Build without krb4 if it's unavailable.

diff --git a/clients/lib/member.c b/clients/lib/member.c
index b7603b2bbb6658e694aee8d7c5a8e1e6860498ee..6d643806f93e08cee8ecd1c17307107f8c5bf326 100644 (file)
--- a/clients/lib/member.c
+++ b/clients/lib/member.c
@@ -17,12 +17,10 @@
 #include <string.h>
 #include <ctype.h>
 
-#include <krb.h>
+#include <krb5.h>
 
 RCSID("$Header$");
 
-static char default_realm[REALM_SZ];
-
 int mrcl_validate_string_member(char *str)
 {
   char *p, *lname, *ret;
@@ -69,6 +67,9 @@ int mrcl_validate_string_member(char *str)
 int mrcl_validate_kerberos_member(char *str, char **ret)
 {
   char *p;
+  int code = 0;
+  krb5_context context = NULL;
+  char *default_realm = NULL;
 
   mrcl_clear_message();
 
@@ -97,14 +98,27 @@ int mrcl_validate_kerberos_member(char *str, char **ret)
          return MRCL_SUCCESS;
        }
 
-      if (!*default_realm)
-       krb_get_lrealm(default_realm, 1);
+      code = krb5_init_context(&context);
+      if (!code)
+        goto out;
+
+      code = krb5_get_default_realm(context, &default_realm);
+      if (!code)
+        goto out;
 
       *ret = malloc(strlen(str) + strlen(default_realm) + 2);
       sprintf(*ret, "%s@%s", str, default_realm);
 
       mrcl_set_message("Warning: default realm \"%s\" added to principal "
                       "\"%s\"", default_realm, str);
+
+    out:
+      if (default_realm)
+        free(default_realm);
+      if (context)
+        krb5_free_context(context);
+      if (!code)
+        return code;
       return MRCL_SUCCESS;
     }
 

diff --git a/clients/lib/utils.c b/clients/lib/utils.c
index 7399c94dc6a281638d46274858c96d72bfe96d2e..207e1bdeda4e011a535fdc863775e00d4e8325c6 100644 (file)
--- a/clients/lib/utils.c
+++ b/clients/lib/utils.c
@@ -12,7 +12,6 @@
 #include <mrclient.h>
 
 #include <com_err.h>
-#include <krb.h>
 #include <krb5.h>
 
 #include <sys/types.h>

diff --git a/clients/mailmaint/mailmaint.c b/clients/mailmaint/mailmaint.c
index c72d2568867005c94cc377a392c959a875448140..27ef2d7b1f0b1bb76d5f120abfa0736c1fbbac96 100644 (file)
--- a/clients/mailmaint/mailmaint.c
+++ b/clients/mailmaint/mailmaint.c
@@ -31,8 +31,6 @@
 #include <unistd.h>
 #endif
 
-#include <krb.h>
-
 #ifdef _WIN32
 #define INPUT_MASK 0xff
 #ifdef getchar

diff --git a/clients/moira/namespace.c b/clients/moira/namespace.c
index 6020d8fecdc442f888b5933ff704e5b2cecab1ec..ad6e748de1e082119de1341268081ca1b89cdfb1 100644 (file)
--- a/clients/moira/namespace.c
+++ b/clients/moira/namespace.c
@@ -23,8 +23,6 @@
 #include <stdio.h>
 #include <string.h>
 
-#include <krb.h>
-
 RCSID("$Header$");
 
 static void ErrorExit(char *buf, int status);
@@ -176,7 +174,6 @@ int main(int argc, char **argv)
   int status;
   Menu *menu;
   char *motd, **arg;
-  char pname[ANAME_SZ];
   struct sigaction act;
 
   if (!(program_name = strrchr(argv[0], '/')))

diff --git a/clients/moira/user.c b/clients/moira/user.c
index 0ed1762ec22f3a7ff710a5e87b3fd9fd7ed68fbe..a37f93d861f34f79597467f27c1c15da43ed2186 100644 (file)
--- a/clients/moira/user.c
+++ b/clients/moira/user.c
@@ -25,8 +25,6 @@
 #include <string.h>
 #include <time.h>
 
-#include <krb.h>
-
 RCSID("$Header$");
 
 void CorrectCapitalization(char **name);

diff --git a/configure b/configure
index 39aac9247ab68fc61d4b325919ab1633908286f3..53b4896c921a9c17e191e253cc352e71e816c639 100755 (executable)
--- a/configure
+++ b/configure
@@ -852,7 +852,7 @@ Optional Packages:
   --without-PACKAGE       do not use PACKAGE (same as --with-PACKAGE=no)
   --with-com_err=PREFIX   Specify location of com_err
   --with-krb4=PREFIX      Specify location of krb4
-  --with-krb5=PREFIX      Specify location of krb5 (for reg_svr)
+  --with-krb5=PREFIX      Specify location of krb5
   --with-hesiod=PREFIX    Specify location of Hesiod
   --with-zephyr=PREFIX    Specify location of Zephyr
   --with-rsaref=PREFIX      Specify location of RSAREF
@@ -2554,20 +2554,6 @@ if test "$athena" = true; then
 
 
 
-
-    case $CPPFLAGS in
-       *-I/usr/athena/include/kerberosIV*) ;;
-       *) CPPFLAGS=-I/usr/athena/include/kerberosIV\ $CPPFLAGS ;;
-    esac
-
-
-    case $PRO_C_INCLUDES in
-       *INCLUDE=/usr/athena/include/kerberosIV*) ;;
-       *) PRO_C_INCLUDES=INCLUDE=/usr/athena/include/kerberosIV\ $PRO_C_INCLUDES ;;
-    esac
-
-
-
     case $LIBPATH in
        *-L/usr/athena/lib*) ;;
        *) LIBPATH=-L/usr/athena/lib\ $LIBPATH ;;
@@ -3168,72 +3154,6 @@ fi;
 
 
 
