Merge configure.ac stuff from SCIDI, needs some cleanups
Add missing functions Replace log_message{x}() calls with fprintf, for now Everything compiles with vanilla opensc tree, yet untested. git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@363 c6295689-39f2-0310-b995-f0e70906c6a9
This commit is contained in:
parent
dc50994696
commit
504b0ae2b9
|
@ -1,6 +1,6 @@
|
|||
## Makefile.am -- Process this file with automake to produce Makefile.in
|
||||
|
||||
SUBDIRS = . aclocal src docs
|
||||
SUBDIRS = . aclocal docs src
|
||||
|
||||
EXTRA_DIST = CodingStyle bootstrap
|
||||
|
||||
|
|
515
configure.in
515
configure.in
|
@ -75,8 +75,6 @@ case "$host" in
|
|||
blibpath="/usr/lib:/lib:/usr/local/lib"
|
||||
fi
|
||||
;;
|
||||
*-*-linux*)
|
||||
;;
|
||||
esac
|
||||
|
||||
dnl Allow user to specify flags
|
||||
|
@ -118,6 +116,10 @@ AC_PROG_CPP
|
|||
AC_PROG_INSTALL
|
||||
AC_PROG_LN_S
|
||||
AC_PROG_MAKE_SET
|
||||
AM_PROG_LEX
|
||||
AC_PATH_PROG(TEST_MINUS_S_SH, bash)
|
||||
AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
|
||||
AC_PATH_PROG(TEST_MINUS_S_SH, sh)
|
||||
|
||||
dnl Special check for pthread support.
|
||||
ACX_PTHREAD(
|
||||
|
@ -138,10 +140,12 @@ dnl Automatically update the libtool script if it becomes out-of-date.
|
|||
|
||||
dnl Checks for header files.
|
||||
AC_HEADER_STDC
|
||||
AC_CHECK_HEADERS([errno.h fcntl.h malloc.h stdlib.h string.h sys/time.h unistd.h syslog.h getopt.h security/pam_appl.h security/_pam_macros.h readline/readline.h])
|
||||
AC_HEADER_SYS_WAIT
|
||||
AC_CHECK_HEADERS([errno.h fcntl.h malloc.h stdlib.h string.h sys/time.h unistd.h syslog.h utmp.h getopt.h ecurity/pam_appl.h security/_pam_macros.h readline/readline.h])
|
||||
|
||||
dnl Checks for typedefs, structures, and compiler characteristics.
|
||||
AC_C_CONST
|
||||
AC_TYPE_UID_T
|
||||
AC_TYPE_SIZE_T
|
||||
AC_HEADER_TIME
|
||||
|
||||
|
@ -157,12 +161,14 @@ AC_FUNC_MALLOC
|
|||
AC_FUNC_MEMCMP
|
||||
AC_FUNC_STAT
|
||||
AC_FUNC_VPRINTF
|
||||
AC_CHECK_FUNCS([getpass gettimeofday memset mkdir strdup strerror])
|
||||
AC_CHECK_FUNCS([getpass gettimeofday memset mkdir strdup strerror setutent])
|
||||
|
||||
dnl C Compiler features
|
||||
AC_C_INLINE
|
||||
if test "$GCC" = "yes"; then
|
||||
CFLAGS="$CFLAGS -Wall -Werror"
|
||||
CFLAGS="$CFLAGS -Wall"
|
||||
# Disabled until lex-parse.l doesn't give us a warning
|
||||
# -Werror
|
||||
fi
|
||||
|
||||
dnl OS specific options
|
||||
|
@ -256,6 +262,197 @@ if (test ! -z "$ac_cv_commondir" && test "x$ac_cv_commondir" != "x(system)") ; t
|
|||
fi
|
||||
fi
|
||||
|
||||
AC_SUBST(LIBDL)
|
||||
AC_CHECK_LIB(dl, dlopen, [LIBDL="$LIBDL -ldl" ac_cv_func_dlopen_ldl=yes], ac_cv_func_dlopen_ldl=no)
|
||||
|
||||
AC_SUBST(LIBREADLINE)
|
||||
# libreadline will also need libtermcap on some OSes
|
||||
saved_LIBS="$LIBS"
|
||||
for add in "" "-ltermcap"; do
|
||||
if test "X$add" != "X"; then
|
||||
AC_MSG_CHECKING([whether -lreadline requires $add])
|
||||
fi
|
||||
LIBS="$saved_LIBS $add"
|
||||
unset ac_cv_lib_readline_readline
|
||||
AC_CHECK_LIB(readline, readline, [
|
||||
LIBREADLINE="-lreadline $add"
|
||||
ac_cv_func_readline_lreadline=yes
|
||||
], ac_cv_func_readline_lreadline=no)
|
||||
test "$ac_cv_func_readline_lreadline" = yes && break
|
||||
done
|
||||
|
||||
LIBS="$LIBS $LIBREADLINE"
|
||||
AC_CHECK_FUNCS(readline)
|
||||
LIBS="$saved_LIBS"
|
||||
|
||||
#
|
||||
# We check for various libraries
|
||||
# - SysVr4 style of "-lsocket" at first (unless in libc)
|
||||
# The hallmark is connect() routine (we presume)
|
||||
#
|
||||
AC_SUBST(LIBSOCKET)dnl
|
||||
ac_cv_libsocket_both=1
|
||||
AC_CHECK_FUNC(connect, ac_cv_libsocket_both=0)
|
||||
AC_CHECK_FUNC(gethostbyname, ac_cv_libsocket_both=0)
|
||||
if test "$ac_cv_libsocket_both" = 1 ; then
|
||||
# Check cache
|
||||
if test "$ac_cv_func_socket_lsocket" = yes ; then
|
||||
AC_MSG_RESULT([need -lsocket library (cached)])
|
||||
LIBSOCKET="-lsocket"
|
||||
if test "$ac_cv_func_gethostbyname_lnsl" = yes ; then
|
||||
LIBSOCKET="-lsocket -lnsl"
|
||||
fi
|
||||
else
|
||||
# Well, will this work ? SysVR4, but not Sun Solaris ?
|
||||
AC_CHECK_LIB(socket, connect, [LIBSOCKET="-lsocket"
|
||||
ac_cv_func_socket_lsocket=yes],
|
||||
ac_cv_func_socket_lsocket=no)
|
||||
if test "$ac_cv_func_socket_lsocket" = yes ; then
|
||||
t_oldLibs="$LIBS"
|
||||
LIBS="$LIBS -lsocket $LIBRESOLV"
|
||||
AC_TRY_LINK([],[gethostbyname();], ,[
|
||||
LIBS="$LIBS -lnsl" # Add this Solaris library..
|
||||
AC_TRY_LINK([],[gethostbyname();],[
|
||||
LIBSOCKET="-lsocket -lnsl"
|
||||
ac_cv_func_gethostbyname_lnsl=yes
|
||||
], [
|
||||
AC_MSG_ERROR([Weird, '$LIBS' not enough to find gethostbyname() ?!])
|
||||
])
|
||||
])
|
||||
LIBS="$t_oldLibs"
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
AC_SUBST(LIBRESOLV)dnl
|
||||
if test "x$LIBRESOLV" = "x"; then
|
||||
# Ok, No -lresolv, is this enough for the _res to appear ?
|
||||
t_oldLibs="$LIBS"
|
||||
LIBS="$LIBS $LIBSOCKET"
|
||||
ac_cv_var__res_options=no
|
||||
# This following is for IRIX6.4, and I sincerely hope it
|
||||
# will not fail on other systems... It did! It did!
|
||||
# Many systems don't have idemponent headers, they need specific
|
||||
# includes before latter ones, or the latter ones won't be successful...
|
||||
AC_TRY_LINK([#include <sys/types.h>
|
||||
#include <sys/socket.h>
|
||||
#include <netinet/in.h>
|
||||
#include <arpa/nameser.h>
|
||||
#include <resolv.h>],
|
||||
[_res.options = RES_INIT;],
|
||||
ac_cv_var__res_options=yes);
|
||||
if test "$ac_cv_var__res_options" != "yes"; then
|
||||
LIBRESOLV="-lresolv"
|
||||
fi
|
||||
LIBS="$t_oldLibs"
