -elif test "X$1" = X--fallback-echo; then - # Avoid inline document here, it may be left over - : -elif test "X`{ $ECHO '\t'; } 2>/dev/null`" = 'X\t'; then - # Yippee, $ECHO works! - : -else - # Restart under the correct shell, and then maybe $ECHO will work. - exec $SHELL "$progpath" --no-reexec ${1+"$@"} -fi - -if test "X$1" = X--fallback-echo; then - # used as fallback echo - shift - cat <<EOF -$* -EOF - exit $EXIT_SUCCESS -fi magic="%%%MAGIC variable%%%" magic_exe="%%%MAGIC EXE variable%%%" @@ -636,16 +784,16 @@ func_config () # Display the features supported by this script. func_features () { - $ECHO "host: $host" + echo "host: $host" if test "$build_libtool_libs" = yes; then - $ECHO "enable shared libraries" + echo "enable shared libraries" else - $ECHO "disable shared libraries" + echo "disable shared libraries" fi if test "$build_old_libs" = yes; then - $ECHO "enable static libraries" + echo "enable static libraries" else - $ECHO "disable static libraries" + echo "disable static libraries" fi exit $? @@ -772,10 +920,21 @@ func_enable_tag () --quiet|--silent) preserve_args="$preserve_args $opt" opt_silent=: + opt_verbose=false + ;; + + --no-quiet|--no-silent) + preserve_args="$preserve_args $opt" + opt_silent=false ;; --verbose| -v) preserve_args="$preserve_args $opt" opt_silent=false + opt_verbose=: + ;; + + --no-verbose) preserve_args="$preserve_args $opt" + opt_verbose=false ;; --tag) test "$#" -eq 0 && func_missing_arg "$opt" && break @@ -793,6 +952,7 @@ func_enable_tag () -\?|-h) func_usage ;; --help) opt_help=: ;; + --help-all) opt_help=': help-all' ;; --version) func_version ;; -*) func_fatal_help "unrecognized option \`$opt'" ;; @@ -1016,10 +1176,13 @@ func_infer_tag () func_quote_for_eval "$arg" CC_quoted="$CC_quoted $func_quote_for_eval_result" done + CC_expanded=`func_echo_all $CC` + CC_quoted_expanded=`func_echo_all $CC_quoted` case $@ in # Blanks in the command may have been stripped by the calling shell, # but not from the CC environment variable when configure was run. - " $CC "* | "$CC "* | " `$ECHO $CC` "* | "`$ECHO $CC` "* | " $CC_quoted"* | "$CC_quoted "* | " `$ECHO $CC_quoted` "* | "`$ECHO $CC_quoted` "*) ;; + " $CC "* | "$CC "* | " $CC_expanded "* | "$CC_expanded "* | \ + " $CC_quoted"* | "$CC_quoted "* | " $CC_quoted_expanded "* | "$CC_quoted_expanded "*) ;; # Blanks at the start of $base_compile will cause this to fail # if we don't check for them as well. *) @@ -1033,8 +1196,11 @@ func_infer_tag () func_quote_for_eval "$arg" CC_quoted="$CC_quoted $func_quote_for_eval_result" done + CC_expanded=`func_echo_all $CC` + CC_quoted_expanded=`func_echo_all $CC_quoted` case "$@ " in - " $CC "* | "$CC "* | " `$ECHO $CC` "* | "`$ECHO $CC` "* | " $CC_quoted"* | "$CC_quoted "* | " `$ECHO $CC_quoted` "* | "`$ECHO $CC_quoted` "*) + " $CC "* | "$CC "* | " $CC_expanded "* | "$CC_expanded "* | \ + " $CC_quoted"* | "$CC_quoted "* | " $CC_quoted_expanded "* | "$CC_quoted_expanded "*) # The compiler in the base compile command matches # the one in the tagged configuration. # Assume this is the tagged configuration we want. @@ -1213,7 +1379,7 @@ func_mode_compile () *.[cCFSifmso] | \ *.ada | *.adb | *.ads | *.asm | \ *.c++ | *.cc | *.ii | *.class | *.cpp | *.cxx | \ - *.[fF][09]? | *.for | *.java | *.obj | *.sx) + *.[fF][09]? | *.for | *.java | *.obj | *.sx | *.cu | *.cup) func_xform "$libobj" libobj=$func_xform_result ;; @@ -1288,7 +1454,7 @@ func_mode_compile () # Calculate the filename of the output object if compiler does # not support -o with -c if test "$compiler_c_o" = no; then - output_obj=`$ECHO "X$srcfile" | $Xsed -e 's%^.*/%%' -e 's%\.[^.]*$%%'`.${objext} + output_obj=`$ECHO "$srcfile" | $SED 's%^.*/%%; s%\.[^.]*$%%'`.${objext} lockfile="$output_obj.lock" else output_obj= @@ -1445,7 +1611,7 @@ compiler." } $opt_help || { -test "$mode" = compile && func_mode_compile ${1+"$@"} + test "$mode" = compile && func_mode_compile ${1+"$@"} } func_mode_help () @@ -1482,10 +1648,11 @@ This mode accepts the following additional options: -o OUTPUT-FILE set the output file name to OUTPUT-FILE -no-suppress do not suppress compiler output for multiple passes - -prefer-pic try to building PIC objects only - -prefer-non-pic try to building non-PIC objects only + -prefer-pic try to build PIC objects only + -prefer-non-pic try to build non-PIC objects only -shared do not build a \`.o' file suitable for static linking -static only build a \`.o' file suitable for static linking + -Wc,FLAG pass FLAG directly to the compiler COMPILE-COMMAND is a command to be used in creating a \`standard' object file from the given SOURCEFILE. @@ -1538,7 +1705,7 @@ either the \`install' or \`cp' program. The following components of INSTALL-COMMAND are treated specially: - -inst-prefix PREFIX-DIR Use PREFIX-DIR as a staging area for installation + -inst-prefix-dir PREFIX-DIR Use PREFIX-DIR as a staging area for installation The rest of the components are interpreted as arguments to that command (only BSD-compatible install options are recognized)." @@ -1558,6 +1725,8 @@ The following components of LINK-COMMAND are treated specially: -all-static do not do any dynamic linking at all -avoid-version do not add a version suffix if possible + -bindir BINDIR specify path to binaries directory (for systems where + libraries must be found in the PATH setting at runtime) -dlopen FILE \`-dlpreopen' FILE if it cannot be dlopened at runtime -dlpreopen FILE link in FILE and add its symbols to lt_preloaded_symbols -export-dynamic allow symbols from OUTPUT-FILE to be resolved with dlsym(3) @@ -1586,6 +1755,11 @@ The following components of LINK-COMMAND are treated specially: -version-info CURRENT[:REVISION[:AGE]] specify library version info [each variable defaults to 0] -weak LIBNAME declare that the target provides the LIBNAME interface + -Wc,FLAG + -Xcompiler FLAG pass linker-specific FLAG directly to the compiler + -Wl,FLAG + -Xlinker FLAG pass linker-specific FLAG directly to the linker + -XCClinker FLAG pass link-specific FLAG to the compiler driver (CC) All other options (arguments beginning with \`-') are ignored. @@ -1623,14 +1797,40 @@ Otherwise, only FILE itself is deleted using RM." ;; esac - $ECHO + echo $ECHO "Try \`$progname --help' for more information about other modes." - - exit $? } - # Now that we've collected a possible --mode arg, show help if necessary - $opt_help && func_mode_help +# Now that we've collected a possible --mode arg, show help if necessary +if $opt_help; then + if test "$opt_help" = :; then + func_mode_help + else + { + func_help noexit + for mode in compile link execute install finish uninstall clean; do + func_mode_help + done + } | sed -n '1p; 2,$s/^Usage:/ or: /p' + { + func_help noexit + for mode in compile link execute install finish uninstall clean; do + echo + func_mode_help + done + } | + sed '1d + /^When reporting/,/^Report/{ + H + d + } + $x + /information about other modes/d + /more detailed .*MODE/d + s/^Usage:.*--mode=\([^ ]*\) .*/Description of \1 mode:/' + fi + exit $? +fi # func_mode_execute arg... @@ -1712,7 +1912,7 @@ func_mode_execute () for file do case $file in - -*) ;; + -* | *.la | *.lo ) ;; *) # Do a test to see if this is really a libtool program. if func_ltwrapper_script_p "$file"; then @@ -1754,7 +1954,7 @@ func_mode_execute () # Display what would be done. if test -n "$shlibpath_var"; then eval "\$ECHO \"\$shlibpath_var=\$$shlibpath_var\"" - $ECHO "export $shlibpath_var" + echo "export $shlibpath_var" fi $ECHO "$cmd$args" exit $EXIT_SUCCESS @@ -1795,23 +1995,23 @@ func_mode_finish () # Exit here if they wanted silent mode. $opt_silent && exit $EXIT_SUCCESS - $ECHO "X----------------------------------------------------------------------" | $Xsed - $ECHO "Libraries have been installed in:" + echo "----------------------------------------------------------------------" + echo "Libraries have been installed in:" for libdir in $libdirs; do $ECHO " $libdir" done - $ECHO - $ECHO "If you ever happen to want to link against installed libraries" - $ECHO "in a given directory, LIBDIR, you must either use libtool, and" - $ECHO "specify the full pathname of the library, or use the \`-LLIBDIR'" - $ECHO "flag during linking and do at least one of the following:" + echo + echo "If you ever happen to want to link against installed libraries" + echo "in a given directory, LIBDIR, you must either use libtool, and" + echo "specify the full pathname of the library, or use the \`-LLIBDIR'" + echo "flag during linking and do at least one of the following:" if test -n "$shlibpath_var"; then - $ECHO " - add LIBDIR to the \`$shlibpath_var' environment variable" - $ECHO " during execution" + echo " - add LIBDIR to the \`$shlibpath_var' environment variable" + echo " during execution" fi if test -n "$runpath_var"; then - $ECHO " - add LIBDIR to the \`$runpath_var' environment variable" - $ECHO " during linking" + echo " - add LIBDIR to the \`$runpath_var' environment variable" + echo " during linking" fi if test -n "$hardcode_libdir_flag_spec"; then libdir=LIBDIR @@ -1823,21 +2023,21 @@ func_mode_finish () $ECHO " - have your system administrator run these commands:$admincmds" fi if test -f /etc/ld.so.conf; then - $ECHO " - have your system administrator add LIBDIR to \`/etc/ld.so.conf'" + echo " - have your system administrator add LIBDIR to \`/etc/ld.so.conf'" fi - $ECHO + echo - $ECHO "See any operating system documentation about shared libraries for" + echo "See any operating system documentation about shared libraries for" case $host in solaris2.[6789]|solaris2.1[0-9]) - $ECHO "more information, such as the ld(1), crle(1) and ld.so(8) manual" - $ECHO "pages." + echo "more information, such as the ld(1), crle(1) and ld.so(8) manual" + echo "pages." ;; *) - $ECHO "more information, such as the ld(1) and ld.so(8) manual pages." + echo "more information, such as the ld(1) and ld.so(8) manual pages." ;; esac - $ECHO "X----------------------------------------------------------------------" | $Xsed + echo "----------------------------------------------------------------------" exit $EXIT_SUCCESS } @@ -1852,7 +2052,7 @@ func_mode_install () # install_prog (especially on Windows NT). if test "$nonopt" = "$SHELL" || test "$nonopt" = /bin/sh || # Allow the use of GNU shtool's install command. - $ECHO "X$nonopt" | $GREP shtool >/dev/null; then + case $nonopt in *shtool*) :;; *) false;; esac; then # Aesthetically quote it. func_quote_for_eval "$nonopt" install_prog="$func_quote_for_eval_result " @@ -1867,6 +2067,11 @@ func_mode_install () # Aesthetically quote it. func_quote_for_eval "$arg" install_prog="$install_prog$func_quote_for_eval_result" + install_shared_prog=$install_prog + case " $install_prog " in + *[\\\ /]cp\ *) install_cp=: ;; + *) install_cp=false ;; + esac # We need to accept at least all the BSD install flags. dest= @@ -1876,8 +2081,10 @@ func_mode_install () install_type= isdir=no stripme= + no_mode=: for arg do + arg2= if test -n "$dest"; then files="$files $dest" dest=$arg @@ -1887,10 +2094,9 @@ func_mode_install () case $arg in -d) isdir=yes ;; -f) - case " $install_prog " in - *[\\\ /]cp\ *) ;; - *) prev=$arg ;; - esac + if $install_cp; then :; else + prev=$arg + fi ;; -g | -m | -o) prev=$arg @@ -1904,6 +2110,10 @@ func_mode_install () *) # If the previous option needed an argument, then skip it. if test -n "$prev"; then + if test "x$prev" = x-m && test -n "$install_override_mode"; then + arg2=$install_override_mode + no_mode=false + fi prev= else dest=$arg @@ -1915,6 +2125,10 @@ func_mode_install () # Aesthetically quote the argument. func_quote_for_eval "$arg" install_prog="$install_prog $func_quote_for_eval_result" + if test -n "$arg2"; then + func_quote_for_eval "$arg2" + fi + install_shared_prog="$install_shared_prog $func_quote_for_eval_result" done test -z "$install_prog" && \ @@ -1923,6 +2137,13 @@ func_mode_install () test -n "$prev" && \ func_fatal_help "the \`$prev' option requires an argument" + if test -n "$install_override_mode" && $no_mode; then + if $install_cp; then :; else + func_quote_for_eval "$install_override_mode" + install_shared_prog="$install_shared_prog -m $func_quote_for_eval_result" + fi + fi + if test -z "$files"; then if test -z "$dest"; then func_fatal_help "no file or destination specified" @@ -2010,7 +2231,7 @@ func_mode_install () if test -n "$relink_command"; then # Determine the prefix the user has applied to our future dir. - inst_prefix_dir=`$ECHO "X$destdir" | $Xsed -e "s%$libdir\$%%"` + inst_prefix_dir=`$ECHO "$destdir" | $SED -e "s%$libdir\$%%"` # Don't allow the user to place us outside of our expected # location b/c this prevents finding dependent libraries that @@ -2023,9 +2244,9 @@ func_mode_install () if test -n "$inst_prefix_dir"; then # Stick the inst_prefix_dir data into the link command. - relink_command=`$ECHO "X$relink_command" | $Xsed -e "s%@inst_prefix_dir@%-inst-prefix-dir $inst_prefix_dir%"` + relink_command=`$ECHO "$relink_command" | $SED "s%@inst_prefix_dir@%-inst-prefix-dir $inst_prefix_dir%"` else - relink_command=`$ECHO "X$relink_command" | $Xsed -e "s%@inst_prefix_dir@%%"` + relink_command=`$ECHO "$relink_command" | $SED "s%@inst_prefix_dir@%%"` fi func_warning "relinking \`$file'" @@ -2043,7 +2264,7 @@ func_mode_install () test -n "$relink_command" && srcname="$realname"T # Install the shared library and build the symlinks. - func_show_eval "$install_prog $dir/$srcname $destdir/$realname" \ + func_show_eval "$install_shared_prog $dir/$srcname $destdir/$realname" \ 'exit $?' tstripme="$stripme" case $host_os in @@ -2183,7 +2404,7 @@ func_mode_install () if test -f "$lib"; then func_source "$lib" fi - libfile="$libdir/"`$ECHO "X$lib" | $Xsed -e 's%^.*/%%g'` ### testsuite: skip nested quoting test + libfile="$libdir/"`$ECHO "$lib" | $SED 's%^.*/%%g'` ### testsuite: skip nested quoting test if test -n "$libdir" && test ! -f "$libfile"; then func_warning "\`$lib' has not been installed in \`$libdir'" finalize=no @@ -2202,7 +2423,7 @@ func_mode_install () file="$func_basename_result" outputname="$tmpdir/$file" # Replace the output file specification. - relink_command=`$ECHO "X$relink_command" | $Xsed -e 's%@OUTPUT@%'"$outputname"'%g'` + relink_command=`$ECHO "$relink_command" | $SED 's%@OUTPUT@%'"$outputname"'%g'` $opt_silent || { func_quote_for_expand "$relink_command" @@ -2221,7 +2442,7 @@ func_mode_install () } else # Install the binary that we compiled earlier. - file=`$ECHO "X$file$stripped_ext" | $Xsed -e "s%\([^/]*\)$%$objdir/\1%"` + file=`$ECHO "$file$stripped_ext" | $SED "s%\([^/]*\)$%$objdir/\1%"` fi fi @@ -2323,6 +2544,10 @@ func_generate_dlsyms () extern \"C\" { #endif +#if defined(__GNUC__) && (((__GNUC__ == 4) && (__GNUC_MINOR__ >= 4)) || (__GNUC__ > 4)) +#pragma GCC diagnostic ignored \"-Wstrict-prototypes\" +#endif + /* External symbol declarations for the compiler. */\ " @@ -2332,7 +2557,7 @@ extern \"C\" { $opt_dry_run || echo ': @PROGRAM@ ' > "$nlist" # Add our own program objects to the symbol list. - progfiles=`$ECHO "X$objs$old_deplibs" | $SP2NL | $Xsed -e "$lo2o" | $NL2SP` + progfiles=`$ECHO "$objs$old_deplibs" | $SP2NL | $SED "$lo2o" | $NL2SP` for progfile in $progfiles; do func_verbose "extracting global C symbols from \`$progfile'" $opt_dry_run || eval "$NM $progfile | $global_symbol_pipe >> '$nlist'" @@ -2371,7 +2596,7 @@ extern \"C\" { eval '$GREP -f "$output_objdir/$outputname.exp" < "$nlist" > "$nlist"T' eval '$MV "$nlist"T "$nlist"' case $host in - *cygwin | *mingw* | *cegcc* ) + *cygwin* | *mingw* | *cegcc* ) eval "echo EXPORTS "'> "$output_objdir/$outputname.def"' eval 'cat "$nlist" >> "$output_objdir/$outputname.def"' ;; @@ -2415,10 +2640,10 @@ extern \"C\" { if test -f "$nlist"S; then eval "$global_symbol_to_cdecl"' < "$nlist"S >> "$output_objdir/$my_dlsyms"' else - $ECHO '/* NONE */' >> "$output_objdir/$my_dlsyms" + echo '/* NONE */' >> "$output_objdir/$my_dlsyms" fi - $ECHO >> "$output_objdir/$my_dlsyms" "\ + echo >> "$output_objdir/$my_dlsyms" "\ /* The mapping between symbol names and symbols. */ typedef struct { @@ -2428,7 +2653,7 @@ typedef struct { " case $host in *cygwin* | *mingw* | *cegcc* ) - $ECHO >> "$output_objdir/$my_dlsyms" "\ + echo >> "$output_objdir/$my_dlsyms" "\ /* DATA imports from DLLs on WIN32 con't be const, because runtime relocations are performed -- see ld's documentation on pseudo-relocs. */" @@ -2441,7 +2666,7 @@ typedef struct { lt_dlsym_const=const ;; esac - $ECHO >> "$output_objdir/$my_dlsyms" "\ + echo >> "$output_objdir/$my_dlsyms" "\ extern $lt_dlsym_const lt_dlsymlist lt_${my_prefix}_LTX_preloaded_symbols[]; $lt_dlsym_const lt_dlsymlist @@ -2457,7 +2682,7 @@ lt_${my_prefix}_LTX_preloaded_symbols[] = eval "$global_symbol_to_c_name_address_lib_prefix" < "$nlist" >> "$output_objdir/$my_dlsyms" ;; esac - $ECHO >> "$output_objdir/$my_dlsyms" "\ + echo >> "$output_objdir/$my_dlsyms" "\ {0, (void *) 0} }; @@ -2515,16 +2740,16 @@ static const void *lt_preloaded_setup() { case $host in *cygwin* | *mingw* | *cegcc* ) if test -f "$output_objdir/$my_outputname.def"; then - compile_command=`$ECHO "X$compile_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/$my_outputname.def $symfileobj%"` - finalize_command=`$ECHO "X$finalize_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/$my_outputname.def $symfileobj%"` + compile_command=`$ECHO "$compile_command" | $SED "s%@SYMFILE@%$output_objdir/$my_outputname.def $symfileobj%"` + finalize_command=`$ECHO "$finalize_command" | $SED "s%@SYMFILE@%$output_objdir/$my_outputname.def $symfileobj%"` else - compile_command=`$ECHO "X$compile_command" | $Xsed -e "s%@SYMFILE@%$symfileobj%"` - finalize_command=`$ECHO "X$finalize_command" | $Xsed -e "s%@SYMFILE@%$symfileobj%"` + compile_command=`$ECHO "$compile_command" | $SED "s%@SYMFILE@%$symfileobj%"` + finalize_command=`$ECHO "$finalize_command" | $SED "s%@SYMFILE@%$symfileobj%"` fi ;; *) - compile_command=`$ECHO "X$compile_command" | $Xsed -e "s%@SYMFILE@%$symfileobj%"` - finalize_command=`$ECHO "X$finalize_command" | $Xsed -e "s%@SYMFILE@%$symfileobj%"` + compile_command=`$ECHO "$compile_command" | $SED "s%@SYMFILE@%$symfileobj%"` + finalize_command=`$ECHO "$finalize_command" | $SED "s%@SYMFILE@%$symfileobj%"` ;; esac ;; @@ -2538,8 +2763,8 @@ static const void *lt_preloaded_setup() { # really was required. # Nullify the symbol file. - compile_command=`$ECHO "X$compile_command" | $Xsed -e "s% @SYMFILE@%%"` - finalize_command=`$ECHO "X$finalize_command" | $Xsed -e "s% @SYMFILE@%%"` + compile_command=`$ECHO "$compile_command" | $SED "s% @SYMFILE@%%"` + finalize_command=`$ECHO "$finalize_command" | $SED "s% @SYMFILE@%%"` fi } @@ -2549,6 +2774,7 @@ static const void *lt_preloaded_setup() { # Need a lot of goo to handle *both* DLLs and import libs # Has to be a shell function in order to 'eat' the argument # that is supplied when $file_magic_command is called. +# Despite the name, also deal with 64 bit binaries. func_win32_libid () { $opt_debug @@ -2559,8 +2785,9 @@ func_win32_libid () win32_libid_type="x86 archive import" ;; *ar\ archive*) # could be an import, or static + # Keep the egrep pattern in sync with the one in _LT_CHECK_MAGIC_METHOD. if eval $OBJDUMP -f $1 | $SED -e '10q' 2>/dev/null | - $EGREP 'file format pe-i386(.*architecture: i386)?' >/dev/null ; then + $EGREP 'file format (pei*-i386(.*architecture: i386)?|pe-arm-wince|pe-x86-64)' >/dev/null; then win32_nmres=`eval $NM -f posix -A $1 | $SED -n -e ' 1,100{ @@ -2598,7 +2825,18 @@ func_extract_an_archive () $opt_debug f_ex_an_ar_dir="$1"; shift f_ex_an_ar_oldlib="$1" - func_show_eval "(cd \$f_ex_an_ar_dir && $AR x \"\$f_ex_an_ar_oldlib\")" 'exit $?' + if test "$lock_old_archive_extraction" = yes; then + lockfile=$f_ex_an_ar_oldlib.lock + until $opt_dry_run || ln "$progpath" "$lockfile" 2>/dev/null; do + func_echo "Waiting for $lockfile to be removed" + sleep 2 + done + fi + func_show_eval "(cd \$f_ex_an_ar_dir && $AR x \"\$f_ex_an_ar_oldlib\")" \ + 'stat=$?; rm -f "$lockfile"; exit $stat' + if test "$lock_old_archive_extraction" = yes; then + $opt_dry_run || rm -f "$lockfile" + fi if ($AR t "$f_ex_an_ar_oldlib" | sort | sort -uc >/dev/null 2>&1); then : else @@ -2669,7 +2907,7 @@ func_extract_archives () darwin_file= darwin_files= for darwin_file in $darwin_filelist; do - darwin_files=`find unfat-$$ -name $darwin_file -print | $NL2SP` + darwin_files=`find unfat-$$ -name $darwin_file -print | sort | $NL2SP` $LIPO -create -output "$darwin_file" $darwin_files done # $darwin_filelist $RM -rf unfat-$$ @@ -2684,25 +2922,30 @@ func_extract_archives () func_extract_an_archive "$my_xdir" "$my_xabs" ;; esac - my_oldobjs="$my_oldobjs "`find $my_xdir -name \*.$objext -print -o -name \*.lo -print | $NL2SP` + my_oldobjs="$my_oldobjs "`find $my_xdir -name \*.$objext -print -o -name \*.lo -print | sort | $NL2SP` done func_extract_archives_result="$my_oldobjs" } - -# func_emit_wrapper_part1 [arg=no] +# func_emit_wrapper [arg=no] # -# Emit the first part of a libtool wrapper script on stdout. -# For more information, see the description associated with -# func_emit_wrapper(), below. -func_emit_wrapper_part1 () +# Emit a libtool wrapper script on stdout. +# Don't directly open a file because we may want to +# incorporate the script contents within a cygwin/mingw +# wrapper executable. Must ONLY be called from within +# func_mode_link because it depends on a number of variables +# set therein. +# +# ARG is the value that the WRAPPER_SCRIPT_BELONGS_IN_OBJDIR +# variable will take. If 'yes', then the emitted script +# will assume that the directory in which it is stored is +# the $objdir directory. This is a cygwin/mingw-specific +# behavior. +func_emit_wrapper () { - func_emit_wrapper_part1_arg1=no - if test -n "$1" ; then - func_emit_wrapper_part1_arg1=$1 - fi + func_emit_wrapper_arg1=${1-no} $ECHO "\ #! $SHELL @@ -2718,7 +2961,6 @@ func_emit_wrapper_part1 () # Sed substitution that helps us do robust quoting. It backslashifies # metacharacters that are still active within double-quoted strings. -Xsed='${SED} -e 1s/^X//' sed_quote_subst='$sed_quote_subst' # Be Bourne compatible @@ -2749,31 +2991,132 @@ if test \"\$libtool_install_magic\" = \"$magic\"; then else # When we are sourced in execute mode, \$file and \$ECHO are already set. if test \"\$libtool_execute_magic\" != \"$magic\"; then - ECHO=\"$qecho\" - file=\"\$0\" - # Make sure echo works. - if test \"X\$1\" = X--no-reexec; then - # Discard the --no-reexec flag, and continue. - shift - elif test \"X\`{ \$ECHO '\t'; } 2>/dev/null\`\" = 'X\t'; then - # Yippee, \$ECHO works! - : - else - # Restart under the correct shell, and then maybe \$ECHO will work. - exec $SHELL \"\$0\" --no-reexec \${1+\"\$@\"} - fi - fi\ + file=\"\$0\"" + + qECHO=`$ECHO "$ECHO" | $SED "$sed_quote_subst"` + $ECHO "\ + +# A function that is used when there is no print builtin or printf. +func_fallback_echo () +{ + eval 'cat <<_LTECHO_EOF +\$1 +_LTECHO_EOF' +} + ECHO=\"$qECHO\" + fi + +# Very basic option parsing. These options are (a) specific to +# the libtool wrapper, (b) are identical between the wrapper +# /script/ and the wrapper /executable/ which is used only on +# windows platforms, and (c) all begin with the string "--lt-" +# (application programs are unlikely to have options which match +# this pattern). +# +# There are only two supported options: --lt-debug and +# --lt-dump-script. There is, deliberately, no --lt-help. +# +# The first argument to this parsing function should be the +# script's $0 value, followed by "$@". +lt_option_debug= +func_parse_lt_options () +{ + lt_script_arg0=\$0 + shift + for lt_opt + do + case \"\$lt_opt\" in + --lt-debug) lt_option_debug=1 ;; + --lt-dump-script) + lt_dump_D=\`\$ECHO \"X\$lt_script_arg0\" | $SED -e 's/^X//' -e 's%/[^/]*$%%'\` + test \"X\$lt_dump_D\" = \"X\$lt_script_arg0\" && lt_dump_D=. + lt_dump_F=\`\$ECHO \"X\$lt_script_arg0\" | $SED -e 's/^X//' -e 's%^.*/%%'\` + cat \"\$lt_dump_D/\$lt_dump_F\" + exit 0 + ;; + --lt-*) + \$ECHO \"Unrecognized --lt- option: '\$lt_opt'\" 1>&2 + exit 1 + ;; + esac + done + + # Print the debug banner immediately: + if test -n \"\$lt_option_debug\"; then + echo \"${outputname}:${output}:\${LINENO}: libtool wrapper (GNU $PACKAGE$TIMESTAMP) $VERSION\" 1>&2 + fi +} + +# Used when --lt-debug. Prints its arguments to stdout +# (redirection is the responsibility of the caller) +func_lt_dump_args () +{ + lt_dump_args_N=1; + for lt_arg + do + \$ECHO \"${outputname}:${output}:\${LINENO}: newargv[\$lt_dump_args_N]: \$lt_arg\" + lt_dump_args_N=\`expr \$lt_dump_args_N + 1\` + done +} + +# Core function for launching the target application +func_exec_program_core () +{ " - $ECHO "\ + case $host in + # Backslashes separate directories on plain windows + *-*-mingw | *-*-os2* | *-cegcc*) + $ECHO "\ + if test -n \"\$lt_option_debug\"; then + \$ECHO \"${outputname}:${output}:\${LINENO}: newargv[0]: \$progdir\\\\\$program\" 1>&2 + func_lt_dump_args \${1+\"\$@\"} 1>&2 + fi + exec \"\$progdir\\\\\$program\" \${1+\"\$@\"} +" + ;; + + *) + $ECHO "\ + if test -n \"\$lt_option_debug\"; then + \$ECHO \"${outputname}:${output}:\${LINENO}: newargv[0]: \$progdir/\$program\" 1>&2 + func_lt_dump_args \${1+\"\$@\"} 1>&2 + fi + exec \"\$progdir/\$program\" \${1+\"\$@\"} +" + ;; + esac + $ECHO "\ + \$ECHO \"\$0: cannot exec \$program \$*\" 1>&2 + exit 1 +} + +# A function to encapsulate launching the target application +# Strips options in the --lt-* namespace from \$@ and +# launches target application with the remaining arguments. +func_exec_program () +{ + for lt_wr_arg + do + case \$lt_wr_arg in + --lt-*) ;; + *) set x \"\$@\" \"\$lt_wr_arg\"; shift;; + esac + shift + done + func_exec_program_core \${1+\"\$@\"} +} + + # Parse options + func_parse_lt_options \"\$0\" \${1+\"\$@\"} # Find the directory that this script lives in. - thisdir=\`\$ECHO \"X\$file\" | \$Xsed -e 's%/[^/]*$%%'\` + thisdir=\`\$ECHO \"\$file\" | $SED 's%/[^/]*$%%'\` test \"x\$thisdir\" = \"x\$file\" && thisdir=. # Follow symbolic links until we get to the real thisdir. - file=\`ls -ld \"\$file\" | ${SED} -n 's/.*-> //p'\` + file=\`ls -ld \"\$file\" | $SED -n 's/.*-> //p'\` while test -n \"\$file\"; do - destdir=\`\$ECHO \"X\$file\" | \$Xsed -e 's%/[^/]*\$%%'\` + destdir=\`\$ECHO \"\$file\" | $SED 's%/[^/]*\$%%'\` # If there was a directory component, then change thisdir. if test \"x\$destdir\" != \"x\$file\"; then @@ -2783,30 +3126,13 @@ else esac fi - file=\`\$ECHO \"X\$file\" | \$Xsed -e 's%^.*/%%'\` - file=\`ls -ld \"\$thisdir/\$file\" | ${SED} -n 's/.*-> //p'\` + file=\`\$ECHO \"\$file\" | $SED 's%^.*/%%'\` + file=\`ls -ld \"\$thisdir/\$file\" | $SED -n 's/.*-> //p'\` done -" -} -# end: func_emit_wrapper_part1 - -# func_emit_wrapper_part2 [arg=no] -# -# Emit the second part of a libtool wrapper script on stdout. -# For more information, see the description associated with -# func_emit_wrapper(), below. -func_emit_wrapper_part2 () -{ - func_emit_wrapper_part2_arg1=no - if test -n "$1" ; then - func_emit_wrapper_part2_arg1=$1 - fi - - $ECHO "\ # Usually 'no', except on cygwin/mingw when embedded into # the cwrapper. - WRAPPER_SCRIPT_BELONGS_IN_OBJDIR=$func_emit_wrapper_part2_arg1 + WRAPPER_SCRIPT_BELONGS_IN_OBJDIR=$func_emit_wrapper_arg1 if test \"\$WRAPPER_SCRIPT_BELONGS_IN_OBJDIR\" = \"yes\"; then # special case for '.' if test \"\$thisdir\" = \".\"; then @@ -2814,7 +3140,7 @@ func_emit_wrapper_part2 () fi # remove .libs from thisdir case \"\$thisdir\" in - *[\\\\/]$objdir ) thisdir=\`\$ECHO \"X\$thisdir\" | \$Xsed -e 's%[\\\\/][^\\\\/]*$%%'\` ;; + *[\\\\/]$objdir ) thisdir=\`\$ECHO \"\$thisdir\" | $SED 's%[\\\\/][^\\\\/]*$%%'\` ;; $objdir ) thisdir=. ;; esac fi @@ -2877,7 +3203,7 @@ func_emit_wrapper_part2 () # Some systems cannot cope with colon-terminated $shlibpath_var # The second colon is a workaround for a bug in BeOS R4 sed - $shlibpath_var=\`\$ECHO \"X\$$shlibpath_var\" | \$Xsed -e 's/::*\$//'\` + $shlibpath_var=\`\$ECHO \"\$$shlibpath_var\" | $SED 's/::*\$//'\` export $shlibpath_var " @@ -2894,64 +3220,18 @@ func_emit_wrapper_part2 () $ECHO "\ if test \"\$libtool_execute_magic\" != \"$magic\"; then # Run the actual program with our arguments. -" - case $host in - # Backslashes separate directories on plain windows - *-*-mingw | *-*-os2* | *-cegcc*) - $ECHO "\ - exec \"\$progdir\\\\\$program\" \${1+\"\$@\"} -" - ;; - - *) - $ECHO "\ - exec \"\$progdir/\$program\" \${1+\"\$@\"} -" - ;; - esac - $ECHO "\ - \$ECHO \"\$0: cannot exec \$program \$*\" 1>&2 - exit 1 + func_exec_program \${1+\"\$@\"} fi else # The program doesn't exist. \$ECHO \"\$0: error: \\\`\$progdir/\$program' does not exist\" 1>&2 \$ECHO \"This script is just a wrapper for \$program.\" 1>&2 - $ECHO \"See the $PACKAGE documentation for more information.\" 1>&2 + \$ECHO \"See the $PACKAGE documentation for more information.\" 1>&2 exit 1 fi fi\ " } -# end: func_emit_wrapper_part2 - - -# func_emit_wrapper [arg=no] -# -# Emit a libtool wrapper script on stdout. -# Don't directly open a file because we may want to -# incorporate the script contents within a cygwin/mingw -# wrapper executable. Must ONLY be called from within -# func_mode_link because it depends on a number of variables -# set therein. -# -# ARG is the value that the WRAPPER_SCRIPT_BELONGS_IN_OBJDIR -# variable will take. If 'yes', then the emitted script -# will assume that the directory in which it is stored is -# the $objdir directory. This is a cygwin/mingw-specific -# behavior. -func_emit_wrapper () -{ - func_emit_wrapper_arg1=no - if test -n "$1" ; then - func_emit_wrapper_arg1=$1 - fi - - # split this up so that func_emit_cwrapperexe_src - # can call each part independently. - func_emit_wrapper_part1 "${func_emit_wrapper_arg1}" - func_emit_wrapper_part2 "${func_emit_wrapper_arg1}" -} # func_to_host_path arg @@ -2978,23 +3258,19 @@ func_emit_wrapper () func_to_host_path () { func_to_host_path_result="$1" - if test -n "$1" ; then + if test -n "$1"; then case $host in *mingw* ) lt_sed_naive_backslashify='s|\\\\*|\\|g;s|/|\\|g;s|\\|\\\\|g' case $build in *mingw* ) # actually, msys # awkward: cmd appends spaces to result - lt_sed_strip_trailing_spaces="s/[ ]*\$//" - func_to_host_path_tmp1=`( cmd //c echo "$1" |\ - $SED -e "$lt_sed_strip_trailing_spaces" ) 2>/dev/null || echo ""` - func_to_host_path_result=`echo "$func_to_host_path_tmp1" |\ - $SED -e "$lt_sed_naive_backslashify"` + func_to_host_path_result=`( cmd //c echo "$1" ) 2>/dev/null | + $SED -e 's/[ ]*$//' -e "$lt_sed_naive_backslashify"` ;; *cygwin* ) - func_to_host_path_tmp1=`cygpath -w "$1"` - func_to_host_path_result=`echo "$func_to_host_path_tmp1" |\ - $SED -e "$lt_sed_naive_backslashify"` + func_to_host_path_result=`cygpath -w "$1" | + $SED -e "$lt_sed_naive_backslashify"` ;; * ) # Unfortunately, winepath does not exit with a non-zero @@ -3006,17 +3282,17 @@ func_to_host_path () # the odd construction: func_to_host_path_tmp1=`winepath -w "$1" 2>/dev/null` if test "$?" -eq 0 && test -n "${func_to_host_path_tmp1}"; then - func_to_host_path_result=`echo "$func_to_host_path_tmp1" |\ + func_to_host_path_result=`$ECHO "$func_to_host_path_tmp1" | $SED -e "$lt_sed_naive_backslashify"` else # Allow warning below. - func_to_host_path_result="" + func_to_host_path_result= fi ;; esac if test -z "$func_to_host_path_result" ; then func_error "Could not determine host path corresponding to" - func_error " '$1'" + func_error " \`$1'" func_error "Continuing, but uninstalled executables may not work." # Fallback: func_to_host_path_result="$1" @@ -3049,30 +3325,24 @@ func_to_host_path () func_to_host_pathlist () { func_to_host_pathlist_result="$1" - if test -n "$1" ; then + if test -n "$1"; then case $host in *mingw* ) lt_sed_naive_backslashify='s|\\\\*|\\|g;s|/|\\|g;s|\\|\\\\|g' # Remove leading and trailing path separator characters from # ARG. msys behavior is inconsistent here, cygpath turns them # into '.;' and ';.', and winepath ignores them completely. - func_to_host_pathlist_tmp2="$1" - # Once set for this call, this variable should not be - # reassigned. It is used in tha fallback case. - func_to_host_pathlist_tmp1=`echo "$func_to_host_pathlist_tmp2" |\ - $SED -e 's|^:*||' -e 's|:*$||'` + func_stripname : : "$1" + func_to_host_pathlist_tmp1=$func_stripname_result case $build in *mingw* ) # Actually, msys. # Awkward: cmd appends spaces to result. - lt_sed_strip_trailing_spaces="s/[ ]*\$//" - func_to_host_pathlist_tmp2=`( cmd //c echo "$func_to_host_pathlist_tmp1" |\ - $SED -e "$lt_sed_strip_trailing_spaces" ) 2>/dev/null || echo ""` - func_to_host_pathlist_result=`echo "$func_to_host_pathlist_tmp2" |\ - $SED -e "$lt_sed_naive_backslashify"` + func_to_host_pathlist_result=` + ( cmd //c echo "$func_to_host_pathlist_tmp1" ) 2>/dev/null | + $SED -e 's/[ ]*$//' -e "$lt_sed_naive_backslashify"` ;; *cygwin* ) - func_to_host_pathlist_tmp2=`cygpath -w -p "$func_to_host_pathlist_tmp1"` - func_to_host_pathlist_result=`echo "$func_to_host_pathlist_tmp2" |\ + func_to_host_pathlist_result=`cygpath -w -p "$func_to_host_pathlist_tmp1" | $SED -e "$lt_sed_naive_backslashify"` ;; * ) @@ -3088,18 +3358,17 @@ func_to_host_pathlist () if test -z "$func_to_host_pathlist_result" ; then func_to_host_pathlist_result="$func_to_host_path_result" else - func_to_host_pathlist_result="$func_to_host_pathlist_result;$func_to_host_path_result" + func_append func_to_host_pathlist_result ";$func_to_host_path_result" fi fi fi - IFS=: done IFS=$func_to_host_pathlist_oldIFS ;; esac - if test -z "$func_to_host_pathlist_result" ; then + if test -z "$func_to_host_pathlist_result"; then func_error "Could not determine the host path(s) corresponding to" - func_error " '$1'" + func_error " \`$1'" func_error "Continuing, but uninstalled executables may not work." # Fallback. This may break if $1 contains DOS-style drive # specifications. The fix is not to complicate the expression @@ -3116,7 +3385,7 @@ func_to_host_pathlist () ;; esac case "$1" in - *: ) func_to_host_pathlist_result="$func_to_host_pathlist_result;" + *: ) func_append func_to_host_pathlist_result ";" ;; esac ;; @@ -3141,31 +3410,23 @@ func_emit_cwrapperexe_src () This wrapper executable should never be moved out of the build directory. If it is, it will not operate correctly. - - Currently, it simply execs the wrapper *script* "$SHELL $output", - but could eventually absorb all of the scripts functionality and - exec $objdir/$outputname directly. */ EOF cat <<"EOF" +#ifdef _MSC_VER +# define _CRT_SECURE_NO_DEPRECATE 1 +#endif #include <stdio.h> #include <stdlib.h> #ifdef _MSC_VER # include <direct.h> # include <process.h> # include <io.h> -# define setmode _setmode #else # include <unistd.h> # include <stdint.h> # ifdef __CYGWIN__ # include <io.h> -# define HAVE_SETENV -# ifdef __STRICT_ANSI__ -char *realpath (const char *, char *); -int putenv (char *); -int setenv (const char *, const char *, int); -# endif # endif #endif #include <malloc.h> @@ -3177,6 +3438,44 @@ int setenv (const char *, const char *, int); #include <fcntl.h> #include <sys/stat.h> +/* declarations of non-ANSI functions */ +#if defined(__MINGW32__) +# ifdef __STRICT_ANSI__ +int _putenv (const char *); +# endif +#elif defined(__CYGWIN__) +# ifdef __STRICT_ANSI__ +char *realpath (const char *, char *); +int putenv (char *); +int setenv (const char *, const char *, int); +# endif +/* #elif defined (other platforms) ... */ +#endif + +/* portability defines, excluding path handling macros */ +#if defined(_MSC_VER) +# define setmode _setmode +# define stat _stat +# define chmod _chmod +# define getcwd _getcwd +# define putenv _putenv +# define S_IXUSR _S_IEXEC +# ifndef _INTPTR_T_DEFINED +# define _INTPTR_T_DEFINED +# define intptr_t int +# endif +#elif defined(__MINGW32__) +# define setmode _setmode +# define stat _stat +# define chmod _chmod +# define getcwd _getcwd +# define putenv _putenv +#elif defined(__CYGWIN__) +# define HAVE_SETENV +# define FOPEN_WB "wb" +/* #elif defined (other platforms) ... */ +#endif + #if defined(PATH_MAX) # define LT_PATHMAX PATH_MAX #elif defined(MAXPATHLEN) @@ -3192,14 +3491,7 @@ int setenv (const char *, const char *, int); # define S_IXGRP 0 #endif -#ifdef _MSC_VER -# define S_IXUSR _S_IEXEC -# define stat _stat -# ifndef _INTPTR_T_DEFINED -# define intptr_t int -# endif -#endif - +/* path handling portability macros */ #ifndef DIR_SEPARATOR # define DIR_SEPARATOR '/' # define PATH_SEPARATOR ':' @@ -3230,10 +3522,6 @@ int setenv (const char *, const char *, int); # define IS_PATH_SEPARATOR(ch) ((ch) == PATH_SEPARATOR_2) #endif /* PATH_SEPARATOR_2 */ -#ifdef __CYGWIN__ -# define FOPEN_WB "wb" -#endif - #ifndef FOPEN_WB # define FOPEN_WB "w" #endif @@ -3246,22 +3534,13 @@ int setenv (const char *, const char *, int); if (stale) { free ((void *) stale); stale = 0; } \ } while (0) -#undef LTWRAPPER_DEBUGPRINTF -#if defined DEBUGWRAPPER -# define LTWRAPPER_DEBUGPRINTF(args) ltwrapper_debugprintf args -static void -ltwrapper_debugprintf (const char *fmt, ...) -{ - va_list args; - va_start (args, fmt); - (void) vfprintf (stderr, fmt, args); - va_end (args); -} +#if defined(LT_DEBUGWRAPPER) +static int lt_debug = 1; #else -# define LTWRAPPER_DEBUGPRINTF(args) +static int lt_debug = 0; #endif -const char *program_name = NULL; +const char *program_name = "libtool-wrapper"; /* in case xstrdup fails */ void *xmalloc (size_t num); char *xstrdup (const char *string); @@ -3271,31 +3550,17 @@ char *chase_symlinks (const char *pathspec); int make_executable (const char *path); int check_executable (const char *path); char *strendzap (char *str, const char *pat); -void lt_fatal (const char *message, ...); +void lt_debugprintf (const char *file, int line, const char *fmt, ...); +void lt_fatal (const char *file, int line, const char *message, ...); +static const char *nonnull (const char *s); +static const char *nonempty (const char *s); void lt_setenv (const char *name, const char *value); char *lt_extend_str (const char *orig_value, const char *add, int to_end); -void lt_opt_process_env_set (const char *arg); -void lt_opt_process_env_prepend (const char *arg); -void lt_opt_process_env_append (const char *arg); -int lt_split_name_value (const char *arg, char** name, char** value); void lt_update_exe_path (const char *name, const char *value); void lt_update_lib_path (const char *name, const char *value); - -static const char *script_text_part1 = -EOF - - func_emit_wrapper_part1 yes | - $SED -e 's/\([\\"]\)/\\\1/g' \ - -e 's/^/ "/' -e 's/$/\\n"/' - echo ";" - cat <<EOF - -static const char *script_text_part2 = +char **prepare_spawn (char **argv); +void lt_dump_script (FILE *f); EOF - func_emit_wrapper_part2 yes | - $SED -e 's/\([\\"]\)/\\\1/g' \ - -e 's/^/ "/' -e 's/$/\\n"/' - echo ";" cat <<EOF const char * MAGIC_EXE = "$magic_exe"; @@ -3340,24 +3605,10 @@ EOF cat <<"EOF" #define LTWRAPPER_OPTION_PREFIX "--lt-" -#define LTWRAPPER_OPTION_PREFIX_LENGTH 5 -static const size_t opt_prefix_len = LTWRAPPER_OPTION_PREFIX_LENGTH; static const char *ltwrapper_option_prefix = LTWRAPPER_OPTION_PREFIX; - static const char *dumpscript_opt = LTWRAPPER_OPTION_PREFIX "dump-script"; - -static const size_t env_set_opt_len = LTWRAPPER_OPTION_PREFIX_LENGTH + 7; -static const char *env_set_opt = LTWRAPPER_OPTION_PREFIX "env-set"; - /* argument is putenv-style "foo=bar", value of foo is set to bar */ - -static const size_t env_prepend_opt_len = LTWRAPPER_OPTION_PREFIX_LENGTH + 11; -static const char *env_prepend_opt = LTWRAPPER_OPTION_PREFIX "env-prepend"; - /* argument is putenv-style "foo=bar", new value of foo is bar${foo} */ - -static const size_t env_append_opt_len = LTWRAPPER_OPTION_PREFIX_LENGTH + 10; -static const char *env_append_opt = LTWRAPPER_OPTION_PREFIX "env-append"; - /* argument is putenv-style "foo=bar", new value of foo is ${foo}bar */ +static const char *debug_opt = LTWRAPPER_OPTION_PREFIX "debug"; int main (int argc, char *argv[]) @@ -3374,10 +3625,13 @@ main (int argc, char *argv[]) int i; program_name = (char *) xstrdup (base_name (argv[0])); - LTWRAPPER_DEBUGPRINTF (("(main) argv[0] : %s\n", argv[0])); - LTWRAPPER_DEBUGPRINTF (("(main) program_name : %s\n", program_name)); + newargz = XMALLOC (char *, argc + 1); - /* very simple arg parsing; don't want to rely on getopt */ + /* very simple arg parsing; don't want to rely on getopt + * also, copy all non cwrapper options to newargz, except + * argz[0], which is handled differently + */ + newargc=0; for (i = 1; i < argc; i++) { if (strcmp (argv[i], dumpscript_opt) == 0) @@ -3391,25 +3645,57 @@ EOF esac cat <<"EOF" - printf ("%s", script_text_part1); - printf ("%s", script_text_part2); + lt_dump_script (stdout); return 0; } + if (strcmp (argv[i], debug_opt) == 0) + { + lt_debug = 1; + continue; + } + if (strcmp (argv[i], ltwrapper_option_prefix) == 0) + { + /* however, if there is an option in the LTWRAPPER_OPTION_PREFIX + namespace, but it is not one of the ones we know about and + have already dealt with, above (inluding dump-script), then + report an error. Otherwise, targets might begin to believe + they are allowed to use options in the LTWRAPPER_OPTION_PREFIX + namespace. The first time any user complains about this, we'll + need to make LTWRAPPER_OPTION_PREFIX a configure-time option + or a configure.ac-settable value. + */ + lt_fatal (__FILE__, __LINE__, + "unrecognized %s option: '%s'", + ltwrapper_option_prefix, argv[i]); + } + /* otherwise ... */ + newargz[++newargc] = xstrdup (argv[i]); } + newargz[++newargc] = NULL; + +EOF + cat <<EOF + /* The GNU banner must be the first non-error debug message */ + lt_debugprintf (__FILE__, __LINE__, "libtool wrapper (GNU $PACKAGE$TIMESTAMP) $VERSION\n"); +EOF + cat <<"EOF" + lt_debugprintf (__FILE__, __LINE__, "(main) argv[0]: %s\n", argv[0]); + lt_debugprintf (__FILE__, __LINE__, "(main) program_name: %s\n", program_name); - newargz = XMALLOC (char *, argc + 1); tmp_pathspec = find_executable (argv[0]); if (tmp_pathspec == NULL) - lt_fatal ("Couldn't find %s", argv[0]); - LTWRAPPER_DEBUGPRINTF (("(main) found exe (before symlink chase) at : %s\n", - tmp_pathspec)); + lt_fatal (__FILE__, __LINE__, "couldn't find %s", argv[0]); + lt_debugprintf (__FILE__, __LINE__, + "(main) found exe (before symlink chase) at: %s\n", + tmp_pathspec); actual_cwrapper_path = chase_symlinks (tmp_pathspec); - LTWRAPPER_DEBUGPRINTF (("(main) found exe (after symlink chase) at : %s\n", - actual_cwrapper_path)); + lt_debugprintf (__FILE__, __LINE__, + "(main) found exe (after symlink chase) at: %s\n", + actual_cwrapper_path); XFREE (tmp_pathspec); - actual_cwrapper_name = xstrdup( base_name (actual_cwrapper_path)); + actual_cwrapper_name = xstrdup (base_name (actual_cwrapper_path)); strendzap (actual_cwrapper_path, actual_cwrapper_name); /* wrapper name transforms */ @@ -3427,8 +3713,9 @@ EOF target_name = tmp_pathspec; tmp_pathspec = 0; - LTWRAPPER_DEBUGPRINTF (("(main) libtool target name: %s\n", - target_name)); + lt_debugprintf (__FILE__, __LINE__, + "(main) libtool target name: %s\n", + target_name); EOF cat <<EOF @@ -3481,77 +3768,12 @@ EOF lt_update_lib_path (LIB_PATH_VARNAME, LIB_PATH_VALUE); lt_update_exe_path (EXE_PATH_VARNAME, EXE_PATH_VALUE); - newargc=0; - for (i = 1; i < argc; i++) - { - if (strncmp (argv[i], env_set_opt, env_set_opt_len) == 0) - { - if (argv[i][env_set_opt_len] == '=') - { - const char *p = argv[i] + env_set_opt_len + 1; - lt_opt_process_env_set (p); - } - else if (argv[i][env_set_opt_len] == '\0' && i + 1 < argc) - { - lt_opt_process_env_set (argv[++i]); /* don't copy */ - } - else - lt_fatal ("%s missing required argument", env_set_opt); - continue; - } - if (strncmp (argv[i], env_prepend_opt, env_prepend_opt_len) == 0) - { - if (argv[i][env_prepend_opt_len] == '=') - { - const char *p = argv[i] + env_prepend_opt_len + 1; - lt_opt_process_env_prepend (p); - } - else if (argv[i][env_prepend_opt_len] == '\0' && i + 1 < argc) - { - lt_opt_process_env_prepend (argv[++i]); /* don't copy */ - } - else - lt_fatal ("%s missing required argument", env_prepend_opt); - continue; - } - if (strncmp (argv[i], env_append_opt, env_append_opt_len) == 0) - { - if (argv[i][env_append_opt_len] == '=') - { - const char *p = argv[i] + env_append_opt_len + 1; - lt_opt_process_env_append (p); - } - else if (argv[i][env_append_opt_len] == '\0' && i + 1 < argc) - { - lt_opt_process_env_append (argv[++i]); /* don't copy */ - } - else - lt_fatal ("%s missing required argument", env_append_opt); - continue; - } - if (strncmp (argv[i], ltwrapper_option_prefix, opt_prefix_len) == 0) - { - /* however, if there is an option in the LTWRAPPER_OPTION_PREFIX - namespace, but it is not one of the ones we know about and - have already dealt with, above (inluding dump-script), then - report an error. Otherwise, targets might begin to believe - they are allowed to use options in the LTWRAPPER_OPTION_PREFIX - namespace. The first time any user complains about this, we'll - need to make LTWRAPPER_OPTION_PREFIX a configure-time option - or a configure.ac-settable value. - */ - lt_fatal ("Unrecognized option in %s namespace: '%s'", - ltwrapper_option_prefix, argv[i]); - } - /* otherwise ... */ - newargz[++newargc] = xstrdup (argv[i]); - } - newargz[++newargc] = NULL; - - LTWRAPPER_DEBUGPRINTF (("(main) lt_argv_zero : %s\n", (lt_argv_zero ? lt_argv_zero : "<NULL>"))); + lt_debugprintf (__FILE__, __LINE__, "(main) lt_argv_zero: %s\n", + nonnull (lt_argv_zero)); for (i = 0; i < newargc; i++) { - LTWRAPPER_DEBUGPRINTF (("(main) newargz[%d] : %s\n", i, (newargz[i] ? newargz[i] : "<NULL>"))); + lt_debugprintf (__FILE__, __LINE__, "(main) newargz[%d]: %s\n", + i, nonnull (newargz[i])); } EOF @@ -3560,11 +3782,14 @@ EOF mingw*) cat <<"EOF" /* execv doesn't actually work on mingw as expected on unix */ + newargz = prepare_spawn (newargz); rval = _spawnv (_P_WAIT, lt_argv_zero, (const char * const *) newargz); if (rval == -1) { /* failed to start process */ - LTWRAPPER_DEBUGPRINTF (("(main) failed to launch target \"%s\": errno = %d\n", lt_argv_zero, errno)); + lt_debugprintf (__FILE__, __LINE__, + "(main) failed to launch target \"%s\": %s\n", + lt_argv_zero, nonnull (strerror (errno))); return 127; } return rval; @@ -3586,7 +3811,7 @@ xmalloc (size_t num) { void *p = (void *) malloc (num); if (!p) - lt_fatal ("Memory exhausted"); + lt_fatal (__FILE__, __LINE__, "memory exhausted"); return p; } @@ -3620,8 +3845,8 @@ check_executable (const char *path) { struct stat st; - LTWRAPPER_DEBUGPRINTF (("(check_executable) : %s\n", - path ? (*path ? path : "EMPTY!") : "NULL!")); + lt_debugprintf (__FILE__, __LINE__, "(check_executable): %s\n", + nonempty (path)); if ((!path) || (!*path)) return 0; @@ -3638,8 +3863,8 @@ make_executable (const char *path) int rval = 0; struct stat st; - LTWRAPPER_DEBUGPRINTF (("(make_executable) : %s\n", - path ? (*path ? path : "EMPTY!") : "NULL!")); + lt_debugprintf (__FILE__, __LINE__, "(make_executable): %s\n", + nonempty (path)); if ((!path) || (!*path)) return 0; @@ -3665,8 +3890,8 @@ find_executable (const char *wrapper) int tmp_len; char *concat_name; - LTWRAPPER_DEBUGPRINTF (("(find_executable) : %s\n", - wrapper ? (*wrapper ? wrapper : "EMPTY!") : "NULL!")); + lt_debugprintf (__FILE__, __LINE__, "(find_executable): %s\n", + nonempty (wrapper)); if ((wrapper == NULL) || (*wrapper == '\0')) return NULL; @@ -3719,7 +3944,8 @@ find_executable (const char *wrapper) { /* empty path: current directory */ if (getcwd (tmp, LT_PATHMAX) == NULL) - lt_fatal ("getcwd failed"); + lt_fatal (__FILE__, __LINE__, "getcwd failed: %s", + nonnull (strerror (errno))); tmp_len = strlen (tmp); concat_name = XMALLOC (char, tmp_len + 1 + strlen (wrapper) + 1); @@ -3744,7 +3970,8 @@ find_executable (const char *wrapper) } /* Relative path | not found in path: prepend cwd */ if (getcwd (tmp, LT_PATHMAX) == NULL) - lt_fatal ("getcwd failed"); + lt_fatal (__FILE__, __LINE__, "getcwd failed: %s", + nonnull (strerror (errno))); tmp_len = strlen (tmp); concat_name = XMALLOC (char, tmp_len + 1 + strlen (wrapper) + 1); memcpy (concat_name, tmp, tmp_len); @@ -3770,8 +3997,9 @@ chase_symlinks (const char *pathspec) int has_symlinks = 0; while (strlen (tmp_pathspec) && !has_symlinks) { - LTWRAPPER_DEBUGPRINTF (("checking path component for symlinks: %s\n", - tmp_pathspec)); + lt_debugprintf (__FILE__, __LINE__, + "checking path component for symlinks: %s\n", + tmp_pathspec); if (lstat (tmp_pathspec, &s) == 0) { if (S_ISLNK (s.st_mode) != 0) @@ -3793,8 +4021,9 @@ chase_symlinks (const char *pathspec) } else { - char *errstr = strerror (errno); - lt_fatal ("Error accessing file %s (%s)", tmp_pathspec, errstr); + lt_fatal (__FILE__, __LINE__, + "error accessing file \"%s\": %s", + tmp_pathspec, nonnull (strerror (errno))); } } XFREE (tmp_pathspec); @@ -3807,7 +4036,8 @@ chase_symlinks (const char *pathspec) tmp_pathspec = realpath (pathspec, buf); if (tmp_pathspec == 0) { - lt_fatal ("Could not follow symlinks for %s", pathspec); + lt_fatal (__FILE__, __LINE__, + "could not follow symlinks for %s", pathspec); } return xstrdup (tmp_pathspec); #endif @@ -3833,11 +4063,25 @@ strendzap (char *str, const char *pat) return str; } +void +lt_debugprintf (const char *file, int line, const char *fmt, ...) +{ + va_list args; + if (lt_debug) + { + (void) fprintf (stderr, "%s:%s:%d: ", program_name, file, line); + va_start (args, fmt); + (void) vfprintf (stderr, fmt, args); + va_end (args); + } +} + static void -lt_error_core (int exit_status, const char *mode, +lt_error_core (int exit_status, const char *file, + int line, const char *mode, const char *message, va_list ap) { - fprintf (stderr, "%s: %s: ", program_name, mode); + fprintf (stderr, "%s:%s:%d: %s: ", program_name, file, line, mode); vfprintf (stderr, message, ap); fprintf (stderr, ".\n"); @@ -3846,20 +4090,32 @@ lt_error_core (int exit_status, const char *mode, } void -lt_fatal (const char *message, ...) +lt_fatal (const char *file, int line, const char *message, ...) { va_list ap; va_start (ap, message); - lt_error_core (EXIT_FAILURE, "FATAL", message, ap); + lt_error_core (EXIT_FAILURE, file, line, "FATAL", message, ap); va_end (ap); } +static const char * +nonnull (const char *s) +{ + return s ? s : "(null)"; +} + +static const char * +nonempty (const char *s) +{ + return (s && !*s) ? "(empty)" : nonnull (s); +} + void lt_setenv (const char *name, const char *value) { - LTWRAPPER_DEBUGPRINTF (("(lt_setenv) setting '%s' to '%s'\n", - (name ? name : "<NULL>"), - (value ? value : "<NULL>"))); + lt_debugprintf (__FILE__, __LINE__, + "(lt_setenv) setting '%s' to '%s'\n", + nonnull (name), nonnull (value)); { #ifdef HAVE_SETENV /* always make a copy, for consistency with !HAVE_SETENV */ @@ -3904,95 +4160,12 @@ lt_extend_str (const char *orig_value, const char *add, int to_end) return new_value; } -int -lt_split_name_value (const char *arg, char** name, char** value) -{ - const char *p; - int len; - if (!arg || !*arg) - return 1; - - p = strchr (arg, (int)'='); - - if (!p) - return 1; - - *value = xstrdup (++p); - - len = strlen (arg) - strlen (*value); - *name = XMALLOC (char, len); - strncpy (*name, arg, len-1); - (*name)[len - 1] = '\0'; - - return 0; -} - -void -lt_opt_process_env_set (const char *arg) -{ - char *name = NULL; - char *value = NULL; - - if (lt_split_name_value (arg, &name, &value) != 0) - { - XFREE (name); - XFREE (value); - lt_fatal ("bad argument for %s: '%s'", env_set_opt, arg); - } - - lt_setenv (name, value); - XFREE (name); - XFREE (value); -} - -void -lt_opt_process_env_prepend (const char *arg) -{ - char *name = NULL; - char *value = NULL; - char *new_value = NULL; - - if (lt_split_name_value (arg, &name, &value) != 0) - { - XFREE (name); - XFREE (value); - lt_fatal ("bad argument for %s: '%s'", env_prepend_opt, arg); - } - - new_value = lt_extend_str (getenv (name), value, 0); - lt_setenv (name, new_value); - XFREE (new_value); - XFREE (name); - XFREE (value); -} - -void -lt_opt_process_env_append (const char *arg) -{ - char *name = NULL; - char *value = NULL; - char *new_value = NULL; - - if (lt_split_name_value (arg, &name, &value) != 0) - { - XFREE (name); - XFREE (value); - lt_fatal ("bad argument for %s: '%s'", env_append_opt, arg); - } - - new_value = lt_extend_str (getenv (name), value, 1); - lt_setenv (name, new_value); - XFREE (new_value); - XFREE (name); - XFREE (value); -} - void lt_update_exe_path (const char *name, const char *value) { - LTWRAPPER_DEBUGPRINTF (("(lt_update_exe_path) modifying '%s' by prepending '%s'\n", - (name ? name : "<NULL>"), - (value ? value : "<NULL>"))); + lt_debugprintf (__FILE__, __LINE__, + "(lt_update_exe_path) modifying '%s' by prepending '%s'\n", + nonnull (name), nonnull (value)); if (name && *name && value && *value) { @@ -4011,9 +4184,9 @@ lt_update_exe_path (const char *name, const char *value) void lt_update_lib_path (const char *name, const char *value) { - LTWRAPPER_DEBUGPRINTF (("(lt_update_lib_path) modifying '%s' by prepending '%s'\n", - (name ? name : "<NULL>"), - (value ? value : "<NULL>"))); + lt_debugprintf (__FILE__, __LINE__, + "(lt_update_lib_path) modifying '%s' by prepending '%s'\n", + nonnull (name), nonnull (value)); if (name && *name && value && *value) { @@ -4023,11 +4196,152 @@ lt_update_lib_path (const char *name, const char *value) } } +EOF + case $host_os in + mingw*) + cat <<"EOF" + +/* Prepares an argument vector before calling spawn(). + Note that spawn() does not by itself call the command interpreter + (getenv ("COMSPEC") != NULL ? getenv ("COMSPEC") : + ({ OSVERSIONINFO v; v.dwOSVersionInfoSize = sizeof(OSVERSIONINFO); + GetVersionEx(&v); + v.dwPlatformId == VER_PLATFORM_WIN32_NT; + }) ? "cmd.exe" : "command.com"). + Instead it simply concatenates the arguments, separated by ' ', and calls + CreateProcess(). We must quote the arguments since Win32 CreateProcess() + interprets characters like ' ', '\t', '\\', '"' (but not '<' and '>') in a + special way: + - Space and tab are interpreted as delimiters. They are not treated as + delimiters if they are surrounded by double quotes: "...". + - Unescaped double quotes are removed from the input. Their only effect is + that within double quotes, space and tab are treated like normal + characters. + - Backslashes not followed by double quotes are not special. + - But 2*n+1 backslashes followed by a double quote become + n backslashes followed by a double quote (n >= 0): + \" -> " + \\\" -> \" + \\\\\" -> \\" + */ +#define SHELL_SPECIAL_CHARS "\"\\ \001\002\003\004\005\006\007\010\011\012\013\014\015\016\017\020\021\022\023\024\025\026\027\030\031\032\033\034\035\036\037" +#define SHELL_SPACE_CHARS " \001\002\003\004\005\006\007\010\011\012\013\014\015\016\017\020\021\022\023\024\025\026\027\030\031\032\033\034\035\036\037" +char ** +prepare_spawn (char **argv) +{ + size_t argc; + char **new_argv; + size_t i; + + /* Count number of arguments. */ + for (argc = 0; argv[argc] != NULL; argc++) + ; + + /* Allocate new argument vector. */ + new_argv = XMALLOC (char *, argc + 1); + + /* Put quoted arguments into the new argument vector. */ + for (i = 0; i < argc; i++) + { + const char *string = argv[i]; + + if (string[0] == '\0') + new_argv[i] = xstrdup ("\"\""); + else if (strpbrk (string, SHELL_SPECIAL_CHARS) != NULL) + { + int quote_around = (strpbrk (string, SHELL_SPACE_CHARS) != NULL); + size_t length; + unsigned int backslashes; + const char *s; + char *quoted_string; + char *p; + + length = 0; + backslashes = 0; + if (quote_around) + length++; + for (s = string; *s != '\0'; s++) + { + char c = *s; + if (c == '"') + length += backslashes + 1; + length++; + if (c == '\\') + backslashes++; + else + backslashes = 0; + } + if (quote_around) + length += backslashes + 1; + + quoted_string = XMALLOC (char, length + 1); + + p = quoted_string; + backslashes = 0; + if (quote_around) + *p++ = '"'; + for (s = string; *s != '\0'; s++) + { + char c = *s; + if (c == '"') + { + unsigned int j; + for (j = backslashes + 1; j > 0; j--) + *p++ = '\\'; + } + *p++ = c; + if (c == '\\') + backslashes++; + else + backslashes = 0; + } + if (quote_around) + { + unsigned int j; + for (j = backslashes; j > 0; j--) + *p++ = '\\'; + *p++ = '"'; + } + *p = '\0'; + + new_argv[i] = quoted_string; + } + else + new_argv[i] = (char *) string; + } + new_argv[argc] = NULL; + + return new_argv; +} +EOF + ;; + esac + + cat <<"EOF" +void lt_dump_script (FILE* f) +{ +EOF + func_emit_wrapper yes | + $SED -e 's/\([\\"]\)/\\\1/g' \ + -e 's/^/ fputs ("/' -e 's/$/\\n", f);/' + cat <<"EOF" +} EOF } # end: func_emit_cwrapperexe_src +# func_win32_import_lib_p ARG +# True if ARG is an import lib, as indicated by $file_magic_cmd +func_win32_import_lib_p () +{ + $opt_debug + case `eval $file_magic_cmd \"\$1\" 2>/dev/null | $SED -e 10q` in + *import*) : ;; + *) false ;; + esac +} + # func_mode_link arg... func_mode_link () { @@ -4072,6 +4386,7 @@ func_mode_link () new_inherited_linker_flags= avoid_version=no + bindir= dlfiles= dlprefiles= dlself=no @@ -4164,6 +4479,11 @@ func_mode_link () esac case $prev in + bindir) + bindir="$arg" + prev= + continue + ;; dlfiles|dlprefiles) if test "$preload" = no; then # Add the symbol object into the linking commands. @@ -4425,6 +4745,11 @@ func_mode_link () continue ;; + -bindir) + prev=bindir + continue + ;; + -dlopen) prev=dlfiles continue @@ -4503,7 +4828,7 @@ func_mode_link () esac case $host in *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-cegcc*) - testbindir=`$ECHO "X$dir" | $Xsed -e 's*/lib$*/bin*'` + testbindir=`$ECHO "$dir" | $SED 's*/lib$*/bin*'` case :$dllsearchpath: in *":$dir:"*) ;; ::) dllsearchpath=$dir;; @@ -4522,7 +4847,7 @@ func_mode_link () -l*) if test "X$arg" = "X-lc" || test "X$arg" = "X-lm"; then case $host in - *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-beos* | *-cegcc*) + *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-beos* | *-cegcc* | *-*-haiku*) # These systems don't actually have a C or math library (as such) continue ;; @@ -4708,7 +5033,7 @@ func_mode_link () for flag in $args; do IFS="$save_ifs" func_quote_for_eval "$flag" - arg="$arg $wl$func_quote_for_eval_result" + arg="$arg $func_quote_for_eval_result" compiler_flags="$compiler_flags $func_quote_for_eval_result" done IFS="$save_ifs" @@ -4754,18 +5079,19 @@ func_mode_link () arg="$func_quote_for_eval_result" ;; - # -64, -mips[0-9] enable 64-bit mode on the SGI compiler - # -r[0-9][0-9]* specifies the processor on the SGI compiler - # -xarch=*, -xtarget=* enable 64-bit mode on the Sun compiler - # +DA*, +DD* enable 64-bit mode on the HP compiler - # -q* pass through compiler args for the IBM compiler - # -m*, -t[45]*, -txscale* pass through architecture-specific - # compiler args for GCC - # -F/path gives path to uninstalled frameworks, gcc on darwin - # -p, -pg, --coverage, -fprofile-* pass through profiling flag for GCC - # @file GCC response files + # Flags to be passed through unchanged, with rationale: + # -64, -mips[0-9] enable 64-bit mode for the SGI compiler + # -r[0-9][0-9]* specify processor for the SGI compiler + # -xarch=*, -xtarget=* enable 64-bit mode for the Sun compiler + # +DA*, +DD* enable 64-bit mode for the HP compiler + # -q* compiler args for the IBM compiler + # -m*, -t[45]*, -txscale* architecture-specific flags for GCC + # -F/path path to uninstalled frameworks, gcc on darwin + # -p, -pg, --coverage, -fprofile-* profiling flags for GCC + # @file GCC response files + # -tp=* Portland pgcc target processor selection -64|-mips[0-9]|-r[0-9][0-9]*|-xarch=*|-xtarget=*|+DA*|+DD*|-q*|-m*| \ - -t[45]*|-txscale*|-p|-pg|--coverage|-fprofile-*|-F*|@*) + -t[45]*|-txscale*|-p|-pg|--coverage|-fprofile-*|-F*|@*|-tp=*) func_quote_for_eval "$arg" arg="$func_quote_for_eval_result" func_append compile_command " $arg" @@ -4925,7 +5251,7 @@ func_mode_link () if test -n "$shlibpath_var"; then # get the directories listed in $shlibpath_var - eval shlib_search_path=\`\$ECHO \"X\${$shlibpath_var}\" \| \$Xsed -e \'s/:/ /g\'\` + eval shlib_search_path=\`\$ECHO \"\${$shlibpath_var}\" \| \$SED \'s/:/ /g\'\` else shlib_search_path= fi @@ -5033,10 +5359,7 @@ func_mode_link () case $pass in dlopen) libs="$dlfiles" ;; dlpreopen) libs="$dlprefiles" ;; - link) - libs="$deplibs %DEPLIBS%" - test "X$link_all_deplibs" != Xno && libs="$libs $dependency_libs" - ;; + link) libs="$deplibs %DEPLIBS% $dependency_libs" ;; esac fi if test "$linkmode,$pass" = "lib,dlpreopen"; then @@ -5051,7 +5374,8 @@ func_mode_link () # Collect preopened libtool deplibs, except any this library # has declared as weak libs for deplib in $dependency_libs; do - deplib_base=`$ECHO "X$deplib" | $Xsed -e "$basename"` + func_basename "$deplib" + deplib_base=$func_basename_result case " $weak_libs " in *" $deplib_base "*) ;; *) deplibs="$deplibs $deplib" ;; @@ -5230,7 +5554,7 @@ func_mode_link () match_pattern*) set dummy $deplibs_check_method; shift match_pattern_regex=`expr "$deplibs_check_method" : "$1 \(.