-# Kerberos (Kerberos 4 required, Kerberos 5 optional for reg_svr)
-echo "$as_me:$LINENO: checking for Kerberos 4" >&5
-echo $ECHO_N "checking for Kerberos 4... $ECHO_C" >&6
-
-# Check whether --with-krb4 or --without-krb4 was given.
-if test "${with_krb4+set}" = set; then
-  withval="$with_krb4"
-  krb4="$withval"
-else
-  krb4=no
-fi;
-echo "$as_me:$LINENO: result: $krb4" >&5
-echo "${ECHO_T}$krb4" >&6
-if test "$krb4" != yes; then
-
-
-    case $CPPFLAGS in
-       *-I$krb4/include*) ;;
-       *) CPPFLAGS=-I$krb4/include\ $CPPFLAGS ;;
-    esac
-
-
-    case $PRO_C_INCLUDES in
-       *INCLUDE=$krb4/include*) ;;
-       *) PRO_C_INCLUDES=INCLUDE=$krb4/include\ $PRO_C_INCLUDES ;;
-    esac
-
-
-    if test -d "$krb4/include/kerberosIV"; then
-
-
-    case $CPPFLAGS in
-       *-I$krb4/include/kerberosIV*) ;;
-       *) CPPFLAGS=-I$krb4/include/kerberosIV\ $CPPFLAGS ;;
-    esac
-
-
-    case $PRO_C_INCLUDES in
-       *INCLUDE=$krb4/include/kerberosIV*) ;;
-       *) PRO_C_INCLUDES=INCLUDE=$krb4/include/kerberosIV\ $PRO_C_INCLUDES ;;
-    esac
-
-
-    fi
-
-    case $LIBPATH in
-       *-L$krb4/lib*) ;;
-       *) LIBPATH=-L$krb4/lib\ $LIBPATH ;;
-    esac
-
-elif test -d /usr/include/kerberosIV; then
-
-
-    case $CPPFLAGS in
-       *-I/usr/include/kerberosIV*) ;;
-       *) CPPFLAGS=-I/usr/include/kerberosIV\ $CPPFLAGS ;;
-    esac
-
-
-    case $PRO_C_INCLUDES in
-       *INCLUDE=/usr/include/kerberosIV*) ;;
-       *) PRO_C_INCLUDES=INCLUDE=/usr/include/kerberosIV\ $PRO_C_INCLUDES ;;
-    esac
-
-
-fi
 echo "$as_me:$LINENO: checking for main in -lk5crypto" >&5
 echo $ECHO_N "checking for main in -lk5crypto... $ECHO_C" >&6
 if test "${ac_cv_lib_k5crypto_main+set}" = set; then
@@ -3359,7 +3279,87 @@ fi
 
 fi
 
-echo "$as_me:$LINENO: checking for krb_rd_req in -lkrb4" >&5
+
+# Kerberos (Kerberos 4 optional, Kerberos 5 required)
+echo "$as_me:$LINENO: checking for Kerberos 4" >&5
+echo $ECHO_N "checking for Kerberos 4... $ECHO_C" >&6
+
+# Check whether --with-krb4 or --without-krb4 was given.
+if test "${with_krb4+set}" = set; then
+  withval="$with_krb4"
+  krb4="$withval"
+else
+  krb4=no
+fi;
+echo "$as_me:$LINENO: result: $krb4" >&5
+echo "${ECHO_T}$krb4" >&6
+if test "$krb4" != no; then
+    if test "$krb4" != yes; then
+
+
+    case $CPPFLAGS in
+       *-I$krb4/include*) ;;
+       *) CPPFLAGS=-I$krb4/include\ $CPPFLAGS ;;
+    esac
+
+
+    case $PRO_C_INCLUDES in
+       *INCLUDE=$krb4/include*) ;;
+       *) PRO_C_INCLUDES=INCLUDE=$krb4/include\ $PRO_C_INCLUDES ;;
+    esac
+
+
+       if test -d "$krb4/include/kerberosIV"; then
+
+
+    case $CPPFLAGS in
+       *-I$krb4/include/kerberosIV*) ;;
+       *) CPPFLAGS=-I$krb4/include/kerberosIV\ $CPPFLAGS ;;
+    esac
+
+
+    case $PRO_C_INCLUDES in
+       *INCLUDE=$krb4/include/kerberosIV*) ;;
+       *) PRO_C_INCLUDES=INCLUDE=$krb4/include/kerberosIV\ $PRO_C_INCLUDES ;;
+    esac
+
+
+       fi
+
+    case $LIBPATH in
+       *-L$krb4/lib*) ;;
+       *) LIBPATH=-L$krb4/lib\ $LIBPATH ;;
+    esac
+
+    elif test -d /usr/include/kerberosIV; then
+
+
+    case $CPPFLAGS in
+       *-I/usr/include/kerberosIV*) ;;
+       *) CPPFLAGS=-I/usr/include/kerberosIV\ $CPPFLAGS ;;
+    esac
+
+
+    case $PRO_C_INCLUDES in
+       *INCLUDE=/usr/include/kerberosIV*) ;;
+       *) PRO_C_INCLUDES=INCLUDE=/usr/include/kerberosIV\ $PRO_C_INCLUDES ;;
+    esac
+
+
+    fi
+
+    cat >>confdefs.h <<\_ACEOF
+#define HAVE_KRB4 1
+_ACEOF
+
+
+    case $PRO_C_DEFS in
+       *DEFINE=HAVE_KRB4*) ;;
+       *) PRO_C_DEFS=DEFINE=HAVE_KRB4\ $PRO_C_DEFS ;;
+    esac
+
+
+    echo "$as_me:$LINENO: checking for krb_rd_req in -lkrb4" >&5
 echo $ECHO_N "checking for krb_rd_req in -lkrb4... $ECHO_C" >&6
 if test "${ac_cv_lib_krb4_krb_rd_req+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -3500,6 +3500,7 @@ fi
 