|
||||
fi
|
||||
|
||||
# See about the routines that possibly exist at the libraries..
|
||||
LIBS="$t_oldLibs $LIBSOCKET"
|
||||
AC_CHECK_FUNCS(socket socketpair)
|
||||
LIBS="$t_oldLibs"
|
||||
|
||||
if test "$ac_cv_func_socket" = no -a "$LIBSOCKET" != ""; then
|
||||
LIBS="$LIBS $LIBSOCKET"
|
||||
AC_TRY_LINK([],[socket();], ac_cv_func_socket=yes)
|
||||
if test $ac_cv_func_socket = yes; then
|
||||
AC_DEFINE(HAVE_SOCKET, 1, [Have socket])
|
||||
fi
|
||||
LIBS="$t_oldLibs"
|
||||
fi
|
||||
if test "$ac_cv_func_socketpair" = no -a "$LIBSOCKET" != ""; then
|
||||
LIBS="$LIBS $LIBSOCKET"
|
||||
AC_TRY_LINK([],[socketpair();], ac_cv_func_socketpair=yes)
|
||||
if test $ac_cv_func_socketpair = yes; then
|
||||
AC_DEFINE(HAVE_SOCKETPAIR, 1, [Have socketpair])
|
||||
fi
|
||||
LIBS="$t_oldLibs"
|
||||
fi
|
||||
|
||||
# Always link lib{socket,nsl,resolv) if found, sigh.
|
||||
LIBS="$LIBS $LIBSOCKET $LIBRESOLV"
|
||||
|
||||
AC_ARG_WITH(flex-dir,
|
||||
[ --with-flex-dir=PATH Specify path to flex installation],
|
||||
[
|
||||
if test "x$withval" != "xno" ; then
|
||||
tryflexdir=$withval
|
||||
fi
|
||||
]
|
||||
)
|
||||
|
||||
saved_LDFLAGS="$LDFLAGS"
|
||||
saved_CPPFLAGS="$CPPFLAGS"
|
||||
AC_SUBST(LIBFL)
|
||||
AC_CACHE_CHECK([for flex directory], ac_cv_flexdir, [
|
||||
for flexdir in $tryflexdir "" /usr/local/flex /usr/lib/flex /usr/local/flex /usr/lib/flex /usr/local /usr/pkg /opt /opt/flex ; do
|
||||
# Skip directories if they don't exist
|
||||
if test ! -z "$flexdir" -a ! -d "$flexdir" ; then
|
||||
continue;
|
||||
fi
|
||||
|
||||
LIBFL="-lfl"
|
||||
CPPFLAGS="$saved_CPPFLAGS"
|
||||
LDFLAGS="$saved_LDFLAGS"
|
||||
if test ! -z "$flexdir" -a "x$flexdir" != "x/usr"; then
|
||||
# Try to use $flexdir/lib if it exists, otherwise
|
||||
# $flexdir
|
||||
if test -d "$flexdir/lib" ; then
|
||||
LDFLAGS="-L$flexdir/lib $saved_LDFLAGS"
|
||||
if test ! -z "$need_dash_r" ; then
|
||||
LDFLAGS="-R$flexdir/lib $LDFLAGS"
|
||||
fi
|
||||
else
|
||||
LDFLAGS="-L$flexdir $saved_LDFLAGS"
|
||||
if test ! -z "$need_dash_r" ; then
|
||||
LDFLAGS="-R$flexdir $LDFLAGS"
|
||||
fi
|
||||
fi
|
||||
# Try to use $flexdir/include if it exists, otherwise
|
||||
# $flexdir
|
||||
if test -d "$flexdir/include" ; then
|
||||
CPPFLAGS="-I$flexdir/include $saved_CPPFLAGS"
|
||||
else
|
||||
CPPFLAGS="-I$flexdir $saved_CPPFLAGS"
|
||||
fi
|
||||
fi
|
||||
break;
|
||||
done
|
||||
|
||||
if test -z "$flexdir" ; then
|
||||
flexdir="(system)"
|
||||
fi
|
||||
|
||||
ac_cv_flexdir=$flexdir
|
||||
])
|
||||
|
||||
if (test ! -z "$ac_cv_flexdir" && test "x$ac_cv_flexdir" != "x(system)") ; then
|
||||
dnl Need to recover flexdir - test above runs in subshell
|
||||
flexdir=$ac_cv_flexdir
|
||||
if test ! -z "$flexdir" -a "x$flexdir" != "x/usr"; then
|
||||
# Try to use $flexdir/lib if it exists, otherwise
|
||||
# $flexdir
|
||||
if test -d "$flexdir/lib" ; then
|
||||
LDFLAGS="-L$flexdir/lib $saved_LDFLAGS"
|
||||
if test ! -z "$need_dash_r" ; then
|
||||
LDFLAGS="-R$flexdir/lib $LDFLAGS"
|
||||
fi
|
||||
else
|
||||
LDFLAGS="-L$flexdir $saved_LDFLAGS"
|
||||
if test ! -z "$need_dash_r" ; then
|
||||
LDFLAGS="-R$flexdir $LDFLAGS"
|
||||
fi
|
||||
fi
|
||||
# Try to use $flexdir/include if it exists, otherwise
|
||||
# $flexdir
|
||||
if test -d "$flexdir/include" ; then
|
||||
CPPFLAGS="-I$flexdir/include $saved_CPPFLAGS"
|
||||
else
|
||||
CPPFLAGS="-I$flexdir $saved_CPPFLAGS"
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
AC_SUBST(CFLAGS_PCSC)
|
||||
AC_SUBST(LIBPCSC)
|
||||
LIBPCSC="-lpcsclite"
|
||||
|
@ -312,29 +509,6 @@ fi
|
|||
LIBS="$saved_LIBS"
|
||||
AM_CONDITIONAL(HAVE_PCSCLITE, test "x$ac_cv_lib_pcsclite_SCardEstablishContext" = "xyes")
|
||||
|
||||
AC_SUBST(LIBDL)
|
||||
AC_CHECK_LIB(dl, dlopen, [LIBDL="$LIBDL -ldl" ac_cv_func_dlopen_ldl=yes], ac_cv_func_dlopen_ldl=no)
|
||||
|
||||
AC_SUBST(LIBREADLINE)
|
||||
# libreadline will also need libtermcap on some OSes
|
||||
saved_LIBS="$LIBS"
|
||||
for add in "" "-ltermcap"; do
|
||||
if test "X$add" != "X"; then
|
||||
AC_MSG_CHECKING([whether -lreadline requires $add])
|
||||
fi
|
||||
LIBS="$saved_LIBS $add"
|
||||
unset ac_cv_lib_readline_readline
|
||||
AC_CHECK_LIB(readline, readline, [
|
||||
LIBREADLINE="-lreadline $add"
|
||||
ac_cv_func_readline_lreadline=yes
|
||||
], ac_cv_func_readline_lreadline=no)
|
||||
test "$ac_cv_func_readline_lreadline" = yes && break
|
||||
done
|
||||
|
||||
LIBS="$LIBS $LIBREADLINE"
|
||||
AC_CHECK_FUNCS(readline)
|
||||
LIBS="$saved_LIBS"
|
||||
|
||||
dnl The big search for OpenSSL
|
||||
AC_ARG_WITH(ssl-dir,
|
||||
[ --with-ssl-dir=PATH Specify path to OpenSSL installation],
|
||||
|
@ -453,6 +627,85 @@ if test "x$SSL_MSG" = "xyes" ; then
|
|||
fi
|
||||
AM_CONDITIONAL(HAVE_SSL, test "x$SSL_MSG" = "xyes")
|
||||
|
||||
AC_ARG_WITH(pam-dir,
|
||||
[ --with-pam-dir=PATH Specify path for PAM installation libraries],
|
||||
[
|
||||
if test "x$withval" != "xno" ; then
|
||||
trypamdir=$withval
|
||||
fi
|
||||
]
|
||||
)
|
||||
|
||||
saved_LDFLAGS="$LDFLAGS"
|
||||
saved_CPPFLAGS="$CPPFLAGS"
|
||||
AC_CACHE_CHECK([for pam directory], ac_cv_pamdir, [
|
||||
for pamdir in $trypamdir "" /usr/local /usr/pkg /opt ; do
|
||||
# Skip directories if they don't exist
|
||||
if test ! -z "$pamdir" -a ! -d "$pamdir" ; then
|
||||
continue;
|
||||
fi
|
||||
|
||||
CPPFLAGS="$saved_CPPFLAGS"
|
||||
LDFLAGS="$saved_LDFLAGS"
|
||||
if test ! -z "$pamdir" -a "x$pamdir" != "x/usr"; then
|
||||
# Try to use $pamdir/lib if it exists, otherwise
|
||||
# $pamdir
|
||||
if test -d "$pamdir/lib" ; then
|
||||
LDFLAGS="-L$pamdir/lib $saved_LDFLAGS"
|
||||
if test ! -z "$need_dash_r" ; then
|
||||
LDFLAGS="-R$pamdir/lib $LDFLAGS"
|
||||
fi
|
||||
else
|
||||
LDFLAGS="-L$pamdir $saved_LDFLAGS"
|
||||
if test ! -z "$need_dash_r" ; then
|
||||
LDFLAGS="-R$pamdir $LDFLAGS"
|
||||
fi
|
||||
fi
|
||||
# Try to use $pamdir/include if it exists, otherwise
|
||||
# $pamdir
|
||||
if test -d "$pamdir/include" ; then
|
||||
CPPFLAGS="-I$pamdir/include $saved_CPPFLAGS"
|
||||
else
|
||||
CPPFLAGS="-I$pamdir $saved_CPPFLAGS"
|
||||
fi
|
||||
fi
|
||||
break;
|
||||
done
|
||||
|
||||
if test -z "$pamdir" ; then
|
||||
pamdir="(system)"
|
||||
fi
|
||||
|
||||
ac_cv_pamdir=$pamdir
|
||||
])
|
||||
|
||||
if (test ! -z "$ac_cv_pamdir" && test "x$ac_cv_pamdir" != "x(system)") ; then
|
||||
dnl Need to recover pamdir - test above runs in subshell
|
||||
pamdir=$ac_cv_pamdir
|
||||
if test ! -z "$pamdir" -a "x$pamdir" != "x/usr"; then