*\)"` - if eval "\$ECHO \"X$deplib\"" 2>/dev/null | $Xsed -e 10q \ + if eval "\$ECHO \"$deplib\"" 2>/dev/null | $SED 10q \ | $EGREP "$match_pattern_regex" > /dev/null; then valid_a_lib=yes fi @@ -5240,15 +5564,15 @@ func_mode_link () ;; esac if test "$valid_a_lib" != yes; then - $ECHO + echo $ECHO "*** Warning: Trying to link with static lib archive $deplib." - $ECHO "*** I have the capability to make that library automatically link in when" - $ECHO "*** you link to this library. But I can only do this if you have a" - $ECHO "*** shared version of the library, which you do not appear to have" - $ECHO "*** because the file extensions .$libext of this argument makes me believe" - $ECHO "*** that it is just a static archive that I should not use here." + echo "*** I have the capability to make that library automatically link in when" + echo "*** you link to this library. But I can only do this if you have a" + echo "*** shared version of the library, which you do not appear to have" + echo "*** because the file extensions .$libext of this argument makes me believe" + echo "*** that it is just a static archive that I should not use here." else - $ECHO + echo $ECHO "*** Warning: Linking the shared library $output against the" $ECHO "*** static library $deplib is not portable!" deplibs="$deplib $deplibs" @@ -5321,7 +5645,7 @@ func_mode_link () # Convert "-framework foo" to "foo.ltframework" if test -n "$inherited_linker_flags"; then - tmp_inherited_linker_flags=`$ECHO "X$inherited_linker_flags" | $Xsed -e 's/-framework \([^ $]*\)/\1.ltframework/g'` + tmp_inherited_linker_flags=`$ECHO "$inherited_linker_flags" | $SED 's/-framework \([^ $]*\)/\1.ltframework/g'` for tmp_inherited_linker_flag in $tmp_inherited_linker_flags; do case " $new_inherited_linker_flags " in *" $tmp_inherited_linker_flag "*) ;; @@ -5329,7 +5653,7 @@ func_mode_link () esac done fi - dependency_libs=`$ECHO "X $dependency_libs" | $Xsed -e 's% \([^ $]*\).ltframework% -framework \1%g'` + dependency_libs=`$ECHO " $dependency_libs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` if test "$linkmode,$pass" = "lib,link" || test "$linkmode,$pass" = "prog,scan" || { test "$linkmode" != prog && test "$linkmode" != lib; }; then @@ -5347,19 +5671,19 @@ func_mode_link () # It is a libtool convenience library, so add in its objects. convenience="$convenience $ladir/$objdir/$old_library" old_convenience="$old_convenience $ladir/$objdir/$old_library" - tmp_libs= - for deplib in $dependency_libs; do - deplibs="$deplib $deplibs" - if $opt_duplicate_deps ; then - case "$tmp_libs " in - *" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;; - esac - fi - tmp_libs="$tmp_libs $deplib" - done elif test "$linkmode" != prog && test "$linkmode" != lib; then func_fatal_error "\`$lib' is not a convenience library" fi + tmp_libs= + for deplib in $dependency_libs; do + deplibs="$deplib $deplibs" + if $opt_duplicate_deps ; then + case "$tmp_libs " in + *" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;; + esac + fi + tmp_libs="$tmp_libs $deplib" + done continue fi # $pass = conv @@ -5583,7 +5907,7 @@ func_mode_link () fi done if test -z "$dlopenmodule" && test "$shouldnotlink" = yes && test "$pass" = link; then - $ECHO + echo if test "$linkmode" = prog; then $ECHO "*** Warning: Linking the executable $output against the loadable module" else @@ -5686,9 +6010,9 @@ func_mode_link () if test "X$dlopenmodule" != "X$lib"; then $ECHO "*** Warning: lib $linklib is a module, not a shared library" if test -z "$old_library" ; then - $ECHO - $ECHO "*** And there doesn't seem to be a static archive available" - $ECHO "*** The link will probably fail, sorry" + echo + echo "*** And there doesn't seem to be a static archive available" + echo "*** The link will probably fail, sorry" else add="$dir/$old_library" fi @@ -5828,21 +6152,21 @@ func_mode_link () # Just print a warning and add the library to dependency_libs so # that the program can be linked against the static library. - $ECHO + echo $ECHO "*** Warning: This system can not link to static lib archive $lib." - $ECHO "*** I have the capability to make that library automatically link in when" - $ECHO "*** you link to this library. But I can only do this if you have a" - $ECHO "*** shared version of the library, which you do not appear to have." + echo "*** I have the capability to make that library automatically link in when" + echo "*** you link to this library. But I can only do this if you have a" + echo "*** shared version of the library, which you do not appear to have." if test "$module" = yes; then - $ECHO "*** But as you try to build a module library, libtool will still create " - $ECHO "*** a static module, that should work as long as the dlopening application" - $ECHO "*** is linked with the -dlopen flag to resolve symbols at runtime." + echo "*** But as you try to build a module library, libtool will still create " + echo "*** a static module, that should work as long as the dlopening application" + echo "*** is linked with the -dlopen flag to resolve symbols at runtime." if test -z "$global_symbol_pipe"; then - $ECHO - $ECHO "*** However, this would only work if libtool was able to extract symbol" - $ECHO "*** lists from a program, using \`nm' or equivalent, but libtool could" - $ECHO "*** not find such a program. So, this module is probably useless." - $ECHO "*** \`nm' from GNU binutils and a full rebuild may help." + echo + echo "*** However, this would only work if libtool was able to extract symbol" + echo "*** lists from a program, using \`nm' or equivalent, but libtool could" + echo "*** not find such a program. So, this module is probably useless." + echo "*** \`nm' from GNU binutils and a full rebuild may help." fi if test "$build_old_libs" = no; then build_libtool_libs=module @@ -5962,7 +6286,7 @@ func_mode_link () compile_deplibs="$new_inherited_linker_flags $compile_deplibs" finalize_deplibs="$new_inherited_linker_flags $finalize_deplibs" else - compiler_flags="$compiler_flags "`$ECHO "X $new_inherited_linker_flags" | $Xsed -e 's% \([^ $]*\).ltframework% -framework \1%g'` + compiler_flags="$compiler_flags "`$ECHO " $new_inherited_linker_flags" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` fi fi dependency_libs="$newdependency_libs" @@ -6130,7 +6454,7 @@ func_mode_link () if test "$deplibs_check_method" != pass_all; then func_fatal_error "cannot build libtool library \`$output' from non-libtool objects on this host:$objs" else - $ECHO + echo $ECHO "*** Warning: Linking the shared library $output against the non-libtool" $ECHO "*** objects $objs is not portable!" libobjs="$libobjs $objs" @@ -6198,7 +6522,7 @@ func_mode_link () age="$number_minor" revision="$number_revision" ;; - freebsd-aout|freebsd-elf|sunos) + freebsd-aout|freebsd-elf|qnx|sunos) current="$number_major" revision="$number_minor" age="0" @@ -6210,9 +6534,6 @@ func_mode_link () revision="$number_minor" lt_irix_increment=no ;; - *) - func_fatal_configuration "$modename: unknown library version type \`$version_type'" - ;; esac ;; no) @@ -6435,14 +6756,14 @@ func_mode_link () oldlibs="$oldlibs $output_objdir/$libname.$libext" # Transform .lo files to .o files. - oldobjs="$objs "`$ECHO "X$libobjs" | $SP2NL | $Xsed -e '/\.'${libext}'$/d' -e "$lo2o" | $NL2SP` + oldobjs="$objs "`$ECHO "$libobjs" | $SP2NL | $SED "/\.${libext}$/d; $lo2o" | $NL2SP` fi # Eliminate all temporary directories. #for path in $notinst_path; do - # lib_search_path=`$ECHO "X$lib_search_path " | $Xsed -e "s% $path % %g"` - # deplibs=`$ECHO "X$deplibs " | $Xsed -e "s% -L$path % %g"` - # dependency_libs=`$ECHO "X$dependency_libs " | $Xsed -e "s% -L$path % %g"` + # lib_search_path=`$ECHO "$lib_search_path " | $SED "s% $path % %g"` + # deplibs=`$ECHO "$deplibs " | $SED "s% -L$path % %g"` + # dependency_libs=`$ECHO "$dependency_libs " | $SED "s% -L$path % %g"` #done if test -n "$xrpath"; then @@ -6483,7 +6804,7 @@ func_mode_link () if test "$build_libtool_libs" = yes; then if test -n "$rpath"; then case $host in - *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-*-beos* | *-cegcc*) + *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-*-beos* | *-cegcc* | *-*-haiku*) # these systems don't actually have a c library (as such)! ;; *-*-rhapsody* | *-*-darwin1.[012]) @@ -6568,13 +6889,13 @@ EOF newdeplibs="$newdeplibs $i" else droppeddeps=yes - $ECHO + echo $ECHO "*** Warning: dynamic linker does not accept needed library $i." - $ECHO "*** I have the capability to make that library automatically link in when" - $ECHO "*** you link to this library. But I can only do this if you have a" - $ECHO "*** shared version of the library, which I believe you do not have" - $ECHO "*** because a test_compile did reveal that the linker did not use it for" - $ECHO "*** its dynamic dependency list that programs get resolved with at runtime." + echo "*** I have the capability to make that library automatically link in when" + echo "*** you link to this library. But I can only do this if you have a" + echo "*** shared version of the library, which I believe you do not have" + echo "*** because a test_compile did reveal that the linker did not use it for" + echo "*** its dynamic dependency list that programs get resolved with at runtime." fi fi ;; @@ -6611,22 +6932,22 @@ EOF newdeplibs="$newdeplibs $i" else droppeddeps=yes - $ECHO + echo $ECHO "*** Warning: dynamic linker does not accept needed library $i." - $ECHO "*** I have the capability to make that library automatically link in when" - $ECHO "*** you link to this library. But I can only do this if you have a" - $ECHO "*** shared version of the library, which you do not appear to have" - $ECHO "*** because a test_compile did reveal that the linker did not use this one" - $ECHO "*** as a dynamic dependency that programs can get resolved with at runtime." + echo "*** I have the capability to make that library automatically link in when" + echo "*** you link to this library. But I can only do this if you have a" + echo "*** shared version of the library, which you do not appear to have" + echo "*** because a test_compile did reveal that the linker did not use this one" + echo "*** as a dynamic dependency that programs can get resolved with at runtime." fi fi else droppeddeps=yes - $ECHO + echo $ECHO "*** Warning! Library $i is needed by this library but I was not able to" - $ECHO "*** make it link in! You will probably need to install it or some" - $ECHO "*** library that it depends on before this library will be fully" - $ECHO "*** functional. Installing it before continuing would be even better." + echo "*** make it link in! You will probably need to install it or some" + echo "*** library that it depends on before this library will be fully" + echo "*** functional. Installing it before continuing would be even better." fi ;; *) @@ -6672,7 +6993,7 @@ EOF potliblink=`ls -ld $potlib | ${SED} 's/.* -> //'` case $potliblink in [\\/]* | [A-Za-z]:[\\/]*) potlib="$potliblink";; - *) potlib=`$ECHO "X$potlib" | $Xsed -e 's,[^/]*$,,'`"$potliblink";; + *) potlib=`$ECHO "$potlib" | $SED 's,[^/]*$,,'`"$potliblink";; esac done if eval $file_magic_cmd \"\$potlib\" 2>/dev/null | @@ -6687,12 +7008,12 @@ EOF fi if test -n "$a_deplib" ; then droppeddeps=yes - $ECHO + echo $ECHO "*** Warning: linker path does not have real file for library $a_deplib." - $ECHO "*** I have the capability to make that library automatically link in when" - $ECHO "*** you link to this library. But I can only do this if you have a" - $ECHO "*** shared version of the library, which you do not appear to have" - $ECHO "*** because I did check the linker path looking for a file starting" + echo "*** I have the capability to make that library automatically link in when" + echo "*** you link to this library. But I can only do this if you have a" + echo "*** shared version of the library, which you do not appear to have" + echo "*** because I did check the linker path looking for a file starting" if test -z "$potlib" ; then $ECHO "*** with $libname but no candidates were found. (...for file magic test)" else @@ -6730,7 +7051,7 @@ EOF potential_libs=`ls $i/$libname[.-]* 2>/dev/null` for potent_lib in $potential_libs; do potlib="$potent_lib" # see symlink-check above in file_magic test - if eval "\$ECHO \"X$potent_lib\"" 2>/dev/null | $Xsed -e 10q | \ + if eval "\$ECHO \"$potent_lib\"" 2>/dev/null | $SED 10q | \ $EGREP "$match_pattern_regex" > /dev/null; then newdeplibs="$newdeplibs $a_deplib" a_deplib="" @@ -6741,12 +7062,12 @@ EOF fi if test -n "$a_deplib" ; then droppeddeps=yes - $ECHO + echo $ECHO "*** Warning: linker path does not have real file for library $a_deplib." - $ECHO "*** I have the capability to make that library automatically link in when" - $ECHO "*** you link to this library. But I can only do this if you have a" - $ECHO "*** shared version of the library, which you do not appear to have" - $ECHO "*** because I did check the linker path looking for a file starting" + echo "*** I have the capability to make that library automatically link in when" + echo "*** you link to this library. But I can only do this if you have a" + echo "*** shared version of the library, which you do not appear to have" + echo "*** because I did check the linker path looking for a file starting" if test -z "$potlib" ; then $ECHO "*** with $libname but no candidates were found. (...for regex pattern test)" else @@ -6764,25 +7085,25 @@ EOF ;; none | unknown | *) newdeplibs="" - tmp_deplibs=`$ECHO "X $deplibs" | $Xsed \ - -e 's/ -lc$//' -e 's/ -[LR][^ ]*//g'` + tmp_deplibs=`$ECHO " $deplibs" | $SED 's/ -lc$//; s/ -[LR][^ ]*//g'` if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then for i in $predeps $postdeps ; do # can't use Xsed below, because $i might contain '/' - tmp_deplibs=`$ECHO "X $tmp_deplibs" | $Xsed -e "s,$i,,"` + tmp_deplibs=`$ECHO " $tmp_deplibs" | $SED "s,$i,,"` done fi - if $ECHO "X $tmp_deplibs" | $Xsed -e 's/[ ]//g' | - $GREP . >/dev/null; then - $ECHO + case $tmp_deplibs in + *[!\ \ ]*) + echo if test "X$deplibs_check_method" = "Xnone"; then - $ECHO "*** Warning: inter-library dependencies are not supported in this platform." + echo "*** Warning: inter-library dependencies are not supported in this platform." else - $ECHO "*** Warning: inter-library dependencies are not known to be supported." + echo "*** Warning: inter-library dependencies are not known to be supported." fi - $ECHO "*** All declared inter-library dependencies are being dropped." + echo "*** All declared inter-library dependencies are being dropped." droppeddeps=yes - fi + ;; + esac ;; esac versuffix=$versuffix_save @@ -6794,23 +7115,23 @@ EOF case $host in *-*-rhapsody* | *-*-darwin1.[012]) # On Rhapsody replace the C library with the System framework - newdeplibs=`$ECHO "X $newdeplibs" | $Xsed -e 's/ -lc / System.ltframework /'` + newdeplibs=`$ECHO " $newdeplibs" | $SED 's/ -lc / System.ltframework /'` ;; esac if test "$droppeddeps" = yes; then if test "$module" = yes; then - $ECHO - $ECHO "*** Warning: libtool could not satisfy all declared inter-library" + echo + echo "*** Warning: libtool could not satisfy all declared inter-library" $ECHO "*** dependencies of module $libname. Therefore, libtool will create" - $ECHO "*** a static module, that should work as long as the dlopening" - $ECHO "*** application is linked with the -dlopen flag." + echo "*** a static module, that should work as long as the dlopening" + echo "*** application is linked with the -dlopen flag." if test -z "$global_symbol_pipe"; then - $ECHO - $ECHO "*** However, this would only work if libtool was able to extract symbol" - $ECHO "*** lists from a program, using \`nm' or equivalent, but libtool could" - $ECHO "*** not find such a program. So, this module is probably useless." - $ECHO "*** \`nm' from GNU binutils and a full rebuild may help." + echo + echo "*** However, this would only work if libtool was able to extract symbol" + echo "*** lists from a program, using \`nm' or equivalent, but libtool could" + echo "*** not find such a program. So, this module is probably useless." + echo "*** \`nm' from GNU binutils and a full rebuild may help." fi if test "$build_old_libs" = no; then oldlibs="$output_objdir/$libname.$libext" @@ -6820,16 +7141,16 @@ EOF build_libtool_libs=no fi else - $ECHO "*** The inter-library dependencies that have been dropped here will be" - $ECHO "*** automatically added whenever a program is linked with this library" - $ECHO "*** or is declared to -dlopen it." + echo "*** The inter-library dependencies that have been dropped here will be" + echo "*** automatically added whenever a program is linked with this library" + echo "*** or is declared to -dlopen it." if test "$allow_undefined" = no; then - $ECHO - $ECHO "*** Since this library must not contain undefined symbols," - $ECHO "*** because either the platform does not support them or" - $ECHO "*** it was explicitly requested with -no-undefined," - $ECHO "*** libtool will only create a static version of it." + echo + echo "*** Since this library must not contain undefined symbols," + echo "*** because either the platform does not support them or" + echo "*** it was explicitly requested with -no-undefined," + echo "*** libtool will only create a static version of it." if test "$build_old_libs" = no; then oldlibs="$output_objdir/$libname.$libext" build_libtool_libs=module @@ -6846,9 +7167,9 @@ EOF # Time to change all our "foo.ltframework" stuff back to "-framework foo" case $host in *-*-darwin*) - newdeplibs=`$ECHO "X $newdeplibs" | $Xsed -e 's% \([^ $]*\).ltframework% -framework \1%g'` - new_inherited_linker_flags=`$ECHO "X $new_inherited_linker_flags" | $Xsed -e 's% \([^ $]*\).ltframework% -framework \1%g'` - deplibs=`$ECHO "X $deplibs" | $Xsed -e 's% \([^ $]*\).ltframework% -framework \1%g'` + newdeplibs=`$ECHO " $newdeplibs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` + new_inherited_linker_flags=`$ECHO " $new_inherited_linker_flags" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` + deplibs=`$ECHO " $deplibs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` ;; esac @@ -6970,7 +7291,7 @@ EOF done # Use standard objects if they are pic - test -z "$pic_flag" && libobjs=`$ECHO "X$libobjs" | $SP2NL | $Xsed -e "$lo2o" | $NL2SP` + test -z "$pic_flag" && libobjs=`$ECHO "$libobjs" | $SP2NL | $SED "$lo2o" | $NL2SP` test "X$libobjs" = "X " && libobjs= delfiles= @@ -7036,7 +7357,7 @@ EOF if test -n "$export_symbols" && test -n "$include_expsyms"; then tmp_export_symbols="$export_symbols" test -n "$orig_export_symbols" && tmp_export_symbols="$orig_export_symbols" - $opt_dry_run || eval '$ECHO "X$include_expsyms" | $Xsed | $SP2NL >> "$tmp_export_symbols"' + $opt_dry_run || eval '$ECHO "$include_expsyms" | $SP2NL >> "$tmp_export_symbols"' fi if test "X$skipped_export" != "X:" && test -n "$orig_export_symbols"; then @@ -7137,7 +7458,8 @@ EOF save_libobjs=$libobjs fi save_output=$output - output_la=`$ECHO "X$output" | $Xsed -e "$basename"` + func_basename "$output" + output_la=$func_basename_result # Clear the reloadable object creation command queue and # initialize k to one. @@ -7150,12 +7472,12 @@ EOF if test -n "$save_libobjs" && test "X$skipped_export" != "X:" && test "$with_gnu_ld" = yes; then output=${output_objdir}/${output_la}.lnkscript func_verbose "creating GNU ld script: $output" - $ECHO 'INPUT (' > $output + echo 'INPUT (' > $output for obj in $save_libobjs do $ECHO "$obj" >> $output done - $ECHO ')' >> $output + echo ')' >> $output delfiles="$delfiles $output" elif test -n "$save_libobjs" && test "X$skipped_export" != "X:" && test "X$file_list_spec" != X; then output=${output_objdir}/${output_la}.lnk @@ -7197,17 +7519,19 @@ EOF # command to the queue. if test "$k" -eq 1 ; then # The first file doesn't have a previous command to add. - eval concat_cmds=\"$reload_cmds $objlist $last_robj\" + reload_objs=$objlist + eval concat_cmds=\"$reload_cmds\" else # All subsequent reloadable object files will link in # the last one created. - eval concat_cmds=\"\$concat_cmds~$reload_cmds $objlist $last_robj~\$RM $last_robj\" + reload_objs="$objlist $last_robj" + eval concat_cmds=\"\$concat_cmds~$reload_cmds~\$RM $last_robj\" fi last_robj=$output_objdir/$output_la-${k}.$objext func_arith $k + 1 k=$func_arith_result output=$output_objdir/$output_la-${k}.$objext - objlist=$obj + objlist=" $obj" func_len " $last_robj" func_arith $len0 + $func_len_result len=$func_arith_result @@ -7217,7 +7541,8 @@ EOF # reloadable object file. All subsequent reloadable object # files will link in the last one created. test -z "$concat_cmds" || concat_cmds=$concat_cmds~ - eval concat_cmds=\"\${concat_cmds}$reload_cmds $objlist $last_robj\" + reload_objs="$objlist $last_robj" + eval concat_cmds=\"\${concat_cmds}$reload_cmds\" if test -n "$last_robj"; then eval concat_cmds=\"\${concat_cmds}~\$RM $last_robj\" fi @@ -7276,7 +7601,7 @@ EOF if test -n "$export_symbols" && test -n "$include_expsyms"; then tmp_export_symbols="$export_symbols" test -n "$orig_export_symbols" && tmp_export_symbols="$orig_export_symbols" - $opt_dry_run || eval '$ECHO "X$include_expsyms" | $Xsed | $SP2NL >> "$tmp_export_symbols"' + $opt_dry_run || eval '$ECHO "$include_expsyms" | $SP2NL >> "$tmp_export_symbols"' fi if test -n "$orig_export_symbols"; then @@ -7441,7 +7766,7 @@ EOF if test -n "$convenience"; then if test -n "$whole_archive_flag_spec"; then eval tmp_whole_archive_flags=\"$whole_archive_flag_spec\" - reload_conv_objs=$reload_objs\ `$ECHO "X$tmp_whole_archive_flags" | $Xsed -e 's|,| |g'` + reload_conv_objs=$reload_objs\ `$ECHO "$tmp_whole_archive_flags" | $SED 's|,| |g'` else gentop="$output_objdir/${obj}x" generated="$generated $gentop" @@ -7452,7 +7777,7 @@ EOF fi # Create the old-style object. - reload_objs="$objs$old_deplibs "`$ECHO "X$libobjs" | $SP2NL | $Xsed -e '/\.'${libext}$'/d' -e '/\.lib$/d' -e "$lo2o" | $NL2SP`" $reload_conv_objs" ### testsuite: skip nested quoting test + reload_objs="$objs$old_deplibs "`$ECHO "$libobjs" | $SP2NL | $SED "/\.${libext}$/d; /\.lib$/d; $lo2o" | $NL2SP`" $reload_conv_objs" ### testsuite: skip nested quoting test output="$obj" func_execute_cmds "$reload_cmds" 'exit $?' @@ -7512,8 +7837,8 @@ EOF case $host in *-*-rhapsody* | *-*-darwin1.[012]) # On Rhapsody replace the C library is the System framework - compile_deplibs=`$ECHO "X $compile_deplibs" | $Xsed -e 's/ -lc / System.ltframework /'` - finalize_deplibs=`$ECHO "X $finalize_deplibs" | $Xsed -e 's/ -lc / System.ltframework /'` + compile_deplibs=`$ECHO " $compile_deplibs" | $SED 's/ -lc / System.ltframework /'` + finalize_deplibs=`$ECHO " $finalize_deplibs" | $SED 's/ -lc / System.ltframework /'` ;; esac @@ -7530,8 +7855,8 @@ EOF esac fi # Time to change all our "foo.ltframework" stuff back to "-framework foo" - compile_deplibs=`$ECHO "X $compile_deplibs" | $Xsed -e 's% \([^ $]*\).ltframework% -framework \1%g'` - finalize_deplibs=`$ECHO "X $finalize_deplibs" | $Xsed -e 's% \([^ $]*\).ltframework% -framework \1%g'` + compile_deplibs=`$ECHO " $compile_deplibs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` + finalize_deplibs=`$ECHO " $finalize_deplibs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` ;; esac @@ -7668,8 +7993,8 @@ EOF if test -n "$libobjs" && test "$build_old_libs" = yes; then # Transform all the library objects into standard objects. - compile_command=`$ECHO "X$compile_command" | $SP2NL | $Xsed -e "$lo2o" | $NL2SP` - finalize_command=`$ECHO "X$finalize_command" | $SP2NL | $Xsed -e "$lo2o" | $NL2SP` + compile_command=`$ECHO "$compile_command" | $SP2NL | $SED "$lo2o" | $NL2SP` + finalize_command=`$ECHO "$finalize_command" | $SP2NL | $SED "$lo2o" | $NL2SP` fi func_generate_dlsyms "$outputname" "@PROGRAM@" "no" @@ -7681,15 +8006,15 @@ EOF wrappers_required=yes case $host in + *cegcc* | *mingw32ce*) + # Disable wrappers for cegcc and mingw32ce hosts, we are cross compiling anyway. + wrappers_required=no + ;; *cygwin* | *mingw* ) if test "$build_libtool_libs" != yes; then wrappers_required=no fi ;; - *cegcc) - # Disable wrappers for cegcc, we are cross compiling anyway. - wrappers_required=no - ;; *) if test "$need_relink" = no || test "$build_libtool_libs" != yes; then wrappers_required=no @@ -7698,7 +8023,7 @@ EOF esac if test "$wrappers_required" = no; then # Replace the output file specification. - compile_command=`$ECHO "X$compile_command" | $Xsed -e 's%@OUTPUT@%'"$output"'%g'` + compile_command=`$ECHO "$compile_command" | $SED 's%@OUTPUT@%'"$output"'%g'` link_command="$compile_command$compile_rpath" # We have no uninstalled library dependencies, so finalize right now. @@ -7745,7 +8070,7 @@ EOF # We don't need to create a wrapper script. link_command="$compile_var$compile_command$compile_rpath" # Replace the output file specification. - link_command=`$ECHO "X$link_command" | $Xsed -e 's%@OUTPUT@%'"$output"'%g'` + link_command=`$ECHO "$link_command" | $SED 's%@OUTPUT@%'"$output"'%g'` # Delete the old output file. $opt_dry_run || $RM $output # Link the executable and exit @@ -7764,7 +8089,7 @@ EOF if test "$fast_install" != no; then link_command="$finalize_var$compile_command$finalize_rpath" if test "$fast_install" = yes; then - relink_command=`$ECHO "X$compile_var$compile_command$compile_rpath" | $Xsed -e 's%@OUTPUT@%\$progdir/\$file%g'` + relink_command=`$ECHO "$compile_var$compile_command$compile_rpath" | $SED 's%@OUTPUT@%\$progdir/\$file%g'` else # fast_install is set to needless relink_command= @@ -7776,7 +8101,7 @@ EOF fi # Replace the output file specification. - link_command=`$ECHO "X$link_command" | $Xsed -e 's%@OUTPUT@%'"$output_objdir/$outputname"'%g'` + link_command=`$ECHO "$link_command" | $SED 's%@OUTPUT@%'"$output_objdir/$outputname"'%g'` # Delete the old output files. $opt_dry_run || $RM $output $output_objdir/$outputname $output_objdir/lt-$outputname @@ -7800,18 +8125,7 @@ EOF fi done relink_command="(cd `pwd`; $relink_command)" - relink_command=`$ECHO "X$relink_command" | $Xsed -e "$sed_quote_subst"` - fi - - # Quote $ECHO for shipping. - if test "X$ECHO" = "X$SHELL $progpath --fallback-echo"; then - case $progpath in - [\\/]* | [A-Za-z]:[\\/]*) qecho="$SHELL $progpath --fallback-echo";; - *) qecho="$SHELL `pwd`/$progpath --fallback-echo";; - esac - qecho=`$ECHO "X$qecho" | $Xsed -e "$sed_quote_subst"` - else - qecho=`$ECHO "X$ECHO" | $Xsed -e "$sed_quote_subst"` + relink_command=`$ECHO "$relink_command" | $SED "$sed_quote_subst"` fi # Only actually do things if not in dry run mode. @@ -7932,7 +8246,7 @@ EOF done | sort | sort -uc >/dev/null 2>&1); then : else - $ECHO "copying selected object files to avoid basename conflicts..." + echo "copying selected object files to avoid basename conflicts..." gentop="$output_objdir/${outputname}x" generated="$generated $gentop" func_mkdir_p "$gentop" @@ -8043,7 +8357,7 @@ EOF done # Quote the link command for shipping. relink_command="(cd `pwd`; $SHELL $progpath $preserve_args --mode=relink $libtool_args @inst_prefix_dir@)" - relink_command=`$ECHO "X$relink_command" | $Xsed -e "$sed_quote_subst"` + relink_command=`$ECHO "$relink_command" | $SED "$sed_quote_subst"` if test "$hardcode_automatic" = yes ; then relink_command= fi @@ -8128,9 +8442,27 @@ EOF fi $RM $output # place dlname in correct position for cygwin + # In fact, it would be nice if we could use this code for all target + # systems that can't hard-code library paths into their executables + # and that have no shared library path variable independent of PATH, + # but it turns out we can't easily determine that from inspecting + # libtool variables, so we have to hard-code the OSs to which it + # applies here; at the moment, that means platforms that use the PE + # object format with DLL files. See the long comment at the top of + # tests/bindir.at for full details. tdlname=$dlname case $host,$output,$installed,$module,$dlname in - *cygwin*,*lai,yes,no,*.dll | *mingw*,*lai,yes,no,*.dll | *cegcc*,*lai,yes,no,*.dll) tdlname=../bin/$dlname ;; + *cygwin*,*lai,yes,no,*.dll | *mingw*,*lai,yes,no,*.dll | *cegcc*,*lai,yes,no,*.dll) + # If a -bindir argument was supplied, place the dll there. + if test "x$bindir" != x ; + then + func_relative_path "$install_libdir" "$bindir" + tdlname=$func_relative_path_result$dlname + else + # Otherwise fall back on heuristic. + tdlname=../bin/$dlname + fi + ;; esac $ECHO > $output "\ # $outputname - a libtool library file diff --git a/lib/build-aux/missing b/lib/build-aux/missing index 28055d2..ac3d51c 100755 --- a/lib/build-aux/missing +++ b/lib/build-aux/missing @@ -18,7 +18,9 @@ scriptversion=2009-04-28.21; # UTC # GNU General Public License for more details. # You should have received a copy of the GNU General Public License -# along with this program. If not, see <http://www.gnu.org/licenses/>. +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +# 02110-1301, USA. # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a @@ -6,6 +6,7 @@ #endif #include <confuse.h> +#include <stdlib.h> #include <string.h> #include <assert.h> #include <radsec/radsec.h> @@ -16,7 +17,6 @@ #if 0 # common config options - dictionary = STRING # common realm config options realm NAME { @@ -78,7 +78,6 @@ rs_context_read_config(struct rs_context *ctx, const char *config_file) }; cfg_opt_t opts[] = { - CFG_STR ("dictionary", NULL, CFGF_NONE), CFG_SEC ("realm", realm_opts, CFGF_TITLE | CFGF_MULTI), CFG_END () }; @@ -107,7 +106,6 @@ rs_context_read_config(struct rs_context *ctx, const char *config_file) if (config == NULL) return rs_err_ctx_push_fl (ctx, RSE_NOMEM, __FILE__, __LINE__, NULL); ctx->config = config; - config->dictionary = cfg_getstr (cfg, "dictionary"); for (i = 0; i < cfg_size (cfg, "realm"); i++) { diff --git a/lib/configure.ac b/lib/configure.ac index 3339352..bb71a6a 100644 --- a/lib/configure.ac +++ b/lib/configure.ac @@ -17,8 +17,6 @@ AC_CHECK_LIB([confuse], [cfg_init],, AC_MSG_ERROR([required library libconfuse not found])) AC_CHECK_LIB([event_core], [event_get_version],, AC_MSG_ERROR([required library libevent_core not found])) -AC_CHECK_LIB([freeradius-radius], [rad_alloc],, - AC_MSG_ERROR([required library libfreeradius-radius not found])) # Enable-knobs. ## Enable TLS (RadSec). @@ -40,7 +38,8 @@ AM_CONDITIONAL([RS_ENABLE_TLS_PSK], [test "${enable_tls_psk+set}" = set]) # Checks for header files. AC_CHECK_HEADERS( - [netdb.h netinet/in.h stdint.h stdlib.h string.h sys/socket.h unistd.h]) + [sys/time.h time.h netdb.h netinet/in.h stdint.h stdlib.h strings.h string.h \ + sys/socket.h unistd.h syslog.h sys/select.h fcntl.h arpa/inet.h]) # Checks for typedefs, structures, and compiler characteristics. AC_TYPE_SIZE_T @@ -51,6 +50,7 @@ AC_TYPE_UINT8_T AC_CHECK_FUNCS([memset socket strdup strerror strrchr]) AC_CONFIG_FILES([Makefile + radius/Makefile include/Makefile examples/Makefile tests/Makefile]) @@ -6,6 +6,8 @@ #endif #include <string.h> +#include <stdlib.h> +#include <errno.h> #include <assert.h> #include <event2/event.h> #include <event2/bufferevent.h> diff --git a/lib/debug.c b/lib/debug.c index 3d3a2b9..2c399a1 100644 --- a/lib/debug.c +++ b/lib/debug.c @@ -7,7 +7,7 @@ #include <stdio.h> #include <assert.h> -#include <freeradius/libradius.h> +#include <radius/client.h> #include <radsec/radsec.h> #include <radsec/radsec-impl.h> #include "debug.h" @@ -21,10 +21,10 @@ rs_dump_packet (const struct rs_packet *pkt) return; p = pkt->rpkt; - fprintf (stderr, "\tCode: %u, Identifier: %u, Lenght: %u\n", + fprintf (stderr, "\tCode: %u, Identifier: %u, Lenght: %zu\n", p->code, p->id, - p->data_len); + p->sizeof_data); fflush (stderr); } @@ -6,35 +6,58 @@ #endif #include <stdio.h> +#include <stdlib.h> #include <string.h> #include <assert.h> #include <radsec/radsec.h> #include <radsec/radsec-impl.h> static const char *_errtxt[] = { - "SUCCESS", /* 0 RSE_OK */ - "out of memory", /* 1 RSE_NOMEM */ - "not yet implemented", /* 2 RSE_NOSYS */ - "invalid handle", /* 3 RSE_INVALID_CTX */ - "invalid connection", /* 4 RSE_INVALID_CONN */ - "connection type mismatch", /* 5 RSE_CONN_TYPE_MISMATCH */ - "FreeRadius error", /* 6 RSE_FR */ - "bad hostname or port", /* 7 RSE_BADADDR */ - "no peer configured", /* 8 RSE_NOPEER */ - "libevent error", /* 9 RSE_EVENT */ - "socket error", /* 10 RSE_SOCKERR */ - "invalid configuration file", /* 11 RSE_CONFIG */ - "authentication failed", /* 12 RSE_BADAUTH */ - "internal error", /* 13 RSE_INTERNAL */ - "SSL error", /* 14 RSE_SSLERR */ - "invalid packet", /* 15 RSE_INVALID_PKT */ - "connect timeout", /* 16 RSE_TIMEOUT_CONN */ - "invalid argument", /* 17 RSE_INVAL */ - "I/O timeout", /* 18 RSE_TIMEOUT_IO */ - "timeout", /* 19 RSE_TIMEOUT */ - "peer disconnected", /* 20 RSE_DISCO */ - "invalid credentials", /* 21 RSE_CRED */ - "certificate validation error", /* 22 RSE_CERT */ + "SUCCESS", /* 0 RSE_OK */ + "out of memory", /* 1 RSE_NOMEM */ + "not yet implemented", /* 2 RSE_NOSYS */ + "invalid handle", /* 3 RSE_INVALID_CTX */ + "invalid connection", /* 4 RSE_INVALID_CONN */ + "connection type mismatch", /* 5 RSE_CONN_TYPE_MISMATCH */ + "FreeRadius error", /* 6 RSE_FR */ + "bad hostname or port", /* 7 RSE_BADADDR */ + "no peer configured", /* 8 RSE_NOPEER */ + "libevent error", /* 9 RSE_EVENT */ + "socket error", /* 10 RSE_SOCKERR */ + "invalid configuration file", /* 11 RSE_CONFIG */ + "authentication failed", /* 12 RSE_BADAUTH */ + "internal error", /* 13 RSE_INTERNAL */ + "SSL error", /* 14 RSE_SSLERR */ + "invalid packet", /* 15 RSE_INVALID_PKT */ + "connect timeout", /* 16 RSE_TIMEOUT_CONN */ + "invalid argument", /* 17 RSE_INVAL */ + "I/O timeout", /* 18 RSE_TIMEOUT_IO */ + "timeout", /* 19 RSE_TIMEOUT */ + "peer disconnected", /* 20 RSE_DISCO */ + "resource is in use", /* 21 RSE_INUSE */ + "packet is too small", /* 22 RSE_PACKET_TOO_SMALL */ + "packet is too large", /* 23 RSE_PACKET_TOO_LARGE */ + "attribute overflows packet", /* 24 RSE_ATTR_OVERFLOW */ + "attribute is too small", /* 25 RSE_ATTR_TOO_SMALL */ + "attribute is too large", /* 26 RSE_ATTR_TOO_LARGE */ + "unknown attribute", /* 27 RSE_ATTR_UNKNOWN */ + "invalid name for attribute", /* 28 RSE_ATTR_BAD_NAME */ + "invalid value for attribute", /* 29 RSE_ATTR_VALUE_MALFORMED */ + "invalid attribute", /* 30 RSE_ATTR_INVALID */ + "too many attributes in the packet", /* 31 RSE_TOO_MANY_ATTRS */ + "attribute type unknown", /* 32 RSE_ATTR_TYPE_UNKNOWN */ + "invalid message authenticator", /* 33 RSE_MSG_AUTH_LEN */ + "incorrect message authenticator", /* 34 RSE_MSG_AUTH_WRONG */ + "request is required", /* 35 RSE_REQUEST_REQUIRED */ + "invalid request code", /* 36 RSE_REQUEST_CODE_INVALID */ + "incorrect request authenticator", /* 37 RSE_AUTH_VECTOR_WRONG */ + "response code is unsupported", /* 38 RSE_INVALID_RESPONSE_CODE */ + "response ID is invalid", /* 39 RSE_INVALID_RESPONSE_ID */ + "response from the wrong source address", /* 40 RSE_INVALID_RESPONSE_SRC */ + "no packet data", /* 41 RSE_NO_PACKET_DATA */ + "vendor is unknown", /* 42 RSE_VENDOR_UNKNOWN */ + "invalid credentials", /* 43 RSE_CRED */ + "certificate validation error", /* 44 RSE_CERT */ }; #define ERRTXT_SIZE (sizeof(_errtxt) / sizeof(*_errtxt)) diff --git a/lib/event.c b/lib/event.c index bfb34bc..4f83394 100644 --- a/lib/event.c +++ b/lib/event.c @@ -6,6 +6,9 @@ #endif #include <assert.h> +#include <string.h> +#include <errno.h> + #include <event2/event.h> #include <event2/bufferevent.h> #if defined (RS_ENABLE_TLS) diff --git a/lib/examples/client-blocking.c b/lib/examples/client-blocking.c index f26cd6c..7d3869a 100644 --- a/lib/examples/client-blocking.c +++ b/lib/examples/client-blocking.c @@ -6,8 +6,8 @@ #include <stdlib.h> #include <assert.h> #include <event2/event.h> -#include <freeradius/libradius.h> #include <radsec/radsec.h> +#include <radsec/radsec-impl.h> #include <radsec/request.h> #include "err.h" #include "debug.h" /* For rs_dump_packet(). */ @@ -37,8 +37,6 @@ blocking_client (const char *config_fn, const char *configuration, { struct rs_peer *server; - if (rs_context_init_freeradius_dict (h, "/usr/share/freeradius/dictionary")) - goto cleanup; if (rs_conn_create (h, &conn, NULL)) goto cleanup; rs_conn_set_type (conn, RS_CONN_TYPE_UDP); @@ -54,8 +52,6 @@ blocking_client (const char *config_fn, const char *configuration, #else /* defined (USE_CONFIG_FILE) */ if (rs_context_read_config (h, config_fn)) goto cleanup; - if (rs_context_init_freeradius_dict (h, NULL)) - goto cleanup; if (rs_conn_create (h, &conn, configuration)) goto cleanup; #endif /* defined (USE_CONFIG_FILE) */ @@ -80,10 +76,10 @@ blocking_client (const char *config_fn, const char *configuration, if (resp) { rs_dump_packet (resp); - if (rs_packet_frpkt (resp)->code == PW_AUTHENTICATION_ACK) + if (rs_packet_code (resp) == PW_ACCESS_ACCEPT) printf ("Good auth.\n"); else - printf ("Bad auth: %d\n", rs_packet_frpkt (resp)->code); + printf ("Bad auth: %d\n", rs_packet_code (resp)); } else fprintf (stderr, "%s: no response\n", __func__); diff --git a/lib/examples/client.conf b/lib/examples/client.conf index cedd259..bf57434 100644 --- a/lib/examples/client.conf +++ b/lib/examples/client.conf @@ -1,5 +1,3 @@ -dictionary = "/home/linus/usr/moonshot/share/freeradius/dictionary" - realm blocking-udp { type = "UDP" timeout = 2 diff --git a/lib/include/Makefile.am b/lib/include/Makefile.am index 5b02eb2..33b898c 100644 --- a/lib/include/Makefile.am +++ b/lib/include/Makefile.am @@ -2,6 +2,11 @@ RADSEC_EXPORT = \ radsec/radsec.h \ radsec/radsec-impl.h \ radsec/request.h \ - radsec/request-impl.h + radsec/request-impl.h \ + radsec/radius.h EXTRA_SRC = $(RADSEC_EXPORT) nobase_include_HEADERS = $(RADSEC_EXPORT) + +clean-local: + rm -f radsec/radius.h + diff --git a/lib/include/radsec/.gitignore b/lib/include/radsec/.gitignore new file mode 100644 index 0000000..c20d18b --- /dev/null +++ b/lib/include/radsec/.gitignore @@ -0,0 +1 @@ +radius.h diff --git a/lib/include/radsec/radsec-impl.h b/lib/include/radsec/radsec-impl.h index 752ea71..6339e74 100644 --- a/lib/include/radsec/radsec-impl.h +++ b/lib/include/radsec/radsec-impl.h @@ -3,7 +3,9 @@ /* See the file COPYING for licensing information. */ -#include <freeradius/libradius.h> +#ifndef _RADSEC_RADSEC_IMPL_H_ +#define _RADSEC_RADSEC_IMPL_H_ 1 + #include <event2/util.h> #include <confuse.h> #if defined(RS_ENABLE_TLS) @@ -74,7 +76,6 @@ struct rs_realm { /** Top configuration object. */ struct rs_config { - char *dictionary; struct rs_realm *realms; cfg_t *cfg; }; @@ -83,7 +84,6 @@ struct rs_context { struct rs_config *config; struct rs_alloc_scheme alloc_scheme; struct rs_error *err; - fr_randctx fr_randctx; }; struct rs_connection { @@ -121,11 +121,13 @@ enum rs_packet_flags { rs_packet_sent_flag, }; +struct radius_packet; + struct rs_packet { struct rs_connection *conn; unsigned int flags; uint8_t hdr[RS_HEADER_LEN]; - RADIUS_PACKET *rpkt; /* FreeRADIUS object. */ + struct radius_packet *rpkt; /* FreeRADIUS object. */ struct rs_packet *next; /* Used for UDP output queue. */ }; @@ -145,6 +147,8 @@ struct rs_packet { #define min(a, b) ((a) < (b) ? (a) : (b)) #define max(a, b) ((a) > (b) ? (a) : (b)) +#endif /* _RADSEC_RADSEC_IMPL_H_ */ + /* Local Variables: */ /* c-file-style: "stroustrup" */ /* End: */ diff --git a/lib/include/radsec/radsec.h b/lib/include/radsec/radsec.h index e62986e..6c4f6a7 100644 --- a/lib/include/radsec/radsec.h +++ b/lib/include/radsec/radsec.h @@ -3,14 +3,24 @@ /* See the file COPYING for licensing information. */ -#include <unistd.h> -#include <sys/time.h> +#ifndef _RADSEC_RADSEC_H_ +#define _RADSEC_RADSEC_H_ 1 -#ifdef SYSCONFDIR -#define RS_FREERADIUS_DICT SYSCONFDIR "/raddb/dictionary" -#else /* !SYSCONFDIR */ -#define RS_FREERADIUS_DICT "/usr/local/raddb/dictionary" -#endif /* !SYSCONFDIR */ +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif +#ifdef HAVE_SYS_TIME_H +#include <sys/time.h> +#endif +#ifdef HAVE_ARPA_INET_H +#include <arpa/inet.h> +#endif +#ifdef HAVE_UNISTD_H +#include <unistd.h> +#endif +#ifdef HAVE_STDINT_H +#include <stdint.h> +#endif enum rs_error_code { RSE_OK = 0, @@ -19,7 +29,7 @@ enum rs_error_code { RSE_INVALID_CTX = 3, RSE_INVALID_CONN = 4, RSE_CONN_TYPE_MISMATCH = 5, - RSE_FR = 6, /* FreeRADIUS error. */ + RSE_FR = 6, RSE_BADADDR = 7, RSE_NOPEER = 8, RSE_EVENT = 9, /* libevent error. */ @@ -34,8 +44,31 @@ enum rs_error_code { RSE_TIMEOUT_IO = 18, /* I/O timeout. */ RSE_TIMEOUT = 19, /* High level timeout. */ RSE_DISCO = 20, - RSE_CRED = 21, /* Credentials. */ - RSE_CERT = 22, /* Cert validation. */ + RSE_INUSE = 21, + RSE_PACKET_TOO_SMALL = 22, + RSE_PACKET_TOO_LARGE = 23, + RSE_ATTR_OVERFLOW = 24, + RSE_ATTR_TOO_SMALL = 25, + RSE_ATTR_TOO_LARGE = 26, + RSE_ATTR_UNKNOWN = 27, + RSE_ATTR_BAD_NAME = 28, + RSE_ATTR_VALUE_MALFORMED = 29, + RSE_ATTR_INVALID = 30, + RSE_TOO_MANY_ATTRS = 31, + RSE_ATTR_TYPE_UNKNOWN = 32, + RSE_MSG_AUTH_LEN = 33, + RSE_MSG_AUTH_WRONG = 34, + RSE_REQUEST_REQUIRED = 35, + RSE_INVALID_REQUEST_CODE = 36, + RSE_AUTH_VECTOR_WRONG = 37, + RSE_INVALID_RESPONSE_CODE = 38, + RSE_INVALID_RESPONSE_ID = 39, + RSE_INVALID_RESPONSE_SRC = 40, + RSE_NO_PACKET_DATA = 41, + RSE_VENDOR_UNKNOWN = 42, + RSE_CRED = 43, + RSE_CERT = 44, + RSE_MAX = RSE_CERT }; enum rs_conn_type { @@ -47,6 +80,39 @@ enum rs_conn_type { }; typedef unsigned int rs_conn_type_t; +typedef enum rs_attr_type_t { + RS_TYPE_INVALID = 0, /**< Invalid data type */ + RS_TYPE_STRING, /**< printable-text */ + RS_TYPE_INTEGER, /**< a 32-bit unsigned integer */ + RS_TYPE_IPADDR, /**< an IPv4 address */ + RS_TYPE_DATE, /**< a 32-bit date, of seconds since January 1, 1970 */ + RS_TYPE_OCTETS, /**< a sequence of binary octets */ + RS_TYPE_IFID, /**< an Interface Id */ + RS_TYPE_IPV6ADDR, /**< an IPv6 address */ + RS_TYPE_IPV6PREFIX, /**< an IPv6 prefix */ + RS_TYPE_BYTE, /**< an 8-bit integer */ + RS_TYPE_SHORT, /**< a 16-bit integer */ +} rs_attr_type_t; + +#define PW_ACCESS_REQUEST 1 +#define PW_ACCESS_ACCEPT 2 +#define PW_ACCESS_REJECT 3 +#define PW_ACCOUNTING_REQUEST 4 +#define PW_ACCOUNTING_RESPONSE 5 +#define PW_ACCOUNTING_STATUS 6 +#define PW_PASSWORD_REQUEST 7 +#define PW_PASSWORD_ACK 8 +#define PW_PASSWORD_REJECT 9 +#define PW_ACCOUNTING_MESSAGE 10 +#define PW_ACCESS_CHALLENGE 11 +#define PW_STATUS_SERVER 12 +#define PW_STATUS_CLIENT 13 +#define PW_DISCONNECT_REQUEST 40 +#define PW_DISCONNECT_ACK 41 +#define PW_DISCONNECT_NAK 42 +#define PW_COA_REQUEST 43 +#define PW_COA_ACK 44 +#define PW_COA_NAK 45 #if defined (__cplusplus) extern "C" { @@ -59,7 +125,8 @@ struct rs_packet; /* radsec-impl.h */ struct rs_conn; /* radsec-impl.h */ struct rs_error; /* radsec-impl.h */ struct rs_peer; /* radsec-impl.h */ -struct radius_packet; /* <freeradius/libradius.h> */ +struct radius_packet; /* <radius/client.h> */ +struct value_pair; /* <radius/client.h> */ struct event_base; /* <event2/event-internal.h> */ typedef void *(*rs_calloc_fp) (size_t nmemb, size_t size); @@ -89,6 +156,8 @@ struct rs_conn_callbacks { rs_conn_packet_sent_cb sent_cb; }; +typedef struct value_pair rs_avp; +typedef const struct value_pair rs_const_avp; /* Function prototypes. */ @@ -109,20 +178,6 @@ int rs_context_create(struct rs_context **ctx); all other libradsec objects have been freed. */ void rs_context_destroy(struct rs_context *ctx); -/** Initialize FreeRADIUS dictionary needed for creating packets. - - \a ctx Context. - - \a dict Optional string with full path to FreeRADIUS dictionary. - If \a dict is NULL the path to the dictionary file is taken from - the "dictionary" configuration directive. Note that the - configuration file must be read prior to using this option (see \a - rs_context_read_config). - - \return RSE_OK (0) on success, RSE_NOMEM on memory allocation - error and RSE_FR on FreeRADIUS error. */ -int rs_context_init_freeradius_dict(struct rs_context *ctx, const char *dict); - /** Set allocation scheme to use. \a scheme is the allocation scheme to use, see \a rs_alloc_scheme. \return On success, RSE_OK (0) is returned. On error, !0 is returned and a struct \a rs_error is @@ -253,9 +308,6 @@ void rs_packet_destroy(struct rs_packet *pkt); rs_err_conn_pop. */ int rs_packet_send(struct rs_packet *pkt, void *user_data); -/** Return the FreeRADIUS packet associated with packet \a pkt. */ -struct radius_packet *rs_packet_frpkt(struct rs_packet *pkt); - /** Create a RADIUS authentication request packet associated with connection \a conn. Optionally, User-Name and User-Password attributes are added to the packet using the data in \a user_name @@ -265,6 +317,28 @@ int rs_packet_create_authn_request(struct rs_connection *conn, const char *user_name, const char *user_pw); +/*** Append \a tail to packet \a pkt. */ +int +rs_packet_append_avp(struct rs_packet *pkt, + unsigned int attribute, unsigned int vendor, + const void *data, size_t data_len); + +/*** Get pointer to \a pkt attribute value pairs. */ +void +rs_packet_avps(struct rs_packet *pkt, rs_avp ***vps); + +/*** Get RADIUS packet type of \a pkt. */ +unsigned int +rs_packet_code(struct rs_packet *pkt); + +/*** Get RADIUS AVP from \a pkt. */ +rs_const_avp * +rs_packet_find_avp(struct rs_packet *pkt, unsigned int attr, unsigned int vendor); + +/*** Set packet identifier in \a pkt; returns old identifier */ +int +rs_packet_set_id (struct rs_packet *pkt, int id); + /************/ /* Config. */ /************/ @@ -311,10 +385,203 @@ void rs_err_free(struct rs_error *err); char *rs_err_msg(struct rs_error *err); int rs_err_code(struct rs_error *err, int dofree_flag); +/************/ +/* AVPs. */ +/************/ +#define rs_avp_is_string(vp) (rs_avp_typeof(vp) == RS_TYPE_STRING) +#define rs_avp_is_integer(vp) (rs_avp_typeof(vp) == RS_TYPE_INTEGER) +#define rs_avp_is_ipaddr(vp) (rs_avp_typeof(vp) == RS_TYPE_IPADDR) +#define rs_avp_is_date(vp) (rs_avp_typeof(vp) == RS_TYPE_DATE) +#define rs_avp_is_octets(vp) (rs_avp_typeof(vp) == RS_TYPE_OCTETS) +#define rs_avp_is_ifid(vp) (rs_avp_typeof(vp) == RS_TYPE_IFID) +#define rs_avp_is_ipv6addr(vp) (rs_avp_typeof(vp) == RS_TYPE_IPV6ADDR) +#define rs_avp_is_ipv6prefix(vp) (rs_avp_typeof(vp) == RS_TYPE_IPV6PREFIX) +#define rs_avp_is_byte(vp) (rs_avp_typeof(vp) == RS_TYPE_BYTE) +#define rs_avp_is_short(vp) (rs_avp_typeof(vp) == RS_TYPE_SHORT) +#define rs_avp_is_tlv(vp) (rs_avp_typeof(vp) == RS_TYPE_TLV) + +/** The maximum length of a RADIUS attribute. + * + * The RFCs require that a RADIUS attribute transport no more than + * 253 octets of data. We add an extra byte for a trailing NUL, so + * that the VALUE_PAIR::vp_strvalue field can be handled as a C + * string. + */ +#define RS_MAX_STRING_LEN 254 + +/** Free the AVP list \a vps */ +void +rs_avp_free(rs_avp **vps); + +/** Return the length of AVP \a vp in bytes */ +size_t +rs_avp_length(rs_const_avp *vp); + +/** Return the type of \a vp */ +rs_attr_type_t +rs_avp_typeof(rs_const_avp *vp); + +/** Retrieve the attribute and vendor ID of \a vp */ +void +rs_avp_attrid(rs_const_avp *vp, unsigned int *attr, unsigned int *vendor); + +/** Add \a vp to the list pointed to by \a head */ +void +rs_avp_append(rs_avp **head, rs_avp *vp); + +/** Find an AVP in \a vp that matches \a attr and \a vendor */ +rs_avp * +rs_avp_find(rs_avp *vp, unsigned int attr, unsigned int vendor); + +/** Find an AVP in \a vp that matches \a attr and \a vendor */ +rs_const_avp * +rs_avp_find_const(rs_const_avp *vp, unsigned int attr, unsigned int vendor); + +/** Alloc a new AVP for \a attr and \a vendor */ +rs_avp * +rs_avp_alloc(unsigned int attr, unsigned int vendor); + +/** Duplicate existing AVP \a vp */ +rs_avp * +rs_avp_dup(rs_const_avp *vp); + +/** Remove matching AVP from list \a vps */ +int +rs_avp_delete(rs_avp **vps, unsigned int attr, unsigned int vendor); + +/** Return next AVP in list */ +rs_avp * +rs_avp_next(rs_avp *vp); + +/** Return next AVP in list */ +rs_const_avp * +rs_avp_next_const(rs_const_avp *avp); + +/** Return string value of \a vp */ +const char * +rs_avp_string_value(rs_const_avp *vp); + +/** Set AVP \a vp to string \a str */ +int +rs_avp_string_set(rs_avp *vp, const char *str); + +/** Return integer value of \a vp */ +uint32_t +rs_avp_integer_value(rs_const_avp *vp); + +/** Set AVP \a vp to integer \a val */ +int +rs_avp_integer_set(rs_avp *vp, uint32_t val); + +/** Return IPv4 value of \a vp */ +uint32_t +rs_avp_ipaddr_value(rs_const_avp *vp); + +/** Set AVP \a vp to IPv4 address \a in */ +int +rs_avp_ipaddr_set(rs_avp *vp, struct in_addr in); + +/** Return POSIX time value of \a vp */ +time_t +rs_avp_date_value(rs_const_avp *vp); + +/** Set AVP \a vp to POSIX time \a date */ +int +rs_avp_date_set(rs_avp *vp, time_t date); + +/** Return constant pointer to octets in \a vp */ +const unsigned char * +rs_avp_octets_value_const_ptr(rs_const_avp *vp); + +/** Return pointer to octets in \a vp */ +unsigned char * +rs_avp_octets_value_ptr(rs_avp *vp); + +/** Retrieve octet pointer \a p and length \a len from \a vp */ +int +rs_avp_octets_value_byref(rs_avp *vp, + unsigned char **p, + size_t *len); + +/** Copy octets from \a vp into \a buf and \a len */ +int +rs_avp_octets_value(rs_const_avp *vp, + unsigned char *buf, + size_t *len); + +/** + * Copy octets possibly fragmented across multiple VPs + * into \a buf and \a len + */ +int +rs_avp_fragmented_value(rs_const_avp *vps, + unsigned char *buf, + size_t *len); + +/** Copy \a len octets in \a buf to AVP \a vp */ +int +rs_avp_octets_set(rs_avp *vp, + const unsigned char *buf, + size_t len); + +/** Return IFID value of \a vp */ +int +rs_avp_ifid_value(rs_const_avp *vp, uint8_t val[8]); + +int +rs_avp_ifid_set(rs_avp *vp, const uint8_t val[8]); + +/** Return byte value of \a vp */ +uint8_t +rs_avp_byte_value(rs_const_avp *vp); + +/** Set AVP \a vp to byte \a val */ +int +rs_avp_byte_set(rs_avp *vp, uint8_t val); + +/** Return short value of \a vp */ +uint16_t +rs_avp_short_value(rs_const_avp *vp); + +/** Set AVP \a vp to short integer \a val */ +int +rs_avp_short_set(rs_avp *vp, uint16_t val); + +/** Display possibly \a canonical attribute name into \a buffer */ +int +rs_attr_display_name (unsigned int attr, + unsigned int vendor, + char *buffer, + size_t bufsize, + int canonical); + +/** Display AVP \a vp into \a buffer */ +size_t +rs_avp_display_value(rs_const_avp *vp, + char *buffer, + size_t buflen); + +int +rs_attr_parse_name (const char *name, + unsigned int *attr, + unsigned int *vendor); + +/** Lookup attribute \a name */ +int +rs_attr_find(const char *name, + unsigned int *attr, + unsigned int *vendor); + +/** Return dictionary name for AVP \a vp */ +const char * +rs_avp_name(rs_const_avp *vp); + #if defined (__cplusplus) } #endif +#endif /* _RADSEC_RADSEC_H_ */ + /* Local Variables: */ /* c-file-style: "stroustrup" */ /* End: */ diff --git a/lib/include/radsec/request-impl.h b/lib/include/radsec/request-impl.h index 8bcac60..d2c14dd 100644 --- a/lib/include/radsec/request-impl.h +++ b/lib/include/radsec/request-impl.h @@ -1,5 +1,8 @@ /* See the file COPYING for licensing information. */ +#ifndef _RADSEC_REQUEST_IMPL_H_ +#define _RADSEC_REQUEST_IMPL_H_ 1 + #if defined (__cplusplus) extern "C" { #endif @@ -16,3 +19,5 @@ struct rs_request #if defined (__cplusplus) } #endif + +#endif /* _RADSEC_REQUEST_IMPL_H_ */ diff --git a/lib/include/radsec/request.h b/lib/include/radsec/request.h index e914164..f124373 100644 --- a/lib/include/radsec/request.h +++ b/lib/include/radsec/request.h @@ -3,6 +3,9 @@ /* See the file COPYING for licensing information. */ +#ifndef _RADSEC_REQUEST_H_ +#define _RADSEC_REQUEST_H_ 1 + struct rs_request; #if defined (__cplusplus) @@ -42,3 +45,5 @@ struct rs_packet *rs_request_get_reqmsg(const struct rs_request *req); #if defined (__cplusplus) } #endif + +#endif /* _RADSEC_REQUEST_H_ */ diff --git a/lib/m4/libtool.m4 b/lib/m4/libtool.m4 index a3fee53..22924a8 100644 --- a/lib/m4/libtool.m4 +++ b/lib/m4/libtool.m4 @@ -1,7 +1,8 @@ # libtool.m4 - Configure libtool for the host system. -*-Autoconf-*- # # Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, -# 2006, 2007, 2008 Free Software Foundation, Inc. +# 2006, 2007, 2008, 2009, 2010 Free Software Foundation, +# Inc. # Written by Gordon Matzigkeit, 1996 # # This file is free software; the Free Software Foundation gives @@ -10,7 +11,8 @@ m4_define([_LT_COPYING], [dnl # Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, -# 2006, 2007, 2008 Free Software Foundation, Inc. +# 2006, 2007, 2008, 2009, 2010 Free Software Foundation, +# Inc. # Written by Gordon Matzigkeit, 1996 # # This file is part of GNU Libtool. @@ -37,7 +39,7 @@ m4_define([_LT_COPYING], [dnl # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. ]) -# serial 56 LT_INIT +# serial 57 LT_INIT # LT_PREREQ(VERSION) @@ -66,6 +68,7 @@ esac # ------------------ AC_DEFUN([LT_INIT], [AC_PREREQ([2.58])dnl We use AC_INCLUDES_DEFAULT +AC_REQUIRE([AC_CONFIG_AUX_DIR_DEFAULT])dnl AC_BEFORE([$0], [LT_LANG])dnl AC_BEFORE([$0], [LT_OUTPUT])dnl AC_BEFORE([$0], [LTDL_INIT])dnl @@ -82,6 +85,8 @@ AC_REQUIRE([LTVERSION_VERSION])dnl AC_REQUIRE([LTOBSOLETE_VERSION])dnl m4_require([_LT_PROG_LTMAIN])dnl +_LT_SHELL_INIT([SHELL=${CONFIG_SHELL-/bin/sh}]) + dnl Parse OPTIONS _LT_SET_OPTIONS([$0], [$1]) @@ -118,7 +123,7 @@ m4_defun([_LT_CC_BASENAME], *) break;; esac done -cc_basename=`$ECHO "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"` +cc_basename=`$ECHO "$cc_temp" | $SED "s%.