 fi
 
+fi
 
 echo "$as_me:$LINENO: checking for Kerberos 5" >&5
 echo $ECHO_N "checking for Kerberos 5... $ECHO_C" >&6
@@ -3518,7 +3519,40 @@ if test "$krb5" != no; then
     if test "$krb5" != yes; then
        REG_SVR_INCLUDES=-I$krb5/include
        REG_SVR_LIBS=-L$krb5/lib
+
+
+    case $CPPFLAGS in
+       *-I$krb5/include*) ;;
+       *) CPPFLAGS=-I$krb5/include\ $CPPFLAGS ;;
+    esac
+
+
+    case $PRO_C_INCLUDES in
+       *INCLUDE=$krb5/include*) ;;
+       *) PRO_C_INCLUDES=INCLUDE=$krb5/include\ $PRO_C_INCLUDES ;;
+    esac
+
+
+
+    case $LIBPATH in
+       *-L$krb5/lib*) ;;
+       *) LIBPATH=-L$krb5/lib\ $LIBPATH ;;
+    esac
+
     fi
+
+    cat >>confdefs.h <<\_ACEOF
+#define HAVE_KRB5 1
+_ACEOF
+
+
+    case $PRO_C_DEFS in
+       *DEFINE=HAVE_KRB5*) ;;
+       *) PRO_C_DEFS=DEFINE=HAVE_KRB5\ $PRO_C_DEFS ;;
+    esac
+
+
+    KRB5_LIBS="-lkrb5 -l${crypto} -lcom_err -lresolv"
     REG_SVR_LIBS="$REG_SVR_LIBS -lkadm5clnt -lgssapi_krb5 -lgssrpc -lkrb4 -ldes425 -lkrb5 -l${crypto} -lresolv"
 else
     REG_SVR_DEFS=-DKRB4
@@ -3861,7 +3895,7 @@ if test "${ac_cv_lib_zephyr_ZInitialize+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   ac_check_lib_save_LIBS=$LIBS
-LIBS="-lzephyr $LIBPATH $KRB4_LIBS -lcom_err $LIBS"
+LIBS="-lzephyr $LIBPATH $KRB4_LIBS $KRB5_LIBS -lcom_err $LIBS"
 cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
@@ -5874,12 +5908,12 @@ fi
 
 
 LDFLAGS="$LDFLAGS -L\$(BUILDTOP)/lib $LIBPATH"
-KLIBS="$KRB4_LIBS -lcom_err $LIBS"
+KLIBS="$KRB4_LIBS $KRB5_LIBS -lcom_err $LIBS"
 KLIBS="$LIBS"
 if test "$hesiod" != no; then
   KLIBS="-lhesiod $KLIBS"
 fi
-KLIBS="$KRB4_LIBS -lcom_err $KLIBS"
+KLIBS="$KRB4_LIBS $KRB5_LIBS -lcom_err $KLIBS"
 if test "$zephyr" != no; then
   KLIBS="-lzephyr $KLIBS"
 fi

diff --git a/configure.in b/configure.in
index ea9f655812e224221f0963a6a270b9b267325fe9..4b6d6d20060e55363cb5d7d127100082a2b15789 100755 (executable)
--- a/configure.in
+++ b/configure.in
@@ -55,7 +55,6 @@ if test "$athena" = true; then
     bindir=$prefix/arch/$ATHENA_SYS/bin
     sbindir=$bindir
     MR_INCLUDE(/usr/athena/include)
-    MR_INCLUDE(/usr/athena/include/kerberosIV)
     MR_LIBS(/usr/athena/lib)
 fi
 
@@ -109,34 +108,38 @@ AC_ARG_WITH(com_err,
 AC_SUBST(COM_ERR_SUBDIR)
 AC_SUBST(COMPILE_ET)
 
-# Kerberos (Kerberos 4 required, Kerberos 5 optional for reg_svr)
+AC_CHECK_LIB(k5crypto, main, crypto="k5crypto",
+             [AC_CHECK_LIB(crypto, main, crypto="crypto")])
+
+# Kerberos (Kerberos 4 optional, Kerberos 5 required)
 AC_MSG_CHECKING(for Kerberos 4)
 AC_ARG_WITH(krb4,
     [  --with-krb4=PREFIX      Specify location of krb4],
     [krb4="$withval"], [krb4=no])
 AC_MSG_RESULT($krb4)
-if test "$krb4" != yes; then
-    MR_INCLUDE($krb4/include)
-    if test -d "$krb4/include/kerberosIV"; then
-       MR_INCLUDE($krb4/include/kerberosIV)
+if test "$krb4" != no; then
+    if test "$krb4" != yes; then
+       MR_INCLUDE($krb4/include)
+       if test -d "$krb4/include/kerberosIV"; then
+           MR_INCLUDE($krb4/include/kerberosIV)
+       fi
+       MR_LIBS($krb4/lib)
+    elif test -d /usr/include/kerberosIV; then
+       MR_INCLUDE(/usr/include/kerberosIV)
     fi
-    MR_LIBS($krb4/lib)
-elif test -d /usr/include/kerberosIV; then
-    MR_INCLUDE(/usr/include/kerberosIV)
+    MR_DEFINE(HAVE_KRB4)
+    AC_CHECK_LIB(krb4, krb_rd_req,
+                [KRB4_LIBS="-lkrb4 -ldes425 -lkrb5 -l${crypto} -lresolv"],
+                [AC_CHECK_LIB(krb, krb_rd_req,
+                              [KRB4_LIBS="-lkrb -ldes"],
+                              [AC_MSG_ERROR(Kerberos 4 libraries not found)],
+                              $LIBPATH -ldes)],
+                $LIBPATH -ldes425 -lkrb5 -l${crypto} -lcom_err -lresolv)
 fi
-AC_CHECK_LIB(k5crypto, main, crypto="k5crypto",
-             [AC_CHECK_LIB(crypto, main, crypto="crypto")])
-AC_CHECK_LIB(krb4, krb_rd_req,
-            [KRB4_LIBS="-lkrb4 -ldes425 -lkrb5 -l${crypto} -lresolv"],
-            [AC_CHECK_LIB(krb, krb_rd_req,
-                          [KRB4_LIBS="-lkrb -ldes"],
-                          [AC_MSG_ERROR(Kerberos 4 libraries not found)],
-                          $LIBPATH -ldes)],
-            $LIBPATH -ldes425 -lkrb5 -l${crypto} -lcom_err -lresolv)
 
