diff options
author | Karl Ramm <kcr@mit.edu> | 2008-12-23 15:48:17 +0000 |
---|---|---|
committer | Karl Ramm <kcr@mit.edu> | 2008-12-23 15:48:17 +0000 |
commit | ece7e910d202b217ace407e68c87e83fbd3dff1e (patch) | |
tree | 688c445c177c3233cf46aa78c55630cfa9b5fa42 | |
parent | ca4df1a45da447c703b7dae45863d0c5cb9baaf1 (diff) |
allow des key brain dumps from transition servers to krb5-only servers
-rwxr-xr-x | configure | 149 | ||||
-rw-r--r-- | configure.in | 11 | ||||
-rwxr-xr-x | debian/rules | 2 | ||||
-rw-r--r-- | h/config.h.in | 3 | ||||
-rw-r--r-- | server/bdump.c | 93 | ||||
-rw-r--r-- | server/subscr.c | 2 | ||||
-rw-r--r-- | server/zserver.h | 7 |
7 files changed, 208 insertions, 59 deletions
@@ -1476,6 +1476,7 @@ Optional Packages: both] --with-tags[=TAGS] include additional configurations [automatic] --with-x use the X Window System + --with-openssl=PREFIX Use OpenSSL crypto --with-krb4=PREFIX Use Kerberos 4 --with-krb5=PREFIX Use Kerberos 5 --with-hesiod=PREFIX Use Hesiod @@ -4141,7 +4142,7 @@ ia64-*-hpux*) ;; *-*-irix6*) # Find out which ABI we are using. - echo '#line 4144 "configure"' > conftest.$ac_ext + echo '#line 4145 "configure"' > conftest.$ac_ext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? @@ -6707,11 +6708,11 @@ else -e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:6710: $lt_compile\"" >&5) + (eval echo "\"\$as_me:6711: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:6714: \$? = $ac_status" >&5 + echo "$as_me:6715: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings @@ -6940,11 +6941,11 @@ else -e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:6943: $lt_compile\"" >&5) + (eval echo "\"\$as_me:6944: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:6947: \$? = $ac_status" >&5 + echo "$as_me:6948: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings @@ -7000,11 +7001,11 @@ else -e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:7003: $lt_compile\"" >&5) + (eval echo "\"\$as_me:7004: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:7007: \$? = $ac_status" >&5 + echo "$as_me:7008: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -8330,7 +8331,7 @@ linux*) libsuff= case "$host_cpu" in x86_64*|s390x*|powerpc64*) - echo '#line 8333 "configure"' > conftest.$ac_ext + echo '#line 8334 "configure"' > conftest.$ac_ext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? @@ -9168,7 +9169,7 @@ else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<EOF -#line 9171 "configure" +#line 9172 "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -9266,7 +9267,7 @@ else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<EOF -#line 9269 "configure" +#line 9270 "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -11445,11 +11446,11 @@ else -e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:11448: $lt_compile\"" >&5) + (eval echo "\"\$as_me:11449: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:11452: \$? = $ac_status" >&5 + echo "$as_me:11453: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings @@ -11505,11 +11506,11 @@ else -e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:11508: $lt_compile\"" >&5) + (eval echo "\"\$as_me:11509: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:11512: \$? = $ac_status" >&5 + echo "$as_me:11513: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -12016,7 +12017,7 @@ linux*) libsuff= case "$host_cpu" in x86_64*|s390x*|powerpc64*) - echo '#line 12019 "configure"' > conftest.$ac_ext + echo '#line 12020 "configure"' > conftest.