*/%%; s%^$host_alias-%%"` ]) @@ -138,6 +143,9 @@ m4_defun([_LT_FILEUTILS_DEFAULTS], m4_defun([_LT_SETUP], [AC_REQUIRE([AC_CANONICAL_HOST])dnl AC_REQUIRE([AC_CANONICAL_BUILD])dnl +AC_REQUIRE([_LT_PREPARE_SED_QUOTE_VARS])dnl +AC_REQUIRE([_LT_PROG_ECHO_BACKSLASH])dnl + _LT_DECL([], [host_alias], [0], [The host system])dnl _LT_DECL([], [host], [0])dnl _LT_DECL([], [host_os], [0])dnl @@ -179,7 +187,6 @@ fi _LT_CHECK_OBJDIR m4_require([_LT_TAG_COMPILER])dnl -_LT_PROG_ECHO_BACKSLASH case $host_os in aix3*) @@ -193,23 +200,6 @@ aix3*) ;; esac -# Sed substitution that helps us do robust quoting. It backslashifies -# metacharacters that are still active within double-quoted strings. -sed_quote_subst='s/\([["`$\\]]\)/\\\1/g' - -# Same as above, but do not quote variable references. -double_quote_subst='s/\([["`\\]]\)/\\\1/g' - -# Sed substitution to delay expansion of an escaped shell variable in a -# double_quote_subst'ed string. -delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g' - -# Sed substitution to delay expansion of an escaped single quote. -delay_single_quote_subst='s/'\''/'\'\\\\\\\'\''/g' - -# Sed substitution to avoid accidental globbing in evaled expressions -no_glob_subst='s/\*/\\\*/g' - # Global variables: ofile=libtool can_build_shared=yes @@ -250,6 +240,28 @@ _LT_CONFIG_COMMANDS ])# _LT_SETUP +# _LT_PREPARE_SED_QUOTE_VARS +# -------------------------- +# Define a few sed substitution that help us do robust quoting. +m4_defun([_LT_PREPARE_SED_QUOTE_VARS], +[# Backslashify metacharacters that are still active within +# double-quoted strings. +sed_quote_subst='s/\([["`$\\]]\)/\\\1/g' + +# Same as above, but do not quote variable references. +double_quote_subst='s/\([["`\\]]\)/\\\1/g' + +# Sed substitution to delay expansion of an escaped shell variable in a +# double_quote_subst'ed string. +delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g' + +# Sed substitution to delay expansion of an escaped single quote. +delay_single_quote_subst='s/'\''/'\'\\\\\\\'\''/g' + +# Sed substitution to avoid accidental globbing in evaled expressions +no_glob_subst='s/\*/\\\*/g' +]) + # _LT_PROG_LTMAIN # --------------- # Note that this code is called both from `configure', and `config.status' @@ -408,7 +420,7 @@ m4_define([_lt_decl_all_varnames], # declaration there will have the same value as in `configure'. VARNAME # must have a single quote delimited value for this to work. m4_define([_LT_CONFIG_STATUS_DECLARE], -[$1='`$ECHO "X$][$1" | $Xsed -e "$delay_single_quote_subst"`']) +[$1='`$ECHO "$][$1" | $SED "$delay_single_quote_subst"`']) # _LT_CONFIG_STATUS_DECLARATIONS @@ -418,7 +430,7 @@ m4_define([_LT_CONFIG_STATUS_DECLARE], # embedded single quotes properly. In configure, this macro expands # each variable declared with _LT_DECL (and _LT_TAGDECL) into: # -# <var>='`$ECHO "X$<var>" | $Xsed -e "$delay_single_quote_subst"`' +# <var>='`$ECHO "$<var>" | $SED "$delay_single_quote_subst"`' m4_defun([_LT_CONFIG_STATUS_DECLARATIONS], [m4_foreach([_lt_var], m4_quote(lt_decl_all_varnames), [m4_n([_LT_CONFIG_STATUS_DECLARE(_lt_var)])])]) @@ -517,12 +529,20 @@ LTCC='$LTCC' LTCFLAGS='$LTCFLAGS' compiler='$compiler_DEFAULT' +# A function that is used when there is no print builtin or printf. +func_fallback_echo () +{ + eval 'cat <<_LTECHO_EOF +\$[]1 +_LTECHO_EOF' +} + # Quote evaled strings. for var in lt_decl_all_varnames([[ \ ]], lt_decl_quote_varnames); do - case \`eval \\\\\$ECHO "X\\\\\$\$var"\` in + case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in *[[\\\\\\\`\\"\\\$]]*) - eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"X\\\$\$var\\" | \\\$Xsed -e \\"\\\$sed_quote_subst\\"\\\`\\\\\\"" + eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED \\"\\\$sed_quote_subst\\"\\\`\\\\\\"" ;; *) eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\"" @@ -533,9 +553,9 @@ done # Double-quote double-evaled strings. for var in lt_decl_all_varnames([[ \ ]], lt_decl_dquote_varnames); do - case \`eval \\\\\$ECHO "X\\\\\$\$var"\` in + case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in *[[\\\\\\\`\\"\\\$]]*) - eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"X\\\$\$var\\" | \\\$Xsed -e \\"\\\$double_quote_subst\\" -e \\"\\\$sed_quote_subst\\" -e \\"\\\$delay_variable_subst\\"\\\`\\\\\\"" + eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED -e \\"\\\$double_quote_subst\\" -e \\"\\\$sed_quote_subst\\" -e \\"\\\$delay_variable_subst\\"\\\`\\\\\\"" ;; *) eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\"" @@ -543,16 +563,38 @@ for var in lt_decl_all_varnames([[ \ esac done -# Fix-up fallback echo if it was mangled by the above quoting rules. -case \$lt_ECHO in -*'\\\[$]0 --fallback-echo"')dnl " - lt_ECHO=\`\$ECHO "X\$lt_ECHO" | \$Xsed -e 's/\\\\\\\\\\\\\\\[$]0 --fallback-echo"\[$]/\[$]0 --fallback-echo"/'\` - ;; -esac - _LT_OUTPUT_LIBTOOL_INIT ]) +# _LT_GENERATED_FILE_INIT(FILE, [COMMENT]) +# ------------------------------------ +# Generate a child script FILE with all initialization necessary to +# reuse the environment learned by the parent script, and make the +# file executable. If COMMENT is supplied, it is inserted after the +# `#!' sequence but before initialization text begins. After this +# macro, additional text can be appended to FILE to form the body of +# the child script. The macro ends with non-zero status if the +# file could not be fully written (such as if the disk is full). +m4_ifdef([AS_INIT_GENERATED], +[m4_defun([_LT_GENERATED_FILE_INIT],[AS_INIT_GENERATED($@)])], +[m4_defun([_LT_GENERATED_FILE_INIT], +[m4_require([AS_PREPARE])]dnl +[m4_pushdef([AS_MESSAGE_LOG_FD])]dnl +[lt_write_fail=0 +cat >$1 <<_ASEOF || lt_write_fail=1 +#! $SHELL +# Generated by $as_me. +$2 +SHELL=\${CONFIG_SHELL-$SHELL} +export SHELL +_ASEOF +cat >>$1 <<\_ASEOF || lt_write_fail=1 +AS_SHELL_SANITIZE +_AS_PREPARE +exec AS_MESSAGE_FD>&1 +_ASEOF +test $lt_write_fail = 0 && chmod +x $1[]dnl +m4_popdef([AS_MESSAGE_LOG_FD])])])# _LT_GENERATED_FILE_INIT # LT_OUTPUT # --------- @@ -562,20 +604,11 @@ _LT_OUTPUT_LIBTOOL_INIT AC_DEFUN([LT_OUTPUT], [: ${CONFIG_LT=./config.lt} AC_MSG_NOTICE([creating $CONFIG_LT]) -cat >"$CONFIG_LT" <<_LTEOF -#! $SHELL -# Generated by $as_me. -# Run this file to recreate a libtool stub with the current configuration. - -lt_cl_silent=false -SHELL=\${CONFIG_SHELL-$SHELL} -_LTEOF +_LT_GENERATED_FILE_INIT(["$CONFIG_LT"], +[# Run this file to recreate a libtool stub with the current configuration.]) cat >>"$CONFIG_LT" <<\_LTEOF -AS_SHELL_SANITIZE -_AS_PREPARE - -exec AS_MESSAGE_FD>&1 +lt_cl_silent=false exec AS_MESSAGE_LOG_FD>>config.log { echo @@ -601,7 +634,7 @@ m4_ifset([AC_PACKAGE_NAME], [AC_PACKAGE_NAME ])config.lt[]dnl m4_ifset([AC_PACKAGE_VERSION], [ AC_PACKAGE_VERSION]) configured by $[0], generated by m4_PACKAGE_STRING. -Copyright (C) 2008 Free Software Foundation, Inc. +Copyright (C) 2010 Free Software Foundation, Inc. This config.lt script is free software; the Free Software Foundation gives unlimited permision to copy, distribute and modify it." @@ -646,15 +679,13 @@ chmod +x "$CONFIG_LT" # appending to config.log, which fails on DOS, as config.log is still kept # open by configure. Here we exec the FD to /dev/null, effectively closing # config.log, so it can be properly (re)opened and appended to by config.lt. -if test "$no_create" != yes; then - lt_cl_success=: - test "$silent" = yes && - lt_config_lt_args="$lt_config_lt_args --quiet" - exec AS_MESSAGE_LOG_FD>/dev/null - $SHELL "$CONFIG_LT" $lt_config_lt_args || lt_cl_success=false - exec AS_MESSAGE_LOG_FD>>config.log - $lt_cl_success || AS_EXIT(1) -fi +lt_cl_success=: +test "$silent" = yes && + lt_config_lt_args="$lt_config_lt_args --quiet" +exec AS_MESSAGE_LOG_FD>/dev/null +$SHELL "$CONFIG_LT" $lt_config_lt_args || lt_cl_success=false +exec AS_MESSAGE_LOG_FD>>config.log +$lt_cl_success || AS_EXIT(1) ])# LT_OUTPUT @@ -831,11 +862,13 @@ AU_DEFUN([AC_LIBTOOL_CXX], [LT_LANG(C++)]) AU_DEFUN([AC_LIBTOOL_F77], [LT_LANG(Fortran 77)]) AU_DEFUN([AC_LIBTOOL_FC], [LT_LANG(Fortran)]) AU_DEFUN([AC_LIBTOOL_GCJ], [LT_LANG(Java)]) +AU_DEFUN([AC_LIBTOOL_RC], [LT_LANG(Windows Resource)]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([AC_LIBTOOL_CXX], []) dnl AC_DEFUN([AC_LIBTOOL_F77], []) dnl AC_DEFUN([AC_LIBTOOL_FC], []) dnl AC_DEFUN([AC_LIBTOOL_GCJ], []) +dnl AC_DEFUN([AC_LIBTOOL_RC], []) # _LT_TAG_COMPILER @@ -940,6 +973,31 @@ m4_defun_once([_LT_REQUIRED_DARWIN_CHECKS],[ [lt_cv_ld_exported_symbols_list=no]) LDFLAGS="$save_LDFLAGS" ]) + AC_CACHE_CHECK([for -force_load linker flag],[lt_cv_ld_force_load], + [lt_cv_ld_force_load=no + cat > conftest.c << _LT_EOF +int forced_loaded() { return 2;} +_LT_EOF + echo "$LTCC $LTCFLAGS -c -o conftest.o conftest.c" >&AS_MESSAGE_LOG_FD + $LTCC $LTCFLAGS -c -o conftest.o conftest.c 2>&AS_MESSAGE_LOG_FD + echo "$AR cru libconftest.a conftest.o" >&AS_MESSAGE_LOG_FD + $AR cru libconftest.a conftest.o 2>&AS_MESSAGE_LOG_FD + echo "$RANLIB libconftest.a" >&AS_MESSAGE_LOG_FD + $RANLIB libconftest.a 2>&AS_MESSAGE_LOG_FD + cat > conftest.c << _LT_EOF +int main() { return 0;} +_LT_EOF + echo "$LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a" >&AS_MESSAGE_LOG_FD + $LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a 2>conftest.err + _lt_result=$? + if test -f conftest && test ! -s conftest.err && test $_lt_result = 0 && $GREP forced_load conftest 2>&1 >/dev/null; then + lt_cv_ld_force_load=yes + else + cat conftest.err >&AS_MESSAGE_LOG_FD + fi + rm -f conftest.err libconftest.a conftest conftest.c + rm -rf conftest.dSYM + ]) case $host_os in rhapsody* | darwin1.[[012]]) _lt_dar_allow_undefined='${wl}-undefined ${wl}suppress' ;; @@ -967,7 +1025,7 @@ m4_defun_once([_LT_REQUIRED_DARWIN_CHECKS],[ else _lt_dar_export_syms='~$NMEDIT -s $output_objdir/${libname}-symbols.expsym ${lib}' fi - if test "$DSYMUTIL" != ":"; then + if test "$DSYMUTIL" != ":" && test "$lt_cv_ld_force_load" = "no"; then _lt_dsymutil='~$DSYMUTIL $lib || :' else _lt_dsymutil= @@ -987,7 +1045,11 @@ m4_defun([_LT_DARWIN_LINKER_FEATURES], _LT_TAGVAR(hardcode_direct, $1)=no _LT_TAGVAR(hardcode_automatic, $1)=yes _LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported - _LT_TAGVAR(whole_archive_flag_spec, $1)='' + if test "$lt_cv_ld_force_load" = "yes"; then + _LT_TAGVAR(whole_archive_flag_spec, $1)='`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience ${wl}-force_load,$conv\"; done; func_echo_all \"$new_convenience\"`' + else + _LT_TAGVAR(whole_archive_flag_spec, $1)='' + fi _LT_TAGVAR(link_all_deplibs, $1)=yes _LT_TAGVAR(allow_undefined_flag, $1)="$_lt_dar_allow_undefined" case $cc_basename in @@ -995,7 +1057,7 @@ m4_defun([_LT_DARWIN_LINKER_FEATURES], *) _lt_dar_can_shared=$GCC ;; esac if test "$_lt_dar_can_shared" = "yes"; then - output_verbose_link_cmd=echo + output_verbose_link_cmd=func_echo_all _LT_TAGVAR(archive_cmds, $1)="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod${_lt_dsymutil}" _LT_TAGVAR(module_cmds, $1)="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dsymutil}" _LT_TAGVAR(archive_expsym_cmds, $1)="sed 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring ${_lt_dar_single_mod}${_lt_dar_export_syms}${_lt_dsymutil}" @@ -1041,170 +1103,65 @@ if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi # _LT_SHELL_INIT(ARG) # ------------------- m4_define([_LT_SHELL_INIT], -[ifdef([AC_DIVERSION_NOTICE], - [AC_DIVERT_PUSH(AC_DIVERSION_NOTICE)], - [AC_DIVERT_PUSH(NOTICE)]) -$1 -AC_DIVERT_POP -])# _LT_SHELL_INIT +[m4_divert_text([M4SH-INIT], [$1 +])])# _LT_SHELL_INIT + # _LT_PROG_ECHO_BACKSLASH # ----------------------- -# Add some code to the start of the generated configure script which -# will find an echo command which doesn't interpret backslashes. +# Find how we can fake an echo command that does not interpret backslash. +# In particular, with Autoconf 2.60 or later we add some code to the start +# of the generated configure script which will find a shell with a builtin +# printf (which we can use as an echo command). m4_defun([_LT_PROG_ECHO_BACKSLASH], -[_LT_SHELL_INIT([ -# Check that we are running under the correct shell. -SHELL=${CONFIG_SHELL-/bin/sh} - -case X$lt_ECHO in -X*--fallback-echo) - # Remove one level of quotation (which was required for Make). - ECHO=`echo "$lt_ECHO" | sed 's,\\\\\[$]\\[$]0,'[$]0','` - ;; -esac - -ECHO=${lt_ECHO-echo} -if test "X[$]1" = X--no-reexec; then - # Discard the --no-reexec flag, and continue. - shift -elif test "X[$]1" = X--fallback-echo; then - # Avoid inline document here, it may be left over - : -elif test "X`{ $ECHO '\t'; } 2>/dev/null`" = 'X\t' ; then - # Yippee, $ECHO works! - : +[ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' +ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO +ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO$ECHO + +AC_MSG_CHECKING([how to print strings]) +# Test print first, because it will be a builtin if present. +if test "X`print -r -- -n 2>/dev/null`" = X-n && \ + test "X`print -r -- $ECHO 2>/dev/null`" = "X$ECHO"; then + ECHO='print -r --' +elif test "X`printf %s $ECHO 2>/dev/null`" = "X$ECHO"; then + ECHO='printf %s\n' else - # Restart under the correct shell. - exec $SHELL "[$]0" --no-reexec ${1+"[$]@"} -fi - -if test "X[$]1" = X--fallback-echo; then - # used as fallback echo - shift - cat <<_LT_EOF -[$]* -_LT_EOF - exit 0 + # Use this function as a fallback that always works. + func_fallback_echo () + { + eval 'cat <<_LTECHO_EOF +$[]1 +_LTECHO_EOF' + } + ECHO='func_fallback_echo' fi -# The HP-UX ksh and POSIX shell print the target directory to stdout -# if CDPATH is set. -(unset CDPATH) >/dev/null 2>&1 && unset CDPATH - -if test -z "$lt_ECHO"; then - if test "X${echo_test_string+set}" != Xset; then - # find a string as large as possible, as long as the shell can cope with it - for cmd in 'sed 50q "[$]0"' 'sed 20q "[$]0"' 'sed 10q "[$]0"' 'sed 2q "[$]0"' 'echo test'; do - # expected sizes: less than 2Kb, 1Kb, 512 bytes, 16 bytes, ... - if { echo_test_string=`eval $cmd`; } 2>/dev/null && - { test "X$echo_test_string" = "X$echo_test_string"; } 2>/dev/null - then - break - fi - done - fi - - if test "X`{ $ECHO '\t'; } 2>/dev/null`" = 'X\t' && - echo_testing_string=`{ $ECHO "$echo_test_string"; } 2>/dev/null` && - test "X$echo_testing_string" = "X$echo_test_string"; then - : - else - # The Solaris, AIX, and Digital Unix default echo programs unquote - # backslashes. This makes it impossible to quote backslashes using - # echo "$something" | sed 's/\\/\\\\/g' - # - # So, first we look for a working echo in the user's PATH. - - lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR - for dir in $PATH /usr/ucb; do - IFS="$lt_save_ifs" - if (test -f $dir/echo || test -f $dir/echo$ac_exeext) && - test "X`($dir/echo '\t') 2>/dev/null`" = 'X\t' && - echo_testing_string=`($dir/echo "$echo_test_string") 2>/dev/null` && - test "X$echo_testing_string" = "X$echo_test_string"; then - ECHO="$dir/echo" - break - fi - done - IFS="$lt_save_ifs" - - if test "X$ECHO" = Xecho; then - # We didn't find a better echo, so look for alternatives. - if test "X`{ print -r '\t'; } 2>/dev/null`" = 'X\t' && - echo_testing_string=`{ print -r "$echo_test_string"; } 2>/dev/null` && - test "X$echo_testing_string" = "X$echo_test_string"; then - # This shell has a builtin print -r that does the trick. - ECHO='print -r' - elif { test -f /bin/ksh || test -f /bin/ksh$ac_exeext; } && - test "X$CONFIG_SHELL" != X/bin/ksh; then - # If we have ksh, try running configure again with it. - ORIGINAL_CONFIG_SHELL=${CONFIG_SHELL-/bin/sh} - export ORIGINAL_CONFIG_SHELL - CONFIG_SHELL=/bin/ksh - export CONFIG_SHELL - exec $CONFIG_SHELL "[$]0" --no-reexec ${1+"[$]@"} - else - # Try using printf. - ECHO='printf %s\n' - if test "X`{ $ECHO '\t'; } 2>/dev/null`" = 'X\t' && - echo_testing_string=`{ $ECHO "$echo_test_string"; } 2>/dev/null` && - test "X$echo_testing_string" = "X$echo_test_string"; then - # Cool, printf works - : - elif echo_testing_string=`($ORIGINAL_CONFIG_SHELL "[$]0" --fallback-echo '\t') 2>/dev/null` && - test "X$echo_testing_string" = 'X\t' && - echo_testing_string=`($ORIGINAL_CONFIG_SHELL "[$]0" --fallback-echo "$echo_test_string") 2>/dev/null` && - test "X$echo_testing_string" = "X$echo_test_string"; then - CONFIG_SHELL=$ORIGINAL_CONFIG_SHELL - export CONFIG_SHELL - SHELL="$CONFIG_SHELL" - export SHELL - ECHO="$CONFIG_SHELL [$]0 --fallback-echo" - elif echo_testing_string=`($CONFIG_SHELL "[$]0" --fallback-echo '\t') 2>/dev/null` && - test "X$echo_testing_string" = 'X\t' && - echo_testing_string=`($CONFIG_SHELL "[$]0" --fallback-echo "$echo_test_string") 2>/dev/null` && - test "X$echo_testing_string" = "X$echo_test_string"; then - ECHO="$CONFIG_SHELL [$]0 --fallback-echo" - else - # maybe with a smaller string... - prev=: - - for cmd in 'echo test' 'sed 2q "[$]0"' 'sed 10q "[$]0"' 'sed 20q "[$]0"' 'sed 50q "[$]0"'; do - if { test "X$echo_test_string" = "X`eval $cmd`"; } 2>/dev/null - then - break - fi - prev="$cmd" - done +# func_echo_all arg... +# Invoke $ECHO with all args, space-separated. +func_echo_all () +{ + $ECHO "$*" +} - if test "$prev" != 'sed 50q "[$]0"'; then - echo_test_string=`eval $prev` - export echo_test_string - exec ${ORIGINAL_CONFIG_SHELL-${CONFIG_SHELL-/bin/sh}} "[$]0" ${1+"[$]@"} - else - # Oops. We lost completely, so just stick with echo. - ECHO=echo - fi - fi - fi - fi - fi -fi +case "$ECHO" in + printf*) AC_MSG_RESULT([printf]) ;; + print*) AC_MSG_RESULT([print -r]) ;; + *) AC_MSG_RESULT([cat]) ;; +esac -# Copy echo and quote the copy suitably for passing to libtool from -# the Makefile, instead of quoting the original, which is used later. -lt_ECHO=$ECHO -if test "X$lt_ECHO" = "X$CONFIG_SHELL [$]0 --fallback-echo"; then - lt_ECHO="$CONFIG_SHELL \\\$\[$]0 --fallback-echo" -fi +m4_ifdef([_AS_DETECT_SUGGESTED], +[_AS_DETECT_SUGGESTED([ + test -n "${ZSH_VERSION+set}${BASH_VERSION+set}" || ( + ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' + ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO + ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO$ECHO + PATH=/empty FPATH=/empty; export PATH FPATH + test "X`printf %s $ECHO`" = "X$ECHO" \ + || test "X`print -r -- $ECHO`" = "X$ECHO" )])]) -AC_SUBST(lt_ECHO) -]) _LT_DECL([], [SHELL], [1], [Shell to use when invoking shell scripts]) -_LT_DECL([], [ECHO], [1], - [An echo program that does not interpret backslashes]) +_LT_DECL([], [ECHO], [1], [An echo program that protects backslashes]) ])# _LT_PROG_ECHO_BACKSLASH @@ -1236,7 +1193,7 @@ ia64-*-hpux*) ;; *-*-irix6*) # Find out which ABI we are using. - echo '[#]line __oline__ "configure"' > conftest.$ac_ext + echo '[#]line '$LINENO' "configure"' > conftest.$ac_ext if AC_TRY_EVAL(ac_compile); then if test "$lt_cv_prog_gnu_ld" = yes; then case `/usr/bin/file conftest.$ac_objext` in @@ -1388,10 +1345,19 @@ if test -n "$RANLIB"; then esac old_archive_cmds="$old_archive_cmds~\$RANLIB \$oldlib" fi + +case $host_os in + darwin*) + lock_old_archive_extraction=yes ;; + *) + lock_old_archive_extraction=no ;; +esac _LT_DECL([], [old_postinstall_cmds], [2]) _LT_DECL([], [old_postuninstall_cmds], [2]) _LT_TAGDECL([], [old_archive_cmds], [2], [Commands used to build an old-style archive]) +_LT_DECL([], [lock_old_archive_extraction], [0], + [Whether to use a lock for old archive extraction]) ])# _LT_CMD_OLD_ARCHIVE @@ -1416,15 +1382,15 @@ AC_CACHE_CHECK([$1], [$2], -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [[^ ]]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:__oline__: $lt_compile\"" >&AS_MESSAGE_LOG_FD) + (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&AS_MESSAGE_LOG_FD) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&AS_MESSAGE_LOG_FD - echo "$as_me:__oline__: \$? = $ac_status" >&AS_MESSAGE_LOG_FD + echo "$as_me:$LINENO: \$? = $ac_status" >&AS_MESSAGE_LOG_FD if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. - $ECHO "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' >conftest.exp + $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' >conftest.exp $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then $2=yes @@ -1464,7 +1430,7 @@ AC_CACHE_CHECK([$1], [$2], if test -s conftest.err; then # Append any errors to the config.log. cat conftest.err 1>&AS_MESSAGE_LOG_FD - $ECHO "X$_lt_linker_boilerplate" | $Xsed -e '/^$/d' > conftest.exp + $ECHO "$_lt_linker_boilerplate" | $SED '/^$/d' > conftest.exp $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 if diff conftest.exp conftest.er2 >/dev/null; then $2=yes @@ -1527,6 +1493,11 @@ AC_CACHE_VAL([lt_cv_sys_max_cmd_len], [dnl lt_cv_sys_max_cmd_len=8192; ;; + mint*) + # On MiNT this can take a long time and run out of memory. + lt_cv_sys_max_cmd_len=8192; + ;; + amigaos*) # On AmigaOS with pdksh, this test takes hours, literally. # So we just punt and use a minimum line length of 8192. @@ -1591,8 +1562,8 @@ AC_CACHE_VAL([lt_cv_sys_max_cmd_len], [dnl # If test is not a shell built-in, we'll probably end up computing a # maximum length that is only half of the actual maximum length, but # we can't tell. - while { test "X"`$SHELL [$]0 --fallback-echo "X$teststring$teststring" 2>/dev/null` \ - = "XX$teststring$teststring"; } >/dev/null 2>&1 && + while { test "X"`func_fallback_echo "$teststring$teststring" 2>/dev/null` \ + = "X$teststring$teststring"; } >/dev/null 2>&1 && test $i != 17 # 1/2 MB should be enough do i=`expr $i + 1` @@ -1643,7 +1614,7 @@ else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<_LT_EOF -[#line __oline__ "configure" +[#line $LINENO "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -1684,7 +1655,13 @@ else # endif #endif -void fnord() { int i=42;} +/* When -fvisbility=hidden is used, assume the code has been annotated + correspondingly for the symbols needed. */ +#if defined(__GNUC__) && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3)) +void fnord () __attribute__((visibility("default"))); +#endif + +void fnord () { int i=42; } int main () { void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW); @@ -1693,7 +1670,11 @@ int main () if (self) { if (dlsym (self,"fnord")) status = $lt_dlno_uscore; - else if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore; + else + { + if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore; + else puts (dlerror ()); + } /* dlclose (self); */ } else @@ -1869,16 +1850,16 @@ AC_CACHE_CHECK([if $compiler supports -c -o file.$ac_objext], -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [[^ ]]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:__oline__: $lt_compile\"" >&AS_MESSAGE_LOG_FD) + (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&AS_MESSAGE_LOG_FD) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&AS_MESSAGE_LOG_FD - echo "$as_me:__oline__: \$? = $ac_status" >&AS_MESSAGE_LOG_FD + echo "$as_me:$LINENO: \$? = $ac_status" >&AS_MESSAGE_LOG_FD if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings - $ECHO "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' > out/conftest.exp + $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' > out/conftest.exp $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2 if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then _LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)=yes @@ -2037,6 +2018,7 @@ m4_require([_LT_DECL_EGREP])dnl m4_require([_LT_FILEUTILS_DEFAULTS])dnl m4_require([_LT_DECL_OBJDUMP])dnl m4_require([_LT_DECL_SED])dnl +m4_require([_LT_CHECK_SHELL_FEATURES])dnl AC_MSG_CHECKING([dynamic linker characteristics]) m4_if([$1], [], [ @@ -2045,16 +2027,23 @@ if test "$GCC" = yes; then darwin*) lt_awk_arg="/^libraries:/,/LR/" ;; *) lt_awk_arg="/^libraries:/" ;; esac - lt_search_path_spec=`$CC -print-search-dirs | awk $lt_awk_arg | $SED -e "s/^libraries://" -e "s,=/,/,g"` - if $ECHO "$lt_search_path_spec" | $GREP ';' >/dev/null ; then + case $host_os in + mingw* | cegcc*) lt_sed_strip_eq="s,=\([[A-Za-z]]:\),\1,g" ;; + *) lt_sed_strip_eq="s,=/,/,g" ;; + esac + lt_search_path_spec=`$CC -print-search-dirs | awk $lt_awk_arg | $SED -e "s/^libraries://" -e $lt_sed_strip_eq` + case $lt_search_path_spec in + *\;*) # if the path contains ";" then we assume it to be the separator # otherwise default to the standard path separator (i.e. ":") - it is # assumed that no part of a normal pathname contains ";" but that should # okay in the real world where ";" in dirpaths is itself problematic. - lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED -e 's/;/ /g'` - else - lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` - fi + lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED 's/;/ /g'` + ;; + *) + lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED "s/$PATH_SEPARATOR/ /g"` + ;; + esac # Ok, now we have the path, separated by spaces, we can step through it # and add multilib dir if necessary. lt_tmp_lt_search_path_spec= @@ -2067,7 +2056,7 @@ if test "$GCC" = yes; then lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path" fi done - lt_search_path_spec=`$ECHO $lt_tmp_lt_search_path_spec | awk ' + lt_search_path_spec=`$ECHO "$lt_tmp_lt_search_path_spec" | awk ' BEGIN {RS=" "; FS="/|\n";} { lt_foo=""; lt_count=0; @@ -2087,7 +2076,13 @@ BEGIN {RS=" "; FS="/|\n";} { if (lt_foo != "") { lt_freq[[lt_foo]]++; } if (lt_freq[[lt_foo]] == 1) { print lt_foo; } }'` - sys_lib_search_path_spec=`$ECHO $lt_search_path_spec` + # AWK program above erroneously prepends '/' to C:/dos/paths + # for these hosts. + case $host_os in + mingw* | cegcc*) lt_search_path_spec=`$ECHO "$lt_search_path_spec" |\ + $SED 's,/\([[A-Za-z]]:\),\1,g'` ;; + esac + sys_lib_search_path_spec=`$ECHO "$lt_search_path_spec" | $lt_NL2SP` else sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib" fi]) @@ -2175,7 +2170,7 @@ amigaos*) m68k) library_names_spec='$libname.ixlibrary $libname.a' # Create ${libname}_ixlibrary.a entries in /sys/libs. - finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`$ECHO "X$lib" | $Xsed -e '\''s%^.*/\([[^/]]*\)\.ixlibrary$%\1%'\''`; test $RM /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done' + finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`func_echo_all "$lib" | $SED '\''s%^.*/\([[^/]]*\)\.ixlibrary$%\1%'\''`; test $RM /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done' ;; esac ;; @@ -2228,23 +2223,12 @@ cygwin* | mingw* | pw32* | cegcc*) cygwin*) # Cygwin DLLs use 'cyg' prefix rather than 'lib' soname_spec='`echo ${libname} | sed -e 's/^lib/cyg/'``echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}' - sys_lib_search_path_spec="/usr/lib /lib/w32api /lib /usr/local/lib" +m4_if([$1], [],[ + sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/lib/w32api"]) ;; mingw* | cegcc*) # MinGW DLLs use traditional 'lib' prefix soname_spec='${libname}`echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}' - sys_lib_search_path_spec=`$CC -print-search-dirs | $GREP "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"` - if $ECHO "$sys_lib_search_path_spec" | [$GREP ';[c-zC-Z]:/' >/dev/null]; then - # It is most probably a Windows format PATH printed by - # mingw gcc, but we are running on Cygwin. Gcc prints its search - # path with ; separators, and with drive letters. We can handle the - # drive letters (cygwin fileutils understands them), so leave them, - # especially as we might pass files found there to a mingw objdump, - # which wouldn't understand a cygwinified path. Ahh. - sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'` - else - sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` - fi ;; pw32*) # pw32 DLLs use 'pw' prefix rather than 'lib' @@ -2344,6 +2328,19 @@ gnu*) hardcode_into_libs=yes ;; +haiku*) + version_type=linux + need_lib_prefix=no + need_version=no + dynamic_linker="$host_os runtime_loader" + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LIBRARY_PATH + shlibpath_overrides_runpath=yes + sys_lib_dlsearch_path_spec='/boot/home/config/lib /boot/common/lib /boot/system/lib' + hardcode_into_libs=yes + ;; + hpux9* | hpux10* | hpux11*) # Give a soname corresponding to the major version so that dld.sl refuses to # link against other versions. @@ -2386,8 +2383,10 @@ hpux9* | hpux10* | hpux11*) soname_spec='${libname}${release}${shared_ext}$major' ;; esac - # HP-UX runs *really* slowly unless shared libraries are mode 555. + # HP-UX runs *really* slowly unless shared libraries are mode 555, ... postinstall_cmds='chmod 555 $lib' + # or fails outright, so override atomically: + install_override_mode=555 ;; interix[[3-9]]*) @@ -2454,16 +2453,21 @@ linux* | k*bsd*-gnu | kopensolaris*-gnu) finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=no + # Some binutils ld are patched to set DT_RUNPATH - save_LDFLAGS=$LDFLAGS - save_libdir=$libdir - eval "libdir=/foo; wl=\"$_LT_TAGVAR(lt_prog_compiler_wl, $1)\"; \ - LDFLAGS=\"\$LDFLAGS $_LT_TAGVAR(hardcode_libdir_flag_spec, $1)\"" - AC_LINK_IFELSE([AC_LANG_PROGRAM([],[])], - [AS_IF([ ($OBJDUMP -p conftest$ac_exeext) 2>/dev/null | grep "RUNPATH.*$libdir" >/dev/null], - [shlibpath_overrides_runpath=yes])]) - LDFLAGS=$save_LDFLAGS - libdir=$save_libdir + AC_CACHE_VAL([lt_cv_shlibpath_overrides_runpath], + [lt_cv_shlibpath_overrides_runpath=no + save_LDFLAGS=$LDFLAGS + save_libdir=$libdir + eval "libdir=/foo; wl=\"$_LT_TAGVAR(lt_prog_compiler_wl, $1)\"; \ + LDFLAGS=\"\$LDFLAGS $_LT_TAGVAR(hardcode_libdir_flag_spec, $1)\"" + AC_LINK_IFELSE([AC_LANG_PROGRAM([],[])], + [AS_IF([ ($OBJDUMP -p conftest$ac_exeext) 2>/dev/null | grep "RUNPATH.*$libdir" >/dev/null], + [lt_cv_shlibpath_overrides_runpath=yes])]) + LDFLAGS=$save_LDFLAGS + libdir=$save_libdir + ]) + shlibpath_overrides_runpath=$lt_cv_shlibpath_overrides_runpath # This implies no fast_install, which is unacceptable. # Some rework will be needed to allow for fast_install @@ -2472,7 +2476,7 @@ linux* | k*bsd*-gnu | kopensolaris*-gnu) # Append ld.so.conf contents to the search path if test -f /etc/ld.so.conf; then - lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \[$]2)); skip = 1; } { if (!skip) print \[$]0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '` + lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \[$]2)); skip = 1; } { if (!skip) print \[$]0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '` sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra" fi @@ -2485,18 +2489,6 @@ linux* | k*bsd*-gnu | kopensolaris*-gnu) dynamic_linker='GNU/Linux ld.so' ;; -netbsdelf*-gnu) - version_type=linux - need_lib_prefix=no - need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=no - hardcode_into_libs=yes - dynamic_linker='NetBSD ld.elf_so' - ;; - netbsd*) version_type=sunos need_lib_prefix=no @@ -2717,6 +2709,8 @@ _LT_DECL([], [library_names_spec], [1], The last name is the one that the linker finds with -lNAME]]) _LT_DECL([], [soname_spec], [1], [[The coded name of the library, if different from the real name]]) +_LT_DECL([], [install_override_mode], [1], + [Permission mode override for installation of shared libraries]) _LT_DECL([], [postinstall_cmds], [2], [Command to use after installation of a shared archive]) _LT_DECL([], [postuninstall_cmds], [2], @@ -2829,6 +2823,7 @@ AC_REQUIRE([AC_CANONICAL_HOST])dnl AC_REQUIRE([AC_CANONICAL_BUILD])dnl m4_require([_LT_DECL_SED])dnl m4_require([_LT_DECL_EGREP])dnl +m4_require([_LT_PROG_ECHO_BACKSLASH])dnl AC_ARG_WITH([gnu-ld], [AS_HELP_STRING([--with-gnu-ld], @@ -2958,8 +2953,8 @@ case $host_os in fi ;; esac -_LT_DECL([], [reload_flag], [1], [How to create reloadable object files])dnl -_LT_DECL([], [reload_cmds], [2])dnl +_LT_TAGDECL([], [reload_flag], [1], [How to create reloadable object files])dnl +_LT_TAGDECL([], [reload_cmds], [2])dnl ])# _LT_CMD_RELOAD @@ -3011,16 +3006,18 @@ mingw* | pw32*) # Base MSYS/MinGW do not provide the 'file' command needed by # func_win32_libid shell function, so use a weaker test based on 'objdump', # unless we find 'file', for example because we are cross-compiling. - if ( file / ) >/dev/null 2>&1; then + # func_win32_libid assumes BSD nm, so disallow it if using MS dumpbin. + if ( test "$lt_cv_nm_interface" = "BSD nm" && file / ) >/dev/null 2>&1; then lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL' lt_cv_file_magic_cmd='func_win32_libid' else - lt_cv_deplibs_check_method='file_magic file format pei*-i386(.*architecture: i386)?' + # Keep this pattern in sync with the one in func_win32_libid. + lt_cv_deplibs_check_method='file_magic file format (pei*-i386(.*architecture: i386)?|pe-arm-wince|pe-x86-64)' lt_cv_file_magic_cmd='$OBJDUMP -f' fi ;; -cegcc) +cegcc*) # use the weaker test based on 'objdump'. See mingw*. lt_cv_deplibs_check_method='file_magic file format pe-arm-.*little(.*architecture: arm)?' lt_cv_file_magic_cmd='$OBJDUMP -f' @@ -3050,6 +3047,10 @@ gnu*) lt_cv_deplibs_check_method=pass_all ;; +haiku*) + lt_cv_deplibs_check_method=pass_all + ;; + hpux10.20* | hpux11*) lt_cv_file_magic_cmd=/usr/bin/file case $host_cpu in @@ -3058,11 +3059,11 @@ hpux10.20* | hpux11*) lt_cv_file_magic_test_file=/usr/lib/hpux32/libc.so ;; hppa*64*) - [lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF-[0-9][0-9]) shared object file - PA-RISC [0-9].[0-9]'] + [lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF[ -][0-9][0-9])(-bit)?( [LM]SB)? shared object( file)?[, -]* PA-RISC [0-9]\.[0-9]'] lt_cv_file_magic_test_file=/usr/lib/pa20_64/libc.sl ;; *) - lt_cv_deplibs_check_method='file_magic (s[[0-9]][[0-9]][[0-9]]|PA-RISC[[0-9]].[[0-9]]) shared library' + lt_cv_deplibs_check_method='file_magic (s[[0-9]][[0-9]][[0-9]]|PA-RISC[[0-9]]\.[[0-9]]) shared library' lt_cv_file_magic_test_file=/usr/lib/libc.sl ;; esac @@ -3088,7 +3089,7 @@ linux* | k*bsd*-gnu | kopensolaris*-gnu) lt_cv_deplibs_check_method=pass_all ;; -netbsd* | netbsdelf*-gnu) +netbsd*) if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|_pic\.a)$' else @@ -3226,7 +3227,19 @@ if test "$lt_cv_path_NM" != "no"; then NM="$lt_cv_path_NM" else # Didn't find any BSD compatible name lister, look for dumpbin. - AC_CHECK_TOOLS(DUMPBIN, ["dumpbin -symbols" "link -dump -symbols"], :) + if test -n "$DUMPBIN"; then : + # Let the user override the test. + else + AC_CHECK_TOOLS(DUMPBIN, [dumpbin "link -dump"], :) + case `$DUMPBIN -symbols /dev/null 2>&1 | sed '1q'` in + *COFF*) + DUMPBIN="$DUMPBIN -symbols" + ;; + *) + DUMPBIN=: + ;; + esac + fi AC_SUBST([DUMPBIN]) if test "$DUMPBIN" != ":"; then NM="$DUMPBIN" @@ -3239,13 +3252,13 @@ _LT_DECL([], [NM], [1], [A BSD- or MS-compatible name lister])dnl AC_CACHE_CHECK([the name lister ($NM) interface], [lt_cv_nm_interface], [lt_cv_nm_interface="BSD nm" echo "int some_variable = 0;" > conftest.$ac_ext - (eval echo "\"\$as_me:__oline__: $ac_compile\"" >&AS_MESSAGE_LOG_FD) + (eval echo "\"\$as_me:$LINENO: $ac_compile\"" >&AS_MESSAGE_LOG_FD) (eval "$ac_compile" 2>conftest.err) cat conftest.err >&AS_MESSAGE_LOG_FD - (eval echo "\"\$as_me:__oline__: $NM \\\"conftest.$ac_objext\\\"\"" >&AS_MESSAGE_LOG_FD) + (eval echo "\"\$as_me:$LINENO: $NM \\\"conftest.$ac_objext\\\"\"" >&AS_MESSAGE_LOG_FD) (eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out) cat conftest.err >&AS_MESSAGE_LOG_FD - (eval echo "\"\$as_me:__oline__: output\"" >&AS_MESSAGE_LOG_FD) + (eval echo "\"\$as_me:$LINENO: output\"" >&AS_MESSAGE_LOG_FD) cat conftest.out >&AS_MESSAGE_LOG_FD if $GREP 'External.*some_variable' conftest.out > /dev/null; then lt_cv_nm_interface="MS dumpbin" @@ -3268,7 +3281,7 @@ AC_DEFUN([LT_LIB_M], [AC_REQUIRE([AC_CANONICAL_HOST])dnl LIBM= case $host in -*-*-beos* | *-*-cygwin* | *-*-pw32* | *-*-darwin*) +*-*-beos* | *-*-cegcc* | *-*-cygwin* | *-*-haiku* | *-*-pw32* | *-*-darwin*) # These system don't have libm, or don't need it ;; *-ncr-sysv4.3*) @@ -3296,7 +3309,12 @@ m4_defun([_LT_COMPILER_NO_RTTI], _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)= if test "$GCC" = yes; then - _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -fno-builtin' + case $cc_basename in + nvcc*) + _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -Xcompiler -fno-builtin' ;; + *) + _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -fno-builtin' ;; + esac _LT_COMPILER_OPTION([if $compiler supports -fno-rtti -fno-exceptions], lt_cv_prog_compiler_rtti_exceptions, @@ -3313,6 +3331,7 @@ _LT_TAGDECL([no_builtin_flag], [lt_prog_compiler_no_builtin_flag], [1], m4_defun([_LT_CMD_GLOBAL_SYMBOLS], [AC_REQUIRE([AC_CANONICAL_HOST])dnl AC_REQUIRE([AC_PROG_CC])dnl +AC_REQUIRE([AC_PROG_AWK])dnl AC_REQUIRE([LT_PATH_NM])dnl AC_REQUIRE([LT_PATH_LD])dnl m4_require([_LT_DECL_SED])dnl @@ -3438,7 +3457,7 @@ _LT_EOF if AC_TRY_EVAL(ac_compile); then # Now try to grab the symbols. nlist=conftest.nm - if AC_TRY_EVAL(NM conftest.$ac_objext \| $lt_cv_sys_global_symbol_pipe \> $nlist) && test -s "$nlist"; then + if AC_TRY_EVAL(NM conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist) && test -s "$nlist"; then # Try sorting and uniquifying the output. if sort "$nlist" | uniq > "$nlist"T; then mv -f "$nlist"T "$nlist" @@ -3600,6 +3619,11 @@ m4_if([$1], [CXX], [ # DJGPP does not support shared libraries at all _LT_TAGVAR(lt_prog_compiler_pic, $1)= ;; + haiku*) + # PIC is the default for Haiku. + # The "-static" flag exists, but is broken. + _LT_TAGVAR(lt_prog_compiler_static, $1)= + ;; interix[[3-9]]*) # Interix 3.x gcc -fpic/-fPIC options generate broken code. # Instead, we relocate shared libraries at runtime. @@ -3738,8 +3762,8 @@ m4_if([$1], [CXX], [ _LT_TAGVAR(lt_prog_compiler_pic, $1)= _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' ;; - xlc* | xlC*) - # IBM XL 8.0 on PPC + xlc* | xlC* | bgxl[[cC]]* | mpixl[[cC]]*) + # IBM XL 8.0, 9.0 on PPC and BlueGene _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_pic, $1)='-qpic' _LT_TAGVAR(lt_prog_compiler_static, $1)='-qstaticlink' @@ -3769,7 +3793,7 @@ m4_if([$1], [CXX], [ ;; esac ;; - netbsd* | netbsdelf*-gnu) + netbsd*) ;; *qnx* | *nto*) # QNX uses GNU C++, but need to define -shared option too, otherwise @@ -3801,7 +3825,7 @@ m4_if([$1], [CXX], [ ;; solaris*) case $cc_basename in - CC*) + CC* | sunCC*) # Sun C++ 4.2, 5.x and Centerline C++ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' @@ -3905,6 +3929,12 @@ m4_if([$1], [CXX], [ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common' ;; + haiku*) + # PIC is the default for Haiku. + # The "-static" flag exists, but is broken. + _LT_TAGVAR(lt_prog_compiler_static, $1)= + ;; + hpux*) # PIC is the default for 64-bit PA HP-UX, but not for 32-bit # PA HP-UX. On IA64 HP-UX, PIC is the default but the pic flag @@ -3947,6 +3977,13 @@ m4_if([$1], [CXX], [ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' ;; esac + + case $cc_basename in + nvcc*) # Cuda Compiler Driver 2.2 + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Xlinker ' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-Xcompiler -fPIC' + ;; + esac else # PORTME Check for flag to pass linker flags through the system compiler. case $host_os in @@ -4010,7 +4047,7 @@ m4_if([$1], [CXX], [ _LT_TAGVAR(lt_prog_compiler_pic, $1)='--shared' _LT_TAGVAR(lt_prog_compiler_static, $1)='--static' ;; - pgcc* | pgf77* | pgf90* | pgf95*) + pgcc* | pgf77* | pgf90* | pgf95* | pgfortran*) # Portland Group compilers (*not* the Pentium gcc compiler, # which looks to be a dead project) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' @@ -4022,25 +4059,25 @@ m4_if([$1], [CXX], [ # All Alpha code is PIC. _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' ;; - xl*) - # IBM XL C 8.0/Fortran 10.1 on PPC + xl* | bgxl* | bgf* | mpixl*) + # IBM XL C 8.0/Fortran 10.1, 11.1 on PPC and BlueGene _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_pic, $1)='-qpic' _LT_TAGVAR(lt_prog_compiler_static, $1)='-qstaticlink' ;; *) case `$CC -V 2>&1 | sed 5q` in - *Sun\ C*) - # Sun C 5.9 + *Sun\ F* | *Sun*Fortran*) + # Sun Fortran 8.3 passes all unrecognized flags to the linker _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' - _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_wl, $1)='' ;; - *Sun\ F*) - # Sun Fortran 8.3 passes all unrecognized flags to the linker + *Sun\ C*) + # Sun C 5.9 _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' - _LT_TAGVAR(lt_prog_compiler_wl, $1)='' + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' ;; esac ;; @@ -4072,7 +4109,7 @@ m4_if([$1], [CXX], [ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' case $cc_basename in - f77* | f90* | f95*) + f77* | f90* | f95* | sunf77* | sunf90* | sunf95*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ';; *) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,';; @@ -4182,8 +4219,10 @@ m4_if([$1], [CXX], [ aix[[4-9]]*) # If we're using GNU nm, then we don't want the "-C" option. # -C means demangle to AIX nm, but means don't demangle with GNU nm + # Also, AIX nm treats weak defined symbols like other global defined + # symbols, whereas GNU nm marks them as "W". if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then - _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' + _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' else _LT_TAGVAR(export_symbols_cmds, $1)='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' fi @@ -4194,9 +4233,6 @@ m4_if([$1], [CXX], [ cygwin* | mingw* | cegcc*) _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1 DATA/;/^.*[[ ]]__nm__/s/^.*[[ ]]__nm__\([[^ ]]*\)[[ ]][[^ ]]*/\1 DATA/;/^I[[ ]]/d;/^[[AITW]][[ ]]/s/.* //'\'' | sort | uniq > $export_symbols' ;; - linux* | k*bsd*-gnu) - _LT_TAGVAR(link_all_deplibs, $1)=no - ;; *) _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' ;; @@ -4261,13 +4297,36 @@ dnl Note also adjust exclude_expsyms for C++ above. openbsd*) with_gnu_ld=no ;; - linux* | k*bsd*-gnu) - _LT_TAGVAR(link_all_deplibs, $1)=no - ;; esac _LT_TAGVAR(ld_shlibs, $1)=yes + + # On some targets, GNU ld is compatible enough with the native linker + # that we're better off using the native interface for both. + lt_use_gnu_ld_interface=no if test "$with_gnu_ld" = yes; then + case $host_os in + aix*) + # The AIX port of GNU ld has always aspired to compatibility + # with the native linker. However, as the warning in the GNU ld + # block says, versions before 2.19.5* couldn't really create working + # shared libraries, regardless of the interface used. + case `$LD -v 2>&1` in + *\ \(GNU\ Binutils\)\ 2.19.5*) ;; + *\ \(GNU\ Binutils\)\ 2.[[2-9]]*) ;; + *\ \(GNU\ Binutils\)\ [[3-9]]*) ;; + *) + lt_use_gnu_ld_interface=yes + ;; + esac + ;; + *) + lt_use_gnu_ld_interface=yes + ;; + esac + fi + + if test "$lt_use_gnu_ld_interface" = yes; then # If archive_cmds runs LD, not CC, wlarc should be empty wlarc='${wl}' @@ -4301,11 +4360,12 @@ dnl Note also adjust exclude_expsyms for C++ above. _LT_TAGVAR(ld_shlibs, $1)=no cat <<_LT_EOF 1>&2 -*** Warning: the GNU linker, at least up to release 2.9.1, is reported +*** Warning: the GNU linker, at least up to release 2.19, is reported *** to be unable to reliably create shared libraries on AIX. *** Therefore, libtool is disabling shared libraries support. If you -*** really care for shared libraries, you may want to modify your PATH -*** so that a non-GNU linker is found, and then restart. +*** really care for shared libraries, you may want to install binutils +*** 2.20 or above, or modify your PATH so that a non-GNU linker is found. +*** You will then need to restart the configuration process. _LT_EOF fi @@ -4341,6 +4401,7 @@ _LT_EOF # _LT_TAGVAR(hardcode_libdir_flag_spec, $1) is actually meaningless, # as there is no search path for DLLs. _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-all-symbols' _LT_TAGVAR(allow_undefined_flag, $1)=unsupported _LT_TAGVAR(always_export_symbols, $1)=no _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes @@ -4362,6 +4423,11 @@ _LT_EOF fi ;; + haiku*) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + _LT_TAGVAR(link_all_deplibs, $1)=yes + ;; + interix[[3-9]]*) _LT_TAGVAR(hardcode_direct, $1)=no _LT_TAGVAR(hardcode_shlibpath_var, $1)=no @@ -4391,11 +4457,12 @@ _LT_EOF tmp_sharedflag='-shared' case $cc_basename,$host_cpu in pgcc*) # Portland Group C compiler - _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive' + _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive' tmp_addflag=' $pic_flag' ;; - pgf77* | pgf90* | pgf95*) # Portland Group f77 and f90 compilers - _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive' + pgf77* | pgf90* | pgf95* | pgfortran*) + # Portland Group f77 and f90 compilers + _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive' tmp_addflag=' $pic_flag -Mnomain' ;; ecc*,ia64* | icc*,ia64*) # Intel C compiler on ia64 tmp_addflag=' -i_dynamic' ;; @@ -4406,13 +4473,17 @@ _LT_EOF lf95*) # Lahey Fortran 8.1 _LT_TAGVAR(whole_archive_flag_spec, $1)= tmp_sharedflag='--shared' ;; - xl[[cC]]*) # IBM XL C 8.0 on PPC (deal with xlf below) + xl[[cC]]* | bgxl[[cC]]* | mpixl[[cC]]*) # IBM XL C 8.0 on PPC (deal with xlf below) tmp_sharedflag='-qmkshrobj' tmp_addflag= ;; + nvcc*) # Cuda Compiler Driver 2.2 + _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive' + _LT_TAGVAR(compiler_needs_object, $1)=yes + ;; esac case `$CC -V 2>&1 | sed 5q` in *Sun\ C*) # Sun C 5.9 - _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive' + _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive' _LT_TAGVAR(compiler_needs_object, $1)=yes tmp_sharedflag='-G' ;; *Sun\ F*) # Sun Fortran 8.3 @@ -4428,17 +4499,17 @@ _LT_EOF fi case $cc_basename in - xlf*) + xlf* | bgf* | bgxlf* | mpixlf*) # IBM XL Fortran 10.1 on PPC cannot create shared libs itself _LT_TAGVAR(whole_archive_flag_spec, $1)='--whole-archive$convenience --no-whole-archive' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)= _LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)='-rpath $libdir' - _LT_TAGVAR(archive_cmds, $1)='$LD -shared $libobjs $deplibs $compiler_flags -soname $soname -o $lib' + _LT_TAGVAR(archive_cmds, $1)='$LD -shared $libobjs $deplibs $linker_flags -soname $soname -o $lib' if test "x$supports_anon_versioning" = xyes; then _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~ cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ echo "local: *; };" >> $output_objdir/$libname.ver~ - $LD -shared $libobjs $deplibs $compiler_flags -soname $soname -version-script $output_objdir/$libname.ver -o $lib' + $LD -shared $libobjs $deplibs $linker_flags -soname $soname -version-script $output_objdir/$libname.ver -o $lib' fi ;; esac @@ -4447,7 +4518,7 @@ _LT_EOF fi ;; - netbsd* | netbsdelf*-gnu) + netbsd*) if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib' wlarc= @@ -4559,8 +4630,10 @@ _LT_EOF else # If we're using GNU nm, then we don't want the "-C" option. # -C means demangle to AIX nm, but means don't demangle with GNU nm + # Also, AIX nm treats weak defined symbols like other global + # defined symbols, whereas GNU nm marks them as "W". if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then - _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' + _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' else _LT_TAGVAR(export_symbols_cmds, $1)='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' fi @@ -4622,7 +4695,6 @@ _LT_EOF if test "$aix_use_runtimelinking" = yes; then shared_flag="$shared_flag "'${wl}-G' fi - _LT_TAGVAR(link_all_deplibs, $1)=no else # not using gcc if test "$host_cpu" = ia64; then @@ -4650,7 +4722,7 @@ _LT_EOF # empty executable. _LT_SYS_MODULE_PATH_AIX _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath" - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then $ECHO "X${wl}${allow_undefined_flag}" | $Xsed; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag" + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then func_echo_all "${wl}${allow_undefined_flag}"; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag" else if test "$host_cpu" = ia64; then _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R $libdir:/usr/lib:/lib' @@ -4665,8 +4737,13 @@ _LT_EOF # -berok will link without error, but may produce a broken library. _LT_TAGVAR(no_undefined_flag, $1)=' ${wl}-bernotok' _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-berok' - # Exported symbols can be pulled into shared objects from archives - _LT_TAGVAR(whole_archive_flag_spec, $1)='$convenience' + if test "$with_gnu_ld" = yes; then + # We only use this code for GNU lds that support --whole-archive. + _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive$convenience ${wl}--no-whole-archive' + else + # Exported symbols can be pulled into shared objects from archives + _LT_TAGVAR(whole_archive_flag_spec, $1)='$convenience' + fi _LT_TAGVAR(archive_cmds_need_lc, $1)=yes # This is similar to how AIX traditionally builds its shared libraries. _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname' @@ -4705,7 +4782,7 @@ _LT_EOF # Tell ltmain to make .dll files, not .so files. shrext_cmds=".dll" # FIXME: Setting linknames here is a bad hack. - _LT_TAGVAR(archive_cmds, $1)='$CC -o $lib $libobjs $compiler_flags `$ECHO "X$deplibs" | $Xsed -e '\''s/ -lc$//'\''` -link -dll~linknames=' + _LT_TAGVAR(archive_cmds, $1)='$CC -o $lib $libobjs $compiler_flags `func_echo_all "$deplibs" | $SED '\''s/ -lc$//'\''` -link -dll~linknames=' # The linker will automatically build a .lib file if we build a DLL. _LT_TAGVAR(old_archive_from_new_cmds, $1)='true' # FIXME: Should let the user specify the lib program. @@ -4772,7 +4849,7 @@ _LT_EOF ;; hpux10*) - if test "$GCC" = yes -a "$with_gnu_ld" = no; then + if test "$GCC" = yes && test "$with_gnu_ld" = no; then _LT_TAGVAR(archive_cmds, $1)='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' else _LT_TAGVAR(archive_cmds, $1)='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags' @@ -4791,7 +4868,7 @@ _LT_EOF ;; hpux11*) - if test "$GCC" = yes -a "$with_gnu_ld" = no; then + if test "$GCC" = yes && test "$with_gnu_ld" = no; then case $host_cpu in hppa*64*) _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' @@ -4812,7 +4889,14 @@ _LT_EOF _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' ;; *) - _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' + m4_if($1, [], [ + # Older versions of the 11.00 compiler do not understand -b yet + # (HP92453-01 A.11.01.20 doesn't, HP92453-01 B.11.X.35175-35176.GP does) + _LT_LINKER_OPTION([if $CC understands -b], + _LT_TAGVAR(lt_cv_prog_compiler__b, $1), [-b], + [_LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'], + [_LT_TAGVAR(archive_cmds, $1)='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags'])], + [_LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags']) ;; esac fi @@ -4840,19 +4924,19 @@ _LT_EOF irix5* | irix6* | nonstopux*) if test "$GCC" = yes; then - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' # Try to use the -exported_symbol ld option, if it does not # work, assume that -exports_file does not work either and # implicitly export all symbols. save_LDFLAGS="$LDFLAGS" LDFLAGS="$LDFLAGS -shared ${wl}-exported_symbol ${wl}foo ${wl}-update_registry ${wl}/dev/null" AC_LINK_IFELSE(int foo(void) {}, - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations ${wl}-exports_file ${wl}$export_symbols -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations ${wl}-exports_file ${wl}$export_symbols -o $lib' ) LDFLAGS="$save_LDFLAGS" else - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib' - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -exports_file $export_symbols -o $lib' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -exports_file $export_symbols -o $lib' fi _LT_TAGVAR(archive_cmds_need_lc, $1)='no' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' @@ -4861,7 +4945,7 @@ _LT_EOF _LT_TAGVAR(link_all_deplibs, $1)=yes ;; - netbsd* | netbsdelf*-gnu) + netbsd*) if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out else @@ -4914,17 +4998,17 @@ _LT_EOF _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' _LT_TAGVAR(hardcode_minus_L, $1)=yes _LT_TAGVAR(allow_undefined_flag, $1)=unsupported - _LT_TAGVAR(archive_cmds, $1)='$ECHO "LIBRARY $libname INITINSTANCE" > $output_objdir/$libname.def~$ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~$ECHO DATA >> $output_objdir/$libname.def~$ECHO " SINGLE NONSHARED" >> $output_objdir/$libname.def~$ECHO EXPORTS >> $output_objdir/$libname.def~emxexp $libobjs >> $output_objdir/$libname.def~$CC -Zdll -Zcrtdll -o $lib $libobjs $deplibs $compiler_flags $output_objdir/$libname.def' + _LT_TAGVAR(archive_cmds, $1)='$ECHO "LIBRARY $libname INITINSTANCE" > $output_objdir/$libname.def~$ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~echo DATA >> $output_objdir/$libname.def~echo " SINGLE NONSHARED" >> $output_objdir/$libname.def~echo EXPORTS >> $output_objdir/$libname.def~emxexp $libobjs >> $output_objdir/$libname.def~$CC -Zdll -Zcrtdll -o $lib $libobjs $deplibs $compiler_flags $output_objdir/$libname.def' _LT_TAGVAR(old_archive_from_new_cmds, $1)='emximp -o $output_objdir/$libname.a $output_objdir/$libname.def' ;; osf3*) if test "$GCC" = yes; then _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*' - _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' else _LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*' - _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib' fi _LT_TAGVAR(archive_cmds_need_lc, $1)='no' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' @@ -4934,13 +5018,13 @@ _LT_EOF osf4* | osf5*) # as osf3* with the addition of -msym flag if test "$GCC" = yes; then _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*' - _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' else _LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*' - _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags -msym -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags -msym -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; printf "%s\\n" "-hidden">> $lib.exp~ - $CC -shared${allow_undefined_flag} ${wl}-input ${wl}$lib.exp $compiler_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib~$RM $lib.exp' + $CC -shared${allow_undefined_flag} ${wl}-input ${wl}$lib.exp $compiler_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && $ECHO "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib~$RM $lib.exp' # Both c and cxx compiler support -rpath directly _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir' @@ -5131,36 +5215,38 @@ x|xyes) # Test whether the compiler implicitly links with -lc since on some # systems, -lgcc has to come before -lc. If gcc already passes -lc # to ld, don't add -lc before -lgcc. - AC_MSG_CHECKING([whether -lc should be explicitly linked in]) - $RM conftest* - echo "$lt_simple_compile_test_code" > conftest.