giomba
/
opensc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge configure.ac stuff from SCIDI, needs some cleanups 

Add missing functions
Replace log_message{x}() calls with fprintf, for now

Everything compiles with vanilla opensc tree, yet untested.


git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@363 c6295689-39f2-0310-b995-f0e70906c6a9
This commit is contained in:
aet 2002-03-21 14:05:24 +00:00
parent dc50994696
commit 504b0ae2b9
13 changed files with 615 additions and 129 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Makefile.am
View File

@ -1,6 +1,6 @@
## Makefile.am -- Process this file with automake to produce Makefile.in
SUBDIRS = . aclocal src docs
SUBDIRS = . aclocal docs src
EXTRA_DIST = CodingStyle bootstrap

515
configure.in
View File

@ -75,8 +75,6 @@ case "$host" in
blibpath="/usr/lib:/lib:/usr/local/lib"
fi
;;
*-*-linux*)
;;
esac
dnl Allow user to specify flags
@ -118,6 +116,10 @@ AC_PROG_CPP
AC_PROG_INSTALL
AC_PROG_LN_S
AC_PROG_MAKE_SET
AM_PROG_LEX
AC_PATH_PROG(TEST_MINUS_S_SH, bash)
AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
AC_PATH_PROG(TEST_MINUS_S_SH, sh)
dnl Special check for pthread support.
ACX_PTHREAD(
@ -138,10 +140,12 @@ dnl Automatically update the libtool script if it becomes out-of-date.
dnl Checks for header files.
AC_HEADER_STDC
AC_CHECK_HEADERS([errno.h fcntl.h malloc.h stdlib.h string.h sys/time.h unistd.h syslog.h getopt.h security/pam_appl.h security/_pam_macros.h readline/readline.h])
AC_HEADER_SYS_WAIT
AC_CHECK_HEADERS([errno.h fcntl.h malloc.h stdlib.h string.h sys/time.h unistd.h syslog.h utmp.h getopt.h ecurity/pam_appl.h security/_pam_macros.h readline/readline.h])
dnl Checks for typedefs, structures, and compiler characteristics.
AC_C_CONST
AC_TYPE_UID_T
AC_TYPE_SIZE_T
AC_HEADER_TIME
@ -157,12 +161,14 @@ AC_FUNC_MALLOC
AC_FUNC_MEMCMP
AC_FUNC_STAT
AC_FUNC_VPRINTF
AC_CHECK_FUNCS([getpass gettimeofday memset mkdir strdup strerror])
AC_CHECK_FUNCS([getpass gettimeofday memset mkdir strdup strerror setutent])
dnl C Compiler features
AC_C_INLINE
if test "$GCC" = "yes"; then
CFLAGS="$CFLAGS -Wall -Werror"
CFLAGS="$CFLAGS -Wall"
# Disabled until lex-parse.l doesn't give us a warning
# -Werror
fi
dnl OS specific options
@ -256,6 +262,197 @@ if (test ! -z "$ac_cv_commondir" && test "x$ac_cv_commondir" != "x(system)") ; t
fi
fi
AC_SUBST(LIBDL)
AC_CHECK_LIB(dl, dlopen, [LIBDL="$LIBDL -ldl" ac_cv_func_dlopen_ldl=yes], ac_cv_func_dlopen_ldl=no)
AC_SUBST(LIBREADLINE)
# libreadline will also need libtermcap on some OSes
saved_LIBS="$LIBS"
for add in "" "-ltermcap"; do
if test "X$add" != "X"; then
AC_MSG_CHECKING([whether -lreadline requires $add])
fi
LIBS="$saved_LIBS $add"
unset ac_cv_lib_readline_readline
AC_CHECK_LIB(readline, readline, [
LIBREADLINE="-lreadline $add"
ac_cv_func_readline_lreadline=yes
], ac_cv_func_readline_lreadline=no)
test "$ac_cv_func_readline_lreadline" = yes && break
done
LIBS="$LIBS $LIBREADLINE"
AC_CHECK_FUNCS(readline)
LIBS="$saved_LIBS"
#
# We check for various libraries
# - SysVr4 style of "-lsocket" at first (unless in libc)
# The hallmark is connect() routine (we presume)
#
AC_SUBST(LIBSOCKET)dnl
ac_cv_libsocket_both=1
AC_CHECK_FUNC(connect, ac_cv_libsocket_both=0)
AC_CHECK_FUNC(gethostbyname, ac_cv_libsocket_both=0)
if test "$ac_cv_libsocket_both" = 1 ; then
# Check cache
if test "$ac_cv_func_socket_lsocket" = yes ; then
AC_MSG_RESULT([need -lsocket library (cached)])
LIBSOCKET="-lsocket"
if test "$ac_cv_func_gethostbyname_lnsl" = yes ; then
LIBSOCKET="-lsocket -lnsl"
fi
else
# Well, will this work ? SysVR4, but not Sun Solaris ?
AC_CHECK_LIB(socket, connect, [LIBSOCKET="-lsocket"
ac_cv_func_socket_lsocket=yes],
ac_cv_func_socket_lsocket=no)
if test "$ac_cv_func_socket_lsocket" = yes ; then
t_oldLibs="$LIBS"
LIBS="$LIBS -lsocket $LIBRESOLV"
AC_TRY_LINK([],[gethostbyname();], ,[
LIBS="$LIBS -lnsl" # Add this Solaris library..
AC_TRY_LINK([],[gethostbyname();],[
LIBSOCKET="-lsocket -lnsl"
ac_cv_func_gethostbyname_lnsl=yes
], [
AC_MSG_ERROR([Weird, '$LIBS' not enough to find gethostbyname() ?!])
])
])
LIBS="$t_oldLibs"
fi
fi
fi
AC_SUBST(LIBRESOLV)dnl
if test "x$LIBRESOLV" = "x"; then
# Ok, No -lresolv, is this enough for the _res to appear ?
t_oldLibs="$LIBS"
LIBS="$LIBS $LIBSOCKET"
ac_cv_var__res_options=no
# This following is for IRIX6.4, and I sincerely hope it
# will not fail on other systems... It did! It did!
# Many systems don't have idemponent headers, they need specific
# includes before latter ones, or the latter ones won't be successful...
AC_TRY_LINK([#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/nameser.h>
#include <resolv.h>],
[_res.options = RES_INIT;],
ac_cv_var__res_options=yes);
if test "$ac_cv_var__res_options" != "yes"; then
LIBRESOLV="-lresolv"
fi
LIBS="$t_oldLibs"
fi
# See about the routines that possibly exist at the libraries..
LIBS="$t_oldLibs $LIBSOCKET"
AC_CHECK_FUNCS(socket socketpair)
LIBS="$t_oldLibs"
if test "$ac_cv_func_socket" = no -a "$LIBSOCKET" != ""; then
LIBS="$LIBS $LIBSOCKET"
AC_TRY_LINK([],[socket();], ac_cv_func_socket=yes)
if test $ac_cv_func_socket = yes; then
AC_DEFINE(HAVE_SOCKET, 1, [Have socket])
fi
LIBS="$t_oldLibs"
fi
if test "$ac_cv_func_socketpair" = no -a "$LIBSOCKET" != ""; then
LIBS="$LIBS $LIBSOCKET"
AC_TRY_LINK([],[socketpair();], ac_cv_func_socketpair=yes)
if test $ac_cv_func_socketpair = yes; then
AC_DEFINE(HAVE_SOCKETPAIR, 1, [Have socketpair])
fi
LIBS="$t_oldLibs"
fi
# Always link lib{socket,nsl,resolv) if found, sigh.
LIBS="$LIBS $LIBSOCKET $LIBRESOLV"
AC_ARG_WITH(flex-dir,
[ --with-flex-dir=PATH Specify path to flex installation],
[
if test "x$withval" != "xno" ; then
tryflexdir=$withval
fi
]
)
saved_LDFLAGS="$LDFLAGS"
saved_CPPFLAGS="$CPPFLAGS"
AC_SUBST(LIBFL)
AC_CACHE_CHECK([for flex directory], ac_cv_flexdir, [
for flexdir in $tryflexdir "" /usr/local/flex /usr/lib/flex /usr/local/flex /usr/lib/flex /usr/local /usr/pkg /opt /opt/flex ; do