|
||||
# Try to use $pamdir/lib if it exists, otherwise
|
||||
# $pamdir
|
||||
if test -d "$pamdir/lib" ; then
|
||||
LDFLAGS="-L$pamdir/lib $saved_LDFLAGS"
|
||||
if test ! -z "$need_dash_r" ; then
|
||||
LDFLAGS="-R$pamdir/lib $LDFLAGS"
|
||||
fi
|
||||
else
|
||||
LDFLAGS="-L$pamdir $saved_LDFLAGS"
|
||||
if test ! -z "$need_dash_r" ; then
|
||||
LDFLAGS="-R$pamdir $LDFLAGS"
|
||||
fi
|
||||
fi
|
||||
# Try to use $pamdir/include if it exists, otherwise
|
||||
# $pamdir
|
||||
if test -d "$pamdir/include" ; then
|
||||
CPPFLAGS="-I$pamdir/include $saved_CPPFLAGS"
|
||||
else
|
||||
CPPFLAGS="-I$pamdir $saved_CPPFLAGS"
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
dnl Check for PAM libs
|
||||
PAM_MSG="no"
|
||||
no_pam=""
|
||||
|
@ -505,6 +758,162 @@ LIBS="$saved_LIBS"
|
|||
AM_CONDITIONAL(HAVE_PAM, test "x$PAM_MSG" = "xyes")
|
||||
AM_CONDITIONAL(HAVE_PAM_AND_SSL, test "x$PAM_MSG" = "xyes" -a "x$SSL_MSG" = "xyes")
|
||||
|
||||
dnl Check for SIA libs
|
||||
AC_SUBST(LIBSIA)
|
||||
SIA_MSG="no"
|
||||
no_osfsia=""
|
||||
AC_MSG_CHECKING([SIA support])
|
||||
AC_ARG_WITH(osfsia,
|
||||
[ --with-osfsia Enable Digital Unix SIA],
|
||||
[
|
||||
if test "x$withval" = "xno" ; then
|
||||
AC_MSG_RESULT(disabled)
|
||||
no_osfsia=1
|
||||
fi
|
||||
],
|
||||
)
|
||||
if test -z "$no_osfsia" ; then
|
||||
if test -f /etc/sia/matrix.conf; then
|
||||
AC_MSG_RESULT(yes)
|
||||
AC_DEFINE(HAVE_OSF_SIA, 1, [Have Digital Unix SIA])
|
||||
LIBSIA="$LIBSIA -lsecurity -ldb -lm -laud"
|
||||
SIA_MSG="yes"
|
||||
else
|
||||
AC_MSG_RESULT(no)
|
||||
fi
|
||||
fi
|
||||
|
||||
AM_CONDITIONAL(HAVE_SIA, test "x$SIA_MSG" = "xyes")
|
||||
|
||||
# Check for user-specified random device, otherwise check /dev/urandom
|
||||
AC_ARG_WITH(random,
|
||||
[ --with-random=FILE read entropy from FILE (default=/dev/urandom)],
|
||||
[
|
||||
if test "x$withval" != "xno" ; then
|
||||
RANDOM_POOL="$withval";
|
||||
AC_DEFINE_UNQUOTED(RANDOM_POOL, "$RANDOM_POOL", [Location of random number pool])
|
||||
fi
|
||||
],
|
||||
[
|
||||
# Check for random device
|
||||
AC_CHECK_FILE("/dev/urandom",
|
||||
[
|
||||
RANDOM_POOL="/dev/urandom";
|
||||
AC_SUBST(RANDOM_POOL)
|
||||
AC_DEFINE_UNQUOTED(RANDOM_POOL, "$RANDOM_POOL", [Location of random number pool])
|
||||
]
|
||||
)
|
||||
]
|
||||
)
|
||||
|
||||
# Check for PRNGD/EGD pool file
|
||||
AC_ARG_WITH(prngd-port,
|
||||
[ --with-prngd-port=PORT read entropy from PRNGD/EGD localhost:PORT],
|
||||
[
|
||||
if test ! -z "$withval" -a "x$withval" != "xno" ; then
|
||||
PRNGD_PORT="$withval"
|
||||
AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT, [Port number of PRNGD/EGD random number socket])
|
||||
fi
|
||||
]
|
||||
)
|
||||
|
||||
# Check for PRNGD/EGD pool file
|
||||
AC_ARG_WITH(prngd-socket,
|
||||
[ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
|
||||
[
|
||||
if test "x$withval" != "xno" ; then
|
||||
PRNGD_SOCKET="$withval"
|
||||
AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET", [Location of PRNGD/EGD random number socket])
|
||||
fi
|
||||
],
|
||||
[
|
||||
# Check for existing socket only if we don't have a random device already
|
||||
if test -z "$RANDOM_POOL" ; then
|
||||
AC_MSG_CHECKING(for PRNGD/EGD socket)
|
||||
# Insert other locations here
|
||||
for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy /tmp/entropy; do
|
||||
if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
|
||||
PRNGD_SOCKET="$sock"
|
||||
AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET", [Location of PRNGD/EGD random number socket])
|
||||
break;
|
||||
fi
|
||||
done
|
||||
if test ! -z "$PRNGD_SOCKET" ; then
|
||||
AC_MSG_RESULT($PRNGD_SOCKET)
|
||||
else
|
||||
AC_MSG_RESULT(not found)
|
||||
fi
|
||||
fi
|
||||
]
|
||||
)
|
||||
|
||||
### BEGIN LDAP SPECIFIC OPTIONS
|
||||
dnl ldap autoconf magic partly taken from pam_ldap
|
||||
|
||||
dnl --enable-ldap option.
|
||||
AC_ARG_ENABLE(ldap,
|
||||
[ --enable-ldap enable use of LDAP for authentication. [default=yes]],
|
||||
, enable_ldap=yes)
|
||||
AC_ARG_ENABLE(ssl, [ --disable-ssl disable SSL/TSL support for ldap])
|
||||
AC_ARG_WITH(ldap-lib, [ --with-ldap-lib=type select ldap library [auto|netscape5|netscape4|netscape3|umich|openldap]])
|
||||
AC_ARG_WITH(ldap-dir, [ --with-ldap-dir=DIR base directory of ldap SDK])
|
||||
|
||||
AC_SUBST(LIBLDAP)
|
||||
LDAP_MSG="no"
|
||||
if (test x$enable_ldap = xyes); then
|
||||
if test -n "$with_ldap_dir"; then
|
||||
CPPFLAGS="$CPPFLAGS -I$with_ldap_dir/include"
|
||||
LDFLAGS="$LDFLAGS -L$with_ldap_dir/lib"
|
||||
case "$target_os" in
|
||||
solaris*) LDFLAGS="$LDFLAGS -Wl,-R$with_ldap_dir/lib" ;;
|
||||
*) LDFLAGS="$LDFLAGS -Wl,-rpath,$with_ldap_dir/lib" ;;
|
||||
esac
|
||||
fi
|
||||
|
||||
AC_CHECK_HEADERS(lber.h ldap.h ldap_ssl.h)
|
||||
|
||||
dnl check which ldap library we have
|
||||
if test -z "$with_ldap_lib"; then
|
||||
with_ldap_lib=auto
|
||||
fi
|
||||
|
||||
if test -z "$found_ldap_lib" -a \( $with_ldap_lib = auto -o $with_ldap_lib = umich -o $with_ldap_lib = openldap \); then
|
||||
AC_CHECK_LIB(lber, ber_init, LIBLDAP="-llber $LIBLDAP" found_lber_lib=yes)
|
||||
saved_LIBS="$LIBS"
|
||||
LIBS="$LIBS $LIBLDAP"
|
||||
AC_CHECK_LIB(ldap, ldap_search, LIBLDAP="-lldap $LIBLDAP" found_ldap_lib=yes)
|
||||
LIBS="$saved_LIBS"
|
||||
fi
|
||||
if test -z "$found_ldap_lib" -a \( $with_ldap_lib = auto -o $with_ldap_lib = netscape5 \); then
|
||||
AC_CHECK_LIB(ldap50, ldap_search, LIBLDAP="-lldap50 -lssldap50 -lssl3 -lnss3 -lnspr4 -lprldap50 -lplc4 -lplds4 $LIBLDAP" found_ldap_lib=yes need_pthread=true,, -lpthread)
|
||||
fi
|
||||
if test -z "$found_ldap_lib" -a \( $with_ldap_lib = auto -o $with_ldap_lib = netscape4 \); then
|
||||
AC_CHECK_LIB(ldapssl41, ldap_search, LIBLDAP="-lldapssl41 -lplc3 -lplds3 -lnspr3 $LIBLDAP" found_ldap_lib=yes need_pthread=true,, -lpthread)
|
||||
if test -z "$found_ldap_lib"; then
|
||||
AC_CHECK_LIB(ldapssl40, ldap_search, LIBLDAP="-lldapssl40 $LIBLDAP" found_ldap_lib=yes need_pthread=true,, -lpthread)
|
||||
fi
|
||||
fi
|
||||
if test -z "$found_ldap_lib" -a \( $with_ldap_lib = auto -o $with_ldap_lib = netscape3 \); then
|
||||
AC_CHECK_LIB(ldapssl30, ldap_search, LIBLDAP="-lldapssl30 $LIBLDAP" found_ldap_lib=yes need_pthread=true,, -lpthread)
|
||||
fi
|
||||
|
||||
if test -n "$found_ldap_lib"; then
|
||||
AC_DEFINE(LDAP_REFERRALS,1,[This is needed for the native Solaris LDAP SDK])
|
||||
AC_DEFINE(HAVE_LDAP, 1, [Use LDAP for authentication etc.])