$ac_ext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? @@ -12854,7 +12855,7 @@ else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<EOF -#line 12857 "configure" +#line 12858 "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -12952,7 +12953,7 @@ else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<EOF -#line 12955 "configure" +#line 12956 "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -13779,11 +13780,11 @@ else -e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:13782: $lt_compile\"" >&5) + (eval echo "\"\$as_me:13783: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:13786: \$? = $ac_status" >&5 + echo "$as_me:13787: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings @@ -13839,11 +13840,11 @@ else -e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:13842: $lt_compile\"" >&5) + (eval echo "\"\$as_me:13843: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:13846: \$? = $ac_status" >&5 + echo "$as_me:13847: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -15149,7 +15150,7 @@ linux*) libsuff= case "$host_cpu" in x86_64*|s390x*|powerpc64*) - echo '#line 15152 "configure"' > conftest.$ac_ext + echo '#line 15153 "configure"' > conftest.$ac_ext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? @@ -15893,11 +15894,11 @@ else -e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:15896: $lt_compile\"" >&5) + (eval echo "\"\$as_me:15897: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:15900: \$? = $ac_status" >&5 + echo "$as_me:15901: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings @@ -16126,11 +16127,11 @@ else -e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:16129: $lt_compile\"" >&5) + (eval echo "\"\$as_me:16130: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:16133: \$? = $ac_status" >&5 + echo "$as_me:16134: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings @@ -16186,11 +16187,11 @@ else -e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:16189: $lt_compile\"" >&5) + (eval echo "\"\$as_me:16190: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:16193: \$? = $ac_status" >&5 + echo "$as_me:16194: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -17516,7 +17517,7 @@ linux*) libsuff= case "$host_cpu" in x86_64*|s390x*|powerpc64*) - echo '#line 17519 "configure"' > conftest.$ac_ext + echo '#line 17520 "configure"' > conftest.$ac_ext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? @@ -18354,7 +18355,7 @@ else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<EOF -#line 18357 "configure" +#line 18358 "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -18452,7 +18453,7 @@ else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<EOF -#line 18455 "configure" +#line 18456 "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -23475,6 +23476,90 @@ fi +# Check whether --with-openssl was given. +if test "${with_openssl+set}" = set; then + withval=$with_openssl; openssl="$withval" +else + openssl=no +fi + +if test "$openssl" != no; then + { echo "$as_me:$LINENO: checking for DES_ecb_encrypt in -lcrypto" >&5 +echo $ECHO_N "checking for DES_ecb_encrypt in -lcrypto... $ECHO_C" >&6; } +if test "${ac_cv_lib_crypto_DES_ecb_encrypt+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lcrypto $LIBS" +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char DES_ecb_encrypt (); +int +main () +{ +return DES_ecb_encrypt (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_link") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest$ac_exeext && + $as_test_x conftest$ac_exeext; then + ac_cv_lib_crypto_DES_ecb_encrypt=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_cv_lib_crypto_DES_ecb_encrypt=no +fi + +rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ echo "$as_me:$LINENO: result: $ac_cv_lib_crypto_DES_ecb_encrypt" >&5 +echo "${ECHO_T}$ac_cv_lib_crypto_DES_ecb_encrypt" >&6; } +if test $ac_cv_lib_crypto_DES_ecb_encrypt = yes; then + OPENSSL_LIBS=-lcrypto + cat >>confdefs.h <<\_ACEOF +#define HAVE_OPENSSL 1 +_ACEOF + +else + { { echo "$as_me:$LINENO: error: Openssl requested but not found" >&5 +echo "$as_me: error: Openssl requested but not found" >&2;} + { (exit 1); exit 1; }; } +fi + +fi + + # Check whether --with-krb4 was given. if test "${with_krb4+set}" = set; then withval=$with_krb4; krb4="$withval" @@ -25324,7 +25409,7 @@ else echo "$as_me: error: This package requires ss." >&2;} { (exit 1); exit 1; }; } fi -LIBS="$KRB5_LIBS $KRB4_LIBS $HESIOD_LIBS $LIBS" +LIBS="$OPENSSL_LIBS $KRB5_LIBS $KRB4_LIBS $HESIOD_LIBS $LIBS" if test $ac_cv_c_compiler_gnu = yes; then { echo "$as_me:$LINENO: checking whether $CC needs -traditional" >&5 diff --git a/configure.in b/configure.in index 57b97df..d24a891 100644 --- a/configure.in +++ b/configure.in @@ -84,6 +84,15 @@ AC_SUBST(TLIB) AC_SUBST(RLIB) AC_SUBST(SLIB) +AC_ARG_WITH(openssl, + [ --with-openssl=PREFIX Use OpenSSL crypto], + [openssl="$withval"], [openssl=no]) +if test "$openssl" != no; then + AC_CHECK_LIB(crypto, DES_ecb_encrypt, [OPENSSL_LIBS=-lcrypto + AC_DEFINE(HAVE_OPENSSL)], + [AC_MSG_ERROR(Openssl requested but not found)]) +fi + ATHENA_KRB4 ATHENA_KRB5 ATHENA_HESIOD @@ -91,7 +100,7 @@ ATHENA_REGEXP ATHENA_ARES ATHENA_UTIL_COM_ERR ATHENA_UTIL_SS -LIBS="$KRB5_LIBS $KRB4_LIBS $HESIOD_LIBS $LIBS" +LIBS="$OPENSSL_LIBS $KRB5_LIBS $KRB4_LIBS $HESIOD_LIBS $LIBS" dnl Checks for library functions. AC_PROG_GCC_TRADITIONAL diff --git a/debian/rules b/debian/rules index 66afbfe..231ca17 100755 --- a/debian/rules +++ b/debian/rules @@ -50,7 +50,7 @@ configure-stamp: dh_testdir # Add here commands to configure the package. -mkdir krb5 - cd krb5 && CFLAGS="-g -Wall" ../configure --with-krb5=/usr $(CONFIGURE_ROOT) + cd krb5 && CFLAGS="-g -Wall" ../configure --with-krb5=/usr --with-openssl=/usr $(CONFIGURE_ROOT) -mkdir krb45 cd krb45 && CFLAGS="-g -Wall" ../configure --with-krb4=/usr --with-krb5=/usr $(CONFIGURE_ROOT) -mkdir krb4 diff --git a/h/config.h.in b/h/config.h.in index 40c0a3e..688870f 100644 --- a/h/config.h.in +++ b/h/config.h.in @@ -273,3 +273,6 @@ /* Define to `int' if <sys/types.h> doesn't define. */ #undef uid_t + +/* Wether we have the openssl library about */ +#undef HAVE_OPENSSL diff --git a/server/bdump.c b/server/bdump.c index 723fa66..0b242d7 100644 --- a/server/bdump.c +++ b/server/bdump.c @@ -114,9 +114,12 @@ static long ticket_time; #define TKTLIFETIME 120 #define tkt_lifetime(val) ((long) val * 5L * 60L) +#endif /* HAVE_KRB4 */ + +#if defined(HAVE_KRB4) || defined(HAVE_OPENSSL) extern C_Block serv_key; extern Sched serv_ksched; -#endif /* HAVE_KRB4 */ +#endif static Timer *bdump_timer; static int live_socket = -1; @@ -987,10 +990,26 @@ cleanup(Server *server) } #if defined(HAVE_KRB4) || defined(HAVE_KRB5) + +int got_des = 0; + +#ifndef HAVE_KRB4 +unsigned int enctypes[] = {ENCTYPE_DES_CBC_CRC, + ENCTYPE_DES_CBC_MD4, + ENCTYPE_DES_CBC_MD5, + ENCTYPE_DES_CBC_RAW, + 0}; +#endif + + int get_tgt(void) { int retval = 0; +#ifndef HAVE_KRB4 + int i; + krb5_keytab_entry kt_ent; +#endif #ifdef HAVE_KRB4 /* MIT Kerberos 4 get_svc_in_tkt() requires instance to be writable and * at least INST_SZ bytes long. */ @@ -1026,6 +1045,7 @@ get_tgt(void) return 1; } des_key_sched(serv_key, serv_ksched.s); + got_des = 1; } #endif #ifdef