# Skip directories if they don't exist
if test ! -z "$flexdir" -a ! -d "$flexdir" ; then
continue;
fi
LIBFL="-lfl"
CPPFLAGS="$saved_CPPFLAGS"
LDFLAGS="$saved_LDFLAGS"
if test ! -z "$flexdir" -a "x$flexdir" != "x/usr"; then
# Try to use $flexdir/lib if it exists, otherwise
# $flexdir
if test -d "$flexdir/lib" ; then
LDFLAGS="-L$flexdir/lib $saved_LDFLAGS"
if test ! -z "$need_dash_r" ; then
LDFLAGS="-R$flexdir/lib $LDFLAGS"
fi
else
LDFLAGS="-L$flexdir $saved_LDFLAGS"
if test ! -z "$need_dash_r" ; then
LDFLAGS="-R$flexdir $LDFLAGS"
fi
fi
# Try to use $flexdir/include if it exists, otherwise
# $flexdir
if test -d "$flexdir/include" ; then
CPPFLAGS="-I$flexdir/include $saved_CPPFLAGS"
else
CPPFLAGS="-I$flexdir $saved_CPPFLAGS"
fi
fi
break;
done
if test -z "$flexdir" ; then
flexdir="(system)"
fi
ac_cv_flexdir=$flexdir
])
if (test ! -z "$ac_cv_flexdir" && test "x$ac_cv_flexdir" != "x(system)") ; then
dnl Need to recover flexdir - test above runs in subshell
flexdir=$ac_cv_flexdir
if test ! -z "$flexdir" -a "x$flexdir" != "x/usr"; then
# Try to use $flexdir/lib if it exists, otherwise
# $flexdir
if test -d "$flexdir/lib" ; then
LDFLAGS="-L$flexdir/lib $saved_LDFLAGS"
if test ! -z "$need_dash_r" ; then
LDFLAGS="-R$flexdir/lib $LDFLAGS"
fi
else
LDFLAGS="-L$flexdir $saved_LDFLAGS"
if test ! -z "$need_dash_r" ; then
LDFLAGS="-R$flexdir $LDFLAGS"
fi
fi
# Try to use $flexdir/include if it exists, otherwise
# $flexdir
if test -d "$flexdir/include" ; then
CPPFLAGS="-I$flexdir/include $saved_CPPFLAGS"
else
CPPFLAGS="-I$flexdir $saved_CPPFLAGS"
fi
fi
fi
AC_SUBST(CFLAGS_PCSC)
AC_SUBST(LIBPCSC)
LIBPCSC="-lpcsclite"
@ -312,29 +509,6 @@ fi
LIBS="$saved_LIBS"
AM_CONDITIONAL(HAVE_PCSCLITE, test "x$ac_cv_lib_pcsclite_SCardEstablishContext" = "xyes")
AC_SUBST(LIBDL)
AC_CHECK_LIB(dl, dlopen, [LIBDL="$LIBDL -ldl" ac_cv_func_dlopen_ldl=yes], ac_cv_func_dlopen_ldl=no)
AC_SUBST(LIBREADLINE)
# libreadline will also need libtermcap on some OSes
saved_LIBS="$LIBS"
for add in "" "-ltermcap"; do
if test "X$add" != "X"; then
AC_MSG_CHECKING([whether -lreadline requires $add])
fi
LIBS="$saved_LIBS $add"
unset ac_cv_lib_readline_readline
AC_CHECK_LIB(readline, readline, [
LIBREADLINE="-lreadline $add"
ac_cv_func_readline_lreadline=yes
], ac_cv_func_readline_lreadline=no)
test "$ac_cv_func_readline_lreadline" = yes && break
done
LIBS="$LIBS $LIBREADLINE"
AC_CHECK_FUNCS(readline)
LIBS="$saved_LIBS"
dnl The big search for OpenSSL
AC_ARG_WITH(ssl-dir,
[ --with-ssl-dir=PATH Specify path to OpenSSL installation],
@ -453,6 +627,85 @@ if test "x$SSL_MSG" = "xyes" ; then
fi
AM_CONDITIONAL(HAVE_SSL, test "x$SSL_MSG" = "xyes")
AC_ARG_WITH(pam-dir,
[ --with-pam-dir=PATH Specify path for PAM installation libraries],
[
if test "x$withval" != "xno" ; then
trypamdir=$withval
fi
]
)
saved_LDFLAGS="$LDFLAGS"
saved_CPPFLAGS="$CPPFLAGS"
AC_CACHE_CHECK([for pam directory], ac_cv_pamdir, [
for pamdir in $trypamdir "" /usr/local /usr/pkg /opt ; do
# Skip directories if they don't exist
if test ! -z "$pamdir" -a ! -d "$pamdir" ; then
continue;
fi
CPPFLAGS="$saved_CPPFLAGS"
LDFLAGS="$saved_LDFLAGS"
if test ! -z "$pamdir" -a "x$pamdir" != "x/usr"; then
# Try to use $pamdir/lib if it exists, otherwise
# $pamdir
if test -d "$pamdir/lib" ; then
LDFLAGS="-L$pamdir/lib $saved_LDFLAGS"
if test ! -z "$need_dash_r" ; then
LDFLAGS="-R$pamdir/lib $LDFLAGS"
fi
else
LDFLAGS="-L$pamdir $saved_LDFLAGS"
if test ! -z "$need_dash_r" ; then
LDFLAGS="-R$pamdir $LDFLAGS"
fi
fi
# Try to use $pamdir/include if it exists, otherwise
# $pamdir
if test -d "$pamdir/include" ; then
CPPFLAGS="-I$pamdir/include $saved_CPPFLAGS"
else
CPPFLAGS="-I$pamdir $saved_CPPFLAGS"
fi
fi
break;
done
if test -z "$pamdir" ; then
pamdir="(system)"
fi
ac_cv_pamdir=$pamdir
])
if (test ! -z "$ac_cv_pamdir" && test "x$ac_cv_pamdir" != "x(system)") ; then
dnl Need to recover pamdir - test above runs in subshell
pamdir=$ac_cv_pamdir
if test ! -z "$pamdir" -a "x$pamdir" != "x/usr"; then
# Try to use $pamdir/lib if it exists, otherwise
# $pamdir
if test -d "$pamdir/lib" ; then
LDFLAGS="-L$pamdir/lib $saved_LDFLAGS"
if test ! -z "$need_dash_r" ; then
LDFLAGS="-R$pamdir/lib $LDFLAGS"
fi
else
LDFLAGS="-L$pamdir $saved_LDFLAGS"
if test ! -z "$need_dash_r" ; then
LDFLAGS="-R$pamdir $LDFLAGS"
fi
fi
# Try to use $pamdir/include if it exists, otherwise
# $pamdir
if test -d "$pamdir/include" ; then
CPPFLAGS="-I$pamdir/include $saved_CPPFLAGS"
else
CPPFLAGS="-I$pamdir $saved_CPPFLAGS"
fi
fi
fi
dnl Check for PAM libs
PAM_MSG="no"
no_pam=""
@ -505,6 +758,162 @@ LIBS="$saved_LIBS"
AM_CONDITIONAL(HAVE_PAM, test "x$PAM_MSG" = "xyes")
AM_CONDITIONAL(HAVE_PAM_AND_SSL, test "x$PAM_MSG" = "xyes" -a "x$SSL_MSG" = "xyes")
dnl Check for SIA libs
AC_SUBST(LIBSIA)
SIA_MSG="no"
no_osfsia=""
AC_MSG_CHECKING([SIA support])
AC_ARG_WITH(osfsia,
[ --with-osfsia Enable Digital Unix SIA],
[
if test "x$withval" = "xno" ; then
AC_MSG_RESULT(disabled)
no_osfsia=1
fi
],
)
if test -z "$no_osfsia" ; then
if test -f /etc/sia/matrix.conf; then
AC_MSG_RESULT(yes)
AC_DEFINE(HAVE_OSF_SIA, 1, [Have Digital Unix SIA])
LIBSIA="$LIBSIA -lsecurity -ldb -lm -laud"
SIA_MSG="yes"
else
AC_MSG_RESULT(no)
fi
fi
AM_CONDITIONAL(HAVE_SIA, test "x$SIA_MSG" = "xyes")
# Check for user-specified random device, otherwise check /dev/urandom
AC_ARG_WITH(random,
[ --with-random=FILE read entropy from FILE (default=/dev/urandom)],
[
if test "x$withval" != "xno" ; then
RANDOM_POOL="$withval";
AC_DEFINE_UNQUOTED(RANDOM_POOL, "$RANDOM_POOL", [Location of random number pool])
fi
],
[
# Check for random device
AC_CHECK_FILE("/dev/urandom",
[
RANDOM_POOL="/dev/urandom";
AC_SUBST(RANDOM_POOL)
AC_DEFINE_UNQUOTED(RANDOM_POOL, "$RANDOM_POOL", [Location of random number pool])
]
)
]
)
# Check for PRNGD/EGD pool file
AC_ARG_WITH(prngd-port,
[ --with-prngd-port=PORT read entropy from PRNGD/EGD localhost:PORT],
[
if test ! -z "$withval" -a "x$withval" != "xno" ; then
PRNGD_PORT="$withval"
AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT, [Port number of PRNGD/EGD random number socket])
fi
]
)
# Check for PRNGD/EGD pool file
AC_ARG_WITH(prngd-socket,
[ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
[
if test "x$withval" != "xno" ; then
PRNGD_SOCKET="$withval"
AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET", [Location of PRNGD/EGD random number socket])
fi
],
[
# Check for existing socket only if we don't have a random device already
if test -z "$RANDOM_POOL" ; then
AC_MSG_CHECKING(for PRNGD/EGD socket)
# Insert other locations here
for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy /tmp/entropy; do
if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
PRNGD_SOCKET="$sock"
AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET", [Location of PRNGD/EGD random number socket])
break;
fi
done
if test ! -z "$PRNGD_SOCKET" ; then
AC_MSG_RESULT($PRNGD_SOCKET)
else
AC_MSG_RESULT(not found)
fi
fi
]
)
### BEGIN LDAP SPECIFIC OPTIONS
dnl ldap autoconf magic partly taken from pam_ldap
dnl --enable-ldap option.
AC_ARG_ENABLE(ldap,
[ --enable-ldap enable use of LDAP for authentication. [default=yes]],
, enable_ldap=yes)
AC_ARG_ENABLE(ssl, [ --disable-ssl disable SSL/TSL support for ldap])
AC_ARG_WITH(ldap-lib, [ --with-ldap-lib=type select ldap library [auto|netscape5|netscape4|netscape3|umich|openldap]])
AC_ARG_WITH(ldap-dir, [ --with-ldap-dir=DIR base directory of ldap SDK])
AC_SUBST(LIBLDAP)
LDAP_MSG="no"
if (test x$enable_ldap = xyes); then
if test -n "$with_ldap_dir"; then
CPPFLAGS="$CPPFLAGS -I$with_ldap_dir/include"
LDFLAGS="$LDFLAGS -L$with_ldap_dir/lib"
case "$target_os" in
solaris*) LDFLAGS="$LDFLAGS -Wl,-R$with_ldap_dir/lib" ;;
*) LDFLAGS="$LDFLAGS -Wl,-rpath,$with_ldap_dir/lib" ;;
esac
fi
AC_CHECK_HEADERS(lber.h ldap.h ldap_ssl.h)
dnl check which ldap library we have
if test -z "$with_ldap_lib"; then
with_ldap_lib=auto
fi
if test -z "$found_ldap_lib" -a \( $with_ldap_lib = auto -o $with_ldap_lib = umich -o $with_ldap_lib = openldap \); then
AC_CHECK_LIB(lber, ber_init, LIBLDAP="-llber $LIBLDAP" found_lber_lib=yes)
saved_LIBS="$LIBS"
LIBS="$LIBS $LIBLDAP"
AC_CHECK_LIB(ldap, ldap_search, LIBLDAP="-lldap $LIBLDAP" found_ldap_lib=yes)
LIBS="$saved_LIBS"
fi
if test -z "$found_ldap_lib" -a \( $with_ldap_lib = auto -o $with_ldap_lib = netscape5 \); then
AC_CHECK_LIB(ldap50, ldap_search, LIBLDAP="-lldap50 -lssldap50 -lssl3 -lnss3 -lnspr4 -lprldap50 -lplc4 -lplds4 $LIBLDAP" found_ldap_lib=yes need_pthread=true,, -lpthread)
fi
if test -z "$found_ldap_lib" -a \( $with_ldap_lib = auto -o $with_ldap_lib = netscape4 \); then
AC_CHECK_LIB(ldapssl41, ldap_search, LIBLDAP="-lldapssl41 -lplc3 -lplds3 -lnspr3 $LIBLDAP" found_ldap_lib=yes need_pthread=true,, -lpthread)
if test -z "$found_ldap_lib"; then
AC_CHECK_LIB(ldapssl40, ldap_search, LIBLDAP="-lldapssl40 $LIBLDAP" found_ldap_lib=yes need_pthread=true,, -lpthread)
fi
fi
if test -z "$found_ldap_lib" -a \( $with_ldap_lib = auto -o $with_ldap_lib = netscape3 \); then
AC_CHECK_LIB(ldapssl30, ldap_search, LIBLDAP="-lldapssl30 $LIBLDAP" found_ldap_lib=yes need_pthread=true,, -lpthread)
fi
if test -n "$found_ldap_lib"; then
AC_DEFINE(LDAP_REFERRALS,1,[This is needed for the native Solaris LDAP SDK])
AC_DEFINE(HAVE_LDAP, 1, [Use LDAP for authentication etc.])
LDAP_MSG="yes"
saved_LIBS="$LIBS"
LIBS="$LIBS $LIBLDAP"
AC_CHECK_FUNCS(ldap_init)
if test "$enable_ssl" \!= "no"; then
AC_CHECK_FUNCS(ldapssl_init ldap_start_tls_s ldap_pvt_tls_set_option)
fi
LIBS="$saved_LIBS"
fi
fi
AM_CONDITIONAL(HAVE_LDAP, test "x$LDAP_MSG" = "xyes")
### END LDAP SPECIFIC OPTIONS
dnl Enable/disable debugging messages.
AC_ARG_ENABLE(debug,
[ --enable-debug enable debug messages. [default=no]],
@ -513,6 +922,20 @@ if (test x$enable_debug = xyes); then
AC_DEFINE(DEBUG, 1, [Enable debug messages.])
fi
if test "x$prefix" = xNONE; then
prefix=$ac_default_prefix
fi
AC_SUBST(LIBSCCONF)
LIBSCCONF="\${top_srcdir}/src/scconf/libscconf.la"
AC_SUBST(LIBSCLDAP)
LIBSCLDAP="\${top_srcdir}/src/scldap/libscldap.la"
AC_SUBST(LIBSCRANDOM)
LIBSCRANDOM="\${top_srcdir}/src/scrandom/libscrandom.la"
scldap_etc_path=`eval echo ${sysconfdir}` ; scldap_etc_path=`eval echo ${scldap_etc_path}`
AC_DEFINE_UNQUOTED(SCLDAP_ETC_PATH_CUSTOM, "$scldap_etc_path", [etc path for scldap])
AC_SUBST(CFLAGS_OPENSC)
CFLAGS_OPENSC="-I\${top_srcdir}/src/libopensc"
AC_SUBST(LIBOPENSC)
@ -537,19 +960,40 @@ src/openssh/Makefile
src/pam/Makefile
src/pkcs11/Makefile
src/pkcs11/rsaref/Makefile
src/scam/Makefile
src/scconf/Makefile
src/scldap/Makefile
src/scldap/etc/Makefile
src/scrandom/Makefile
src/sia/Makefile
src/tests/Makefile
src/tools/Makefile
])
if test ! -z "$RANDOM_POOL" ; then
RAND_MSG="device ($RANDOM_POOL)"
else
if test ! -z "$PRNGD_PORT" ; then
RAND_MSG="PRNGD/EGD (port localhost:$PRNGD_PORT)"
elif test ! -z "$PRNGD_SOCKET" ; then
RAND_MSG="PRNGD/EGD (socket $PRNGD_SOCKET)"
else
RAND_MSG="Builtin kluge"
BUILTIN_RNG=1
fi
fi
dnl Someone please show me a better way :)
A=`eval echo ${prefix}` ; A=`eval echo ${A}`
B=`eval echo ${bindir}` ; B=`eval echo ${B}`
C=`eval echo ${sysconfdir}` ; C=`eval echo ${C}`
echo ""
echo "OpenSC has been configured with the following options"
echo ""
echo "User binaries: ${B}"
echo "Configuration files: ${C}"
echo ""
echo "Host: ${host}"
@ -560,7 +1004,18 @@ echo "Linker flags: ${LDFLAGS}"
echo "Libraries: ${LIBS}"
echo ""
echo "OpenSSL support: ${SSL_MSG}"
echo "PAM support: ${PAM_MSG}"
echo "Random number collection: ${RAND_MSG}"
echo "OpenSSL support: ${SSL_MSG}"
echo "LDAP support: ${LDAP_MSG}"
echo "PAM support: ${PAM_MSG}"
echo "SIA support: ${SIA_MSG}"
echo ""
if test ! -z "$BUILTIN_RNG" ; then
echo "WARNING: you are using the builtin random number service."
echo "The random number service is very simple and is only"
echo "intended for testing purposes. Please request your OS"
echo "vendor to include /dev/random in future versions of"
echo "their OS. Or use PRNGD/EGD instead, your choice."
fi