|
||||
LDAP_MSG="yes"
|
||||
|
||||
saved_LIBS="$LIBS"
|
||||
LIBS="$LIBS $LIBLDAP"
|
||||
AC_CHECK_FUNCS(ldap_init)
|
||||
if test "$enable_ssl" \!= "no"; then
|
||||
AC_CHECK_FUNCS(ldapssl_init ldap_start_tls_s ldap_pvt_tls_set_option)
|
||||
fi
|
||||
LIBS="$saved_LIBS"
|
||||
fi
|
||||
fi
|
||||
AM_CONDITIONAL(HAVE_LDAP, test "x$LDAP_MSG" = "xyes")
|
||||
### END LDAP SPECIFIC OPTIONS
|
||||
|
||||
dnl Enable/disable debugging messages.
|
||||
AC_ARG_ENABLE(debug,
|
||||
[ --enable-debug enable debug messages. [default=no]],
|
||||
|
@ -513,6 +922,20 @@ if (test x$enable_debug = xyes); then
|
|||
AC_DEFINE(DEBUG, 1, [Enable debug messages.])
|
||||
fi
|
||||
|
||||
if test "x$prefix" = xNONE; then
|
||||
prefix=$ac_default_prefix
|
||||
fi
|
||||
|
||||
AC_SUBST(LIBSCCONF)
|
||||
LIBSCCONF="\${top_srcdir}/src/scconf/libscconf.la"
|
||||
AC_SUBST(LIBSCLDAP)
|
||||
LIBSCLDAP="\${top_srcdir}/src/scldap/libscldap.la"
|
||||
AC_SUBST(LIBSCRANDOM)
|
||||
LIBSCRANDOM="\${top_srcdir}/src/scrandom/libscrandom.la"
|
||||
|
||||
scldap_etc_path=`eval echo ${sysconfdir}` ; scldap_etc_path=`eval echo ${scldap_etc_path}`
|
||||
AC_DEFINE_UNQUOTED(SCLDAP_ETC_PATH_CUSTOM, "$scldap_etc_path", [etc path for scldap])
|
||||
|
||||
AC_SUBST(CFLAGS_OPENSC)
|
||||
CFLAGS_OPENSC="-I\${top_srcdir}/src/libopensc"
|
||||
AC_SUBST(LIBOPENSC)
|
||||
|
@ -537,19 +960,40 @@ src/openssh/Makefile
|
|||
src/pam/Makefile
|
||||
src/pkcs11/Makefile
|
||||
src/pkcs11/rsaref/Makefile
|
||||
src/scam/Makefile
|
||||
src/scconf/Makefile
|
||||
src/scldap/Makefile
|
||||
src/scldap/etc/Makefile
|
||||
src/scrandom/Makefile
|
||||
src/sia/Makefile
|
||||
src/tests/Makefile
|
||||
src/tools/Makefile
|
||||
])
|
||||
|
||||
if test ! -z "$RANDOM_POOL" ; then
|
||||
RAND_MSG="device ($RANDOM_POOL)"
|
||||
else
|
||||
if test ! -z "$PRNGD_PORT" ; then
|
||||
RAND_MSG="PRNGD/EGD (port localhost:$PRNGD_PORT)"
|
||||
elif test ! -z "$PRNGD_SOCKET" ; then
|
||||
RAND_MSG="PRNGD/EGD (socket $PRNGD_SOCKET)"
|
||||
else
|
||||
RAND_MSG="Builtin kluge"
|
||||
BUILTIN_RNG=1
|
||||
fi
|
||||
fi
|
||||
|
||||
dnl Someone please show me a better way :)
|
||||
A=`eval echo ${prefix}` ; A=`eval echo ${A}`
|
||||
B=`eval echo ${bindir}` ; B=`eval echo ${B}`
|
||||
C=`eval echo ${sysconfdir}` ; C=`eval echo ${C}`
|
||||
|
||||
echo ""
|
||||
echo "OpenSC has been configured with the following options"
|
||||
|
||||
echo ""
|
||||
echo "User binaries: ${B}"
|
||||
echo "Configuration files: ${C}"
|
||||
|
||||
echo ""
|
||||
echo "Host: ${host}"
|
||||
|
@ -560,7 +1004,18 @@ echo "Linker flags: ${LDFLAGS}"
|
|||
echo "Libraries: ${LIBS}"
|
||||
|
||||
echo ""
|
||||
echo "OpenSSL support: ${SSL_MSG}"
|
||||
echo "PAM support: ${PAM_MSG}"
|
||||
echo "Random number collection: ${RAND_MSG}"
|
||||
echo "OpenSSL support: ${SSL_MSG}"
|
||||
echo "LDAP support: ${LDAP_MSG}"
|
||||
echo "PAM support: ${PAM_MSG}"
|
||||
echo "SIA support: ${SIA_MSG}"
|
||||
|
||||
echo ""
|
||||
|
||||
if test ! -z "$BUILTIN_RNG" ; then
|
||||
echo "WARNING: you are using the builtin random number service."
|
||||
echo "The random number service is very simple and is only"
|
||||
echo "intended for testing purposes. Please request your OS"
|
||||
echo "vendor to include /dev/random in future versions of"
|
||||
echo "their OS. Or use PRNGD/EGD instead, your choice."
|
||||
fi
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
libdir = ${prefix}/lib/security
|
||||
|
||||
INCLUDES = @CFLAGS_PCSC@ @CFLAGS_SSP@ @CFLAGS_OPENSC@ -I../scam -I../scconf -I../scrandom -I../scldap
|
||||
INCLUDES = @CFLAGS_PCSC@ @CFLAGS_OPENSC@ -I../scam -I../scconf -I../scrandom -I../scldap
|
||||
|
||||
if HAVE_LDAP
|
||||
LDAP_LTLIBS = @LIBSCLDAP@
|
||||
|
@ -10,9 +10,9 @@ else
|
|||
LDAP_LTLIBS =
|
||||
endif
|
||||
|
||||
LDFLAGS = @LDFLAGS@ @LIBDL@ @LIBSCRANDOM@ $(LDAP_LTLIBS) @LIBCRYPTO@ @LIBSSP@ @LIBOPENSC@ @LIBPAM@
|
||||
LDFLAGS = @LDFLAGS@ @LIBDL@ @LIBSCRANDOM@ $(LDAP_LTLIBS) @LIBCRYPTO@ @LIBOPENSC@ @LIBPAM@
|
||||
|
||||
AUTHSRC = ../scam/scam.c ../scam/scam.h ../scam/sp.c ../scam/p15_eid.c ../scam/p15_ldap.c
|
||||
AUTHSRC = ../scam/scam.c ../scam/scam.h ../scam/p15_eid.c ../scam/p15_ldap.c
|
||||
SRC = $(AUTHSRC) pam_opensc.c pam_support.c pam_support.h
|
||||
|
||||
if HAVE_PAM_AND_SSL
|
||||
|
|
|
@ -28,6 +28,12 @@
|
|||
#include <string.h>
|
||||
#include <unistd.h>
|
||||
#include <ctype.h>
|
||||
#include <pwd.h>
|
||||
#include <grp.h>
|
||||
#ifdef HAVE_UTMP_H
|
||||
#include <utmp.h>
|
||||
#endif
|
||||
#include <sys/types.h>
|
||||
#include "scam.h"
|
||||
|
||||
#define PAM_SM_AUTH
|
||||
|
@ -38,6 +44,41 @@
|
|||
static int scam_method = 0;
|
||||
static char *auth_method = NULL;
|
||||
|
||||
/*
|
||||
* Because getlogin() is braindead and sometimes it just
|
||||
* doesn't work, we reimplement it here.