$ac_ext - - if AC_TRY_EVAL(ac_compile) 2>conftest.err; then - soname=conftest - lib=conftest - libobjs=conftest.$ac_objext - deplibs= - wl=$_LT_TAGVAR(lt_prog_compiler_wl, $1) - pic_flag=$_LT_TAGVAR(lt_prog_compiler_pic, $1) - compiler_flags=-v - linker_flags=-v - verstring= - output_objdir=. - libname=conftest - lt_save_allow_undefined_flag=$_LT_TAGVAR(allow_undefined_flag, $1) - _LT_TAGVAR(allow_undefined_flag, $1)= - if AC_TRY_EVAL(_LT_TAGVAR(archive_cmds, $1) 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1) - then - _LT_TAGVAR(archive_cmds_need_lc, $1)=no - else - _LT_TAGVAR(archive_cmds_need_lc, $1)=yes - fi - _LT_TAGVAR(allow_undefined_flag, $1)=$lt_save_allow_undefined_flag - else - cat conftest.err 1>&5 - fi - $RM conftest* - AC_MSG_RESULT([$_LT_TAGVAR(archive_cmds_need_lc, $1)]) + AC_CACHE_CHECK([whether -lc should be explicitly linked in], + [lt_cv_]_LT_TAGVAR(archive_cmds_need_lc, $1), + [$RM conftest* + echo "$lt_simple_compile_test_code" > conftest.$ac_ext + + if AC_TRY_EVAL(ac_compile) 2>conftest.err; then + soname=conftest + lib=conftest + libobjs=conftest.$ac_objext + deplibs= + wl=$_LT_TAGVAR(lt_prog_compiler_wl, $1) + pic_flag=$_LT_TAGVAR(lt_prog_compiler_pic, $1) + compiler_flags=-v + linker_flags=-v + verstring= + output_objdir=. + libname=conftest + lt_save_allow_undefined_flag=$_LT_TAGVAR(allow_undefined_flag, $1) + _LT_TAGVAR(allow_undefined_flag, $1)= + if AC_TRY_EVAL(_LT_TAGVAR(archive_cmds, $1) 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1) + then + lt_cv_[]_LT_TAGVAR(archive_cmds_need_lc, $1)=no + else + lt_cv_[]_LT_TAGVAR(archive_cmds_need_lc, $1)=yes + fi + _LT_TAGVAR(allow_undefined_flag, $1)=$lt_save_allow_undefined_flag + else + cat conftest.err 1>&5 + fi + $RM conftest* + ]) + _LT_TAGVAR(archive_cmds_need_lc, $1)=$lt_cv_[]_LT_TAGVAR(archive_cmds_need_lc, $1) ;; esac fi @@ -5330,37 +5416,21 @@ CC="$lt_save_CC" ])# _LT_LANG_C_CONFIG -# _LT_PROG_CXX -# ------------ -# Since AC_PROG_CXX is broken, in that it returns g++ if there is no c++ -# compiler, we have our own version here. -m4_defun([_LT_PROG_CXX], -[ -pushdef([AC_MSG_ERROR], [_lt_caught_CXX_error=yes]) -AC_PROG_CXX -if test -n "$CXX" && ( test "X$CXX" != "Xno" && - ( (test "X$CXX" = "Xg++" && `g++ -v >/dev/null 2>&1` ) || - (test "X$CXX" != "Xg++"))) ; then - AC_PROG_CXXCPP -else - _lt_caught_CXX_error=yes -fi -popdef([AC_MSG_ERROR]) -])# _LT_PROG_CXX - -dnl aclocal-1.4 backwards compatibility: -dnl AC_DEFUN([_LT_PROG_CXX], []) - - # _LT_LANG_CXX_CONFIG([TAG]) # -------------------------- # Ensure that the configuration variables for a C++ compiler are suitably # defined. These variables are subsequently used by _LT_CONFIG to write # the compiler configuration to `libtool'. m4_defun([_LT_LANG_CXX_CONFIG], -[AC_REQUIRE([_LT_PROG_CXX])dnl -m4_require([_LT_FILEUTILS_DEFAULTS])dnl +[m4_require([_LT_FILEUTILS_DEFAULTS])dnl m4_require([_LT_DECL_EGREP])dnl +if test -n "$CXX" && ( test "X$CXX" != "Xno" && + ( (test "X$CXX" = "Xg++" && `g++ -v >/dev/null 2>&1` ) || + (test "X$CXX" != "Xg++"))) ; then + AC_PROG_CXXCPP +else + _lt_caught_CXX_error=yes +fi AC_LANG_PUSH(C++) _LT_TAGVAR(archive_cmds_need_lc, $1)=no @@ -5382,6 +5452,8 @@ _LT_TAGVAR(module_cmds, $1)= _LT_TAGVAR(module_expsym_cmds, $1)= _LT_TAGVAR(link_all_deplibs, $1)=unknown _LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds +_LT_TAGVAR(reload_flag, $1)=$reload_flag +_LT_TAGVAR(reload_cmds, $1)=$reload_cmds _LT_TAGVAR(no_undefined_flag, $1)= _LT_TAGVAR(whole_archive_flag_spec, $1)= _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no @@ -5484,7 +5556,7 @@ if test "$_lt_caught_CXX_error" != yes; then # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. - output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "\-L"' + output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"' else GXX=no @@ -5596,7 +5668,7 @@ if test "$_lt_caught_CXX_error" != yes; then _LT_SYS_MODULE_PATH_AIX _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath" - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then $ECHO "X${wl}${allow_undefined_flag}" | $Xsed; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag" + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then func_echo_all "${wl}${allow_undefined_flag}"; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag" else if test "$host_cpu" = ia64; then _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R $libdir:/usr/lib:/lib' @@ -5611,8 +5683,13 @@ if test "$_lt_caught_CXX_error" != yes; then # -berok will link without error, but may produce a broken library. _LT_TAGVAR(no_undefined_flag, $1)=' ${wl}-bernotok' _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-berok' - # Exported symbols can be pulled into shared objects from archives - _LT_TAGVAR(whole_archive_flag_spec, $1)='$convenience' + if test "$with_gnu_ld" = yes; then + # We only use this code for GNU lds that support --whole-archive. + _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive$convenience ${wl}--no-whole-archive' + else + # Exported symbols can be pulled into shared objects from archives + _LT_TAGVAR(whole_archive_flag_spec, $1)='$convenience' + fi _LT_TAGVAR(archive_cmds_need_lc, $1)=yes # This is similar to how AIX traditionally builds its shared # libraries. @@ -5645,6 +5722,7 @@ if test "$_lt_caught_CXX_error" != yes; then # _LT_TAGVAR(hardcode_libdir_flag_spec, $1) is actually meaningless, # as there is no search path for DLLs. _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-all-symbols' _LT_TAGVAR(allow_undefined_flag, $1)=unsupported _LT_TAGVAR(always_export_symbols, $1)=no _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes @@ -5705,6 +5783,11 @@ if test "$_lt_caught_CXX_error" != yes; then gnu*) ;; + haiku*) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + _LT_TAGVAR(link_all_deplibs, $1)=yes + ;; + hpux9*) _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: @@ -5729,7 +5812,7 @@ if test "$_lt_caught_CXX_error" != yes; then # explicitly linking system object files so we need to strip them # from the output so that they don't get included in the library # dependencies. - output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $EGREP "\-L"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; $ECHO "X$list" | $Xsed' + output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $EGREP "\-L"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"' ;; *) if test "$GXX" = yes; then @@ -5794,7 +5877,7 @@ if test "$_lt_caught_CXX_error" != yes; then # explicitly linking system object files so we need to strip them # from the output so that they don't get included in the library # dependencies. - output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $GREP "\-L"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; $ECHO "X$list" | $Xsed' + output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $GREP "\-L"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"' ;; *) if test "$GXX" = yes; then @@ -5837,7 +5920,7 @@ if test "$_lt_caught_CXX_error" != yes; then case $cc_basename in CC*) # SGI C++ - _LT_TAGVAR(archive_cmds, $1)='$CC -shared -all -multigot $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared -all -multigot $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib' # Archives containing C++ object files must be created using # "CC -ar", where "CC" is the IRIX C++ compiler. This is @@ -5848,9 +5931,9 @@ if test "$_lt_caught_CXX_error" != yes; then *) if test "$GXX" = yes; then if test "$with_gnu_ld" = no; then - _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' else - _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` -o $lib' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` -o $lib' fi fi _LT_TAGVAR(link_all_deplibs, $1)=yes @@ -5879,7 +5962,7 @@ if test "$_lt_caught_CXX_error" != yes; then # explicitly linking system object files so we need to strip them # from the output so that they don't get included in the library # dependencies. - output_verbose_link_cmd='templist=`$CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1 | $GREP "ld"`; rm -f libconftest$shared_ext; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; $ECHO "X$list" | $Xsed' + output_verbose_link_cmd='templist=`$CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1 | $GREP "ld"`; rm -f libconftest$shared_ext; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' @@ -5916,26 +5999,26 @@ if test "$_lt_caught_CXX_error" != yes; then pgCC* | pgcpp*) # Portland Group C++ compiler case `$CC -V` in - *pgCC\ [[1-5]]* | *pgcpp\ [[1-5]]*) + *pgCC\ [[1-5]].* | *pgcpp\ [[1-5]].*) _LT_TAGVAR(prelink_cmds, $1)='tpldir=Template.dir~ rm -rf $tpldir~ $CC --prelink_objects --instantiation_dir $tpldir $objs $libobjs $compile_deplibs~ - compile_command="$compile_command `find $tpldir -name \*.o | $NL2SP`"' + compile_command="$compile_command `find $tpldir -name \*.o | sort | $NL2SP`"' _LT_TAGVAR(old_archive_cmds, $1)='tpldir=Template.dir~ rm -rf $tpldir~ $CC --prelink_objects --instantiation_dir $tpldir $oldobjs$old_deplibs~ - $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | $NL2SP`~ + $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | sort | $NL2SP`~ $RANLIB $oldlib' _LT_TAGVAR(archive_cmds, $1)='tpldir=Template.dir~ rm -rf $tpldir~ $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~ - $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib' + $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='tpldir=Template.dir~ rm -rf $tpldir~ $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~ - $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib' + $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib' ;; - *) # Version 6 will use weak symbols + *) # Version 6 and above use weak symbols _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib' ;; @@ -5943,7 +6026,7 @@ if test "$_lt_caught_CXX_error" != yes; then _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}--rpath ${wl}$libdir' _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' - _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive' + _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive' ;; cxx*) # Compaq C++ @@ -5962,9 +6045,9 @@ if test "$_lt_caught_CXX_error" != yes; then # explicitly linking system object files so we need to strip them # from the output so that they don't get included in the library # dependencies. - output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld"`; templist=`$ECHO "X$templist" | $Xsed -e "s/\(^.*ld.*\)\( .*ld .*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; $ECHO "X$list" | $Xsed' + output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld"`; templist=`func_echo_all "$templist" | $SED "s/\(^.*ld.*\)\( .*ld .*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "X$list" | $Xsed' ;; - xl*) + xl* | mpixl* | bgxl*) # IBM XL 8.0 on PPC, with GNU ld _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' @@ -5984,13 +6067,13 @@ if test "$_lt_caught_CXX_error" != yes; then _LT_TAGVAR(archive_cmds, $1)='$CC -G${allow_undefined_flag} -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G${allow_undefined_flag} -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-retain-symbols-file ${wl}$export_symbols' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' - _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive' + _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive' _LT_TAGVAR(compiler_needs_object, $1)=yes # Not sure whether something based on # $CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1 # would be better. - output_verbose_link_cmd='echo' + output_verbose_link_cmd='func_echo_all' # Archives containing C++ object files must be created using # "CC -xar", where "CC" is the Sun C++ compiler. This is @@ -6059,7 +6142,7 @@ if test "$_lt_caught_CXX_error" != yes; then _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' _LT_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive' fi - output_verbose_link_cmd=echo + output_verbose_link_cmd=func_echo_all else _LT_TAGVAR(ld_shlibs, $1)=no fi @@ -6094,15 +6177,15 @@ if test "$_lt_caught_CXX_error" != yes; then case $host in osf3*) _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*' - _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $soname `test -n "$verstring" && $ECHO "X${wl}-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $soname `test -n "$verstring" && func_echo_all "${wl}-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' ;; *) _LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*' - _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done~ echo "-hidden">> $lib.exp~ - $CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname ${wl}-input ${wl}$lib.exp `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib~ + $CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname ${wl}-input ${wl}$lib.exp `test -n "$verstring" && $ECHO "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib~ $RM $lib.exp' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir' ;; @@ -6118,17 +6201,17 @@ if test "$_lt_caught_CXX_error" != yes; then # explicitly linking system object files so we need to strip them # from the output so that they don't get included in the library # dependencies. - output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld" | $GREP -v "ld:"`; templist=`$ECHO "X$templist" | $Xsed -e "s/\(^.*ld.*\)\( .*ld.*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; $ECHO "X$list" | $Xsed' + output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld" | $GREP -v "ld:"`; templist=`func_echo_all "$templist" | $SED "s/\(^.*ld.*\)\( .*ld.*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"' ;; *) if test "$GXX" = yes && test "$with_gnu_ld" = no; then _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*' case $host in osf3*) - _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib ${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib ${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' ;; *) - _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib ${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib ${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' ;; esac @@ -6138,7 +6221,7 @@ if test "$_lt_caught_CXX_error" != yes; then # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. - output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "\-L"' + output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"' else # FIXME: insert proper C++ library support @@ -6174,7 +6257,7 @@ if test "$_lt_caught_CXX_error" != yes; then solaris*) case $cc_basename in - CC*) + CC* | sunCC*) # Sun C++ 4.2, 5.x and Centerline C++ _LT_TAGVAR(archive_cmds_need_lc,$1)=yes _LT_TAGVAR(no_undefined_flag, $1)=' -zdefs' @@ -6195,7 +6278,7 @@ if test "$_lt_caught_CXX_error" != yes; then esac _LT_TAGVAR(link_all_deplibs, $1)=yes - output_verbose_link_cmd='echo' + output_verbose_link_cmd='func_echo_all' # Archives containing C++ object files must be created using # "CC -xar", where "CC" is the Sun C++ compiler. This is @@ -6222,7 +6305,7 @@ if test "$_lt_caught_CXX_error" != yes; then # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. - output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "\-L"' + output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"' else # g++ 2.7 appears to require `-G' NOT `-shared' on this # platform. @@ -6233,7 +6316,7 @@ if test "$_lt_caught_CXX_error" != yes; then # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. - output_verbose_link_cmd='$CC -G $CFLAGS -v conftest.$objext 2>&1 | $GREP "\-L"' + output_verbose_link_cmd='$CC -G $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"' fi _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R $wl$libdir' @@ -6287,6 +6370,10 @@ if test "$_lt_caught_CXX_error" != yes; then CC*) _LT_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(old_archive_cmds, $1)='$CC -Tprelink_objects $oldobjs~ + '"$_LT_TAGVAR(old_archive_cmds, $1)" + _LT_TAGVAR(reload_cmds, $1)='$CC -Tprelink_objects $reload_objs~ + '"$_LT_TAGVAR(reload_cmds, $1)" ;; *) _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' @@ -6533,7 +6620,7 @@ linux*) solaris*) case $cc_basename in - CC*) + CC* | sunCC*) # The more standards-conforming stlport4 library is # incompatible with the Cstd library. Avoid specifying # it if it's in CXXFLAGS. Ignore libCrun as @@ -6577,32 +6664,16 @@ _LT_TAGDECL([], [compiler_lib_search_path], [1], ])# _LT_SYS_HIDDEN_LIBDEPS -# _LT_PROG_F77 -# ------------ -# Since AC_PROG_F77 is broken, in that it returns the empty string -# if there is no fortran compiler, we have our own version here. -m4_defun([_LT_PROG_F77], -[ -pushdef([AC_MSG_ERROR], [_lt_disable_F77=yes]) -AC_PROG_F77 -if test -z "$F77" || test "X$F77" = "Xno"; then - _lt_disable_F77=yes -fi -popdef([AC_MSG_ERROR]) -])# _LT_PROG_F77 - -dnl aclocal-1.4 backwards compatibility: -dnl AC_DEFUN([_LT_PROG_F77], []) - - # _LT_LANG_F77_CONFIG([TAG]) # -------------------------- # Ensure that the configuration variables for a Fortran 77 compiler are # suitably defined. These variables are subsequently used by _LT_CONFIG # to write the compiler configuration to `libtool'. m4_defun([_LT_LANG_F77_CONFIG], -[AC_REQUIRE([_LT_PROG_F77])dnl -AC_LANG_PUSH(Fortran 77) +[AC_LANG_PUSH(Fortran 77) +if test -z "$F77" || test "X$F77" = "Xno"; then + _lt_disable_F77=yes +fi _LT_TAGVAR(archive_cmds_need_lc, $1)=no _LT_TAGVAR(allow_undefined_flag, $1)= @@ -6621,6 +6692,8 @@ _LT_TAGVAR(module_cmds, $1)= _LT_TAGVAR(module_expsym_cmds, $1)= _LT_TAGVAR(link_all_deplibs, $1)=unknown _LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds +_LT_TAGVAR(reload_flag, $1)=$reload_flag +_LT_TAGVAR(reload_cmds, $1)=$reload_cmds _LT_TAGVAR(no_undefined_flag, $1)= _LT_TAGVAR(whole_archive_flag_spec, $1)= _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no @@ -6720,32 +6793,17 @@ AC_LANG_POP ])# _LT_LANG_F77_CONFIG -# _LT_PROG_FC -# ----------- -# Since AC_PROG_FC is broken, in that it returns the empty string -# if there is no fortran compiler, we have our own version here. -m4_defun([_LT_PROG_FC], -[ -pushdef([AC_MSG_ERROR], [_lt_disable_FC=yes]) -AC_PROG_FC -if test -z "$FC" || test "X$FC" = "Xno"; then - _lt_disable_FC=yes -fi -popdef([AC_MSG_ERROR]) -])# _LT_PROG_FC - -dnl aclocal-1.4 backwards compatibility: -dnl AC_DEFUN([_LT_PROG_FC], []) - - # _LT_LANG_FC_CONFIG([TAG]) # ------------------------- # Ensure that the configuration variables for a Fortran compiler are # suitably defined. These variables are subsequently used by _LT_CONFIG # to write the compiler configuration to `libtool'. m4_defun([_LT_LANG_FC_CONFIG], -[AC_REQUIRE([_LT_PROG_FC])dnl -AC_LANG_PUSH(Fortran) +[AC_LANG_PUSH(Fortran) + +if test -z "$FC" || test "X$FC" = "Xno"; then + _lt_disable_FC=yes +fi _LT_TAGVAR(archive_cmds_need_lc, $1)=no _LT_TAGVAR(allow_undefined_flag, $1)= @@ -6764,6 +6822,8 @@ _LT_TAGVAR(module_cmds, $1)= _LT_TAGVAR(module_expsym_cmds, $1)= _LT_TAGVAR(link_all_deplibs, $1)=unknown _LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds +_LT_TAGVAR(reload_flag, $1)=$reload_flag +_LT_TAGVAR(reload_cmds, $1)=$reload_cmds _LT_TAGVAR(no_undefined_flag, $1)= _LT_TAGVAR(whole_archive_flag_spec, $1)= _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no @@ -6909,6 +6969,8 @@ _LT_CC_BASENAME([$compiler]) _LT_TAGVAR(archive_cmds_need_lc, $1)=no _LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds +_LT_TAGVAR(reload_flag, $1)=$reload_flag +_LT_TAGVAR(reload_cmds, $1)=$reload_cmds ## CAVEAT EMPTOR: ## There is no encapsulation within the following macros, do not change @@ -7276,7 +7338,7 @@ _LT_EOF func_dirname () { # Extract subdirectory from the argument. - func_dirname_result=`$ECHO "X${1}" | $Xsed -e "$dirname"` + func_dirname_result=`$ECHO "${1}" | $SED "$dirname"` if test "X$func_dirname_result" = "X${1}"; then func_dirname_result="${3}" else @@ -7287,7 +7349,7 @@ func_dirname () # func_basename file func_basename () { - func_basename_result=`$ECHO "X${1}" | $Xsed -e "$basename"` + func_basename_result=`$ECHO "${1}" | $SED "$basename"` } dnl func_dirname_and_basename @@ -7303,10 +7365,8 @@ dnl so there is no need for it here. func_stripname () { case ${2} in - .*) func_stripname_result=`$ECHO "X${3}" \ - | $Xsed -e "s%^${1}%%" -e "s%\\\\${2}\$%%"`;; - *) func_stripname_result=`$ECHO "X${3}" \ - | $Xsed -e "s%^${1}%%" -e "s%${2}\$%%"`;; + .*) func_stripname_result=`$ECHO "${3}" | $SED "s%^${1}%%; s%\\\\${2}\$%%"`;; + *) func_stripname_result=`$ECHO "${3}" | $SED "s%^${1}%%; s%${2}\$%%"`;; esac } @@ -7317,20 +7377,20 @@ my_sed_long_arg='1s/^-[[^=]]*=//' # func_opt_split func_opt_split () { - func_opt_split_opt=`$ECHO "X${1}" | $Xsed -e "$my_sed_long_opt"` - func_opt_split_arg=`$ECHO "X${1}" | $Xsed -e "$my_sed_long_arg"` + func_opt_split_opt=`$ECHO "${1}" | $SED "$my_sed_long_opt"` + func_opt_split_arg=`$ECHO "${1}" | $SED "$my_sed_long_arg"` } # func_lo2o object func_lo2o () { - func_lo2o_result=`$ECHO "X${1}" | $Xsed -e "$lo2o"` + func_lo2o_result=`$ECHO "${1}" | $SED "$lo2o"` } # func_xform libobj-or-source func_xform () { - func_xform_result=`$ECHO "X${1}" | $Xsed -e 's/\.[[^.]]*$/.lo/'` + func_xform_result=`$ECHO "${1}" | $SED 's/\.[[^.]]*$/.lo/'` } # func_arith arithmetic-term... diff --git a/lib/m4/ltoptions.m4 b/lib/m4/ltoptions.m4 index 34151a3..17cfd51 100644 --- a/lib/m4/ltoptions.m4 +++ b/lib/m4/ltoptions.m4 @@ -1,13 +1,14 @@ # Helper functions for option handling. -*- Autoconf -*- # -# Copyright (C) 2004, 2005, 2007, 2008 Free Software Foundation, Inc. +# Copyright (C) 2004, 2005, 2007, 2008, 2009 Free Software Foundation, +# Inc. # Written by Gary V. Vaughan, 2004 # # This file is free software; the Free Software Foundation gives # unlimited permission to copy and/or distribute it, with or without # modifications, as long as this notice is preserved. -# serial 6 ltoptions.m4 +# serial 7 ltoptions.m4 # This is to help aclocal find these macros, as it can't see m4_define. AC_DEFUN([LTOPTIONS_VERSION], [m4_if([1])]) @@ -125,7 +126,7 @@ LT_OPTION_DEFINE([LT_INIT], [win32-dll], [enable_win32_dll=yes case $host in -*-*-cygwin* | *-*-mingw* | *-*-pw32* | *-cegcc*) +*-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-cegcc*) AC_CHECK_TOOL(AS, as, false) AC_CHECK_TOOL(DLLTOOL, dlltool, false) AC_CHECK_TOOL(OBJDUMP, objdump, false) @@ -133,13 +134,13 @@ case $host in esac test -z "$AS" && AS=as -_LT_DECL([], [AS], [0], [Assembler program])dnl +_LT_DECL([], [AS], [1], [Assembler program])dnl test -z "$DLLTOOL" && DLLTOOL=dlltool -_LT_DECL([], [DLLTOOL], [0], [DLL creation program])dnl +_LT_DECL([], [DLLTOOL], [1], [DLL creation program])dnl test -z "$OBJDUMP" && OBJDUMP=objdump -_LT_DECL([], [OBJDUMP], [0], [Object dumper program])dnl +_LT_DECL([], [OBJDUMP], [1], [Object dumper program])dnl ])# win32-dll AU_DEFUN([AC_LIBTOOL_WIN32_DLL], diff --git a/lib/m4/ltversion.m4 b/lib/m4/ltversion.m4 index f3c5309..93fc771 100644 --- a/lib/m4/ltversion.m4 +++ b/lib/m4/ltversion.m4 @@ -9,15 +9,15 @@ # Generated from ltversion.in. -# serial 3017 ltversion.m4 +# serial 3175 ltversion.m4 # This file is part of GNU Libtool -m4_define([LT_PACKAGE_VERSION], [2.2.6b]) -m4_define([LT_PACKAGE_REVISION], [1.3017]) +m4_define([LT_PACKAGE_VERSION], [2.2.10]) +m4_define([LT_PACKAGE_REVISION], [1.3175]) AC_DEFUN([LTVERSION_VERSION], -[macro_version='2.2.6b' -macro_revision='1.3017' +[macro_version='2.2.10' +macro_revision='1.3175' _LT_DECL(, macro_version, 0, [Which release of libtool.m4 was used?]) _LT_DECL(, macro_revision, 0) ]) diff --git a/lib/m4/lt~obsolete.m4 b/lib/m4/lt~obsolete.m4 index 637bb20..c573da9 100644 --- a/lib/m4/lt~obsolete.m4 +++ b/lib/m4/lt~obsolete.m4 @@ -1,13 +1,13 @@ # lt~obsolete.m4 -- aclocal satisfying obsolete definitions. -*-Autoconf-*- # -# Copyright (C) 2004, 2005, 2007 Free Software Foundation, Inc. +# Copyright (C) 2004, 2005, 2007, 2009 Free Software Foundation, Inc. # Written by Scott James Remnant, 2004. # # This file is free software; the Free Software Foundation gives # unlimited permission to copy and/or distribute it, with or without # modifications, as long as this notice is preserved. -# serial 4 lt~obsolete.m4 +# serial 5 lt~obsolete.m4 # These exist entirely to fool aclocal when bootstrapping libtool. # @@ -77,7 +77,6 @@ m4_ifndef([AC_DISABLE_FAST_INSTALL], [AC_DEFUN([AC_DISABLE_FAST_INSTALL])]) m4_ifndef([_LT_AC_LANG_CXX], [AC_DEFUN([_LT_AC_LANG_CXX])]) m4_ifndef([_LT_AC_LANG_F77], [AC_DEFUN([_LT_AC_LANG_F77])]) m4_ifndef([_LT_AC_LANG_GCJ], [AC_DEFUN([_LT_AC_LANG_GCJ])]) -m4_ifndef([AC_LIBTOOL_RC], [AC_DEFUN([AC_LIBTOOL_RC])]) m4_ifndef([AC_LIBTOOL_LANG_C_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_C_CONFIG])]) m4_ifndef([_LT_AC_LANG_C_CONFIG], [AC_DEFUN([_LT_AC_LANG_C_CONFIG])]) m4_ifndef([AC_LIBTOOL_LANG_CXX_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_CXX_CONFIG])]) @@ -90,3 +89,10 @@ m4_ifndef([AC_LIBTOOL_LANG_RC_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_RC_CONFIG])]) m4_ifndef([_LT_AC_LANG_RC_CONFIG], [AC_DEFUN([_LT_AC_LANG_RC_CONFIG])]) m4_ifndef([AC_LIBTOOL_CONFIG], [AC_DEFUN([AC_LIBTOOL_CONFIG])]) m4_ifndef([_LT_AC_FILE_LTDLL_C], [AC_DEFUN([_LT_AC_FILE_LTDLL_C])]) +m4_ifndef([_LT_REQUIRED_DARWIN_CHECKS], [AC_DEFUN([_LT_REQUIRED_DARWIN_CHECKS])]) +m4_ifndef([_LT_AC_PROG_CXXCPP], [AC_DEFUN([_LT_AC_PROG_CXXCPP])]) +m4_ifndef([_LT_PREPARE_SED_QUOTE_VARS], [AC_DEFUN([_LT_PREPARE_SED_QUOTE_VARS])]) +m4_ifndef([_LT_PROG_ECHO_BACKSLASH], [AC_DEFUN([_LT_PROG_ECHO_BACKSLASH])]) +m4_ifndef([_LT_PROG_F77], [AC_DEFUN([_LT_PROG_F77])]) +m4_ifndef([_LT_PROG_FC], [AC_DEFUN([_LT_PROG_FC])]) +m4_ifndef([_LT_PROG_CXX], [AC_DEFUN([_LT_PROG_CXX])]) diff --git a/lib/packet.c b/lib/packet.c index 8e6f22d..ce68bea 100644 --- a/lib/packet.c +++ b/lib/packet.c @@ -6,6 +6,7 @@ #endif #include <assert.h> +#include <radius/client.h> #include <event2/bufferevent.h> #include <radsec/radsec.h> #include <radsec/radsec-impl.h> @@ -24,6 +25,8 @@ packet_verify_response (struct rs_connection *conn, struct rs_packet *response, struct rs_packet *request) { + int err; + assert (conn); assert (conn->active_peer); assert (conn->active_peer->secret); @@ -32,20 +35,27 @@ packet_verify_response (struct rs_connection *conn, assert (request); assert (request->rpkt); + response->rpkt->secret = conn->active_peer->secret; + response->rpkt->sizeof_secret = strlen (conn->active_peer->secret); + /* Verify header and message authenticator. */ - if (rad_verify (response->rpkt, request->rpkt, conn->active_peer->secret)) + err = nr_packet_verify (response->rpkt, request->rpkt); + if (err) { - conn_close (&conn); - return rs_err_conn_push_fl (conn, RSE_FR, __FILE__, __LINE__, - "rad_verify: %s", fr_strerror ()); + if (conn->is_connected) + rs_conn_disconnect(conn); + return rs_err_conn_push_fl (conn, -err, __FILE__, __LINE__, + "nr_packet_verify"); } /* Decode and decrypt. */ - if (rad_decode (response->rpkt, request->rpkt, conn->active_peer->secret)) + err = nr_packet_decode (response->rpkt, request->rpkt); + if (err) { - conn_close (&conn); - return rs_err_conn_push_fl (conn, RSE_FR, __FILE__, __LINE__, - "rad_decode: %s", fr_strerror ()); + if (conn->is_connected) + rs_conn_disconnect(conn); + return rs_err_conn_push_fl (conn, -err, __FILE__, __LINE__, + "nr_packet_decode"); } return RSE_OK; @@ -57,7 +67,7 @@ packet_verify_response (struct rs_connection *conn, int packet_do_send (struct rs_packet *pkt) { - VALUE_PAIR *vp = NULL; + int err; assert (pkt); assert (pkt->conn); @@ -65,22 +75,19 @@ packet_do_send (struct rs_packet *pkt) assert (pkt->conn->active_peer->secret); assert (pkt->rpkt); - /* Add a Message-Authenticator, RFC 2869, if not already present. */ - /* FIXME: Make Message-Authenticator optional? */ - vp = paircreate (PW_MESSAGE_AUTHENTICATOR, PW_TYPE_OCTETS); - if (!vp) - return rs_err_conn_push_fl (pkt->conn, RSE_FR, __FILE__, __LINE__, - "paircreate: %s", fr_strerror ()); - pairreplace (&pkt->rpkt->vps, vp); + pkt->rpkt->secret = pkt->conn->active_peer->secret; + pkt->rpkt->sizeof_secret = strlen (pkt->rpkt->secret); /* Encode message. */ - if (rad_encode (pkt->rpkt, NULL, pkt->conn->active_peer->secret)) - return rs_err_conn_push_fl (pkt->conn, RSE_FR, __FILE__, __LINE__, - "rad_encode: %s", fr_strerror ()); + err = nr_packet_encode (pkt->rpkt, NULL); + if (err < 0) + return rs_err_conn_push_fl (pkt->conn, -err, __FILE__, __LINE__, + "nr_packet_encode"); /* Sign message. */ - if (rad_sign (pkt->rpkt, NULL, pkt->conn->active_peer->secret)) - return rs_err_conn_push_fl (pkt->conn, RSE_FR, __FILE__, __LINE__, - "rad_sign: %s", fr_strerror ()); + err = nr_packet_sign (pkt->rpkt, NULL); + if (err < 0) + return rs_err_conn_push_fl (pkt->conn, -err, __FILE__, __LINE__, + "nr_packet_sign"); #if defined (DEBUG) { char host[80], serv[80]; @@ -98,7 +105,7 @@ packet_do_send (struct rs_packet *pkt) if (pkt->conn->bev) /* TCP. */ { int err = bufferevent_write (pkt->conn->bev, pkt->rpkt->data, - pkt->rpkt->data_len); + pkt->rpkt->length); if (err < 0) return rs_err_conn_push_fl (pkt->conn, RSE_EVENT, __FILE__, __LINE__, "bufferevent_write: %s", @@ -122,21 +129,36 @@ rs_packet_create (struct rs_connection *conn, struct rs_packet **pkt_out) { struct rs_packet *p; RADIUS_PACKET *rpkt; + int err; *pkt_out = NULL; - rpkt = rad_alloc (1); - if (!rpkt) + rpkt = rs_malloc (conn->ctx, sizeof(*rpkt) + RS_MAX_PACKET_LEN); + if (rpkt == NULL) return rs_err_conn_push (conn, RSE_NOMEM, __func__); - rpkt->id = conn->nextid++; - p = (struct rs_packet *) malloc (sizeof (struct rs_packet)); - if (!p) + /* + * This doesn't make sense; the packet identifier is constant for + * an entire conversation. A separate API should be provided to + * allow the application to set the packet ID, or a conversation + * object should group related packets together. + */ +#if 0 + rpkt->id = conn->nextid++ +#endif + + err = nr_packet_init (rpkt, NULL, NULL, + PW_ACCESS_REQUEST, + rpkt + 1, RS_MAX_PACKET_LEN); + if (err < 0) + return rs_err_conn_push (conn, -err, __func__); + + p = (struct rs_packet *) rs_calloc (conn->ctx, 1, sizeof (*p)); + if (p == NULL) { - rad_free (&rpkt); + rs_free (conn->ctx, rpkt); return rs_err_conn_push (conn, RSE_NOMEM, __func__); } - memset (p, 0, sizeof (struct rs_packet)); p->conn = conn; p->rpkt = rpkt; @@ -150,41 +172,31 @@ rs_packet_create_authn_request (struct rs_connection *conn, const char *user_name, const char *user_pw) { struct rs_packet *pkt; - VALUE_PAIR *vp = NULL; + int err; if (rs_packet_create (conn, pkt_out)) return -1; + pkt = *pkt_out; - pkt->rpkt->code = PW_AUTHENTICATION_REQUEST; + pkt->rpkt->code = PW_ACCESS_REQUEST; if (user_name) { - vp = pairmake ("User-Name", user_name, T_OP_EQ); - if (vp == NULL) - return rs_err_conn_push_fl (conn, RSE_FR, __FILE__, __LINE__, - "pairmake: %s", fr_strerror ()); - pairadd (&pkt->rpkt->vps, vp); + err = rs_packet_append_avp (pkt, PW_USER_NAME, 0, user_name, 0); + if (err) + return err; } if (user_pw) { - vp = pairmake ("User-Password", user_pw, T_OP_EQ); - if (vp == NULL) - return rs_err_conn_push_fl (conn, RSE_FR, __FILE__, __LINE__, - "pairmake: %s", fr_strerror ()); - pairadd (&pkt->rpkt->vps, vp); + err = rs_packet_append_avp (pkt, PW_USER_PASSWORD, 0, user_pw, 0); + if (err) + return err; } return RSE_OK; } -struct radius_packet * -rs_packet_frpkt (struct rs_packet *pkt) -{ - assert (pkt); - return pkt->rpkt; -} - void rs_packet_destroy (struct rs_packet *pkt) { @@ -192,6 +204,59 @@ rs_packet_destroy (struct rs_packet *pkt) assert (pkt->conn); assert (pkt->conn->ctx); - rad_free (&pkt->rpkt); /* Note: This frees the VALUE_PAIR's too. */ + rs_avp_free (&pkt->rpkt->vps); + rs_free (pkt->conn->ctx, pkt->rpkt); rs_free (pkt->conn->ctx, pkt); } + +int +rs_packet_append_avp (struct rs_packet *pkt, + unsigned int attr, unsigned int vendor, + const void *data, size_t data_len) +{ + const DICT_ATTR *da; + int err; + + assert (pkt); + + da = nr_dict_attr_byvalue (attr, vendor); + if (da == NULL) + return RSE_ATTR_TYPE_UNKNOWN; + + err = nr_packet_attr_append (pkt->rpkt, NULL, da, data, data_len); + if (err < 0) + return rs_err_conn_push (pkt->conn, -err, __func__); + + return RSE_OK; +} + +void +rs_packet_avps (struct rs_packet *pkt, rs_avp ***vps) +{ + assert (pkt); + *vps = &pkt->rpkt->vps; +} + +unsigned int +rs_packet_code (struct rs_packet *pkt) +{ + assert (pkt); + return pkt->rpkt->code; +} + +rs_const_avp * +rs_packet_find_avp (struct rs_packet *pkt, unsigned int attr, unsigned int vendor) +{ + assert (pkt); + return rs_avp_find_const (pkt->rpkt->vps, attr, vendor); +} + +int +rs_packet_set_id (struct rs_packet *pkt, int id) +{ + int old = pkt->rpkt->id; + + pkt->rpkt->id = id; + + return old; +} @@ -6,6 +6,9 @@ #endif #include <assert.h> +#include <stdlib.h> +#include <string.h> + #include <radsec/radsec.h> #include <radsec/radsec-impl.h> #include "err.h" diff --git a/lib/radius/.gitignore b/lib/radius/.gitignore new file mode 100644 index 0000000..1af03df --- /dev/null +++ b/lib/radius/.gitignore @@ -0,0 +1 @@ +dictionaries.c diff --git a/lib/radius/LICENSE b/lib/radius/LICENSE new file mode 100644 index 0000000..01dbe92 --- /dev/null +++ b/lib/radius/LICENSE @@ -0,0 +1,24 @@ +Copyright (c) 2011, Network RADIUS SARL +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the <organization> nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY +DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/lib/radius/Makefile.am b/lib/radius/Makefile.am new file mode 100644 index 0000000..92a12cf --- /dev/null +++ b/lib/radius/Makefile.am @@ -0,0 +1,38 @@ +AUTOMAKE_OPTIONS = foreign +ACLOCAL_AMFLAGS = -I m4 + +INCLUDES = -I$(top_srcdir)/include -I$(top_srcdir) +AM_CFLAGS = -Wall -g + +noinst_LTLIBRARIES = libradsec-radius.la + +libradsec_radius_la_SOURCES = \ + attrs.c \ + crypto.c \ + custom.c \ + dict.c \ + id.c \ + parse.c \ + print.c \ + radpkt.c \ + static.c \ + valuepair.c + +libradsec_radius_la_CFLAGS = $(AM_CFLAGS) -DHAVE_CONFIG_H + +DICTIONARIES = \ + share/dictionary.txt \ + share/dictionary.juniper \ + share/dictionary.microsoft \ + share/dictionary.ukerna + +$(top_srcdir)/include/radsec/radius.h dictionaries.c: ${DICTIONARIES} convert.pl common.pl + $(srcdir)/convert.pl ${DICTIONARIES} + +static.$(OBJEXT): static.c dictionaries.c + +clean-local: + rm -f dictionaries.c + +$(libradsec_radius_la_SOURCES): $(top_srcdir)/include/radsec/radius.h + diff --git a/lib/radius/attrs.c b/lib/radius/attrs.c new file mode 100644 index 0000000..21cd3f0 --- /dev/null +++ b/lib/radius/attrs.c @@ -0,0 +1,1411 @@ +/* +Copyright (c) 2011, Network RADIUS SARL +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the <organization> nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY +DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/** \file attrs.c + * \brief Attribute encoding and decoding routines. + */ + +#include "client.h" + +/* + * Encodes the data portion of an attribute. + * Returns -1 on error, or the length of the data portion. + */ +static ssize_t vp2data_any(const RADIUS_PACKET *packet, + const RADIUS_PACKET *original, + int nest, + const VALUE_PAIR **pvp, + uint8_t *start, size_t room) +{ + uint32_t lvalue; + ssize_t len; + const uint8_t *data; + uint8_t *ptr = start; + uint8_t array[4]; + const VALUE_PAIR *vp = *pvp; + +#ifdef RS_TYPE_TLV + /* + * See if we need to encode a TLV. The low portion of + * the attribute has already been placed into the packer. + * If there are still attribute bytes left, then go + * encode them as TLVs. + * + * If we cared about the stack, we could unroll the loop. + */ + if ((nest > 0) && (nest <= nr_attr_max_tlv) && + ((vp->da->attr >> nr_attr_shift[nest]) != 0)) { + return vp2data_tlvs(packet, original, nest, pvp, + start, room); + } +#else + nest = nest; /* -Wunused */ +#endif + + /* + * Set up the default sources for the data. + */ + data = vp->vp_octets; + len = vp->length; + + switch(vp->da->type) { + case RS_TYPE_IPV6PREFIX: + len = sizeof(vp->vp_ipv6prefix); + break; + + case RS_TYPE_STRING: + case RS_TYPE_OCTETS: + case RS_TYPE_IFID: + case RS_TYPE_IPV6ADDR: +#ifdef RS_TYPE_ABINARY + case RS_TYPE_ABINARY: +#endif + /* nothing more to do */ + break; + + case RS_TYPE_BYTE: + len = 1; /* just in case */ + array[0] = vp->vp_integer & 0xff; + data = array; + break; + + case RS_TYPE_SHORT: + len = 2; /* just in case */ + array[0] = (vp->vp_integer >> 8) & 0xff; + array[1] = vp->vp_integer & 0xff; + data = array; + break; + + case RS_TYPE_INTEGER: + len = 4; /* just in case */ + lvalue = htonl(vp->vp_integer); + memcpy(array, &lvalue, sizeof(lvalue)); + data = array; + break; + + case RS_TYPE_IPADDR: + data = (const uint8_t *) &vp->vp_ipaddr; + len = 4; /* just in case */ + break; + + /* + * There are no tagged date attributes. + */ + case RS_TYPE_DATE: + lvalue = htonl(vp->vp_date); + data = (const uint8_t *) &lvalue; + len = 4; /* just in case */ + break; + +#ifdef VENDORPEC_WIMAX + case RS_TYPE_SIGNED: + { + int32_t slvalue; + + len = 4; /* just in case */ + slvalue = htonl(vp->vp_signed); + memcpy(array, &slvalue, sizeof(slvalue)); + break; + } +#endif + +#ifdef RS_TYPE_TLV + case RS_TYPE_TLV: + data = vp->vp_tlv; + if (!data) { + nr_debug_error("ERROR: Cannot encode NULL TLV"); + return -RSE_INVAL; + } + len = vp->length; + break; +#endif + + default: /* unknown type: ignore it */ + nr_debug_error("ERROR: Unknown attribute type %d", vp->da->type); + return -RSE_ATTR_TYPE_UNKNOWN; + } + + /* + * Bound the data to the calling size + */ + if (len > (ssize_t) room) len = room; + +#ifndef FLAG_ENCRYPT_TUNNEL_PASSWORD + original = original; /* -Wunused */ +#endif + + /* + * Encrypt the various password styles + * + * Attributes with encrypted values MUST be less than + * 128 bytes long. + */ + switch (vp->da->flags.encrypt) { + case FLAG_ENCRYPT_USER_PASSWORD: + len = nr_password_encrypt(ptr, room, data, len, + packet->secret, packet->vector); + break; + +#ifdef FLAG_ENCRYPT_TUNNEL_PASSWORD + case FLAG_ENCRYPT_TUNNEL_PASSWORD: + lvalue = 0; + if (vp->da->flags.has_tag) lvalue = 1; + + /* + * Check if there's enough room. If there isn't, + * we discard the attribute. + * + * This is ONLY a problem if we have multiple VSA's + * in one Vendor-Specific, though. + */ + if (room < (18 + lvalue)) { + *pvp = vp->next; + return 0; + } + + switch (packet->code) { + case PW_ACCESS_ACCEPT: + case PW_ACCESS_REJECT: + case PW_ACCESS_CHALLENGE: + default: + if (!original) { + nr_debug_error("ERROR: No request packet, cannot encrypt %s attribute in the vp.", vp->da->name); + return -RSE_REQUEST_REQUIRED; + } + + if (lvalue) ptr[0] = vp->tag; + len = nr_tunnelpw_encrypt(ptr + lvalue, + room - lvalue, data, len, + packet->secret, + original->vector); + if (len < 0) return len; + break; + case PW_ACCOUNTING_REQUEST: + case PW_DISCONNECT_REQUEST: + case PW_COA_REQUEST: + ptr[0] = vp->tag; + len = nr_tunnelpw_encrypt(ptr + 1, room, data, len - 1, + packet->secret, + packet->vector); + if (len < 0) return len; + break; + } + break; +#endif + + /* + * The code above ensures that this attribute + * always fits. + */ +#ifdef FLAG_ENCRYPT_ASCEND_SECRET + case FLAG_ENCRYPT_ASCEND_SECRET: + make_secret(ptr, packet->vector, packet->secret, data); + len = AUTH_VECTOR_LEN; + break; +#endif + + default: + if (vp->da->flags.has_tag && TAG_VALID(vp->tag)) { + if (vp->da->type == RS_TYPE_STRING) { + if (len > ((ssize_t) (room - 1))) len = room - 1; + ptr[0] = vp->tag; + ptr++; + } else if (vp->da->type == RS_TYPE_INTEGER) { + array[0] = vp->tag; + } /* else it can't be any other type */ + } + memcpy(ptr, data, len); + break; + } /* switch over encryption flags */ + + *(pvp) = vp->next; + return len + (ptr - start);; +} + + +/* + * Encode an RFC format TLV. This could be a standard attribute, + * or a TLV data type. If it's a standard attribute, then + * vp->da->attr == attribute. Otherwise, attribute may be + * something else. + */ +static ssize_t vp2attr_rfc(const RADIUS_PACKET *packet, + const RADIUS_PACKET *original, + const VALUE_PAIR **pvp, + unsigned int attribute, uint8_t *ptr, size_t room) +{ + ssize_t len; + + if (room < 2) { + *pvp = (*pvp)->next; + return 0; + } + + ptr[0] = attribute & 0xff; + ptr[1] = 2; + + if (room > ((unsigned) 255 - ptr[1])) room = 255 - ptr[1]; + + len = vp2data_any(packet, original, 0, pvp, ptr + ptr[1], room); + if (len < 0) return len; + + ptr[1] += len; + + return ptr[1]; +} + + +#ifndef WITHOUT_VSAS +/* + * Encode a VSA which is a TLV. If it's in the RFC format, call + * vp2attr_rfc. Otherwise, encode it here. + */ +static ssize_t vp2attr_vsa(const RADIUS_PACKET *packet, + const RADIUS_PACKET *original, + const VALUE_PAIR **pvp, + unsigned int attribute, unsigned int vendor, + uint8_t *ptr, size_t room) +{ + ssize_t len; + const DICT_VENDOR *dv; + + /* + * Unknown vendor: RFC format. + * Known vendor and RFC format: go do that. + */ + dv = nr_dict_vendor_byvalue(vendor); + if (!dv || + ( +#ifdef RS_TYPE_TLV + !(*pvp)->flags.is_tlv && +#endif + (dv->type == 1) && (dv->length == 1))) { + return vp2attr_rfc(packet, original, pvp, + attribute, ptr, room); + } + +#ifdef RS_TYPE_TLV + if ((*pvp)->flags.is_tlv) { + return data2vp_tlvs(packet, original, 0, pvp, + ptr, room); + } +#endif + + switch (dv->type) { + default: + nr_debug_error("vp2attr_vsa: Internal sanity check failed," + " type %u", (unsigned) dv->type); + return -RSE_INTERNAL; + + case 4: + ptr[0] = 0; /* attr must be 24-bit */ + ptr[1] = (attribute >> 16) & 0xff; + ptr[2] = (attribute >> 8) & 0xff; + ptr[3] = attribute & 0xff; + break; + + case 2: + ptr[0] = (attribute >> 8) & 0xff; + ptr[1] = attribute & 0xff; + break; + + case 1: + ptr[0] = attribute & 0xff; + break; + } + + switch (dv->length) { + default: + nr_debug_error("vp2attr_vsa: Internal sanity check failed," + " length %u", (unsigned) dv->length); + return -RSE_INTERNAL; + + case 0: + break; + + case 2: + ptr[dv->type] = 0; + /* FALL-THROUGH */ + + case 1: + ptr[dv->type + dv->length - 1] = dv->type + dv->length; + break; + + } + + if (room > ((unsigned) 255 - (dv->type + dv->length))) { + room = 255 - (dv->type + dv->length); + } + + len = vp2data_any(packet, original, 0, pvp, + ptr + dv->type + dv->length, room); + if (len < 0) return len; + + if (dv->length) ptr[dv->type + dv->length - 1] += len; + + return dv->type + dv->length + len; +} + + +/* + * Encode a Vendor-Specific attribute. + */ +ssize_t nr_vp2vsa(const RADIUS_PACKET *packet, const RADIUS_PACKET *original, + const VALUE_PAIR **pvp, uint8_t *ptr, + size_t room) +{ + ssize_t len; + uint32_t lvalue; + const VALUE_PAIR *vp = *pvp; + +#ifdef VENDORPEC_WIMAX + /* + * Double-check for WiMAX + */ + if (vp->da->vendor == VENDORPEC_WIMAX) { + return nr_vp2wimax(packet, original, pvp, + ptr, room); + } +#endif + + if (vp->da->vendor > RS_MAX_VENDOR) { + nr_debug_error("nr_vp2vsa: Invalid arguments"); + return -RSE_INVAL; + } + + /* + * Not enough room for: + * attr, len, vendor-id + */ + if (room < 6) { + *pvp = vp->next; + return 0; + } + + /* + * Build the Vendor-Specific header + */ + ptr[0] = PW_VENDOR_SPECIFIC; + ptr[1] = 6; + lvalue = htonl(vp->da->vendor); + memcpy(ptr + 2, &lvalue, 4); + + if (room > ((unsigned) 255 - ptr[1])) room = 255 - ptr[1]; + + len = vp2attr_vsa(packet, original, pvp, + vp->da->attr, vp->da->vendor, + ptr + ptr[1], room); + if (len < 0) return len; + + ptr[1] += len; + + return ptr[1]; +} +#endif + + +/* + * Encode an RFC standard attribute 1..255 + */ +ssize_t nr_vp2rfc(const RADIUS_PACKET *packet, + const RADIUS_PACKET *original, + const VALUE_PAIR **pvp, + uint8_t *ptr, size_t room) +{ + const VALUE_PAIR *vp = *pvp; + + if (vp->da->vendor != 0) { + nr_debug_error("nr_vp2rfc called with VSA"); + return -RSE_INVAL; + } + + if ((vp->da->attr == 0) || (vp->da->attr > 255)) { + nr_debug_error("nr_vp2rfc called with non-standard attribute %u", vp->da->attr); + return -RSE_INVAL; + } + +#ifdef PW_CHARGEABLE_USER_IDENTITY + if ((vp->length == 0) && + (vp->da != RS_DA_CHARGEABLE_USER_IDENTITY)) { + *pvp = vp->next; + return 0; + } +#endif + + return vp2attr_rfc(packet, original, pvp, vp->da->attr, + ptr, room); +} + +#ifdef PW_CHAP_PASSWORD +/* + * Encode an RFC standard attribute 1..255 + */ +static ssize_t nr_chap2rfc(const RADIUS_PACKET *packet, + const RADIUS_PACKET *original, + const VALUE_PAIR **pvp, + uint8_t *ptr, size_t room) +{ + ssize_t rcode; + const VALUE_PAIR *vp = *pvp; + RS_MD5_CTX ctx; + uint8_t buffer[RS_MAX_STRING_LEN*2 + 1], *p; + VALUE_PAIR chap = { + RS_DA_CHAP_PASSWORD, + 17, + 0, + NULL, + { + .octets = { + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 + }, + }, + }; + + if ((vp->da->vendor != 0) || (vp->da != RS_DA_CHAP_PASSWORD)) { + nr_debug_error("nr_chap2rfc called with non-CHAP"); + return -RSE_INVAL; + } + + p = buffer; + *(p++) = nr_rand() & 0xff; /* id */ + + memcpy(p, vp->vp_strvalue, strlen(vp->vp_strvalue)); + p += strlen(vp->vp_strvalue); + + vp = nr_vps_find(packet->vps, PW_CHAP_CHALLENGE, 0); + if (vp) { + memcpy(p, vp->vp_octets, vp->length); + p += vp->length; + } else { + memcpy(p, packet->vector, sizeof(packet->vector)); + p += sizeof(packet->vector); + } + + RS_MD5Init(&ctx); + RS_MD5Update(&ctx, buffer, p - buffer); + RS_MD5Final(&chap.vp_octets[1], &ctx); + + chap.vp_octets[0] = buffer[0]; + vp = &chap; + + rcode = vp2attr_rfc(packet, original, &vp, chap.da->attr, + ptr, room); + if (rcode < 0) return rcode; + + *pvp = (*pvp)->next; + return rcode; +} +#endif /* PW_CHAP_PASSWORD */ + +#ifdef PW_MESSAGE_AUTHENTICATOR +/** Fake Message-Authenticator. + * + * This structure is used to replace a Message-Authenticator in the + * input list of VALUE_PAIRs when encoding a packet. If the caller + * asks us to encode a Message-Authenticator, we ignore the one given + * to us by the caller (which may have the wrong length, etc.), and + * instead use this one, which has the correct length and data. + */ +static const VALUE_PAIR fake_ma = { + RS_DA_MESSAGE_AUTHENTICATOR, + 16, + 0, + NULL, + { + .octets = { + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 + }, + } +}; +#endif /* PW_MESSAGE_AUTHENTICATOR */ + +/* + * Parse a data structure into a RADIUS attribute. + */ +ssize_t nr_vp2attr(const RADIUS_PACKET *packet, const RADIUS_PACKET *original, + const VALUE_PAIR **pvp, uint8_t *start, + size_t room) +{ + const VALUE_PAIR *vp = *pvp; + + /* + * RFC format attributes take the fast path. + */ + if (vp->da->vendor != 0) { +#ifdef VENDORPEC_EXTENDED + if (vp->da->vendor > RS_MAX_VENDOR) { + return nr_vp2attr_extended(packet, original, + pvp, start, room); + + } +#endif + +#ifdef VENDORPEC_WIMAX + if (vp->da->vendor == VENDORPEC_WIMAX) { + return nr_vp2attr_wimax(packet, original, + pvp, start, room); + } +#endif + +#ifndef WITHOUT_VSAS + return nr_vp2vsa(packet, original, pvp, start, room); +#else + nr_debug_error("VSAs are not supported"); + return -RSE_UNSUPPORTED; +#endif + } + + /* + * Ignore non-protocol attributes. + */ + if (vp->da->attr > 255) { + *pvp = vp->next; + return 0; + } + +#ifdef PW_MESSAGE_AUTHENTICATOR + /* + * The caller wants a Message-Authenticator, but doesn't + * know how to calculate it, or what the correct values + * are. So... create one for him. + */ + if (vp->da == RS_DA_MESSAGE_AUTHENTICATOR) { + ssize_t rcode; + + vp = &fake_ma; + rcode = nr_vp2rfc(packet, original, &vp, start, room); + if (rcode <= 0) return rcode; + *pvp = (*pvp)->next; + return rcode; + } +#endif + +#ifdef PW_CHAP_PASSWORD + /* + * The caller wants a CHAP-Password, but doesn't know how + * to calculate it, or what the correct values are. To + * help, we calculate it for him. + */ + if (vp->da == RS_DA_CHAP_PASSWORD) { + int encoded = 0; + + /* + * CHAP is ID + MD5(...). If it's length is NOT + * 17, then the caller has passed us a password, + * and wants us to encode it. If the length IS + * 17, then we need to double-check if the caller + * has already encoded it. + */ + if (vp->length == 17) { + int i; + + /* + * ASCII and UTF-8 disallow values 0..31. + * If they appear, then the CHAP-Password + * has already been encoded by the + * caller. The probability of a + * CHAP-Password being all 32..256 is + * (1-32/256)^17 =~ .10 + * + * This check isn't perfect, but it + * should be pretty rare for people to + * have 17-character passwords *and* have + * them all 32..256. + */ + for (i = 0; i < 17; i++) { + if (vp->vp_octets[i] < 32) { + encoded = 1; + break; + } + } + } + + if (!encoded) { + return nr_chap2rfc(packet, original, pvp, start, room); + } + } +#endif + + return nr_vp2rfc(packet, original, pvp, + start, room); +} + + +/* + * Ignore unknown attributes, but "decoding" them into nothing. + */ +static ssize_t data2vp_raw(UNUSED const RADIUS_PACKET *packet, + UNUSED const RADIUS_PACKET *original, + unsigned int attribute, + unsigned int vendor, + const uint8_t *data, size_t length, + VALUE_PAIR **pvp) +{ + VALUE_PAIR *vp; + + if (length > sizeof(vp->vp_octets)) return -RSE_ATTR_OVERFLOW; + + vp = nr_vp_alloc_raw(attribute, vendor); + if (!vp) return -RSE_NOMEM; + + memcpy(vp->vp_octets, data, length); + vp->length = length; + + *pvp = vp; + return length; +} + +ssize_t nr_attr2vp_raw(const RADIUS_PACKET *packet, + const RADIUS_PACKET *original, + const uint8_t *data, size_t length, + VALUE_PAIR **pvp) +{ + + if (length < 2) return -RSE_PACKET_TOO_SMALL; + if (data[1] < 2) return -RSE_ATTR_TOO_SMALL; + if (data[1] > length) return -RSE_ATTR_OVERFLOW; + + return data2vp_raw(packet, original, data[0], 0, + data + 2, data[1] - 2, pvp); +} + +/* + * Create any kind of VP from the attribute contents. + * + * Will return -1 on error, or "length". + */ +static ssize_t data2vp_any(const RADIUS_PACKET *packet, + const RADIUS_PACKET *original, + int nest, + unsigned int attribute, unsigned int vendor, + const uint8_t *data, size_t length, + VALUE_PAIR **pvp) +{ +#ifdef FLAG_ENCRYPT_TUNNEL_PASSWORD + ssize_t rcode; +#endif + int data_offset = 0; + const DICT_ATTR *da; + VALUE_PAIR *vp = NULL; + + if (length == 0) { + /* + * Hacks for CUI. The WiMAX spec says that it + * can be zero length, even though this is + * forbidden by the RADIUS specs. So... we make + * a special case for it. + */ + if ((vendor == 0) && + (attribute == PW_CHARGEABLE_USER_IDENTITY)) { + data = (const uint8_t *) ""; + length = 1; + } else { + *pvp = NULL; + return 0; + } + } + + da = nr_dict_attr_byvalue(attribute, vendor); + + /* + * Unknown attribute. Create it as a "raw" attribute. + */ + if (!da) { + raw: + if (vp) nr_vp_free(&vp); + return data2vp_raw(packet, original, + attribute, vendor, data, length, pvp); + } + +#ifdef RS_TYPE_TLV + /* + * TLVs are handled first. They can't be tagged, and + * they can't be encrypted. + */ + if (da->da->type == RS_TYPE_TLV) { + return data2vp_tlvs(packet, original, + attribute, vendor, nest, + data, length, pvp); + } +#else + nest = nest; /* -Wunused */ +#endif + + /* + * The attribute is known, and well formed. We can now + * create it. The main failure from here on in is being + * out of memory. + */ + vp = nr_vp_alloc(da); + if (!vp) return -RSE_NOMEM; + + /* + * Handle tags. + */ + if (vp->da->flags.has_tag) { + if (TAG_VALID(data[0]) +#ifdef FLAG_ENCRYPT_TUNNEL_PASSWORD + || (vp->da->flags.encrypt == FLAG_ENCRYPT_TUNNEL_PASSWORD) +#endif + ) { + /* + * Tunnel passwords REQUIRE a tag, even + * if don't have a valid tag. + */ + vp->tag = data[0]; + + if ((vp->da->type == RS_TYPE_STRING) || + (vp->da->type == RS_TYPE_OCTETS)) { + if (length == 0) goto raw; + data_offset = 1; + } + } + } + + /* + * Copy the data to be decrypted + */ + vp->length = length - data_offset; + memcpy(&vp->vp_octets[0], data + data_offset, vp->length); + + /* + * Decrypt the attribute. + */ + switch (vp->da->flags.encrypt) { + /* + * User-Password + */ + case FLAG_ENCRYPT_USER_PASSWORD: + if (original) { + rcode = nr_password_encrypt(vp->vp_octets, + sizeof(vp->vp_strvalue), + data + data_offset, vp->length, + packet->secret, + original->vector); + } else { + rcode = nr_password_encrypt(vp->vp_octets, + sizeof(vp->vp_strvalue), + data + data_offset, vp->length, + packet->secret, + packet->vector); + } + if (rcode < 0) goto raw; + vp->vp_strvalue[128] = '\0'; + vp->length = strlen(vp->vp_strvalue); + break; + + /* + * Tunnel-Password's may go ONLY + * in response packets. + */ +#ifdef FLAG_ENCRYPT_TUNNEL_PASSWORD + case FLAG_ENCRYPT_TUNNEL_PASSWORD: + if (!original) goto raw; + + rcode = nr_tunnelpw_decrypt(vp->vp_octets, + sizeof(vp->vp_octets), + data + data_offset, vp->length, + packet->secret, original->vector); + if (rcode < 0) goto raw; + vp->length = rcode; + break; +#endif + + +#ifdef FLAG_ENCRYPT_ASCEND_SECRET + /* + * Ascend-Send-Secret + * Ascend-Receive-Secret + */ + case FLAG_ENCRYPT_ASCEND_SECRET: + if (!original) { + goto raw; + } else { + uint8_t my_digest[AUTH_VECTOR_LEN]; + make_secret(my_digest, + original->vector, + packet->secret, data); + memcpy(vp->vp_strvalue, my_digest, + AUTH_VECTOR_LEN ); + vp->vp_strvalue[AUTH_VECTOR_LEN] = '\0'; + vp->length = strlen(vp->vp_strvalue); + } + break; +#endif + + default: + break; + } /* switch over encryption flags */ + + /* + * Expected a certain length, but got something else. + */ + if ((vp->da->flags.length != 0) && + (vp->length != vp->da->flags.length)) { + goto raw; + } + + switch (vp->da->type) { + case RS_TYPE_STRING: + case RS_TYPE_OCTETS: +#ifdef RS_TYPE_ABINARY + case RS_TYPE_ABINARY: +#endif + /* nothing more to do */ + break; + + case RS_TYPE_BYTE: + vp->vp_integer = vp->vp_octets[0]; + break; + + + case RS_TYPE_SHORT: + vp->vp_integer = (vp->vp_octets[0] << 8) | vp->vp_octets[1]; + break; + + case RS_TYPE_INTEGER: + memcpy(&vp->vp_integer, vp->vp_octets, 4); + vp->vp_integer = ntohl(vp->vp_integer); + + if (vp->da->flags.has_tag) vp->vp_integer &= 0x00ffffff; + break; + + case RS_TYPE_DATE: + memcpy(&vp->vp_date, vp->vp_octets, 4); + vp->vp_date = ntohl(vp->vp_date); + break; + + + case RS_TYPE_IPADDR: + memcpy(&vp->vp_ipaddr, vp->vp_octets, 4); + break; + + /* + * IPv6 interface ID is 8 octets long. + */ + case RS_TYPE_IFID: + /* vp->vp_ifid == vp->vp_octets */ + break; + + /* + * IPv6 addresses are 16 octets long + */ + case RS_TYPE_IPV6ADDR: + /* vp->vp_ipv6addr == vp->vp_octets */ + break; + + /* + * IPv6 prefixes are 2 to 18 octets long. + * + * RFC 3162: The first octet is unused. + * The second is the length of the prefix + * the rest are the prefix data. + * + * The prefix length can have value 0 to 128. + */ + case RS_TYPE_IPV6PREFIX: + if (vp->length < 2 || vp->length > 18) goto raw; + if (vp->vp_octets[1] > 128) goto raw; + + /* + * FIXME: double-check that + * (vp->vp_octets[1] >> 3) matches vp->length + 2 + */ + if (vp->length < 18) { + memset(vp->vp_octets + vp->length, 0, + 18 - vp->length); + } + break; + +#ifdef VENDORPEC_WIMAX + case RS_TYPE_SIGNED: + if (vp->length != 4) goto raw; + + /* + * Overload vp_integer for ntohl, which takes + * uint32_t, not int32_t + */ + memcpy(&vp->vp_integer, vp->vp_octets, 4); + vp->vp_integer = ntohl(vp->vp_integer); + memcpy(&vp->vp_signed, &vp->vp_integer, 4); + break; +#endif + +#ifdef RS_TYPE_TLV + case RS_TYPE_TLV: + nr_vp_free(&vp); + nr_debug_error("data2vp_any: Internal sanity check failed"); + return -RSE_ATTR_TYPE_UNKNOWN; +#endif + +#ifdef VENDORPEC_WIMAX + case RS_TYPE_COMBO_IP: + if (vp->length == 4) { + vp->da->type = RS_TYPE_IPADDR; + memcpy(&vp->vp_ipaddr, vp->vp_octets, 4); + break; + + } else if (vp->length == 16) { + vp->da->type = RS_TYPE_IPV6ADDR; + /* vp->vp_ipv6addr == vp->vp_octets */ + break; + + } + /* FALL-THROUGH */ +#endif + + default: + goto raw; + } + + *pvp = vp; + + return length; +} + + +/* + * Create a "standard" RFC VALUE_PAIR from the given data. + */ +ssize_t nr_attr2vp_rfc(const RADIUS_PACKET *packet, + const RADIUS_PACKET *original, + const uint8_t *data, size_t length, + VALUE_PAIR **pvp) +{ + ssize_t rcode; + + if (length < 2) return -RSE_PACKET_TOO_SMALL; + if (data[1] < 2) return -RSE_ATTR_TOO_SMALL; + if (data[1] > length) return -RSE_ATTR_OVERFLOW; + + rcode = data2vp_any(packet, original, 0, + data[0], 0, data + 2, data[1] - 2, pvp); + if (rcode < 0) return rcode; + + return data[1]; +} + +#ifndef WITHOUT_VSAS +/* + * Check if a set of RADIUS formatted TLVs are OK. + */ +int nr_tlv_ok(const uint8_t *data, size_t length, + size_t dv_type, size_t dv_length) +{ + const uint8_t *end = data + length; + + if ((dv_length > 2) || (dv_type == 0) || (dv_type > 4)) { + nr_debug_error("nr_tlv_ok: Invalid arguments"); + return -RSE_INVAL; + } + + while (data < end) { + size_t attrlen; + + if ((data + dv_type + dv_length) > end) { + nr_debug_error("Attribute header overflow"); + return -RSE_ATTR_TOO_SMALL; + } + + switch (dv_type) { + case 4: + if ((data[0] == 0) && (data[1] == 0) && + (data[2] == 0) && (data[3] == 0)) { + zero: + nr_debug_error("Invalid attribute 0"); + return -RSE_ATTR_INVALID; + } + + if (data[0] != 0) { + nr_debug_error("Invalid attribute > 2^24"); + return -RSE_ATTR_INVALID; + } + break; + + case 2: + if ((data[1] == 0) && (data[1] == 0)) goto zero; + break; + + case 1: + if (data[0] == 0) goto zero; + break; + + default: + nr_debug_error("Internal sanity check failed"); + return -RSE_INTERNAL; + } + + switch (dv_length) { + case 0: + return 0; + + case 2: + if (data[dv_type + 1] != 0) { + nr_debug_error("Attribute is longer than 256 octets"); + return -RSE_ATTR_TOO_LARGE; + } + /* FALL-THROUGH */ + case 1: + attrlen = data[dv_type + dv_length - 1]; + break; + + + default: + nr_debug_error("Internal sanity check failed"); + return -RSE_INTERNAL; + } + + if (attrlen < (dv_type + dv_length)) { + nr_debug_error("Attribute header has invalid length"); + return -RSE_PACKET_TOO_SMALL; + } + + if (attrlen > length) { + nr_debug_error("Attribute overflows container"); + return -RSE_ATTR_OVERFLOW; + } + + data += attrlen; + length -= attrlen; + } + + return 0; +} + + +/* + * Convert a top-level VSA to a VP. + */ +static ssize_t attr2vp_vsa(const RADIUS_PACKET *packet, + const RADIUS_PACKET *original, + unsigned int vendor, + size_t dv_type, size_t dv_length, + const uint8_t *data, size_t length, + VALUE_PAIR **pvp) +{ + unsigned int attribute; + ssize_t attrlen, my_len; + +#ifndef NDEBUG + if (length <= (dv_type + dv_length)) { + nr_debug_error("attr2vp_vsa: Failure to call nr_tlv_ok"); + return -RSE_PACKET_TOO_SMALL; + } +#endif + + switch (dv_type) { + case 4: + /* data[0] must be zero */ + attribute = data[1] << 16; + attribute |= data[2] << 8; + attribute |= data[3]; + break; + + case 2: + attribute = data[0] << 8; + attribute |= data[1]; + break; + + case 1: + attribute = data[0]; + break; + + default: + nr_debug_error("attr2vp_vsa: Internal sanity check failed"); + return -RSE_INTERNAL; + } + + switch (dv_length) { + case 2: + /* data[dv_type] must be zero */ + attrlen = data[dv_type + 1]; + break; + + case 1: + attrlen = data[dv_type]; + break; + + case 0: + attrlen = length; + break; + + default: + nr_debug_error("attr2vp_vsa: Internal sanity check failed"); + return -RSE_INTERNAL; + } + +#ifndef NDEBUG + if (attrlen <= (ssize_t) (dv_type + dv_length)) { + nr_debug_error("attr2vp_vsa: Failure to call nr_tlv_ok"); + return -RSE_PACKET_TOO_SMALL; + } +#endif + + attrlen -= (dv_type + dv_length); + + my_len = data2vp_any(packet, original, 0, + attribute, vendor, + data + dv_type + dv_length, attrlen, pvp); + if (my_len < 0) return my_len; + +#ifndef NDEBUG + if (my_len != attrlen) { + nr_vp_free(pvp); + nr_debug_error("attr2vp_vsa: Incomplete decode %d != %d", + (int) my_len, (int) attrlen); + return -RSE_INTERNAL; + } +#endif + + return dv_type + dv_length + attrlen; +} + + +/* + * Create Vendor-Specifc VALUE_PAIRs from a RADIUS attribute. + */ +ssize_t nr_attr2vp_vsa(const RADIUS_PACKET *packet, + const RADIUS_PACKET *original, + const uint8_t *data, size_t length, + VALUE_PAIR **pvp) +{ + size_t dv_type, dv_length; + ssize_t my_len; + uint32_t lvalue; + const DICT_VENDOR *dv; + + if (length < 2) return -RSE_PACKET_TOO_SMALL; + if (data[1] < 2) return -RSE_ATTR_TOO_SMALL; + if (data[1] > length) return -RSE_ATTR_OVERFLOW; + + if (data[0] != PW_VENDOR_SPECIFIC) { + nr_debug_error("nr_attr2vp_vsa: Invalid attribute"); + return -RSE_INVAL; + } + + /* + * Not enough room for a Vendor-Id. + * Or the high octet of the Vendor-Id is set. + */ + if ((data[1] < 6) || (data[2] != 0)) { + return nr_attr2vp_raw(packet, original, + data, length, pvp); + } + + memcpy(&lvalue, data + 2, 4); + lvalue = ntohl(lvalue); + +#ifdef VENDORPEC_WIMAX + /* + * WiMAX gets its own set of magic. + */ + if (lvalue == VENDORPEC_WIMAX) { + return nr_attr2vp_wimax(packet, original, + data, length, pvp); + } +#endif + + dv_type = dv_length = 1; + dv = nr_dict_vendor_byvalue(lvalue); + if (!dv) { + return nr_attr2vp_rfc(packet, original, + data, length, pvp); + } + + dv_type = dv->type; + dv_length = dv->length; + + /* + * Attribute is not in the correct form. + */ + if (nr_tlv_ok(data + 6, data[1] - 6, dv_type, dv_length) < 0) { + return nr_attr2vp_raw(packet, original, + data, length, pvp); + } + + my_len = attr2vp_vsa(packet, original, + lvalue, dv_type, dv_length, + data + 6, data[1] - 6, pvp); + if (my_len < 0) return my_len; + +#ifndef NDEBUG + if (my_len != (data[1] - 6)) { + nr_vp_free(pvp); + nr_debug_error("nr_attr2vp_vsa: Incomplete decode"); + return -RSE_INTERNAL; + } +#endif + + return data[1]; +} +#endif /* WITHOUT_VSAS */ + + +/* + * Create a "normal" VALUE_PAIR from the given data. + */ +ssize_t nr_attr2vp(const RADIUS_PACKET *packet, + const RADIUS_PACKET *original, + const uint8_t *data, size_t length, + VALUE_PAIR **pvp) +{ + if (length < 2) return -RSE_PACKET_TOO_SMALL; + if (data[1] < 2) return -RSE_ATTR_TOO_SMALL; + if (data[1] > length) return -RSE_ATTR_OVERFLOW; + +#ifndef WITHOUT_VSAS + /* + * VSAs get their own handler. + */ + if (data[0] == PW_VENDOR_SPECIFIC) { + return nr_attr2vp_vsa(packet, original, + data, length, pvp); + } +#endif + +#ifdef VENDORPEC_EXTENDED + /* + * Extended attribute format gets their own handler. + */ + if (nr_dict_attr_byvalue(data[0], VENDORPEC_EXTENDED) != NULL) { + return nr_attr2vp_extended(packet, original, + data, length, pvp); + } +#endif + + return nr_attr2vp_rfc(packet, original, data, length, pvp); +} + +ssize_t nr_attr2data(const RADIUS_PACKET *packet, ssize_t start, + unsigned int attribute, unsigned int vendor, + const uint8_t **pdata, size_t *plength) +{ + uint8_t *data, *attr; + const uint8_t *end; + + if (!packet || !pdata || !plength) return -RSE_INVAL; + + if (!packet->data) return -RSE_INVAL; + if (packet->length < 20) return -RSE_INVAL; + + /* + * Too long or short, not good. + */ + if ((start < 0) || + ((start > 0) && (start < 20))) return -RSE_INVAL; + + if ((size_t) start >= (packet->length - 2)) return -RSE_INVAL; + + end = packet->data + packet->length; + + /* + * Loop over the packet, converting attrs to VPs. + */ + if (start == 0) { + data = packet->data + 20; + } else { + data = packet->data + start; + data += data[1]; + if (data >= end) return 0; + } + + for (attr = data; attr < end; attr += attr[1]) { + const DICT_VENDOR *dv = NULL; + +#ifndef NEBUG + /* + * This code is copied from packet_ok(). + * It could be put into a separate function. + */ + if ((attr + 2) > end) { + nr_debug_error("Attribute overflows packet"); + return -RSE_ATTR_OVERFLOW; + } + + if (attr[1] < 2) { + nr_debug_error("Attribute length is too small"); + return -RSE_ATTR_TOO_SMALL; + } + + if ((attr + attr[1]) > end) { + nr_debug_error("Attribute length is too large"); + return -RSE_ATTR_TOO_LARGE; + } +#endif + + if ((vendor == 0) && (attr[0] == attribute)) { + *pdata = attr + 2; + *plength = attr[1] - 2; + return attr - packet->data; + } + +#ifndef WITHOUT_VSAS + if (vendor != 0) { + uint32_t vendorpec; + + if (attr[0] != PW_VENDOR_SPECIFIC) continue; + + if (attr[1] < 6) continue; + + memcpy(&vendorpec, attr + 2, 4); + vendorpec = ntohl(vendorpec); + if (vendor != vendorpec) continue; + + if (!dv) { + dv = nr_dict_vendor_byvalue(vendor); + if (dv && + ((dv->type != 1) || (dv->length != 1))) { + return -RSE_VENDOR_UNKNOWN; + } + } + + /* + * No data. + */ + if (attr[1] < 9) continue; + + /* + * Malformed, or more than one VSA in + * the Vendor-Specific + */ + if (attr[7] + 6 != attr[1]) continue; + + /* + * Not the right VSA. + */ + if (attr[6] != attribute) continue; + + *pdata = attr + 8; + *plength = attr[1] - 8; + return attr - packet->data; + } +#endif + } + + return 0; /* nothing more: stop */ +} + diff --git a/lib/radius/client.h b/lib/radius/client.h new file mode 100644 index 0000000..aefb40d --- /dev/null +++ b/lib/radius/client.h @@ -0,0 +1,1317 @@ +/* +Copyright (c) 2011, Network RADIUS SARL +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the <organization> nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY +DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/** \file client.h + * \brief Main header file. + */ + +#ifndef _RADIUS_CLIENT_H_ +#define _RADIUS_CLIENT_H_ 1 + +/* + * System-specific header files. + */ +#include <config.h> +#include <errno.h> +#include <stdio.h> +#ifdef HAVE_STDINT_H +#include <stdint.h> +#endif +#ifdef HAVE_STDLIB_H +#include <stdlib.h> +#endif +#ifdef HAVE_STRING_H +#include <string.h> +#endif +#include <stdarg.h> +#ifdef HAVE_NETDB_H +#include <netdb.h> +#endif +#ifdef HAVE_NETINET_IN_H +#include <netinet/in.h> +#endif +#ifdef HAVE_SYS_TIME_H +#include <sys/time.h> +#endif + +#include <radsec/radsec.h> +#include <radsec/radsec-impl.h> +#include <radsec/radius.h> + +/** \defgroup build Build Helpers + * + * These definitions give the GNU C compiler more information about + * the functions being compiled. They are used to either remove + * warnings, or to enable better warnings. + **/ + +/** \defgroup custom Portability Functions + * + * These functions and definitions should be modified for your local + * system. See the individual definitions for details. + */ + +/** \defgroup error Error handling + * + * These definitions and routines manage errors. + */ + +/** \defgroup value_pair Attribute manipulation + * + * These routines manage structures which map to attributes. + */ + +/**\defgroup dict Dictionary Lookup Functions + * + * \sa doc/dictionaries.txt + * + * The RADIUS dictionaries perform name to number mappings. The names + * are used only for administrator convenience, for parsing + * configuration files, and printing humanly-readable output. The + * numbers are used when encoding data in a packet. + * + * When attributes are decoded from a packet, the numbers are used to + * look up the associated name, which is then placed into a data + * structure. + * + * When the data structures are encoded into a packet, the numbers are + * used to create RFC and VSA format attributes. + * + * \attention The definitions, structures, and functions given below + * are useful only for implementing "low level" RADIUS + * functionality. There is usually no need to refer to them in a + * client application. The library should be used at a higher level, + * which exposes a much simpler API. + */ + +/** \defgroup packet Packet manipulation + * + * These routines perform encoding and decoding of RADIUS packets. + */ + +/** \defgroup print Print / parse functions + * + * These routines convert the internal data structures to a printable + * form, or parse them. + */ + +/** \defgroup id ID allocation and freeing + * + * These routines manage RADIUS ID allocation. + */ + +/** \defgroup attr Low-level attribute encode/decoding + * + * These routines perform "low level" encoding, decoding, sending, and + * reception of RADIUS attributes. They are called by the \ref packet + * functions. + * + * \attention The structures and functions given below are useful only + * for implementing "low level" RADIUS functionality. There is usually + * no need to refer to them in a client application. The library + * should be used at a higher level, which exposes a much simpler API. + */ + +/** \defgroup internal Internal support functions. + * + * These functions are required to perform internal or "low-level" + * data manipulation. While they are exposed for completeness, they + * should not be called by any application. + */ + +#ifdef PW_EAP_MESSAGE +#ifndef PW_MESSAGE_AUTHENTICATOR +#error EAP-Message requires Message-Authenticator +#endif +#endif + +#ifdef WITHOUT_OPENSSL +#ifndef RS_MD5_CTX +#error RS_MD5_CTX must be defined +#endif +#ifndef RS_MD5Init +#error n_rMD5Init must be defined +#endif +#ifndef RS_MD5Update +#error RS_MD5Updyae must be defined +#endif +#ifndef RS_MD5Final +#error RS_MD5Final must be defined +#endif +#ifndef RS_MD5Transform +#error RS_MD5Transform must be defined +#endif + +#else /* WITHOUT_OPENSSL */ + +#include <openssl/md5.h> +/** Define for compile-time selection of the MD5 functions. Defaults to using the OpenSSL functions. \ingroup custom */ +#define RS_MD5_CTX MD5_CTX +/** Define for compile-time selection of the MD5 functions. Defaults to using the OpenSSL functions. \ingroup custom */ +#define RS_MD5Init MD5_Init +/** Define for compile-time selection of the MD5 functions. Defaults to using the OpenSSL functions. \ingroup custom */ +#define RS_MD5Update MD5_Update +/** Define for compile-time selection of the MD5 functions. Defaults to using the OpenSSL functions. \ingroup custom */ +#define RS_MD5Final MD5_Final +/** Define for compile-time selection of the MD5 functions. Defaults to using the OpenSSL functions. \ingroup custom */ +#define RS_MD5Transform MD5_Transform +#endif + +#ifndef RS_MAX_PACKET_LEN +/** The maximum size of a packet that the library will send or receive. \ingroup custom + * + * The RFC requirement is to handle at least 4K packets. However, if + * you expect to only do username/password authentication, this value + * can be set to a smaller value, such as 256. + * + * Be warned that any packets larger than this value will be ignored + * and silently discarded. + */ +#define RS_MAX_PACKET_LEN (4096) +#endif + +#ifndef RS_MAX_ATTRIBUTES +/** The maximum number of attributes that the library will allow in a packet. \ingroup custom + * + * Packets which contain more than ::RS_MAX_ATTRIBUTES will generate + * an error. This value is configurable because there may be a need + * to accept a large mumber of attributes. + * + * This value is ignored when packets are sent. The library will + * send as many attributes as it is told to send. + */ +#define RS_MAX_ATTRIBUTES (200) +#endif + +#undef RS_MAX_PACKET_CODE +/** The maximum RADIUS_PACKET::code which we can accept. \ingroup dict + * + * \attention This should not be changed, as it is used by other + * structures such as ::nr_packet_codes. + */ +#define RS_MAX_PACKET_CODE PW_COA_NAK + +/** The maximum vendor number which is permitted. \ingroup dict + * + * The RFCs require that the Vendor Id or Private Enterprise Number + * be encoded as 32 bits, with the upper 8 bits being zero. + */ +#define RS_MAX_VENDOR (1 << 24) + +/** Data Type Definitions. \ingroup dict + */ +#define TAG_VALID(x) ((x) < 0x20) + +/** The attribute is not encrypted. */ +#define FLAG_ENCRYPT_NONE (0) + +/** The attribute is encrypted using the RFC 2865 User-Password method */ +#define FLAG_ENCRYPT_USER_PASSWORD (1) + +/** The attribute is encrypted using the RFC 2868 Tunnel-Password method */ +#define FLAG_ENCRYPT_TUNNEL_PASSWORD (2) + +/** A set of flags which determine how the attribute should be handled. + * + * Most attributes are "normal", and do not require special handling. + * However, some require "encryption", tagging, or have other special + * formats. This structure contains the various options for the + * attribute formats. + */ +typedef struct attr_flags { + unsigned int has_tag : 1; /**< Attribute has an RFC 2868 tag */ + unsigned int unknown : 1; /**< Attribute is unknown */ +#ifdef RS_TYPE_TLV + unsigned int has_tlv : 1; /* has sub attributes */ + unsigned int is_tlv : 1; /* is a sub attribute */ +#endif + unsigned int extended : 1; /* extended attribute */ + unsigned int extended_flags : 1; /* with flag */ + unsigned int evs : 1; /* extended VSA */ + uint8_t encrypt; /**< Attribute encryption method */ + uint8_t length; /**< The expected length of the attribute */ +} ATTR_FLAGS; + + +/** Defines an dictionary mapping for an attribute. \ingroup dict + * + * The RADIUS dictionaries map humanly readable names to protocol + * numbers. The protocol numbers are used to encode/decode the + * attributes in a packet. + */ +typedef struct nr_dict_attr { + unsigned int attr; /**< Attribute number */ + rs_attr_type_t type; /**< Data type */ + unsigned int vendor; /**< Vendor-Id number */ + ATTR_FLAGS flags; + const char *name; /**< Printable name */ +} DICT_ATTR; + +/** Defines a dictionary mapping for a named enumeration. \ingroup dict + * + * This structure is currently not used. + */ +typedef struct nr_dict_value { + const DICT_ATTR *da; /**< pointer to a ::DICT_ATTR */ + int value; /**< enumerated value */ + char name[1]; /**< printable name */ +} DICT_VALUE; + +/** Defines an dictionary mapping for a vendor. \ingroup dict + * + * The RADIUS dictionaries map humanly readable vendor names to a + * Vendor-Id (or Private Enterprise Code) assigned by IANA. The + * Vendor-Id is used to encode/decode Vendor-Specific attributes in a + * packet. + */ +typedef struct nr_dict_vendor { + unsigned int vendor; /**< Vendor Private Enterprise Code */ + size_t type; /**< size of Vendor-Type field */ + size_t length; /**< size of Vendor-Length field */ + const char *name; /**< Printable name */ +} DICT_VENDOR; + +/** Union holding all possible types of data for a ::VALUE_PAIR. \ingroup value_pair + * + */ +typedef union value_pair_data { + char strvalue[RS_MAX_STRING_LEN]; /* +1 for NUL */ + uint8_t octets[253]; + struct in_addr ipaddr; + struct in6_addr ipv6addr; + uint32_t date; + uint32_t integer; +#ifdef RS_TYPE_SIGNED + int32_t sinteger; +#endif +#ifdef RS_TYPE_ABINARY + uint8_t filter[32]; +#endif + uint8_t ifid[8]; /* struct? */ + uint8_t ipv6prefix[18]; /* struct? */ +#ifdef RS_TYPE_TLV + uint8_t *tlv; +#endif +} VALUE_PAIR_DATA; + + +/** C structure version of a RADIUS attribute. \ingroup value_pair + * + * The library APIs use this structure to avoid depending on the + * details of the protocol. + */ +typedef struct value_pair { + const DICT_ATTR *da; /**< dictionary definition */ + size_t length; /**< number of octets in the data */ + int tag; /**< tag value if da->flags.has_tag */ + struct value_pair *next; /**< enables a linked list of values */ + VALUE_PAIR_DATA data; /**< the data of the attribute */ +} VALUE_PAIR; +#define vp_strvalue data.strvalue +#define vp_octets data.octets +#define vp_ipv6addr data.ipv6addr +#define vp_ifid data.ifid +#define vp_ipv6prefix data.ipv6prefix +#define vp_ipaddr data.ipaddr.s_addr +#define vp_date data.integer +#define vp_integer data.integer +#ifdef RS_TYPE_ABINARY +#define vp_filter data.filter +#endif +#ifdef RS_TYPE_ETHER +#define vp_ether data.ether +#endif +#ifdef RS_TYPE_SIGNED +#define vp_signed data.sinteger +#endif +#ifdef RS_TYPE_TLV +#define vp_tlv data.tlv +#endif + +#ifdef RS_TYPE_TLV +#define RS_ATTR_MAX_TLV (4) +extern const int nr_attr_shift[RS_ATTR_MAX_TLV]; +extern const int nr_attr_mask[RS_ATTR_MAX_TLV]; +extern const unsigned int nr_attr_max_tlv; +#endif + +/** A structure which describes a RADIUS packet. \ingroup packet + * + * In general, it should not be necessary to refererence the elements + * of this structure. + */ +typedef struct radius_packet { + int sockfd; /** The socket descriptor */ + struct sockaddr_storage src; /**< The packet source address */ + struct sockaddr_storage dst; /**< the packet destination address */ + const char *secret; /**< The shared secret */ + size_t sizeof_secret; /**< Length of the shared secret */ + unsigned int code; /**< The RADIUS Packet Code */ + int id; /**< The RADIUS Packet Id */ + size_t length; /**< The RADIUS Packet Length. This will be no larger than RADIUS_PACKET::sizeof_data */ + uint8_t vector[16]; /**< A copy of the authentication vector */ + int flags; /**< Internal flags. Do not modify this field. */ + int attempts; /**< The number of transmission attempt */ + uint8_t *data; /**< The raw packet data */ + size_t sizeof_data; /**< size of the data buffer */ + VALUE_PAIR *vps; /**< linked list of ::VALUE_PAIR */ +} RADIUS_PACKET; + +#define RS_PACKET_ENCODED (1 << 0) +#define RS_PACKET_HEADER (1 << 1) +#define RS_PACKET_SIGNED (1 << 2) +#define RS_PACKET_OK (1 << 3) +#define RS_PACKET_VERIFIED (1 << 4) +#define RS_PACKET_DECODED (1 << 5) + + +/** Track packets sent to a server. \ingroup id + * + * This data structure tracks Identifiers which are used to + * communicate with a particular destination server. The application + * should call nr_server_init() to initialize it. If necessary, the + * application should then call nr_server_set_ipv4() to open an IPv4 + * socket to the server. + * + * If the RADIUS packets are being transported over an encapsulation + * layer (e.g. RADIUS over TLS), then nr_server_set_ipv4() does not + * need to be called. The ::nr_server_t structure should instead be + * associated wih the TLS session / socket. + */ +typedef struct nr_server_t { + int sockfd; /**< socket for sending packets */ + int code; /**< default value for the Code */ + + struct sockaddr_storage src; /**< Source address of the packet */ + struct sockaddr_storage dst; /**< Destination address of the packet */ + + /** The shared secret. + * + * See also nr_packet_send() and nr_packet_recv(). + */ + const char *secret; + + /** The length of the shared secret. + * + * See also nr_packet_send() and nr_packet_recv(). + */ + size_t sizeof_secret; + + int used; /**< Number of used IDs */ + + void *free_list; /**< For managing packets */ + + RADIUS_PACKET *ids[256]; /**< Pointers to "in flight" packets */ +} nr_server_t; + + +/** Return a printable error message. \ingroup error + * + * This function returns a string describing the last error that + * occurred. These messages are intended for developers, and are not + * suitable for display to an end user. The application using this + * library should instead produce a "summary" message when an error + * occurs. e.g. "Failed to receive a response", is better than + * messages produced by this function, which contain text like + * "invalid response authentication vector". The first is + * understandable, the second is not. + * + * @param[in] error The error code (can be less than zero) + * @return A printable string describing the error. + */ +extern const char *nr_strerror(int error); + +/** Allocate a ::VALUE_PAIR which refers to a ::DICT_ATTR. \ingroup value_pair + * + * This returned ::VALUE_PAIR has no data associated with it. The + * nr_vp_set_data() function must be called before placing the + * ::VALUE_PAIR in a ::RADIUS_PACKET. + * + * @param[in] da The ::DICT_ATTR associated with the ::VALUE_PAIR + * @return The created ::VALUE_PAIR, or NULL on error. + */ +extern VALUE_PAIR *nr_vp_alloc(const DICT_ATTR *da); + +/** Free a ::VALUE_PAIR. \ingroup value_pair + * + * This function frees the ::VALUE_PAIR, and sets the head pointer to NULL. + * If head refers to a ::VALUE_PAIR list, then all of the structures in the + * list are freed. + * + * @param[in,out] head The pointer to a ::VALUE_PAIR, or a ::VALUE_PAIR list. + */ +extern void nr_vp_free(VALUE_PAIR **head); + +/** Initializes a ::VALUE_PAIR from a ::DICT_ATTR \ingroup value_pair + * + * This function assumes that the ::VALUE_PAIR points to existing + * and writable memory. + * + * @param[in,out] vp The ::VALUE_PAIR to be initialized + * @param[in] da The ::DICT_ATTR used to initialize the ::VALUE_PAIR + * @return The initialized ::VALUE_PAIR, or NULL on error. + */ +extern VALUE_PAIR *nr_vp_init(VALUE_PAIR *vp, const DICT_ATTR *da); + +/** Allocate a ::VALUE_PAIR which refers to an unknown attribute. \ingroup value_pair + * + * It is used when an attribute is received, and that attribute does + * not exist in the dictionaries. + * + * The returned ::VALUE_PAIR has no data (i.e. VALUE_PAIR::length is + * zero). The nr_vp_set_data() function must be called before + * placing the ::VALUE_PAIR in a ::RADIUS_PACKET. + * + * @param[in] attr The attribute number, 0..2^16 + * @param[in] vendor The vendor number, 0..2^16 + * @return The created ::VALUE_PAIR, or NULL on error. + */ +extern VALUE_PAIR *nr_vp_alloc_raw(unsigned int attr, unsigned int vendor); + +/** Set the data associated with a previously allocated ::VALUE_PAIR. \ingroup value_pair + * + * If this function succeeds, VALUE_PAIR::length is no longer zero, + * and the structure contains the data. + * + * @param[in,out] vp The ::VALUE_PAIR to update + * @param[in] data Data to set inside of the ::VALUE_PAIR + * @param[in] data_len Length of the data field + * @return <0 on error, 0 for "data was truncated" + * >0 for "data successfully added" + */ +extern int nr_vp_set_data(VALUE_PAIR *vp, const void *data, size_t data_len); + +/** Create a ::VALUE_PAIR and set its data. \ingroup value_pair + * + * @param[in] attr The attribute number of the ::VALUE_PAIR to create + * @param[in] vendor The vendor number of the ::VALUE_PAIR to create + * @param[in] data Data to set inside of the ::VALUE_PAIR + * @param[in] data_len Length of the data field + * @return The created ::VALUE_PAIR, or NULL on error. + */ +extern VALUE_PAIR *nr_vp_create(int attr, int vendor, const void *data, + size_t data_len); + +/** Append a ::VALUE_PAIR to the end of a ::VALUE_PAIR list. \ingroup value_pair + * + * @param[in,out] head The head of the ::VALUE_PAIR list. May not be NULL. + * @param[in] vp The ::VALUE_PAIR to append to the list. + */ +extern void nr_vps_append(VALUE_PAIR **head, VALUE_PAIR *vp); + +/** Search a ::VALUE_PAIR list for one of a given number. \ingroup value_pair + * + * @param[in] head The head of the ::VALUE_PAIR list to search. + * @param[in] attr The attribute number of the ::VALUE_PAIR to find + * @param[in] vendor The vendor number of the ::VALUE_PAIR to find + * @return The found ::VALUE_PAIR, or NULL if it was not found. + */ +extern VALUE_PAIR *nr_vps_find(VALUE_PAIR *head, + unsigned int attr, unsigned int vendor); + +/** Look up an attribute in the dictionaries. \ingroup dict + * + * The dictionary mapping contains information about the attribute, + * such as printable name, data type (ipaddr, integer, etc), and + * various other things used to encode/decode the attribute in a + * packet. + * + * \attention There is usually no need to call this function. Use + * the RS_DA_* definitions instead. + * + * @param[in] attr Value of the attribute + * @param[in] vendor Value of the vendor + * @return NULL for "not found", or a pointer to the attribute mapping. + */ +extern const DICT_ATTR *nr_dict_attr_byvalue(unsigned int attr, + unsigned int vendor); + +/** Look up an attribute in the dictionaries. \ingroup dict + * + * The dictionary mapping contains information about the attribute, + * such as printable name, data type (ipaddr, integer, etc), and + * various other things used to encode/decode the attribute in a + * packet. + * + * \attention There is usually no need to call this function. + * + * @param[in] name Name of the attribute + * @return NULL for "not found", or a pointer to the attribute mapping. + */ +extern const DICT_ATTR *nr_dict_attr_byname(const char *name); + +/** Converts raw data to a ::DICT_ATTR structure. \ingroup dict + * + * It is called when the library is asked to decode an attribute + * which is not in the pre-defined dictionaries. + * + * \attention There is usually no need to call this function. + * + * @param[in,out] da The ::DICT_ATTR structure to initialize + * @param[in] attr The attribute number + * @param[in] vendor The vendor number + * @param[in] buffer The buffer where the name of the attribute is stored + * @param[in] bufsize Size of the buffer + * @return <0 for error, 0 for success + */ +extern int nr_dict_attr_2struct(DICT_ATTR *da, + unsigned int attr, unsigned int vendor, + char *buffer, size_t bufsize); + +/** Unused. \ngroup dict + * + */ +extern const DICT_VALUE *nr_dict_value_byattr(unsigned int attr, + unsigned int vendor, + int value); + +/** Unused. \ngroup dict + * + */ +const DICT_VALUE *nr_dict_value_byname(unsigned int attr, + unsigned int vendor, + const char *name); + +/** Look up a vendor in the dictionaries. \ingroup dict + * + * The dictionary mapping contains information about the vendor, such + * as printable name, VSA encoding method, etc. + * + * \attention There is usually no need to call this function. + * Applications do not need access to low-level RADIUS protocol + * information. + * + * @param[in] name Name of the vendor. + * @return NULL for "not found", or a pointer to the vendor mapping. + */ +extern int nr_dict_vendor_byname(const char *name); + +/** Look up an vendor in the dictionaries. \ingroup dict + * + * The dictionary mapping contains information about the vendor, such + * as printable name, VSA encoding method, etc. + * + * \attention There is usually no need to call this function. + * + * @param[in] vendor Vendor-Id (or Private Enterprise code) for the vendor. + * @return NULL for "not found", or a pointer to the vendor mapping. + */ +extern const DICT_VENDOR *nr_dict_vendor_byvalue(unsigned int vendor); + +/** Static array of known vendors. \ingroup dict + * + * \attention This structure should only be accessed by internal RADIUS library + * functions. + */ +extern const DICT_VENDOR nr_dict_vendors[]; + +/** The number of attribute definitions in the dictionary. \ingroup dict + * + * This number is guaranteed to be at least 256, for speed. + * + * \attention This variable should only be accessed by internal RADIUS library + * functions. + */ +extern const int nr_dict_num_attrs; + +/** The list of attribute definitions. \ingroup dict + * + * The "standard" RFC attributes are located in the first 256 + * entries. Standard attributes without a dictionary definition are + * given an empty entry. + * + * The attributes are orderd by (vendor, attribute), in increasing + * order. This allows the dictionary lookups to find attributes by a + * binary search. + * + * \attention This variable should only be accessed by internal RADIUS library + * functions. + */ +extern const DICT_ATTR nr_dict_attrs[]; + +/** The number of attributes with names. \ingroup dict + * + * \attention This variable should only be accessed by internal RADIUS library + * functions. + */ +extern const int nr_dict_num_names; + +/** The list of attribute definitions, organized by name. \ingroup dict + * + * The attributes are orderd by name (case insensitive), in + * increasing order. This allows the dictionary lookups to find + * attributes by a binary search. + * + * \attention This variable should only be accessed by internal RADIUS library + * functions. + */ +extern const DICT_ATTR const *nr_dict_attr_names[]; + +/** Static array containing names the RADIUS_PACKET::code field. \ingroup dict + * + * The names are hard-coded and not in any dictionary because they do + * not change. + * + * The names are exported because they may be useful in your + * application. Packet codes which are not handled by the library + * have NULL for their names. + */ +extern const char *nr_packet_codes[RS_MAX_PACKET_CODE + 1]; + +/** Verifies that a packet is "well formed". \ingroup packet + * + * This function performs basic validation to see if the packet is + * well formed. It is automatically called by nr_packet_decode(). + * + * @param[in] packet A pointer to the ::RADIUS_PACKET data. + * @return <0 means malformed, >= 0 means well-formed. + */ +extern int nr_packet_ok(RADIUS_PACKET *packet); + +/** Verifies that a packet is "well formed". \ingroup packet + * + * This function performs basic validation to see if the packet is + * well formed. You should normally use nr_packet_ok() instead of + * this function. + * + * @param[in] data A pointer to the raw packet data. + * @param[in] sizeof_data The length of the raw packet data + * @return <0 means malformed, >= 0 means well-formed. + */ +extern int nr_packet_ok_raw(const uint8_t *data, size_t sizeof_data); + +/** Encodes a packet. \ingroup packet + * + * This function encodes a packet using the fields of the + * ::RADIUS_PACKET structure. The RADIUS_PACKET::code and + * RADIUS_PACKET::id fields are used to fill in the relevant fields + * of the raw (encoded) packet. The RADIUS_PACKET::vps list is + * walked to encode the attributes. The packet is signed, if + * required. + * + * The raw packet is placed into the RADIUS_PACKET::data field, up to + * RADIUS_PACKET::sizeof_data bytes. the RADIUS_PACKET::length field + * is updated with the length of the raw packet. This field is + * always less than, or equal to, the RADIUS_PACKET::size_data field. + * If there is insufficient room to store all of the attributes, then + * some attributes are silently discarded. + * + * The RADIUS_PACKET::vector field is either calculated as part of + * the signing process, or is initialized by this function to be a + * random sequence of bytes. That field should therefore be left + * alone by the caller. + * + * When the encoding has been successful, it sets the + * RADIUS_PACKET::encoded field to non-zero. + * + * In addition, all required attribute "encryption" is performed. + * + * User-Password. The vp_strvalue field is assumed to contain the + * "clear-text" version of the password. The encrypted version is + * calculated, and placed in the packet. + * + * CHAP-Password. The vp_strvalue field is assumed to contain the + * "clear-text" version of the password. The encrypted version is + * calculated, and placed in the packet. If the RADIUS_PACKET::vps + * list contains a CHAP-Challenge attribute, it is used. Otherwise + * the RADIUS_PACKET::vector field is used a the challenge. + * + * Message-Authenticator. The contents of the Message-Authenticator + * in the RADIUS_PACKET::vps list are ignored. Instead, a + * "place-holder" is put into the packt. Tthe correct value is + * calculated and placed into the packet by nr_packet_sign(). + * + * The RADIUS_PACKET::vps list is left untouched by this function, + * even when attribute encryption or signing is performed. Any + * VALUE_PAIR structures can therefore be taken from static "const" + * variables. + * + * @param[in] packet The RADIUS packet to encode. + * @param[in] original The original request, when encoding a response. + * @return <0 on error, >= 0 on success. + */ +extern int nr_packet_encode(RADIUS_PACKET *packet, const RADIUS_PACKET *original); + +/** Decodes a packet. \ingroup packet + * + * This function decodes a packet from the RADIUS_PACKET::data field + * into a sequence of ::VALUE_PAIR structures in the + * RADIUS_PACKET::vps list. + * + * @param[in] packet The RADIUS packet to decode. + * @param[in] original The original request, when decoding a response. + * @return <0 on error, >= 0 on success. + */ +extern int nr_packet_decode(RADIUS_PACKET *packet, const RADIUS_PACKET *original); + +/** Signs a packet so that it can be sent. \ingroup packet + * + * This function calculates the Message-Authenticator (if required), + * and signs the packet. + * + * @param[in] packet The RADIUS packet to sign. + * @param[in] original The original request, when signing a response. + * @return <0 on error, >= 0 on success. + */ +extern int nr_packet_sign(RADIUS_PACKET *packet, const RADIUS_PACKET *original); + +/** Verifies that a packet is well-formed and contains the correct signature. \ingroup packet + * + * If "original" is specified, it also verifies that the packet is a + * response to the original request, and that it has the correct + * signature. + * + * @param[in] packet The RADIUS packet to verify. + * @param[in] original The original request, when verifying a response. + * @return <0 on error, >= 0 on success. + */ +extern int nr_packet_verify(RADIUS_PACKET *packet, + const RADIUS_PACKET *original); + +/** Pretty-prints a hex dump of a RADIUS packet. \ingroup packet print + * + * This function is available only in debugging builds of the + * library. It is useful during development, but should not be used + * in a production system. + * + * The packet headers are printed individually, and each attribute is + * printed as "type length data..." + * + * @param[in] packet The RADIUS packet to print + */ +extern void nr_packet_print_hex(RADIUS_PACKET *packet); + + +/** Return the given number of random bytes. \ingroup custom + * + * This function should be replaced by one that is specific to your + * system. + * + * This is a wrapper function which enables the library to be more + * portable. + * + * @param[in] data Location where the random bytes will be stored + * @param[in] data_len Number of bytes to store + * @return <0 on error, or the total number of bytes stored. + */ +extern ssize_t nr_rand_bytes(uint8_t *data, size_t data_len); + +/** Return a random 32-bit integer. \ingroup custom + * + * This function should be replaced by one that is specific to your + * system. The version supplied here just calls nr_rand_bytes() each + * time, which is slow. + * + * This is a wrapper function which enables the library to be more + * portable. + * + * @return An unsigned 32-bit random integer. + */ +extern uint32_t nr_rand(void); + +/** Add a time to the given ::struct timeval. \ingroup custom + * + * This is a wrapper function which enables the library to be more + * portable. + * + * @param[in,out] t The timeval to which the time is added. + * @param[in] seconds Time in seconds to add + * @param[in] usec Time in microseconds to add + */ +extern void nr_timeval_add(struct timeval *t, unsigned int seconds, + unsigned int usec); + +/** Compare two times. \ingroup custom + * + * This is a wrapper function which enables the library to be more + * portable. + * + * @param[in] a One timeval + * @param[in] b Another one + * @return a <=> b + */ +extern int nr_timeval_cmp(const struct timeval *a, const struct timeval *b); + +/** Initializes an ::nr_server_t. \ingroup id + * + * @param[in,ut] s The ::nr_server_t to initialize + * @param[in] code The packet code used for packets sent to this server + * @param[in] secret The shared secret used for packet sent to this server + * @return <0 for error, >= 0 for success + */ +extern int nr_server_init(nr_server_t *s, int code, const char *secret); + +/** Closes an ::nr_server_t data structure. \ingroup id + * + * Ensures that all IDs are free, and closes the socket. + * + * @param[in] s The server structure to close. + * @return <0 for error, 0 for success + */ +extern int nr_server_close(const nr_server_t *s); + +/** Allocate a RADIUS_PACKET::id value for sending a packet to a server. \ingroup id + * + * This function allocates a RADIUS_PACKET::id from the ::nr_server_t + * structure. It also fills in the RADIUS_PACKET::sockfd, + * RADIUS_PACKET::code, and RADIUS_PACKET::dst fields. + * + * @param[in] s The server structure which tracks the ID + * @param[in] packet The packet which needs an ID + * @return <0 for error, 0 for success + */ +extern int nr_server_id_alloc(nr_server_t *id, RADIUS_PACKET *packet); + +/** Re-allocate a RADIUS_PACKET::id value for sending a packet to a server. \ingroup id + * + * It is used when retransmitting an Accounting-Request packet to a + * server, after updating the Acct-Delay-Time field. The "realloc" + * name means that the new ID is allocated, and is guaranteed to be + * different from the old one. + * + * @param[in] s The server structure which tracks the ID + * @param[in] packet The packet which needs a new ID + * @return <0 for error, 0 for success + */ +extern int nr_server_id_realloc(nr_server_t *id, RADIUS_PACKET *packet); + +/** Free a RADIUS_PACKET::id value after sending a packet to a server. \ingroup id + * + * @param[in] s The server structure which tracks the ID + * @param[in] packet The packet which has an ID, and wants to free it + * @return <0 for error, 0 for success + */ +extern int nr_server_id_free(nr_server_t *id, RADIUS_PACKET *packet); + + +/** Allocates a packet using malloc(), and initializes it. \ingroup id + * + * @param[in] s The server structure + * @param[in,out] packet_p Pointer to the ::RADIUS_PACKET to be allocated + * @return <0 for error, 0 for success + */ +extern int nr_server_packet_alloc(const nr_server_t *s, RADIUS_PACKET **packet_p); + +/** Record a humanly readable error message. \ingroup error + * + * \attention This structure should only be accessed by internal + * RADIUS library functions. + * + * @param[in] fmt The format to use. + */ +extern void nr_strerror_printf(const char *fmt, ...); + +#ifndef NDEBUG +#define nr_debug_error nr_strerror_printf /** \ingroup error */ +#else +#define nr_debug_error if (0) nr_strerror_printf +#endif + +/** Encrypts or decrypts a User-Password attribute. \ingroup internal + * + * \attention This structure should only be accessed by internal + * RADIUS library functions. + * + * @param[out] output Buffer where the password is stored + * @param[out] outlen Size of the output buffer + * @param[in] input Input buffer with password + * @param[in] inlen Length of the input buffer + * @param[in] secret The shared secret + * @param[in] vector Authentication vector + * @return <0 on error, or the length of data in "output" + */ +extern ssize_t nr_password_encrypt(uint8_t *output, size_t outlen, + const uint8_t *input, size_t inlen, + const char *secret, const uint8_t *vector); + +/** Encrypts a Tunnel-Password attribute. \ingroup internal + * + * \attention This structure should only be accessed by internal + * RADIUS library functions. + * + * @param[out] output Buffer where the password is stored + * @param[out] outlen Size of the output buffer + * @param[in] input Input buffer with password + * @param[in] inlen Length of the input buffer + * @param[in] secret The shared secret + * @param[in] vector Authentication vector + * @return <0 on error, or the length of data in "output" + */ +extern ssize_t nr_tunnelpw_encrypt(uint8_t *output, size_t outlen, + const uint8_t *input, size_t inlen, + const char *secret, const uint8_t *vector); + +/** Decrypts a Tunnel-Password attribute. \ingroup internal + * + * + * \attention This structure should only be accessed by internal + * RADIUS library functions. + * + * @param[out] output Buffer where the password is stored + * @param[out] outlen Size of the output buffer + * @param[in] input Input buffer with password + * @param[in] inlen Length of the input buffer + * @param[in] secret The shared secret + * @param[in] vector Authentication vector + * @return <0 on error, or the length of data in "output" + */ +extern ssize_t nr_tunnelpw_decrypt(uint8_t *output, size_t outlen, + const uint8_t *input, size_t inlen, + const char *secret, const uint8_t *vector); + +/** Calculates an HMAC-MD5. \ingroup internal + * + * @param[in] data Data to be hashed + * @param[in] data_len Length of data to be hashed + * @param[in] key Key for the HMAC + * @param[in] key_len Length of the key + * @param[out] digest + */ +extern void nr_hmac_md5(const uint8_t *data, size_t data_len, + const uint8_t *key, size_t key_len, + uint8_t digest[16]); + +/** Checks if a TLV is properly formatted. \ingroup internal + * + * \attention This structure should only be accessed by internal + * RADIUS library functions. + * + * @param[in] data Data to check + * @param[in] length Length of the data field + * @param[in] dv_type Length of the TLV "type" field + * @param[in] dv_length Length of the TLV "length" field + * @return <0 on error, 0 for "TLV is OK" + */ +extern int nr_tlv_ok(const uint8_t *data, size_t length, + size_t dv_type, size_t dv_length); + +/** A callback function used by nr_packet_walk(). \ingroup packet + * + * The function should return 0 on success (i.e. keep walking), and + * otherwise a negative number indicating an error code + * (::nr_error_t). That negative number will be used as the return + * code for nr_packet_walk(). + */ +typedef int (*nr_packet_walk_func_t)(void *, const DICT_ATTR *, const uint8_t *, size_t); + +/** Walks over all attributes in a packet. \ingroup packet + * + * This function is an iterator which calls a user-supplied callback + * function for each attribute in the packet. It should be used + * instead of manually walking over the attributes. There are a + * number of odd corner cases when handling Vendor-Specific + * attributes, and it is easy to get those corner cases wrong. + * + * This function iterates over *all* attributes, including nested + * VSAs. That is its main value. + * + * Encrypted attributes such as User-Password are not decrypted. + * + * @param[in] packet The packet containing the data + * @param[in] ctx A user-supplied context. May be NULL + * @param[in] callback The callback function where the information is passed. + * + * @return <0 for error, + * 0 for success. + */ +extern int nr_packet_walk(RADIUS_PACKET *packet, void *ctx, + nr_packet_walk_func_t callback); + +/** Initialize a packet + * + * If original is specified, the packet is initialized as a response + * to the original request. + * + * @param[in,out] packet The packet to initialize + * @param[in] original The original request (if any) to use as a template + * @param[in] secret Shared secret + * @param[in] code RADIUS Code field. + * @param[in] data Buffer where packets will be stored (RADIUS_PACKET::data) + * @param[in] sizeof_data Size of buffer (RADIUS_PACKET::sizeof_data) + * @return <0 on error, 0 for success. + */ +extern int nr_packet_init(RADIUS_PACKET *packet, const RADIUS_PACKET *original, + const char *secret, int code, + void *data, size_t sizeof_data); + +/** Add one attribute to the packet. + * + * This function can be used to add "raw" data to a packet. It + * allows the caller to extend the RADIUS packet without using a + * ::VALUE_PAIR data structure. + * + * Some attributes are handled specially by this function. + * + * EAP-Message. This attribute is automatically split into 253-octet + * chunks. + * + * User-Password, CHAP-Password, and Message-Authenticator. These + * attributes are automatically encrypted, as is done by + * nr_packet_encode(). + * + * @param[in] packet The packet to edit + * @param[in] original The original request (if any) + * @param[in] da Pointer to the attribute definition + * @param[in] data Data to append to the packet + * @param[in] data_len Length of data to append to the packet + * + * @return <0 for error, >= 0 for "successfully appended data" + * The function returns the number of octets appended to the packet. + */ +extern ssize_t nr_packet_attr_append(RADIUS_PACKET *packet, + const RADIUS_PACKET *original, + const DICT_ATTR *da, + const void *data, size_t data_len); + + +/** Encodes any ::VALUE_PAIR into an attribute. \ingroup attr + * + * This function can be called for any ::VALUE_PAIR. It will examine + * that structure, and call one of nr_vp2rfc() or nr_vp2vsa() as + * necessary. + * + * \attention This function should not be called. + * + * @param[in] packet Where to place the encoded attribute. + * @param[in] original The original request (optional), if "packet" is a response + * @param[in,out] pvp The ::VALUE_PAIR to encode. On any return >=0, it is updated to point to the "next" ::VALUE_PAIR which should be encoded. + * @param[in] data Where the attribute is to be encoded. + * @param[in] room How many octets are available for attribute encoding. + * + * @return <0 for error, or the number of octets used to encode the attribute. + */ +extern ssize_t nr_vp2attr(const RADIUS_PACKET *packet, + const RADIUS_PACKET *original, + const VALUE_PAIR **pvp, uint8_t *data, size_t room); + +/** Encodes an RFC "standard" ::VALUE_PAIR into an attribute. \ingroup attr + * + * \attention This function should not be called. + * + * @param[in] packet Where to place the encoded attribute. + * @param[in] original The original request (optional), if "packet" is a response + * @param[in,out] pvp The ::VALUE_PAIR to encode. On any return >=0, it is updated to point to the "next" ::VALUE_PAIR which should be encoded. + * @param[in] data Where the attribute is to be encoded. + * @param[in] room How many octets are available for attribute encoding. + * + * @return <0 for error, or the number of octets used to encode the attribute. + */ +extern ssize_t nr_vp2rfc(const RADIUS_PACKET *packet, + const RADIUS_PACKET *original, + const VALUE_PAIR **pvp, + uint8_t *data, size_t room); + +/** Decodes any attribute into a ::VALUE_PAIR. \ingroup attr + * + * \attention This function should not be called. + * + * @param[in] packet The packet containing the attribute to be decoded. + * @param[in] original The original request (optional), if "packet" is a response + * @param[out] pvp Where to place the decoded ::VALUE_PAIR. On any return >=0, it is updated to point to the ::VALUE_PAIR which was decoded from the packet. + * @param[in] data Where the attribute is to be encoded. + * @param[in] length How many octets are available for attribute decoding. + * + * @return <0 for error, or the number of octets used to decode the attribute. + */ +extern ssize_t nr_attr2vp(const RADIUS_PACKET *packet, const RADIUS_PACKET *original, + const uint8_t *data, size_t length, + VALUE_PAIR **pvp); + +/** Decodes an RFC "standard" attribute into a ::VALUE_PAIR. \ingroup attr + * + * \attention This function should not be called. + * + * @param[in] packet The packet containing the attribute to be decoded. + * @param[in] original The original request (optional), if "packet" is a response + * @param[out] pvp Where to place the decoded ::VALUE_PAIR. On any return >=0, it is updated to point to the ::VALUE_PAIR which was decoded from the packet. + * @param[in] data Where the attribute is to be encoded. + * @param[in] length How many octets are available for attribute decoding. + * + * @return <0 for error, or the number of octets used to decode the attribute. + */ +extern ssize_t nr_attr2vp_rfc(const RADIUS_PACKET *packet, + const RADIUS_PACKET *original, + const uint8_t *data, size_t length, + VALUE_PAIR **pvp); + +/** Decodes a Vendor-Specific attribute into a ::VALUE_PAIR. \ingroup attr + * + * \attention This function should not be called. + * + * @param[in] packet The packet containing the attribute to be decoded. + * @param[in] original The original request (optional), if "packet" is a response + * @param[out] pvp Where to place the decoded ::VALUE_PAIR. On any return >=0, it is updated to point to the ::VALUE_PAIR which was decoded from the packet. + * @param[in] data Where the attribute is to be encoded. + * @param[in] length How many octets are available for attribute decoding. + * + * @return <0 for error, or the number of octets used to decode the attribute. + */ +extern ssize_t nr_attr2vp_vsa(const RADIUS_PACKET *packet, + const RADIUS_PACKET *original, + const uint8_t *data, size_t length, + VALUE_PAIR **pvp); + +/** Decodes an attribute with an unexpected length into a ::VALUE_PAIR. \ingroup attr + * + * \attention This function should not be called. + * + * @param[in] packet The packet containing the attribute to be decoded. + * @param[in] original The original request (optional), if "packet" is a response + * @param[out] pvp Where to place the decoded ::VALUE_PAIR. On any return >=0, it is updated to point to the ::VALUE_PAIR which was decoded from the packet. + * @param[in] data Where the attribute is to be encoded. + * @param[in] length How many octets are available for attribute decoding. + * + * @return <0 for error, or the number of octets used to decode the attribute. + */ +extern ssize_t nr_attr2vp_raw(const RADIUS_PACKET *packet, + const RADIUS_PACKET *original, + const uint8_t *data, size_t length, + VALUE_PAIR **pvp); + +/** Encodes a Vendor-Specific ::VALUE_PAIR into an attribute. + * + * \attention This function should not be called. + * + * @param[in] packet Where to place the encoded attribute. + * @param[in] original The original request (optional), if "packet" is a response + * @param[in,out] pvp The ::VALUE_PAIR to encode. On any return >=0, it is updated to point to the "next" ::VALUE_PAIR which should be encoded. + * @param[in] data Where the attribute is to be encoded. + * @param[in] room How many octets are available for attribute encoding. + * + * @return <0 for error, or the number of octets used to encode the attribute. + */ +extern ssize_t nr_vp2vsa(const RADIUS_PACKET *packet, const RADIUS_PACKET *original, + const VALUE_PAIR **pvp, uint8_t *data, + size_t room); + +/** Returns raw data from the RADIUS packet, for a given attribute. \ingroup attr + * + * This function can be called repeatedly to find all instances of a + * given attribute. The first time it is called, the "start" + * parameter should be zero. If the function returns a non-zero + * positive number, it means that there *may* be more attributes + * available. The returned value should be then passed via the + * "start" option in any subsequent calls to the function. + * + * This function should be called by an application when it wants + * access to data which is not in the pre-defined dictionaries. + * + * @param[in] packet The packet containing the attribute. + * @param[in] start Where in the packet we start searching for the attribute. + * @param[in] attr Value of the attribute to search for + * @param[in] vendor Value of the vendor (use 0 for IETF attributes) + * @param[out] pdata Pointer to the data. If no data was found, the pointer is unchanged. + * @param[out] plength Length of the data. If no data was found, the value pointed to is unchanged. + * + * @return <0 for error, + * 0 for "no attribute found, stop searching" + * >0 offset where the attribute was found. + */ +extern ssize_t nr_attr2data(const RADIUS_PACKET *packet, ssize_t start, + unsigned int attr, unsigned int vendor, + const uint8_t **pdata, size_t *plength); + +/** Pretty-print the entire ::VALUE_PAIR \ingroup print + * + * All data is printed in ASCII format. The data type of "octets" is + * printed as a hex string (e.g. 0xabcdef01...). The data type of + * "ipaddr" is printed as a dotted-quad (e.g. 192.0.2.15). + * + * The format is "Attribute-Name = value" + * + * @param[out] buffer Where the printable version of the ::VALUE_PAIR is stored + * @param[in] bufsize size of the output buffer + * @param[in] vp ::VALUE_PAIR to print + * @return length of data in buffer + */ +extern size_t nr_vp_snprintf(char *buffer, size_t bufsize, const VALUE_PAIR *vp); + +/** Pretty-print the VALUE_PAIR::data field \ingroup print + * + * Prints the value of a ::VALUE_PAIR, without the name or "=" sign. + * + * @param[out] buffer Where the printable version of the ::VALUE_PAIR is stored + * @param[in] bufsize size of the output buffer + * @param[in] vp ::VALUE_PAIR to print + * @return length of data in buffer + */ +extern size_t nr_vp_snprintf_value(char *buffer, size_t bufsize, const VALUE_PAIR *vp); + +/** Prints a list of :VALUE_PAIR structures to the given output. \ingroup print + * + * @param[in] fp Where to print the results + * @param[in] vps Linked list of ::VALUE_PAIR to print + */ +extern void nr_vp_fprintf_list(FILE *fp, const VALUE_PAIR *vps); + +/** Scan a string into a ::VALUE_PAIR. The counterpart to + * nr_vp_snprintf_value() \ingroup print + * + * @param[in] string Printable version of the ::VALUE_PAIR + * @param[out] pvp Newly allocated ::VALUE_PAIR + * @return <0 on error, 0 for success. + */ +extern int nr_vp_sscanf(const char *string, VALUE_PAIR **pvp); + +/** Scan the data portion of a ::VALUE_PAIR. The counterpart to + * nr_vp_snprintf_value() \ingroup print + * + * @param[in,out] vp The ::VALUE_PAIR where the data will be stored + * @param[in] value The string version of the data to be parsed + * @return <0 on error, >=0 for the number of characters parsed in value. + */ +extern ssize_t nr_vp_sscanf_value(VALUE_PAIR *vp, const char *value); + +#if defined(__GNUC__) +# define PRINTF_LIKE(n) __attribute__ ((format(printf, n, n+1))) +# define NEVER_RETURNS __attribute__ ((noreturn)) +# define UNUSED __attribute__ ((unused)) +# define BLANK_FORMAT " " /* GCC_LINT whines about empty formats */ +#else + +/** Macro used to quiet compiler warnings inside of the library. \ingroup build + * + */ +# define PRINTF_LIKE(n) + +/** Macro used to quiet compiler warnings inside of the library. \ingroup build + * + */ +# define NEVER_RETURNS + +/** Macro used to quiet compiler warnings inside of the library. \ingroup build + * + */ +# define UNUSED + +/** Macro used to quiet compiler warnings inside of the library. \ingroup build + * + */ +# define BLANK_FORMAT "" +#endif + +#endif /* _RADIUS_CLIENT_H_ */ diff --git a/lib/radius/common.pl b/lib/radius/common.pl new file mode 100644 index 0000000..7042fe5 --- /dev/null +++ b/lib/radius/common.pl @@ -0,0 +1,220 @@ +###################################################################### +# Copyright (c) 2011, Network RADIUS SARL +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# * Neither the name of the <organization> nor the +# names of its contributors may be used to endorse or promote products +# derived from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +# DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY +# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +###################################################################### +our %attributes; +our %vendor; +our %vendorpec; +our $begin_vendor = 0; + +$vendorpec{'0'} = "IETF"; + +sub do_file() +{ + my $filename = shift; + my $fh; + + $dir = $filename; + $dir =~ s:/[^/]+?