6
src/pam/Makefile.am
View File

@ -2,7 +2,7 @@
libdir = ${prefix}/lib/security
INCLUDES = @CFLAGS_PCSC@ @CFLAGS_SSP@ @CFLAGS_OPENSC@ -I../scam -I../scconf -I../scrandom -I../scldap
INCLUDES = @CFLAGS_PCSC@ @CFLAGS_OPENSC@ -I../scam -I../scconf -I../scrandom -I../scldap
if HAVE_LDAP
LDAP_LTLIBS = @LIBSCLDAP@
@ -10,9 +10,9 @@ else
LDAP_LTLIBS =
endif
LDFLAGS = @LDFLAGS@ @LIBDL@ @LIBSCRANDOM@ $(LDAP_LTLIBS) @LIBCRYPTO@ @LIBSSP@ @LIBOPENSC@ @LIBPAM@
LDFLAGS = @LDFLAGS@ @LIBDL@ @LIBSCRANDOM@ $(LDAP_LTLIBS) @LIBCRYPTO@ @LIBOPENSC@ @LIBPAM@
AUTHSRC = ../scam/scam.c ../scam/scam.h ../scam/sp.c ../scam/p15_eid.c ../scam/p15_ldap.c
AUTHSRC = ../scam/scam.c ../scam/scam.h ../scam/p15_eid.c ../scam/p15_ldap.c
SRC = $(AUTHSRC) pam_opensc.c pam_support.c pam_support.h
if HAVE_PAM_AND_SSL