HAVE_KRB5 @@ -1061,9 +1081,37 @@ get_tgt(void) 0, NULL, &opt); +#if defined(HAVE_OPENSSL) && !defined(HAVE_KRB4) + if (retval) { + krb5_free_principal(Z_krb5_ctx, principal); + krb5_kt_close(Z_krb5_ctx, kt); + return(1); + } + + for (i = 0; enctypes[i]; i++) { + retval = krb5_kt_get_entry(Z_krb5_ctx, kt, principal, + 0, enctypes[i], &kt_ent); + if (!retval) + break; + } + if (!retval) { + retval = krb5_copy_keyblock(Z_krb5_ctx, &kt_ent.key, &serv_key); + if (retval) { + krb5_free_principal(Z_krb5_ctx, principal); + krb5_kt_close(Z_krb5_ctx, kt); + return(1); + } + + des_key_sched(serv_key, serv_ksched.s); + + got_des = 1; + } +#endif krb5_free_principal(Z_krb5_ctx, principal); krb5_kt_close(Z_krb5_ctx, kt); +#if defined(HAVE_OPENSSL) && !defined(HAVE_KRB4) if (retval) return(1); +#endif retval = krb5_cc_initialize (Z_krb5_ctx, Z_krb5_ccache, cred.client); if (retval) return(1); @@ -1120,10 +1168,8 @@ bdump_recv_loop(Server *server) #endif #if defined(HAVE_KRB4) || defined(HAVE_KRB5) char *cp; -#endif -#ifdef HAVE_KRB4 C_Block cblock; -#endif /* HAVE_KRB4 */ +#endif ZRealm *realm = NULL; zdbug((LOG_DEBUG, "bdump recv loop")); @@ -1223,26 +1269,27 @@ bdump_recv_loop(Server *server) /* check out this session key I found */ cp = notice.z_message + strlen(notice.z_message) + 1; switch (*cp) { -#ifdef HAVE_KRB4 - case '0': - /* ****ing netascii; this is an encrypted DES keyblock - XXX this code should be conditionalized for server - transitions */ - retval = Z_krb5_init_keyblock(Z_krb5_ctx, ENCTYPE_DES_CBC_CRC, - sizeof(C_Block), - &client->session_keyblock); - if (retval) { - syslog(LOG_ERR, "brl failed to allocate DES keyblock: %s", - error_message(retval)); - return retval; - } - retval = ZReadAscii(cp, strlen(cp), cblock, sizeof(C_Block)); - if (retval != ZERR_NONE) { - syslog(LOG_ERR,"brl bad cblk read: %s (%s)", +#if defined(HAVE_KRB4) || defined(HAVE_OPENSSL) + if (got_des) { + /* ****ing netascii; this is an encrypted DES keyblock + XXX this code should be conditionalized for server + transitions */ + retval = Z_krb5_init_keyblock(Z_krb5_ctx, ENCTYPE_DES_CBC_CRC, + sizeof(C_Block), + &client->session_keyblock); + if (retval) { + syslog(LOG_ERR, "brl failed to allocate DES keyblock: %s", + error_message(retval)); + return retval; + } + retval = ZReadAscii(cp, strlen(cp), cblock, sizeof(C_Block)); + if (retval != ZERR_NONE) { + syslog(LOG_ERR,"brl bad cblk read: %s (%s)", error_message(retval), cp); - } else { - des_ecb_encrypt((C_Block *)cblock, (C_Block *)Z_keydata(client->session_keyblock), - serv_ksched.s, DES_DECRYPT); + } else { + des_ecb_encrypt((C_Block *)cblock, (C_Block *)Z_keydata(client->session_keyblock), + serv_ksched.s, DES_DECRYPT); + } } break; #endif diff --git a/server/subscr.c b/server/subscr.c index 364fc5e..364208e 100644 --- a/server/subscr.c +++ b/server/subscr.c @@ -61,7 +61,7 @@ static const char rcsid_subscr_c[] = "$Id$"; * */ -#ifdef HAVE_KRB4 +#if defined(HAVE_KRB4) || defined(HAVE_OPENSSL) C_Block serv_key; Sched serv_ksched; #endif diff --git a/server/zserver.h b/server/zserver.h index cceb270..ca60844 100644 --- a/server/zserver.h +++ b/server/zserver.h @@ -61,7 +61,12 @@ extern C_Block __Zephyr_session; /* Current time as cached by main(); use instead of time(). */ #define NOW t_local.tv_sec -#ifdef HAVE_KRB4 +#if defined(HAVE_OPENSSL) & !defined(HAVE_KRB4) +#define OPENSSL_DES_LIBDES_COMPATIBILITY +#include <openssl/des.h> +#endif + +#if defined(HAVE_KRB4) || defined(HAVE_OPENSSL) /* Kerberos shouldn't stick us with array types... */ typedef struct { des_key_schedule s; |