 AC_MSG_CHECKING(for Kerberos 5)
 AC_ARG_WITH(krb5,
-    [  --with-krb5=PREFIX      Specify location of krb5 (for reg_svr)],
+    [  --with-krb5=PREFIX      Specify location of krb5],
     [krb5="$withval"], [krb5=no])
 AC_MSG_RESULT($krb5)
 if test "$krb5" != no; then
@@ -144,8 +147,12 @@ if test "$krb5" != no; then
     if test "$krb5" != yes; then
        REG_SVR_INCLUDES=-I$krb5/include
        REG_SVR_LIBS=-L$krb5/lib
+       MR_INCLUDE($krb5/include)
+       MR_LIBS($krb5/lib)
     fi
-    REG_SVR_LIBS="$REG_SVR_LIBS -lkadm5clnt -lgssapi_krb5 -lgssrpc -lkrb4 -ldes425 -lkrb5 -l${crypto} -lresolv"
+    MR_DEFINE(HAVE_KRB5)
+    KRB5_LIBS="-lkrb5 -l${crypto} -lcom_err -lresolv"
+    REG_SVR_LIBS="$REG_SVR_LIBS -lkadm5clnt -lgssapi_krb5 -lgssrpc -lkrb5 -l${crypto} -lresolv"
 else
     REG_SVR_DEFS=-DKRB4
     REG_SVR_LIBS=-lkadm
@@ -186,7 +193,7 @@ if test "$zephyr" != no; then
     fi
     AC_CHECK_LIB(zephyr, ZInitialize, :,
                 [AC_MSG_ERROR(Zephyr library not found)],
-                $LIBPATH $KRB4_LIBS -lcom_err)
+                $LIBPATH $KRB4_LIBS $KRB5_LIBS -lcom_err)
     MR_DEFINE(HAVE_ZEPHYR)
 fi
 
@@ -446,12 +453,12 @@ MR_INCLUDE('$(BUILDTOP)/lib')
 MR_INCLUDE('$(BUILDTOP)/db')
 MR_INCLUDE('$(srcdir)')
 LDFLAGS="$LDFLAGS -L\$(BUILDTOP)/lib $LIBPATH"
-KLIBS="$KRB4_LIBS -lcom_err $LIBS"
+KLIBS="$KRB4_LIBS $KRB5_LIBS -lcom_err $LIBS"
 KLIBS="$LIBS"
 if test "$hesiod" != no; then
   KLIBS="-lhesiod $KLIBS"
 fi
-KLIBS="$KRB4_LIBS -lcom_err $KLIBS"
+KLIBS="$KRB4_LIBS $KRB5_LIBS -lcom_err $KLIBS"
 if test "$zephyr" != no; then
   KLIBS="-lzephyr $KLIBS"
 fi

diff --git a/gen/acl.pc b/gen/acl.pc
index 35942a612f0335447dd3810ea501245a0a8a7c22..9a211385a5572fcad7b90528e3c64ce543e5a8c7 100644 (file)
--- a/gen/acl.pc
+++ b/gen/acl.pc
@@ -19,7 +19,9 @@
 #include <stdlib.h>
 #include <string.h>
 
+#ifdef HAVE_KRB4
 #include <krb.h>
+#endif
 
 EXEC SQL INCLUDE sqlca;
 
@@ -27,7 +29,6 @@ RCSID("$Header$");
 
 char *whoami = "acl.gen";
 char *db = "moira/moira";
-char defaultrealm[REALM_SZ];
 
 void dump_access_file(FILE *out, int lid);
 char *merge_access_bits(char *t1, char *t2);

diff --git a/gen/cups-print.pc b/gen/cups-print.pc
index d8e67f68e913fb53ccb0c4d6c612c8c19f32453e..9f974604408d372937ca3bd0232c43abffa54099 100644 (file)
--- a/gen/cups-print.pc
+++ b/gen/cups-print.pc
@@ -19,13 +19,13 @@
 #include <string.h>
 
 #include <time.h>
+#ifdef HAVE_KRB4
 #include <krb.h>
+#endif
 #include <krb5.h>
 
 #include "util.h"
 
-
-
 EXEC SQL INCLUDE sqlca;
 
 RCSID("$Header$");

diff --git a/gen/genacl.pc b/gen/genacl.pc
index 7bff1faac7ef204c24048df497e762a19fa5bd04..c4dd1d7af0c04513c929838628d893623405b344 100644 (file)
--- a/gen/genacl.pc
+++ b/gen/genacl.pc
@@ -16,14 +16,18 @@
 #include <stdlib.h>
 #include <string.h>
 
+#ifdef HAVE_KRB4
 #include <krb.h>
+#else
+#include <mr_krb.h>
+#endif
 #include <krb5.h>
 
 EXEC SQL INCLUDE sqlca;
 
 RCSID("$Header$");
 
-static char defaultrealm[REALM_SZ];
+static char *defaultrealm = NULL;
 
 static struct hash *users, *strings;
 
@@ -34,9 +38,23 @@ static struct save_queue *merge_imembers(struct save_queue *sq,
 
 void init_acls(void)
 {
+  krb5_context context = NULL;
+  int code;
+
   users = create_hash(2000);
   strings = create_hash(2000);
-  krb_get_lrealm(defaultrealm, 1);
+
+  code = krb5_init_context(&context);
+  if (code)
+    goto out;
+
+  code = krb5_get_default_realm(context, &defaultrealm);
+  if (code)
+    goto out;
+
+ out:
+  if (context)
+    krb5_free_context(context);
 }
 
 void dump_krb_acl(FILE *out, char *type, int id, int vers)
@@ -97,7 +115,7 @@ void canon_krb(struct imember *m, int vers, char *buf, int len)
          krb5_principal client = NULL;
          int status = 0;
 
-         if (kname_parse(name, inst, realm, kbuf) != KSUCCESS)
+         if (mr_kname_parse(name, inst, realm, kbuf) != 0)
            goto out;
 
          status = krb5_init_context(&context);

diff --git a/include/moira.h b/include/moira.h
index cb65936365addd34272789af48b863e9632cfc83..2dc606ee07e69ed692d8e3ab844e99808195ed3b 100644 (file)
--- a/include/moira.h
+++ b/include/moira.h
@@ -115,6 +115,9 @@ void hash_destroy(struct hash *h);
 /* prototypes from kname_unparse.c */
 char *mr_kname_unparse(char *p, char *i, char *r);
 