48
src/pam/pam_opensc.c
View File

@ -28,6 +28,12 @@
#include <string.h>
#include <unistd.h>
#include <ctype.h>
#include <pwd.h>
#include <grp.h>
#ifdef HAVE_UTMP_H
#include <utmp.h>
#endif
#include <sys/types.h>
#include "scam.h"
#define PAM_SM_AUTH
@ -38,6 +44,41 @@
static int scam_method = 0;
static char *auth_method = NULL;
/*
* Because getlogin() is braindead and sometimes it just
* doesn't work, we reimplement it here.
*/
static char *get_login(void)
{
char *user = NULL;
#ifdef HAVE_SETUTENT
struct utmp *ut = NULL, line;
static char curr_user[sizeof(ut->ut_user) + 4];
char *curr_tty = NULL;
curr_tty = ttyname(0);
if (curr_tty) {
curr_tty += 5;
setutent();
strncpy(line.ut_line, curr_tty, sizeof line.ut_line);
if ((ut = getutline(&line))) {
strncpy(curr_user, ut->ut_user, sizeof(ut->ut_user));
user = curr_user;
}
endutent();
}
#else
user = getlogin();
#endif
#if 1
if (!user) {
struct passwd *pw_user = getpwuid(geteuid());
user = pw_user->pw_name;
}
#endif
return user;
}
static void usage(void)
{
int i;
@ -159,7 +200,10 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh, int flags, int argc, con
/* No remote logins allowed through xdm */
if ((!strcmp(service, "xdm") &&
strcmp(tty, ":0"))) {
log_message("User %s (tty %s) tried remote login through service %s, permission denied.\n", user, tty, service);
char buf[256];
snprintf(buf, 256, "User %s (tty %s) tried remote login through service %s, permission denied.\n", user, tty, service);
opensc_pam_log(LOG_NOTICE, pamh, buf);
scam_deinit(scam_method);
return PAM_PERM_DENIED;
}
@ -231,7 +275,7 @@ PAM_EXTERN int pam_sm_open_session(pam_handle_t * pamh, int flags, int argc,
opensc_pam_log(LOG_CRIT, pamh, "open_session - scam_open_session failed\n");
return PAM_SESSION_ERR;
}
opensc_pam_log(LOG_INFO, pamh, "session opened for user %s by %s(uid=%d)\n", user, GetLogin() == NULL ? "" : GetLogin(), getuid());
opensc_pam_log(LOG_INFO, pamh, "session opened for user %s by %s(uid=%d)\n", user, get_login() == NULL ? "" : get_login(), getuid());
return PAM_SUCCESS;
}

32
src/pam/pam_support.c
View File

@ -25,6 +25,7 @@
#endif
#include <stdio.h>
#include <stdlib.h>
#include <stdarg.h>
#include <string.h>
#include <unistd.h>
#include "pam_support.h"
@ -60,16 +61,12 @@ int converse(pam_handle_t * pamh, int ctrl, int nargs
int retval;
struct pam_conv *conv;
log_messagex(L_DEBUG, "begin to converse");
retval = pam_get_item(pamh, PAM_CONV, (PAM_CONST void **) &conv);
if (retval == PAM_SUCCESS) {
retval = conv->conv(nargs, (PAM_CONST struct pam_message **) message
,response, conv->appdata_ptr);
log_messagex(L_DEBUG, "returned from application's conversation function");
if (retval != PAM_SUCCESS && on(OPENSC_DEBUG, ctrl)) {
opensc_pam_log(LOG_DEBUG, pamh, "conversation failure [%s]"
,pam_strerror(pamh, retval));
@ -79,8 +76,6 @@ int converse(pam_handle_t * pamh, int ctrl, int nargs
,"couldn't obtain conversation function [%s]"
,pam_strerror(pamh, retval));
}
log_messagex(L_DEBUG, "ready to return from module conversation");
return retval; /* propagate error status */
}
@ -140,36 +135,28 @@ int _set_ctrl(pam_handle_t * pamh, int flags, char **auth_method, int argc, cons
{
unsigned int ctrl;
log_messagex(L_DEBUG, "called.");
ctrl = OPENSC_DEFAULTS; /* the default selection of options */
/* set some flags manually */
if (getuid() == 0 && !(flags & PAM_CHANGE_EXPIRED_AUTHTOK)) {
log_messagex(L_DEBUG, "IAMROOT");
set(OPENSC__IAMROOT, ctrl);
}
if (flags & PAM_UPDATE_AUTHTOK) {
log_messagex(L_DEBUG, "UPDATE_AUTHTOK");
set(OPENSC__UPDATE, ctrl);
}
if (flags & PAM_PRELIM_CHECK) {
log_messagex(L_DEBUG, "PRELIM_CHECK");
set(OPENSC__PRELIM, ctrl);
}
if (flags & PAM_DISALLOW_NULL_AUTHTOK) {
log_messagex(L_DEBUG, "DISALLOW_NULL_AUTHTOK");
set(OPENSC__NONULL, ctrl);
}
if (flags & PAM_SILENT) {
log_messagex(L_DEBUG, "SILENT");
set(OPENSC__QUIET, ctrl);
}
/* now parse the arguments to this module */
while (argc-- > 0) {
int j;
log_messagex(L_DEBUG, "pam_opensc arg: %s", *argv);
for (j = 0; j < OPENSC_CTRLS_; ++j) {
if (opensc_args[j].token
&& !strncmp(*argv, opensc_args[j].token, strlen(opensc_args[j].token))) {
@ -204,8 +191,6 @@ int _set_ctrl(pam_handle_t * pamh, int flags, char **auth_method, int argc, cons
set(OPENSC_DEBUG, ctrl);
}
/* return the set of flags */
log_messagex(L_DEBUG, "done.");
#if 0
print_ctrl(ctrl);
#endif
@ -232,18 +217,9 @@ int _read_password(pam_handle_t * pamh
,PAM_CONST char *data_name
,PAM_CONST char **pass)
{
int authtok_flag;
int retval;
PAM_CONST char *item;
char *token;
log_messagex(L_DEBUG, "called");
/*
* make sure nothing inappropriate gets returned
*/
*pass = token = NULL;
int authtok_flag, retval;
PAM_CONST char *item = NULL;
char *token = NULL;
/*
* which authentication token are we getting?