|
||||
*/
|
||||
static char *get_login(void)
|
||||
{
|
||||
char *user = NULL;
|
||||
#ifdef HAVE_SETUTENT
|
||||
struct utmp *ut = NULL, line;
|
||||
static char curr_user[sizeof(ut->ut_user) + 4];
|
||||
char *curr_tty = NULL;
|
||||
|
||||
curr_tty = ttyname(0);
|
||||
if (curr_tty) {
|
||||
curr_tty += 5;
|
||||
setutent();
|
||||
strncpy(line.ut_line, curr_tty, sizeof line.ut_line);
|
||||
if ((ut = getutline(&line))) {
|
||||
strncpy(curr_user, ut->ut_user, sizeof(ut->ut_user));
|
||||
user = curr_user;
|
||||
}
|
||||
endutent();
|
||||
}
|
||||
#else
|
||||
user = getlogin();
|
||||
#endif
|
||||
#if 1
|
||||
if (!user) {
|
||||
struct passwd *pw_user = getpwuid(geteuid());
|
||||
user = pw_user->pw_name;
|
||||
}
|
||||
#endif
|
||||
return user;
|
||||
}
|
||||
|
||||
static void usage(void)
|
||||
{
|
||||
int i;
|
||||
|
@ -159,7 +200,10 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh, int flags, int argc, con
|
|||
/* No remote logins allowed through xdm */
|
||||
if ((!strcmp(service, "xdm") &&
|
||||
strcmp(tty, ":0"))) {
|
||||
log_message("User %s (tty %s) tried remote login through service %s, permission denied.\n", user, tty, service);
|
||||
char buf[256];
|
||||
|
||||
snprintf(buf, 256, "User %s (tty %s) tried remote login through service %s, permission denied.\n", user, tty, service);
|
||||
opensc_pam_log(LOG_NOTICE, pamh, buf);
|
||||
scam_deinit(scam_method);
|
||||
return PAM_PERM_DENIED;
|
||||
}
|
||||
|
@ -231,7 +275,7 @@ PAM_EXTERN int pam_sm_open_session(pam_handle_t * pamh, int flags, int argc,
|
|||
opensc_pam_log(LOG_CRIT, pamh, "open_session - scam_open_session failed\n");
|
||||
return PAM_SESSION_ERR;
|
||||
}
|
||||
opensc_pam_log(LOG_INFO, pamh, "session opened for user %s by %s(uid=%d)\n", user, GetLogin() == NULL ? "" : GetLogin(), getuid());
|
||||
opensc_pam_log(LOG_INFO, pamh, "session opened for user %s by %s(uid=%d)\n", user, get_login() == NULL ? "" : get_login(), getuid());
|
||||
return PAM_SUCCESS;
|
||||
}
|
||||
|
||||
|
|
|
@ -25,6 +25,7 @@
|
|||
#endif
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <stdarg.h>
|
||||
#include <string.h>
|
||||
#include <unistd.h>
|
||||
#include "pam_support.h"
|
||||
|
@ -60,16 +61,12 @@ int converse(pam_handle_t * pamh, int ctrl, int nargs
|
|||
int retval;
|
||||
struct pam_conv *conv;
|
||||
|
||||
log_messagex(L_DEBUG, "begin to converse");
|
||||
|
||||
retval = pam_get_item(pamh, PAM_CONV, (PAM_CONST void **) &conv);
|
||||
if (retval == PAM_SUCCESS) {
|
||||
|
||||
retval = conv->conv(nargs, (PAM_CONST struct pam_message **) message
|
||||
,response, conv->appdata_ptr);
|
||||
|
||||
log_messagex(L_DEBUG, "returned from application's conversation function");
|
||||
|
||||
if (retval != PAM_SUCCESS && on(OPENSC_DEBUG, ctrl)) {
|
||||
opensc_pam_log(LOG_DEBUG, pamh, "conversation failure [%s]"
|
||||
,pam_strerror(pamh, retval));
|
||||
|
@ -79,8 +76,6 @@ int converse(pam_handle_t * pamh, int ctrl, int nargs
|
|||
,"couldn't obtain conversation function [%s]"
|
||||
,pam_strerror(pamh, retval));
|
||||
}
|
||||
log_messagex(L_DEBUG, "ready to return from module conversation");
|
||||
|
||||
return retval; /* propagate error status */
|
||||
}
|
||||
|
||||
|
@ -140,36 +135,28 @@ int _set_ctrl(pam_handle_t * pamh, int flags, char **auth_method, int argc, cons
|
|||
{
|
||||
unsigned int ctrl;
|
||||
|
||||
log_messagex(L_DEBUG, "called.");
|
||||
|
||||
ctrl = OPENSC_DEFAULTS; /* the default selection of options */
|
||||
|
||||
/* set some flags manually */
|
||||
if (getuid() == 0 && !(flags & PAM_CHANGE_EXPIRED_AUTHTOK)) {
|
||||
log_messagex(L_DEBUG, "IAMROOT");
|
||||
set(OPENSC__IAMROOT, ctrl);
|
||||
}
|
||||
if (flags & PAM_UPDATE_AUTHTOK) {
|
||||
log_messagex(L_DEBUG, "UPDATE_AUTHTOK");
|
||||
set(OPENSC__UPDATE, ctrl);
|
||||
}
|
||||
if (flags & PAM_PRELIM_CHECK) {
|
||||
log_messagex(L_DEBUG, "PRELIM_CHECK");
|
||||
set(OPENSC__PRELIM, ctrl);
|
||||
}
|
||||
if (flags & PAM_DISALLOW_NULL_AUTHTOK) {
|
||||
log_messagex(L_DEBUG, "DISALLOW_NULL_AUTHTOK");
|
||||
set(OPENSC__NONULL, ctrl);
|
||||
}
|
||||
if (flags & PAM_SILENT) {
|
||||
log_messagex(L_DEBUG, "SILENT");
|
||||
set(OPENSC__QUIET, ctrl);
|
||||
}
|
||||
/* now parse the arguments to this module */
|
||||
while (argc-- > 0) {
|
||||
int j;
|
||||
|
||||
log_messagex(L_DEBUG, "pam_opensc arg: %s", *argv);
|
||||
for (j = 0; j < OPENSC_CTRLS_; ++j) {
|
||||
if (opensc_args[j].token
|
||||
&& !strncmp(*argv, opensc_args[j].token, strlen(opensc_args[j].token))) {
|
||||
|
@ -204,8 +191,6 @@ int _set_ctrl(pam_handle_t * pamh, int flags, char **auth_method, int argc, cons
|
|||
set(OPENSC_DEBUG, ctrl);
|
||||
}
|
||||
/* return the set of flags */
|
||||
|
||||
log_messagex(L_DEBUG, "done.");
|
||||
#if 0
|
||||
print_ctrl(ctrl);
|
||||
#endif
|
||||
|
@ -232,18 +217,9 @@ int _read_password(pam_handle_t * pamh
|
|||
,PAM_CONST char *data_name
|
||||
,PAM_CONST char **pass)
|
||||
{
|
||||
int authtok_flag;
|
||||
int retval;
|
||||
PAM_CONST char *item;
|
||||
char *token;
|
||||
|
||||
log_messagex(L_DEBUG, "called");
|
||||
|
||||
/*
|
||||
* make sure nothing inappropriate gets returned
|
||||
*/
|
||||
|
||||
*pass = token = NULL;
|
||||
int authtok_flag, retval;
|
||||
PAM_CONST char *item = NULL;
|
||||
char *token = NULL;
|
||||
|
||||
/*
|
||||
* which authentication token are we getting?