+/* prototypes from kname_parse.c */
+int mr_kname_parse(char *np, char *ip, char *rp, char *fullname);
+
 /* prototypes from nfsparttype.c */
 char *parse_filesys_type(char *fs_type_name);
 char *format_filesys_type(char *fs_status);

diff --git a/include/mr_krb.h b/include/mr_krb.h
new file mode 100644 (file)
index 0000000..9d3f769
--- /dev/null
+++ b/include/mr_krb.h
@@ -0,0 +1,20 @@
+/* $Id$
+ *
+ * Copyright (C) 2009 by the Massachusetts Institute of Technology
+ *
+ * Define some useful constants that used to be provided by the krb4
+ * libraries.
+ *
+ */
+
+#define ANAME_SZ      40
+#define INST_SZ       40
+#define REALM_SZ      40
+/* include space for '.' and '@' */
+#define MAX_K_NAME_SZ (ANAME_SZ + INST_SZ + REALM_SZ + 2)
+
+#define KRB_REALM "ATHENA.MIT.EDU"
+
+#define kname_parse mr_kname_parse
+
+#define ERROR_TABLE_BASE_krb                     (39525376L)

diff --git a/include/update.h b/include/update.h
index f7670371e9410323f319b01f764cb86a6010cbf3..4ed885dd0e16d456da96b3ff83842f1db85d889b 100644 (file)
--- a/include/update.h
+++ b/include/update.h
@@ -15,7 +15,4 @@ int mr_send_auth(int conn, char *hostname);
 int mr_execute(int conn, char *path);
 void mr_send_quit(int conn);
 
-#include <krb.h>
-int get_mr_update_ticket(char *host, KTEXT ticket);
-
 extern char *whoami;

diff --git a/incremental/Makefile.in b/incremental/Makefile.in
index 66f1ca4824607d7445b2f5ad6fd5070f27425965..55aed0b925ad8e4aba2aa9dfc4425f08b1e1bd20 100644 (file)
--- a/incremental/Makefile.in
+++ b/incremental/Makefile.in
@@ -21,10 +21,6 @@ mrbindir=@mrbindir@
 
 SUBDIRS=@AFS_SUBDIRS@ @WINAD_SUBDIRS@
 
-KSRVTGT_OBJS=ksrvtgt.o
-
-TARGET=ksrvtgt
-
 .SUFFIXES: .pc
 
 .pc.c:
@@ -33,7 +29,7 @@ TARGET=ksrvtgt
 .c.o:
        $(CC) -c $(ALL_CFLAGS) $<
 
-all: $(TARGET)
+all:
        @for d in $(SUBDIRS); do (echo "### Making $@ in incremental/$$d"; cd $$d; $(MAKE) $@) || exit 1; done
 
 clean:
@@ -50,6 +46,3 @@ depend:
 install:
        $(INSTALL_PROGRAM) ksrvtgt $(DESTDIR)$(mrbindir)
        @for d in $(SUBDIRS); do (echo "### Making $@ in incremental/$$d"; cd $$d; $(MAKE) $@) || exit 1; done
-
-ksrvtgt: $(KSRVTGT_OBJS)
-       $(CC) -o $@ $(LDFLAGS) $(KSRVTGT_OBJS) $(LIBS)

diff --git a/incremental/afs/afs.c b/incremental/afs/afs.c
index dd2dee2ca5a677979b93521c520f4db032f881c9..99a4f2b61f46141b8f277e171a00497247b508f6 100644 (file)
--- a/incremental/afs/afs.c
+++ b/incremental/afs/afs.c
@@ -21,7 +21,10 @@
 #include <unistd.h>
 
 #include <com_err.h>
+#ifdef HAVE_KRB4
 #include <krb.h>
+#endif
+#include <krb5.h>
 
 #include <afs/param.h>
 #include <afs/cellconfig.h>
@@ -552,14 +555,24 @@ void edit_group(int op, char *group, char *type, char *member)
   char *p = 0;
   char buf[PR_MAXNAMELEN];
   int code, ustate;
-  static char local_realm[REALM_SZ+1] = "";
+  static char *local_realm = NULL;
   struct member *m;
+  krb5_context context = NULL;
 
   /* The following KERBEROS code allows for the use of entities
    * user@foreign_cell.
    */
-  if (!local_realm[0])
-    krb_get_lrealm(local_realm, 1);
+  if (!local_realm)
+    {
+      code = krb5_init_context(&context);
+      if (code)
+       goto out;
+
+      code = krb5_get_default_realm(context, &local_realm);
+      if (code)
+       goto out;
+    }
+
   if (!strcmp(type, "KERBEROS"))
     {
       p = strchr(member, '@');
@@ -632,6 +645,12 @@ void edit_group(int op, char *group, char *type, char *member)
          code = PRNOENT;
        }
 
+    out:
+      if (context)
+       krb5_free_context(context);
+      if (local_realm)
+       free(local_realm);
+
       critical_alert("incremental", "Couldn't %s %s %s %s: %s",
                     op ? "add" : "remove", member,
                     op ? "to" : "from", buf,

diff --git a/incremental/ldap/setpw.c b/incremental/ldap/setpw.c
index b3e4e73dc4785282c549f5d3a2f0e7d2b6b952b1..ea873537ea99562ea4a270f684e67324b44d4405 100644 (file)
--- a/incremental/ldap/setpw.c
+++ b/incremental/ldap/setpw.c
@@ -49,7 +49,9 @@ Abstract:
 #include "port-sockets.h"
 #endif
 #include <krb5.h>
+#ifdef HAVE_KRB4
 #include <krb.h>
+#endif
 #include <ldap.h>
 #ifdef _WIN32
 #include <wshelper.h>

diff --git a/incremental/winad/setpw.c b/incremental/winad/setpw.c
index 9908a1f3be94aad5f450892df74f6e9a96e98d64..3a53f51205235a72c536e0823a1d5d8bb2161064 100644 (file)
--- a/incremental/winad/setpw.c
+++ b/incremental/winad/setpw.c
@@ -49,7 +49,9 @@ Abstract:
 #include "port-sockets.h"
 #endif
 #include <krb5.h>
+#ifdef HAVE_KRB4
 #include <krb.h>
+#endif
 #include <ldap.h>
 #ifdef _WIN32
 #include <wshelper.h>

diff --git a/lib/Makefile.in b/lib/Makefile.in
index ebb2530332e266aaea74b4f4cc4cfb0b5ef3eba4..71f33c7c6a533415579f5e8124fd6412b0dabd44 100644 (file)
--- a/lib/Makefile.in
+++ b/lib/Makefile.in
@@ -16,7 +16,7 @@ SRCTOP=@top_srcdir@
 BUILDTOP=..
 