2
src/scam/Makefile.am
View File

@ -1,3 +1,3 @@
# Process this file with automake to create Makefile.in
EXTRA_DIST = scam.c scam.h sp.c p15_eid.c p15_ldap.c
EXTRA_DIST = scam.c scam.h p15_eid.c p15_ldap.c

22
src/scam/p15_eid.c
View File

@ -144,14 +144,14 @@ int p15_eid_init(int argc, const char **argv)
}
if (!reader_name) {
for (i = 0; i < ctx->reader_count; i++) {
log_message("Reader #%d - %s%s\n", i + 1, ctx->reader[i]->name, reader == i ? " (*)" : "");
printf("Reader #%d - %s%s\n", i + 1, ctx->reader[i]->name, reader == i ? " (*)" : "");
}
} else {
for (i = 0; i < ctx->reader_count; i++) {
if ((strlen(reader_name) < strlen(ctx->reader[i]->name))) {
if (!strncmp(reader_name, ctx->reader[i]->name, strlen(reader_name))) {
reader = i;
log_message("Reader #%d - %s selected\n", i + 1, ctx->reader[reader]->name);
printf("Reader #%d - %s selected\n", i + 1, ctx->reader[reader]->name);
break;
}
}
@ -382,29 +382,31 @@ void p15_eid_deinit(void)
int p15_eid_open_session(int argc, const char **argv, const char *user)
{
struct passwd *userstr = NULL;
#ifdef PCSCLITE_SERVER_PATH
uid_t useruid = 65534, uid = 65534;
gid_t gid = 65534;
int r;
#endif
if (!user) {
log_messagex(L_DEBUG, "No user.\n");
scam_fw_p15_eid.printmsg("No user.\n");
return SCAM_FAILED;
}
userstr = getpwnam(user);
if (!userstr) {
log_messagex(L_DEBUG, "Can't get user structure. (%s)", user);
scam_fw_p15_eid.printmsg("Can't get user structure. (%s)", user);
return SCAM_FAILED;
}
#ifdef PCSCLITE_SERVER_PATH
useruid = userstr->pw_uid;
r = GetIdentity(&uid, &gid);
if (r < 0) {
scam_fw_p15_eid.logmsg("Could not get uid/gid for pcscd.\n");
return SCAM_FAILED;
}
#ifdef PCSCLITE_SERVER_PATH
r = chown(PCSCLITE_SERVER_PATH, useruid, gid);
if (r < 0) {
log_messagex(L_DEBUG, "Opening session failed, cannot chown socket to user %.", user);
scam_fw_p15_eid.printmsg("Opening session failed, cannot chown socket to user %.", user);
return SCAM_FAILED;
}
#endif
@ -413,23 +415,25 @@ int p15_eid_open_session(int argc, const char **argv, const char *user)
int p15_eid_close_session(int argc, const char **argv, const char *user)
{
#ifdef PCSCLITE_SERVER_PATH
uid_t uid = 65534;
gid_t gid = 65534;
int r;
#endif
if (!user) {
log_messagex(L_DEBUG, "No user.\n");
scam_fw_p15_eid.printmsg("No user.\n");
return SCAM_FAILED;
}
#ifdef PCSCLITE_SERVER_PATH
r = GetIdentity(&uid, &gid);
if (r < 0) {
scam_fw_p15_eid.logmsg("Could not get uid/gid for pcscd.\n");
return SCAM_FAILED;
}
#ifdef PCSCLITE_SERVER_PATH
r = chown(PCSCLITE_SERVER_PATH, uid, gid);
if (r < 0) {
log_messagex(L_DEBUG, "Closing session failed, cannot chown socket to smartcard user.");
scam_fw_p15_eid.printmsg("Closing session failed, cannot chown socket to smartcard user.");
return SCAM_SUCCESS;
}
r = CleanupClientSockets();

22
src/scam/p15_ldap.c
View File

@ -145,14 +145,14 @@ int p15_ldap_init(int argc, const char **argv)
}
if (!reader_name) {
for (i = 0; i < ctx->reader_count; i++) {
log_message("Reader #%d - %s%s\n", i + 1, ctx->reader[i]->name, reader == i ? " (*)" : "");
printf("Reader #%d - %s%s\n", i + 1, ctx->reader[i]->name, reader == i ? " (*)" : "");
}
} else {
for (i = 0; i < ctx->reader_count; i++) {
if ((strlen(reader_name) < strlen(ctx->reader[i]->name))) {
if (!strncmp(reader_name, ctx->reader[i]->name, strlen(reader_name))) {
reader = i;
log_message("Reader #%d - %s selected\n", i + 1, ctx->reader[reader]->name);
printf("Reader #%d - %s selected\n", i + 1, ctx->reader[reader]->name);
break;
}
}
@ -318,29 +318,31 @@ void p15_ldap_deinit(void)
int p15_ldap_open_session(int argc, const char **argv, const char *user)
{
struct passwd *userstr = NULL;
#ifdef PCSCLITE_SERVER_PATH
uid_t useruid = 65534, uid = 65534;
gid_t gid = 65534;
int r;
#endif
if (!user) {
log_messagex(L_DEBUG, "No user.\n");
scam_fw_p15_ldap.printmsg("No user.\n");
return SCAM_FAILED;
}
userstr = getpwnam(user);
if (!userstr) {
log_messagex(L_DEBUG, "Can't get user structure. (%s)", user);
scam_fw_p15_ldap.printmsg("Can't get user structure. (%s)", user);
return SCAM_FAILED;
}
#ifdef PCSCLITE_SERVER_PATH
useruid = userstr->pw_uid;
r = GetIdentity(&uid, &gid);
if (r < 0) {
scam_fw_p15_ldap.logmsg("Could not get uid/gid for pcscd.\n");
return SCAM_FAILED;
}
#ifdef PCSCLITE_SERVER_PATH
r = chown(PCSCLITE_SERVER_PATH, useruid, gid);
if (r < 0) {
log_messagex(L_DEBUG, "Opening session failed, cannot chown socket to user %.", user);
scam_fw_p15_ldap.printmsg("Opening session failed, cannot chown socket to user %.", user);
return SCAM_FAILED;
}
#endif
@ -349,23 +351,25 @@ int p15_ldap_open_session(int argc, const char **argv, const char *user)
int p15_ldap_close_session(int argc, const char **argv, const char *user)
{
#ifdef PCSCLITE_SERVER_PATH
uid_t uid = 65534;
gid_t gid = 65534;
int r;
#endif
if (!user) {
log_messagex(L_DEBUG, "No user.\n");
scam_fw_p15_ldap.printmsg("No user.\n");
return SCAM_FAILED;
}
#ifdef PCSCLITE_SERVER_PATH
r = GetIdentity(&uid, &gid);
if (r < 0) {
scam_fw_p15_ldap.logmsg("Could not get uid/gid for pcscd.\n");
return SCAM_FAILED;
}
#ifdef PCSCLITE_SERVER_PATH
r = chown(PCSCLITE_SERVER_PATH, uid, gid);
if (r < 0) {
log_messagex(L_DEBUG, "Closing session failed, cannot chown socket to smartcard user.");
scam_fw_p15_ldap.printmsg("Closing session failed, cannot chown socket to smartcard user.");
return SCAM_SUCCESS;
}
r = CleanupClientSockets();

2
src/scam/scam.c
View File

@ -32,7 +32,9 @@
struct scam_framework_ops *scam_frameworks[] =
{
#ifdef HAVE_SCIDI
&scam_fw_sp,
#endif
#ifndef HAVE_LDAP
&scam_fw_p15_eid,
&scam_fw_p15_ldap,