|
||||
|
|
|
@ -1,3 +1,3 @@
|
|||
# Process this file with automake to create Makefile.in
|
||||
|
||||
EXTRA_DIST = scam.c scam.h sp.c p15_eid.c p15_ldap.c
|
||||
EXTRA_DIST = scam.c scam.h p15_eid.c p15_ldap.c
|
||||
|
|
|
@ -144,14 +144,14 @@ int p15_eid_init(int argc, const char **argv)
|
|||
}
|
||||
if (!reader_name) {
|
||||
for (i = 0; i < ctx->reader_count; i++) {
|
||||
log_message("Reader #%d - %s%s\n", i + 1, ctx->reader[i]->name, reader == i ? " (*)" : "");
|
||||
printf("Reader #%d - %s%s\n", i + 1, ctx->reader[i]->name, reader == i ? " (*)" : "");
|
||||
}
|
||||
} else {
|
||||
for (i = 0; i < ctx->reader_count; i++) {
|
||||
if ((strlen(reader_name) < strlen(ctx->reader[i]->name))) {
|
||||
if (!strncmp(reader_name, ctx->reader[i]->name, strlen(reader_name))) {
|
||||
reader = i;
|
||||
log_message("Reader #%d - %s selected\n", i + 1, ctx->reader[reader]->name);
|
||||
printf("Reader #%d - %s selected\n", i + 1, ctx->reader[reader]->name);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
@ -382,29 +382,31 @@ void p15_eid_deinit(void)
|
|||
int p15_eid_open_session(int argc, const char **argv, const char *user)
|
||||
{
|
||||
struct passwd *userstr = NULL;
|
||||
#ifdef PCSCLITE_SERVER_PATH
|
||||
uid_t useruid = 65534, uid = 65534;
|
||||
gid_t gid = 65534;
|
||||
int r;
|
||||
#endif
|
||||
|
||||
if (!user) {
|
||||
log_messagex(L_DEBUG, "No user.\n");
|
||||
scam_fw_p15_eid.printmsg("No user.\n");
|
||||
return SCAM_FAILED;
|
||||
}
|
||||
userstr = getpwnam(user);
|
||||
if (!userstr) {
|
||||
log_messagex(L_DEBUG, "Can't get user structure. (%s)", user);
|
||||
scam_fw_p15_eid.printmsg("Can't get user structure. (%s)", user);
|
||||
return SCAM_FAILED;
|
||||
}
|
||||
#ifdef PCSCLITE_SERVER_PATH
|
||||
useruid = userstr->pw_uid;
|
||||
r = GetIdentity(&uid, &gid);
|
||||
if (r < 0) {
|
||||
scam_fw_p15_eid.logmsg("Could not get uid/gid for pcscd.\n");
|
||||
return SCAM_FAILED;
|
||||
}
|
||||
#ifdef PCSCLITE_SERVER_PATH
|
||||
r = chown(PCSCLITE_SERVER_PATH, useruid, gid);
|
||||
if (r < 0) {
|
||||
log_messagex(L_DEBUG, "Opening session failed, cannot chown socket to user %.", user);
|
||||
scam_fw_p15_eid.printmsg("Opening session failed, cannot chown socket to user %.", user);
|
||||
return SCAM_FAILED;
|
||||
}
|
||||
#endif
|
||||
|
@ -413,23 +415,25 @@ int p15_eid_open_session(int argc, const char **argv, const char *user)
|
|||
|
||||
int p15_eid_close_session(int argc, const char **argv, const char *user)
|
||||
{
|
||||
#ifdef PCSCLITE_SERVER_PATH
|
||||
uid_t uid = 65534;
|
||||
gid_t gid = 65534;
|
||||
int r;
|
||||
#endif
|
||||
|
||||
if (!user) {
|
||||
log_messagex(L_DEBUG, "No user.\n");
|
||||
scam_fw_p15_eid.printmsg("No user.\n");
|
||||
return SCAM_FAILED;
|
||||
}
|
||||
#ifdef PCSCLITE_SERVER_PATH
|
||||
r = GetIdentity(&uid, &gid);
|
||||
if (r < 0) {
|
||||
scam_fw_p15_eid.logmsg("Could not get uid/gid for pcscd.\n");
|
||||
return SCAM_FAILED;
|
||||
}
|
||||
#ifdef PCSCLITE_SERVER_PATH
|
||||
r = chown(PCSCLITE_SERVER_PATH, uid, gid);
|
||||
if (r < 0) {
|
||||
log_messagex(L_DEBUG, "Closing session failed, cannot chown socket to smartcard user.");
|
||||
scam_fw_p15_eid.printmsg("Closing session failed, cannot chown socket to smartcard user.");
|
||||
return SCAM_SUCCESS;
|
||||
}
|
||||
r = CleanupClientSockets();
|
||||
|
|
|
@ -145,14 +145,14 @@ int p15_ldap_init(int argc, const char **argv)
|
|||
}
|
||||
if (!reader_name) {
|
||||
for (i = 0; i < ctx->reader_count; i++) {
|
||||
log_message("Reader #%d - %s%s\n", i + 1, ctx->reader[i]->name, reader == i ? " (*)" : "");
|
||||
printf("Reader #%d - %s%s\n", i + 1, ctx->reader[i]->name, reader == i ? " (*)" : "");
|
||||
}
|
||||
} else {
|
||||
for (i = 0; i < ctx->reader_count; i++) {
|
||||
if ((strlen(reader_name) < strlen(ctx->reader[i]->name))) {
|
||||
if (!strncmp(reader_name, ctx->reader[i]->name, strlen(reader_name))) {
|
||||
reader = i;
|
||||
log_message("Reader #%d - %s selected\n", i + 1, ctx->reader[reader]->name);
|
||||
printf("Reader #%d - %s selected\n", i + 1, ctx->reader[reader]->name);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
@ -318,29 +318,31 @@ void p15_ldap_deinit(void)
|
|||
int p15_ldap_open_session(int argc, const char **argv, const char *user)
|
||||
{
|
||||
struct passwd *userstr = NULL;
|
||||
#ifdef PCSCLITE_SERVER_PATH
|
||||
uid_t useruid = 65534, uid = 65534;
|
||||
gid_t gid = 65534;
|
||||
int r;
|
||||
#endif
|
||||
|
||||
if (!user) {
|
||||
log_messagex(L_DEBUG, "No user.\n");
|
||||
scam_fw_p15_ldap.printmsg("No user.\n");
|
||||
return SCAM_FAILED;
|
||||
}
|
||||
userstr = getpwnam(user);
|
||||
if (!userstr) {
|
||||
log_messagex(L_DEBUG, "Can't get user structure. (%s)", user);
|
||||
scam_fw_p15_ldap.printmsg("Can't get user structure. (%s)", user);
|
||||
return SCAM_FAILED;
|
||||
}
|
||||
#ifdef PCSCLITE_SERVER_PATH
|
||||
useruid = userstr->pw_uid;
|
||||
r = GetIdentity(&uid, &gid);
|
||||
if (r < 0) {
|
||||
scam_fw_p15_ldap.logmsg("Could not get uid/gid for pcscd.\n");
|
||||
return SCAM_FAILED;
|
||||
}
|
||||
#ifdef PCSCLITE_SERVER_PATH
|
||||
r = chown(PCSCLITE_SERVER_PATH, useruid, gid);
|
||||
if (r < 0) {
|
||||
log_messagex(L_DEBUG, "Opening session failed, cannot chown socket to user %.", user);
|
||||
scam_fw_p15_ldap.printmsg("Opening session failed, cannot chown socket to user %.", user);
|
||||
return SCAM_FAILED;
|
||||
}
|
||||
#endif
|
||||
|
@ -349,23 +351,25 @@ int p15_ldap_open_session(int argc, const char **argv, const char *user)
|
|||
|
||||
int p15_ldap_close_session(int argc, const char **argv, const char *user)
|
||||
{
|
||||
#ifdef PCSCLITE_SERVER_PATH
|
||||
uid_t uid = 65534;
|
||||
gid_t gid = 65534;
|
||||
int r;
|
||||
#endif
|
||||
|
||||
if (!user) {
|
||||
log_messagex(L_DEBUG, "No user.\n");
|
||||
scam_fw_p15_ldap.printmsg("No user.\n");
|
||||
return SCAM_FAILED;
|
||||
}
|
||||
#ifdef PCSCLITE_SERVER_PATH
|
||||
r = GetIdentity(&uid, &gid);
|
||||
if (r < 0) {
|
||||
scam_fw_p15_ldap.logmsg("Could not get uid/gid for pcscd.\n");
|
||||
return SCAM_FAILED;
|
||||
}
|
||||
#ifdef PCSCLITE_SERVER_PATH
|
||||
r = chown(PCSCLITE_SERVER_PATH, uid, gid);
|
||||
if (r < 0) {
|
||||
log_messagex(L_DEBUG, "Closing session failed, cannot chown socket to smartcard user.");
|
||||
scam_fw_p15_ldap.printmsg("Closing session failed, cannot chown socket to smartcard user.");
|
||||
return SCAM_SUCCESS;