 OBJS=  critical.o fixhost.o fixname.o \
-       hash.o kname_unparse.o krb_et.o mr_access.o mr_auth.o \
+       hash.o kname_unparse.o kname_parse.o krb_et.o mr_access.o mr_auth.o \
        mr_call.o mr_connect.o mr_et.o mr_init.o mr_ops.o mr_query.o \
        nfsparttype.o sq.o strs.o ureg_err.o
 

diff --git a/lib/kname_unparse.c b/lib/kname_unparse.c
index 90ee2880be4183153d7d8050cbba5746fe5fff07..ca2f98620e803afe93f8cf3a0357e5036d4f7729 100644 (file)
--- a/lib/kname_unparse.c
+++ b/lib/kname_unparse.c
@@ -13,8 +13,11 @@
 
 #include <stdio.h>
 
-#include <des.h>
+#ifdef HAVE_KRB5
 #include <krb.h>
+#else
+#include <mr_krb.h>
+#endif
 
 RCSID("$Header$");
 

diff --git a/lib/mr_auth.c b/lib/mr_auth.c
index 4a5a89c7e3abb09048f76e0c131cb75666d77829..4e1d6b0ab9803476934264ce975a1470533c153c 100644 (file)
--- a/lib/mr_auth.c
+++ b/lib/mr_auth.c
@@ -15,7 +15,9 @@
 #include <stdio.h>
 #include <string.h>
 
+#ifdef HAVE_KRB4
 #include <krb.h>
+#endif
 #include <krb5.h>
 
 krb5_context context = NULL;
@@ -29,6 +31,7 @@ RCSID("$Header$");
 
 int mr_auth(char *prog)
 {
+#ifdef HAVE_KRB4
   int status;
   mr_params params, reply;
   char *args[2];
@@ -70,6 +73,9 @@ int mr_auth(char *prog)
   mr_destroy_reply(reply);
 
   return status;
+#else
+  return MR_NO_KRB4;
+#endif
 }
 
 int mr_proxy(char *principal, char *orig_authtype)

diff --git a/lib/mr_et.et b/lib/mr_et.et
index b257593892c01772566ab1f003239c80e164ce3e..6ae556b7a3ff7ff85ddcd57457890adb94a56630 100644 (file)
--- a/lib/mr_et.et
+++ b/lib/mr_et.et
@@ -237,4 +237,7 @@ ec      MR_CONTAINER_NO_PARENT,
 ec     MR_BAD_MAIL_STRING,
        "Address refers to nonexistent domain or MIT internal mail server"
 
+ec     MR_NO_KRB4,
+       "Unable to complete operation using Kerberos v4"
+
        end

diff --git a/reg_svr/kerberos.c b/reg_svr/kerberos.c
index 52e392863725985d28a283db7264f57c1c13745c..e24098306aed23356d51e793ad1d264e2ff89185 100644 (file)
--- a/reg_svr/kerberos.c
+++ b/reg_svr/kerberos.c
@@ -34,7 +34,6 @@
 #ifdef KRB5
 #include <kadm5/admin.h>
 #include <krb5.h>
-#include <krb.h>
 
 krb5_context context;
 #endif

diff --git a/reg_svr/reg_svr.pc b/reg_svr/reg_svr.pc
index a8616151ffd51d6aa1aef305e1a07523b0ad6f2e..1016e18649431f7594cfcf918e4271890f1183f6 100644 (file)
--- a/reg_svr/reg_svr.pc
+++ b/reg_svr/reg_svr.pc
@@ -33,7 +33,9 @@
 #include <unistd.h>
 
 #include <com_err.h>
+#ifdef HAVE_KRB4
 #include <krb.h>
+#endif
 
 EXEC SQL INCLUDE sqlca;
 
@@ -805,13 +807,7 @@ int register_user(int uid, char *username)
       return MR_DOWN;
     }
 
-  status = krb_get_svc_in_tkt(REG_SVR_PRINCIPAL, REG_SVR_INSTANCE,
-                             krb_realmofhost(hostname), MOIRA_SNAME,
-                             shorthostname, 3, KEYFILE);
-  if (status)
-    status += ERROR_TABLE_BASE_krb;
-  else
-    status = mr_krb5_auth("reg_svr");
+  status = mr_krb5_auth("reg_svr");
   if (status)
     {
       com_err(whoami, status, "authenticating to moira");

diff --git a/server/mr_main.c b/server/mr_main.c
index 7337f4551f385cd0d728686be164cc9106d1ca4b..2935aa7f9f7610dc85d3550f19ad4a197c825af3 100644 (file)
--- a/server/mr_main.c
+++ b/server/mr_main.c
@@ -28,7 +28,9 @@
 #include <string.h>
 #include <unistd.h>
 
+#ifdef HAVE_KRB4
 #include <krb.h>
+#endif
 #include <krb5.h>
 
 RCSID("$Header$");
@@ -42,8 +44,8 @@ FILE *journal;
 time_t now;
 
 char *host;
-char krb_realm[REALM_SZ];
 krb5_context context = NULL;
+char *krb_realm = NULL;
 
 /* Client array and associated data. This needs to be global for _list_users */
 client **clients;
@@ -106,8 +108,6 @@ int main(int argc, char **argv)
        }
     }
 
-  krb_get_lrealm(krb_realm, 1);
-
   status = krb5_init_context(&context);
   if (status)
     {
@@ -115,6 +115,13 @@ int main(int argc, char **argv)
       exit(1);
     }
 
+  status = krb5_get_default_realm(context, &krb_realm);
+  if (status)
+    {
+      com_err(whoami, status, "Getting default Kerberos realm.");
+      exit(1);
+    }
+
   /*
    * Database initialization.  Only init if database should be open.
    */

diff --git a/server/mr_sauth.c b/server/mr_sauth.c
index 17fe74f78c82addefb44f9b5f5c35501f49b65cd..2cc1a486f81c3baac54a3c624b04ea7b1ac6092b 100644 (file)
--- a/server/mr_sauth.c
+++ b/server/mr_sauth.c
@@ -28,6 +28,7 @@ extern krb5_context context;
 static int set_client(client *cl, char *kname,
                      char *name, char *inst, char *realm);
 
+#ifdef HAVE_KRB4
 typedef struct _replay_cache {
   KTEXT_ST auth;
   time_t expires;
@@ -35,6 +36,7 @@ typedef struct _replay_cache {
 } replay_cache;
 
 replay_cache *rcache = NULL;
+#endif
 
 /*
  * Handle a MOIRA_AUTH RPC request.
@@ -46,6 +48,7 @@ replay_cache *rcache = NULL;
 
 void do_auth(client *cl)
 {
+#ifdef HAVE_KRB4
   KTEXT_ST auth;
   AUTH_DAT ad;
   int status;
@@ -123,6 +126,9 @@ void do_auth(client *cl)
     client_reply(cl, status);
   else
     client_reply(cl, MR_USER_AUTH);
+#else
+  client_reply(cl, MR_NO_KRB4);
+#endif
 }
 
 void do_proxy(client *cl)
@@ -137,7 +143,7 @@ void do_proxy(client *cl)
       return;
     }
 