$::; + $lineno = 0; + + open $fh, "<$filename" or die "Failed to open $filename: $!\n"; + + while (<$fh>) { + $lineno++; + next if (/^\s*#/); + next if (/^\s*$/); + s/#.*//; + s/\s+$//; + + next if ($_ eq ""); + + # + # Remember the vendor + # + if (/^VENDOR\s+([\w-]+)\s+(\w+)(.*)/) { + my $me = $1; + + $vendor{$me}{'pec'} = $2; + $vendorpec{$2} = $me; + + $vendor{$me}{'type'} = 1; + $vendor{$me}{'length'} = 1; + + if ($3) { + $format=$3; + $format =~ s/^\s+//; + + if ($format !~ /^format=(\d+),(\d+)$/) { + die "Unknown format $format\n"; + } + $vendor{$me}{'type'} = $1; + $vendor{$me}{'length'} = $2; + } + next; + } + + # + # Remember if we did begin-vendor. + # + if (/^BEGIN-VENDOR\s+([\w-]+)/) { + if (!defined $vendor{$1}) { + die "Unknown vendor $1\n"; + } + $begin_vendor = $vendor{$1}{'pec'}; + next; + } + + # + # Remember if we did this. + # + if (/^END-VENDOR/) { + $begin_vendor = 0; + next; + } + + # + # Get attribute. + # + if (/^ATTRIBUTE\s+([\w-\/.]+)\s+(\w+)\s+(\w+)(.*)/) { + $name=$1; + $value = $2; + $type = $3; + $stuff = $4; + + $value =~ tr/[A-F]/[a-f]/; # normal form for hex + $value =~ tr/X/x/; + + if ($value =~ /^0x/) { + $index = hex $value; + } else { + $index = $value; + } + + next if (($begin_vendor == 0) && ($index > 255)); + + $index += ($begin_vendor << 16); + + $attributes{$index}{'name'} = $name; + $attributes{$index}{'value'} = $value; + if ($begin_vendor ne "") { + $attributes{$index}{'vendor'} = $begin_vendor; + } + + $type =~ tr/a-z/A-Z/; + $attributes{$index}{'type'} = "RS_TYPE_$type"; + + $stuff =~ s/^\s*//; + + if ($stuff) { + foreach $text (split /,/, $stuff) { + if ($text eq "encrypt=1") { + $attributes{$index}{'flags'}{'encrypt'} = "FLAG_ENCRYPT_USER_PASSWORD"; + } elsif ($text eq "encrypt=2") { + $attributes{$index}{'flags'}{'encrypt'} = "FLAG_ENCRYPT_TUNNEL_PASSWORD"; + + } elsif ($text eq "encrypt=3") { + $attributes{$index}{'flags'}{'encrypt'} = "FLAG_ENCRYPT_ASCEND_SECRET"; + + } elsif ($text eq "has_tag") { + $attributes{$index}{'flags'}{'has_tag'} = "1"; + + } elsif ($text =~ /\[(\d+)\]/) { + $attributes{$index}{'flags'}{'length'} = $1; + + } else { + die "$filename: $lineno - Unknown flag $text\n"; + } + } + } + + if ($type eq "BYTE") { + $attributes{$index}{'flags'}{'length'} = "1"; + + } elsif ($type eq "SHORT") { + $attributes{$index}{'flags'}{'length'} = "2"; + + } elsif ($type eq "INTEGER") { + $attributes{$index}{'flags'}{'length'} = "4"; + + } elsif ($type eq "IPADDR") { + $attributes{$index}{'flags'}{'length'} = "4"; + + } elsif ($type eq "DATE") { + $attributes{$index}{'flags'}{'length'} = "4"; + + } elsif ($type eq "IFID") { + $attributes{$index}{'flags'}{'length'} = "8"; + + } elsif ($type eq "IPV6ADDR") { + + $attributes{$index}{'flags'}{'length'} = "16"; + } + + $name2val{$name} = $index; + next; + } + + # + # Values. + # + if (/^VALUE\s+([\d\w-\/.]+)\s+([\w-\/,.+]+)\s+(\w+)(.*)/) { + next; + + $attr = $1; + $name = $2; + $value = $3; + $stuff = $d; + + $value =~ tr/[A-F]/[a-f]/; # normal form for hex + $value =~ tr/X/x/; + + if ($value =~ /^0x/) { + $index = hex $value; + } else { + $index = $value; + } + + if (!defined $name2val{$attr}) { + print "# FIXME: FORWARD REF?\nVALUE $attr $name $value$stuff\n"; + next; + } + + $values{$name2val{$attr}}{$index} = "$attr $name $value$stuff"; + next; + } + + if (/^\$INCLUDE\s+(.*)$/) { + do_file("$dir/$1"); + next; + } + + die "unknown text in line $lineno of $filename: $_\n"; + } + + close $fh; +} + +1; diff --git a/lib/radius/convert.pl b/lib/radius/convert.pl new file mode 100755 index 0000000..7ca424e --- /dev/null +++ b/lib/radius/convert.pl @@ -0,0 +1,197 @@ +#!/usr/bin/env perl +###################################################################### +# Copyright (c) 2011, Network RADIUS SARL +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# * Neither the name of the <organization> nor the +# names of its contributors may be used to endorse or promote products +# derived from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +# DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY +# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +###################################################################### +# +# Converts dictionaries to C structures. Does not yet do "VALUE"s. +# +# Usage: ./convert.pl dictionary ... +# +# Reads input dictionaries, and outputs "radius.h" and "dictionaries.c" +# +# $Id$ +# +require "common.pl"; + +# +# Read all of the dictionaries +# +while (@ARGV) { + $filename = shift; + do_file($filename); +} + +# +# For speed, the dictionary data structures have the first 256 +# attributes at fixed offsets in the array. If the user didn't +# define them, then we set them here to be "raw" or unknown. +# +foreach $attr_val (0..255) { + next if defined $attributes{$attr_val}; + + $attributes{$attr_val}{'raw'} = 1; +} + +if (scalar keys %attributes == 0) { + die "No attributes were defined\n"; +} + + +open DICT, ">dictionaries.c" or die "Failed creating dictionaries.c: $!\n"; + +# +# Print out the data structues for the vendors. +# +if (scalar keys %vendor > 0) { + print DICT "const DICT_VENDOR nr_dict_vendors[] = {\n"; + foreach $v (sort keys %vendor) { + print DICT " { \n"; + print DICT " " . $vendor{$v}{'pec'} . ", \n"; + print DICT " " . $vendor{$v}{'type'} . ",\n"; + print DICT " " . $vendor{$v}{'length'} . ",\n"; + print DICT " \"" . $v, "\"\n"; + print DICT " },\n"; + } + print DICT " { \n"; + print DICT " 0,\n"; + print DICT " 0,\n"; + print DICT " 0,\n"; + print DICT " NULL\n"; + print DICT " },\n"; + print DICT "};\n\n"; +} + +# needed for later. +$vendor{""}{'pec'} = 0; + +sub printAttrFlag +{ + my $tmp = $attributes{$attr_val}{'flags'}{$_[0]}; + + if (!$tmp) { + $tmp = 0; + } + + print DICT $tmp . ", "; +} + +# +# Print DICT out the attributes sorted by number. +# +my $offset = 0; +my $num_names = 0; +print DICT "const DICT_ATTR nr_dict_attrs[] = {\n"; +foreach $attr_val (sort {$a <=> $b} keys %attributes) { + print DICT " { /* $offset */ \n"; + + if (defined $attributes{$attr_val}{'raw'}) { + print DICT " 0\n", + } else { + print DICT " ", $attributes{$attr_val}{'value'}, ", \n"; + print DICT " ", $attributes{$attr_val}{'type'}, ", \n"; + print DICT " ", $attributes{$attr_val}{'vendor'}, ", \n"; + print DICT " { "; + &printAttrFlag('has_tag'); + &printAttrFlag('unknown'); +# &printAttrFlag('has_tlv'); +# &printAttrFlag('is_tlv'); + &printAttrFlag('extended'); + &printAttrFlag('extended_flags'); + &printAttrFlag('evs'); + &printAttrFlag('encrypt'); + &printAttrFlag('length'); + print DICT "},\n"; + print DICT " \"", $attributes{$attr_val}{'name'}, "\", \n"; + $num_names++; + } + + $attributes{$attr_val}{'offset'} = $offset++; + + print DICT " },\n"; + +} +print DICT "};\n\n"; + +print DICT "const int nr_dict_num_attrs = ", $offset - 1, ";\n\n"; +print DICT "const int nr_dict_num_names = ", $num_names - 1, ";\n\n"; + +my $offset = 0; +print DICT "const DICT_ATTR *nr_dict_attr_names[] = {\n"; +foreach $attr_val (sort {lc($attributes{$a}{'name'}) cmp lc($attributes{$b}{'name'})} keys %attributes) { + next if (defined $attributes{$attr_val}{'raw'}); + + print DICT " &nr_dict_attrs[", $attributes{$attr_val}{'offset'}, "], /* ", $attributes{$attr_val}{'name'}, " */\n"; +} + +print DICT "};\n\n"; +close DICT; + +open HDR, ">../include/radsec/radius.h" or die "Failed creating radius.c: $!\n"; + +print HDR "/* Automatically generated file. Do not edit */\n\n"; + +foreach $v (sort keys %vendor) { + next if ($v eq ""); + + $name = $v; + $name =~ tr/a-z/A-Z/; # uppercase + $name =~ tr/A-Z0-9/_/c; # any ELSE becomes _ + + print HDR "#define VENDORPEC_", $name, " ", $vendor{$v}{'pec'}, "\n"; +} +print HDR "\n"; + +$begin_vendor = -1; +foreach $attr_val (sort {$a <=> $b} keys %attributes) { + next if (defined $attributes{$attr_val}{'raw'}); + + if ($attributes{$attr_val}{'vendor'} != $begin_vendor) { + print HDR "\n/* ", $vendorpec{$attributes{$attr_val}{'vendor'}}, " */\n"; + $begin_vendor = $attributes{$attr_val}{'vendor'}; + } + + $name = $attributes{$attr_val}{'name'}; + $name =~ tr/a-z/A-Z/; + $name =~ tr/A-Z0-9/_/c; + + print HDR "#define PW_", $name, " ", $attributes{$attr_val}{'value'}, "\n"; +} +print HDR "\n"; + +print HDR "/* Fixed offsets to dictionary definitions of attributes */\n"; +foreach $attr_val (sort {$a <=> $b} keys %attributes) { + next if (defined $attributes{$attr_val}{'raw'}); + + $name = $attributes{$attr_val}{'name'}; + $name =~ tr/a-z/A-Z/; + $name =~ tr/-/_/; + + print HDR "#define RS_DA_$name (&nr_dict_attrs[$attributes{$attr_val}{'offset'}])\n"; +} + +print HDR "/* Automatically generated file. Do not edit */\n"; + +close HDR; diff --git a/lib/radius/crypto.c b/lib/radius/crypto.c new file mode 100644 index 0000000..21cc7d0 --- /dev/null +++ b/lib/radius/crypto.c @@ -0,0 +1,233 @@ +/* +Copyright (c) 2011, Network RADIUS SARL +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the <organization> nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY +DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/** \file crypto.c + * \brief Data obfuscation and signing, using MD5. + * + * The "encryption" methods defined here are export-safe. The + * technical cryptography name for these functions is "obfuscation". + * They cannot properly be called "encryption", in the same way that + * DES or AES performs encryption. + */ + +/** \cond PRIVATE */ + +#include "client.h" + + +ssize_t nr_password_encrypt(uint8_t *output, size_t outlen, + const uint8_t *input, size_t inlen, + const char *secret, const uint8_t *vector) +{ + size_t i, j, len; + uint8_t digest[16]; + RS_MD5_CTX ctx, secret_ctx; + + if (!output || (outlen < 16) || !input || (inlen == 0) || + !secret || !vector) { + return -RSE_INVAL; + } + + len = inlen; + if (len > 128) return -RSE_ATTR_OVERFLOW; + + len = (len + 0x0f) & ~0x0f; /* round up to 16 byte boundary */ + + if (outlen < len) return -RSE_ATTR_OVERFLOW; + + memcpy(output, input, len); + memset(output + len, 0, 128 - len); + + RS_MD5Init(&secret_ctx); + RS_MD5Update(&secret_ctx, (const uint8_t *) secret, strlen(secret)); + + for (j = 0; j < len; j += 16) { + ctx = secret_ctx; + + if (j == 0) { + RS_MD5Update(&ctx, vector, 16); + RS_MD5Final(digest, &ctx); + } else { + RS_MD5Update(&ctx, &output[j - 16], 16); + RS_MD5Final(digest, &ctx); + } + + for (i = 0; i < 16; i++) { + output[i + j] ^= digest[i]; + } + } + + return len; +} + +#ifdef FLAG_ENCRYPT_TUNNEL_PASSWORD +ssize_t nr_tunnelpw_encrypt(uint8_t *output, size_t outlen, + const uint8_t *input, size_t inlen, + const char *secret, const uint8_t *vector) +{ + size_t i, j, len; + RS_MD5_CTX ctx, secret_ctx; + uint8_t digest[16]; + + if (!output || (outlen < 18) || !input || (inlen == 0) || + !secret || !vector) { + return -RSE_INVAL; + } + + len = ((inlen + 1) + 0x0f) & ~0x0f; + if (len > 251) return -RSE_ATTR_OVERFLOW; + + output[0] = (nr_rand() & 0xff) | 0x80; + output[1] = nr_rand() & 0xff; + output[2] = inlen; + + memcpy(output + 3, input, inlen); + memset(output + 3 + inlen, 0, len - inlen - 1); + + RS_MD5Init(&secret_ctx); + RS_MD5Update(&secret_ctx, (const uint8_t *) secret, strlen(secret)); + + for (j = 0; j < len; j += 16) { + ctx = secret_ctx; + + if (j == 0) { + RS_MD5Update(&ctx, vector, 16); + RS_MD5Update(&ctx, output, 2); + RS_MD5Final(digest, &ctx); + } else { + RS_MD5Update(&ctx, &output[j + 2 - 16], 16); + RS_MD5Final(digest, &ctx); + } + + for (i = 0; i < 16; i++) { + output[i + j + 2] ^= digest[i]; + } + } + + return len + 2; +} + +ssize_t nr_tunnelpw_decrypt(uint8_t *output, size_t outlen, + const uint8_t *input, size_t inlen, + const char *secret, const uint8_t *vector) +{ + size_t i, j, len, encoded_len; + RS_MD5_CTX ctx, secret_ctx; + uint8_t digest[16]; + + if (!output || (outlen < 1) || !input || (inlen < 2) || + !secret || !vector) { + return -RSE_INVAL; + } + + if (inlen <= 3) { + output[0] = 0; + return 0; + } + + len = inlen - 2; + + if (outlen < (len - 1)) return -RSE_ATTR_OVERFLOW; + + RS_MD5Init(&secret_ctx); + RS_MD5Update(&secret_ctx, (const uint8_t *) secret, strlen(secret)); + + ctx = secret_ctx; + + RS_MD5Update(&ctx, vector, 16); /* MD5(secret + vector + salt) */ + RS_MD5Update(&ctx, input, 2); + RS_MD5Final(digest, &ctx); + + encoded_len = input[2] ^ digest[0]; + if (encoded_len >= len) { + return -RSE_ATTR_TOO_LARGE; + } + + for (i = 0; i < 15; i++) { + output[i] = input[i + 3] ^ digest[i + 1]; + } + + for (j = 16; j < len; j += 16) { + ctx = secret_ctx; + + RS_MD5Update(&ctx, input + j - 16 + 2, 16); + RS_MD5Final(digest, &ctx); + + for (i = 0; i < 16; i++) { + output[i + j - 1] = input[i + j + 2] ^ digest[i]; + } + + + } + + output[encoded_len] = '\0'; + return encoded_len; +} +#endif + +void +nr_hmac_md5(const uint8_t *data, size_t data_len, + const uint8_t *key, size_t key_len, + uint8_t digest[16]) +{ + size_t i; + uint8_t k_ipad[64]; + uint8_t k_opad[64]; + uint8_t tk[16]; + RS_MD5_CTX ctx; + + if (key_len > 64) { + RS_MD5Init(&ctx); + RS_MD5Update(&ctx, key, key_len); + RS_MD5Final(tk, &ctx); + + key = tk; + key_len = 16; + } + + memset(k_ipad, 0, sizeof(k_ipad)); + memset(k_opad, 0, sizeof(k_opad)); + memcpy(k_ipad, key, key_len); + memcpy(k_opad, key, key_len); + + for (i = 0; i < sizeof(k_ipad); i++) { + k_ipad[i] ^= 0x36; + k_opad[i] ^= 0x5c; + } + + RS_MD5Init(&ctx); + RS_MD5Update(&ctx, k_ipad, sizeof(k_ipad)); + RS_MD5Update(&ctx, data, data_len); + RS_MD5Final(digest, &ctx); + + RS_MD5Init(&ctx); + RS_MD5Update(&ctx, k_opad, sizeof(k_opad)); + RS_MD5Update(&ctx, digest, 16); + RS_MD5Final(digest, &ctx); +} + +/** \endcond */ diff --git a/lib/radius/custom.c b/lib/radius/custom.c new file mode 100644 index 0000000..917939a --- /dev/null +++ b/lib/radius/custom.c @@ -0,0 +1,163 @@ +/* +Copyright (c) 2011, Network RADIUS SARL +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the <organization> nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY +DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/* + * Copyright (c) 2006 Kungliga Tekniska HAÎåÎÝgskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/** \file custom.c + * \brief Functions which should be customized for your local system. + */ + +#include "client.h" + +#include <unistd.h> +#include <fcntl.h> + +#ifdef WIN32 +#include <wincrypt.h> + +volatile static HCRYPTPROV nr_cryptprovider = 0; + +static HCRYPTPROV +nr_CryptProvider(void) +{ + BOOL rv; + HCRYPTPROV cryptprovider = 0; + + if (nr_cryptprovider != 0) + return nr_cryptprovider; + + rv = CryptAcquireContext(&cryptprovider, NULL, + MS_ENHANCED_PROV, PROV_RSA_FULL, + 0); + + if (GetLastError() == NTE_BAD_KEYSET) { + if(!rv) + rv = CryptAcquireContext(&cryptprovider, NULL, + MS_ENHANCED_PROV, PROV_RSA_FULL, + CRYPT_NEWKEYSET); + } + + if (rv && + InterlockedCompareExchangePointer((PVOID *) &nr_cryptprovider, + (PVOID) cryptprovider, 0) != 0) { + + CryptReleaseContext(cryptprovider, 0); + cryptprovider = nr_cryptprovider; + } + + return cryptprovider; +} + +ssize_t nr_rand_bytes(uint8_t *data, size_t data_len) +{ + if (CryptGenRandom(nr_CryptProvider(), data_len, data)) + return 0; + return data_len; +} +#else +ssize_t nr_rand_bytes(uint8_t *data, size_t data_len) +{ + static int fd = -1; + + if (fd < 0) { + fd = open("/dev/urandom", O_RDONLY); + if (fd < 0) { + nr_strerror_printf("Error opening randomness: %s", + strerror(errno)); + return 0; + } + } + + return read(fd, data, data_len); +} +#endif /* WIN32 */ + +uint32_t nr_rand(void) +{ + uint32_t lvalue; + + nr_rand_bytes((void *)&lvalue, sizeof(lvalue)); + return lvalue; +} + + +#ifndef USEC +#define USEC (1000000) +#endif + +void nr_timeval_add(struct timeval *t, unsigned int seconds, unsigned int usec) +{ + t->tv_sec += seconds; + t->tv_sec += usec / USEC; + t->tv_usec += usec % USEC; + if (t->tv_usec > USEC) { + t->tv_sec++; + t->tv_usec -= USEC; + } +} + +int nr_timeval_cmp(const struct timeval *a, const struct timeval *b) +{ + if (a->tv_sec > b->tv_sec) return +1; + if (a->tv_sec < b->tv_sec) return -1; + + if (a->tv_usec > b->tv_usec) return +1; + if (a->tv_usec < b->tv_usec) return -1; + + return 0; +} + diff --git a/lib/radius/dict.c b/lib/radius/dict.c new file mode 100644 index 0000000..fc04ee2 --- /dev/null +++ b/lib/radius/dict.c @@ -0,0 +1,172 @@ +/* +Copyright (c) 2011, Network RADIUS SARL +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the <organization> nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY +DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "client.h" +#include <ctype.h> + +/** \file dict.c + * \brief Functions for name to number, and number to name mappings. + */ + +const DICT_ATTR *nr_dict_attr_byvalue(unsigned int attr, unsigned int vendor) +{ + int start, half, end; + + if (!vendor && (attr > 0) && (attr < 256)) { + if (nr_dict_attrs[attr].name) { + return &nr_dict_attrs[attr]; + } + return NULL; + } + + if (!vendor) return NULL; /* no "non-protocol" attributes */ + + start = 256; /* first 256 entries are "standard" ones */ + end = nr_dict_num_attrs; + + do { + half = (start + end) / 2; + + if ((nr_dict_attrs[half].vendor == vendor) && + (nr_dict_attrs[half].attr == attr)) { + return &nr_dict_attrs[half]; + } + + if ((vendor >= nr_dict_attrs[half].vendor) && + (attr > nr_dict_attrs[half].attr)) { + start = half + 1; + } else { + end = half - 1; + } + + } while (start <= end); + + return NULL; +} + +const DICT_ATTR *nr_dict_attr_byname(const char *name) +{ + int start, half, end; + + start = 1; + end = nr_dict_num_names; + + if (!name || !*name) return NULL; + + do { + int rcode; + + half = (start + end) / 2; + + rcode = strcasecmp(name, nr_dict_attr_names[half]->name); + if (rcode == 0) return nr_dict_attr_names[half]; + + if (rcode > 0) { + start = half + 1; + } else { + end = half - 1; + } + + + } while (start <= end); + + return NULL; +} + +int nr_dict_attr_2struct(DICT_ATTR *da, unsigned int attr, unsigned int vendor, + char *buffer, size_t bufsize) +{ + if (!da || !buffer) return -RSE_INVAL; + + if (!vendor) { + if (attr > 256) return -RSE_INVAL; + + } else if (vendor > (1 << 24)) { + return -RSE_INVAL; + } + + memset(da, 0, sizeof(*da)); + da->attr = attr; + da->flags.unknown = 1; + da->type = RS_TYPE_OCTETS; + da->vendor = vendor; + + if (da->vendor) { + snprintf(buffer, bufsize, "Attr-26.%u.%u", + vendor, attr); + } else { + snprintf(buffer, bufsize, "Attr-%u", attr); + } + da->name = buffer; + + return 0; +} + + +const DICT_VALUE *nr_dict_value_byattr(UNUSED unsigned int attr, + UNUSED unsigned int vendor, + UNUSED int value) +{ + return NULL; +} + +const DICT_VALUE *nr_dict_value_byname(UNUSED unsigned int attr, + UNUSED unsigned int vendor, + UNUSED const char *name) +{ + return NULL; +} + +int nr_dict_vendor_byname(const char *name) +{ + const DICT_VENDOR *dv; + + if (!name || !*name) return 0; + + /* + * O(n) lookup. + */ + for (dv = &nr_dict_vendors[0]; dv->name != NULL; dv++) { + if (strcasecmp(dv->name, name) == 0) return dv->vendor; + } + + return 0; +} + +const DICT_VENDOR *nr_dict_vendor_byvalue(unsigned int vendor) +{ + const DICT_VENDOR *dv; + + /* + * O(n) lookup. + */ + for (dv = &nr_dict_vendors[0]; dv->name != NULL; dv++) { + if (dv->vendor == vendor) return dv; + } + + return NULL; +} diff --git a/lib/radius/doc.txt b/lib/radius/doc.txt new file mode 100644 index 0000000..09a8415 --- /dev/null +++ b/lib/radius/doc.txt @@ -0,0 +1,41 @@ +/** + +\file doc.txt +\brief The main documentation. + +\mainpage The Network RADIUS Client Library + +This client library is intended for use in embedded systems. It is +small with a simple API, yet has more functionality than most +commercial or Open Source products. + +\section License + +Copyright (c) 2011, Network RADIUS SARL +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the <organization> nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY +DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +\ref dictionaries.txt "Dictionaries and dictionary formats" + +*/ diff --git a/lib/radius/doxygen.conf b/lib/radius/doxygen.conf new file mode 100644 index 0000000..e310771 --- /dev/null +++ b/lib/radius/doxygen.conf @@ -0,0 +1,1417 @@ +# Doxyfile 1.5.6 + +# This file describes the settings to be used by the documentation system +# doxygen (www.doxygen.org) for a project +# +# All text after a hash (#) is considered a comment and will be ignored +# The format is: +# TAG = value [value, ...] +# For lists items can also be appended using: +# TAG += value [value, ...] +# Values that contain spaces should be placed between quotes (" ") + +#--------------------------------------------------------------------------- +# Project related configuration options +#--------------------------------------------------------------------------- + +# This tag specifies the encoding used for all characters in the config file +# that follow. The default is UTF-8 which is also the encoding used for all +# text before the first occurrence of this tag. Doxygen uses libiconv (or the +# iconv built into libc) for the transcoding. See +# http://www.gnu.org/software/libiconv for the list of possible encodings. + +DOXYFILE_ENCODING = UTF-8 + +# The PROJECT_NAME tag is a single word (or a sequence of words surrounded +# by quotes) that should identify the project. + +PROJECT_NAME = networkclient + +# The PROJECT_NUMBER tag can be used to enter a project or revision number. +# This could be handy for archiving the generated documentation or +# if some version control system is used. + +PROJECT_NUMBER = + +# The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) +# base path where the generated documentation will be put. +# If a relative path is entered, it will be relative to the location +# where doxygen was started. If left blank the current directory will be used. + +OUTPUT_DIRECTORY = + +# If the CREATE_SUBDIRS tag is set to YES, then doxygen will create +# 4096 sub-directories (in 2 levels) under the output directory of each output +# format and will distribute the generated files over these directories. +# Enabling this option can be useful when feeding doxygen a huge amount of +# source files, where putting all generated files in the same directory would +# otherwise cause performance problems for the file system. + +CREATE_SUBDIRS = NO + +# The OUTPUT_LANGUAGE tag is used to specify the language in which all +# documentation generated by doxygen is written. Doxygen will use this +# information to generate all constant output in the proper language. +# The default language is English, other supported languages are: +# Afrikaans, Arabic, Brazilian, Catalan, Chinese, Chinese-Traditional, +# Croatian, Czech, Danish, Dutch, Farsi, Finnish, French, German, Greek, +# Hungarian, Italian, Japanese, Japanese-en (Japanese with English messages), +# Korean, Korean-en, Lithuanian, Norwegian, Macedonian, Persian, Polish, +# Portuguese, Romanian, Russian, Serbian, Slovak, Slovene, Spanish, Swedish, +# and Ukrainian. + +OUTPUT_LANGUAGE = English + +# If the BRIEF_MEMBER_DESC tag is set to YES (the default) Doxygen will +# include brief member descriptions after the members that are listed in +# the file and class documentation (similar to JavaDoc). +# Set to NO to disable this. + +BRIEF_MEMBER_DESC = YES + +# If the REPEAT_BRIEF tag is set to YES (the default) Doxygen will prepend +# the brief description of a member or function before the detailed description. +# Note: if both HIDE_UNDOC_MEMBERS and BRIEF_MEMBER_DESC are set to NO, the +# brief descriptions will be completely suppressed. + +REPEAT_BRIEF = YES + +# This tag implements a quasi-intelligent brief description abbreviator +# that is used to form the text in various listings. Each string +# in this list, if found as the leading text of the brief description, will be +# stripped from the text and the result after processing the whole list, is +# used as the annotated text. Otherwise, the brief description is used as-is. +# If left blank, the following values are used ("$name" is automatically +# replaced with the name of the entity): "The $name class" "The $name widget" +# "The $name file" "is" "provides" "specifies" "contains" +# "represents" "a" "an" "the" + +ABBREVIATE_BRIEF = + +# If the ALWAYS_DETAILED_SEC and REPEAT_BRIEF tags are both set to YES then +# Doxygen will generate a detailed section even if there is only a brief +# description. + +ALWAYS_DETAILED_SEC = NO + +# If the INLINE_INHERITED_MEMB tag is set to YES, doxygen will show all +# inherited members of a class in the documentation of that class as if those +# members were ordinary class members. Constructors, destructors and assignment +# operators of the base classes will not be shown. + +INLINE_INHERITED_MEMB = NO + +# If the FULL_PATH_NAMES tag is set to YES then Doxygen will prepend the full +# path before files name in the file list and in the header files. If set +# to NO the shortest path that makes the file name unique will be used. + +FULL_PATH_NAMES = YES + +# If the FULL_PATH_NAMES tag is set to YES then the STRIP_FROM_PATH tag +# can be used to strip a user-defined part of the path. Stripping is +# only done if one of the specified strings matches the left-hand part of +# the path. The tag can be used to show relative paths in the file list. +# If left blank the directory from which doxygen is run is used as the +# path to strip. + +STRIP_FROM_PATH = + +# The STRIP_FROM_INC_PATH tag can be used to strip a user-defined part of +# the path mentioned in the documentation of a class, which tells +# the reader which header file to include in order to use a class. +# If left blank only the name of the header file containing the class +# definition is used. Otherwise one should specify the include paths that +# are normally passed to the compiler using the -I flag. + +STRIP_FROM_INC_PATH = + +# If the SHORT_NAMES tag is set to YES, doxygen will generate much shorter +# (but less readable) file names. This can be useful is your file systems +# doesn't support long names like on DOS, Mac, or CD-ROM. + +SHORT_NAMES = NO + +# If the JAVADOC_AUTOBRIEF tag is set to YES then Doxygen +# will interpret the first line (until the first dot) of a JavaDoc-style +# comment as the brief description. If set to NO, the JavaDoc +# comments will behave just like regular Qt-style comments +# (thus requiring an explicit @brief command for a brief description.) + +JAVADOC_AUTOBRIEF = NO + +# If the QT_AUTOBRIEF tag is set to YES then Doxygen will +# interpret the first line (until the first dot) of a Qt-style +# comment as the brief description. If set to NO, the comments +# will behave just like regular Qt-style comments (thus requiring +# an explicit \brief command for a brief description.) + +QT_AUTOBRIEF = NO + +# The MULTILINE_CPP_IS_BRIEF tag can be set to YES to make Doxygen +# treat a multi-line C++ special comment block (i.e. a block of //! or /// +# comments) as a brief description. This used to be the default behaviour. +# The new default is to treat a multi-line C++ comment block as a detailed +# description. Set this tag to YES if you prefer the old behaviour instead. + +MULTILINE_CPP_IS_BRIEF = NO + +# If the DETAILS_AT_TOP tag is set to YES then Doxygen +# will output the detailed description near the top, like JavaDoc. +# If set to NO, the detailed description appears after the member +# documentation. + +DETAILS_AT_TOP = YES + +# If the INHERIT_DOCS tag is set to YES (the default) then an undocumented +# member inherits the documentation from any documented member that it +# re-implements. + +INHERIT_DOCS = YES + +# If the SEPARATE_MEMBER_PAGES tag is set to YES, then doxygen will produce +# a new page for each member. If set to NO, the documentation of a member will +# be part of the file/class/namespace that contains it. + +SEPARATE_MEMBER_PAGES = NO + +# The TAB_SIZE tag can be used to set the number of spaces in a tab. +# Doxygen uses this value to replace tabs by spaces in code fragments. + +TAB_SIZE = 8 + +# This tag can be used to specify a number of aliases that acts +# as commands in the documentation. An alias has the form "name=value". +# For example adding "sideeffect=\par Side Effects:\n" will allow you to +# put the command \sideeffect (or @sideeffect) in the documentation, which +# will result in a user-defined paragraph with heading "Side Effects:". +# You can put \n's in the value part of an alias to insert newlines. + +ALIASES = + +# Set the OPTIMIZE_OUTPUT_FOR_C tag to YES if your project consists of C +# sources only. Doxygen will then generate output that is more tailored for C. +# For instance, some of the names that are used will be different. The list +# of all members will be omitted, etc. + +OPTIMIZE_OUTPUT_FOR_C = YES + +# Set the OPTIMIZE_OUTPUT_JAVA tag to YES if your project consists of Java +# sources only. Doxygen will then generate output that is more tailored for +# Java. For instance, namespaces will be presented as packages, qualified +# scopes will look different, etc. + +OPTIMIZE_OUTPUT_JAVA = NO + +# Set the OPTIMIZE_FOR_FORTRAN tag to YES if your project consists of Fortran +# sources only. Doxygen will then generate output that is more tailored for +# Fortran. + +OPTIMIZE_FOR_FORTRAN = NO + +# Set the OPTIMIZE_OUTPUT_VHDL tag to YES if your project consists of VHDL +# sources. Doxygen will then generate output that is tailored for +# VHDL. + +OPTIMIZE_OUTPUT_VHDL = NO + +# If you use STL classes (i.e. std::string, std::vector, etc.) but do not want +# to include (a tag file for) the STL sources as input, then you should +# set this tag to YES in order to let doxygen match functions declarations and +# definitions whose arguments contain STL classes (e.g. func(std::string); v.s. +# func(std::string) {}). This also make the inheritance and collaboration +# diagrams that involve STL classes more complete and accurate. + +BUILTIN_STL_SUPPORT = NO + +# If you use Microsoft's C++/CLI language, you should set this option to YES to +# enable parsing support. + +CPP_CLI_SUPPORT = NO + +# Set the SIP_SUPPORT tag to YES if your project consists of sip sources only. +# Doxygen will parse them like normal C++ but will assume all classes use public +# instead of private inheritance when no explicit protection keyword is present. + +SIP_SUPPORT = NO + +# For Microsoft's IDL there are propget and propput attributes to indicate getter +# and setter methods for a property. Setting this option to YES (the default) +# will make doxygen to replace the get and set methods by a property in the +# documentation. This will only work if the methods are indeed getting or +# setting a simple type. If this is not the case, or you want to show the +# methods anyway, you should set this option to NO. + +IDL_PROPERTY_SUPPORT = YES + +# If member grouping is used in the documentation and the DISTRIBUTE_GROUP_DOC +# tag is set to YES, then doxygen will reuse the documentation of the first +# member in the group (if any) for the other members of the group. By default +# all members of a group must be documented explicitly. + +DISTRIBUTE_GROUP_DOC = NO + +# Set the SUBGROUPING tag to YES (the default) to allow class member groups of +# the same type (for instance a group of public functions) to be put as a +# subgroup of that type (e.g. under the Public Functions section). Set it to +# NO to prevent subgrouping. Alternatively, this can be done per class using +# the \nosubgrouping command. + +SUBGROUPING = YES + +# When TYPEDEF_HIDES_STRUCT is enabled, a typedef of a struct, union, or enum +# is documented as struct, union, or enum with the name of the typedef. So +# typedef struct TypeS {} TypeT, will appear in the documentation as a struct +# with name TypeT. When disabled the typedef will appear as a member of a file, +# namespace, or class. And the struct will be named TypeS. This can typically +# be useful for C code in case the coding convention dictates that all compound +# types are typedef'ed and only the typedef is referenced, never the tag name. + +TYPEDEF_HIDES_STRUCT = NO + +#--------------------------------------------------------------------------- +# Build related configuration options +#--------------------------------------------------------------------------- + +# If the EXTRACT_ALL tag is set to YES doxygen will assume all entities in +# documentation are documented, even if no documentation was available. +# Private class members and static file members will be hidden unless +# the EXTRACT_PRIVATE and EXTRACT_STATIC tags are set to YES + +EXTRACT_ALL = YES + +# If the EXTRACT_PRIVATE tag is set to YES all private members of a class +# will be included in the documentation. + +EXTRACT_PRIVATE = NO + +# If the EXTRACT_STATIC tag is set to YES all static members of a file +# will be included in the documentation. + +EXTRACT_STATIC = NO + +# If the EXTRACT_LOCAL_CLASSES tag is set to YES classes (and structs) +# defined locally in source files will be included in the documentation. +# If set to NO only classes defined in header files are included. + +EXTRACT_LOCAL_CLASSES = YES + +# This flag is only useful for Objective-C code. When set to YES local +# methods, which are defined in the implementation section but not in +# the interface are included in the documentation. +# If set to NO (the default) only methods in the interface are included. + +EXTRACT_LOCAL_METHODS = NO + +# If this flag is set to YES, the members of anonymous namespaces will be +# extracted and appear in the documentation as a namespace called +# 'anonymous_namespace{file}', where file will be replaced with the base +# name of the file that contains the anonymous namespace. By default +# anonymous namespace are hidden. + +EXTRACT_ANON_NSPACES = NO + +# If the HIDE_UNDOC_MEMBERS tag is set to YES, Doxygen will hide all +# undocumented members of documented classes, files or namespaces. +# If set to NO (the default) these members will be included in the +# various overviews, but no documentation section is generated. +# This option has no effect if EXTRACT_ALL is enabled. + +HIDE_UNDOC_MEMBERS = NO + +# If the HIDE_UNDOC_CLASSES tag is set to YES, Doxygen will hide all +# undocumented classes that are normally visible in the class hierarchy. +# If set to NO (the default) these classes will be included in the various +# overviews. This option has no effect if EXTRACT_ALL is enabled. + +HIDE_UNDOC_CLASSES = NO + +# If the HIDE_FRIEND_COMPOUNDS tag is set to YES, Doxygen will hide all +# friend (class|struct|union) declarations. +# If set to NO (the default) these declarations will be included in the +# documentation. + +HIDE_FRIEND_COMPOUNDS = NO + +# If the HIDE_IN_BODY_DOCS tag is set to YES, Doxygen will hide any +# documentation blocks found inside the body of a function. +# If set to NO (the default) these blocks will be appended to the +# function's detailed documentation block. + +HIDE_IN_BODY_DOCS = NO + +# The INTERNAL_DOCS tag determines if documentation +# that is typed after a \internal command is included. If the tag is set +# to NO (the default) then the documentation will be excluded. +# Set it to YES to include the internal documentation. + +INTERNAL_DOCS = NO + +# If the CASE_SENSE_NAMES tag is set to NO then Doxygen will only generate +# file names in lower-case letters. If set to YES upper-case letters are also +# allowed. This is useful if you have classes or files whose names only differ +# in case and if your file system supports case sensitive file names. Windows +# and Mac users are advised to set this option to NO. + +CASE_SENSE_NAMES = NO + +# If the HIDE_SCOPE_NAMES tag is set to NO (the default) then Doxygen +# will show members with their full class and namespace scopes in the +# documentation. If set to YES the scope will be hidden. + +HIDE_SCOPE_NAMES = NO + +# If the SHOW_INCLUDE_FILES tag is set to YES (the default) then Doxygen +# will put a list of the files that are included by a file in the documentation +# of that file. + +SHOW_INCLUDE_FILES = YES + +# If the INLINE_INFO tag is set to YES (the default) then a tag [inline] +# is inserted in the documentation for inline members. + +INLINE_INFO = YES + +# If the SORT_MEMBER_DOCS tag is set to YES (the default) then doxygen +# will sort the (detailed) documentation of file and class members +# alphabetically by member name. If set to NO the members will appear in +# declaration order. + +SORT_MEMBER_DOCS = YES + +# If the SORT_BRIEF_DOCS tag is set to YES then doxygen will sort the +# brief documentation of file, namespace and class members alphabetically +# by member name. If set to NO (the default) the members will appear in +# declaration order. + +SORT_BRIEF_DOCS = NO + +# If the SORT_GROUP_NAMES tag is set to YES then doxygen will sort the +# hierarchy of group names into alphabetical order. If set to NO (the default) +# the group names will appear in their defined order. + +SORT_GROUP_NAMES = NO + +# If the SORT_BY_SCOPE_NAME tag is set to YES, the class list will be +# sorted by fully-qualified names, including namespaces. If set to +# NO (the default), the class list will be sorted only by class name, +# not including the namespace part. +# Note: This option is not very useful if HIDE_SCOPE_NAMES is set to YES. +# Note: This option applies only to the class list, not to the +# alphabetical list. + +SORT_BY_SCOPE_NAME = NO + +# The GENERATE_TODOLIST tag can be used to enable (YES) or +# disable (NO) the todo list. This list is created by putting \todo +# commands in the documentation. + +GENERATE_TODOLIST = YES + +# The GENERATE_TESTLIST tag can be used to enable (YES) or +# disable (NO) the test list. This list is created by putting \test +# commands in the documentation. + +GENERATE_TESTLIST = YES + +# The GENERATE_BUGLIST tag can be used to enable (YES) or +# disable (NO) the bug list. This list is created by putting \bug +# commands in the documentation. + +GENERATE_BUGLIST = YES + +# The GENERATE_DEPRECATEDLIST tag can be used to enable (YES) or +# disable (NO) the deprecated list. This list is created by putting +# \deprecated commands in the documentation. + +GENERATE_DEPRECATEDLIST= YES + +# The ENABLED_SECTIONS tag can be used to enable conditional +# documentation sections, marked by \if sectionname ... \endif. + +ENABLED_SECTIONS = + +# The MAX_INITIALIZER_LINES tag determines the maximum number of lines +# the initial value of a variable or define consists of for it to appear in +# the documentation. If the initializer consists of more lines than specified +# here it will be hidden. Use a value of 0 to hide initializers completely. +# The appearance of the initializer of individual variables and defines in the +# documentation can be controlled using \showinitializer or \hideinitializer +# command in the documentation regardless of this setting. + +MAX_INITIALIZER_LINES = 30 + +# Set the SHOW_USED_FILES tag to NO to disable the list of files generated +# at the bottom of the documentation of classes and structs. If set to YES the +# list will mention the files that were used to generate the documentation. + +SHOW_USED_FILES = YES + +# If the sources in your project are distributed over multiple directories +# then setting the SHOW_DIRECTORIES tag to YES will show the directory hierarchy +# in the documentation. The default is NO. + +SHOW_DIRECTORIES = NO + +# Set the SHOW_FILES tag to NO to disable the generation of the Files page. +# This will remove the Files entry from the Quick Index and from the +# Folder Tree View (if specified). The default is YES. + +SHOW_FILES = YES + +# Set the SHOW_NAMESPACES tag to NO to disable the generation of the +# Namespaces page. This will remove the Namespaces entry from the Quick Index +# and from the Folder Tree View (if specified). The default is YES. + +SHOW_NAMESPACES = YES + +# The FILE_VERSION_FILTER tag can be used to specify a program or script that +# doxygen should invoke to get the current version for each file (typically from +# the version control system). Doxygen will invoke the program by executing (via +# popen()) the command <command> <input-file>, where <command> is the value of +# the FILE_VERSION_FILTER tag, and <input-file> is the name of an input file +# provided by doxygen. Whatever the program writes to standard output +# is used as the file version. See the manual for examples. + +FILE_VERSION_FILTER = + +#--------------------------------------------------------------------------- +# configuration options related to warning and progress messages +#--------------------------------------------------------------------------- + +# The QUIET tag can be used to turn on/off the messages that are generated +# by doxygen. Possible values are YES and NO. If left blank NO is used. + +QUIET = NO + +# The WARNINGS tag can be used to turn on/off the warning messages that are +# generated by doxygen. Possible values are YES and NO. If left blank +# NO is used. + +WARNINGS = YES + +# If WARN_IF_UNDOCUMENTED is set to YES, then doxygen will generate warnings +# for undocumented members. If EXTRACT_ALL is set to YES then this flag will +# automatically be disabled. + +WARN_IF_UNDOCUMENTED = YES + +# If WARN_IF_DOC_ERROR is set to YES, doxygen will generate warnings for +# potential errors in the documentation, such as not documenting some +# parameters in a documented function, or documenting parameters that +# don't exist or using markup commands wrongly. + +WARN_IF_DOC_ERROR = YES + +# This WARN_NO_PARAMDOC option can be abled to get warnings for +# functions that are documented, but have no documentation for their parameters +# or return value. If set to NO (the default) doxygen will only warn about +# wrong or incomplete parameter documentation, but not about the absence of +# documentation. + +WARN_NO_PARAMDOC = NO + +# The WARN_FORMAT tag determines the format of the warning messages that +# doxygen can produce. The string should contain the $file, $line, and $text +# tags, which will be replaced by the file and line number from which the +# warning originated and the warning text. Optionally the format may contain +# $version, which will be replaced by the version of the file (if it could +# be obtained via FILE_VERSION_FILTER) + +WARN_FORMAT = "$file:$line: $text" + +# The WARN_LOGFILE tag can be used to specify a file to which warning +# and error messages should be written. If left blank the output is written +# to stderr. + +WARN_LOGFILE = + +#--------------------------------------------------------------------------- +# configuration options related to the input files +#--------------------------------------------------------------------------- + +# The INPUT tag can be used to specify the files and/or directories that contain +# documented source files. You may enter file names like "myfile.cpp" or +# directories like "/usr/src/myproject". Separate the files or directories +# with spaces. + +INPUT = . doc/ + +# This tag can be used to specify the character encoding of the source files +# that doxygen parses. Internally doxygen uses the UTF-8 encoding, which is +# also the default input encoding. Doxygen uses libiconv (or the iconv built +# into libc) for the transcoding. See http://www.gnu.org/software/libiconv for +# the list of possible encodings. + +INPUT_ENCODING = UTF-8 + +# If the value of the INPUT tag contains directories, you can use the +# FILE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp +# and *.h) to filter out the source-files in the directories. If left +# blank the following patterns are tested: +# *.c *.cc *.cxx *.cpp *.c++ *.java *.ii *.ixx *.ipp *.i++ *.inl *.h *.hh *.hxx +# *.hpp *.h++ *.idl *.odl *.cs *.php *.php3 *.inc *.m *.mm *.py *.f90 + +FILE_PATTERNS = *.txt *.[ch] + +# The RECURSIVE tag can be used to turn specify whether or not subdirectories +# should be searched for input files as well. Possible values are YES and NO. +# If left blank NO is used. + +RECURSIVE = NO + +# The EXCLUDE tag can be used to specify files and/or directories that should +# excluded from the INPUT source files. This way you can easily exclude a +# subdirectory from a directory tree whose root is specified with the INPUT tag. + +EXCLUDE = + +# The EXCLUDE_SYMLINKS tag can be used select whether or not files or +# directories that are symbolic links (a Unix filesystem feature) are excluded +# from the input. + +EXCLUDE_SYMLINKS = NO + +# If the value of the INPUT tag contains directories, you can use the +# EXCLUDE_PATTERNS tag to specify one or more wildcard patterns to exclude +# certain files from those directories. Note that the wildcards are matched +# against the file with absolute path, so to exclude all test directories +# for example use the pattern */test/* + +EXCLUDE_PATTERNS = + +# The EXCLUDE_SYMBOLS tag can be used to specify one or more symbol names +# (namespaces, classes, functions, etc.) that should be excluded from the +# output. The symbol name can be a fully qualified name, a word, or if the +# wildcard * is used, a substring. Examples: ANamespace, AClass, +# AClass::ANamespace, ANamespace::*Test + +EXCLUDE_SYMBOLS = + +# The EXAMPLE_PATH tag can be used to specify one or more files or +# directories that contain example code fragments that are included (see +# the \include command). + +EXAMPLE_PATH = examples + +# If the value of the EXAMPLE_PATH tag contains directories, you can use the +# EXAMPLE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp +# and *.h) to filter out the source-files in the directories. If left +# blank all files are included. + +EXAMPLE_PATTERNS = *.[ch] + +# If the EXAMPLE_RECURSIVE tag is set to YES then subdirectories will be +# searched for input files to be used with the \include or \dontinclude +# commands irrespective of the value of the RECURSIVE tag. +# Possible values are YES and NO. If left blank NO is used. + +EXAMPLE_RECURSIVE = NO + +# The IMAGE_PATH tag can be used to specify one or more files or +# directories that contain image that are included in the documentation (see +# the \image command). + +IMAGE_PATH = + +# The INPUT_FILTER tag can be used to specify a program that doxygen should +# invoke to filter for each input file. Doxygen will invoke the filter program +# by executing (via popen()) the command <filter> <input-file>, where <filter> +# is the value of the INPUT_FILTER tag, and <input-file> is the name of an +# input file. Doxygen will then use the output that the filter program writes +# to standard output. If FILTER_PATTERNS is specified, this tag will be +# ignored. + +INPUT_FILTER = + +# The FILTER_PATTERNS tag can be used to specify filters on a per file pattern +# basis. Doxygen will compare the file name with each pattern and apply the +# filter if there is a match. The filters are a list of the form: +# pattern=filter (like *.cpp=my_cpp_filter). See INPUT_FILTER for further +# info on how filters are used. If FILTER_PATTERNS is empty, INPUT_FILTER +# is applied to all files. + +FILTER_PATTERNS = + +# If the FILTER_SOURCE_FILES tag is set to YES, the input filter (if set using +# INPUT_FILTER) will be used to filter the input files when producing source +# files to browse (i.e. when SOURCE_BROWSER is set to YES). + +FILTER_SOURCE_FILES = NO + +#--------------------------------------------------------------------------- +# configuration options related to source browsing +#--------------------------------------------------------------------------- + +# If the SOURCE_BROWSER tag is set to YES then a list of source files will +# be generated. Documented entities will be cross-referenced with these sources. +# Note: To get rid of all source code in the generated output, make sure also +# VERBATIM_HEADERS is set to NO. + +SOURCE_BROWSER = NO + +# Setting the INLINE_SOURCES tag to YES will include the body +# of functions and classes directly in the documentation. + +INLINE_SOURCES = NO + +# Setting the STRIP_CODE_COMMENTS tag to YES (the default) will instruct +# doxygen to hide any special comment blocks from generated source code +# fragments. Normal C and C++ comments will always remain visible. + +STRIP_CODE_COMMENTS = YES + +# If the REFERENCED_BY_RELATION tag is set to YES +# then for each documented function all documented +# functions referencing it will be listed. + +REFERENCED_BY_RELATION = YES + +# If the REFERENCES_RELATION tag is set to YES +# then for each documented function all documented entities +# called/used by that function will be listed. + +REFERENCES_RELATION = YES + +# If the REFERENCES_LINK_SOURCE tag is set to YES (the default) +# and SOURCE_BROWSER tag is set to YES, then the hyperlinks from +# functions in REFERENCES_RELATION and REFERENCED_BY_RELATION lists will +# link to the source code. Otherwise they will link to the documentstion. + +REFERENCES_LINK_SOURCE = NO + +# If the USE_HTAGS tag is set to YES then the references to source code +# will point to the HTML generated by the htags(1) tool instead of doxygen +# built-in source browser. The htags tool is part of GNU's global source +# tagging system (see http://www.gnu.org/software/global/global.html). You +# will need version 4.8.6 or higher. + +USE_HTAGS = NO + +# If the VERBATIM_HEADERS tag is set to YES (the default) then Doxygen +# will generate a verbatim copy of the header file for each class for +# which an include is specified. Set to NO to disable this. + +VERBATIM_HEADERS = YES + +#--------------------------------------------------------------------------- +# configuration options related to the alphabetical class index +#--------------------------------------------------------------------------- + +# If the ALPHABETICAL_INDEX tag is set to YES, an alphabetical index +# of all compounds will be generated. Enable this if the project +# contains a lot of classes, structs, unions or interfaces. + +ALPHABETICAL_INDEX = NO + +# If the alphabetical index is enabled (see ALPHABETICAL_INDEX) then +# the COLS_IN_ALPHA_INDEX tag can be used to specify the number of columns +# in which this list will be split (can be a number in the range [1..20]) + +COLS_IN_ALPHA_INDEX = 5 + +# In case all classes in a project start with a common prefix, all +# classes will be put under the same header in the alphabetical index. +# The IGNORE_PREFIX tag can be used to specify one or more prefixes that +# should be ignored while generating the index headers. + +IGNORE_PREFIX = + +#--------------------------------------------------------------------------- +# configuration options related to the HTML output +#--------------------------------------------------------------------------- + +# If the GENERATE_HTML tag is set to YES (the default) Doxygen will +# generate HTML output. + +GENERATE_HTML = YES + +# The HTML_OUTPUT tag is used to specify where the HTML docs will be put. +# If a relative path is entered the value of OUTPUT_DIRECTORY will be +# put in front of it. If left blank `html' will be used as the default path. + +HTML_OUTPUT = html + +# The HTML_FILE_EXTENSION tag can be used to specify the file extension for +# each generated HTML page (for example: .htm,.php,.asp). If it is left blank +# doxygen will generate files with .html extension. + +HTML_FILE_EXTENSION = .html + +# The HTML_HEADER tag can be used to specify a personal HTML header for +# each generated HTML page. If it is left blank doxygen will generate a +# standard header. + +HTML_HEADER = + +# The HTML_FOOTER tag can be used to specify a personal HTML footer for +# each generated HTML page. If it is left blank doxygen will generate a +# standard footer. + +HTML_FOOTER = + +# The HTML_STYLESHEET tag can be used to specify a user-defined cascading +# style sheet that is used by each HTML page. It can be used to +# fine-tune the look of the HTML output. If the tag is left blank doxygen +# will generate a default style sheet. Note that doxygen will try to copy +# the style sheet file to the HTML output directory, so don't put your own +# stylesheet in the HTML output directory as well, or it will be erased! + +HTML_STYLESHEET = + +# If the HTML_ALIGN_MEMBERS tag is set to YES, the members of classes, +# files or namespaces will be aligned in HTML using tables. If set to +# NO a bullet list will be used. + +HTML_ALIGN_MEMBERS = YES + +# If the GENERATE_HTMLHELP tag is set to YES, additional index files +# will be generated that can be used as input for tools like the +# Microsoft HTML help workshop to generate a compiled HTML help file (.chm) +# of the generated HTML documentation. + +GENERATE_HTMLHELP = NO + +# If the GENERATE_DOCSET tag is set to YES, additional index files +# will be generated that can be used as input for Apple's Xcode 3 +# integrated development environment, introduced with OSX 10.5 (Leopard). +# To create a documentation set, doxygen will generate a Makefile in the +# HTML output directory. Running make will produce the docset in that +# directory and running "make install" will install the docset in +# ~/Library/Developer/Shared/Documentation/DocSets so that Xcode will find +# it at startup. + +GENERATE_DOCSET = NO + +# When GENERATE_DOCSET tag is set to YES, this tag determines the name of the +# feed. A documentation feed provides an umbrella under which multiple +# documentation sets from a single provider (such as a company or product suite) +# can be grouped. + +DOCSET_FEEDNAME = "Doxygen generated docs" + +# When GENERATE_DOCSET tag is set to YES, this tag specifies a string that +# should uniquely identify the documentation set bundle. This should be a +# reverse domain-name style string, e.g. com.mycompany.MyDocSet. Doxygen +# will append .docset to the name. + +DOCSET_BUNDLE_ID = org.doxygen.Project + +# If the HTML_DYNAMIC_SECTIONS tag is set to YES then the generated HTML +# documentation will contain sections that can be hidden and shown after the +# page has loaded. For this to work a browser that supports +# JavaScript and DHTML is required (for instance Mozilla 1.0+, Firefox +# Netscape 6.0+, Internet explorer 5.0+, Konqueror, or Safari). + +HTML_DYNAMIC_SECTIONS = NO + +# If the GENERATE_HTMLHELP tag is set to YES, the CHM_FILE tag can +# be used to specify the file name of the resulting .chm file. You +# can add a path in front of the file if the result should not be +# written to the html output directory. + +CHM_FILE = + +# If the GENERATE_HTMLHELP tag is set to YES, the HHC_LOCATION tag can +# be used to specify the location (absolute path including file name) of +# the HTML help compiler (hhc.exe). If non-empty doxygen will try to run +# the HTML help compiler on the generated index.hhp. + +HHC_LOCATION = + +# If the GENERATE_HTMLHELP tag is set to YES, the GENERATE_CHI flag +# controls if a separate .chi index file is generated (YES) or that +# it should be included in the master .chm file (NO). + +GENERATE_CHI = NO + +# If the GENERATE_HTMLHELP tag is set to YES, the CHM_INDEX_ENCODING +# is used to encode HtmlHelp index (hhk), content (hhc) and project file +# content. + +CHM_INDEX_ENCODING = + +# If the GENERATE_HTMLHELP tag is set to YES, the BINARY_TOC flag +# controls whether a binary table of contents is generated (YES) or a +# normal table of contents (NO) in the .chm file. + +BINARY_TOC = NO + +# The TOC_EXPAND flag can be set to YES to add extra items for group members +# to the contents of the HTML help documentation and to the tree view. + +TOC_EXPAND = NO + +# The DISABLE_INDEX tag can be used to turn on/off the condensed index at +# top of each HTML page. The value NO (the default) enables the index and +# the value YES disables it. + +DISABLE_INDEX = NO + +# This tag can be used to set the number of enum values (range [1..20]) +# that doxygen will group on one line in the generated HTML documentation. + +ENUM_VALUES_PER_LINE = 4 + +# The GENERATE_TREEVIEW tag is used to specify whether a tree-like index +# structure should be generated to display hierarchical information. +# If the tag value is set to FRAME, a side panel will be generated +# containing a tree-like index structure (just like the one that +# is generated for HTML Help). For this to work a browser that supports +# JavaScript, DHTML, CSS and frames is required (for instance Mozilla 1.0+, +# Netscape 6.0+, Internet explorer 5.0+, or Konqueror). Windows users are +# probably better off using the HTML help feature. Other possible values +# for this tag are: HIERARCHIES, which will generate the Groups, Directories, +# and Class Hiererachy pages using a tree view instead of an ordered list; +# ALL, which combines the behavior of FRAME and HIERARCHIES; and NONE, which +# disables this behavior completely. For backwards compatibility with previous +# releases of Doxygen, the values YES and NO are equivalent to FRAME and NONE +# respectively. + +GENERATE_TREEVIEW = YES + +# If the treeview is enabled (see GENERATE_TREEVIEW) then this tag can be +# used to set the initial width (in pixels) of the frame in which the tree +# is shown. + +TREEVIEW_WIDTH = 250 + +# Use this tag to change the font size of Latex formulas included +# as images in the HTML documentation. The default is 10. Note that +# when you change the font size after a successful doxygen run you need +# to manually remove any form_*.png images from the HTML output directory +# to force them to be regenerated. + +FORMULA_FONTSIZE = 10 + +#--------------------------------------------------------------------------- +# configuration options related to the LaTeX output +#--------------------------------------------------------------------------- + +# If the GENERATE_LATEX tag is set to YES (the default) Doxygen will +# generate Latex output. + +GENERATE_LATEX = NO + +# The LATEX_OUTPUT tag is used to specify where the LaTeX docs will be put. +# If a relative path is entered the value of OUTPUT_DIRECTORY will be +# put in front of it. If left blank `latex' will be used as the default path. + +LATEX_OUTPUT = latex + +# The LATEX_CMD_NAME tag can be used to specify the LaTeX command name to be +# invoked. If left blank `latex' will be used as the default command name. + +LATEX_CMD_NAME = latex + +# The MAKEINDEX_CMD_NAME tag can be used to specify the command name to +# generate index for LaTeX. If left blank `makeindex' will be used as the +# default command name. + +MAKEINDEX_CMD_NAME = makeindex + +# If the COMPACT_LATEX tag is set to YES Doxygen generates more compact +# LaTeX documents. This may be useful for small projects and may help to +# save some trees in general. + +COMPACT_LATEX = NO + +# The PAPER_TYPE tag can be used to set the paper type that is used +# by the printer. Possible values are: a4, a4wide, letter, legal and +# executive. If left blank a4wide will be used. + +PAPER_TYPE = a4wide + +# The EXTRA_PACKAGES tag can be to specify one or more names of LaTeX +# packages that should be included in the LaTeX output. + +EXTRA_PACKAGES = + +# The LATEX_HEADER tag can be used to specify a personal LaTeX header for +# the generated latex document. The header should contain everything until +# the first chapter. If it is left blank doxygen will generate a +# standard header. Notice: only use this tag if you know what you are doing! + +LATEX_HEADER = + +# If the PDF_HYPERLINKS tag is set to YES, the LaTeX that is generated +# is prepared for conversion to pdf (using ps2pdf). The pdf file will +# contain links (just like the HTML output) instead of page references +# This makes the output suitable for online browsing using a pdf viewer. + +PDF_HYPERLINKS = YES + +# If the USE_PDFLATEX tag is set to YES, pdflatex will be used instead of +# plain latex in the generated Makefile. Set this option to YES to get a +# higher quality PDF documentation. + +USE_PDFLATEX = YES + +# If the LATEX_BATCHMODE tag is set to YES, doxygen will add the \\batchmode. +# command to the generated LaTeX files. This will instruct LaTeX to keep +# running if errors occur, instead of asking the user for help. +# This option is also used when generating formulas in HTML. + +LATEX_BATCHMODE = NO + +# If LATEX_HIDE_INDICES is set to YES then doxygen will not +# include the index chapters (such as File Index, Compound Index, etc.) +# in the output. + +LATEX_HIDE_INDICES = NO + +#--------------------------------------------------------------------------- +# configuration options related to the RTF output +#--------------------------------------------------------------------------- + +# If the GENERATE_RTF tag is set to YES Doxygen will generate RTF output +# The RTF output is optimized for Word 97 and may not look very pretty with +# other RTF readers or editors. + +GENERATE_RTF = NO + +# The RTF_OUTPUT tag is used to specify where the RTF docs will be put. +# If a relative path is entered the value of OUTPUT_DIRECTORY will be +# put in front of it. If left blank `rtf' will be used as the default path. + +RTF_OUTPUT = rtf + +# If the COMPACT_RTF tag is set to YES Doxygen generates more compact +# RTF documents. This may be useful for small projects and may help to +# save some trees in general. + +COMPACT_RTF = NO + +# If the RTF_HYPERLINKS tag is set to YES, the RTF that is generated +# will contain hyperlink fields. The RTF file will +# contain links (just like the HTML output) instead of page references. +# This makes the output suitable for online browsing using WORD or other +# programs which support those fields. +# Note: wordpad (write) and others do not support links. + +RTF_HYPERLINKS = NO + +# Load stylesheet definitions from file. Syntax is similar to doxygen's +# config file, i.e. a series of assignments. You only have to provide +# replacements, missing definitions are set to their default value. + +RTF_STYLESHEET_FILE = + +# Set optional variables used in the generation of an rtf document. +# Syntax is similar to doxygen's config file. + +RTF_EXTENSIONS_FILE = + +#--------------------------------------------------------------------------- +# configuration options related to the man page output +#--------------------------------------------------------------------------- + +# If the GENERATE_MAN tag is set to YES (the default) Doxygen will +# generate man pages + +GENERATE_MAN = NO + +# The MAN_OUTPUT tag is used to specify where the man pages will be put. +# If a relative path is entered the value of OUTPUT_DIRECTORY will be +# put in front of it. If left blank `man' will be used as the default path. + +MAN_OUTPUT = man + +# The MAN_EXTENSION tag determines the extension that is added to +# the generated man pages (default is the subroutine's section .3) + +MAN_EXTENSION = .3 + +# If the MAN_LINKS tag is set to YES and Doxygen generates man output, +# then it will generate one additional man file for each entity +# documented in the real man page(s). These additional files +# only source the real man page, but without them the man command +# would be unable to find the correct page. The default is NO. + +MAN_LINKS = NO + +#--------------------------------------------------------------------------- +# configuration options related to the XML output +#--------------------------------------------------------------------------- + +# If the GENERATE_XML tag is set to YES Doxygen will +# generate an XML file that captures the structure of +# the code including all documentation. + +GENERATE_XML = NO + +# The XML_OUTPUT tag is used to specify where the XML pages will be put. +# If a relative path is entered the value of OUTPUT_DIRECTORY will be +# put in front of it. If left blank `xml' will be used as the default path. + +XML_OUTPUT = xml + +# The XML_SCHEMA tag can be used to specify an XML schema, +# which can be used by a validating XML parser to check the +# syntax of the XML files. + +XML_SCHEMA = + +# The XML_DTD tag can be used to specify an XML DTD, +# which can be used by a validating XML parser to check the +# syntax of the XML files. + +XML_DTD = + +# If the XML_PROGRAMLISTING tag is set to YES Doxygen will +# dump the program listings (including syntax highlighting +# and cross-referencing information) to the XML output. Note that +# enabling this will significantly increase the size of the XML output. + +XML_PROGRAMLISTING = YES + +#--------------------------------------------------------------------------- +# configuration options for the AutoGen Definitions output +#--------------------------------------------------------------------------- + +# If the GENERATE_AUTOGEN_DEF tag is set to YES Doxygen will +# generate an AutoGen Definitions (see autogen.sf.net) file +# that captures the structure of the code including all +# documentation. Note that this feature is still experimental +# and incomplete at the moment. + +GENERATE_AUTOGEN_DEF = NO + +#--------------------------------------------------------------------------- +# configuration options related to the Perl module output +#--------------------------------------------------------------------------- + +# If the GENERATE_PERLMOD tag is set to YES Doxygen will +# generate a Perl module file that captures the structure of +# the code including all documentation. Note that this +# feature is still experimental and incomplete at the +# moment. + +GENERATE_PERLMOD = NO + +# If the PERLMOD_LATEX tag is set to YES Doxygen will generate +# the necessary Makefile rules, Perl scripts and LaTeX code to be able +# to generate PDF and DVI output from the Perl module output. + +PERLMOD_LATEX = NO + +# If the PERLMOD_PRETTY tag is set to YES the Perl module output will be +# nicely formatted so it can be parsed by a human reader. This is useful +# if you want to understand what is going on. On the other hand, if this +# tag is set to NO the size of the Perl module output will be much smaller +# and Perl will parse it just the same. + +PERLMOD_PRETTY = YES + +# The names of the make variables in the generated doxyrules.make file +# are prefixed with the string contained in PERLMOD_MAKEVAR_PREFIX. +# This is useful so different doxyrules.make files included by the same +# Makefile don't overwrite each other's variables. + +PERLMOD_MAKEVAR_PREFIX = + +#--------------------------------------------------------------------------- +# Configuration options related to the preprocessor +#--------------------------------------------------------------------------- + +# If the ENABLE_PREPROCESSING tag is set to YES (the default) Doxygen will +# evaluate all C-preprocessor directives found in the sources and include +# files. + +ENABLE_PREPROCESSING = YES + +# If the MACRO_EXPANSION tag is set to YES Doxygen will expand all macro +# names in the source code. If set to NO (the default) only conditional +# compilation will be performed. Macro expansion can be done in a controlled +# way by setting EXPAND_ONLY_PREDEF to YES. + +MACRO_EXPANSION = NO + +# If the EXPAND_ONLY_PREDEF and MACRO_EXPANSION tags are both set to YES +# then the macro expansion is limited to the macros specified with the +# PREDEFINED and EXPAND_AS_DEFINED tags. + +EXPAND_ONLY_PREDEF = NO + +# If the SEARCH_INCLUDES tag is set to YES (the default) the includes files +# in the INCLUDE_PATH (see below) will be search if a #include is found. + +SEARCH_INCLUDES = YES + +# The INCLUDE_PATH tag can be used to specify one or more directories that +# contain include files that are not input files but should be processed by +# the preprocessor. + +INCLUDE_PATH = + +# You can use the INCLUDE_FILE_PATTERNS tag to specify one or more wildcard +# patterns (like *.h and *.hpp) to filter out the header-files in the +# directories. If left blank, the patterns specified with FILE_PATTERNS will +# be used. + +INCLUDE_FILE_PATTERNS = + +# The PREDEFINED tag can be used to specify one or more macro names that +# are defined before the preprocessor is started (similar to the -D option of +# gcc). The argument of the tag is a list of macros of the form: name +# or name=definition (no spaces). If the definition and the = are +# omitted =1 is assumed. To prevent a macro definition from being +# undefined via #undef or recursively expanded use the := operator +# instead of the = operator. + +PREDEFINED = + +# If the MACRO_EXPANSION and EXPAND_ONLY_PREDEF tags are set to YES then +# this tag can be used to specify a list of macro names that should be expanded. +# The macro definition that is found in the sources will be used. +# Use the PREDEFINED tag if you want to use a different macro definition. + +EXPAND_AS_DEFINED = + +# If the SKIP_FUNCTION_MACROS tag is set to YES (the default) then +# doxygen's preprocessor will remove all function-like macros that are alone +# on a line, have an all uppercase name, and do not end with a semicolon. Such +# function macros are typically used for boiler-plate code, and will confuse +# the parser if not removed. + +SKIP_FUNCTION_MACROS = YES + +#--------------------------------------------------------------------------- +# Configuration::additions related to external references +#--------------------------------------------------------------------------- + +# The TAGFILES option can be used to specify one or more tagfiles. +# Optionally an initial location of the external documentation +# can be added for each tagfile. The format of a tag file without +# this location is as follows: +# TAGFILES = file1 file2 ... +# Adding location for the tag files is done as follows: +# TAGFILES = file1=loc1 "file2 = loc2" ... +# where "loc1" and "loc2" can be relative or absolute paths or +# URLs. If a location is present for each tag, the installdox tool +# does not have to be run to correct the links. +# Note that each tag file must have a unique name +# (where the name does NOT include the path) +# If a tag file is not located in the directory in which doxygen +# is run, you must also specify the path to the tagfile here. + +TAGFILES = + +# When a file name is specified after GENERATE_TAGFILE, doxygen will create +# a tag file that is based on the input files it reads. + +GENERATE_TAGFILE = + +# If the ALLEXTERNALS tag is set to YES all external classes will be listed +# in the class index. If set to NO only the inherited external classes +# will be listed. + +ALLEXTERNALS = NO + +# If the EXTERNAL_GROUPS tag is set to YES all external groups will be listed +# in the modules index. If set to NO, only the current project's groups will +# be listed. + +EXTERNAL_GROUPS = YES + +# The PERL_PATH should be the absolute path and name of the perl script +# interpreter (i.e. the result of `which perl'). + +PERL_PATH = /usr/bin/perl + +#--------------------------------------------------------------------------- +# Configuration options related to the dot tool +#--------------------------------------------------------------------------- + +# If the CLASS_DIAGRAMS tag is set to YES (the default) Doxygen will +# generate a inheritance diagram (in HTML, RTF and LaTeX) for classes with base +# or super classes. Setting the tag to NO turns the diagrams off. Note that +# this option is superseded by the HAVE_DOT option below. This is only a +# fallback. It is recommended to install and use dot, since it yields more +# powerful graphs. + +CLASS_DIAGRAMS = YES + +# You can define message sequence charts within doxygen comments using the \msc +# command. Doxygen will then run the mscgen tool (see +# http://www.mcternan.me.uk/mscgen/) to produce the chart and insert it in the +# documentation. The MSCGEN_PATH tag allows you to specify the directory where +# the mscgen tool resides. If left empty the tool is assumed to be found in the +# default search path. + +MSCGEN_PATH = + +# If set to YES, the inheritance and collaboration graphs will hide +# inheritance and usage relations if the target is undocumented +# or is not a class. + +HIDE_UNDOC_RELATIONS = YES + +# If you set the HAVE_DOT tag to YES then doxygen will assume the dot tool is +# available from the path. This tool is part of Graphviz, a graph visualization +# toolkit from AT&T and Lucent Bell Labs. The other options in this section +# have no effect if this option is set to NO (the default) + +HAVE_DOT = YES + +# By default doxygen will write a font called FreeSans.ttf to the output +# directory and reference it in all dot files that doxygen generates. This +# font does not include all possible unicode characters however, so when you need +# these (or just want a differently looking font) you can specify the font name +# using DOT_FONTNAME. You need need to make sure dot is able to find the font, +# which can be done by putting it in a standard location or by setting the +# DOTFONTPATH environment variable or by setting DOT_FONTPATH to the directory +# containing the font. + +DOT_FONTNAME = FreeSans + +# By default doxygen will tell dot to use the output directory to look for the +# FreeSans.ttf font (which doxygen will put there itself). If you specify a +# different font using DOT_FONTNAME you can set the path where dot +# can find it using this tag. + +DOT_FONTPATH = + +# If the CLASS_GRAPH and HAVE_DOT tags are set to YES then doxygen +# will generate a graph for each documented class showing the direct and +# indirect inheritance relations. Setting this tag to YES will force the +# the CLASS_DIAGRAMS tag to NO. + +CLASS_GRAPH = YES + +# If the COLLABORATION_GRAPH and HAVE_DOT tags are set to YES then doxygen +# will generate a graph for each documented class showing the direct and +# indirect implementation dependencies (inheritance, containment, and +# class references variables) of the class with other documented classes. + +COLLABORATION_GRAPH = YES + +# If the GROUP_GRAPHS and HAVE_DOT tags are set to YES then doxygen +# will generate a graph for groups, showing the direct groups dependencies + +GROUP_GRAPHS = YES + +# If the UML_LOOK tag is set to YES doxygen will generate inheritance and +# collaboration diagrams in a style similar to the OMG's Unified Modeling +# Language. + +UML_LOOK = NO + +# If set to YES, the inheritance and collaboration graphs will show the +# relations between templates and their instances. + +TEMPLATE_RELATIONS = NO + +# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDE_GRAPH, and HAVE_DOT +# tags are set to YES then doxygen will generate a graph for each documented +# file showing the direct and indirect include dependencies of the file with +# other documented files. + +INCLUDE_GRAPH = YES + +# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDED_BY_GRAPH, and +# HAVE_DOT tags are set to YES then doxygen will generate a graph for each +# documented header file showing the documented files that directly or +# indirectly include this file. + +INCLUDED_BY_GRAPH = YES + +# If the CALL_GRAPH and HAVE_DOT options are set to YES then +# doxygen will generate a call dependency graph for every global function +# or class method. Note that enabling this option will significantly increase +# the time of a run. So in most cases it will be better to enable call graphs +# for selected functions only using the \callgraph command. + +CALL_GRAPH = YES + +# If the CALLER_GRAPH and HAVE_DOT tags are set to YES then +# doxygen will generate a caller dependency graph for every global function +# or class method. Note that enabling this option will significantly increase +# the time of a run. So in most cases it will be better to enable caller +# graphs for selected functions only using the \callergraph command. + +CALLER_GRAPH = NO + +# If the GRAPHICAL_HIERARCHY and HAVE_DOT tags are set to YES then doxygen +# will graphical hierarchy of all classes instead of a textual one. + +GRAPHICAL_HIERARCHY = YES + +# If the DIRECTORY_GRAPH, SHOW_DIRECTORIES and HAVE_DOT tags are set to YES +# then doxygen will show the dependencies a directory has on other directories +# in a graphical way. The dependency relations are determined by the #include +# relations between the files in the directories. + +DIRECTORY_GRAPH = YES + +# The DOT_IMAGE_FORMAT tag can be used to set the image format of the images +# generated by dot. Possible values are png, jpg, or gif +# If left blank png will be used. + +DOT_IMAGE_FORMAT = png + +# The tag DOT_PATH can be used to specify the path where the dot tool can be +# found. If left blank, it is assumed the dot tool can be found in the path. + +DOT_PATH = + +# The DOTFILE_DIRS tag can be used to specify one or more directories that +# contain dot files that are included in the documentation (see the +# \dotfile command). + +DOTFILE_DIRS = + +# The DOT_GRAPH_MAX_NODES tag can be used to set the maximum number of +# nodes that will be shown in the graph. If the number of nodes in a graph +# becomes larger than this value, doxygen will truncate the graph, which is +# visualized by representing a node as a red box. Note that doxygen if the +# number of direct children of the root node in a graph is already larger than +# DOT_GRAPH_MAX_NODES then the graph will not be shown at all. Also note +# that the size of a graph can be further restricted by MAX_DOT_GRAPH_DEPTH. + +DOT_GRAPH_MAX_NODES = 50 + +# The MAX_DOT_GRAPH_DEPTH tag can be used to set the maximum depth of the +# graphs generated by dot. A depth value of 3 means that only nodes reachable +# from the root by following a path via at most 3 edges will be shown. Nodes +# that lay further from the root node will be omitted. Note that setting this +# option to 1 or 2 may greatly reduce the computation time needed for large +# code bases. Also note that the size of a graph can be further restricted by +# DOT_GRAPH_MAX_NODES. Using a depth of 0 means no depth restriction. + +MAX_DOT_GRAPH_DEPTH = 0 + +# Set the DOT_TRANSPARENT tag to YES to generate images with a transparent +# background. This is enabled by default, which results in a transparent +# background. Warning: Depending on the platform used, enabling this option +# may lead to badly anti-aliased labels on the edges of a graph (i.e. they +# become hard to read). + +DOT_TRANSPARENT = YES + +# Set the DOT_MULTI_TARGETS tag to YES allow dot to generate multiple output +# files in one run (i.e. multiple -o and -T options on the command line). This +# makes dot run faster, but since only newer versions of dot (>1.8.10) +# support this, this feature is disabled by default. + +DOT_MULTI_TARGETS = NO + +# If the GENERATE_LEGEND tag is set to YES (the default) Doxygen will +# generate a legend page explaining the meaning of the various boxes and +# arrows in the dot generated graphs. + +GENERATE_LEGEND = YES + +# If the DOT_CLEANUP tag is set to YES (the default) Doxygen will +# remove the intermediate dot files that are used to generate +# the various graphs. + +DOT_CLEANUP = YES + +#--------------------------------------------------------------------------- +# Configuration::additions related to the search engine +#--------------------------------------------------------------------------- + +# The SEARCHENGINE tag specifies whether or not a search engine should be +# used. If set to NO the values of all tags below this one will be ignored. + +SEARCHENGINE = NO diff --git a/lib/radius/examples/Makefile b/lib/radius/examples/Makefile new file mode 100644 index 0000000..f39c343 --- /dev/null +++ b/lib/radius/examples/Makefile @@ -0,0 +1,54 @@ +# +# GNU Makefile +# +.PHONY: all clean install + +SRCS = example_1.c example_2.c example_3.c example_4.c + +OBJS := ${SRCS:.c=.o} +PROGRAMS := ${SRCS:.c=} + +all: ${PROGRAMS} + +HEADERS := ../client.h ../radius.h + +${OBJS}: ${HEADERS} + +$(info ${PROGRAMS} ${OBJS}) + +${PROGRAMS}: ../libnetworkradius-client.a + + +%.o : %.c + $(CC) $(CFLAGS) -I.. -I. -c $< + +%.o: ${HEADERS} + +LDFLAGS = -L.. -lnetworkradius-client -lcrypto -lssl +CFLAGS = -I.. + +../libnetworkradius-client.a: + @${MAKE} -C .. libnetworkradius-client.a + +radsample.o: radsample.c ${HEADERS} nr_vp_create.c nr_packet_send.c + +#radsample: radsample.o ../libnetworkradius-client.a +# ${CC} ${LFDLAGS} ${LIBS} -o $@ $^ + +sample_chap.o: sample_chap.c ${HEADERS} + +sample_chap: sample_chap.o ../libnetworkradius-client.a + ${CC} ${LFDLAGS} ${LIBS} -o $@ $^ + +radsample2.o: radsample2.c ${HEADERS} nr_vp_create.c + +radsample2: radsample2.o ../libnetworkradius-client.a + ${CC} ${LFDLAGS} ${LIBS} -o $@ $^ + +radsample3.o: radsample3.c ${HEADERS} nr_transmit.c nr_server_t.c nr_vp_create.c + +radsample3: radsample3.o ../libnetworkradius-client.a + ${CC} ${LFDLAGS} ${LIBS} -o $@ $^ + +clean: + @rm -rf *.o *.a *~ diff --git a/lib/radius/examples/example_1.c b/lib/radius/examples/example_1.c new file mode 100644 index 0000000..265c880 --- /dev/null +++ b/lib/radius/examples/example_1.c @@ -0,0 +1,86 @@ +/* +Copyright (c) 2011, Network RADIUS SARL +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the <organization> nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY +DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include <networkradius-devel/client.h> + +/** \file example_1.c + * \brief Sample code to initialize a RADIUS packet. + * + * This example initializes a packet, and then adds User-Name and + * User-Password to it. The resulting packet is then printed to the + * standard output. + */ + +static const char *secret = "testing123"; +static uint8_t request_buffer[RS_MAX_PACKET_LEN]; +static uint8_t response_buffer[RS_MAX_PACKET_LEN]; +static RADIUS_PACKET request, response; + +int main(int argc, const char *argv[]) +{ + ssize_t rcode; + const char *user = "bob"; + const char *password = "password"; + + rcode = nr_packet_init(&request, NULL, secret, PW_ACCESS_REQUEST, + request_buffer, sizeof(request_buffer)); + if (rcode < 0) { + error: + fprintf(stderr, "Error: %s\n", nr_strerror(rcode)); + return 1; + } + + if (argc > 1) user = argv[1]; + if (argc > 2) password = argv[2]; + + rcode = nr_packet_attr_append(&request, NULL, + RS_DA_USER_NAME, + user, 0); + if (rcode < 0) goto error; + + rcode = nr_packet_attr_append(&request, NULL, + RS_DA_USER_PASSWORD, + password, 0); + if (rcode < 0) goto error; + + /* + * ALWAYS call nr_packet_sign() before sending the packet + * to anyone else! + */ + rcode = nr_packet_sign(&request, NULL); + if (rcode < 0) goto error; + + nr_packet_print_hex(&request); + + rcode = nr_packet_decode(&request, NULL); + if (rcode < 0) goto error; + + nr_vp_fprintf_list(stdout, request.vps); + nr_vp_free(&request.vps); + + return 0; +} diff --git a/lib/radius/examples/example_2.c b/lib/radius/examples/example_2.c new file mode 100644 index 0000000..0a58523 --- /dev/null +++ b/lib/radius/examples/example_2.c @@ -0,0 +1,86 @@ +/* +Copyright (c) 2011, Network RADIUS SARL +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the <organization> nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY +DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include <networkradius-devel/client.h> + +/** \file example_2.c + * \brief Sample code to initialize a RADIUS packet. + * + * This example initializes a packet, and then adds User-Name and + * CHAP-Password to it. The resulting packet is then printed to the + * standard output. + */ + +static const char *secret = "testing123"; +static uint8_t request_buffer[RS_MAX_PACKET_LEN]; +static uint8_t response_buffer[RS_MAX_PACKET_LEN]; +static RADIUS_PACKET request, response; + +int main(int argc, const char *argv[]) +{ + int rcode; + const char *user = "bob"; + const char *password = "password"; + + rcode = nr_packet_init(&request, NULL, secret, PW_ACCESS_REQUEST, + request_buffer, sizeof(request_buffer)); + if (rcode < 0) { + error: + fprintf(stderr, "Error: %s\n", nr_strerror(rcode)); + return 1; + } + + if (argc > 1) user = argv[1]; + if (argc > 2) password = argv[2]; + + rcode = nr_packet_attr_append(&request, NULL, + RS_DA_USER_NAME, + user, 0); + if (rcode < 0) goto error; + + rcode = nr_packet_attr_append(&request, NULL, + RS_DA_CHAP_PASSWORD, + password, strlen(password)); + if (rcode < 0) goto error; + + /* + * ALWAYS call nr_packet_sign() before sending the packet + * to anyone else! + */ + rcode = nr_packet_sign(&request, NULL); + if (rcode < 0) goto error; + + nr_packet_print_hex(&request); + + rcode = nr_packet_decode(&request, NULL); + if (rcode < 0) goto error; + + nr_vp_fprintf_list(stdout, request.vps); + nr_vp_free(&request.vps); + + return 0; +} diff --git a/lib/radius/examples/example_3.c b/lib/radius/examples/example_3.c new file mode 100644 index 0000000..33fc671 --- /dev/null +++ b/lib/radius/examples/example_3.c @@ -0,0 +1,123 @@ +/* +Copyright (c) 2011, Network RADIUS SARL +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the <organization> nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY +DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include <networkradius-devel/client.h> + +/** \file example_3.c + * \brief Sample code to initialize a RADIUS packet and a response to it. + * + * This example initializes a packet, and then adds User-Name and + * User-Password to it. The resulting packet is then printed to the + * standard output. + * + * As a next step, it then creates the response, and prints that, + * too. + */ + +static const char *secret = "testing123"; +static uint8_t request_buffer[RS_MAX_PACKET_LEN]; +static uint8_t response_buffer[RS_MAX_PACKET_LEN]; +static RADIUS_PACKET request, response; + +int main(int argc, const char *argv[]) +{ + int rcode; + const char *user = "bob"; + const char *password = "password"; + + rcode = nr_packet_init(&request, NULL, secret, PW_ACCESS_REQUEST, + request_buffer, sizeof(request_buffer)); + if (rcode < 0) { + error: + fprintf(stderr, "Error :%s\n", nr_strerror(rcode)); + return 1; + } + + if (argc > 1) user = argv[1]; + if (argc > 2) password = argv[2]; + + rcode = nr_packet_attr_append(&request, NULL, + RS_DA_USER_NAME, + user, 0); + if (rcode < 0) goto error; + + rcode = nr_packet_attr_append(&request, NULL, + RS_DA_USER_PASSWORD, + password, 0); + if (rcode < 0) goto error; + + /* + * ALWAYS call nr_packet_sign() before sending the packet + * to anyone else! + */ + rcode = nr_packet_sign(&request, NULL); + if (rcode < 0) goto error; + + nr_packet_print_hex(&request); + + rcode = nr_packet_init(&response, &request, secret, PW_ACCESS_ACCEPT, + response_buffer, sizeof(response_buffer)); + if (rcode < 0) goto error; + + rcode = nr_packet_attr_append(&response, &request, + RS_DA_REPLY_MESSAGE, + "Success!", 0); + if (rcode < 0) goto error; + + rcode = nr_packet_attr_append(&response, &request, + RS_DA_TUNNEL_PASSWORD, + password, 0); + if (rcode < 0) goto error; + rcode = nr_packet_sign(&response, &request); + if (rcode < 0) goto error; + + nr_packet_print_hex(&response); + + /* + * Check that the response is well-formed. The + * nr_packet_verify() function also calls nr_packet_ok(). + * However, it is sometimes useful to separate "malformed + * packet" errors from "packet is not a response to a + * reqeust" errors. + */ + rcode = nr_packet_ok(&response); + if (rcode < 0) goto error; + + /* + * Double-check the signature of the response. + */ + rcode = nr_packet_verify(&response, &request); + if (rcode < 0) goto error; + + rcode = nr_packet_decode(&response, &request); + if (rcode < 0) goto error; + + nr_vp_fprintf_list(stdout, response.vps); + nr_vp_free(&response.vps); + + return 0; +} diff --git a/lib/radius/examples/example_4.c b/lib/radius/examples/example_4.c new file mode 100644 index 0000000..2dadc89 --- /dev/null +++ b/lib/radius/examples/example_4.c @@ -0,0 +1,94 @@ +/* +Copyright (c) 2011, Network RADIUS SARL +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the <organization> nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY +DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include <networkradius-devel/client.h> + +/** \file example_4.c + * \brief Allocate and manage multiple packets. + */ + +static const char *secret = "testing123"; +static nr_server_t server; + +int main(int argc, const char *argv[]) +{ + int rcode; + const char *user = "bob"; + const char *password = "password"; + + rcode = nr_packet_init(&request, NULL, secret, PW_ACCESS_REQUEST, + request_buffer, sizeof(request_buffer)); + if (rcode < 0) { + error: + fprintf(stderr, "Error :%s\n", nr_strerror(rcode)); + return 1; + } + + if (argc > 1) user = argv[1]; + if (argc > 2) password = argv[2]; + + rcode = nr_packet_attr_append(&request, NULL, + RS_DA_USER_NAME, + user, 0); + if (rcode < 0) goto error; + + rcode = nr_packet_attr_append(&request, NULL, + RS_DA_USER_PASSWORD, + password, 0); + if (rcode < 0) goto error; + + /* + * ALWAYS call nr_packet_sign() before sending the packet + * to anyone else! + */ + rcode = nr_packet_sign(&request, NULL); + if (rcode < 0) goto error; + + nr_packet_print_hex(&request); + + rcode = nr_packet_init(&response, &request, secret, PW_ACCESS_ACCEPT, + response_buffer, sizeof(response_buffer)); + if (rcode < 0) goto error; + + rcode = nr_packet_attr_append(&response, &request, + RS_DA_REPLY_MESSAGE, + "Success!", 0); + if (rcode < 0) goto error; + + rcode = nr_packet_sign(&response, &request); + if (rcode < 0) goto error; + + nr_packet_print_hex(&response); + + /* + * Double-check the signature of the response. + */ + rcode = nr_packet_verify(&response, &request); + if (rcode < 0) goto error; + + return 0; +} diff --git a/lib/radius/examples/nr_vp_create.c b/lib/radius/examples/nr_vp_create.c new file mode 100644 index 0000000..bd04f17 --- /dev/null +++ b/lib/radius/examples/nr_vp_create.c @@ -0,0 +1,61 @@ +/* + * The person or persons who have associated work with this document + * (the "Dedicator" or "Certifier") hereby either (a) certifies that, + * to the best of his knowledge, the work of authorship identified is + * in the public domain of the country from which the work is + * published, or (b) hereby dedicates whatever copyright the + * dedicators holds in the work of authorship identified below (the + * "Work") to the public domain. A certifier, moreover, dedicates any + * copyright interest he may have in the associated work, and for + * these purposes, is described as a "dedicator" below. + * + * A certifier has taken reasonable steps to verify the copyright + * status of this work. Certifier recognizes that his good faith + * efforts may not shield him from liability if in fact the work + * certified is not in the public domain. + * + * Dedicator makes this dedication for the benefit of the public at + * large and to the detriment of the Dedicator's heirs and + * successors. Dedicator intends this dedication to be an overt act of + * relinquishment in perpetuity of all present and future rights under + * copyright law, whether vested or contingent, in the Work. Dedicator + * understands that such relinquishment of all rights includes the + * relinquishment of all rights to enforce (by lawsuit or otherwise) + * those copyrights in the Work. + * + * Dedicator recognizes that, once placed in the public domain, the + * Work may be freely reproduced, distributed, transmitted, used, + * modified, built upon, or otherwise exploited by anyone for any + * purpose, commercial or non-commercial, and in any way, including by + * methods that have not yet been invented or conceived. + */ + +static VALUE_PAIR *example_nr_vp_create(void) +{ + VALUE_PAIR *vp; + VALUE_PAIR *head = NULL; + + /* + * Create the request contents. + */ + vp = nr_vp_create(PW_USER_NAME, 0, "bob", 4); + if (!vp) { + fprintf(stderr, "User-Name: %s\n", nr_strerror(0)); + exit(1); + } + nr_vps_append(&head, vp); + + /* + * The User-Password attribute is automatically encrypted + * when being placed in the packet. This version stays + * untouched, and should be "plain text". + */ + vp = nr_vp_create(PW_USER_PASSWORD, 0, "hello", 6); + if (!vp) { + fprintf(stderr, "User-Password: %s\n", nr_strerror(0)); + exit(1); + } + nr_vps_append(&head, vp); + + return head; +} diff --git a/lib/radius/header.pl b/lib/radius/header.pl new file mode 100755 index 0000000..c366612 --- /dev/null +++ b/lib/radius/header.pl @@ -0,0 +1,68 @@ +#!/usr/bin/env perl +###################################################################### +# Copyright (c) 2011, Network RADIUS SARL +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# * Neither the name of the <organization> nor the +# names of its contributors may be used to endorse or promote products +# derived from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +# DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY +# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +###################################################################### +# +# Converts dictionaries to C defines. Does not yet do "VALUE"s. +# +# $Id$ +# +require "common.pl"; + +while (@ARGV) { + $filename = shift; + do_file($filename); +} + + +print "/* Automatically generated file. Do not edit */\n\n"; + +foreach $v (sort keys %vendor) { + $name = $v; + $name =~ tr/a-z/A-Z/; # uppercase + $name =~ tr/A-Z0-9/_/c; # any ELSE becomes _ + + print "#define VENDORPEC_", $name, " ", $vendor{$v}{'pec'}, "\n"; +} +print "\n"; + +$begin_vendor = -1; +foreach $attr_val (sort {$a <=> $b} keys %attributes) { + if ($attributes{$attr_val}{'vendor'} != $begin_vendor) { + print "\n/* ", $vendorpec{$attributes{$attr_val}{'vendor'}}, " */\n"; + $begin_vendor = $attributes{$attr_val}{'vendor'}; + } + + $name = $attributes{$attr_val}{'name'}; + $name =~ tr/a-z/A-Z/; + $name =~ tr/A-Z0-9/_/c; + + print "#define PW_", $name, " ", $attributes{$attr_val}{'value'}, "\n"; +} +print "\n\n"; + +print "/* Automatically generated file. Do not edit */\n"; + diff --git a/lib/radius/id.c b/lib/radius/id.c new file mode 100644 index 0000000..4ccd032 --- /dev/null +++ b/lib/radius/id.c @@ -0,0 +1,181 @@ +/* +Copyright (c) 2011, Network RADIUS SARL +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the <organization> nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY +DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "client.h" + +#ifdef HAVE_UNISTD_H +#include <unistd.h> +#endif + +/** \file id.c + * \brief Handling of ID allocation / freeing + * + */ + +static int find_id(nr_server_t *s) +{ + int i; + uint32_t lvalue; + + if ((s->used < 0) || (s->used > 256)) return -RSE_INTERNAL; + + /* + * Ensure that the ID allocation is random. + */ + lvalue = nr_rand(); + + for (i = 0; i < 256; i++) { + int offset = (i + lvalue) & 0xff; + + if (!s->ids[offset]) return offset; + } + + nr_strerror_printf("Out of IDs for server"); + return -1; +} + +int nr_server_id_alloc(nr_server_t *s, RADIUS_PACKET *packet) +{ + int new_id; + + if (!s || !packet) return -RSE_INVAL; + + new_id = find_id(s); + if (new_id < 0) return -new_id; + + s->ids[new_id] = packet; + s->used++; + packet->sockfd = s->sockfd; + packet->code = s->code; + packet->src = s->src; + packet->dst = s->dst; + packet->id = new_id; + + return 0; +} + +int nr_server_id_free(nr_server_t *s, RADIUS_PACKET *packet) +{ + if (!s || !packet) return -RSE_INVAL; + + if ((packet->id < 0) || (packet->id > 255) || !s->ids[packet->id]) { + return -RSE_INVAL; + } + + if (s->ids[packet->id] != packet) return -RSE_INTERNAL; + + s->ids[packet->id] = NULL; + s->used--; + packet->sockfd = -1; + + return 0; +} + +int nr_server_id_realloc(nr_server_t *s, RADIUS_PACKET *packet) +{ + int new_id; + + if (!s || !packet) return -RSE_INVAL; + + if ((packet->id < 0) || (packet->id > 255) || !s->ids[packet->id]) { + return -RSE_INVAL; + } + + if (s->ids[packet->id] != packet) return -RSE_INTERNAL; + + new_id = find_id(s); + if (new_id < 0) return new_id; + + s->ids[packet->id] = NULL; + packet->id = new_id; + s->ids[packet->id] = packet; + + return 0; +} + + +int nr_server_init(nr_server_t *s, int code, const char *secret) +{ + if (!s || !secret || !*secret || + (code == 0) || (code > RS_MAX_PACKET_CODE)) { + return -RSE_INVAL; + } + + memset(s, 0, sizeof(*s)); + + s->sockfd = -1; + s->code = code; + s->secret = secret; + s->sizeof_secret = strlen(secret); + s->src.ss_family = AF_UNSPEC; + s->dst.ss_family = AF_UNSPEC; + + return 0; +} + + +int nr_server_close(const nr_server_t *s) +{ + if (!s) return -RSE_INVAL; + + if (s->used > 0) return -RSE_INUSE; + + if (s->sockfd >= 0) evutil_closesocket(s->sockfd); + + return 0; +} + +int nr_server_packet_alloc(const nr_server_t *s, RADIUS_PACKET **packet_p) +{ + int rcode; + RADIUS_PACKET *packet; + + if (!packet_p) return -RSE_INVAL; + + packet = malloc(sizeof(*packet) + RS_MAX_PACKET_LEN); + if (!packet) return -RSE_NOMEM; + + memset(packet, 0, sizeof(*packet)); + + if (!s) { + packet->data = (uint8_t *)(packet + 1); + packet->sizeof_data = RS_MAX_PACKET_LEN; + + *packet_p = packet; + return 0; + } + + rcode = nr_packet_init(packet, NULL, s->secret, s->code, + (uint8_t *)(packet + 1), RS_MAX_PACKET_LEN); + if (rcode < 0) { + free(packet); + return rcode; + } + + *packet_p = packet; + return 0; +} diff --git a/lib/radius/parse.c b/lib/radius/parse.c new file mode 100644 index 0000000..8446306 --- /dev/null +++ b/lib/radius/parse.c @@ -0,0 +1,149 @@ +/* +Copyright (c) 2011, Network RADIUS SARL +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the <organization> nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY +DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/** \file parse.c + * \brief Routines to parse strings into internal data structures + */ + +#include "client.h" + +#ifdef HAVE_ARPA_INET_H +#include <arpa/inet.h> +#endif + +ssize_t nr_vp_sscanf_value(VALUE_PAIR *vp, const char *value) +{ + char *end; + + switch (vp->da->type) { + case RS_TYPE_STRING: { + size_t len = strlen(value); + + if (len >= RS_MAX_STRING_LEN) + return -RSE_ATTR_TOO_LARGE; + + memcpy(vp->vp_strvalue, value, len + 1); + return (vp->length = len); + } + case RS_TYPE_DATE: + case RS_TYPE_INTEGER: + vp->vp_integer = strtoul(value, &end, 10); + if ((value == end) || (*end != '\0')) { + nr_debug_error("Invalid value"); + return -RSE_ATTR_VALUE_MALFORMED; + } + return (end - value); + + case RS_TYPE_IPADDR: + if (inet_pton(AF_INET, value, &vp->vp_ipaddr) < 0) { + return -RSE_NOSYS; + } + return strlen(value); + +#ifdef RS_TYPE_IPV6ADDR + case RS_TYPE_IPV6ADDR: + if (inet_pton(AF_INET6, value, &vp-vp>ipv6addr) < 0) { + return -RSE_NOSYS; + } + return strlen(value); +#endif + +#ifdef RS_TYPE_IFID + case RS_TYPE_IFID: + { + int i, array[8]; + + if (sscanf(value, "%02x%02x%02x%02x%02x%02x%02x%02x", + &array[0], &array[1], &array[2], &array[3], + &array[4], &array[5], &array[6], &array[7]) != 8) { + return -RSE_SYSTEM; + } + + for (i = 0; i < 8; i++) vp->vp_ifid[i] = array[i] & 0xff; + + } + break; +#endif + + default: + nr_debug_error("Invalid type"); + return -RSE_ATTR_TYPE_UNKNOWN; + } + + return 0; +} + +int nr_vp_sscanf(const char *string, VALUE_PAIR **pvp) +{ + int rcode; + const char *p; + char *q; + const DICT_ATTR *da; + VALUE_PAIR *vp; + char buffer[256]; + + if (!string || !pvp) return -RSE_INVAL; + + p = string; + q = buffer; + while (*p && (*p != ' ') && (*p != '=')) { + *(q++) = *(p++); + } + *q = '\0'; + + if (q == buffer) { + nr_debug_error("No Attribute name"); + return -RSE_ATTR_BAD_NAME; + } + + da = nr_dict_attr_byname(buffer); + if (!da) { + nr_debug_error("Unknown attribute \"%s\"", buffer); + return -RSE_ATTR_UNKNOWN; + } + + while (*p == ' ') p++; + if (*p != '=') { + nr_debug_error("Unexpected text after attribute name"); + return -RSE_ATTR_BAD_NAME; + } + + p++; + while (*p == ' ') p++; + + vp = nr_vp_alloc(da); + if (!vp) return -RSE_NOMEM; + + rcode = nr_vp_sscanf_value(vp, p); + if (rcode < 0) { + nr_vp_free(&vp); + return rcode; + } + + *pvp = vp; + return 0; +} diff --git a/lib/radius/print.c b/lib/radius/print.c new file mode 100644 index 0000000..6fa06d7 --- /dev/null +++ b/lib/radius/print.c @@ -0,0 +1,227 @@ +/* +Copyright (c) 2011, Network RADIUS SARL +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the <organization> nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY +DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/** \file print.c + * \brief Functions to print things. + */ + +#include "client.h" +#include <string.h> +#ifdef RS_TYPE_IPV6ADDR +#include <arpa/inet.h> +#endif + +#ifndef NDEBUG +void nr_packet_print_hex(RADIUS_PACKET *packet) +{ + int i; + + if (!packet->data) return; + + printf(" Code:\t\t%u\n", packet->data[0]); + printf(" Id:\t\t%u\n", packet->data[1]); + printf(" Length:\t%u\n", ((packet->data[2] << 8) | + (packet->data[3]))); + printf(" Vector:\t"); + for (i = 4; i < 20; i++) { + printf("%02x", packet->data[i]); + } + printf("\n"); + if ((packet->flags & RS_PACKET_SIGNED) == 0) printf("\t\tWARNING: nr_packet_sign() was not called!\n"); + + if (packet->length > 20) { + int total; + const uint8_t *ptr; + printf(" Data:"); + + total = packet->length - 20; + ptr = packet->data + 20; + + while (total > 0) { + int attrlen; + + printf("\t\t"); + if (total < 2) { /* too short */ + printf("%02x\n", *ptr); + break; + } + + if (ptr[1] > total) { /* too long */ + for (i = 0; i < total; i++) { + printf("%02x ", ptr[i]); + } + break; + } + + printf("%02x %02x ", ptr[0], ptr[1]); + attrlen = ptr[1] - 2; + ptr += 2; + total -= 2; + + for (i = 0; i < attrlen; i++) { + if ((i > 0) && ((i & 0x0f) == 0x00)) + printf("\t\t\t"); + printf("%02x ", ptr[i]); + if ((i & 0x0f) == 0x0f) printf("\n"); + } + + if (!attrlen || ((attrlen & 0x0f) != 0x00)) printf("\n"); + + ptr += attrlen; + total -= attrlen; + } + } + printf("\n"); + fflush(stdout); +} +#endif + +size_t nr_vp_snprintf_value(char *buffer, size_t buflen, const VALUE_PAIR *vp) +{ + size_t i, len; + char *p = buffer; + + switch (vp->da->type) { + case RS_TYPE_STRING: + /* + * FIXME: escape backslash && quotes! + */ + len = snprintf(p, buflen, "%s", vp->vp_strvalue); + break; + + case RS_TYPE_DATE: + case RS_TYPE_INTEGER: + case RS_TYPE_SHORT: + case RS_TYPE_BYTE: + len = snprintf(p, buflen, "%u", vp->vp_integer); + break; + + case RS_TYPE_IPADDR: + len = snprintf(p, buflen, "%u.%u.%u.%u", + (vp->vp_ipaddr >> 24) & 0xff, + (vp->vp_ipaddr >> 16) & 0xff, + (vp->vp_ipaddr >> 8) & 0xff, + vp->vp_ipaddr & 0xff); + break; + +#ifdef RS_TYPE_IPV6ADDR + case RS_TYPE_IPV6ADDR: + if (!inet_ntop(AF_INET6, &vp->vp_ipv6addr, buffer, buflen)) { + return -RSE_SYSTEM; + } + break; +#endif + +#ifdef RS_TYPE_IFID + case RS_TYPE_IFID: + len = snprintf(p, buflen, "%02x%02x%02x%02x%02x%02x%02x%02x", + vp->vp_ifid[0], vp->vp_ifid[1], + vp->vp_ifid[2], vp->vp_ifid[3], + vp->vp_ifid[4], vp->vp_ifid[5], + vp->vp_ifid[6], vp->vp_ifid[7]); + break; +#endif + + case RS_TYPE_OCTETS: + len = snprintf(p, buflen, "0x"); + if (len >= buflen) return 0; + + p += len; + buflen -= len; + + for (i = 0; i < vp->length; i++) { + len = snprintf(p, buflen, "%02x", vp->vp_octets[i]); + if (len >= buflen) return 0; + + p += len; + buflen -= len; + } + len = 0; + break; + + default: + len = 0; + break; + } + + if (len >= buflen) return 0; + + p += len; + buflen -= len; + + return p - buffer; +} + +size_t nr_vp_snprintf(char *buffer, size_t buflen, const VALUE_PAIR *vp) +{ + size_t len; + char *p = buffer; + + len = snprintf(p, buflen, "%s = ", vp->da->name); + if (len >= buflen) return 0; + + p += len; + buflen -= len; + + len = nr_vp_snprintf_value(p, buflen, vp); + if (len == 0) return 0; + + if (len >= buflen) return 0; + + p += len; + + return p - buffer; +} + +#ifndef NDEBUG +void nr_vp_fprintf_list(FILE *fp, const VALUE_PAIR *vps) +{ + const VALUE_PAIR *vp; + char buffer[1024]; + + for (vp = vps; vp != NULL; vp = vp->next) { + nr_vp_snprintf(buffer, sizeof(buffer), vp); + fprintf(fp, "\t%s\n", buffer); + } +} +#endif + +/** \cond PRIVATE */ +#define NR_STRERROR_BUFSIZE (1024) +static char nr_strerror_buffer[NR_STRERROR_BUFSIZE]; + +void nr_strerror_printf(const char *fmt, ...) +{ + va_list ap; + va_start(ap, fmt); + vsnprintf(nr_strerror_buffer, sizeof(nr_strerror_buffer), fmt, ap); + va_end(ap); + + fprintf(stderr, "ERROR: %s\n", nr_strerror_buffer); +} +/** \endcond */ + diff --git a/lib/radius/radpkt.c b/lib/radius/radpkt.c new file mode 100644 index 0000000..bb8f75e --- /dev/null +++ b/lib/radius/radpkt.c @@ -0,0 +1,916 @@ +/* +Copyright (c) 2011, Network RADIUS SARL +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the <organization> nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY +DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/** \file packet.c + * \brief Encoding and decoding packets + */ + +#include "client.h" + +#if RS_MAX_PACKET_LEN < 64 +#error RS_MAX_PACKET_LEN is too small. It should be at least 64. +#endif + +#if RS_MAX_PACKET_LEN > 16384 +#error RS_MAX_PACKET_LEN is too large. It should be smaller than 16K. +#endif + +const char *nr_packet_codes[RS_MAX_PACKET_CODE + 1] = { + NULL, + "Access-Request", + "Access-Accept", + "Access-Reject", + "Accounting-Request", + "Accounting-Response", + NULL, NULL, NULL, NULL, NULL, + "Access-Challenge", + "Status-Server", /* 12 */ + NULL, NULL, NULL, NULL, NULL, NULL, NULL, /* 19 */ + NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, /* 20..29 */ + NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, /* 30..39 */ + "Disconnect-Request", + "Disconnect-ACK", + "Disconnect-NAK", + "CoA-Request", + "CoA-ACK", + "CoA-NAK" +}; + + +static uint64_t allowed_responses[RS_MAX_PACKET_CODE + 1] = { + 0, + (1 << PW_ACCESS_ACCEPT) | (1 << PW_ACCESS_REJECT) | (1 << PW_ACCESS_CHALLENGE), + 0, 0, + 1 << PW_ACCOUNTING_RESPONSE, + 0, + 0, 0, 0, 0, 0, + 0, + (1 << PW_ACCESS_ACCEPT) | (1 << PW_ACCESS_REJECT) | (1 << PW_ACCESS_CHALLENGE) | (1 << PW_ACCOUNTING_RESPONSE), + 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 20..29 */ + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 30..39 */ + (((uint64_t) 1) << PW_DISCONNECT_ACK) | (((uint64_t) 1) << PW_DISCONNECT_NAK), + 0, + 0, + (((uint64_t) 1) << PW_COA_ACK) | (((uint64_t) 1) << PW_COA_NAK), + 0, + 0 +}; + + +int nr_packet_ok_raw(const uint8_t *data, size_t sizeof_data) +{ + size_t packet_len; + const uint8_t *attr, *end; + + if (!data || (sizeof_data < 20)) { + nr_debug_error("Invalid argument"); + return -RSE_INVAL; + } + + packet_len = (data[2] << 8) | data[3]; + if (packet_len < 20) { + nr_debug_error("Packet length is too small"); + return -RSE_PACKET_TOO_SMALL; + } + + if (packet_len > sizeof_data) { + nr_debug_error("Packet length overflows received data"); + return -RSE_PACKET_TOO_LARGE; + } + + /* + * If we receive 100 bytes, and the header says it's 20 bytes, + * then it's 20 bytes. + */ + end = data + packet_len; + + for (attr = data + 20; attr < end; attr += attr[1]) { + if ((attr + 2) > end) { + nr_debug_error("Attribute overflows packet"); + return -RSE_ATTR_OVERFLOW; + } + + if (attr[1] < 2) { + nr_debug_error("Attribute length is too small"); + return -RSE_ATTR_TOO_SMALL; + } + + if ((attr + attr[1]) > end) { + nr_debug_error("Attribute length is too large"); + return -RSE_ATTR_TOO_LARGE; + } + } + + return 0; +} + +int nr_packet_ok(RADIUS_PACKET *packet) +{ + int rcode; + + if (!packet) return -RSE_INVAL; + + if ((packet->flags & RS_PACKET_OK) != 0) return 0; + + rcode = nr_packet_ok_raw(packet->data, packet->length); + if (rcode < 0) return rcode; + + packet->flags |= RS_PACKET_OK; + return 0; +} + + +/* + * Comparison function that is time-independent. Using "memcmp" + * would satisfy the "comparison" part. However, it would also + * leak information about *which* bytes are wrong. Attackers + * could use that leak to create a "correct" RADIUS packet which + * will be accepted by the client and/or server. + */ +static int digest_cmp(const uint8_t *a, const uint8_t *b, size_t length) +{ + int result = 0; + size_t i; + + for (i = 0; i < length; i++) { + result |= (a[i] ^ b[i]); + } + + return result; +} + + +#ifdef PW_MESSAGE_AUTHENTICATOR +static int msg_auth_ok(const RADIUS_PACKET *original, + uint8_t *ma, + uint8_t *data, size_t length) +{ + uint8_t packet_vector[sizeof(original->vector)]; + uint8_t msg_auth_vector[sizeof(original->vector)]; + uint8_t calc_auth_vector[sizeof(original->vector)]; + + if (ma[1] != 18) { + nr_debug_error("Message-Authenticator has invalid length"); + return -RSE_MSG_AUTH_LEN; + } + + memcpy(packet_vector, data + 4, sizeof(packet_vector)); + memcpy(msg_auth_vector, ma + 2, sizeof(msg_auth_vector)); + memset(ma + 2, 0, sizeof(msg_auth_vector)); + + switch (data[0]) { + default: + break; + + case PW_ACCOUNTING_REQUEST: + case PW_ACCOUNTING_RESPONSE: + case PW_DISCONNECT_REQUEST: + case PW_DISCONNECT_ACK: + case PW_DISCONNECT_NAK: + case PW_COA_REQUEST: + case PW_COA_ACK: + case PW_COA_NAK: + memset(data + 4, 0, sizeof(packet_vector)); + break; + + case PW_ACCESS_ACCEPT: + case PW_ACCESS_REJECT: + case PW_ACCESS_CHALLENGE: + if (!original) { + nr_debug_error("Cannot validate response without request"); + return -RSE_REQUEST_REQUIRED; + } + memcpy(data + 4, original->vector, sizeof(original->vector)); + break; + } + + nr_hmac_md5(data, length, + (const uint8_t *) original->secret, original->sizeof_secret, + calc_auth_vector); + + memcpy(ma + 2, msg_auth_vector, sizeof(msg_auth_vector)); + memcpy(data + 4, packet_vector, sizeof(packet_vector)); + + if (digest_cmp(calc_auth_vector, msg_auth_vector, + sizeof(calc_auth_vector)) != 0) { + nr_debug_error("Invalid Message-Authenticator"); + return -RSE_MSG_AUTH_WRONG; + } + + return 1; +} +#endif + +/* + * The caller ensures that the packet codes are as expected. + */ +static int packet_auth_ok(const RADIUS_PACKET *original, + uint8_t *data, size_t length) +{ + uint8_t packet_vector[sizeof(original->vector)]; + uint8_t calc_digest[sizeof(original->vector)]; + RS_MD5_CTX ctx; + + if ((data[0] == PW_ACCESS_REQUEST) || + (data[0] == PW_STATUS_SERVER)) return 1; + + memcpy(packet_vector, data + 4, sizeof(packet_vector)); + + if (!original) { + memset(data + 4, 0, sizeof(packet_vector)); + } else { + memcpy(data + 4, original->vector, sizeof(original->vector)); + } + + RS_MD5Init(&ctx); + RS_MD5Update(&ctx, data, length); + RS_MD5Update(&ctx, (const unsigned char *)original->secret, original->sizeof_secret); + RS_MD5Final(calc_digest, &ctx); + + memcpy(data + 4, packet_vector, sizeof(packet_vector)); + + if (digest_cmp(calc_digest, packet_vector, + sizeof(packet_vector)) != 0) { + nr_debug_error("Invalid authentication vector"); + return -RSE_AUTH_VECTOR_WRONG; + } + + return 0; +} + + +int nr_packet_verify(RADIUS_PACKET *packet, const RADIUS_PACKET *original) +{ + int rcode; + uint8_t *attr; +#ifdef PW_MESSAGE_AUTHENTICATOR + const uint8_t *end; +#endif + + if (!packet || !packet->data || !packet->secret) { + nr_debug_error("Invalid argument"); + return -RSE_INVAL; + } + + if ((packet->flags & RS_PACKET_VERIFIED) != 0) return 0; + + /* + * Packet isn't well formed. Ignore it. + */ + rcode = nr_packet_ok(packet); + if (rcode < 0) return rcode; + + /* + * Get rid of improper packets as early as possible. + */ + if (original) { + uint64_t mask; + + if (original->code > RS_MAX_PACKET_CODE) { + nr_debug_error("Invalid original code %u", + original->code); + return -RSE_INVALID_REQUEST_CODE; + } + + if (packet->data[1] != original->id) { + nr_debug_error("Ignoring response with wrong ID %u", + packet->data[1]); + return -RSE_INVALID_RESPONSE_CODE; + } + + mask = 1; + mask <<= packet->data[0]; + + if ((allowed_responses[original->code] & mask) == 0) { + nr_debug_error("Ignoring response with wrong code %u", + packet->data[0]); + return -RSE_INVALID_RESPONSE_CODE; + } + + if ((memcmp(&packet->src, &original->dst, sizeof(packet->src)) != 0) && + (evutil_sockaddr_cmp((struct sockaddr *)&packet->src, (struct sockaddr *)&original->dst, 1) != 0)) { + nr_debug_error("Ignoring response from wrong IP/port"); + return -RSE_INVALID_RESPONSE_SRC; + } + + } else if (allowed_responses[packet->data[0]] != 0) { + nr_debug_error("Ignoring response without original"); + return -RSE_INVALID_RESPONSE_CODE; + } + +#ifdef PW_MESSAGE_AUTHENTICATOR + end = packet->data + packet->length; + + /* + * Note that the packet MUST be well-formed here. + */ + for (attr = packet->data + 20; attr < end; attr += attr[1]) { + if (attr[0] == PW_MESSAGE_AUTHENTICATOR) { + rcode = msg_auth_ok(original, attr, + packet->data, packet->length); + if (rcode < 0) return rcode; + } + } +#endif + + /* + * Verify the packet authenticator. + */ + rcode = packet_auth_ok(original, packet->data, packet->length); + if (rcode < 0) return rcode; + + packet->flags |= RS_PACKET_VERIFIED; + + return 0; +} + + +int nr_packet_decode(RADIUS_PACKET *packet, const RADIUS_PACKET *original) +{ + int rcode, num_attributes; + uint8_t *data, *attr; + const uint8_t *end; + VALUE_PAIR **tail, *vp; + + if (!packet) return -RSE_INVAL; + + if ((packet->flags & RS_PACKET_DECODED) != 0) return 0; + + rcode = nr_packet_ok(packet); + if (rcode < 0) return rcode; + + data = packet->data; + end = data + packet->length; + tail = &packet->vps; + num_attributes = 0; + + /* + * Loop over the packet, converting attrs to VPs. + */ + for (attr = data + 20; attr < end; attr += attr[1]) { + rcode = nr_attr2vp(packet, original, + attr, end - attr, &vp); + if (rcode < 0) { + nr_vp_free(&packet->vps); + return -rcode; + } + + *tail = vp; + while (vp) { + num_attributes++; + tail = &(vp->next); + vp = vp->next; + } + + if (num_attributes > RS_MAX_ATTRIBUTES) { + nr_debug_error("Too many attributes"); + nr_vp_free(&packet->vps); + return -RSE_TOO_MANY_ATTRS; + } + } + + packet->code = data[0]; + packet->id = data[1]; + memcpy(packet->vector, data + 4, sizeof(packet->vector)); + + packet->flags |= RS_PACKET_DECODED; + + return 0; +} + + +int nr_packet_sign(RADIUS_PACKET *packet, const RADIUS_PACKET *original) +{ +#ifdef PW_MESSAGE_AUTHENTICATOR + size_t ma = 0; + const uint8_t *attr, *end; +#endif + + if ((packet->flags & RS_PACKET_SIGNED) != 0) return 0; + + if ((packet->flags & RS_PACKET_ENCODED) == 0) { + int rcode; + + rcode = nr_packet_encode(packet, original); + if (rcode < 0) return rcode; + } + + if ((packet->code == PW_ACCESS_ACCEPT) || + (packet->code == PW_ACCESS_CHALLENGE) || + (packet->code == PW_ACCESS_REJECT)) { +#ifdef PW_MESSAGE_AUTHENTICATOR + if (!original) { + nr_debug_error("Original packet is required to create the Message-Authenticator"); + return -RSE_REQUEST_REQUIRED; + } +#endif + + memcpy(packet->data + 4, original->vector, + sizeof(original->vector)); + } else { + memcpy(packet->data + 4, packet->vector, + sizeof(packet->vector)); + } + +#ifdef PW_MESSAGE_AUTHENTICATOR + end = packet->data + packet->length; + + for (attr = packet->data + 20; attr < end; attr += attr[1]) { + if (attr[0] == PW_MESSAGE_AUTHENTICATOR) { + ma = (attr - packet->data); + break; + } + } + + /* + * Force all Access-Request packets to have a + * Message-Authenticator. + */ + if (!ma && ((packet->length + 18) <= packet->sizeof_data) && + ((packet->code == PW_ACCESS_REQUEST) || + (packet->code == PW_STATUS_SERVER))) { + ma = packet->length; + + packet->data[ma]= PW_MESSAGE_AUTHENTICATOR; + packet->data[ma + 1] = 18; + memset(&packet->data[ma + 2], 0, 16); + packet->length += 18; + } + + /* + * Reset the length. + */ + packet->data[2] = (packet->length >> 8) & 0xff; + packet->data[3] = packet->length & 0xff; + + /* + * Sign the Message-Authenticator && packet. + */ + if (ma) { + nr_hmac_md5(packet->data, packet->length, + (const uint8_t *) packet->secret, packet->sizeof_secret, + packet->data + ma + 2); + } +#endif + + /* + * Calculate the signature. + */ + if (!