55
src/scldap/scldap.c
View File

@ -165,7 +165,8 @@ void scldap_show_parameters(scldap_context * ctx)
{
int i, j;
CHECK_CTX_VOID(ctx);
if (!ctx)
return;
for (i = 0; i < ctx->entries; i++) {
if (ctx->entry[i].entry) {
printf("[%i]->entry=%s\n", i, ctx->entry[i].entry);
@ -187,7 +188,8 @@ void scldap_free_parameters(scldap_context * ctx)
{
int i, j;
CHECK_CTX_VOID(ctx);
if (!ctx)
return;
if (ctx) {
for (i = 0; i < ctx->entries; i++) {
if (ctx->entry[i].entry) {
@ -245,13 +247,8 @@ void scldap_parse_arguments(scldap_context ** ctx, int argc, const char **argv)
scldap_context *ptr = *ctx;
int i;
CHECK_CTX_VOID(ptr);
if (argc < 0)
if (!ptr || !argv || argc < 0)
return;
if (!argv)
return;
for (i = 0; i < argc; i++) {
if (argv[i][0] == '-') {
char *optarg = (char *) argv[i + 1];
@ -346,7 +343,8 @@ int scldap_add_entry(scldap_context * ctx, const char *entry)
{
int i;
CHECK_CTX(ctx, 0);
if (!ctx)
return 0;
if (entry) {
for (i = 0; i < ctx->entries; i++) {
if (!ctx->entry[i].entry) {
@ -372,7 +370,8 @@ int scldap_get_entry(scldap_context * ctx, const char *entry)
{
int i;
CHECK_CTX(ctx, 0);
if (!ctx)
return 0;
if (entry) {
for (i = 0; i < ctx->entries; i++) {
if (ctx->entry[i].entry) {
@ -389,7 +388,8 @@ void scldap_set_entry(scldap_context * ctx, const char *entry)
{
int i;
CHECK_CTX_VOID(ctx);
if (!ctx)
return;
if (entry) {
for (i = 0; i < ctx->entries; i++) {
if (ctx->entry[i].entry) {
@ -406,7 +406,8 @@ void scldap_remove_entry(scldap_context * ctx, const char *entry)
{
int i, j;
CHECK_CTX_VOID(ctx);
if (!ctx)
return;
if (entry) {
for (i = 0; i < ctx->entries; i++) {
if (ctx->entry[i].entry) {
@ -455,7 +456,8 @@ void scldap_remove_entry(scldap_context * ctx, const char *entry)
int scldap_is_valid_url(const char *url)
{
CHECK_CTX(url, 0);
if (!url)
return 0;
return ldap_is_ldap_url((char *) url);
}
@ -472,56 +474,56 @@ int scldap_url_to_entry(scldap_context * ctx, const char *entry, const char *url
switch (rv) {
#ifdef LDAP_URL_ERR_BADSCHEME
case LDAP_URL_ERR_BADSCHEME:
log_messagex(L_DEBUG, "Not an LDAP URL: %s", url);
fprintf(stderr, "Not an LDAP URL: %s", url);
break;
#endif
#ifdef LDAP_URL_ERR_BADENCLOSURE
case LDAP_URL_ERR_BADENCLOSURE:
log_messagex(L_DEBUG, "Bad Enclosure in URL: %s", url);
fprintf(stderr, "Bad enclosure in URL: %s", url);
break;
#endif
#ifdef LDAP_URL_ERR_BADURL
case LDAP_URL_ERR_BADURL:
log_messagex(L_DEBUG, "Bad URL: %s", url);
fprintf(stderr, "Bad URL: %s", url);
break;
#endif
#ifdef LDAP_URL_ERR_BADHOST
case LDAP_URL_ERR_BADHOST:
log_messagex(L_DEBUG, "Host is invalid in URL: %s", url);
fprintf(stderr, "Host is invalid in URL: %s", url);
break;
#endif
#ifdef LDAP_URL_ERR_BADATTRS
case LDAP_URL_ERR_BADATTRS:
log_messagex(L_DEBUG, "Attributes are invalid in URL: %s", url);
fprintf(stderr, "Attributes are invalid in URL: %s", url);
break;
#endif
#ifdef LDAP_URL_ERR_BADSCOPE
case LDAP_URL_ERR_BADSCOPE:
log_messagex(L_DEBUG, "Scope is invalid in URL: %s", url);
fprintf(stderr, "Scope is invalid in URL: %s", url);
break;
#endif
#ifdef LDAP_URL_ERR_BADFILTER
case LDAP_URL_ERR_BADFILTER:
log_messagex(L_DEBUG, "Filter is invalid in URL: %s", url);
fprintf(stderr, "Filter is invalid in URL: %s", url);
break;
#endif
#ifdef LDAP_URL_ERR_BADEXTS
case LDAP_URL_ERR_BADEXTS:
log_messagex(L_DEBUG, "Extensions are invalid in URL: %s", url);
fprintf(stderr, "Extensions are invalid in URL: %s", url);
break;
#endif
#ifdef LDAP_URL_ERR_MEM
case LDAP_URL_ERR_MEM:
log_messagex(L_DEBUG, "Out of memory parsing URL: %s", url);
fprintf(stderr, "Out of memory parsing URL: %s", url);
break;
#endif
#ifdef LDAP_URL_ERR_PARAM
case LDAP_URL_ERR_PARAM:
log_messagex(L_DEBUG, "bad parameter parsing URL: %s", url);
fprintf(stderr, "Bad parameter parsing URL: %s", url);
break;
#endif
default:
log_messagex(L_DEBUG, "Unknown error %d parsing URL: %s", rv, url);
fprintf(stderr, "Unknown error %d parsing URL: %s", rv, url);
break;
}
return -1;
@ -706,7 +708,6 @@ static void scldap_get_result(LDAP * ld, LDAPMessage * res, scldap_param_entry *
result->results++; \
result->result = (scldap_result_entry *) realloc(result->result, (result->results + 2) * sizeof(scldap_result_entry)); \
memset(&result->result[result->results], 0, sizeof(scldap_result_entry)); \
log_messagex(L_DEBUG, "ADD: %s[%li]\n", result->result[result->results].name, result->result[result->results].datalen); \
} \
}
if (attrsonly) {
@ -721,7 +722,6 @@ static void scldap_get_result(LDAP * ld, LDAPMessage * res, scldap_param_entry *
}
} else if ((bvals = ldap_get_values_len(ld, res, name))) {
for (i = 0; bvals[i]; i++) {
log_messagex(L_DEBUG, "scldap_get_result: %s[%li]\n", name, bvals[i]->bv_len);
if (param->numattrs) {
for (j = 0; j < param->numattrs; j++) {
if (!strncasecmp(param->attributes[j], name, strlen(param->attributes[j]))) {
@ -802,7 +802,7 @@ int scldap_search(scldap_context * ctx, const char *entry,
return -1;
}
if (pattern)
log_messagex(L_DEBUG, "pattern: %s\n", pattern);
fprintf(stderr, "pattern: %s\n", pattern);
if (ldap_search(ld, ctx->entry[entrynum].base, ctx->entry[entrynum].scope, pattern, ctx->entry[entrynum].attributes, ctx->entry[entrynum].attrsonly) == -1) {
ldap_perror(ld, "ldap_search");
if (pattern)
@ -856,7 +856,6 @@ void scldap_free_result(scldap_result * result)
{
int i;
CHECK_CTX_VOID(result);
if (result) {
for (i = 0; i < result->results; i++) {
if (result->result[i].name) {