-  if (kname_parse(name, inst, realm, cl->req.mr_argv[0]) != KSUCCESS)
+  if (mr_kname_parse(name, inst, realm, cl->req.mr_argv[0]) != 0)
     {
       com_err(whoami, KE_KNAME_FMT, "while parsing proxy name %s",
              cl->req.mr_argv);

diff --git a/server/mr_server.h b/server/mr_server.h
index de7306798536ac057f4f3438bba4c4d2a2caa7ad..a6382dfc29415cbdca11457c3a8e0a86fee64ba4 100644 (file)
--- a/server/mr_server.h
+++ b/server/mr_server.h
@@ -14,7 +14,11 @@
 
 #include <stdarg.h>
 
+#ifdef HAVE_KRB4
 #include <krb.h>
+#else
+#include <mr_krb.h>
+#endif
 #include <krb5.h>
 
 enum clstate { CL_ACCEPTING, CL_ACTIVE, CL_CLOSING };
@@ -51,7 +55,7 @@ struct mxentry
   int pref;
 };
 
-extern char krb_realm[REALM_SZ];
+extern char *krb_realm;
 
 /* max length of query argument allowed */
 #define ARGLEN 257

diff --git a/update/auth_002.c b/update/auth_002.c
index 18cc73eafd7592ea781d4f59778a58d19833fc88..2500ead6990ac31fa228189348e4d0520b722b9c 100644 (file)
--- a/update/auth_002.c
+++ b/update/auth_002.c
@@ -15,14 +15,18 @@
 #include <stdio.h>
 #include <string.h>
 
+#ifdef HAVE_KRB4
 #include <krb.h>
+#endif
 
 RCSID("$Header$");
 
 static char service[] = "rcmd";
 static char master[] = "sms";
 static char qmark[] = "???";
+#ifdef HAVE_KRB4
 extern des_cblock session;
+#endif
 
 /*
  * authentication request auth_002:
@@ -39,6 +43,7 @@ extern des_cblock session;
 
 void auth_002(int conn, char *str)
 {
+#ifdef HAVE_KRB4
   char aname[ANAME_SZ], ainst[INST_SZ], arealm[REALM_SZ];
   AUTH_DAT ad;
   char *p, *first, *data;
@@ -126,4 +131,7 @@ auth_failed:
   com_err(whoami, code, "auth for %s.%s@%s failed",
          ad.pname, ad.pinst, ad.prealm);
   send_int(conn, code);
+#else
+  return MR_NO_KRB4;
+#endif
 }

diff --git a/update/auth_003.c b/update/auth_003.c
index acea5d6908271d4704141cb6a97fc7513db34aaf..101be11bcb4d805db3edfc0e81f6b93126b467fc 100644 (file)
--- a/update/auth_003.c
+++ b/update/auth_003.c
@@ -15,7 +15,11 @@
 #include <stdio.h>
 #include <string.h>
 
+#ifdef HAVE_KRB4
 #include <krb.h>
+#else
+#include <mr_krb.h>
+#endif
 #include <krb5.h>
 
 RCSID("$Header$");
@@ -44,6 +48,7 @@ void auth_003(int conn, char *str)
   char *p, *first, *data;
   char name[ANAME_SZ], inst[INST_SZ], realm[REALM_SZ];
   char aname[ANAME_SZ], ainst[INST_SZ], arealm[REALM_SZ];
+  char *lrealm = NULL;
   size_t size;
   long code;
   struct utsname uts;
@@ -143,7 +148,11 @@ void auth_003(int conn, char *str)
     {
       strcpy(aname, master);
       strcpy(ainst, "");
-      if (krb_get_lrealm(arealm, 1))
+      if (!krb5_get_default_realm(context, &lrealm))
+        {
+          strcpy(arealm, lrealm);
+        }
+      else
        strcpy(arealm, KRB_REALM);
     }
   code = EPERM;
@@ -159,6 +168,8 @@ void auth_003(int conn, char *str)
   have_authorization = 1;
 
  out:
+  if (lrealm)
+    free(lrealm);
   if (client)
     krb5_free_principal(context, client);
   if (server)

diff --git a/update/client.c b/update/client.c
index 1f6bbdb0ddd3d6475d677f501a0ed89cf7d52f64..5b86b0c5676a8f9f91cab5470badc8b06922ab42 100644 (file)
--- a/update/client.c
+++ b/update/client.c
@@ -17,13 +17,17 @@
 #include <stdlib.h>
 #include <string.h>
 
+#ifdef HAVE_KRB4
 #include <des.h>
 #include <krb.h>
+#endif
 #include <krb5.h>
 
 RCSID("$Header$");
 
+#ifdef HAVE_KRB4
 extern des_cblock session;
+#endif
 extern char *whoami;
 extern krb5_context context;
 
@@ -71,6 +75,7 @@ int mr_send_krb5_auth(int conn, char *host_name)
 
 int mr_send_auth(int conn, char *host_name)
 {
+#ifdef HAVE_KRB4
   KTEXT_ST ticket_st;
   int code, auth_version = 2;
   long response;
@@ -129,6 +134,9 @@ int mr_send_auth(int conn, char *host_name)
     }
 
   return MR_SUCCESS;
+#else
+  return MR_NO_KRB4;
+#endif
 }
 
 int mr_execute(int conn, char *path)

diff --git a/update/get_file.c b/update/get_file.c
index f92a52485692363c5c3963e68c277c7f1cd113b7..337947ac112b3d095184b980f7d720387379f52e 100644 (file)
--- a/update/get_file.c
+++ b/update/get_file.c
@@ -17,7 +17,9 @@
 #include <string.h>
 #include <unistd.h>
 
+#ifdef HAVE_KRB4
 #include <des.h>
+#endif
 
 RCSID("$Header$");
 
@@ -25,9 +27,11 @@ RCSID("$Header$");
 #define MIN(a, b)    (((a) < (b)) ? (a) : (b))
 #endif /* MIN */
 