((packet->code == PW_ACCESS_REQUEST) || + (packet->code == PW_STATUS_SERVER))) { + RS_MD5_CTX ctx; + + RS_MD5Init(&ctx); + RS_MD5Update(&ctx, packet->data, packet->length); + RS_MD5Update(&ctx, (const unsigned char *)packet->secret, packet->sizeof_secret); + RS_MD5Final(packet->vector, &ctx); + } + + memcpy(packet->data + 4, packet->vector, sizeof(packet->vector)); + + packet->attempts = 0; + packet->flags |= RS_PACKET_SIGNED; + + return 0; +} + + +static int can_encode_packet(RADIUS_PACKET *packet, + const RADIUS_PACKET *original) +{ + if ((packet->code == 0) || + (packet->code > RS_MAX_PACKET_CODE) || + (original && (original->code > RS_MAX_PACKET_CODE))) { + nr_debug_error("Cannot send unknown packet code"); + return -RSE_INVALID_REQUEST_CODE; + } + + if (!nr_packet_codes[packet->code]) { + nr_debug_error("Cannot handle packet code %u", + packet->code); + return -RSE_INVALID_REQUEST_CODE; + } + +#ifdef NR_NO_MALLOC + if (!packet->data) { + nr_debug_error("No place to put packet"); + return -RSE_NO_PACKET_DATA; + } +#endif + + if (packet->sizeof_data < 20) { + nr_debug_error("The buffer is too small to encode the packet"); + return -RSE_PACKET_TOO_SMALL; + } + + /* + * Enforce request / response correlation. + */ + if (original) { + uint64_t mask; + + mask = 1; + mask <<= packet->code; + + if ((allowed_responses[original->code] & mask) == 0) { + nr_debug_error("Cannot encode response %u to packet %u", + packet->code, original->code); + return -RSE_INVALID_RESPONSE_CODE; + } + packet->id = original->id; + + } else if (allowed_responses[packet->code] == 0) { + nr_debug_error("Cannot encode response %u without original", + packet->code); + return -RSE_REQUEST_REQUIRED; + } + + return 0; +} + +static void encode_header(RADIUS_PACKET *packet) +{ + if ((packet->flags & RS_PACKET_HEADER) != 0) return; + + memset(packet->data, 0, 20); + packet->data[0] = packet->code; + packet->data[1] = packet->id; + packet->data[2] = 0; + packet->data[3] = 20; + packet->length = 20; + + /* + * Calculate a random authentication vector. + */ + if ((packet->code == PW_ACCESS_REQUEST) || + (packet->code == PW_STATUS_SERVER)) { + nr_rand_bytes(packet->vector, sizeof(packet->vector)); + } else { + memset(packet->vector, 0, sizeof(packet->vector)); + } + + memcpy(packet->data + 4, packet->vector, sizeof(packet->vector)); + + packet->flags |= RS_PACKET_HEADER; +} + +int nr_packet_encode(RADIUS_PACKET *packet, const RADIUS_PACKET *original) +{ +#ifdef PW_MESSAGE_AUTHENTICATOR + size_t ma = 0; +#endif + int rcode; + ssize_t len; + const VALUE_PAIR *vp; + uint8_t *data, *end; + + if ((packet->flags & RS_PACKET_ENCODED) != 0) return 0; + + rcode = can_encode_packet(packet, original); + if (rcode < 0) return rcode; + + data = packet->data; + end = data + packet->sizeof_data; + + encode_header(packet); + data += 20; + + /* + * Encode each VALUE_PAIR + */ + vp = packet->vps; + while (vp) { +#ifdef PW_MESSAGE_AUTHENTICATOR + if (vp->da->attr == PW_MESSAGE_AUTHENTICATOR) { + ma = (data - packet->data); + } +#endif + len = nr_vp2attr(packet, original, &vp, + data, end - data); + if (len < 0) return len; + + if (len == 0) break; /* insufficient room to encode it */ + + data += data[1]; + } + +#ifdef PW_MESSAGE_AUTHENTICATOR + /* + * Always send a Message-Authenticator. + * + * We do *not* recommend removing this code. + */ + if (((packet->code == PW_ACCESS_REQUEST) || + (packet->code == PW_STATUS_SERVER)) && + !ma && + ((data + 18) <= end)) { + ma = (data - packet->data); + data[0] = PW_MESSAGE_AUTHENTICATOR; + data[1] = 18; + memset(data + 2, 0, 16); + data += data[1]; + } +#endif + + packet->length = data - packet->data; + + packet->data[2] = (packet->length >> 8) & 0xff; + packet->data[3] = packet->length & 0xff; + + packet->flags |= RS_PACKET_ENCODED; + + return packet->length; +} + + +/* + * Ensure that the nr_data2attr_t structure is filled in + * appropriately. This includes filling in a fake DICT_ATTR + * structure, if necessary. + */ +static int do_callback(void *ctx, nr_packet_walk_func_t callback, + int attr, int vendor, + const uint8_t *data, size_t sizeof_data) + +{ + int rcode; + const DICT_ATTR *da; + DICT_ATTR myda; + char buffer[64]; + + da = nr_dict_attr_byvalue(attr, vendor); + + /* + * The attribute is supposed to have a particular length, + * but does not. It is therefore malformed. + */ + if (da && (da->flags.length != 0) && + da->flags.length != sizeof_data) { + da = NULL; + } + + if (!da) { + rcode = nr_dict_attr_2struct(&myda, attr, vendor, + buffer, sizeof(buffer)); + + if (rcode < 0) return rcode; + da = &myda; + } + + rcode = callback(ctx, da, data, sizeof_data); + if (rcode < 0) return rcode; + + return 0; +} + + +int nr_packet_walk(RADIUS_PACKET *packet, void *ctx, + nr_packet_walk_func_t callback) +{ + int rcode; + uint8_t *attr; + const uint8_t *end; + + if (!packet || !callback) return -RSE_INVAL; + + rcode = nr_packet_ok(packet); + if (rcode < 0) return rcode; + + end = packet->data + packet->length; + + for (attr = packet->data + 20; attr < end; attr += attr[1]) { + int length, value; + int dv_type, dv_length; + uint32_t vendorpec; + const uint8_t *vsa; + const DICT_VENDOR *dv = NULL; + + vendorpec = 0; + value = attr[0]; + + if (value != PW_VENDOR_SPECIFIC) { + raw: + rcode = do_callback(ctx, callback, + attr[0], 0, + attr + 2, attr[1] - 2); + if (rcode < 0) return rcode; + continue; + } + + if (attr[1] < 6) goto raw; + memcpy(&vendorpec, attr + 2, 4); + vendorpec = ntohl(vendorpec); + + if (dv && (dv->vendor != vendorpec)) dv = NULL; + + if (!dv) dv = nr_dict_vendor_byvalue(vendorpec); + + if (dv) { + dv_type = dv->type; + dv_length = dv->length; + } else { + dv_type = 1; + dv_length = 1; + } + + /* + * Malformed: it's a raw attribute. + */ + if (nr_tlv_ok(attr + 6, attr[1] - 6, dv_type, dv_length) < 0) { + goto raw; + } + + for (vsa = attr + 6; vsa < attr + attr[1]; vsa += length) { + switch (dv_type) { + case 4: + value = (vsa[2] << 8) | vsa[3]; + break; + + case 2: + value = (vsa[0] << 8) | vsa[1]; + break; + + case 1: + value = vsa[0]; + break; + + default: + return -RSE_INTERNAL; + } + + switch (dv_length) { + case 0: + length = attr[1] - 6 - dv_type; + break; + + case 2: + case 1: + length = vsa[dv_type + dv_length - 1]; + break; + + default: + return -RSE_INTERNAL; + } + + rcode = do_callback(ctx, callback, + value, vendorpec, + vsa + dv_type + dv_length, + length - dv_type - dv_length); + if (rcode < 0) return rcode; + } + } + + return 0; +} + +int nr_packet_init(RADIUS_PACKET *packet, const RADIUS_PACKET *original, + const char *secret, int code, + void *data, size_t sizeof_data) +{ + int rcode; + + if ((code < 0) || (code > RS_MAX_PACKET_CODE)) { + return -RSE_INVALID_REQUEST_CODE; + } + + if (!data || (sizeof_data < 20)) return -RSE_INVAL; + + memset(packet, 0, sizeof(*packet)); + packet->secret = secret; + packet->sizeof_secret = secret ? strlen(secret) : 0; + packet->code = code; + packet->id = 0; + packet->data = data; + packet->sizeof_data = sizeof_data; + + rcode = can_encode_packet(packet, original); + if (rcode < 0) return rcode; + + encode_header(packet); + + return 0; +} + + +static int pack_eap(RADIUS_PACKET *packet, + const void *data, size_t data_len) +{ + uint8_t *attr, *end; + const uint8_t *eap; + size_t left; + + eap = data; + left = data_len; + attr = packet->data + packet->length; + end = attr + packet->sizeof_data; + + while (left > 253) { + if ((attr + 255) > end) return -RSE_ATTR_OVERFLOW; + + attr[0] = PW_EAP_MESSAGE; + attr[1] = 255; + memcpy(attr + 2, eap, 253); + attr += attr[1]; + eap += 253; + left -= 253; + } + + if ((attr + (2 + left)) > end) return -RSE_ATTR_OVERFLOW; + + attr[0] = PW_EAP_MESSAGE; + attr[1] = 2 + left; + memcpy(attr + 2, eap, left); + attr += attr[1]; + packet->length = attr - packet->data; + + return 0; +} + +ssize_t nr_packet_attr_append(RADIUS_PACKET *packet, + const RADIUS_PACKET *original, + const DICT_ATTR *da, + const void *data, size_t data_len) +{ + ssize_t rcode; + uint8_t *attr, *end; + VALUE_PAIR my_vp; + const VALUE_PAIR *vp; + + if (!packet || !da || !data) { + return -RSE_INVAL; + } + + if (data_len == 0) { + if (da->type != RS_TYPE_STRING) return -RSE_ATTR_TOO_SMALL; + + data_len = strlen(data); + } + + packet->flags |= RS_PACKET_ENCODED; /* ignore any VPs */ + + attr = packet->data + packet->length; + end = attr + packet->sizeof_data; + + if ((attr + 2 + data_len) > end) { + return -RSE_ATTR_OVERFLOW; + } + + if ((da->flags.length != 0) && + (data_len != da->flags.length)) { + return -RSE_ATTR_VALUE_MALFORMED; + } + +#ifdef PW_EAP_MESSAGE + /* + * automatically split EAP-Message into multiple + * attributes. + */ + if (!da->vendor && (da->attr == PW_EAP_MESSAGE) && (data_len > 253)) { + return pack_eap(packet, data, data_len); + } +#endif + + if (data_len > 253) return -RSE_ATTR_TOO_LARGE; + + vp = nr_vp_init(&my_vp, da); + rcode = nr_vp_set_data(&my_vp, data, data_len); + if (rcode < 0) return rcode; + + /* + * Note that this function packs VSAs each into their own + * Vendor-Specific attribute. If this isn't what you + * want, use the version of the library with full support + * for TLVs, WiMAX, and extended attributes. + */ + rcode = nr_vp2attr(packet, original, &vp, attr, end - attr); + if (rcode <= 0) return rcode; + + packet->length += rcode; + + return rcode; +} diff --git a/lib/radius/share/dictionary.juniper b/lib/radius/share/dictionary.juniper new file mode 100644 index 0000000..9aa5df4 --- /dev/null +++ b/lib/radius/share/dictionary.juniper @@ -0,0 +1,23 @@ +# -*- text -*- +# +# dictionary.juniper +# +# As posted to the list by Eric Kilfoil <ekilfoil@uslec.net> +# +# Version: $Id$ +# + +VENDOR Juniper 2636 + +BEGIN-VENDOR Juniper + +ATTRIBUTE Juniper-Local-User-Name 1 string +ATTRIBUTE Juniper-Allow-Commands 2 string +ATTRIBUTE Juniper-Deny-Commands 3 string +ATTRIBUTE Juniper-Allow-Configuration 4 string +ATTRIBUTE Juniper-Deny-Configuration 5 string +ATTRIBUTE Juniper-Interactive-Command 8 string +ATTRIBUTE Juniper-Configuration-Change 9 string +ATTRIBUTE Juniper-User-Permissions 10 string + +END-VENDOR Juniper diff --git a/lib/radius/share/dictionary.microsoft b/lib/radius/share/dictionary.microsoft new file mode 100644 index 0000000..034e5f0 --- /dev/null +++ b/lib/radius/share/dictionary.microsoft @@ -0,0 +1,17 @@ +# A minimal dictionary for Microsoft VSAs +# +VENDOR Microsoft 311 + +BEGIN-VENDOR Microsoft +ATTRIBUTE MS-CHAP-Response 1 octets +ATTRIBUTE MS-CHAP-Error 2 string +ATTRIBUTE MS-MPPE-Encryption-Policy 7 octets +ATTRIBUTE MS-MPPE-Encryption-Types 8 octets +ATTRIBUTE MS-CHAP-Domain 10 string +ATTRIBUTE MS-CHAP-Challenge 11 octets +ATTRIBUTE MS-CHAP-MPPE-Keys 12 octets encrypt=1 +ATTRIBUTE MS-MPPE-Send-Key 16 octets encrypt=2 +ATTRIBUTE MS-MPPE-Recv-Key 17 octets encrypt=2 +ATTRIBUTE MS-CHAP2-Response 25 octets +ATTRIBUTE MS-CHAP2-Success 26 octets +END-VENDOR Microsoft diff --git a/lib/radius/share/dictionary.txt b/lib/radius/share/dictionary.txt new file mode 100644 index 0000000..e62f8b3 --- /dev/null +++ b/lib/radius/share/dictionary.txt @@ -0,0 +1,136 @@ +ATTRIBUTE User-Name 1 string +ATTRIBUTE User-Password 2 string encrypt=1 +ATTRIBUTE CHAP-Password 3 octets +ATTRIBUTE NAS-IP-Address 4 ipaddr +ATTRIBUTE NAS-Port 5 integer +ATTRIBUTE Service-Type 6 integer +ATTRIBUTE Framed-Protocol 7 integer +ATTRIBUTE Framed-IP-Address 8 ipaddr +ATTRIBUTE Framed-IP-Netmask 9 ipaddr +ATTRIBUTE Framed-Routing 10 integer +ATTRIBUTE Filter-Id 11 string +ATTRIBUTE Framed-MTU 12 integer +ATTRIBUTE Framed-Compression 13 integer +ATTRIBUTE Login-IP-Host 14 ipaddr +ATTRIBUTE Login-Service 15 integer +ATTRIBUTE Login-TCP-Port 16 integer +ATTRIBUTE Reply-Message 18 string +ATTRIBUTE Callback-Number 19 string +ATTRIBUTE Callback-Id 20 string +ATTRIBUTE Framed-Route 22 string +ATTRIBUTE Framed-IPX-Network 23 ipaddr +ATTRIBUTE State 24 octets +ATTRIBUTE Class 25 octets +ATTRIBUTE Vendor-Specific 26 octets +ATTRIBUTE Session-Timeout 27 integer +ATTRIBUTE Idle-Timeout 28 integer +ATTRIBUTE Termination-Action 29 integer +ATTRIBUTE Called-Station-Id 30 string +ATTRIBUTE Calling-Station-Id 31 string +ATTRIBUTE NAS-Identifier 32 string +ATTRIBUTE Proxy-State 33 octets +ATTRIBUTE Login-LAT-Service 34 string +ATTRIBUTE Login-LAT-Node 35 string +ATTRIBUTE Login-LAT-Group 36 octets +ATTRIBUTE Framed-AppleTalk-Link 37 integer +ATTRIBUTE Framed-AppleTalk-Network 38 integer +ATTRIBUTE Framed-AppleTalk-Zone 39 string +ATTRIBUTE CHAP-Challenge 60 octets +ATTRIBUTE NAS-Port-Type 61 integer +ATTRIBUTE Port-Limit 62 integer +ATTRIBUTE Login-LAT-Port 63 string +ATTRIBUTE Acct-Status-Type 40 integer +ATTRIBUTE Acct-Delay-Time 41 integer +ATTRIBUTE Acct-Input-Octets 42 integer +ATTRIBUTE Acct-Output-Octets 43 integer +ATTRIBUTE Acct-Session-Id 44 string +ATTRIBUTE Acct-Authentic 45 integer +ATTRIBUTE Acct-Session-Time 46 integer +ATTRIBUTE Acct-Input-Packets 47 integer +ATTRIBUTE Acct-Output-Packets 48 integer +ATTRIBUTE Acct-Terminate-Cause 49 integer +ATTRIBUTE Acct-Multi-Session-Id 50 string +ATTRIBUTE Acct-Link-Count 51 integer +ATTRIBUTE Acct-Tunnel-Connection 68 string +ATTRIBUTE Acct-Tunnel-Packets-Lost 86 integer +ATTRIBUTE Tunnel-Type 64 integer has_tag +ATTRIBUTE Tunnel-Medium-Type 65 integer has_tag +ATTRIBUTE Tunnel-Client-Endpoint 66 string has_tag +ATTRIBUTE Tunnel-Server-Endpoint 67 string has_tag +ATTRIBUTE Tunnel-Password 69 string has_tag,encrypt=2 +ATTRIBUTE Tunnel-Private-Group-Id 81 string has_tag +ATTRIBUTE Tunnel-Assignment-Id 82 string has_tag +ATTRIBUTE Tunnel-Preference 83 integer has_tag +ATTRIBUTE Tunnel-Client-Auth-Id 90 string has_tag +ATTRIBUTE Tunnel-Server-Auth-Id 91 string has_tag +ATTRIBUTE Acct-Input-Gigawords 52 integer +ATTRIBUTE Acct-Output-Gigawords 53 integer +ATTRIBUTE Event-Timestamp 55 date +ATTRIBUTE ARAP-Password 70 octets[16] +ATTRIBUTE ARAP-Features 71 octets[14] +ATTRIBUTE ARAP-Zone-Access 72 integer +ATTRIBUTE ARAP-Security 73 integer +ATTRIBUTE ARAP-Security-Data 74 string +ATTRIBUTE Password-Retry 75 integer +ATTRIBUTE Prompt 76 integer +ATTRIBUTE Connect-Info 77 string +ATTRIBUTE Configuration-Token 78 string +ATTRIBUTE EAP-Message 79 octets +ATTRIBUTE Message-Authenticator 80 octets +ATTRIBUTE ARAP-Challenge-Response 84 octets[8] +ATTRIBUTE Acct-Interim-Interval 85 integer +ATTRIBUTE NAS-Port-Id 87 string +ATTRIBUTE Framed-Pool 88 string +ATTRIBUTE NAS-IPv6-Address 95 ipv6addr +ATTRIBUTE Framed-Interface-Id 96 ifid +ATTRIBUTE Framed-IPv6-Prefix 97 ipv6prefix +ATTRIBUTE Login-IPv6-Host 98 ipv6addr +ATTRIBUTE Framed-IPv6-Route 99 string +ATTRIBUTE Framed-IPv6-Pool 100 string +ATTRIBUTE Error-Cause 101 integer +ATTRIBUTE EAP-Key-Name 102 string +ATTRIBUTE Chargeable-User-Identity 89 string +ATTRIBUTE Egress-VLANID 56 integer +ATTRIBUTE Ingress-Filters 57 integer +ATTRIBUTE Egress-VLAN-Name 58 string +ATTRIBUTE User-Priority-Table 59 octets +ATTRIBUTE Delegated-IPv6-Prefix 123 ipv6prefix +ATTRIBUTE NAS-Filter-Rule 92 string +ATTRIBUTE Digest-Response 103 string +ATTRIBUTE Digest-Realm 104 string +ATTRIBUTE Digest-Nonce 105 string +ATTRIBUTE Digest-Response-Auth 106 string +ATTRIBUTE Digest-Nextnonce 107 string +ATTRIBUTE Digest-Method 108 string +ATTRIBUTE Digest-URI 109 string +ATTRIBUTE Digest-Qop 110 string +ATTRIBUTE Digest-Algorithm 111 string +ATTRIBUTE Digest-Entity-Body-Hash 112 string +ATTRIBUTE Digest-CNonce 113 string +ATTRIBUTE Digest-Nonce-Count 114 string +ATTRIBUTE Digest-Username 115 string +ATTRIBUTE Digest-Opaque 116 string +ATTRIBUTE Digest-Auth-Param 117 string +ATTRIBUTE Digest-AKA-Auts 118 string +ATTRIBUTE Digest-Domain 119 string +ATTRIBUTE Digest-Stale 120 string +ATTRIBUTE Digest-HA1 121 string +ATTRIBUTE SIP-AOR 122 string +ATTRIBUTE Operator-Name 126 string +ATTRIBUTE Location-Information 127 octets +ATTRIBUTE Location-Data 128 octets +ATTRIBUTE Basic-Location-Policy-Rules 129 octets +ATTRIBUTE Extended-Location-Policy-Rules 130 octets +ATTRIBUTE Location-Capable 131 integer +ATTRIBUTE Requested-Location-Info 132 integer +ATTRIBUTE Framed-Management 133 integer +ATTRIBUTE Management-Transport-Protection 134 integer +ATTRIBUTE Management-Policy-Id 135 string +ATTRIBUTE Management-Privilege-Level 136 integer +ATTRIBUTE PKM-SS-Cert 137 octets +ATTRIBUTE PKM-CA-Cert 138 octets +ATTRIBUTE PKM-Config-Settings 139 octets +ATTRIBUTE PKM-Cryptosuite-List 140 octets +ATTRIBUTE PKM-SAID 141 short +ATTRIBUTE PKM-SA-Descriptor 142 octets +ATTRIBUTE PKM-Auth-Key 143 octets diff --git a/lib/radius/share/dictionary.ukerna b/lib/radius/share/dictionary.ukerna new file mode 100644 index 0000000..0e35d43 --- /dev/null +++ b/lib/radius/share/dictionary.ukerna @@ -0,0 +1,20 @@ +# -*- text -*- +# +# GSS-EAP VSAs +# +# $Id$ +# + +VENDOR UKERNA 25622 + +BEGIN-VENDOR UKERNA + +ATTRIBUTE GSS-Acceptor-Service-Name 128 string +ATTRIBUTE GSS-Acceptor-Host-Name 129 string +ATTRIBUTE GSS-Acceptor-Service-Specific 130 string +ATTRIBUTE GSS-Acceptor-Realm-Name 131 string +ATTRIBUTE SAML-AAA-Assertion 132 string +ATTRIBUTE MS-Windows-Auth-Data 133 octets +ATTRIBUTE MS-Windows-Group-Sid 134 string + +END-VENDOR UKERNA diff --git a/lib/radius/share/dictionary.vendor b/lib/radius/share/dictionary.vendor new file mode 100644 index 0000000..571dbc4 --- /dev/null +++ b/lib/radius/share/dictionary.vendor @@ -0,0 +1,10 @@ +# a sample vendor-specific dictionary + +VENDOR example 65535 + +BEGIN-VENDOR example +ATTRIBUTE Example-Integer 1 integer +ATTRIBUTE Example-String 2 string +ATTRIBUTE Example-IP-Address 3 ipaddr + +END-VENDOR example diff --git a/lib/radius/static.c b/lib/radius/static.c new file mode 100644 index 0000000..bd87272 --- /dev/null +++ b/lib/radius/static.c @@ -0,0 +1,37 @@ +/* +Copyright (c) 2011, Network RADIUS SARL +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the <organization> nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY +DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/** \file static.c + * \brief Dummy file to include auto-generating static dictionary mappings. + */ + +#include "client.h" + +/* + * Include the dynamically generated dictionaries. + */ +#include "dictionaries.c" diff --git a/lib/radius/tests/Makefile b/lib/radius/tests/Makefile new file mode 100644 index 0000000..b9d74ad --- /dev/null +++ b/lib/radius/tests/Makefile @@ -0,0 +1,25 @@ +# +# GNU Makefile +# +.PHONY: all clean +all: radattr + +HEADERS := ../client.h ../radius.h +CFLAGS := -g + +%.o : %.c + $(CC) $(CFLAGS) -I.. -I. -c $< + +%.o: ${HEADERS} + +LIBS := -lcrypto -lssl +LDFLAGS = -L.. -lnetworkradius-client + +../libnetworkradius-client.a: + @${MAKE} -C .. libnetworkradius-client.a + +radattr: radattr.o ../libnetworkradius-client.a + ${CC} ${LFDLAGS} ${LIBS} -o $@ $^ + +clean: + @rm -rf *.o *.a *~ diff --git a/lib/radius/tests/radattr.c b/lib/radius/tests/radattr.c new file mode 100644 index 0000000..d41499a --- /dev/null +++ b/lib/radius/tests/radattr.c @@ -0,0 +1,769 @@ +/* + * Copyright (C) 2011 Network RADIUS SARL <info@networkradius.com> + * + * This software may not be redistributed in any form without the prior + * written consent of Network RADIUS. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include <networkradius-devel/client.h> + +#include <ctype.h> + +#include <assert.h> + +static int packet_code = PW_ACCESS_REQUEST; +static int packet_id = 1; +static uint8_t packet_vector[16] = { 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0 }; +static char secret[256] = "testing123"; + +static int encode_tlv(char *buffer, uint8_t *output, size_t outlen); + +static const char *hextab = "0123456789abcdef"; + +static int encode_data_string(char *buffer, + uint8_t *output, size_t outlen) +{ + int length = 0; + char *p; + + p = buffer + 1; + + while (*p && (outlen > 0)) { + if (*p == '"') { + return length; + } + + if (*p != '\\') { + *(output++) = *(p++); + outlen--; + length++; + continue; + } + + switch (p[1]) { + default: + *(output++) = p[1]; + break; + + case 'n': + *(output++) = '\n'; + break; + + case 'r': + *(output++) = '\r'; + break; + + case 't': + *(output++) = '\t'; + break; + } + + outlen--; + length++; + } + + fprintf(stderr, "String is not terminated\n"); + return 0; +} + +static int encode_data_tlv(char *buffer, char **endptr, + uint8_t *output, size_t outlen) +{ + int depth = 0; + int length; + char *p; + + for (p = buffer; *p != '\0'; p++) { + if (*p == '{') depth++; + if (*p == '}') { + depth--; + if (depth == 0) break; + } + } + + if (*p != '}') { + fprintf(stderr, "No trailing '}' in string starting " + "with \"%s\"\n", + buffer); + return 0; + } + + *endptr = p + 1; + *p = '\0'; + + p = buffer + 1; + while (isspace((int) *p)) p++; + + length = encode_tlv(p, output, outlen); + if (length == 0) return 0; + + return length; +} + +static int encode_hex(char *p, uint8_t *output, size_t outlen) +{ + int length = 0; + while (*p) { + char *c1, *c2; + + while (isspace((int) *p)) p++; + + if (!*p) break; + + if(!(c1 = memchr(hextab, tolower((int) p[0]), 16)) || + !(c2 = memchr(hextab, tolower((int) p[1]), 16))) { + fprintf(stderr, "Invalid data starting at " + "\"%s\"\n", p); + return 0; + } + + *output = ((c1 - hextab) << 4) + (c2 - hextab); + output++; + length++; + p += 2; + + outlen--; + if (outlen == 0) { + fprintf(stderr, "Too much data\n"); + return 0; + } + } + + return length; +} + + +static int encode_data(char *p, uint8_t *output, size_t outlen) +{ + int length; + + if (!isspace((int) *p)) { + fprintf(stderr, "Invalid character following attribute " + "definition\n"); + return 0; + } + + while (isspace((int) *p)) p++; + + if (*p == '{') { + int sublen; + char *q; + + length = 0; + + do { + while (isspace((int) *p)) p++; + if (!*p) { + if (length == 0) { + fprintf(stderr, "No data\n"); + return 0; + } + + break; + } + + sublen = encode_data_tlv(p, &q, output, outlen); + if (sublen == 0) return 0; + + length += sublen; + output += sublen; + outlen -= sublen; + p = q; + } while (*q); + + return length; + } + + if (*p == '"') { + length = encode_data_string(p, output, outlen); + return length; + } + + length = encode_hex(p, output, outlen); + + if (length == 0) { + fprintf(stderr, "Empty string\n"); + return 0; + } + + return length; +} + +static int decode_attr(char *buffer, char **endptr) +{ + long attr; + + attr = strtol(buffer, endptr, 10); + if (*endptr == buffer) { + fprintf(stderr, "No valid number found in string " + "starting with \"%s\"\n", buffer); + return 0; + } + + if (!**endptr) { + fprintf(stderr, "Nothing follows attribute number\n"); + return 0; + } + + if ((attr <= 0) || (attr > 256)) { + fprintf(stderr, "Attribute number is out of valid " + "range\n"); + return 0; + } + + return (int) attr; +} + +static int decode_vendor(char *buffer, char **endptr) +{ + long vendor; + + if (*buffer != '.') { + fprintf(stderr, "Invalid separator before vendor id\n"); + return 0; + } + + vendor = strtol(buffer + 1, endptr, 10); + if (*endptr == (buffer + 1)) { + fprintf(stderr, "No valid vendor number found\n"); + return 0; + } + + if (!**endptr) { + fprintf(stderr, "Nothing follows vendor number\n"); + return 0; + } + + if ((vendor <= 0) || (vendor > (1 << 24))) { + fprintf(stderr, "Vendor number is out of valid range\n"); + return 0; + } + + if (**endptr != '.') { + fprintf(stderr, "Invalid data following vendor number\n"); + return 0; + } + (*endptr)++; + + return (int) vendor; +} + +static int encode_tlv(char *buffer, uint8_t *output, size_t outlen) +{ + int attr; + int length; + char *p; + + attr = decode_attr(buffer, &p); + if (attr == 0) return 0; + + output[0] = attr; + output[1] = 2; + + if (*p == '.') { + p++; + length = encode_tlv(p, output + 2, outlen - 2); + + } else { + length = encode_data(p, output + 2, outlen - 2); + } + + if (length == 0) return 0; + if (length > (255 - 2)) { + fprintf(stderr, "TLV data is too long\n"); + return 0; + } + + output[1] += length; + + return length + 2; +} + +static int encode_vsa(char *buffer, uint8_t *output, size_t outlen) +{ + int vendor; + int length; + char *p; + + vendor = decode_vendor(buffer, &p); + if (vendor == 0) return 0; + + output[0] = 0; + output[1] = (vendor >> 16) & 0xff; + output[2] = (vendor >> 8) & 0xff; + output[3] = vendor & 0xff; + + length = encode_tlv(p, output + 4, outlen - 4); + if (length == 0) return 0; + if (length > (255 - 6)) { + fprintf(stderr, "VSA data is too long\n"); + return 0; + } + + + return length + 4; +} + +static int encode_evs(char *buffer, uint8_t *output, size_t outlen) +{ + int vendor; + int attr; + int length; + char *p; + + vendor = decode_vendor(buffer, &p); + if (vendor == 0) return 0; + + attr = decode_attr(p, &p); + if (attr == 0) return 0; + + output[0] = 0; + output[1] = (vendor >> 16) & 0xff; + output[2] = (vendor >> 8) & 0xff; + output[3] = vendor & 0xff; + output[4] = attr; + + length = encode_data(p, output + 5, outlen - 5); + if (length == 0) return 0; + + return length + 5; +} + +static int encode_extended(char *buffer, + uint8_t *output, size_t outlen) +{ + int attr; + int length; + char *p; + + attr = decode_attr(buffer, &p); + if (attr == 0) return 0; + + output[0] = attr; + + if (attr == 26) { + length = encode_evs(p, output + 1, outlen - 1); + } else { + length = encode_data(p, output + 1, outlen - 1); + } + if (length == 0) return 0; + if (length > (255 - 3)) { + fprintf(stderr, "Extended Attr data is too long\n"); + return 0; + } + + return length + 1; +} + +static int encode_extended_flags(char *buffer, + uint8_t *output, size_t outlen) +{ + int attr; + int length, total; + char *p; + + attr = decode_attr(buffer, &p); + if (attr == 0) return 0; + + /* output[0] is the extended attribute */ + output[1] = 4; + output[2] = attr; + output[3] = 0; + + if (attr == 26) { + length = encode_evs(p, output + 4, outlen - 4); + if (length == 0) return 0; + + output[1] += 5; + length -= 5; + } else { + length = encode_data(p, output + 4, outlen - 4); + } + if (length == 0) return 0; + + total = 0; + while (1) { + int sublen = 255 - output[1]; + + if (length <= sublen) { + output[1] += length; + total += output[1]; + break; + } + + length -= sublen; + + memmove(output + 255 + 4, output + 255, length); + memcpy(output + 255, output, 4); + + output[1] = 255; + output[3] |= 0x80; + + output += 255; + output[1] = 4; + total += 255; + } + + return total; +} + +static int encode_rfc(char *buffer, uint8_t *output, size_t outlen) +{ + int attr; + int length, sublen; + char *p; + + attr = decode_attr(buffer, &p); + if (attr == 0) return 0; + + length = 2; + output[0] = attr; + output[1] = 2; + + if (attr == 26) { + sublen = encode_vsa(p, output + 2, outlen - 2); + + } else if ((attr < 241) || (attr > 246)) { + sublen = encode_data(p, output + 2, outlen - 2); + + } else { + if (*p != '.') { + fprintf(stderr, "Invalid data following " + "attribute number\n"); + return 0; + } + + if (attr < 245) { + sublen = encode_extended(p + 1, + output + 2, outlen - 2); + } else { + + /* + * Not like the others! + */ + return encode_extended_flags(p + 1, output, outlen); + } + } + if (sublen == 0) return 0; + if (sublen > (255 -2)) { + fprintf(stderr, "RFC Data is too long\n"); + return 0; + } + + output[1] += sublen; + return length + sublen; +} + +static int walk_callback(void *ctx, const DICT_ATTR *da, + const uint8_t *data, size_t sizeof_data) +{ + char **p = ctx; + + sprintf(*p, "v%u a%u l%ld,", + da->vendor, da->attr, sizeof_data); + + *p += strlen(*p); +} + +static void process_file(const char *filename) +{ + int lineno, rcode; + size_t i, outlen; + ssize_t len, data_len; + FILE *fp; + RADIUS_PACKET packet; + char input[8192], buffer[8192]; + char output[8192]; + uint8_t *attr, data[2048]; + + if (strcmp(filename, "-") == 0) { + fp = stdin; + filename = "<stdin>"; + + } else { + fp = fopen(filename, "r"); + if (!fp) { + fprintf(stderr, "Error opening %s: %s\n", + filename, strerror(errno)); + exit(1); + } + } + + lineno = 0; + *output = '\0'; + data_len = 0; + + while (fgets(buffer, sizeof(buffer), fp) != NULL) { + char *p = strchr(buffer, '\n'); + VALUE_PAIR *vp, *head = NULL; + VALUE_PAIR **tail = &head; + + lineno++; + + if (!p) { + if (!feof(fp)) { + fprintf(stderr, "Line %d too long in %s\n", + lineno, filename); + exit(1); + } + } else { + *p = '\0'; + } + + p = strchr(buffer, '#'); + if (p) *p = '\0'; + + p = buffer; + while (isspace((int) *p)) p++; + if (!*p) continue; + + strcpy(input, p); + + if (strncmp(p, "raw ", 4) == 0) { + outlen = encode_rfc(p + 4, data, sizeof(data)); + if (outlen == 0) { + fprintf(stderr, "Parse error in line %d of %s\n", + lineno, filename); + exit(1); + } + + print_hex: + if (outlen == 0) { + output[0] = 0; + continue; + } + + data_len = outlen; + for (i = 0; i < outlen; i++) { + snprintf(output + 3*i, sizeof(output), + "%02x ", data[i]); + } + outlen = strlen(output); + output[outlen - 1] = '\0'; + continue; + } + + if (strncmp(p, "data ", 5) == 0) { + if (strcmp(p + 5, output) != 0) { + fprintf(stderr, "Mismatch in line %d of %s, expected: %s\n", + lineno, filename, output); + exit(1); + } + continue; + } + + head = NULL; + if (strncmp(p, "encode ", 7) == 0) { + if (strcmp(p + 7, "-") == 0) { + p = output; + } else { + p += 7; + } + + rcode = nr_vp_sscanf(p, &head); + if (rcode < 0) { + strcpy(output, nr_strerror(rcode)); + continue; + } + + attr = data; + vp = head; + while (vp != NULL) { + len = nr_vp2attr(NULL, NULL, &vp, + attr, sizeof(data) - (attr - data)); + if (len < 0) { + fprintf(stderr, "Failed encoding %s: %s\n", + vp->da->name, nr_strerror(len)); + exit(1); + } + + attr += len; + if (len == 0) break; + } + + nr_vp_free(&head); + outlen = len; + goto print_hex; + } + + if (strncmp(p, "decode ", 7) == 0) { + ssize_t my_len; + + if (strcmp(p + 7, "-") == 0) { + attr = data; + len = data_len; + } else { + attr = data; + len = encode_hex(p + 7, data, sizeof(data)); + if (len == 0) { + fprintf(stderr, "Failed decoding hex string at line %d of %s\n", lineno, filename); + exit(1); + } + } + + while (len > 0) { + vp = NULL; + my_len = nr_attr2vp(NULL, NULL, + attr, len, &vp); + if (my_len < 0) { + nr_vp_free(&head); + break; + } + + if (my_len > len) { + fprintf(stderr, "Internal sanity check failed at %d\n", __LINE__); + exit(1); + } + + *tail = vp; + while (vp) { + tail = &(vp->next); + vp = vp->next; + } + + attr += my_len; + len -= my_len; + } + + /* + * Output may be an error, and we ignore + * it if so. + */ + if (head) { + p = output; + for (vp = head; vp != NULL; vp = vp->next) { + nr_vp_snprintf(p, sizeof(output) - (p - output), vp); + p += strlen(p); + + if (vp->next) {strcpy(p, ", "); + p += 2; + } + } + + nr_vp_free(&head); + } else if (my_len < 0) { + strcpy(output, nr_strerror(my_len)); + + } else { /* zero-length attribute */ + *output = '\0'; + } + continue; + } + + if (strncmp(p, "walk ", 5) == 0) { + len = encode_hex(p + 5, data + 20, sizeof(data) - 20); + + if (len == 0) { + fprintf(stderr, "Failed decoding hex string at line %d of %s\n", lineno, filename); + exit(1); + } + + memset(data, 0, 20); + packet.data = data; + packet.length = len + 20; + packet.data[2] = ((len + 20) >> 8) & 0xff; + packet.data[3] = (len + 20) & 0xff; + + *output = '\0'; + p = output; + + rcode = nr_packet_walk(&packet, &p, walk_callback); + if (rcode < 0) { + snprintf(output, sizeof(output), "%d", rcode); + continue; + } + + if (*output) output[strlen(output) - 1] = '\0'; + continue; + } + + if (strncmp(p, "$INCLUDE ", 9) == 0) { + p += 9; + while (isspace((int) *p)) p++; + + process_file(p); + continue; + } + + if (strncmp(p, "secret ", 7) == 0) { + strlcpy(secret, p + 7, sizeof(secret)); + strlcpy(output, secret, sizeof(output)); + continue; + } + + if (strncmp(p, "code ", 5) == 0) { + packet_code = atoi(p + 5); + snprintf(output, sizeof(output), "%u", packet_code); + continue; + } + + if (strncmp(p, "sign ", 5) == 0) { + len = encode_hex(p + 5, data + 20, sizeof(data) - 20); + if (len == 0) { + fprintf(stderr, "Failed decoding hex string at line %d of %s\n", lineno, filename); + exit(1); + } + + memset(&packet, 0, sizeof(packet)); + packet.secret = secret; + packet.sizeof_secret = strlen(secret); + packet.code = packet_code; + packet.id = packet_id; + memcpy(packet.vector, packet_vector, 16); + packet.data = data; + packet.length = len + 20; + + /* + * Hack encode the packet. + */ + packet.data[0] = packet_code; + packet.data[1] = packet_id; + packet.data[2] = ((len + 20) >> 8) & 0xff; + packet.data[3] = (len + 20) & 0xff; + memcpy(packet.data + 4, packet_vector, 16); + + rcode = nr_packet_sign(&packet, NULL); + if (rcode < 0) { + snprintf(output, sizeof(output), "%d", rcode); + continue; + } + + memcpy(data, packet.vector, sizeof(packet.vector)); + outlen = sizeof(packet.vector); + goto print_hex; + } + + fprintf(stderr, "Unknown input at line %d of %s\n", + lineno, filename); + exit(1); + } + + if (fp != stdin) fclose(fp); +} + +int main(int argc, char *argv[]) +{ + int c; + + if (argc < 2) { + process_file("-"); + + } else { + process_file(argv[1]); + } + + return 0; +} diff --git a/lib/radius/tests/rfc.txt b/lib/radius/tests/rfc.txt new file mode 100644 index 0000000..d8bd613 --- /dev/null +++ b/lib/radius/tests/rfc.txt @@ -0,0 +1,144 @@ +# All attribute lengths are implicit, and are calculated automatically +# +# Input is of the form: +# +# WORD ... +# +# The WORD is a keyword which indicates the format of the following text. +# WORD is one of: +# +# raw - read the grammar defined below, and encode an attribute. +# The grammer supports a trivial way of describing RADIUS +# attributes, without reference to dictionaries or fancy +# parsers +# +# encode - reads "Attribute-Name = value", encodes it, and prints +# the result as text. +# use "-" to encode the output of the last command +# +# decode - reads hex, and decodes it "Attribute-Name = value" +# use "-" to decode the output of the last command +# +# data - the expected output of the previous command, in ASCII form. +# if the actual command output is different, an error message +# is produced, and the program terminates. +# +# +# The "raw" input satisfies the following grammar: +# +# Identifier = 1*DIGIT *( "." 1*DIGIT ) +# +# HEXCHAR = HEXDIG HEXDIG +# +# STRING = DQUOTE *CHAR DQUOTE +# +# TLV = "{" 1*DIGIT DATA "}" +# +# DATA = 1*HEXCHAR / 1*TLV / STRING +# +# LINE = Identifier DATA +# +# The "Identifier" is a RADIUS attribute identifier, as given in the draft. +# +# e.g. 1 for User-Name +# 26.9.1 Vendor-Specific, Cisco, Cisco-AVPAir +# 241.1 Extended Attribute, number 1 +# 241.2.3 Extended Attribute 2, data type TLV, TLV type 3 +# etc. +# +# The "DATA" portion is the contents of the RADIUS Attribute. +# +# 123456789abcdef hex string +# 12 34 56 ab with spaces for clarity +# "hello" Text string +# { 1 abcdef } TLV, TLV-Type 1, data "abcdef" +# +# TLVs can be nested: +# +# { tlv-type { tlv-type data } } { 3 { 4 01020304 } } +# +# TLVs can be concatencated +# +# {tlv-type data } { tlv-type data} { 3 040506 } { 8 aabbcc } +# +# The "raw" data is encoded without reference to dictionaries. Any +# valid string is parsed to a RADIUS attribute. The resulting RADIUS +# attribute *may not* be correctly formatted to the relevant RADIUS +# specifications. i.e. you can use this tool to create attribute 1 +# (User-Name), which is encoded as a series of TLVs. That's up to you. +# +# The purpose of the "raw" command is to have a simple way of encoding +# attributes which is independent of any dictionaries or packet processing +# routines. +# +# The output data is the hex version of the encoded attribute. +# + +encode User-Name = bob +data 01 05 62 6f 62 + +decode - +data User-Name = "bob" + +decode 01 05 62 6f 62 +data User-Name = "bob" + +# +# The Type/Length is OK, but the attribute data is of the wrong size. +# +decode 04 04 ab cd +data Attr-4 = 0xabcd + +# Zero-length attributes +decode 01 02 +data + +# don't encode zero-length attributes +#encode User-Name = "" +#data + +# except for CUI. Thank you, WiMAX! +decode 59 02 +data Chargeable-User-Identity = "" + +# Hah! Thought you had it figured out, didn't you? +#encode - +#data 59 02 + +encode NAS-Port = 10 +data 05 06 00 00 00 0a + +decode - +data NAS-Port = 10 + +walk 05 06 00 00 00 0a +data v0 a5 l4 + +walk 05 06 00 00 00 0a 02 06 00 00 00 0a +data v0 a5 l4,v0 a2 l4 + +walk 1a 0c 00 00 00 01 05 06 00 00 00 0a +data v1 a5 l4 + +walk 1a 12 00 00 00 01 05 06 00 00 00 0a 03 06 00 00 00 0a +data v1 a5 l4,v1 a3 l4 + +# Access-Request, code 1, authentication vector of zero +sign 05 06 00 00 00 0a +data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 + +code 4 + +sign 05 06 00 00 00 0a +data 62 63 f1 db 80 70 a6 64 37 31 63 e4 aa 95 5a 68 + +sign 05 06 00 00 00 0a +data 62 63 f1 db 80 70 a6 64 37 31 63 e4 aa 95 5a 68 + +secret hello +sign 05 06 00 00 00 0a +data 69 20 c0 b9 e1 2f 12 54 9f 92 16 5e f4 64 9b fd + +secret testing123 +sign 05 06 00 00 00 0a +data 62 63 f1 db 80 70 a6 64 37 31 63 e4 aa 95 5a 68 diff --git a/lib/radius/valuepair.c b/lib/radius/valuepair.c new file mode 100644 index 0000000..6277f7d --- /dev/null +++ b/lib/radius/valuepair.c @@ -0,0 +1,191 @@ +/* +Copyright (c) 2011, Network RADIUS SARL +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the <organization> nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY +DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/** \file valuepair.c + * \brief Functions to manipulate C structure versions of RADIUS attributes. + */ + +#include "client.h" + +void nr_vp_free(VALUE_PAIR **head) +{ + VALUE_PAIR *next, *vp; + + for (vp = *head; vp != NULL; vp = next) { + next = vp->next; + if (vp->da->flags.encrypt) { + memset(vp, 0, sizeof(vp)); + } + free(vp); + } + + *head = NULL; +} + + +VALUE_PAIR *nr_vp_init(VALUE_PAIR *vp, const DICT_ATTR *da) +{ + memset(vp, 0, sizeof(*vp)); + + vp->da = da; + vp->length = da->flags.length; + + return vp; +} + + +VALUE_PAIR *nr_vp_alloc(const DICT_ATTR *da) +{ + VALUE_PAIR *vp = NULL; + + if (!da) { + nr_strerror_printf("Unknown attribute"); + return NULL; + } + + vp = malloc(sizeof(*vp)); + if (!vp) { + nr_strerror_printf("Out of memory"); + return NULL; + } + + return nr_vp_init(vp, da); +} + +VALUE_PAIR *nr_vp_alloc_raw(unsigned int attr, unsigned int vendor) +{ + VALUE_PAIR *vp = NULL; + DICT_ATTR *da; + + vp = malloc(sizeof(*vp) + sizeof(*da) + 64); + if (!vp) { + nr_strerror_printf("Out of memory"); + return NULL; + } + memset(vp, 0, sizeof(*vp)); + + da = (DICT_ATTR *) (vp + 1); + + if (nr_dict_attr_2struct(da, attr, vendor, (char *) (da + 1), 64) < 0) { + free(vp); + return NULL; + } + + vp->da = da; + + return vp; +} + +int nr_vp_set_data(VALUE_PAIR *vp, const void *data, size_t sizeof_data) +{ + int rcode = 1; /* OK */ + + if (!vp || !data || (sizeof_data == 0)) return -RSE_INVAL; + + switch (vp->da->type) { + case RS_TYPE_BYTE: + vp->vp_integer = *(const uint8_t *) data; + break; + + case RS_TYPE_SHORT: + vp->vp_integer = *(const uint16_t *) data; + break; + + case RS_TYPE_INTEGER: + case RS_TYPE_DATE: + case RS_TYPE_IPADDR: + vp->vp_integer = *(const uint32_t *) data; + break; + + case RS_TYPE_STRING: + if (sizeof_data >= sizeof(vp->vp_strvalue)) { + sizeof_data = sizeof(vp->vp_strvalue) - 1; + rcode = 0; /* truncated */ + } + + memcpy(vp->vp_strvalue, (const char *) data, sizeof_data); + vp->vp_strvalue[sizeof_data + 1] = '\0'; + vp->length = sizeof_data; + break; + + case RS_TYPE_OCTETS: + if (sizeof_data > sizeof(vp->vp_octets)) { + sizeof_data = sizeof(vp->vp_octets); + rcode = 0; /* truncated */ + } + memcpy(vp->vp_octets, data, sizeof_data); + vp->length = sizeof_data; + break; + + default: + return -RSE_ATTR_TYPE_UNKNOWN; + } + + return rcode; +} + +VALUE_PAIR *nr_vp_create(int attr, int vendor, const void *data, size_t data_len) +{ + const DICT_ATTR *da; + VALUE_PAIR *vp; + + da = nr_dict_attr_byvalue(attr, vendor); + if (!da) return NULL; + + vp = nr_vp_alloc(da); + if (!vp) return NULL; + + if (nr_vp_set_data(vp, data, data_len) < 0) { + nr_vp_free(&vp); + return NULL; + } + + return vp; +} + +void nr_vps_append(VALUE_PAIR **head, VALUE_PAIR *tail) +{ + if (!tail) return; + + while (*head) { + head = &((*head)->next); + } + + *head = tail; +} + +VALUE_PAIR *nr_vps_find(VALUE_PAIR *head, + unsigned int attr, unsigned int vendor) +{ + while (head) { + if ((head->da->attr == attr) && + (head->da->vendor == vendor)) return head; + head = head->next; + } + + return NULL; +} diff --git a/lib/radsec.c b/lib/radsec.c index e176b6d..347a48b 100644 --- a/lib/radsec.c +++ b/lib/radsec.c @@ -12,7 +12,7 @@ #include <libgen.h> #include <assert.h> -#include <freeradius/libradius.h> +#include <radius/client.h> #include <event2/event.h> #include <event2/util.h> #include <radsec/radsec.h> @@ -39,14 +39,8 @@ rs_context_create (struct rs_context **ctx) #if defined (RS_ENABLE_TLS) ssl_init (); #endif -#if defined (DEBUG) - fr_log_fp = stderr; - fr_debug_flag = 1; -#endif - debug_init ("libradsec"); /* radsecproxy compat, FIXME: remove */ - fr_randinit (&h->fr_randctx, 0); - fr_rand_seed (NULL, 0); + debug_init ("libradsec"); /* radsecproxy compat, FIXME: remove */ if (ctx != NULL) *ctx = h; @@ -54,48 +48,6 @@ rs_context_create (struct rs_context **ctx) return RSE_OK; } -/** Initialize freeradius dictionary. */ -int -rs_context_init_freeradius_dict (struct rs_context *ctx, const char *dict) -{ - int r = RSE_OK; - size_t dictlen; - char *dir = NULL; - char *fn = NULL; - - if (dict == NULL) - if (ctx->config != NULL && ctx->config->dictionary) - dict = ctx->config->dictionary; - - if (dict == NULL) - dict = RS_FREERADIUS_DICT; - - dictlen = strlen (dict); - dir = rs_calloc (ctx, 1, dictlen + 1); - fn = rs_calloc (ctx, 1, dictlen + 1); - if (dir == NULL || fn == NULL) - { - r = rs_err_ctx_push_fl (ctx, RSE_NOMEM, __FILE__, __LINE__, NULL); - goto out; - } - strncpy (dir, dict, dictlen); - strncpy (fn, dict, dictlen); - - if (dict_init (dirname (dir), basename (fn)) < 0) - { - r = rs_err_ctx_push_fl (ctx, RSE_FR, __FILE__, __LINE__, - "failing dict_init(\"%s\")", dict); - goto out; - } - - out: - if (dir) - rs_free (ctx, dir); - if (fn) - rs_free (ctx, fn); - return r; -} - struct rs_error * rs_resolve (struct evutil_addrinfo **addr, rs_conn_type_t type, diff --git a/lib/radsec.sym b/lib/radsec.sym index fe17f07..f234082 100644 --- a/lib/radsec.sym +++ b/lib/radsec.sym @@ -1,3 +1,40 @@ +rs_attr_display_name +rs_attr_find +rs_attr_parse_name +rs_avp_alloc +rs_avp_append +rs_avp_attrid +rs_avp_byte_set +rs_avp_byte_value +rs_avp_date_set +rs_avp_date_value +rs_avp_delete +rs_avp_display_value +rs_avp_dup +rs_avp_find +rs_avp_find_const +rs_avp_fragmented_value +rs_avp_free +rs_avp_ifid_set +rs_avp_ifid_value +rs_avp_integer_set +rs_avp_integer_value +rs_avp_ipaddr_set +rs_avp_ipaddr_value +rs_avp_length +rs_avp_name +rs_avp_next +rs_avp_next_const +rs_avp_octets_set +rs_avp_octets_value +rs_avp_octets_value_byref +rs_avp_octets_value_const_ptr +rs_avp_octets_value_ptr +rs_avp_short_set +rs_avp_short_value +rs_avp_string_set +rs_avp_string_value +rs_avp_typeof rs_conf_find_realm rs_conn_add_listener rs_conn_create @@ -15,7 +52,6 @@ rs_conn_set_timeout rs_conn_set_type rs_context_create rs_context_destroy -rs_context_init_freeradius_dict rs_context_read_config rs_context_set_alloc_scheme rs_dump_packet @@ -29,10 +65,12 @@ rs_err_ctx_push rs_err_ctx_push_fl rs_err_free rs_err_msg +rs_packet_append_avp +rs_packet_avps +rs_packet_code rs_packet_create rs_packet_create_authn_request rs_packet_destroy -rs_packet_frpkt rs_packet_send rs_peer_create rs_peer_set_address diff --git a/lib/request.c b/lib/request.c index 3831773..b964bea 100644 --- a/lib/request.c +++ b/lib/request.c @@ -14,7 +14,7 @@ #include <radsec/radsec-impl.h> #include <radsec/request.h> #include <radsec/request-impl.h> -#include <freeradius/libradius.h> +#include <radius/client.h> #include "debug.h" #include "conn.h" #include "tcp.h" @@ -82,7 +82,7 @@ rs_request_destroy (struct rs_request *request) static void _rand_rt (struct timeval *res, uint32_t rtprev, uint32_t factor) { - uint32_t ms = rtprev * (fr_rand () % factor); + uint32_t ms = rtprev * (nr_rand () % factor); res->tv_sec = rtprev + ms / 1000; res->tv_usec = (ms % 1000) * 1000; } diff --git a/lib/rsp_tlscommon.h b/lib/rsp_tlscommon.h index 0470aa7..d96f553 100644 --- a/lib/rsp_tlscommon.h +++ b/lib/rsp_tlscommon.h @@ -6,6 +6,7 @@ * copyright notice and this permission notice appear in all copies. */ +#include <netinet/in.h> #include <openssl/ssl.h> #if defined (__cplusplus) @@ -12,6 +12,7 @@ #include <event2/bufferevent_ssl.h> #include <openssl/err.h> #endif +#include <radius/client.h> #include <radsec/radsec.h> #include <radsec/radsec-impl.h> #include "tcp.h" @@ -35,26 +36,19 @@ _read_header (struct rs_packet *pkt) if (n == RS_HEADER_LEN) { pkt->flags |= rs_packet_hdr_read_flag; - pkt->rpkt->data_len = (pkt->hdr[2] << 8) + pkt->hdr[3]; - if (pkt->rpkt->data_len < 20 || pkt->rpkt->data_len > 4096) + pkt->rpkt->length = (pkt->hdr[2] << 8) + pkt->hdr[3]; + if (pkt->rpkt->length < 20 || pkt->rpkt->length > RS_MAX_PACKET_LEN) { conn_close (&pkt->conn); return rs_err_conn_push (pkt->conn, RSE_INVALID_PKT, "invalid packet length: %d", - pkt->rpkt->data_len); - } - pkt->rpkt->data = rs_malloc (pkt->conn->ctx, pkt->rpkt->data_len); - if (!pkt->rpkt->data) - { - conn_close (&pkt->conn); - return rs_err_conn_push_fl (pkt->conn, RSE_NOMEM, __FILE__, __LINE__, - NULL); + pkt->rpkt->length); } memcpy (pkt->rpkt->data, pkt->hdr, RS_HEADER_LEN); bufferevent_setwatermark (pkt->conn->bev, EV_READ, - pkt->rpkt->data_len - RS_HEADER_LEN, 0); + pkt->rpkt->length - RS_HEADER_LEN, 0); rs_debug (("%s: packet header read, total pkt len=%d\n", - __func__, pkt->rpkt->data_len)); + __func__, pkt->rpkt->length)); } else if (n < 0) { @@ -74,17 +68,18 @@ static int _read_packet (struct rs_packet *pkt) { size_t n = 0; + int err; rs_debug (("%s: trying to read %d octets of packet data\n", __func__, - pkt->rpkt->data_len - RS_HEADER_LEN)); + pkt->rpkt->length - RS_HEADER_LEN)); n = bufferevent_read (pkt->conn->bev, pkt->rpkt->data + RS_HEADER_LEN, - pkt->rpkt->data_len - RS_HEADER_LEN); + pkt->rpkt->length - RS_HEADER_LEN); rs_debug (("%s: read %ld octets of packet data\n", __func__, n)); - if (n == pkt->rpkt->data_len - RS_HEADER_LEN) + if (n == pkt->rpkt->length - RS_HEADER_LEN) { bufferevent_disable (pkt->conn->bev, EV_READ); rs_debug (("%s: complete packet read\n", __func__)); @@ -96,11 +91,12 @@ _read_packet (struct rs_packet *pkt) - invalid code field - attribute lengths >= 2 - attribute sizes adding up correctly */ - if (!rad_packet_ok (pkt->rpkt, 0)) + err = nr_packet_ok (pkt->rpkt); + if (err != RSE_OK) { conn_close (&pkt->conn); - return rs_err_conn_push_fl (pkt->conn, RSE_FR, __FILE__, __LINE__, - "invalid packet: %s", fr_strerror ()); + return rs_err_conn_push_fl (pkt->conn, err, __FILE__, __LINE__, + "invalid packet"); } #if defined (DEBUG) @@ -123,7 +119,7 @@ _read_packet (struct rs_packet *pkt) rs_debug (("%s: buffer frozen when reading packet\n", __func__)); else /* Short packet. */ rs_debug (("%s: waiting for another %d octets\n", __func__, - pkt->rpkt->data_len - RS_HEADER_LEN - n)); + pkt->rpkt->length - RS_HEADER_LEN - n)); return 0; } diff --git a/lib/tests/test-udp.c b/lib/tests/test-udp.c index 13d6979..ccad607 100644 --- a/lib/tests/test-udp.c +++ b/lib/tests/test-udp.c @@ -1,6 +1,5 @@ #include <stdlib.h> #include <cgreen/cgreen.h> -#include <freeradius/libradius.h> #include "radsec/radsec.h" #include "radsec/request.h" #include "udp.h" @@ -19,7 +18,7 @@ authenticate (struct rs_connection *conn, const char *user, const char *pw) rs_request_add_reqpkt (req, msg); assert_true (rs_request_send (req, &resp) == 0); //printf ("%s\n", rs_err_msg (rs_err_conn_pop (conn), 1)); - assert_true (rs_packet_frpkt (resp)->code == PW_AUTHENTICATION_ACK); + assert_true (rs_packet_code(resp) == PW_ACCESS_ACCEPT); rs_request_destroy (req); } @@ -35,6 +34,7 @@ send_more_than_one_msg_in_one_packet (struct rs_connection *conn) assert_true (rs_packet_send (msg1, NULL) == 0); } +#if 0 static void send_large_packet (struct rs_connection *conn) { @@ -43,24 +43,21 @@ send_large_packet (struct rs_connection *conn) char *buf; int f; - buf = malloc (4096); + buf = malloc (RS_MAX_PACKET_LEN); assert_true (buf != NULL); - memset (buf, 0, 4096); + memset (buf, 0, RS_MAX_PACKET_LEN); assert_true (rs_packet_create (conn, &msg0) == 0); - frpkt = rs_packet_frpkt (msg0); - assert_true (frpkt != NULL); /* 16 chunks --> heap corruption in evbuffer_drain detected by free() */ for (f = 0; f < 15; f++) { - VALUE_PAIR *vp = NULL; memset (buf, 'a' + f, 252); - vp = pairmake ("EAP-Message", buf, T_OP_EQ); - assert_true (vp != NULL); - pairadd (&frpkt->vps, vp); + //vp = pairmake ("EAP-Message", buf, T_OP_EQ); + assert_true (rs_packet_append_avp (msg0, fixme...) == RSE_OK); } assert_true (rs_packet_send (msg0, NULL) == 0); } +#endif /* 0 */ /* ************************************************************ */ static struct setup { @@ -101,7 +98,7 @@ test_buffering_cb (const uint8_t *buf, ssize_t len) hd (buf, len); #endif assert_true (len >= 20); - assert_true (len <= 4096); + assert_true (len <= RS_MAX_PACKET_LEN); assert_true ((buf[2] << 8) + buf[3] == len); return len; } @@ -116,7 +113,6 @@ test_buffering () assert_true (rs_context_create (&ctx) == 0); assert_true (rs_context_read_config (ctx, "test.conf") == 0); - assert_true (rs_context_init_freeradius_dict (ctx, NULL) == 0); assert_true (rs_conn_create (ctx, &conn, "test-udp-buffering") == 0); timeout.tv_sec = 0; diff --git a/lib/tests/udp.c b/lib/tests/udp.c index a29880a..47ea595 100644 --- a/lib/tests/udp.c +++ b/lib/tests/udp.c @@ -60,7 +60,7 @@ udp_poll (struct polldata *data) long timeout; fd_set rfds; ssize_t len; - uint8_t buf[4096]; + uint8_t buf[RS_MAX_PACKET_LEN]; FD_ZERO (&rfds); FD_SET (data->s, &rfds); @@ -9,6 +9,7 @@ #include <sys/types.h> #include <sys/socket.h> #include <event2/event.h> +#include <radius/client.h> #include <radsec/radsec.h> #include <radsec/radsec-impl.h> #include "debug.h" @@ -27,7 +28,7 @@ _send (struct rs_connection *conn, int fd) assert (pkt->rpkt->data); /* Send. */ - r = compat_send (fd, pkt->rpkt->data, pkt->rpkt->data_len, 0); + r = compat_send (fd, pkt->rpkt->data, pkt->rpkt->length, 0); if (r == -1) { int sockerr = evutil_socket_geterror (pkt->conn->fd); @@ -37,7 +38,7 @@ _send (struct rs_connection *conn, int fd) evutil_socket_error_to_string (sockerr)); } - assert (r == pkt->rpkt->data_len); + assert (r == pkt->rpkt->length); /* Unlink the packet. */ conn->out_queue = pkt->next; @@ -63,6 +64,8 @@ _send (struct rs_connection *conn, int fd) static void _evcb (evutil_socket_t fd, short what, void *user_data) { + int err; + rs_debug (("%s: fd=%d what =", __func__, fd)); if (what & EV_TIMEOUT) rs_debug ((" TIMEOUT")); if (what & EV_READ) rs_debug ((" READ")); @@ -78,14 +81,9 @@ _evcb (evutil_socket_t fd, short what, void *user_data) assert (pkt); assert (pkt->conn); + assert (pkt->rpkt->data); - pkt->rpkt->data = rs_malloc (pkt->conn->ctx, 4096); - if (pkt->rpkt->data == NULL) - { - rs_err_conn_push_fl (pkt->conn, RSE_NOMEM, __FILE__, __LINE__, NULL); - return; - } - r = compat_recv (fd, pkt->rpkt->data, 4096, MSG_TRUNC); + r = compat_recv (fd, pkt->rpkt->data, RS_MAX_PACKET_LEN, MSG_TRUNC); if (r == -1) { int sockerr = evutil_socket_geterror (pkt->conn->fd); @@ -105,18 +103,19 @@ _evcb (evutil_socket_t fd, short what, void *user_data) return; } event_del (pkt->conn->tev); - if (r < 20 || r > 4096) /* Short or long packet. */ + if (r < 20 || r > RS_MAX_PACKET_LEN) /* Short or long packet. */ { rs_err_conn_push (pkt->conn, RSE_INVALID_PKT, "invalid packet length: %d", - pkt->rpkt->data_len); + pkt->rpkt->length); return; } - pkt->rpkt->data_len = (pkt->rpkt->data[2] << 8) + pkt->rpkt->data[3]; - if (!rad_packet_ok (pkt->rpkt, 0)) + pkt->rpkt->length = (pkt->rpkt->data[2] << 8) + pkt->rpkt->data[3]; + err = nr_packet_ok (pkt->rpkt); + if (err) { - rs_err_conn_push_fl (pkt->conn, RSE_FR, __FILE__, __LINE__, - "invalid packet: %s", fr_strerror ()); + rs_err_conn_push_fl (pkt->conn, err, __FILE__, __LINE__, + "invalid packet"); return; } /* Hand over message to user. This changes ownership of pkt. |