2
src/scldap/test-ldap.c
View File

@ -146,7 +146,7 @@ int main(int argc, char **argv)
if (verbose > 2)
scldap_show_parameters(lctx);
if (scldap_search(lctx, entry, &lresult, 0, searchword) < 0) {
log_message("scldap_search failed.\n");
fprintf(stderr, "scldap_search failed.\n");
scldap_free_parameters(lctx);
return 1;
}

30
src/scrandom/scrandom.c
View File

@ -22,6 +22,7 @@
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <stdio.h>
#include <unistd.h>
#include <string.h>
#include <sys/types.h>
@ -31,7 +32,9 @@
#include <sys/un.h>
#include <sys/socket.h>
#include <netinet/in.h>
#ifdef HAVE_OPENSSL
#include <openssl/rand.h>
#endif
static ssize_t atomicio(ssize_t(*f) (), int fd, void *_s, size_t n)
{
@ -111,12 +114,12 @@ static int scrandom_get_bytes(unsigned char *buf, int len)
#if defined(RANDOM_POOL)
fd = open(RANDOM_POOL, O_RDONLY);
if (fd == -1) {
log_message("Couldn't open random pool \"%s\": %s\n",
fprintf(stderr, "Couldn't open random pool \"%s\": %s\n",
RANDOM_POOL, strerror(errno));
return 0;
}
if (atomicio(read, fd, buf, len) != len) {
log_message("Couldn't read from random pool \"%s\": %s\n",
fprintf(stderr, "Couldn't read from random pool \"%s\": %s\n",
RANDOM_POOL, strerror(errno));
close(fd);
return 0;
@ -132,11 +135,11 @@ static int scrandom_get_bytes(unsigned char *buf, int len)
memset(&addr, '\0', sizeof(addr));
/* Sanity checks */
if (sizeof(PRNGD_SOCKET) > sizeof(addr.sun_path)) {
log_message("Random pool path is too long");
fprintf(stderr, "Random pool path is too long");
return 0;
}
if (len > 255) {
log_message("Too many bytes to read from PRNGD");
fprintf(stderr, "Too many bytes to read from PRNGD");
return 0;
}
addr.sun_family = AF_UNIX;
@ -148,11 +151,11 @@ static int scrandom_get_bytes(unsigned char *buf, int len)
reopen:
fd = socket(addr.sun_family, SOCK_STREAM, 0);
if (fd == -1) {
log_message("Couldn't create AF_UNIX socket: %s\n", strerror(errno));
fprintf(stderr, "Couldn't create AF_UNIX socket: %s\n", strerror(errno));
goto done;
}
if (connect(fd, (struct sockaddr *) &addr, addr_len) == -1) {
log_message("Couldn't connect to PRNGD socket \"%s\": %s\n",
fprintf(stderr, "Couldn't connect to PRNGD socket \"%s\": %s\n",
addr.sun_path, strerror(errno));
goto done;
}
@ -166,7 +169,7 @@ static int scrandom_get_bytes(unsigned char *buf, int len)
errors++;
goto reopen;
}
log_message("Couldn't write to PRNGD socket: %s\n",
fprintf(stderr, "Couldn't write to PRNGD socket: %s\n",
strerror(errno));
goto done;
}
@ -176,7 +179,7 @@ static int scrandom_get_bytes(unsigned char *buf, int len)
errors++;
goto reopen;
}
log_message("Couldn't read from PRNGD socket: %s\n",
fprintf(stderr, "Couldn't read from PRNGD socket: %s\n",
strerror(errno));
goto done;
}
@ -204,11 +207,11 @@ static int scrandom_get_bytes(unsigned char *buf, int len)
reopen:
fd = socket(addr.sin_family, SOCK_STREAM, 0);
if (fd == -1) {
log_message("Couldn't create AF_INET socket: %s\n", strerror(errno));
fprintf(stderr, "Couldn't create AF_INET socket: %s\n", strerror(errno));
goto done;
}
if (connect(fd, (struct sockaddr *) &addr, addr_len) == -1) {
log_message("Couldn't connect to PRNGD port %d: %s\n",
fprintf(stderr, "Couldn't connect to PRNGD port %d: %s\n",
PRNGD_PORT, strerror(errno));
goto done;
}
@ -222,7 +225,7 @@ static int scrandom_get_bytes(unsigned char *buf, int len)
errors++;
goto reopen;
}
log_message("Couldn't write to PRNGD socket: %s\n",
fprintf(stderr, "Couldn't write to PRNGD socket: %s\n",
strerror(errno));
goto done;
}
@ -232,7 +235,7 @@ static int scrandom_get_bytes(unsigned char *buf, int len)
errors++;
goto reopen;
}
log_message("Couldn't read from PRNGD socket: %s\n",
fprintf(stderr, "Couldn't read from PRNGD socket: %s\n",
strerror(errno));
goto done;
}
@ -257,10 +260,9 @@ static int scrandom_seed_generator(void)
#ifdef HAVE_OPENSSL
unsigned char buf[32];
log_messagex(L_DEBUG, "Seeding random number generator");
if (!scrandom_get_bytes(buf, sizeof(buf))) {
if (!RAND_status()) {
log_message("Entropy collection failed and entropy exhausted");
fprintf(stderr, "Entropy collection failed and entropy exhausted\n");
return 0;
}
} else {

6
src/sia/Makefile.am
View File

@ -2,7 +2,7 @@
libdir = ${prefix}/lib/security
INCLUDES = @CFLAGS_PCSC@ @CFLAGS_SSP@ @CFLAGS_OPENSC@ -I../scam -I../scconf -I../scrandom -I../scldap
INCLUDES = @CFLAGS_PCSC@ @CFLAGS_OPENSC@ -I../scam -I../scconf -I../scrandom -I../scldap
if HAVE_LDAP
LDAP_LTLIBS = @LIBSCLDAP@
@ -10,9 +10,9 @@ else
LDAP_LTLIBS =
endif
LDFLAGS = @LDFLAGS@ @LIBDL@ @LIBSCRANDOM@ $(LDAP_LTLIBS) @LIBSSP@ @LIBOPENSC@
LDFLAGS = @LDFLAGS@ @LIBDL@ @LIBSCRANDOM@ $(LDAP_LTLIBS) @LIBOPENSC@
AUTHSRC = ../scam/scam.c ../scam/scam.h ../scam/sp.c ../scam/p15_eid.c ../scam/p15_ldap.c
AUTHSRC = ../scam/scam.c ../scam/scam.h ../scam/p15_eid.c ../scam/p15_ldap.c
SRC = $(AUTHSRC) sia_opensc.c sia_support.c sia_support.h
if HAVE_SIA