|
||||
}
|
||||
r = CleanupClientSockets();
|
||||
|
|
|
@ -32,7 +32,9 @@
|
|||
|
||||
struct scam_framework_ops *scam_frameworks[] =
|
||||
{
|
||||
#ifdef HAVE_SCIDI
|
||||
&scam_fw_sp,
|
||||
#endif
|
||||
#ifndef HAVE_LDAP
|
||||
&scam_fw_p15_eid,
|
||||
&scam_fw_p15_ldap,
|
||||
|
|
|
@ -165,7 +165,8 @@ void scldap_show_parameters(scldap_context * ctx)
|
|||
{
|
||||
int i, j;
|
||||
|
||||
CHECK_CTX_VOID(ctx);
|
||||
if (!ctx)
|
||||
return;
|
||||
for (i = 0; i < ctx->entries; i++) {
|
||||
if (ctx->entry[i].entry) {
|
||||
printf("[%i]->entry=%s\n", i, ctx->entry[i].entry);
|
||||
|
@ -187,7 +188,8 @@ void scldap_free_parameters(scldap_context * ctx)
|
|||
{
|
||||
int i, j;
|
||||
|
||||
CHECK_CTX_VOID(ctx);
|
||||
if (!ctx)
|
||||
return;
|
||||
if (ctx) {
|
||||
for (i = 0; i < ctx->entries; i++) {
|
||||
if (ctx->entry[i].entry) {
|
||||
|
@ -245,13 +247,8 @@ void scldap_parse_arguments(scldap_context ** ctx, int argc, const char **argv)
|
|||
scldap_context *ptr = *ctx;
|
||||
int i;
|
||||
|
||||
CHECK_CTX_VOID(ptr);
|
||||
|
||||
if (argc < 0)
|
||||
if (!ptr || !argv || argc < 0)
|
||||
return;
|
||||
if (!argv)
|
||||
return;
|
||||
|
||||
for (i = 0; i < argc; i++) {
|
||||
if (argv[i][0] == '-') {
|
||||
char *optarg = (char *) argv[i + 1];
|
||||
|
@ -346,7 +343,8 @@ int scldap_add_entry(scldap_context * ctx, const char *entry)
|
|||
{
|
||||
int i;
|
||||
|
||||
CHECK_CTX(ctx, 0);
|
||||
if (!ctx)
|
||||
return 0;
|
||||
if (entry) {
|
||||
for (i = 0; i < ctx->entries; i++) {
|
||||
if (!ctx->entry[i].entry) {
|
||||
|
@ -372,7 +370,8 @@ int scldap_get_entry(scldap_context * ctx, const char *entry)
|
|||
{
|
||||
int i;
|
||||
|
||||
CHECK_CTX(ctx, 0);
|
||||
if (!ctx)
|
||||
return 0;
|
||||
if (entry) {
|
||||
for (i = 0; i < ctx->entries; i++) {
|
||||
if (ctx->entry[i].entry) {
|
||||
|
@ -389,7 +388,8 @@ void scldap_set_entry(scldap_context * ctx, const char *entry)
|
|||
{
|
||||
int i;
|
||||
|
||||
CHECK_CTX_VOID(ctx);
|
||||
if (!ctx)
|
||||
return;
|
||||
if (entry) {
|
||||
for (i = 0; i < ctx->entries; i++) {
|
||||
if (ctx->entry[i].entry) {
|
||||
|
@ -406,7 +406,8 @@ void scldap_remove_entry(scldap_context * ctx, const char *entry)
|
|||
{
|
||||
int i, j;
|
||||
|
||||
CHECK_CTX_VOID(ctx);
|
||||
if (!ctx)
|
||||
return;
|
||||
if (entry) {
|
||||
for (i = 0; i < ctx->entries; i++) {
|
||||
if (ctx->entry[i].entry) {
|
||||
|
@ -455,7 +456,8 @@ void scldap_remove_entry(scldap_context * ctx, const char *entry)
|
|||
|
||||
int scldap_is_valid_url(const char *url)
|
||||
{
|
||||
CHECK_CTX(url, 0);
|
||||
if (!url)
|
||||
return 0;
|
||||
return ldap_is_ldap_url((char *) url);
|
||||
}
|
||||
|
||||
|
@ -472,56 +474,56 @@ int scldap_url_to_entry(scldap_context * ctx, const char *entry, const char *url
|
|||
switch (rv) {
|
||||
#ifdef LDAP_URL_ERR_BADSCHEME
|
||||
case LDAP_URL_ERR_BADSCHEME:
|
||||
log_messagex(L_DEBUG, "Not an LDAP URL: %s", url);
|
||||
fprintf(stderr, "Not an LDAP URL: %s", url);
|
||||
break;
|
||||
#endif
|
||||
#ifdef LDAP_URL_ERR_BADENCLOSURE
|
||||
case LDAP_URL_ERR_BADENCLOSURE:
|
||||
log_messagex(L_DEBUG, "Bad Enclosure in URL: %s", url);
|
||||
fprintf(stderr, "Bad enclosure in URL: %s", url);
|
||||
break;
|
||||
#endif
|
||||
#ifdef LDAP_URL_ERR_BADURL
|
||||
case LDAP_URL_ERR_BADURL:
|
||||
log_messagex(L_DEBUG, "Bad URL: %s", url);
|
||||
fprintf(stderr, "Bad URL: %s", url);
|
||||
break;
|
||||
#endif
|
||||
#ifdef LDAP_URL_ERR_BADHOST
|
||||
case LDAP_URL_ERR_BADHOST:
|
||||
log_messagex(L_DEBUG, "Host is invalid in URL: %s", url);
|
||||
fprintf(stderr, "Host is invalid in URL: %s", url);
|
||||
break;
|
||||
#endif
|
||||
#ifdef LDAP_URL_ERR_BADATTRS
|
||||
case LDAP_URL_ERR_BADATTRS:
|
||||
log_messagex(L_DEBUG, "Attributes are invalid in URL: %s", url);
|
||||
fprintf(stderr, "Attributes are invalid in URL: %s", url);
|
||||
break;
|
||||
#endif
|
||||
#ifdef LDAP_URL_ERR_BADSCOPE
|
||||
case LDAP_URL_ERR_BADSCOPE:
|
||||
log_messagex(L_DEBUG, "Scope is invalid in URL: %s", url);
|
||||
fprintf(stderr, "Scope is invalid in URL: %s", url);
|
||||
break;
|
||||
#endif
|
||||
#ifdef LDAP_URL_ERR_BADFILTER
|
||||
case LDAP_URL_ERR_BADFILTER:
|
||||
log_messagex(L_DEBUG, "Filter is invalid in URL: %s", url);
|
||||
fprintf(stderr, "Filter is invalid in URL: %s", url);
|
||||
break;
|
||||
#endif
|
||||
#ifdef LDAP_URL_ERR_BADEXTS
|
||||
case LDAP_URL_ERR_BADEXTS:
|
||||
log_messagex(L_DEBUG, "Extensions are invalid in URL: %s", url);
|
||||
fprintf(stderr, "Extensions are invalid in URL: %s", url);
|
||||
break;
|
||||
#endif
|
||||
#ifdef LDAP_URL_ERR_MEM
|
||||
case LDAP_URL_ERR_MEM:
|
||||
log_messagex(L_DEBUG, "Out of memory parsing URL: %s", url);
|
||||
fprintf(stderr, "Out of memory parsing URL: %s", url);
|
||||
break;
|
||||
#endif
|
||||
#ifdef LDAP_URL_ERR_PARAM
|
||||
case LDAP_URL_ERR_PARAM:
|
||||
log_messagex(L_DEBUG, "bad parameter parsing URL: %s", url);
|
||||
fprintf(stderr, "Bad parameter parsing URL: %s", url);
|
||||
break;
|
||||
#endif
|
||||
default:
|
||||
log_messagex(L_DEBUG, "Unknown error %d parsing URL: %s", rv, url);
|
||||
fprintf(stderr, "Unknown error %d parsing URL: %s", rv, url);
|
||||
break;
|
||||
}
|
||||
return -1;
|
||||
|
@ -706,7 +708,6 @@ static void scldap_get_result(LDAP * ld, LDAPMessage * res, scldap_param_entry *
|
|||
result->results++; \
|
||||
result->result = (scldap_result_entry *) realloc(result->result, (result->results + 2) * sizeof(scldap_result_entry)); \
|
||||
memset(&result->result[result->results], 0, sizeof(scldap_result_entry)); \
|
||||
log_messagex(L_DEBUG, "ADD: %s[%li]\n", result->result[result->results].name, result->result[result->results].datalen); \
|
||||
} \
|
||||
}
|
||||
if (attrsonly) {
|
||||
|
@ -721,7 +722,6 @@ static void scldap_get_result(LDAP * ld, LDAPMessage * res, scldap_param_entry *
|
|||
}
|
||||
} else if ((bvals = ldap_get_values_len(ld, res, name))) {
|
||||
for (i = 0; bvals[i]; i++) {
|
||||
log_messagex(L_DEBUG, "scldap_get_result: %s[%li]\n", name, bvals[i]->bv_len);
|
||||
if (param->numattrs) {
|
||||
for (j = 0; j < param->numattrs; j++) {
|
||||
if (!strncasecmp(param->attributes[j], name, strlen(param->attributes[j]))) {
|
||||
|
@ -802,7 +802,7 @@ int scldap_search(scldap_context * ctx, const char *entry,
|
|||
return -1;
|
||||
}
|
||||
if (pattern)
|
||||
log_messagex(L_DEBUG, "pattern: %s\n", pattern);
|