+#ifdef HAVE_KRB4
 static des_key_schedule sched;
 static des_cblock ivec;
 extern des_cblock session;
+#endif
 
 static int get_block(int conn, int fd, int max_size, int encrypt);
 
@@ -123,8 +127,15 @@ int get_file(int conn, char *pathname, int file_size, int checksum,
 
   if (encrypt)
     {
+#ifdef HAVE_KRB4
       des_key_sched(session, sched);
       memcpy(ivec, session, sizeof(ivec));
+#else
+      /* The session key only gets stored if auth happens in krb4 to
+         begin with. If you don't have krb4, you can't possibly be
+         coming up with a valid session key. */
+      return MR_NO_KRB4;
+#endif
     }
 
   n_written = 0;
@@ -173,6 +184,7 @@ static int get_block(int conn, int fd, int max_size, int encrypt)
 
   if (encrypt)
     {
+#ifdef HAVE_KRB4
       char *unenc = malloc(len);
 
       if (!unenc)
@@ -186,6 +198,7 @@ static int get_block(int conn, int fd, int max_size, int encrypt)
        ivec[i] = data[len - 8 + i] ^ unenc[len - 8 + i];
       free(data);
       data = unenc;
+#endif
     }
 
   n_read = MIN(len, max_size);

diff --git a/update/send_file.c b/update/send_file.c
index 61c7ed794e4376d6d4c268e80c7c2e713727a3db..49127f41b2f02b5c58013f4245e304440d73fa0a 100644 (file)
--- a/update/send_file.c
+++ b/update/send_file.c
@@ -17,12 +17,16 @@
 #include <string.h>
 #include <unistd.h>
 
+#ifdef HAVE_KRB4
 #include <des.h>
+#endif
 #include <update.h>
 
 RCSID("$Header$");
 
+#ifdef HAVE_KRB4
 extern des_cblock session;
+#endif
 
 /*
  * syntax:
@@ -47,8 +51,10 @@ int mr_send_file(int conn, char *pathname, char *target_path, int encrypt)
   char data[UPDATE_BUFSIZ], enc[UPDATE_BUFSIZ];
   long response;
   struct stat statb;
+#ifdef HAVE_KRB4
   des_key_schedule sched;
   des_cblock ivec;
+#endif
 
   /* send file over */
   fd = open(pathname, O_RDONLY, 0);
@@ -105,8 +111,15 @@ int mr_send_file(int conn, char *pathname, char *target_path, int encrypt)
 
   if (encrypt)
     {
+#ifdef HAVE_KRB4
       des_key_sched(session, sched);
       memmove(ivec, session, sizeof(ivec));
+#else
+      /* The session key only gets stored if auth happens in krb4 to
+         begin with. If you don't have krb4, you can't possibly be
+         coming up with a valid session key. */
+      return MR_NO_KRB4;
+#endif
     }
 
   while (n_to_send > 0)
@@ -120,6 +133,7 @@ int mr_send_file(int conn, char *pathname, char *target_path, int encrypt)
        }
       if (encrypt)
        {
+#ifdef HAVE_KRB4
          memset(data + n, 0, sizeof(data) -n);
          des_pcbc_encrypt(data, enc, (n + 7) & ~7, sched, ivec, 0);
          /* save vector to continue chaining */
@@ -128,6 +142,7 @@ int mr_send_file(int conn, char *pathname, char *target_path, int encrypt)
          /* round up to multiple of 8 */
          n = (n + 7) & ~7;
          code = send_string(conn, enc, n);
+#endif
        }
       else
        code = send_string(conn, data, n);

diff --git a/update/ticket.c b/update/ticket.c
index 77e2b1c1ef4ddc2d7b720410f0909ef51efa8e3e..9eb47c7e5916a72e7792286a15c0f08cc4f7699f 100644 (file)
--- a/update/ticket.c
+++ b/update/ticket.c
@@ -13,19 +13,27 @@
 #include <stdio.h>
 #include <string.h>
 
+#ifdef HAVE_KRB4
 #include <krb.h>
+#else
+#define KTEXT void*
+#endif
 #include <krb5.h>
 #include <update.h>
 
 RCSID("$Header$");
 
+#ifdef HAVE_KRB4
 static char realm[REALM_SZ];
 static char master[INST_SZ] = "sms";
 static char service[ANAME_SZ] = "rcmd";
 des_cblock session;
+#endif
 krb5_context context = NULL;
 
+#ifdef HAVE_KRB4
 static int get_mr_tgt(void);
+#endif
 
 int get_mr_krb5_update_ticket(char *host, krb5_data auth)
 {
@@ -58,6 +66,7 @@ int get_mr_krb5_update_ticket(char *host, krb5_data auth)
 
 int get_mr_update_ticket(char *host, KTEXT ticket)
 {
+#ifdef HAVE_KRB4
   int code, pass;
   char phost[BUFSIZ];
   CREDENTIALS cr;
@@ -93,8 +102,12 @@ try_it:
       memcpy(session, cr.session, sizeof(session));
     }
   return code;
+#else
+  return MR_NO_KRB4;
+#endif
 }
 
+#ifdef HAVE_KRB4
 static int get_mr_tgt(void)
 {
   int code;
@@ -109,3 +122,4 @@ static int get_mr_tgt(void)
   else
     return code + ERROR_TABLE_BASE_krb;
 }
+#endif

diff --git a/update/update_server.c b/update/update_server.c
index 985700d15862902a288cda9473f9a437aa1bd6c4..6c5dc9a316c8bbf189499feda7efe85a472a644f 100644 (file)
--- a/update/update_server.c
+++ b/update/update_server.c
@@ -25,7 +25,9 @@
 #include <unistd.h>
 #include <syslog.h>
 
+#ifdef HAVE_KRB4
 #include <des.h>
+#endif
 #include "update.h"
 
 RCSID("$Header$");
@@ -33,7 +35,9 @@ RCSID("$Header$");
 char *whoami, *hostname;
 
 int have_authorization = 0;
+#ifdef HAVE_KRB4
 des_cblock session;
+#endif
 int uid = 0;
 
 void child_handler(int signal);
@@ -44,7 +48,9 @@ struct _dt {
   char *str;
   void (*proc)(int, char *);
 } dispatch_table[] = {
+#ifdef HAVE_KRB4
   { "AUTH_002", auth_002 },
+#endif
   { "AUTH_003", auth_003 },
   { "XFER_002", xfer_002 },
   { "XFER_003", xfer_003 },