||||
fprintf(stderr, "pattern: %s\n", pattern);
|
||||
if (ldap_search(ld, ctx->entry[entrynum].base, ctx->entry[entrynum].scope, pattern, ctx->entry[entrynum].attributes, ctx->entry[entrynum].attrsonly) == -1) {
|
||||
ldap_perror(ld, "ldap_search");
|
||||
if (pattern)
|
||||
|
@ -856,7 +856,6 @@ void scldap_free_result(scldap_result * result)
|
|||
{
|
||||
int i;
|
||||
|
||||
CHECK_CTX_VOID(result);
|
||||
if (result) {
|
||||
for (i = 0; i < result->results; i++) {
|
||||
if (result->result[i].name) {
|
||||
|
|
|
@ -146,7 +146,7 @@ int main(int argc, char **argv)
|
|||
if (verbose > 2)
|
||||
scldap_show_parameters(lctx);
|
||||
if (scldap_search(lctx, entry, &lresult, 0, searchword) < 0) {
|
||||
log_message("scldap_search failed.\n");
|
||||
fprintf(stderr, "scldap_search failed.\n");
|
||||
scldap_free_parameters(lctx);
|
||||
return 1;
|
||||
}
|
||||
|
|
|
@ -22,6 +22,7 @@
|
|||
#ifdef HAVE_CONFIG_H
|
||||
#include <config.h>
|
||||
#endif
|
||||
#include <stdio.h>
|
||||
#include <unistd.h>
|
||||
#include <string.h>
|
||||
#include <sys/types.h>
|
||||
|
@ -31,7 +32,9 @@
|
|||
#include <sys/un.h>
|
||||
#include <sys/socket.h>
|
||||
#include <netinet/in.h>
|
||||
#ifdef HAVE_OPENSSL
|
||||
#include <openssl/rand.h>
|
||||
#endif
|
||||
|
||||
static ssize_t atomicio(ssize_t(*f) (), int fd, void *_s, size_t n)
|
||||
{
|
||||
|
@ -111,12 +114,12 @@ static int scrandom_get_bytes(unsigned char *buf, int len)
|
|||
#if defined(RANDOM_POOL)
|
||||
fd = open(RANDOM_POOL, O_RDONLY);
|
||||
if (fd == -1) {
|
||||
log_message("Couldn't open random pool \"%s\": %s\n",
|
||||
fprintf(stderr, "Couldn't open random pool \"%s\": %s\n",
|
||||
RANDOM_POOL, strerror(errno));
|
||||
return 0;
|
||||
}
|
||||
if (atomicio(read, fd, buf, len) != len) {
|
||||
log_message("Couldn't read from random pool \"%s\": %s\n",
|
||||
fprintf(stderr, "Couldn't read from random pool \"%s\": %s\n",
|
||||
RANDOM_POOL, strerror(errno));
|
||||
close(fd);
|
||||
return 0;
|
||||
|
@ -132,11 +135,11 @@ static int scrandom_get_bytes(unsigned char *buf, int len)
|
|||
memset(&addr, '\0', sizeof(addr));
|
||||
/* Sanity checks */
|
||||
if (sizeof(PRNGD_SOCKET) > sizeof(addr.sun_path)) {
|
||||
log_message("Random pool path is too long");
|
||||
fprintf(stderr, "Random pool path is too long");
|
||||
return 0;
|
||||
}
|
||||
if (len > 255) {
|
||||
log_message("Too many bytes to read from PRNGD");
|
||||
fprintf(stderr, "Too many bytes to read from PRNGD");
|
||||
return 0;
|
||||
}
|
||||
addr.sun_family = AF_UNIX;
|
||||
|
@ -148,11 +151,11 @@ static int scrandom_get_bytes(unsigned char *buf, int len)
|
|||
reopen:
|
||||
fd = socket(addr.sun_family, SOCK_STREAM, 0);
|
||||
if (fd == -1) {
|
||||
log_message("Couldn't create AF_UNIX socket: %s\n", strerror(errno));
|
||||
fprintf(stderr, "Couldn't create AF_UNIX socket: %s\n", strerror(errno));
|
||||
goto done;
|
||||
}
|
||||
if (connect(fd, (struct sockaddr *) &addr, addr_len) == -1) {
|
||||
log_message("Couldn't connect to PRNGD socket \"%s\": %s\n",
|
||||
fprintf(stderr, "Couldn't connect to PRNGD socket \"%s\": %s\n",
|
||||
addr.sun_path, strerror(errno));
|
||||
goto done;
|
||||
}
|
||||
|
@ -166,7 +169,7 @@ static int scrandom_get_bytes(unsigned char *buf, int len)
|
|||
errors++;
|
||||
goto reopen;
|
||||
}
|
||||
log_message("Couldn't write to PRNGD socket: %s\n",
|
||||
fprintf(stderr, "Couldn't write to PRNGD socket: %s\n",
|
||||
strerror(errno));
|
||||
goto done;
|
||||
}
|
||||
|
@ -176,7 +179,7 @@ static int scrandom_get_bytes(unsigned char *buf, int len)
|
|||
errors++;
|
||||
goto reopen;
|
||||
}
|
||||
log_message("Couldn't read from PRNGD socket: %s\n",
|
||||
fprintf(stderr, "Couldn't read from PRNGD socket: %s\n",
|
||||
strerror(errno));
|
||||
goto done;
|
||||
}
|
||||
|
@ -204,11 +207,11 @@ static int scrandom_get_bytes(unsigned char *buf, int len)
|
|||
reopen:
|
||||
fd = socket(addr.sin_family, SOCK_STREAM, 0);
|
||||
if (fd == -1) {
|
||||
log_message("Couldn't create AF_INET socket: %s\n", strerror(errno));
|
||||
fprintf(stderr, "Couldn't create AF_INET socket: %s\n", strerror(errno));
|
||||
goto done;
|
||||
}
|
||||
if (connect(fd, (struct sockaddr *) &addr, addr_len) == -1) {
|
||||
log_message("Couldn't connect to PRNGD port %d: %s\n",
|
||||
fprintf(stderr, "Couldn't connect to PRNGD port %d: %s\n",
|
||||
PRNGD_PORT, strerror(errno));
|
||||
goto done;
|
||||
}
|
||||
|
@ -222,7 +225,7 @@ static int scrandom_get_bytes(unsigned char *buf, int len)
|
|||
errors++;
|
||||
goto reopen;
|
||||
}
|
||||
log_message("Couldn't write to PRNGD socket: %s\n",
|
||||
fprintf(stderr, "Couldn't write to PRNGD socket: %s\n",
|
||||
strerror(errno));
|
||||
goto done;
|
||||
}
|
||||
|
@ -232,7 +235,7 @@ static int scrandom_get_bytes(unsigned char *buf, int len)
|
|||
errors++;
|
||||
goto reopen;
|
||||
}
|
||||
log_message("Couldn't read from PRNGD socket: %s\n",
|
||||
fprintf(stderr, "Couldn't read from PRNGD socket: %s\n",
|
||||
strerror(errno));
|
||||
goto done;
|
||||
}
|
||||
|
@ -257,10 +260,9 @@ static int scrandom_seed_generator(void)
|
|||
#ifdef HAVE_OPENSSL
|
||||
unsigned char buf[32];
|
||||
|
||||
log_messagex(L_DEBUG, "Seeding random number generator");
|
||||
if (!scrandom_get_bytes(buf, sizeof(buf))) {
|
||||
if (!RAND_status()) {
|
||||
log_message("Entropy collection failed and entropy exhausted");
|
||||
fprintf(stderr, "Entropy collection failed and entropy exhausted\n");
|
||||
return 0;
|
||||
}
|
||||
} else {
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
libdir = ${prefix}/lib/security
|
||||
|
||||
INCLUDES = @CFLAGS_PCSC@ @CFLAGS_SSP@ @CFLAGS_OPENSC@ -I../scam -I../scconf -I../scrandom -I../scldap
|
||||
INCLUDES = @CFLAGS_PCSC@ @CFLAGS_OPENSC@ -I../scam -I../scconf -I../scrandom -I../scldap
|
||||
|
||||
if HAVE_LDAP
|
||||
LDAP_LTLIBS = @LIBSCLDAP@
|
||||
|
@ -10,9 +10,9 @@ else
|
|||
LDAP_LTLIBS =
|
||||
endif
|
||||
|
||||
LDFLAGS = @LDFLAGS@ @LIBDL@ @LIBSCRANDOM@ $(LDAP_LTLIBS) @LIBSSP@ @LIBOPENSC@
|
||||
LDFLAGS = @LDFLAGS@ @LIBDL@ @LIBSCRANDOM@ $(LDAP_LTLIBS) @LIBOPENSC@
|
||||
|
||||
AUTHSRC = ../scam/scam.c ../scam/scam.h ../scam/sp.c ../scam/p15_eid.c ../scam/p15_ldap.c
|
||||
AUTHSRC = ../scam/scam.c ../scam/scam.h ../scam/p15_eid.c ../scam/p15_ldap.c
|
||||
SRC = $(AUTHSRC) sia_opensc.c sia_support.c sia_support.h
|
||||
|
||||
if HAVE_SIA
|
||||
|
|
Loading…
Reference in New Issue